237 files changed, 11711 insertions, 7684 deletions

diff --git a/CREDITS b/CREDITS
index 092229cf7..a1aec3c1c 100644
--- a/CREDITS
+++ b/CREDITS
@@ -1,6 +1,6 @@
 Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
 
-Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
 Theo de Raadt, and Dug Song - Creators of OpenSSH
 
 Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
@@ -88,11 +88,12 @@ Tom Bertelson's <tbert@abac.com> - AIX auth fixes
 Tor-Ake Fransson <torake@hotmail.com> - AIX support
 Tudor Bosman <tudorb@jm.nu> - MD5 password support
 Udo Schweigert <ust@cert.siemens.de> - ReliantUNIX support
+Wendy Palm <wendyp at cray.com> - Cray support.
 Zack Weinberg <zack@wolery.cumb.org> - GNOME askpass enhancement
 
 Apologies to anyone I have missed.
 
 Damien Miller <djm@mindrot.org>
 
-$Id: CREDITS,v 1.74 2003/09/07 02:34:54 dtucker Exp $
+$Id: CREDITS,v 1.77 2004/01/30 04:00:50 dtucker Exp $
 
diff --git a/ChangeLog b/ChangeLog
index b5505da19..c2891ba41 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,827 @@
+20040224
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2004/02/19 21:15:04
+     [sftp-server.c]
+     switch to new license.template
+   - markus@cvs.openbsd.org 2004/02/23 12:02:33
+     [sshd.c]
+     backout revision 1.279; set listen socket to non-block; ok henning.
+   - markus@cvs.openbsd.org 2004/02/23 15:12:46
+     [bufaux.c]
+     encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka
+     and drop support for negative BNs; ok otto@
+   - markus@cvs.openbsd.org 2004/02/23 15:16:46
+     [version.h]
+     enter 3.8
+ - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when found
+   with krb5-config, hunt down gssapi.h and friends.  Based partially on patch
+   from deengert at anl.gov.  ok djm@
+ - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtime 
+   using sysconf() if available Based on patches from 
+   holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
+ - (dtucker) [uidswap.c] Minor KNF.  ok djm@
+ - (tim) [openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy.  ok djm@
+ - (djm) Crank RPM spec versions
+ - (dtucker) [README] Add pointer to release notes.  ok djm@
+ - (dtucker) {README.platform] Add platform-specific notes.
+ - (tim) [configure.ac] SCO3 needs -lcrypt_i for -lprot
+ - (djm) Release 3.8p1
+
+20040223
+ - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in the
+   non-interactive path.  ok djm@
+
+20040222
+ - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry test
+   to auth-shadow.c, no functional change.  ok djm@
+ - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account or
+   password expiry.  ok djm@
+ - (dtucker) [auth-passwd.c] Only check password expiry once.  Prevents
+   multiple warnings if a wrong password is entered.
+ - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi path
+   too.
+
+20040220
+ - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@
+
+20040218
+ - (dtucker) [configure.ac] Handle case where krb5-config --libs returns a
+   path with a "-" in it.  From Sergio.Gelato at astro.su.se.
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2004/02/17 07:17:29
+     [sftp-glob.c sftp.c]
+     Remove useless headers; ok deraadt@
+   - djm@cvs.openbsd.org 2004/02/17 11:03:08
+     [sftp.c]
+     sftp.c and sftp-int.c, together at last; ok markus@
+   - jmc@cvs.openbsd.org 2004/02/17 19:35:21
+     [sshd_config.5]
+     remove cruft left over from RhostsAuthentication removal;
+     ok markus@
+ - (djm) [log.c] Correct use of HAVE_OPENLOG_R
+ - (djm) [log.c] Tighten openlog_r tests
+
+20040217
+ - (djm) Simplify the license on code I have written. No code changes.
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2004/02/17 05:39:51
+     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
+     [sftp-int.h sftp.c]
+     switch to license.template for code written by me (belated, I know...)
+ - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from 
+   stadal@suse.cz and simon@sxw.org.uk
+ - (dtucker) [auth-pam.c] Tidy up PAM debugging.  ok djm@
+ - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for
+   display after login.  Should fix problems like pam_motd not displaying
+   anything, noticed by cjwatson at debian.org.  ok djm@
+
+20040212
+ - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh]
+   Portablity fixes. Data sftp transfers needs to be world readable. Some
+   older shells hang on while loops when  doing sh -n some_script. OK dtucker@
+ - (tim) [configure.ac] Make sure -lcrypto is before -lsocket for sco3.
+   ok mouring@
+
+20040211
+ - (dtucker) [auth-passwd.c auth-shadow.c] Only enable shadow expiry check
+   if HAS_SHADOW_EXPIRY is set.
+ - (tim) [configure.ac] Fix comment to match code changes in ver 1.117
+
+20040210
+ - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
+   openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
+   native password expiry.
+ - (dtucker) [LICENCE Makefile.in auth-passwd.c auth-shadow.c auth.c auth.h
+   defines.h] Bug #14: Use do_pwchange to support password expiry and force
+   change for platforms using /etc/shadow.  ok djm@
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #563: Prepend ssh_ to compat
+   functions to avoid conflicts with Heimdal's libroken.  ok djm@
+ - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to
+   change expired PAM passwords for SSHv1 connections without privsep.
+   pam_chauthtok is still used when privsep is disabled.  ok djm@
+ - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
+   include from port-aix.h to port-aix.c and remove unnecessary function
+   definition.  Fixes build errors on AIX.
+ - (dtucker) [configure.ac loginrec.c] Bug #464: Use updwtmpx on platforms
+   that support it.  from & ok mouring@
+ - (dtucker) [configure.ac] Bug #345: Do not disable utmp on HP-UX 10.x.
+   ok djm@
+
+20040207
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2004/02/06 23:41:13
+     [cipher-ctr.c]
+     Use EVP_CIPHER_CTX_key_length for key length.  ok markus@
+     (This will fix builds with OpenSSL 0.9.5)
+ - (dtucker) [cipher.c] enable AES counter modes with OpenSSL 0.9.5.
+   ok djm@, markus@
+
+20040206
+ - (dtucker) [acss.c acss.h] Fix $Id tags.
+ - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with
+   OpenSSL >= 0.9.7.  ok djm@
+ - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
+   user, since some modules might fail due to lack of privilege.  ok djm@
+ - (dtucker) [configure.ac] Bug #748: Always define BROKEN_GETADDRINFO
+   for HP-UX 11.11.  If there are known-good configs where this is not
+   required, please report them.  ok djm@
+ - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
+   accidentally inheriting from root's environment.  ok djm@
+ - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #796:
+   Restore previous authdb setting after auth calls.  Fixes problems with
+   setpcred failing on accounts that use AFS or NIS password registries.
+ - (dtucker) [configure.ac includes.h] Include <sys/stream.h> if present,
+   required on Solaris 2.5.1 for queue_t, which is used by <sys/ptms.h>.
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2004/01/30 09:48:57
+     [auth-passwd.c auth.h pathnames.h session.c]
+     support for password change; ok dtucker@
+     (set password-dead=1w in login.conf to use this).
+     In -Portable, this is currently only platforms using bsdauth.
+   - dtucker@cvs.openbsd.org 2004/02/05 05:37:17
+     [monitor.c sshd.c]
+     Pass SIGALRM through to privsep child if LoginGraceTime expires. ok markus@
+   - markus@cvs.openbsd.org 2004/02/05 15:33:33
+     [progressmeter.c]
+     fix ETA for > 4GB; bugzilla #791; ok henning@ deraadt@
+
+20040129
+ - (dtucker) OpenBSD CVS Sync regress/
+   - dtucker@cvs.openbsd.org 2003/10/11 11:49:49
+     [Makefile banner.sh]
+     Test missing banner file, suppression of banner with ssh -q, check return
+     code from ssh.  ok markus@
+   - jmc@cvs.openbsd.org 2003/11/07 10:16:44
+     [ssh-com.sh]
+     adress -> address, and a few more; all from Jonathon Gray;
+   - djm@cvs.openbsd.org 2004/01/13 09:49:06
+     [sftp-batch.sh]
+ - (dtucker) [configure.ac] Add --without-zlib-version-check.  Feedback from
+   tim@, ok several
+ - (dtucker) [configure.ac openbsd-compat/bsd-cray.c openbsd-compat/bsd-cray.h]
+   Bug #775: Cray fixes from wendy at cray.com
+
+20040128
+ - (dtucker) [regress/README.regress] Add tcpwrappers issue, noted by tim@
+ - (dtucker) [moduli] Import new moduli file from OpenBSD.
+
+20040127
+ - (djm) OpenBSD CVS Sync
+   - hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
+     [cipher.c]
+     enable acss for ssh
+     ok deraadt@ markus@
+   - mouring@cvs.openbsd.org 2004/01/23 17:57:48
+     [sftp-int.c]
+     Fix issue pointed out with ls not handling large directories 
+     with embeded paths correctly.  OK damien@
+   - hshoexer@cvs.openbsd.org 2004/01/23 19:26:33
+     [cipher.c]
+     rename acss@opebsd.org to acss@openssh.org
+     ok deraadt@
+   - djm@cvs.openbsd.org 2004/01/25 03:49:09
+     [sshconnect.c]
+     reset nonblocking flag after ConnectTimeout > 0 connect; (bugzilla #785)
+     from jclonguet AT free.fr; ok millert@
+   - djm@cvs.openbsd.org 2004/01/27 10:08:10
+     [sftp.c]
+     reorder parsing so user:skey@host:file works (bugzilla #777)
+     patch from admorten AT umich.edu; ok markus@
+ - (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS 
+   if libcrypto lacks it
+
+20040126
+ - (tim) Typo in regress/README.regress
+ - (tim) [regress/test-exec.sh] RhostsAuthentication is deprecated.
+ - (tim) [defines.h] Add defines for HFIXEDSZ and T_SIG
+ - (tim) [configure.ac includes.h] add <sys/ptms.h> for grantpt() and friends.
+ - (tim) [defines.h openbsd-compat/getrrsetbyname.h] Move defines for HFIXEDSZ
+   and T_SIG to getrrsetbyname.h
+
+20040124
+ - (djm) Typo in openbsd-compat/bsd-openpty.c; from wendyp AT cray.com
+
+20040123 
+ - (djm) Do pam_session processing for systems with HAVE_LOGIN_CAP; from 
+   ralf.hack AT pipex.net; ok dtucker@
+ - (djm) Bug #776: Update contrib/redhat/openssh.spec to dynamically detect
+   Kerberos location (and thus work with Fedora Core 1);
+   from jason AT devrandom.org
+ - (dtucker) [configure.ac] Bug #788: Test for zlib.h presence and for
+   zlib >= 1.1.4.  Partly from jbasney at ncsa.uiuc.edu.  ok djm@
+ - (dtucker) [contrib/cygwin/README] Document new ssh-host-config options.
+   Patch from vinschen at redhat.com.
+ - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
+   Change AFS symbol to USE_AFS to prevent namespace collisions, do not
+   include kafs.h unless necessary.  From deengert at anl.gov.
+ - (tim) [configure.ac] Remove hard coded -L/usr/local/lib and
+   -I/usr/local/include. Users can do LDFLAGS="-L/usr/local/lib" \
+   CPPFLAGS="-I/usr/local/include" ./configure if needed.
+
+20040122
+ - (dtucker) [configure.ac] Use krb5-config where available for Kerberos/
+   GSSAPI detection, libs and includes.  ok djm@
+ - (dtucker) [session.c] Enable AFS support in conjunction with KRB5 not
+   just HEIMDAL.
+ - (tim) [contrib/solaris/buildpkg.sh] Allow for the possibility of
+   /usr/local being a symbolic link. Fixes problem reported by Henry Grebler.
+
+20040121
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2004/01/13 09:25:05
+     [sftp-int.c sftp.1 sftp.c]
+     Tidy sftp batchmode handling, eliminate junk to stderr (bugzilla #754) and
+     enable use of "-b -" to accept batchfile from stdin; ok markus@
+   - jmc@cvs.openbsd.org 2004/01/13 12:17:33
+     [sftp.1]
+     remove unnecessary Ic's;
+     kill whitespace at EOL;
+     ok djm@
+   - markus@cvs.openbsd.org 2004/01/13 19:23:15
+     [compress.c session.c]
+     -Wall; ok henning
+   - markus@cvs.openbsd.org 2004/01/13 19:45:15
+     [compress.c]
+     cast for portability; millert@
+   - markus@cvs.openbsd.org 2004/01/19 09:24:21
+     [channels.c]
+     fake consumption for half closed channels since the peer is waiting for
+     window adjust messages; bugzilla #790 Matthew Dillon; test + ok dtucker@
+     reproduce with sh -c 'ulimit -f 10; ssh host -n od /bsd | cat > foo'
+   - markus@cvs.openbsd.org 2004/01/19 21:25:15
+     [auth2-hostbased.c auth2-pubkey.c serverloop.c ssh-keysign.c sshconnect2.c]
+     fix mem leaks; some fixes from Pete Flugstad; tested dtucker@
+   - djm@cvs.openbsd.org 2004/01/21 03:07:59
+     [sftp.c]
+     initialise infile in main, rather than statically - from portable
+   - deraadt@cvs.openbsd.org 2004/01/11 21:55:06
+     [sshpty.c]
+     for pty opening, only use the openpty() path.  the other stuff only needs
+     to be in openssh-p; markus ok
+ - (djm) [openbsd-compat/bsd-openpty.c] Rework old sshpty.c code into an
+   openpty() replacement
+
+20040114
+ - (dtucker) [auth-pam.c] Have monitor die if PAM authentication thread exits
+   unexpectedly.  with & ok djm@
+ - (dtucker) [auth-pam.c] Reset signal handler in pthread_cancel too, add
+   test for case where cleanup has already run.
+ - (dtucker) [auth-pam.c] Add minor debugging.
+
+20040113
+ - (dtucker) [auth-pam.c] Relocate struct pam_ctxt and prototypes.  No
+   functional changes.
+
+20040108
+ - (dtucker) [auth-pam.c defines.h] Bug #783: move __unused to defines.h and
+   only define if not already.  From des at freebsd.org.
+ - (dtucker) [configure.ac] Remove extra (typo) comma.
+
+20040105
+ - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails.  Patch from
+   cjwatson at debian.org.
+ - (dtucker) [acconfig.h configure.ac includes.h servconf.c session.c]
+   Only enable KerberosGetAFSToken if Heimdal's libkafs is found.  with jakob@
+
+20040102
+ - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from
+   jakob@
+ - (djm) Remove useless DNS support configure summary message. from jakob@
+ - (djm) OSX/Darwin put the PAM headers in a different place, detect this.
+   Report from jakob@
+
+20031231
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/12/22 09:16:58
+     [moduli.c ssh-keygen.1 ssh-keygen.c]
+     tidy up moduli generation debugging, add -v (verbose/debug) option to
+     ssh-keygen; ok markus@
+   - markus@cvs.openbsd.org 2003/12/22 20:29:55
+     [cipher-3des1.c]
+     EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr
+   - jakob@cvs.openbsd.org 2003/12/23 16:12:10
+     [servconf.c servconf.h session.c sshd_config]
+     implement KerberosGetAFSToken server option. ok markus@, beck@
+   - millert@cvs.openbsd.org 2003/12/29 16:39:50
+     [sshd_config]
+     KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
+   - dtucker@cvs.openbsd.org 2003/12/31 00:24:50
+     [auth2-passwd.c]
+     Ignore password change request during password auth (which we currently
+     don't support) and discard proposed new password.  corrections/ok markus@
+ - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist.
+
+20031219
+ - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
+   typedef size_t ourselves.
+
+20031218
+ - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban.
+ - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive
+   authentication.  Partially fixes bug #423.  Feedback & ok djm@
+
+20031217
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/12/09 15:28:43
+     [serverloop.c]
+     make ClientKeepAlive work for ssh -N, too (no login shell requested).
+     1) send a bogus channel request if we find a channel
+     2) send a bogus global request if we don't have a channel
+     ok + test beck@
+   - markus@cvs.openbsd.org 2003/12/09 17:29:04
+     [sshd.c]
+     fix -o and HUP; ok henning@
+   - markus@cvs.openbsd.org 2003/12/09 17:30:05
+     [ssh.c]
+     don't modify argv for ssh -o; similar to sshd.c 1.283
+   - markus@cvs.openbsd.org 2003/12/09 21:53:37
+     [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
+     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
+     rename keepalive to tcpkeepalive; the old name causes too much
+     confusion; ok djm, dtucker; with help from jmc@
+   - dtucker@cvs.openbsd.org 2003/12/09 23:45:32
+     [clientloop.c]
+     Clear exit code when ssh -N is terminated with a SIGTERM.  ok markus@
+   - markus@cvs.openbsd.org 2003/12/14 12:37:21
+     [ssh_config.5]
+     we don't support GSS KEX; from Simon Wilkinson
+   - markus@cvs.openbsd.org 2003/12/16 15:49:51
+     [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1]
+     [ssh.c ssh_config.5]
+     application layer keep alive (ServerAliveInterval ServerAliveCountMax)
+     for ssh(1), similar to the sshd(8) option; ok beck@; with help from
+     jmc and dtucker@
+   - markus@cvs.openbsd.org 2003/12/16 15:51:54
+     [dh.c]
+     use <= instead of < in dh_estimate; ok provos/hshoexer; 
+     do not return < DH_GRP_MIN
+ - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for
+   setres[ug]id() present but not implemented (eg some Linux/glibc
+   combinations).
+ - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are
+   using a real 'signal()' (Noticed by a NeXT Compile)
+
+20031209
+ - (dtucker) OpenBSD CVS Sync
+   - matthieu@cvs.openbsd.org 2003/11/25 23:10:08
+     [ssh-add.1]
+     ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@.
+   - djm@cvs.openbsd.org 2003/11/26 21:44:29
+     [cipher-aes.c]
+     fix #ifdef before #define; ok markus@
+     (RCS ID sync only, Portable already had this)
+   - markus@cvs.openbsd.org 2003/12/02 12:15:10
+     [progressmeter.c]
+     improvments from andreas@:
+     * saner speed estimate for transfers that takes less than a second by
+       rounding the time to 1 second.
+     * when the transfer is finished calculate the actual total speed
+       rather than the current speed which is given during the transfer
+   - markus@cvs.openbsd.org 2003/12/02 17:01:15
+     [channels.c session.c ssh-agent.c ssh.h sshd.c]
+     use SSH_LISTEN_BACKLOG (=128) in listen(2).
+   - djm@cvs.openbsd.org 2003/12/07 06:34:18
+     [moduli.c]
+     remove unused debugging #define templates
+   - markus@cvs.openbsd.org 2003/12/08 11:00:47
+     [kexgexc.c]
+     print requested group size in debug; ok djm
+   - dtucker@cvs.openbsd.org 2003/12/09 13:52:55
+     [moduli.c]
+     Prevent ssh-keygen -T from outputting moduli with a generator of 0, since
+     they can't be used for Diffie-Hellman.  Assistance and ok djm@
+ - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below.
+
+20031208
+ - (tim) [configure.ac] Bug 770. Fix --without-rpath.
+
+20031123
+ - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own
+   function and call it unconditionally
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/11/23 23:17:34
+     [ssh-keyscan.c]
+     from portable - use sysconf to detect fd limit; ok markus@
+     (tidy diff by adding SSH_SSFDMAX macro to defines.h)
+   - djm@cvs.openbsd.org 2003/11/23 23:18:45
+     [ssh-keygen.c]
+     consistency PATH_MAX -> MAXPATHLEN; ok markus@
+     (RCS ID sync only)
+   - djm@cvs.openbsd.org 2003/11/23 23:21:21
+     [scp.c]
+     from portable: rename clashing variable limit-> limit_rate; ok markus@
+     (RCS ID sync only)
+   - dtucker@cvs.openbsd.org 2003/11/24 00:16:35
+     [ssh.1 ssh.c]
+     Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@
+ - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original 
+   source file path (in OpenBSD tree).
+
+20031122
+ - (dtucker) [channels.c] Make AIX write limit code clearer.  Suggested by djm@
+ - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
+   Move AIX specific password authentication code to port-aix.c, call
+   authenticate() until reenter flag is clear.
+ - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
+   Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
+   is enabled, rely on SIA to check for locked accounts if enabled.  ok djm@
+ - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch
+ - (djm) [sftp-int.c] Remove duplicated code from bogus sync
+ - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code
+
+20031121
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/11/20 11:39:28
+     [progressmeter.c]
+     fix rounding errors; from andreas@
+   - djm@cvs.openbsd.org 2003/11/21 11:57:03
+     [everything]
+     unexpand and delete whitespace at EOL; ok markus@
+     (done locally and RCS IDs synced)
+
+20031118
+ - (djm) Fix early exit for root auth success when UsePAM=yes and 
+   PermitRootLogin=no
+ - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
+   and use it for do_pam_session.  Fixes problems like pam_motd not
+   displaying anything.  ok djm@
+ - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@
+ - (djm) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2003/11/18 00:40:05
+     [serverloop.c]
+     Correct check for authctxt->valid.  ok djm@
+   - djm@cvs.openbsd.org 2003/11/18 10:53:07
+     [monitor.c]
+     unbreak fake authloop for non-existent users (my screwup). Spotted and
+     tested by dtucker@; ok markus@
+
+20031117
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2003/11/03 09:03:37
+     [auth-chall.c]
+     make this a little more idiot-proof; ok markus@
+     (includes portable-specific changes)
+   - jakob@cvs.openbsd.org 2003/11/03 09:09:41
+     [sshconnect.c]
+     move changed key warning into warn_changed_key(). ok markus@
+   - jakob@cvs.openbsd.org 2003/11/03 09:37:32
+     [sshconnect.c]
+     do not free static type pointer in warn_changed_key()
+   - djm@cvs.openbsd.org 2003/11/04 08:54:09
+     [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
+     [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
+     [session.c]
+     standardise arguments to auth methods - they should all take authctxt.
+     check authctxt->valid rather then pw != NULL; ok markus@
+   - jakob@cvs.openbsd.org 2003/11/08 16:02:40
+     [auth1.c]
+     remove unused variable (pw). ok djm@
+     (id sync only - still used in portable)
+   - jmc@cvs.openbsd.org 2003/11/08 19:17:29
+     [sftp-int.c]
+     typos from Jonathon Gray;
+   - jakob@cvs.openbsd.org 2003/11/10 16:23:41
+     [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c]
+     [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c]
+     [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h]
+     constify. ok markus@ & djm@
+   - dtucker@cvs.openbsd.org 2003/11/12 10:12:15
+     [scp.c]
+     When called with -q, pass -q to ssh; suppresses SSH2 banner.  ok markus@
+   - jakob@cvs.openbsd.org 2003/11/12 16:39:58
+     [dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
+     update SSHFP validation. ok markus@
+   - jmc@cvs.openbsd.org 2003/11/12 20:14:51
+     [ssh_config.5]
+     make verb agree with subject, and kill some whitespace;
+   - markus@cvs.openbsd.org 2003/11/14 13:19:09
+     [sshconnect2.c]
+     cleanup and minor fixes for the client code; from Simon Wilkinson
+   - djm@cvs.openbsd.org 2003/11/17 09:45:39
+     [msg.c msg.h sshconnect2.c ssh-keysign.c]
+     return error on msg send/receive failure (rather than fatal); ok markus@
+   - markus@cvs.openbsd.org 2003/11/17 11:06:07
+     [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
+     [monitor_wrap.h sshconnect2.c ssh-gss.h]
+     replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; 
+     test + ok jakob.
+ - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
+   conversation function
+ - (djm) Export environment variables from authentication subprocess to 
+   parent. Part of Bug #717
+
+20031115
+ - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
+   HP-UX, skip test on AIX.
+
+20031113
+ - (dtucker) [auth-pam.c] Append newlines to lines output by the
+   pam_chauthtok_conv().
+ - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All
+   contrib/cygwin).  Major update from vinschen at redhat.com.
+   - Makefile provides a `cygwin-postinstall' target to run right after
+     `make install'.
+   - Better support for Windows 2003 Server.
+   - Try to get permissions as correct as possible.
+   - New command line options to allow full automated host configuration.
+   - Create configs from skeletons in /etc/defaults/etc.
+   - Use /bin/bash, allows reading user input with readline support.
+   - Remove really old configs from /usr/local.
+ - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and
+   PAM_ERROR_MSG messages.
+
+20031106
+ - (djm) Clarify UsePAM consequences a little more
+
+20031103
+ - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
+   are created correctly with CRLF line terminations.  Patch from vinschen at
+   redhat.com.
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/10/15 09:48:45
+     [monitor_wrap.c]
+     check pmonitor != NULL
+   - markus@cvs.openbsd.org 2003/10/21 09:50:06
+     [auth2-gss.c]
+     make sure the doid is larger than 2
+   - avsm@cvs.openbsd.org 2003/10/26 16:57:43
+     [sshconnect2.c]
+     rename 'supported' static var in userauth_gssapi() to 'gss_supported'
+     to avoid shadowing the global version.  markus@ ok
+   - markus@cvs.openbsd.org 2003/10/28 09:08:06
+     [misc.c]
+     error->debug for getsockopt+TCP_NODELAY; several requests
+   - markus@cvs.openbsd.org 2003/11/02 11:01:03
+     [auth2-gss.c compat.c compat.h sshconnect2.c]
+     remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk
+ - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid.
+
+20031021
+ - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords
+   directly.  Noted by Darren.Moffat at sun.com.
+ - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set,
+   make agent setgid during test.
+
+20031017
+ - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with
+   MD5 passwords even if PAM support is enabled.  From steev at detritus.net.
+
+20031015
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2003/10/08 08:27:36
+     [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
+     scp and sftp: add options list and sort options. options list requested
+     by deraadt@
+     sshd: use same format as ssh
+     ssh: remove wrong option from list
+     sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
+     ok deraadt@ markus@
+   - markus@cvs.openbsd.org 2003/10/08 15:21:24
+     [readconf.c ssh_config.5]
+     default GSS API to no in client, too; ok jakob, deraadt@
+   - markus@cvs.openbsd.org 2003/10/11 08:24:08
+     [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
+     remote x11 clients are now untrusted by default, uses xauth(8) to generate
+     untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
+     ok deraadt; feedback and ok djm/fries
+   - markus@cvs.openbsd.org 2003/10/11 08:26:43
+     [sshconnect2.c]
+     search keys in reverse order; fixes #684
+   - markus@cvs.openbsd.org 2003/10/11 11:36:23
+     [monitor_wrap.c]
+     return NULL for missing banner; ok djm@
+   - jmc@cvs.openbsd.org 2003/10/12 13:12:13
+     [ssh_config.5]
+     note that EnableSSHKeySign should be in the non-hostspecific section;
+     remove unnecessary .Pp;
+     ok markus@
+   - markus@cvs.openbsd.org 2003/10/13 08:22:25
+     [scp.1 sftp.1]
+     don't refer to options related to forwarding; ok jmc@
+   - jakob@cvs.openbsd.org 2003/10/14 19:42:10
+     [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
+     include SSHFP lookup code (not enabled by default). ok markus@
+   - jakob@cvs.openbsd.org 2003/10/14 19:43:23
+     [README.dns]
+     update
+   - markus@cvs.openbsd.org 2003/10/14 19:54:39
+     [session.c ssh-agent.c]
+     10X for mkdtemp; djm@
+ - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
+   openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
+   compiled in but disabled in config.
+ - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode.
+ - (tim) [regress/banner.sh] portability fix.
+
+20031009
+ - (dtucker) [sshd_config.5] UsePAM defaults to "no".  ok djm@
+
+20031008
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2003/10/07 01:47:27
+     [sshconnect2.c]
+     Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 &
+     #707.  ok markus@
+   - djm@cvs.openbsd.org 2003/10/07 07:04:16
+     [sftp-int.c]
+     sftp quoting fix from admorten AT umich.edu; ok markus@
+   - deraadt@cvs.openbsd.org 2003/10/07 21:58:28
+     [sshconnect2.c]
+     set ptr to NULL after free
+   - dtucker@cvs.openbsd.org 2003/10/07 01:52:13
+     [regress/Makefile regress/banner.sh]
+     Test SSH2 banner.  ok markus@
+   - djm@cvs.openbsd.org 2003/10/07 07:04:52
+     [regress/sftp-cmds.sh]
+     more sftp quoting regress tests; ok markus
+
+20031007
+ - (djm) Delete autom4te.cache after autoreconf
+ - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static
+   cleanup functions.  With & ok djm@
+ - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a
+   run-time switch, always build --with-md5-passwords.
+ - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
+   Bug #670: add strtoul() to openbsd-compat for platforms lacking it.  ok djm@
+ - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID
+   on Reliant Unix.  Patch from Robert.Dahlem at siemens.com.
+ - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on
+   Reliant Unix.  Based on patch from Robert.Dahlem at siemens.com.
+
+20031003
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/10/02 10:41:59
+     [sshd.c]
+     print openssl version, too, several requests; ok henning/djm.
+   - markus@cvs.openbsd.org 2003/10/02 08:26:53
+     [ssh-gss.h]
+     missing $OpenBSD:; dtucker
+ - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default
+   option.
+
+20031002
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/09/23 20:17:11
+     [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c
+     cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h
+     monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h
+     ssh-agent.c sshd.c]
+     replace fatal_cleanup() and linked list of fatal callbacks with static
+     cleanup_exit() function.  re-refine cleanup_exit() where appropriate,
+     allocate sshd's authctxt eary to allow simpler cleanup in sshd.
+     tested by many, ok deraadt@
+   - markus@cvs.openbsd.org 2003/09/23 20:18:52
+     [progressmeter.c]
+     don't print trailing \0; bug #709; Robert.Dahlem@siemens.com
+     ok millert/deraadt@
+   - markus@cvs.openbsd.org 2003/09/23 20:41:11
+     [channels.c channels.h clientloop.c]
+     move client only agent code to clientloop.c
+   - markus@cvs.openbsd.org 2003/09/26 08:19:29
+     [sshd.c]
+     no need to set the listen sockets to non-block; ok deraadt@
+   - jmc@cvs.openbsd.org 2003/09/29 11:40:51
+     [ssh.1]
+     - add list of options to -o and .Xr ssh_config(5)
+     - some other cleanup
+     requested by deraadt@;
+     ok deraadt@ markus@
+   - markus@cvs.openbsd.org 2003/09/29 20:19:57
+     [servconf.c sshd_config]
+     GSSAPICleanupCreds -> GSSAPICleanupCredentials
+ - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring
+   --with-pam.  ok djm@
+ - (dtucker) [ssh-gss.h] Prototype change missed in sync.
+ - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations.
+   Based on patches by Matthias Koeppe and Thomas Baden.  ok djm@
+
+20030930
+ - (bal) Fix issues in openbsd-compat/realpath.c
+
+20030925
+ - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove
+   DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam.  Patch from
+   michael_steffens at hp.com, ok djm@
+ - (tim) [sshd_config] UsePAM defaults to no.
+
+20030924
+ - (djm) Update version.h and spec files for HEAD
+ - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6.
+
+20030923
+ - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree
+   builds.  Portability corrections from tim@.
+ - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X.
+   Patch from max at quendi.de.
+ - (dtucker) [configure.ac] Bug #657: uid swapping issues on BSDi.
+ - (dtucker) [configure.ac] Bug #653: uid swapping issues on Tru64.
+ - (dtucker) [configure.ac] Bug #693: uid swapping issues on NCR MP-RAS.
+   Patch from david.haughton at ncr.com
+ - (dtucker) [configure.ac] Bug #659: uid swapping issues on IRIX 6.
+   Part of patch supplied by bugzilla-openssh at thewrittenword.com
+ - (dtucker) [configure.ac openbsd-compat/fake-rfc2553.c
+   openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with
+   where gai_strerror is defined as "const char *".  Part of patch supplied
+   by bugzilla-openssh at thewrittenword.com
+ - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update
+   ssh-host-config to match current defaults, bump README version.  Patch from
+   vinschen at redhat.com.
+ - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the
+   OS does not support permanently dropping privileges.  Patch from
+   vinschen at redhat.com.
+ - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
+   add canohost.h to stop warning.  Based on patch from openssh-unix-dev at
+   thewrittenword.com
+ - (dtucker) [INSTALL] Bug #686: Document requirement for zlib 1.1.4 or
+   higher.
+ - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/
+ - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN.
+   Report by distler AT golem ph utexas edu.
+ - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from
+   article by genty at austin.ibm.com, included with the author's permission.
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/09/18 07:52:54
+     [sshconnect.c]
+     missing {}; bug #656; jclonguet at free.fr
+   - markus@cvs.openbsd.org 2003/09/18 07:54:48
+     [buffer.c]
+     protect against double free; #660;  zardoz at users.sf.net
+   - markus@cvs.openbsd.org 2003/09/18 07:56:05
+     [authfile.c]
+     missing  buffer_free(&encrypted); #662; zardoz at users.sf.net
+   - markus@cvs.openbsd.org 2003/09/18 08:49:45
+     [deattack.c misc.c session.c ssh-agent.c]
+     more buffer allocation fixes; from Solar Designer; CAN-2003-0682;
+     ok millert@
+   - miod@cvs.openbsd.org 2003/09/18 13:02:21
+     [authfd.c bufaux.c dh.c mac.c ssh-keygen.c]
+     A few signedness fixes for harmless situations; markus@ ok
+   - markus@cvs.openbsd.org 2003/09/19 09:02:02
+     [packet.c]
+     buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471
+   - markus@cvs.openbsd.org 2003/09/19 09:03:00
+     [buffer.c]
+     sign fix in buffer_dump; Jedi/Sector One; pr 3473
+   - markus@cvs.openbsd.org 2003/09/19 11:29:40
+     [ssh-agent.c]
+     provide a ssh-agent specific fatal() function; ok deraadt
+   - markus@cvs.openbsd.org 2003/09/19 11:30:39
+     [ssh-keyscan.c]
+     avoid fatal_cleanup, just call exit(); ok deraadt
+   - markus@cvs.openbsd.org 2003/09/19 11:31:33
+     [channels.c]
+     do not call channel_free_all on fatal; ok deraadt
+   - markus@cvs.openbsd.org 2003/09/19 11:33:09
+     [packet.c sshd.c]
+     do not call packet_close on fatal; ok deraadt
+   - markus@cvs.openbsd.org 2003/09/19 17:40:20
+     [scp.c]
+     error handling for remote-remote copy; #638; report Harald Koenig;
+     ok millert, fgs, henning, deraadt
+   - markus@cvs.openbsd.org 2003/09/19 17:43:35
+     [clientloop.c sshtty.c sshtty.h]
+     remove fatal callbacks from client code; ok deraadt
+ - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john
+        on #unixhelp@efnet
+ - (tim) [configure.ac] add --disable-etc-default-login option. ok djm
+ - (djm) Sync with V_3_7 branch:
+   - (djm) Fix SSH1 challenge kludge
+   - (djm) Bug #671: Fix builds on OpenBSD
+   - (djm) Bug #676: Fix PAM stack corruption
+   - (djm) Fix bad free() in PAM code
+   - (djm) Don't call pam_end before pam_init
+   - (djm) Enable build with old OpenSSL again
+   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
+   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
+
+20030919
+ - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL;
+   djast AT cs.toronto.edu
+ - (djm) Bug #661: Remove duplicate check for basename; from 
+   bugzilla-openssh AT thewrittenword.com
+ - (djm) Bug #641: Allow RedHat RPM building without GTK-2; Patch from
+   jason AT devrandom.org
+ - (djm) Bug #646: Fix location of x11-ssh-askpass; Jim
+ - (dtucker) [openbsd-compat/port-aix.h] Bug #640: Don't include audit.h
+   unless required.  Reorder to reduce warnings.
+ - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref
+   when /etc/default/login doesn't exist or isn't readable.  Fixes from
+   jparsons-lists at saffron.net and georg.oppenberg at deu mci com.
+ - (dtucker) [acconfig.h] Updated basename test needs HAVE_BASENAME
+
+20030918
+ - (djm) Bug #652: Fix empty password auth
+
+20030917
+ - (djm) Sync with V_3_7 branch
+ - (djm) OpenBSD Sync
+   - markus@cvs.openbsd.org 2003/09/16 21:02:40
+     [buffer.c channels.c version.h]
+     more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU
+ - (djm) Crank RPM spec file versions
+ - (tim) [openbsd-compat/inet_ntoa.c] 20030917 "Sync with V_3_7 branch" undid
+   20030916 "Missed dead header in inet_ntoa.c"
+ 
 20030916
  - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve
    PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it
@@ -7,10 +831,8 @@
    - deraadt@cvs.openbsd.org 2003/09/16 03:03:47
      [buffer.c]
      do not expand buffer before attempting to reallocate it; markus ok
- - (djm) Crank spec versions
- - (djm) Banish (safe) sprintf from auth-pam.c. Patch from bal
  - (tim) [configure.ac] Fix portability issues.
- - (djm) Release 3.7p1
+ - (bal) Missed dead header in inet_ntoa.c
 
 20030914
  - (dtucker) [Makefile regress/Makefile] Fix portability issues preventing
@@ -1107,4 +1929,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2994.2.4 2003/09/16 06:00:52 djm Exp $
+$Id: ChangeLog,v 1.3257 2004/02/24 06:13:28 djm Exp $
diff --git a/INSTALL b/INSTALL
index 93070b105..a1c0e4b6b 100644
--- a/INSTALL
+++ b/INSTALL
@@ -3,22 +3,22 @@
 
 You will need working installations of Zlib and OpenSSL.
 
-Zlib:
-http://www.gzip.org/zlib/ 
+Zlib 1.1.4 or greater:
+http://www.gzip.org/zlib/
 
 OpenSSL 0.9.6 or greater:
 http://www.openssl.org/
 
-(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 
+(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
 Blowfish) do not work correctly.)
 
 OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
 supports it. PAM is standard on Redhat and Debian Linux, Solaris and
 HP-UX 11.
 
-NB. If you operating system supports /dev/random, you should configure 
-OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of 
-/dev/random. If you don't you will have to rely on ssh-rand-helper, which 
+NB. If you operating system supports /dev/random, you should configure
+OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
+/dev/random. If you don't you will have to rely on ssh-rand-helper, which
 is inferior to a good kernel-based solution.
 
 PAM:
@@ -33,11 +33,11 @@ http://www.gnome.org/
 Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11
 passphrase requester. This is maintained separately at:
 
-http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
+http://www.jmknoble.net/software/x11-ssh-askpass/
 
 PRNGD:
 
-If your system lacks Kernel based random collection, the use of Lutz 
+If your system lacks Kernel based random collection, the use of Lutz
 Jaenicke's PRNGd is recommended.
 
 http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
@@ -54,7 +54,7 @@ http://www.sparc.spb.su/solaris/skey/
 
 If you wish to use --with-skey then you will need the above library
 installed.  No other current S/Key library is currently known to be
-supported. 
+supported.
 
 2. Building / Installation
 --------------------------
@@ -73,7 +73,7 @@ installation prefix, use the --prefix option to configure:
 make
 make install
 
-Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override 
+Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override
 specific paths, for example:
 
 ./configure --prefix=/opt --sysconfdir=/etc/ssh
@@ -101,56 +101,45 @@ name).
 
 There are a few other options to the configure script:
 
---with-pam enables PAM support.
+--with-pam enables PAM support. If PAM support is compiled in, it must
+also be enabled in sshd_config (refer to the UsePAM directive).
 
---enable-gnome-askpass will build the GNOME passphrase dialog. You
-need a working installation of GNOME, including the development
-headers, for this to work.
-
---with-prngd-socket=/some/file allows you to enable EGD or PRNGD 
-support and to specify a PRNGd socket. Use this if your Unix lacks 
-/dev/random and you don't want to use OpenSSH's builtin entropy 
+--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
+support and to specify a PRNGd socket. Use this if your Unix lacks
+/dev/random and you don't want to use OpenSSH's builtin entropy
 collection support.
 
---with-prngd-port=portnum allows you to enable EGD or PRNGD support 
-and to specify a EGD localhost TCP port. Use this if your Unix lacks 
-/dev/random and you don't want to use OpenSSH's builtin entropy 
+--with-prngd-port=portnum allows you to enable EGD or PRNGD support
+and to specify a EGD localhost TCP port. Use this if your Unix lacks
+/dev/random and you don't want to use OpenSSH's builtin entropy
 collection support.
 
---with-lastlog=FILE will specify the location of the lastlog file. 
+--with-lastlog=FILE will specify the location of the lastlog file.
 ./configure searches a few locations for lastlog, but may not find
 it if lastlog is installed in a different place.
 
 --without-lastlog will disable lastlog support entirely.
 
---with-osfsia, --without-osfsia will enable or disable OSF1's Security 
+--with-osfsia, --without-osfsia will enable or disable OSF1's Security
 Integration Architecture.  The default for OSF1 machines is enable.
 
---with-kerberos4=PATH will enable Kerberos IV support. You will need
-to have the Kerberos libraries and header files installed for this
-to work. Use the optional PATH argument to specify the root of your
-Kerberos installation.
-
---with-afs=PATH will enable AFS support. You will need to have the
-Kerberos IV and the AFS libraries and header files installed for this
-to work.  Use the optional PATH argument to specify the root of your
-AFS installation. AFS requires Kerberos support to be enabled.
-
---with-skey=PATH will enable S/Key one time password support. You will 
+--with-skey=PATH will enable S/Key one time password support. You will
 need the S/Key libraries and header files installed for this to work.
 
 --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
 support. You will need libwrap.a and tcpd.h installed.
 
 --with-md5-passwords will enable the use of MD5 passwords. Enable this
-if your operating system uses MD5 passwords without using PAM.
+if your operating system uses MD5 passwords and the system crypt() does
+not support them directly (see the crypt(3/3c) man page). If enabled, the
+resulting binary will support both MD5 and traditional crypt passwords.
 
---with-utmpx enables utmpx support. utmpx support is automatic for 
+--with-utmpx enables utmpx support. utmpx support is automatic for
 some platforms.
 
 --without-shadow disables shadow password support.
 
---with-ipaddr-display forces the use of a numeric IP address in the 
+--with-ipaddr-display forces the use of a numeric IP address in the
 $DISPLAY environment variable. Some broken systems need this.
 
 --with-default-path=PATH allows you to specify a default $PATH for sessions
@@ -161,12 +150,6 @@ created.
 
 --with-xauth=PATH specifies the location of the xauth binary
 
---with-ipv4-default instructs OpenSSH to use IPv4 by default for new
-connections. Normally OpenSSH will try attempt to lookup both IPv6 and
-IPv4 addresses. On Linux/glibc-2.1.2 this causes long delays in name
-resolution. If this option is specified, you can still attempt to 
-connect to IPv6 addresses using the command line option '-6'.
-
 --with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
 are installed.
 
@@ -186,35 +169,35 @@ CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
 3. Configuration
 ----------------
 
-The runtime configuration files are installed by in ${prefix}/etc or 
+The runtime configuration files are installed by in ${prefix}/etc or
 whatever you specified as your --sysconfdir (/usr/local/etc by default).
 
-The default configuration should be instantly usable, though you should 
+The default configuration should be instantly usable, though you should
 review it to ensure that it matches your security requirements.
 
 To generate a host key, run "make host-key". Alternately you can do so
-manually using the following commands: 
+manually using the following commands:
 
     ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ""
     ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
     ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
 
 Replacing /etc/ssh with the correct path to the configuration directory.
-(${prefix}/etc or whatever you specified with --sysconfdir during 
+(${prefix}/etc or whatever you specified with --sysconfdir during
 configuration)
 
 If you have configured OpenSSH with EGD support, ensure that EGD is
 running and has collected some Entropy.
 
-For more information on configuration, please refer to the manual pages 
+For more information on configuration, please refer to the manual pages
 for sshd, ssh and ssh-agent.
 
 4. Problems?
 ------------
 
-If you experience problems compiling, installing or running OpenSSH. 
+If you experience problems compiling, installing or running OpenSSH.
 Please refer to the "reporting bugs" section of the webpage at
 http://www.openssh.com/
 
 
-$Id: INSTALL,v 1.56 2003/05/24 01:41:16 dtucker Exp $
+$Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $
diff --git a/LICENCE b/LICENCE
index b47556dda..d8c157304 100644
--- a/LICENCE
+++ b/LICENCE
@@ -45,16 +45,16 @@ OpenSSH contains no GPL code.
     software are publicly available on the Internet and at any major
     bookstore, scientific library, and patent office worldwide.  More
     information can be found e.g. at "http://www.cs.hut.fi/crypto".
-    
+
     The legal status of this program is some combination of all these
     permissions and restrictions.  Use only at your own responsibility.
     You will be responsible for any legal consequences yourself; I am not
     making any claims whether possessing or using this is legal or not in
     your country, and I am not taking any responsibility on your behalf.
-    
-    
-                            NO WARRANTY
-    
+
+
+                            NO WARRANTY
+
     BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
     FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
     OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
@@ -64,7 +64,7 @@ OpenSSH contains no GPL code.
     TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
     PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
     REPAIR OR CORRECTION.
-    
+
     IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
     WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
     REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
@@ -112,15 +112,15 @@ OpenSSH contains no GPL code.
     with the following license:
 
      * @version 3.0 (December 2000)
-     * 
+     *
      * Optimised ANSI C code for the Rijndael cipher (now AES)
-     * 
+     *
      * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
      * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
      * @author Paulo Barreto <paulo.barreto@terra.com.br>
-     * 
+     *
      * This code is hereby placed in the public domain.
-     * 
+     *
      * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
      * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
      * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -177,13 +177,12 @@ OpenSSH contains no GPL code.
         Damien Miller
         Kevin Steves
         Daniel Kouril
-        Per Allansson
         Wesley Griffin
         Per Allansson
         Nils Nordman
         Simon Wilkinson
 
-    Portable OpenSSH additionally includes code from the following copyright 
+    Portable OpenSSH additionally includes code from the following copyright
     holders, also under the 2-term BSD license:
 
         Ben Lindstrom
@@ -203,6 +202,7 @@ OpenSSH contains no GPL code.
         Todd C. Miller
         Wayne Schroeder
         William Jones
+        Darren Tucker
 
      * Redistribution and use in source and binary forms, with or without
      * modification, are permitted provided that the following conditions
@@ -229,24 +229,24 @@ OpenSSH contains no GPL code.
     a) md5crypt.c, md5crypt.h
 
          * "THE BEER-WARE LICENSE" (Revision 42):
-         * <phk@login.dknet.dk> wrote this file.  As long as you retain this 
-         * notice you can do whatever you want with this stuff. If we meet 
-         * some day, and you think this stuff is worth it, you can buy me a 
+         * <phk@login.dknet.dk> wrote this file.  As long as you retain this
+         * notice you can do whatever you want with this stuff. If we meet
+         * some day, and you think this stuff is worth it, you can buy me a
          * beer in return.   Poul-Henning Kamp
 
     b) snprintf replacement
 
         * Copyright Patrick Powell 1995
-        * This code is based on code written by Patrick Powell 
-        * (papowell@astart.com) It may be used for any purpose as long as this 
+        * This code is based on code written by Patrick Powell
+        * (papowell@astart.com) It may be used for any purpose as long as this
         * notice remains intact on all source code distributions
 
     c) Compatibility code (openbsd-compat)
 
-       Apart from the previously mentioned licenses, various pieces of code 
+       Apart from the previously mentioned licenses, various pieces of code
        in the openbsd-compat/ subdirectory are licensed as follows:
 
-       Some code is licensed under a 3-term BSD license, to the following 
+       Some code is licensed under a 3-term BSD license, to the following
        copyright holders:
 
         Todd C. Miller
@@ -279,7 +279,7 @@ OpenSSH contains no GPL code.
         * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
         * SUCH DAMAGE.
 
-       Some code is licensed under an ISC-style license, to the following 
+       Some code is licensed under an ISC-style license, to the following
        copyright holders:
 
         Internet Software Consortium.
@@ -297,7 +297,7 @@ OpenSSH contains no GPL code.
         * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
         * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-       Some code is licensed under a MIT-style license to the following 
+       Some code is licensed under a MIT-style license to the following
        copyright holders:
 
         Free Software Foundation, Inc.
@@ -329,4 +329,4 @@ OpenSSH contains no GPL code.
 
 
 ------
-$OpenBSD: LICENCE,v 1.17 2003/08/22 20:55:06 markus Exp $
+$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index 8a8774461..919b36819 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.249 2003/09/14 01:40:36 dtucker Exp $
+# $Id: Makefile.in,v 1.257 2004/02/18 03:35:11 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -61,12 +61,13 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
 
-LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
-        cipher.o  cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \
-        compat.o compress.o crc32.o deattack.o fatal.o \
-        hostfile.o log.o match.o moduli.o mpaux.o nchan.o packet.o \
-        readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
-        key.o dispatch.o kex.o mac.o uuencode.o misc.o \
+LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
+        canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+        cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
+        compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
+        log.o match.o moduli.o mpaux.o nchan.o packet.o \
+        readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
+        atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \
         rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
         kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
         entropy.o scard-opensc.o gss-genr.o
@@ -84,7 +85,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         kexdhs.o kexgexs.o \
         auth-krb5.o \
         auth2-gss.o gss-serv.o gss-serv-krb5.o \
-        loginrec.o auth-pam.o auth-sia.o md5crypt.o
+        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o
 
 MANPAGES        = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN     = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@@ -140,25 +141,25 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
         $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
-        $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+        $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o
-        $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+        $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
-        $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+        $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o
-        $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+        $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
-        $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) 
+        $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
-        $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+        $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
-sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o
-        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
         $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -192,20 +193,18 @@ ssh_prng_cmds.out:	ssh_prng_cmds
 moduli:
         echo
 
-clean:
-        rm -f *.o *.a $(TARGETS) logintest config.cache config.log 
-        rm -f *.out core 
+clean:  regressclean
+        rm -f *.o *.a $(TARGETS) logintest config.cache config.log
+        rm -f *.out core
         (cd openbsd-compat && $(MAKE) clean)
-        (cd regress && $(MAKE) clean)
 
-distclean:
-        rm -f *.o *.a $(TARGETS) logintest config.cache config.log 
+distclean:      regressclean
+        rm -f *.o *.a $(TARGETS) logintest config.cache config.log
         rm -f *.out core
         rm -f Makefile config.h config.status ssh_prng_cmds *~
         rm -rf autom4te.cache
         (cd openbsd-compat && $(MAKE) distclean)
         (cd scard && $(MAKE) distclean)
-        (cd regress && $(MAKE) distclean)
 
 veryclean: distclean
         rm -f configure config.h.in *.0
@@ -224,6 +223,7 @@ catman-do:
 
 distprep: catman-do
         $(AUTORECONF)
+        -rm -rf autom4te.cache
         (cd scard && $(MAKE) -f Makefile.in distprep)
 
 install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config
@@ -344,7 +344,7 @@ uninstallall:	uninstall
         -rmdir $(DESTDIR)$(mandir)
         -rmdir $(DESTDIR)$(libexecdir)
 
-uninstall: 
+uninstall:
         -rm -f $(DESTDIR)$(bindir)/slogin
         -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
         -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)
@@ -373,6 +373,9 @@ uninstall:
 tests:  $(TARGETS)
         BUILDDIR=`pwd`; \
         [ -d `pwd`/regress ]  ||  mkdir -p `pwd`/regress; \
+        [ -f `pwd`/regress/Makefile ]  || \
+            ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \
+        TEST_SHELL="@TEST_MINUS_S_SH@"; \
         TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
         TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
         TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
@@ -388,6 +391,7 @@ tests:	$(TARGETS)
                 BUILDDIR="$${BUILDDIR}" \
                 OBJ="$${BUILDDIR}/regress/" \
                 PATH="$${BUILDDIR}:$${PATH}" \
+                TEST_SHELL="$${TEST_SHELL}" \
                 TEST_SSH_SSH="$${TEST_SSH_SSH}" \
                 TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
                 TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
@@ -398,3 +402,8 @@ tests:	$(TARGETS)
                 TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
                 EXEEXT="$(EXEEXT)" \
                 $@
+
+regressclean:
+        if [ -f regress/Makefile -a -r regress/Makefile ]; then \
+                (cd regress && $(MAKE) clean) \
+        fi
diff --git a/OVERVIEW b/OVERVIEW
index ff03ecab2..df46ec28a 100644
--- a/OVERVIEW
+++ b/OVERVIEW
@@ -5,7 +5,7 @@ to developers.]
 
 This document is intended for those who wish to read the ssh source
 code.  This tries to give an overview of the structure of the code.
-      
+
 Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>
 Updated 17 Nov 1995.
 Updated 19 Oct 1999 for OpenSSH-1.2
@@ -20,7 +20,7 @@ There are some subsystems/abstractions that are used by a number of
 these programs.
 
   Buffer manipulation routines
-      
+
     - These provide an arbitrary size buffer, where data can be appended.
       Data can be consumed from either end.  The code is used heavily
       throughout ssh.  The basic buffer manipulation functions are in
@@ -28,7 +28,7 @@ these programs.
       data types is in bufaux.c.
 
   Compression Library
-  
+
     - Ssh uses the GNU GZIP compression library (ZLIB).
 
   Encryption/Decryption
@@ -89,7 +89,7 @@ these programs.
       code is linked into the server.  The routines also manipulate
       known hosts files using code in hostfile.c.  Code in canohost.c
       is used to retrieve the canonical host name of the remote host.
-      Code in match.c is used to match host names.  
+      Code in match.c is used to match host names.
 
     - In the client end, authentication code is in sshconnect.c.  It
       reads Passwords/passphrases using code in readpass.c.  It reads
@@ -147,10 +147,10 @@ these programs.
       operations, and finally the server enters the normal session
       mode by calling server_loop in serverloop.c.  This does the real
       work, calling functions in other modules.
-      
+
     - The code for the server is in sshd.c.  It contains a lot of
       stuff, including:
-        - server main program
+        - server main program
         - waiting for connections
         - processing new connection
         - authentication
@@ -162,9 +162,9 @@ these programs.
 
     - There are several other files in the distribution that contain
       various auxiliary routines:
-        ssh.h        the main header file for ssh (various definitions)
-        getput.h     byte-order independent storage of integers
-        includes.h   includes most system headers.  Lots of #ifdefs.
+        ssh.h        the main header file for ssh (various definitions)
+        getput.h     byte-order independent storage of integers
+        includes.h   includes most system headers.  Lots of #ifdefs.
         tildexpand.c expand tilde in file names
         uidswap.c    uid-swapping
         xmalloc.c    "safe" malloc routines
diff --git a/README b/README
index 5709fbeaf..7e918fe08 100644
--- a/README
+++ b/README
@@ -1,4 +1,7 @@
-- A Japanese translation of this document and of the OpenSSH FAQ is 
+See:
+http://www.openssh.com/txt/release-3.8 for the release notes.
+
+- A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
 - Thanks to HARUYAMA Seigo <haruyama@unixuser.org>
 
@@ -13,10 +16,10 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
 and Dug Song. It has a homepage at http://www.openssh.com/
 
 This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements 
-for OpenBSD library functions that are (regrettably) absent from other 
-unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, 
-Irix and AIX. Support for SCO, NeXT and other Unices is underway. 
+support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
+for OpenBSD library functions that are (regrettably) absent from other
+unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
+Irix and AIX. Support for SCO, NeXT and other Unices is underway.
 This version actively tracks changes in the OpenBSD CVS repository.
 
 The PAM support is now more functional than the popular packages of
@@ -32,20 +35,20 @@ Please send bug reports and patches to the mailing list
 openssh-unix-dev@mindrot.org. The list is open to posting by
 unsubscribed users.
 
-If you are a citizen of an USA-embargoed country to which export of 
-cryptographic products is restricted, then please refrain from sending 
+If you are a citizen of an USA-embargoed country to which export of
+cryptographic products is restricted, then please refrain from sending
 crypto-related code or patches to the list. We cannot accept them.
 Other code contribution are accepted, but please follow the OpenBSD
 style guidelines[6].
 
 Please refer to the INSTALL document for information on how to install
-OpenSSH on your system. There are a number of differences between this 
+OpenSSH on your system. There are a number of differences between this
 port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
 for details and general tips.
 
 Damien Miller <djm@mindrot.org>
 
-Miscellania - 
+Miscellania -
 
 This version of OpenSSH is based upon code retrieved from the OpenBSD
 CVS repository which in turn was based on the last free sample
@@ -63,4 +66,4 @@ References -
 [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
 [7] http://www.openssh.com/faq.html
 
-$Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $
+$Id: README,v 1.53 2004/02/24 05:13:24 dtucker Exp $
diff --git a/README.dns b/README.dns
index e24092e03..97879183e 100644
--- a/README.dns
+++ b/README.dns
@@ -1,17 +1,13 @@
 How to verify host keys using OpenSSH and DNS
 ---------------------------------------------
 
-OpenSSH contains experimental support for verifying host keys using DNS
-as described in draft-ietf-secsh-dns-xx.txt. The document contains
-very brief instructions on how to test this feature. Configuring DNS
-and DNSSEC is out of the scope of this document.
+OpenSSH contains support for verifying host keys using DNS as described in
+draft-ietf-secsh-dns-05.txt. The document contains very brief instructions
+on how to use this feature. Configuring DNS is out of the scope of this
+document.
 
 
-(1) Enable DNS fingerprint support in OpenSSH
-
-        configure --with-dns
-
-(2) Generate and publish the DNS RR
+(1) Server: Generate and publish the DNS RR
 
 To create a DNS resource record (RR) containing a fingerprint of the
 public host key, use the following command:
@@ -24,15 +20,14 @@ you should generate one RR for each key.
 
 In the example above, ssh-keygen will print the fingerprint in a
 generic DNS RR format parsable by most modern name server
-implementations. If your nameserver has support for the SSHFP RR, as
-defined by the draft, you can omit the -g flag and ssh-keygen will
-print a standard RR.
+implementations. If your nameserver has support for the SSHFP RR
+you can omit the -g flag and ssh-keygen will print a standard SSHFP RR.
 
 To publish the fingerprint using the DNS you must add the generated RR
 to your DNS zone file and sign your zone.
 
 
-(3) Enable the ssh client to verify host keys using DNS
+(2) Client: Enable ssh to verify host keys using DNS
 
 To enable the ssh client to verify host keys using DNS, you have to
 add the following option to the ssh configuration file
@@ -49,4 +44,4 @@ the remote host key, the user will be notified.
         Wesley Griffin
 
 
-$OpenBSD: README.dns,v 1.1 2003/05/14 18:16:20 jakob Exp $
+$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $
diff --git a/README.platform b/README.platform
new file mode 100644
index 000000000..c4d0c74f8
--- /dev/null
+++ b/README.platform
@@ -0,0 +1,22 @@
+This file contains notes about OpenSSH on specific platforms.
+
+AIX
+---
+As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry
+settings, where previously it did not.  Because of this, it's possible for
+sites that have used OpenSSH's sshd exclusively to have accounts which
+have passwords expired longer than the inactive time (ie the "Weeks between
+password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired
+chuser attribute).
+
+Accounts in this state must have their passwords reset manually by the
+administrator.  As a precaution, it is recommended that the administrative
+passwords be reset before upgrading from OpenSSH <3.8.
+
+Solaris
+-------
+Currently, sshd does not support BSM auditting.  This can show up as errors
+when editting cron entries via crontab.  See.
+http://bugzilla.mindrot.org/show_bug.cgi?id=125
+
+$Id: README.platform,v 1.1 2004/02/24 05:14:41 dtucker Exp $
diff --git a/README.privsep b/README.privsep
index 64adad83b..9d48bbcf9 100644
--- a/README.privsep
+++ b/README.privsep
@@ -1,15 +1,15 @@
 Privilege separation, or privsep, is method in OpenSSH by which
 operations that require root privilege are performed by a separate
 privileged monitor process.  Its purpose is to prevent privilege
-escalation by containing corruption to an unprivileged process.  
+escalation by containing corruption to an unprivileged process.
 More information is available at:
         http://www.citi.umich.edu/u/provos/ssh/privsep.html
 
 Privilege separation is now enabled by default; see the
 UsePrivilegeSeparation option in sshd_config(5).
 
-On systems which lack mmap or anonymous (MAP_ANON) memory mapping, 
-compression must be disabled in order for privilege separation to 
+On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
+compression must be disabled in order for privilege separation to
 function.
 
 When privsep is enabled, during the pre-authentication phase sshd will
@@ -38,9 +38,9 @@ privsep user and chroot directory:
 Privsep requires operating system support for file descriptor passing.
 Compression will be disabled on systems without a working mmap MAP_ANON.
 
-PAM-enabled OpenSSH is known to function with privsep on Linux.  
+PAM-enabled OpenSSH is known to function with privsep on Linux.
 It does not function on HP-UX with a trusted system
-configuration. 
+configuration.
 
 On Compaq Tru64 Unix, only the pre-authentication part of privsep is
 supported.  Post-authentication privsep is disabled automatically (so
@@ -61,4 +61,4 @@ process 1005 is the sshd process listening for new connections.
 process 6917 is the privileged monitor process, 6919 is the user owned
 sshd process and 6921 is the shell process.
 
-$Id: README.privsep,v 1.12 2003/08/26 00:48:15 djm Exp $
+$Id: README.privsep,v 1.13 2003/11/21 12:48:55 djm Exp $
diff --git a/README.smartcard b/README.smartcard
index 88810fc83..fdf83ecab 100644
--- a/README.smartcard
+++ b/README.smartcard
@@ -1,7 +1,7 @@
 How to use smartcards with OpenSSH?
 
 OpenSSH contains experimental support for authentication using
-Cyberflex smartcards and TODOS card readers, in addition to the cards 
+Cyberflex smartcards and TODOS card readers, in addition to the cards
 with PKCS#15 structure supported by OpenSC. To enable this you
 need to:
 
@@ -27,8 +27,8 @@ Using libsectok:
         sectok> login -d
         sectok> jload /usr/libdata/ssh/Ssh.bin
         sectok> setpass
-        Enter new AUT0 passphrase: 
-        Re-enter passphrase: 
+        Enter new AUT0 passphrase:
+        Re-enter passphrase:
         sectok> quit
 
         Do not forget the passphrase.  There is no way to
@@ -51,9 +51,9 @@ Using libsectok:
 
         $ sectok
         sectok> login -d
-        sectok> acl 0012 world: w 
-         world: w 
-         AUT0: w inval 
+        sectok> acl 0012 world: w
+         world: w
+         AUT0: w inval
         sectok> quit
 
         If you do this, anyone who has access to your card
@@ -90,4 +90,4 @@ Common operations:
 -markus,
 Tue Jul 17 23:54:51 CEST 2001
 
-$OpenBSD: README.smartcard,v 1.8 2002/03/26 18:56:23 rees Exp $
+$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $
diff --git a/RFC.nroff b/RFC.nroff
index bf7146a70..d6baed652 100644
--- a/RFC.nroff
+++ b/RFC.nroff
@@ -137,7 +137,7 @@ pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting
 authentication agent forwarding, and executing the shell or a command.
 
 When a shell or command is executed, the connection enters interactive
-session mode.  In this mode, data is passed in both directions, 
+session mode.  In this mode, data is passed in both directions,
 new forwarded connections may be opened, etc.  The interactive session
 normally terminates when the server sends the exit status of the
 program to the client.
@@ -372,7 +372,7 @@ previous versions keep the same major protocol version; changes that
 are not compatible increment the major version (which will hopefully
 never happen).  The version described in this document is 1.3.
 
-The client will 
+The client will
 
 .ti 0
 Key Exchange and Server Host Authentication
diff --git a/TODO b/TODO
index bca818523..1b1d03c43 100644
--- a/TODO
+++ b/TODO
@@ -8,7 +8,7 @@ Documentation:
 - Install FAQ?
 
 - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
-  would be best to use them.  
+  would be best to use them.
 
 - Create a Documentation/ directory?
 
@@ -17,7 +17,7 @@ Programming:
 - Grep for 'XXX' comments and fix
 
 - Link order is incorrect for some systems using Kerberos 4 and AFS. Result
-  is multiple inclusion of DES symbols. Holger Trapp 
+  is multiple inclusion of DES symbols. Holger Trapp
   <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
   generated link order from:
         -lresolv -lkrb -lz -lnsl  -lutil -lkafs -lkrb -ldes -lcrypto
@@ -26,12 +26,10 @@ Programming:
   fixing the problem.
 
 - Write a test program that calls stat() to search for EGD/PRNGd socket
-  rather than use the (non-portable) "test -S". 
+  rather than use the (non-portable) "test -S".
 
 - More platforms for for setproctitle() emulation (testing needed)
 
-- Handle changing passwords for the non-PAM expired password case
-
 - Improve PAM support (a pam_lastlog module will cause sshd to exit)
   and maybe support alternate forms of authentications like OPIE via
   pam?
@@ -70,7 +68,7 @@ Clean up configure/makefiles:
   to allow people to (right/wrongfully) link against Bind directly.
 
 - Consider splitting configure.ac into seperate files which do logically
-  similar tests. E.g move all the type detection stuff into one file, 
+  similar tests. E.g move all the type detection stuff into one file,
   entropy related stuff into another.
 
 Packaging:
@@ -86,7 +84,7 @@ PrivSep Issues:
   + /dev/zero solution (Solaris)
   + No/broken MAP_ANON (Irix)
   + broken /dev/zero parse (Linux)
-- PAM 
+- PAM
   + See above PAM notes
 - AIX
   + usrinfo() does not set TTY, but only required for legacy systems.  Works
@@ -96,4 +94,4 @@ PrivSep Issues:
 - Cygwin
   + Privsep for Pre-auth only (no fd passing)
 
-$Id: TODO,v 1.55 2003/06/11 13:56:41 dtucker Exp $
+$Id: TODO,v 1.57 2004/02/11 09:44:13 dtucker Exp $
diff --git a/WARNING.RNG b/WARNING.RNG
index ae43930a7..5d4ea8753 100644
--- a/WARNING.RNG
+++ b/WARNING.RNG
@@ -44,16 +44,16 @@ the specified program.
 
 The random number code will also read and save a seed file to
 ~/.ssh/prng_seed. This contents of this file are added to the random
-number generator at startup. The goal here is to maintain as much 
+number generator at startup. The goal here is to maintain as much
 randomness between sessions as possible.
 
 The default entropy collection code has two main problems:
 
 1. It is slow.
 
-Executing each program in the list can take a large amount of time,   
-especially on slower machines. Additionally some program can take a   
-disproportionate time to execute.                                     
+Executing each program in the list can take a large amount of time,
+especially on slower machines. Additionally some program can take a
+disproportionate time to execute.
 
 Tuning the default entropy collection code is difficult at this point.
 It requires doing 'times ./ssh-rand-helper'  and modifying the
@@ -93,4 +93,4 @@ If you are forced to use ssh-rand-helper consider still downloading
 prngd/egd and configure OpenSSH using --with-prngd-port=xx or
 --with-prngd-socket=xx (refer to INSTALL for more information).
 
-$Id: WARNING.RNG,v 1.5 2002/04/14 13:16:05 djm Exp $
+$Id: WARNING.RNG,v 1.6 2003/11/21 12:48:55 djm Exp $
diff --git a/acconfig.h b/acconfig.h
index 9bfb9b6c9..62252d760 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.166 2003/09/16 01:52:19 dtucker Exp $ */
+/* $Id: acconfig.h,v 1.173 2004/02/06 05:24:31 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -41,6 +41,12 @@
 /* Define if your setregid() is broken */
 #undef BROKEN_SETREGID
 
+/* Define if your setresuid() is broken */
+#undef BROKEN_SETRESUID
+
+/* Define if your setresgid() is broken */
+#undef BROKEN_SETRESGID
+
 /* Define to a Set Process Title type if your system is */
 /* supported by bsd-setproctitle.c */
 #undef SPT_TYPE
@@ -59,6 +65,9 @@
 /* from environment and PATH */
 #undef LOGIN_PROGRAM_FALLBACK
 
+/* Full path of your "passwd" program */
+#undef _PATH_PASSWD_PROG
+
 /* Define if your password has a pw_class field */
 #undef HAVE_PW_CLASS_IN_PASSWD
 
@@ -89,6 +98,9 @@
 /* Define if you have the getuserattr function.  */
 #undef HAVE_GETUSERATTR
 
+/* Define if you have the basename function. */
+#undef HAVE_BASENAME
+
 /* Work around problematic Linux PAM modules handling of PAM_TTY */
 #undef PAM_TTY_KLUDGE
 
@@ -247,6 +259,9 @@
 /* Define this if you are using the Heimdal version of Kerberos V5 */
 #undef HEIMDAL
 
+/* Define this if you want to use libkafs' AFS support */
+#undef USE_AFS
+
 /* Define if you want S/Key support */
 #undef SKEY
 
@@ -415,15 +430,15 @@
 #undef LOCKED_PASSWD_PREFIX
 #undef LOCKED_PASSWD_SUBSTR
 
-/* Define if DNS support is to be activated */
-#undef DNS
-
 /* Define if getrrsetbyname() exists */
 #undef HAVE_GETRRSETBYNAME
 
 /* Define if HEADER.ad exists in arpa/nameser.h */
 #undef HAVE_HEADER_AD
 
+/* Define if your resolver libs need this for getrrsetbyname */
+#undef BIND_8_COMPAT
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */
diff --git a/acss.c b/acss.c
new file mode 100644
index 000000000..9364ba9fe
--- /dev/null
+++ b/acss.c
@@ -0,0 +1,264 @@
+/*      $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+#include <openssl/evp.h>
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L)
+
+#include "acss.h"
+
+/* decryption sbox */
+static unsigned char sboxdec[] = {
+        0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, 
+        0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, 
+        0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, 
+        0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, 
+        0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, 
+        0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, 
+        0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, 
+        0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, 
+        0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, 
+        0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, 
+        0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, 
+        0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, 
+        0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, 
+        0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, 
+        0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, 
+        0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, 
+        0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, 
+        0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, 
+        0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, 
+        0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, 
+        0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, 
+        0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, 
+        0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, 
+        0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, 
+        0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, 
+        0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, 
+        0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, 
+        0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, 
+        0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, 
+        0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, 
+        0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 
+        0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
+};
+
+/* encryption sbox */
+static unsigned char sboxenc[] = {
+        0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
+        0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
+        0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
+        0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
+        0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
+        0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
+        0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
+        0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
+        0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
+        0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
+        0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
+        0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
+        0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
+        0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
+        0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
+        0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
+        0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
+        0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
+        0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
+        0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
+        0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
+        0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
+        0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
+        0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
+        0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
+        0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
+        0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
+        0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
+        0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
+        0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
+        0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
+        0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
+};
+
+static unsigned char reverse[] = {
+        0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, 
+        0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, 
+        0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, 
+        0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, 
+        0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, 
+        0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, 
+        0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, 
+        0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, 
+        0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, 
+        0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, 
+        0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, 
+        0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, 
+        0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, 
+        0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, 
+        0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, 
+        0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, 
+        0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, 
+        0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, 
+        0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, 
+        0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, 
+        0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, 
+        0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, 
+        0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, 
+        0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, 
+        0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, 
+        0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, 
+        0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, 
+        0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, 
+        0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, 
+        0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, 
+        0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, 
+        0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff 
+};
+
+/*
+ * Two linear feedback shift registers are used:
+ *
+ * lfsr17:  polynomial of degree 17, primitive modulo 2 (listed in Schneier)
+ *          x^15 + x + 1
+ * lfsr25:  polynomial of degree 25, not know if primitive modulo 2
+ *          x^13 + x^5 + x^4 + x^1 + 1
+ *
+ * Output bits are discarded, instead the feedback bits are added to produce
+ * the cipher stream.  Depending on the mode, feedback bytes may be inverted
+ * bit-wise before addition.
+ *
+ * The lfsrs are seeded with bytes from the raw key:
+ *
+ * lfsr17:  byte 0[0:7] at bit 9
+ *          byte 1[0:7] at bit 0
+ *
+ * lfsr25:  byte 2[0:4] at bit 16
+ *          byte 2[5:7] at bit 22
+ *          byte 3[0:7] at bit 8
+ *          byte 4[0:7] at bit 0
+ *
+ * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
+ * lfsr25.
+ *
+ */
+
+int
+acss(ACSS_KEY *key, unsigned long len, const unsigned char *in,
+    unsigned char *out)
+{
+        unsigned long i;
+        unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
+
+        lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
+
+        /* keystream is sum of lfsrs */
+        for (i = 0; i < len; i++) {
+                lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
+                key->lfsr17 = (key->lfsr17 >> 8)
+                        ^ (lfsr17tmp << 9)
+                        ^ (lfsr17tmp << 12)
+                        ^ (lfsr17tmp << 15);
+                key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
+
+                lfsr25tmp = key->lfsr25
+                        ^ (key->lfsr25 >> 3)
+                        ^ (key->lfsr25 >> 4)
+                        ^ (key->lfsr25 >> 12);
+                key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
+                key->lfsr25 &= 0x1ffffff;       /* 25 bit LFSR */
+
+                lfsrsumtmp = key->lfsrsum;
+
+                /* addition */
+                switch (key->mode) {
+                case ACSS_AUTHENTICATE:
+                case ACSS_DATA:
+                        key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                case ACSS_SESSIONKEY:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                case ACSS_TITLEKEY:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+                        break;
+                default:
+                        return 1;
+                }
+                key->lfsrsum += (lfsrsumtmp >> 8);
+
+                if (key->encrypt) {
+                        out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
+                } else {
+                        out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
+                }
+        }
+
+        return 0;
+}
+
+static void
+acss_seed(ACSS_KEY *key)
+{
+        int i;
+
+        /* if available, mangle with subkey */
+        if (key->subkey_avilable) {
+                for (i = 0; i < ACSS_KEYSIZE; i++)
+                        key->seed[i] = reverse[key->data[i] ^ key->subkey[i]];
+        } else {
+                for (i = 0; i < ACSS_KEYSIZE; i++)
+                        key->seed[i] = reverse[key->data[i]];
+        }
+
+        /* seed lfsrs */
+        key->lfsr17 = key->seed[1]
+                | (key->seed[0] << 9)
+                | (1 << 8);     /* inject 1 at bit 9 */
+        key->lfsr25 = key->seed[4]
+                | (key->seed[3] << 8)
+                | ((key->seed[2] & 0x1f) << 16)
+                | ((key->seed[2] & 0xe0) << 17)
+                        | (1 << 21);    /* inject 1 at bit 22 */
+
+        key->lfsrsum = 0;
+}
+
+void
+acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode)
+{
+        memcpy(key->data, data, sizeof(key->data));
+        memset(key->subkey, 0, sizeof(key->subkey));
+
+        if (enc != -1)
+                key->encrypt = enc;
+        key->mode = mode;
+        key->subkey_avilable = 0;
+
+        acss_seed(key);
+}
+
+void
+acss_setsubkey(ACSS_KEY *key, const unsigned char *subkey)
+{
+        memcpy(key->subkey, subkey, sizeof(key->subkey));
+        key->subkey_avilable = 1;
+        acss_seed(key);
+}
+#endif
diff --git a/acss.h b/acss.h
new file mode 100644
index 000000000..91b489542
--- /dev/null
+++ b/acss.h
@@ -0,0 +1,47 @@
+/*      $Id: acss.h,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _ACSS_H_
+#define _ACSS_H_
+
+/* 40bit key */
+#define ACSS_KEYSIZE            5
+
+/* modes of acss */
+#define ACSS_AUTHENTICATE       0
+#define ACSS_SESSIONKEY         1
+#define ACSS_TITLEKEY           2
+#define ACSS_DATA               3
+
+typedef struct acss_key_st {
+        unsigned int    lfsr17;         /* current state of lfsrs */
+        unsigned int    lfsr25;
+        unsigned int    lfsrsum;
+        unsigned char   seed[ACSS_KEYSIZE];
+        unsigned char   data[ACSS_KEYSIZE];
+        unsigned char   subkey[ACSS_KEYSIZE];
+        int             encrypt;        /* XXX make these bit flags? */
+        int             mode;
+        int             seeded;
+        int             subkey_avilable;
+} ACSS_KEY;
+
+void acss_setkey(ACSS_KEY *, const unsigned char *, int, int);
+void acss_setsubkey(ACSS_KEY *, const unsigned char *);
+int acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *);
+
+#endif /* ifndef _ACSS_H_ */
diff --git a/auth-chall.c b/auth-chall.c
index 6b7c8bd13..a9d314dd2 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $");
 
 #include "auth.h"
 #include "log.h"
@@ -67,36 +67,38 @@ get_challenge(Authctxt *authctxt)
 int
 verify_response(Authctxt *authctxt, const char *response)
 {
-        char *resp[1];
-        int res;
+        char *resp[1], *name, *info, **prompts;
+        u_int i, numprompts, *echo_on;
+        int authenticated = 0;
 
         if (device == NULL)
                 return 0;
         if (authctxt->kbdintctxt == NULL)
                 return 0;
         resp[0] = (char *)response;
-        res = device->respond(authctxt->kbdintctxt, 1, resp);
-        if (res == 1) {
-                /* postponed - send a null query just in case */
-                char *name, *info, **prompts;
-                u_int i, numprompts, *echo_on;
+        switch (device->respond(authctxt->kbdintctxt, 1, resp)) {
+        case 0: /* Success */
+                authenticated = 1;
+                break;
+        case 1: /* Postponed - retry with empty query for PAM */
+                if ((device->query(authctxt->kbdintctxt, &name, &info,
+                    &numprompts, &prompts, &echo_on)) != 0)
+                        break;
+                if (numprompts == 0 &&
+                    device->respond(authctxt->kbdintctxt, 0, resp) == 0)
+                        authenticated = 1;
 
-                res = device->query(authctxt->kbdintctxt, &name, &info,
-                    &numprompts, &prompts, &echo_on);
-                if (res == 0) {
-                        for (i = 0; i < numprompts; i++)
-                                xfree(prompts[i]);
-                        xfree(prompts);
-                        xfree(name);
-                        xfree(echo_on);
-                        xfree(info);
-                }
-                /* if we received more prompts, we're screwed */
-                res = (numprompts != 0);
+                for (i = 0; i < numprompts; i++)
+                        xfree(prompts[i]);
+                xfree(prompts);
+                xfree(name);
+                xfree(echo_on);
+                xfree(info);
+                break;
         }
         device->free_ctx(authctxt->kbdintctxt);
         authctxt->kbdintctxt = NULL;
-        return res ? 0 : 1;
+        return authenticated;
 }
 void
 abandon_challenge_response(Authctxt *authctxt)
diff --git a/auth-krb5.c b/auth-krb5.c
index 0aa5195b8..859492478 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -40,7 +40,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $");
 #include "auth.h"
 
 #ifdef KRB5
-
 #include <krb5.h>
 
 extern ServerOptions     options;
@@ -50,7 +49,6 @@ krb5_init(void *context)
 {
         Authctxt *authctxt = (Authctxt *)context;
         krb5_error_code problem;
-        static int cleanup_registered = 0;
 
         if (authctxt->krb5_ctx == NULL) {
                 problem = krb5_init_context(&authctxt->krb5_ctx);
@@ -58,10 +56,6 @@ krb5_init(void *context)
                         return (problem);
                 krb5_init_ets(authctxt->krb5_ctx);
         }
-        if (!cleanup_registered) {
-                fatal_add_cleanup(krb5_cleanup_proc, authctxt);
-                cleanup_registered = 1;
-        }
         return (0);
 }
 
@@ -73,11 +67,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
         krb5_principal server;
         char ccname[40];
         int tmpfd;
-#endif  
+#endif
         krb5_error_code problem;
         krb5_ccache ccache = NULL;
 
-        if (authctxt->pw == NULL)
+        if (!authctxt->valid)
                 return (0);
 
         temporarily_use_uid(authctxt->pw);
@@ -102,14 +96,15 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
                 goto out;
 
         restore_uid();
-        
+
         problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
             ccache, password, 1, NULL);
-        
+
         temporarily_use_uid(authctxt->pw);
 
         if (problem)
                 goto out;
+
         problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
             &authctxt->krb5_fwd_ccache);
         if (problem)
@@ -140,21 +135,21 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
         temporarily_use_uid(authctxt->pw);
         if (problem)
                 goto out;
-        
-        if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, 
+
+        if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
                           authctxt->pw->pw_name)) {
                 problem = -1;
                 goto out;
-        } 
+        }
 
         snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-        
+
         if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
                 logit("mkstemp(): %.100s", strerror(errno));
                 problem = errno;
                 goto out;
         }
-        
+
         if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
                 logit("fchmod(): %.100s", strerror(errno));
                 close(tmpfd);
@@ -171,12 +166,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
                                      authctxt->krb5_user);
         if (problem)
                 goto out;
-                                
+
         problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
                                  &creds);
         if (problem)
                 goto out;
-#endif          
+#endif
 
         authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
 
@@ -205,10 +200,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 }
 
 void
-krb5_cleanup_proc(void *context)
+krb5_cleanup_proc(Authctxt *authctxt)
 {
-        Authctxt *authctxt = (Authctxt *)context;
-
         debug("krb5_cleanup_proc called");
         if (authctxt->krb5_fwd_ccache) {
                 krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
diff --git a/auth-pam.c b/auth-pam.c
index b9f82a1d4..397f7d3a8 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,10 +31,14 @@
 
 /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.72.2.2 2003/09/23 09:24:21 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $");
 
 #ifdef USE_PAM
+#if defined(HAVE_SECURITY_PAM_APPL_H)
 #include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
 
 #include "auth.h"
 #include "auth-pam.h"
@@ -53,22 +57,53 @@ RCSID("$Id: auth-pam.c,v 1.72.2.2 2003/09/23 09:24:21 djm Exp $");
 
 extern ServerOptions options;
 extern Buffer loginmsg;
-
-#define __unused
+extern int compat20;
 
 #ifdef USE_POSIX_THREADS
 #include <pthread.h>
 /*
- * Avoid namespace clash when *not* using pthreads for systems *with* 
- * pthreads, which unconditionally define pthread_t via sys/types.h 
+ * Avoid namespace clash when *not* using pthreads for systems *with*
+ * pthreads, which unconditionally define pthread_t via sys/types.h
  * (e.g. Linux)
  */
-typedef pthread_t sp_pthread_t; 
+typedef pthread_t sp_pthread_t;
 #else
+typedef pid_t sp_pthread_t;
+#endif
+
+struct pam_ctxt {
+        sp_pthread_t     pam_thread;
+        int              pam_psock;
+        int              pam_csock;
+        int              pam_done;
+};
+
+static void sshpam_free_ctx(void *);
+static struct pam_ctxt *cleanup_ctxt;
+
+#ifndef USE_POSIX_THREADS
 /*
  * Simulate threads with processes.
  */
-typedef pid_t sp_pthread_t;
+
+static int sshpam_thread_status = -1;
+static mysig_t sshpam_oldsig;
+
+static void 
+sshpam_sigchld_handler(int sig)
+{
+        if (cleanup_ctxt == NULL)
+                return; /* handler called after PAM cleanup, shouldn't happen */
+        if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1)
+                return; /* couldn't wait for process */
+        if (WIFSIGNALED(sshpam_thread_status) &&
+            WTERMSIG(sshpam_thread_status) == SIGTERM)
+                return; /* terminated by pthread_cancel */
+        if (!WIFEXITED(sshpam_thread_status))
+                fatal("PAM: authentication thread exited unexpectedly");
+        if (WEXITSTATUS(sshpam_thread_status) != 0)
+                fatal("PAM: authentication thread exited uncleanly");
+}
 
 static void
 pthread_exit(void *value __unused)
@@ -91,6 +126,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
                 _exit(1);
         default:
                 *thread = pid;
+                sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
                 return (0);
         }
 }
@@ -98,6 +134,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
 static int
 pthread_cancel(sp_pthread_t thread)
 {
+        signal(SIGCHLD, sshpam_oldsig);
         return (kill(thread, SIGTERM));
 }
 
@@ -106,6 +143,9 @@ pthread_join(sp_pthread_t thread, void **value __unused)
 {
         int status;
 
+        if (sshpam_thread_status != -1)
+                return (sshpam_thread_status);
+        signal(SIGCHLD, sshpam_oldsig);
         waitpid(thread, &status, 0);
         return (status);
 }
@@ -115,18 +155,80 @@ pthread_join(sp_pthread_t thread, void **value __unused)
 static pam_handle_t *sshpam_handle = NULL;
 static int sshpam_err = 0;
 static int sshpam_authenticated = 0;
-static int sshpam_new_authtok_reqd = 0;
 static int sshpam_session_open = 0;
 static int sshpam_cred_established = 0;
+static int sshpam_account_status = -1;
+static char **sshpam_env = NULL;
+static int *force_pwchange;
+
+/* Some PAM implementations don't implement this */
+#ifndef HAVE_PAM_GETENVLIST
+static char **
+pam_getenvlist(pam_handle_t *pamh)
+{
+        /*
+         * XXX - If necessary, we can still support envrionment passing
+         * for platforms without pam_getenvlist by searching for known
+         * env vars (e.g. KRB5CCNAME) from the PAM environment.
+         */
+         return NULL;
+}
+#endif
 
-struct pam_ctxt {
-        sp_pthread_t     pam_thread;
-        int              pam_psock;
-        int              pam_csock;
-        int              pam_done;
-};
+void
+pam_password_change_required(int reqd)
+{
+        debug3("%s %d", __func__, reqd);
+        *force_pwchange = reqd;
+        if (reqd) {
+                no_port_forwarding_flag |= 2;
+                no_agent_forwarding_flag |= 2;
+                no_x11_forwarding_flag |= 2;
+        } else {
+                no_port_forwarding_flag &= ~2;
+                no_agent_forwarding_flag &= ~2;
+                no_x11_forwarding_flag &= ~2;
+        }
+}
 
-static void sshpam_free_ctx(void *);
+/* Import regular and PAM environment from subprocess */
+static void
+import_environments(Buffer *b)
+{
+        char *env;
+        u_int i, num_env;
+        int err;
+
+        debug3("PAM: %s entering", __func__);
+
+        /* Import variables set by do_pam_account */
+        sshpam_account_status = buffer_get_int(b);
+        pam_password_change_required(buffer_get_int(b));
+
+        /* Import environment from subprocess */
+        num_env = buffer_get_int(b);
+        sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
+        debug3("PAM: num env strings %d", num_env);
+        for(i = 0; i < num_env; i++)
+                sshpam_env[i] = buffer_get_string(b, NULL);
+
+        sshpam_env[num_env] = NULL;
+
+        /* Import PAM environment from subprocess */
+        num_env = buffer_get_int(b);
+        debug("PAM: num PAM env strings %d", num_env);
+        for(i = 0; i < num_env; i++) {
+                env = buffer_get_string(b, NULL);
+
+#ifdef HAVE_PAM_PUTENV
+                /* Errors are not fatal here */
+                if ((err = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
+                        error("PAM: pam_putenv: %s",
+                            pam_strerror(sshpam_handle, sshpam_err));
+                }
+#endif
+        }
+}
 
 /*
  * Conversation function for authentication thread.
@@ -140,6 +242,7 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
         struct pam_response *reply;
         int i;
 
+        debug3("PAM: %s entering, %d messages", __func__, n);
         *resp = NULL;
 
         ctxt = data;
@@ -154,36 +257,42 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
         for (i = 0; i < n; ++i) {
                 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
                 case PAM_PROMPT_ECHO_OFF:
-                        buffer_put_cstring(&buffer, 
+                        buffer_put_cstring(&buffer,
                             PAM_MSG_MEMBER(msg, i, msg));
-                        ssh_msg_send(ctxt->pam_csock, 
-                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
-                        ssh_msg_recv(ctxt->pam_csock, &buffer);
+                        if (ssh_msg_send(ctxt->pam_csock,
+                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+                                goto fail;
+                        if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
+                                goto fail;
                         if (buffer_get_char(&buffer) != PAM_AUTHTOK)
                                 goto fail;
                         reply[i].resp = buffer_get_string(&buffer, NULL);
                         break;
                 case PAM_PROMPT_ECHO_ON:
-                        buffer_put_cstring(&buffer, 
+                        buffer_put_cstring(&buffer,
                             PAM_MSG_MEMBER(msg, i, msg));
-                        ssh_msg_send(ctxt->pam_csock, 
-                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
-                        ssh_msg_recv(ctxt->pam_csock, &buffer);
+                        if (ssh_msg_send(ctxt->pam_csock,
+                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+                                goto fail;
+                        if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
+                                goto fail;
                         if (buffer_get_char(&buffer) != PAM_AUTHTOK)
                                 goto fail;
                         reply[i].resp = buffer_get_string(&buffer, NULL);
                         break;
                 case PAM_ERROR_MSG:
-                        buffer_put_cstring(&buffer, 
+                        buffer_put_cstring(&buffer,
                             PAM_MSG_MEMBER(msg, i, msg));
-                        ssh_msg_send(ctxt->pam_csock, 
-                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+                        if (ssh_msg_send(ctxt->pam_csock,
+                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+                                goto fail;
                         break;
                 case PAM_TEXT_INFO:
-                        buffer_put_cstring(&buffer, 
+                        buffer_put_cstring(&buffer,
                             PAM_MSG_MEMBER(msg, i, msg));
-                        ssh_msg_send(ctxt->pam_csock, 
-                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+                        if (ssh_msg_send(ctxt->pam_csock,
+                            PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
+                                goto fail;
                         break;
                 default:
                         goto fail;
@@ -214,10 +323,14 @@ sshpam_thread(void *ctxtp)
         Buffer buffer;
         struct pam_conv sshpam_conv;
 #ifndef USE_POSIX_THREADS
+        extern char **environ;
+        char **env_from_pam;
+        u_int i;
         const char *pam_user;
 
         pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
         setproctitle("%s [pam]", pam_user);
+        environ[0] = NULL;
 #endif
 
         sshpam_conv.conv = sshpam_thread_conv;
@@ -231,7 +344,43 @@ sshpam_thread(void *ctxtp)
         sshpam_err = pam_authenticate(sshpam_handle, 0);
         if (sshpam_err != PAM_SUCCESS)
                 goto auth_fail;
+
+        if (compat20) {
+                if (!do_pam_account())
+                        goto auth_fail;
+                if (*force_pwchange) {
+                        sshpam_err = pam_chauthtok(sshpam_handle,
+                            PAM_CHANGE_EXPIRED_AUTHTOK);
+                        if (sshpam_err != PAM_SUCCESS)
+                                goto auth_fail;
+                        pam_password_change_required(0);
+                }
+        }
+
         buffer_put_cstring(&buffer, "OK");
+
+#ifndef USE_POSIX_THREADS
+        /* Export variables set by do_pam_account */
+        buffer_put_int(&buffer, sshpam_account_status);
+        buffer_put_int(&buffer, *force_pwchange);
+
+        /* Export any environment strings set in child */
+        for(i = 0; environ[i] != NULL; i++)
+                ; /* Count */
+        buffer_put_int(&buffer, i);
+        for(i = 0; environ[i] != NULL; i++)
+                buffer_put_cstring(&buffer, environ[i]);
+
+        /* Export any environment strings set by PAM in child */
+        env_from_pam = pam_getenvlist(sshpam_handle);
+        for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
+                ; /* Count */
+        buffer_put_int(&buffer, i);
+        for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
+                buffer_put_cstring(&buffer, env_from_pam[i]);
+#endif /* USE_POSIX_THREADS */
+
+        /* XXX - can't do much about an error here */
         ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
         buffer_free(&buffer);
         pthread_exit(NULL);
@@ -239,37 +388,43 @@ sshpam_thread(void *ctxtp)
  auth_fail:
         buffer_put_cstring(&buffer,
             pam_strerror(sshpam_handle, sshpam_err));
+        /* XXX - can't do much about an error here */
         ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
         buffer_free(&buffer);
         pthread_exit(NULL);
-        
+
         return (NULL); /* Avoid warning for non-pthread case */
 }
 
-static void
-sshpam_thread_cleanup(void *ctxtp)
+void
+sshpam_thread_cleanup(void)
 {
-        struct pam_ctxt *ctxt = ctxtp;
-
-        pthread_cancel(ctxt->pam_thread);
-        pthread_join(ctxt->pam_thread, NULL);
-        close(ctxt->pam_psock);
-        close(ctxt->pam_csock);
+        struct pam_ctxt *ctxt = cleanup_ctxt;
+
+        debug3("PAM: %s entering", __func__);
+        if (ctxt != NULL && ctxt->pam_thread != 0) {
+                pthread_cancel(ctxt->pam_thread);
+                pthread_join(ctxt->pam_thread, NULL);
+                close(ctxt->pam_psock);
+                close(ctxt->pam_csock);
+                memset(ctxt, 0, sizeof(*ctxt));
+                cleanup_ctxt = NULL;
+        }
 }
 
 static int
 sshpam_null_conv(int n, const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
+        debug3("PAM: %s entering, %d messages", __func__, n);
         return (PAM_CONV_ERR);
 }
 
 static struct pam_conv null_conv = { sshpam_null_conv, NULL };
 
-static void
-sshpam_cleanup(void *arg)
+void
+sshpam_cleanup(void)
 {
-        (void)arg;
         debug("PAM: cleanup");
         if (sshpam_handle == NULL)
                 return;
@@ -282,7 +437,7 @@ sshpam_cleanup(void *arg)
                 pam_close_session(sshpam_handle, PAM_SILENT);
                 sshpam_session_open = 0;
         }
-        sshpam_authenticated = sshpam_new_authtok_reqd = 0;
+        sshpam_authenticated = 0;
         pam_end(sshpam_handle, sshpam_err);
         sshpam_handle = NULL;
 }
@@ -300,7 +455,6 @@ sshpam_init(const char *user)
                     PAM_USER, (const void **)&pam_user);
                 if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
                         return (0);
-                fatal_remove_cleanup(sshpam_cleanup, NULL);
                 pam_end(sshpam_handle, sshpam_err);
                 sshpam_handle = NULL;
         }
@@ -321,11 +475,11 @@ sshpam_init(const char *user)
                 return (-1);
         }
 #ifdef PAM_TTY_KLUDGE
-        /*
-         * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
-         * sshd doesn't set the tty until too late in the auth process and 
+        /*
+         * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
+         * sshd doesn't set the tty until too late in the auth process and
          * may not even set one (for tty-less connections)
-         */
+         */
         debug("PAM: setting PAM_TTY to \"ssh\"");
         sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
         if (sshpam_err != PAM_SUCCESS) {
@@ -334,7 +488,6 @@ sshpam_init(const char *user)
                 return (-1);
         }
 #endif
-        fatal_add_cleanup(sshpam_cleanup, NULL);
         return (0);
 }
 
@@ -344,6 +497,7 @@ sshpam_init_ctx(Authctxt *authctxt)
         struct pam_ctxt *ctxt;
         int socks[2];
 
+        debug3("PAM: %s entering", __func__);
         /* Refuse to start if we don't have PAM enabled */
         if (!options.use_pam)
                 return NULL;
@@ -355,7 +509,9 @@ sshpam_init_ctx(Authctxt *authctxt)
         }
 
         ctxt = xmalloc(sizeof *ctxt);
-        ctxt->pam_done = 0;
+        memset(ctxt, 0, sizeof(*ctxt));
+
+        force_pwchange = &(authctxt->force_pwchange);
 
         /* Start the authentication thread */
         if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
@@ -373,7 +529,7 @@ sshpam_init_ctx(Authctxt *authctxt)
                 xfree(ctxt);
                 return (NULL);
         }
-        fatal_add_cleanup(sshpam_thread_cleanup, ctxt);
+        cleanup_ctxt = ctxt;
         return (ctxt);
 }
 
@@ -388,6 +544,7 @@ sshpam_query(void *ctx, char **name, char **info,
         char *msg;
         size_t len;
 
+        debug3("PAM: %s entering", __func__);
         buffer_init(&buffer);
         *name = xstrdup("");
         *info = xstrdup("");
@@ -427,6 +584,7 @@ sshpam_query(void *ctx, char **name, char **info,
                                 **prompts = NULL;
                         }
                         if (type == PAM_SUCCESS) {
+                                import_environments(&buffer);
                                 *num = 0;
                                 **echo_on = 0;
                                 ctxt->pam_done = 1;
@@ -434,6 +592,7 @@ sshpam_query(void *ctx, char **name, char **info,
                                 return (0);
                         }
                         error("PAM: %s", msg);
+                        /* FALLTHROUGH */
                 default:
                         *num = 0;
                         **echo_on = 0;
@@ -452,7 +611,7 @@ sshpam_respond(void *ctx, u_int num, char **resp)
         Buffer buffer;
         struct pam_ctxt *ctxt = ctx;
 
-        debug2("PAM: %s", __func__);
+        debug2("PAM: %s entering, %d responses", __func__, num);
         switch (ctxt->pam_done) {
         case 1:
                 sshpam_authenticated = 1;
@@ -468,7 +627,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
         }
         buffer_init(&buffer);
         buffer_put_cstring(&buffer, *resp);
-        ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer);
+        if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
+                buffer_free(&buffer);
+                return (-1);
+        }
         buffer_free(&buffer);
         return (1);
 }
@@ -478,8 +640,8 @@ sshpam_free_ctx(void *ctxtp)
 {
         struct pam_ctxt *ctxt = ctxtp;
 
-        fatal_remove_cleanup(sshpam_thread_cleanup, ctxt);
-        sshpam_thread_cleanup(ctxtp);
+        debug3("PAM: %s entering", __func__);
+        sshpam_thread_cleanup();
         xfree(ctxt);
         /*
          * We don't call sshpam_cleanup() here because we may need the PAM
@@ -521,29 +683,28 @@ start_pam(const char *user)
 void
 finish_pam(void)
 {
-        fatal_remove_cleanup(sshpam_cleanup, NULL);
-        sshpam_cleanup(NULL);
+        sshpam_cleanup();
 }
 
 u_int
 do_pam_account(void)
 {
+        if (sshpam_account_status != -1)
+                return (sshpam_account_status);
+
         sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
-        debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);
+        debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err);
         
-        if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)
-                return (0);
-
-        if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {
-                sshpam_new_authtok_reqd = 1;
-
-                /* Prevent forwardings until password changed */
-                no_port_forwarding_flag |= 2;
-                no_agent_forwarding_flag |= 2;
-                no_x11_forwarding_flag |= 2;
+        if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
+                sshpam_account_status = 0;
+                return (sshpam_account_status);
         }
 
-        return (1);
+        if (sshpam_err == PAM_NEW_AUTHTOK_REQD)
+                pam_password_change_required(1);
+
+        sshpam_account_status = 1;
+        return (sshpam_account_status);
 }
 
 void
@@ -585,12 +746,6 @@ do_pam_setcred(int init)
                     pam_strerror(sshpam_handle, sshpam_err));
 }
 
-int
-is_pam_password_change_required(void)
-{
-        return (sshpam_new_authtok_reqd);
-}
-
 static int
 pam_tty_conv(int n, const struct pam_message **msg,
     struct pam_response **resp, void *data)
@@ -599,6 +754,8 @@ pam_tty_conv(int n, const struct pam_message **msg,
         struct pam_response *reply;
         int i;
 
+        debug3("PAM: %s called with %d messages", __func__, n);
+
         *resp = NULL;
 
         if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO))
@@ -612,7 +769,7 @@ pam_tty_conv(int n, const struct pam_message **msg,
                 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
                 case PAM_PROMPT_ECHO_OFF:
                         reply[i].resp =
-                            read_passphrase(PAM_MSG_MEMBER(msg, i, msg), 
+                            read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
                             RP_ALLOW_STDIN);
                         reply[i].resp_retcode = PAM_SUCCESS;
                         break;
@@ -715,7 +872,7 @@ void
 do_pam_session(void)
 {
         debug3("PAM: opening session");
-        sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, 
+        sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
             (const void *)&store_conv);
         if (sshpam_err != PAM_SUCCESS)
                 fatal("PAM: failed to set PAM_CONV: %s",
@@ -727,17 +884,16 @@ do_pam_session(void)
         sshpam_session_open = 1;
 }
 
-/* 
+/*
  * Set a PAM environment string. We need to do this so that the session
  * modules can handle things like Kerberos/GSI credentials that appear
  * during the ssh authentication process.
  */
-
 int
-do_pam_putenv(char *name, char *value) 
+do_pam_putenv(char *name, char *value)
 {
         int ret = 1;
-#ifdef HAVE_PAM_PUTENV  
+#ifdef HAVE_PAM_PUTENV
         char *compound;
         size_t len;
 
@@ -752,21 +908,16 @@ do_pam_putenv(char *name, char *value)
         return (ret);
 }
 
-void
-print_pam_messages(void)
+char **
+fetch_pam_child_environment(void)
 {
-        /* XXX */
+        return sshpam_env;
 }
 
 char **
 fetch_pam_environment(void)
 {
-#ifdef HAVE_PAM_GETENVLIST
-        debug("PAM: retrieving environment");
         return (pam_getenvlist(sshpam_handle));
-#else
-        return (NULL);
-#endif
 }
 
 void
diff --git a/auth-pam.h b/auth-pam.h
index 5c952f305..4bc8d6955 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -1,4 +1,4 @@
-/* $Id: auth-pam.h,v 1.21 2003/09/02 13:18:53 djm Exp $ */
+/* $Id: auth-pam.h,v 1.24 2004/02/10 02:23:29 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000 Damien Miller.  All rights reserved.
@@ -37,11 +37,12 @@ u_int do_pam_account(void);
 void do_pam_session(void);
 void do_pam_set_tty(const char *);
 void do_pam_setcred(int );
-int is_pam_password_change_required(void);
 void do_pam_chauthtok(void);
 int do_pam_putenv(char *, char *);
-void print_pam_messages(void);
 char ** fetch_pam_environment(void);
+char ** fetch_pam_child_environment(void);
 void free_pam_environment(char **);
+void sshpam_thread_cleanup(void);
+void sshpam_cleanup(void);
 
 #endif /* USE_PAM */
diff --git a/auth-passwd.c b/auth-passwd.c
index 971c7ba19..b9679abd0 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,19 +36,24 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.31 2004/01/30 09:48:57 markus Exp $");
 
 #include "packet.h"
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
-#ifdef WITH_AIXAUTHENTICATE
-# include "buffer.h"
-# include "canohost.h"
-extern Buffer loginmsg;
-#endif
+#include "auth-options.h"
 
 extern ServerOptions options;
+int sys_auth_passwd(Authctxt *, const char *);
+
+void
+disable_forwarding(void)
+{
+        no_port_forwarding_flag = 1;
+        no_agent_forwarding_flag = 1;
+        no_x11_forwarding_flag = 1;
+}
 
 /*
  * Tries to authenticate the user using password.  Returns true if
@@ -59,29 +64,31 @@ auth_password(Authctxt *authctxt, const char *password)
 {
         struct passwd * pw = authctxt->pw;
         int ok = authctxt->valid;
+        static int expire_checked = 0;
 
-        /* deny if no user. */
-        if (pw == NULL)
-                return 0;
 #ifndef HAVE_CYGWIN
-        if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+        if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
                 ok = 0;
 #endif
         if (*password == '\0' && options.permit_empty_passwd == 0)
                 return 0;
 
 #if defined(HAVE_OSF_SIA)
+        /*
+         * XXX: any reason this is before krb?  could be moved to
+         * sys_auth_passwd()?  -dt
+         */
         return auth_sia_password(authctxt, password) && ok;
-#else
-# ifdef KRB5
+#endif
+#ifdef KRB5
         if (options.kerberos_authentication == 1) {
                 int ret = auth_krb5_password(authctxt, password);
                 if (ret == 1 || ret == 0)
                         return ret && ok;
                 /* Fall back to ordinary passwd authentication. */
         }
-# endif
-# ifdef HAVE_CYGWIN
+#endif
+#ifdef HAVE_CYGWIN
         if (is_winnt) {
                 HANDLE hToken = cygwin_logon_user(pw, password);
 
@@ -90,74 +97,60 @@ auth_password(Authctxt *authctxt, const char *password)
                 cygwin_set_impersonation_token(hToken);
                 return ok;
         }
-# endif
-# ifdef WITH_AIXAUTHENTICATE
-        {
-                char *authmsg = NULL;
-                int reenter = 1;
-                int authsuccess = 0;
-
-                if (authenticate(pw->pw_name, password, &reenter,
-                    &authmsg) == 0 && ok) {
-                        char *msg;
-                        char *host = 
-                            (char *)get_canonical_hostname(options.use_dns);
-
-                        authsuccess = 1;
-                        aix_remove_embedded_newlines(authmsg);  
-
-                        debug3("AIX/authenticate succeeded for user %s: %.100s",
-                                pw->pw_name, authmsg);
-
-                        /* No pty yet, so just label the line as "ssh" */
-                        aix_setauthdb(authctxt->user);
-                        if (loginsuccess(authctxt->user, host, "ssh", 
-                            &msg) == 0) {
-                                if (msg != NULL) {
-                                        debug("%s: msg %s", __func__, msg);
-                                        buffer_append(&loginmsg, msg, 
-                                            strlen(msg));
-                                        xfree(msg);
-                                }
-                        }
-                } else {
-                        debug3("AIX/authenticate failed for user %s: %.100s",
-                            pw->pw_name, authmsg);
+#endif
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+        if (!expire_checked) {
+                expire_checked = 1;
+                if (auth_shadow_pwexpired(authctxt)) {
+                        disable_forwarding();
+                        authctxt->force_pwchange = 1;
                 }
+        }
+#endif
+                
+        return (sys_auth_passwd(authctxt, password) && ok);
+}
 
-                if (authmsg != NULL)
-                        xfree(authmsg);
-
-                return authsuccess;
+#ifdef BSD_AUTH
+int
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+        struct passwd *pw = authctxt->pw;
+        auth_session_t *as;
+
+        as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
+            (char *)password);
+        if (auth_getstate(as) & AUTH_PWEXPIRED) {
+                auth_close(as);
+                disable_forwarding();
+                authctxt->force_pwchange = 1;
+                return (1);
+        } else {
+                return (auth_close(as));
         }
-# endif
-# ifdef BSD_AUTH
-        if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
-            (char *)password) == 0)
-                return 0;
-        else
-                return ok;
-# else
-        {
+}
+#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
+int
+sys_auth_passwd(Authctxt *authctxt, const char *password)
+{
+        struct passwd *pw = authctxt->pw;
+        char *encrypted_password;
+
         /* Just use the supplied fake password if authctxt is invalid */
         char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
 
         /* Check for users with no password. */
         if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
-                return ok;
-        else {
-                /* Encrypt the candidate password using the proper salt. */
-                char *encrypted_password = xcrypt(password,
-                    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
+                return (1);
 
-                /*
-                 * Authentication is accepted if the encrypted passwords
-                 * are identical.
-                 */
-                return (strcmp(encrypted_password, pw_password) == 0) && ok;
-        }
+        /* Encrypt the candidate password using the proper salt. */
+        encrypted_password = xcrypt(password,
+            (pw_password[0] && pw_password[1]) ? pw_password : "xx");
 
-        }
-# endif
-#endif /* !HAVE_OSF_SIA */
+        /*
+         * Authentication is accepted if the encrypted passwords
+         * are identical.
+         */
+        return (strcmp(encrypted_password, pw_password) == 0);
 }
+#endif
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 2eb7e6e2d..29eb538ec 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost,
  * its host key.  Returns true if authentication succeeds.
  */
 int
-auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key)
+auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
 {
         char *chost;
+        struct passwd *pw = authctxt->pw;
 
         debug("Trying rhosts with RSA host authentication for client user %.100s",
             cuser);
 
-        if (pw == NULL || client_host_key == NULL ||
+        if (!authctxt->valid || client_host_key == NULL ||
             client_host_key->rsa == NULL)
                 return 0;
 
diff --git a/auth-rhosts.c b/auth-rhosts.c
index b42a64c90..585246e82 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
         debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s",
             client_user, hostname, ipaddr);
 
-        /* no user given */
-        if (pw == NULL)
-                return 0;
-
         /* Switch to the user's uid. */
         temporarily_use_uid(pw);
         /*
diff --git a/auth-rsa.c b/auth-rsa.c
index 5631d238c..2f0746b30 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/md5.h>
@@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
  * successful.  This may exit if there is a serious protocol violation.
  */
 int
-auth_rsa(struct passwd *pw, BIGNUM *client_n)
+auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
 {
         Key *key;
         char *fp;
+        struct passwd *pw = authctxt->pw;
 
         /* no user given */
-        if (pw == NULL)
+        if (!authctxt->valid)
                 return 0;
 
         if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) {
diff --git a/auth-shadow.c b/auth-shadow.c
new file mode 100644
index 000000000..a85442d72
--- /dev/null
+++ b/auth-shadow.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2004 Darren Tucker.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$Id: auth-shadow.c,v 1.5 2004/02/21 23:22:05 dtucker Exp $");
+
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+#include <shadow.h>
+
+#include "auth.h"
+#include "buffer.h"
+#include "log.h"
+
+#define DAY     (24L * 60 * 60) /* 1 day in seconds */
+
+extern Buffer loginmsg;
+
+/*
+ * For the account and password expiration functions, we assume the expiry
+ * occurs the day after the day specified.
+ */
+
+/*
+ * Check if specified account is expired.  Returns 1 if account is expired,
+ * 0 otherwise.
+ */
+int
+auth_shadow_acctexpired(struct spwd *spw)
+{
+        time_t today;
+        int daysleft;
+        char buf[256];
+
+        today = time(NULL) / DAY;
+        daysleft = spw->sp_expire - today;
+        debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today,
+            (int)spw->sp_expire, daysleft);
+
+        if (spw->sp_expire == -1) {
+                debug3("account expiration disabled");
+        } else if (daysleft < 0) {
+                logit("Account %.100s has expired", spw->sp_namp);
+                return 1;
+        } else if (daysleft <= spw->sp_warn) {
+                debug3("account will expire in %d days", daysleft);
+                snprintf(buf, sizeof(buf),
+                    "Your account will expire in %d day%s.\n", daysleft,
+                    daysleft == 1 ? "" : "s");
+                buffer_append(&loginmsg, buf, strlen(buf));
+        }
+
+        return 0;
+}
+
+/*
+ * Checks password expiry for platforms that use shadow passwd files.
+ * Returns: 1 = password expired, 0 = password not expired
+ */
+int
+auth_shadow_pwexpired(Authctxt *ctxt)
+{
+        struct spwd *spw = NULL;
+        const char *user = ctxt->pw->pw_name;
+        char buf[256];
+        time_t today;
+        int daysleft, disabled = 0;
+
+        if ((spw = getspnam((char *)user)) == NULL) {
+                error("Could not get shadow information for %.100s", user);
+                return 0;
+        }
+
+        today = time(NULL) / DAY;
+        debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today,
+            (int)spw->sp_lstchg, (int)spw->sp_max);
+
+#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+        if (iscomsec()) {
+                struct pr_passwd *pr;
+                       
+                pr = getprpwnam((char *)user);
+
+                /* Test for Trusted Mode expiry disabled */
+                if (pr != NULL && pr->ufld.fd_min == 0 &&
+                    pr->ufld.fd_lifetime == 0 && pr->ufld.fd_expire == 0 &&
+                    pr->ufld.fd_pw_expire_warning == 0 &&
+                    pr->ufld.fd_schange != 0)
+                        disabled = 1;
+        }
+#endif
+
+        /* TODO: check sp_inact */
+        daysleft = spw->sp_lstchg + spw->sp_max - today;
+        if (disabled) {
+                debug3("password expiration disabled");
+        } else if (spw->sp_lstchg == 0) {
+                logit("User %.100s password has expired (root forced)", user);
+                return 1;
+        } else if (spw->sp_max == -1) {
+                debug3("password expiration disabled");
+        } else if (daysleft < 0) {
+                logit("User %.100s password has expired (password aged)", user);
+                return 1;
+        } else if (daysleft <= spw->sp_warn) {
+                debug3("password will expire in %d days", daysleft);
+                snprintf(buf, sizeof(buf),
+                    "Your password will expire in %d day%s.\n", daysleft,
+                    daysleft == 1 ? "" : "s");
+                buffer_append(&loginmsg, buf, strlen(buf));
+        }
+
+        return 0;
+}
+#endif  /* USE_SHADOW && HAS_SHADOW_EXPIRE */
diff --git a/auth-sia.c b/auth-sia.c
index cae5f0912..cd2dcb840 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -31,6 +31,7 @@
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "uidswap.h"
 
 #include <sia.h>
 #include <siad.h>
@@ -83,7 +84,7 @@ session_setup_sia(struct passwd *pw, char *tty)
 
         host = get_canonical_hostname(options.use_dns);
 
-        if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 
+        if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
             tty, 0, NULL) != SIASUCCESS)
                 fatal("sia_ses_init failed");
 
@@ -100,11 +101,11 @@ session_setup_sia(struct passwd *pw, char *tty)
         if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
                 fatal("Couldn't launch session for %s from %s",
                     pw->pw_name, host);
-        
+
         sia_ses_release(&ent);
 
-        if (setreuid(geteuid(), geteuid()) < 0)
-                fatal("setreuid: %s", strerror(errno));
+        setuid(0);
+        permanently_set_uid(pw);
 }
 
 #endif /* HAVE_OSF_SIA */
diff --git a/auth.c b/auth.c
index 46e495adf..6d999221c 100644
--- a/auth.c
+++ b/auth.c
@@ -23,14 +23,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.49 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
 #endif
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
 #include <shadow.h>
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif
 
 #ifdef HAVE_LIBGEN_H
 #include <libgen.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
         const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
         char *shell;
         int i;
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
         struct spwd *spw = NULL;
 #endif
 
@@ -84,53 +84,24 @@ allowed_user(struct passwd * pw)
         if (!pw || !pw->pw_name)
                 return 0;
 
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#ifdef USE_SHADOW
         if (!options.use_pam)
                 spw = getspnam(pw->pw_name);
 #ifdef HAS_SHADOW_EXPIRE
-#define DAY             (24L * 60 * 60) /* 1 day in seconds */
-        if (!options.use_pam && spw != NULL) {
-                time_t today;
-
-                today = time(NULL) / DAY;
-                debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
-                    " sp_max %d", (int)today, (int)spw->sp_expire,
-                    (int)spw->sp_lstchg, (int)spw->sp_max);
-
-                /*
-                 * We assume account and password expiration occurs the
-                 * day after the day specified.
-                 */
-                if (spw->sp_expire != -1 && today > spw->sp_expire) {
-                        logit("Account %.100s has expired", pw->pw_name);
-                        return 0;
-                }
-
-                if (spw->sp_lstchg == 0) {
-                        logit("User %.100s password has expired (root forced)",
-                            pw->pw_name);
-                        return 0;
-                }
-
-                if (spw->sp_max != -1 &&
-                    today > spw->sp_lstchg + spw->sp_max) {
-                        logit("User %.100s password has expired (password aged)",
-                            pw->pw_name);
-                        return 0;
-                }
-        }
+        if (!options.use_pam && spw != NULL && auth_shadow_acctexpired(spw))
+                return 0;
 #endif /* HAS_SHADOW_EXPIRE */
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#endif /* USE_SHADOW */
 
-        /* grab passwd field for locked account check */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+        /* grab passwd field for locked account check */
+#ifdef USE_SHADOW
         if (spw != NULL)
                 passwd = spw->sp_pwdp;
 #else
         passwd = pw->pw_passwd;
 #endif
 
-        /* check for locked account */ 
+        /* check for locked account */
         if (!options.use_pam && passwd && *passwd) {
                 int locked = 0;
 
@@ -242,7 +213,7 @@ allowed_user(struct passwd * pw)
         if ((pw->pw_uid != 0) && (geteuid() == 0)) {
                 char *msg;
 
-                if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
+                if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
                         int loginrestrict_errno = errno;
 
                         if (msg && *msg) {
@@ -252,7 +223,7 @@ allowed_user(struct passwd * pw)
                                     pw->pw_name, msg);
                         }
                         /* Don't fail if /etc/nologin  set */
-                        if (!(loginrestrict_errno == EPERM && 
+                        if (!(loginrestrict_errno == EPERM &&
                             stat(_PATH_NOLOGIN, &st) == 0))
                                 return 0;
                 }
@@ -263,14 +234,6 @@ allowed_user(struct passwd * pw)
         return 1;
 }
 
-Authctxt *
-authctxt_new(void)
-{
-        Authctxt *authctxt = xmalloc(sizeof(*authctxt));
-        memset(authctxt, 0, sizeof(*authctxt));
-        return authctxt;
-}
-
 void
 auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
 {
@@ -598,7 +561,7 @@ fakepw(void)
         memset(&fake, 0, sizeof(fake));
         fake.pw_name = "NOUSER";
         fake.pw_passwd =
-            "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";     
+            "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
         fake.pw_gecos = "NOUSER";
         fake.pw_uid = -1;
         fake.pw_gid = -1;
diff --git a/auth.h b/auth.h
index beaacb8bc..de2222aaa 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: auth.h,v 1.46 2003/08/28 12:54:34 markus Exp $        */
+/*      $OpenBSD: auth.h,v 1.49 2004/01/30 09:48:57 markus Exp $        */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -52,6 +52,7 @@ struct Authctxt {
         int              valid;         /* user exists and is allowed to login */
         int              attempt;
         int              failures;
+        int              force_pwchange;
         char            *user;          /* username sent by the client */
         char            *service;
         struct passwd   *pw;            /* set if 'valid' */
@@ -102,9 +103,9 @@ int      auth_rhosts(struct passwd *, const char *);
 int
 auth_rhosts2(struct passwd *, const char *, const char *, const char *);
 
-int      auth_rhosts_rsa(struct passwd *, char *, Key *);
+int      auth_rhosts_rsa(Authctxt *, char *, Key *);
 int      auth_password(Authctxt *, const char *);
-int      auth_rsa(struct passwd *, BIGNUM *);
+int      auth_rsa(Authctxt *, BIGNUM *);
 int      auth_rsa_challenge_dialog(Key *);
 BIGNUM  *auth_rsa_generate_challenge(Key *);
 int      auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
@@ -118,15 +119,21 @@ int	 user_key_allowed(struct passwd *, Key *);
 int     auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
 int     auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
 int     auth_krb5_password(Authctxt *authctxt, const char *password);
-void    krb5_cleanup_proc(void *authctxt);
+void    krb5_cleanup_proc(Authctxt *authctxt);
 #endif /* KRB5 */
 
+#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+#include <shadow.h>
+int auth_shadow_acctexpired(struct spwd *);
+int auth_shadow_pwexpired(Authctxt *);
+#endif
+
 #include "auth-pam.h"
+void disable_forwarding(void);
 
-Authctxt *do_authentication(void);
-Authctxt *do_authentication2(void);
+void    do_authentication(Authctxt *);
+void    do_authentication2(Authctxt *);
 
-Authctxt *authctxt_new(void);
 void    auth_log(Authctxt *, int, char *, char *);
 void    userauth_finish(Authctxt *, int, char *);
 int     auth_root_allowed(char *);
@@ -149,8 +156,6 @@ char	*get_challenge(Authctxt *);
 int     verify_response(Authctxt *, const char *);
 void    abandon_challenge_response(Authctxt *);
 
-struct passwd * auth_get_user(void);
-
 char    *expand_filename(const char *, struct passwd *);
 char    *authorized_keys_file(struct passwd *);
 char    *authorized_keys_file2(struct passwd *);
diff --git a/auth1.c b/auth1.c
index dfe944dd1..82fe5fb80 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt)
                                     BN_num_bits(client_host_key->rsa->n), bits);
                         packet_check_eom();
 
-                        authenticated = auth_rhosts_rsa(pw, client_user,
+                        authenticated = auth_rhosts_rsa(authctxt, client_user,
                             client_host_key);
                         key_free(client_host_key);
 
@@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt)
                                 fatal("do_authloop: BN_new failed");
                         packet_get_bignum(n);
                         packet_check_eom();
-                        authenticated = auth_rsa(pw, n);
+                        authenticated = auth_rsa(authctxt, n);
                         BN_clear_free(n);
                         break;
 
@@ -235,7 +235,7 @@ do_authloop(Authctxt *authctxt)
                 if (authenticated &&
                     !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
                         packet_disconnect("Authentication rejected for uid %d.",
-                        pw == NULL ? -1 : pw->pw_uid);
+                            pw == NULL ? -1 : pw->pw_uid);
                         authenticated = 0;
                 }
 #else
@@ -246,7 +246,7 @@ do_authloop(Authctxt *authctxt)
 #endif
 
 #ifdef USE_PAM
-                if (options.use_pam && authenticated && 
+                if (options.use_pam && authenticated &&
                     !PRIVSEP(do_pam_account()))
                         authenticated = 0;
 #endif
@@ -275,10 +275,9 @@ do_authloop(Authctxt *authctxt)
  * Performs authentication of an incoming connection.  Session key has already
  * been exchanged and encryption is enabled.
  */
-Authctxt *
-do_authentication(void)
+void
+do_authentication(Authctxt *authctxt)
 {
-        Authctxt *authctxt;
         u_int ulen;
         char *user, *style = NULL;
 
@@ -292,7 +291,6 @@ do_authentication(void)
         if ((style = strchr(user, ':')) != NULL)
                 *style++ = '\0';
 
-        authctxt = authctxt_new();
         authctxt->user = user;
         authctxt->style = style;
 
@@ -332,6 +330,4 @@ do_authentication(void)
         packet_start(SSH_SMSG_SUCCESS);
         packet_send();
         packet_write_wait();
-
-        return (authctxt);
 }
diff --git a/auth2-gss.c b/auth2-gss.c
index 75b94b009..9249988d3 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: auth2-gss.c,v 1.3 2003/09/01 20:44:54 markus Exp $    */
+/*      $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $       */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -43,6 +43,7 @@
 extern ServerOptions options;
 
 static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
+static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
 static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
 static void input_gssapi_errtok(int, u_int32_t, void *);
 
@@ -78,17 +79,19 @@ userauth_gssapi(Authctxt *authctxt)
                 if (doid)
                         xfree(doid);
 
+                present = 0;
                 doid = packet_get_string(&len);
 
-                if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
-                        logit("Mechanism OID received using the old encoding form");
-                        oid.elements = doid;
-                        oid.length = len;
-                } else {
+                if (len > 2 &&
+                   doid[0] == SSH_GSS_OIDTYPE &&
+                   doid[1] == len - 2) {
                         oid.elements = doid + 2;
                         oid.length   = len - 2;
+                        gss_test_oid_set_member(&ms, &oid, supported,
+                            &present);
+                } else {
+                        logit("Badly formed OID received");
                 }
-                gss_test_oid_set_member(&ms, &oid, supported, &present);
         } while (mechs > 0 && !present);
 
         gss_release_oid_set(&ms, &supported);
@@ -107,7 +110,7 @@ userauth_gssapi(Authctxt *authctxt)
 
         packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
 
-        /* Return OID in same format as we received it*/
+        /* Return the OID that we received */
         packet_put_string(doid, len);
 
         packet_send();
@@ -127,7 +130,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
         Gssctxt *gssctxt;
         gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
         gss_buffer_desc recv_tok;
-        OM_uint32 maj_status, min_status;
+        OM_uint32 maj_status, min_status, flags;
         u_int len;
 
         if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
@@ -140,7 +143,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
         packet_check_eom();
 
         maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
-            &send_tok, NULL));
+            &send_tok, &flags));
 
         xfree(recv_tok.value);
 
@@ -152,7 +155,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
                 }
                 authctxt->postponed = 0;
                 dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-                userauth_finish(authctxt, 0, "gssapi");
+                userauth_finish(authctxt, 0, "gssapi-with-mic");
         } else {
                 if (send_tok.length != 0) {
                         packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
@@ -161,8 +164,13 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
                 }
                 if (maj_status == GSS_S_COMPLETE) {
                         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-                        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
-                                     &input_gssapi_exchange_complete);
+                        if (flags & GSS_C_INTEG_FLAG)
+                                dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC,
+                                    &input_gssapi_mic);
+                        else
+                                dispatch_set(
+                                    SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
+                                    &input_gssapi_exchange_complete);
                 }
         }
 
@@ -222,9 +230,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
         gssctxt = authctxt->methoddata;
 
         /*
-         * We don't need to check the status, because the stored credentials
-         * which userok uses are only populated once the context init step
-         * has returned complete.
+         * We don't need to check the status, because we're only enabled in
+         * the dispatcher once the exchange is complete
          */
 
         packet_check_eom();
@@ -234,12 +241,53 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
         authctxt->postponed = 0;
         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
+        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+        userauth_finish(authctxt, authenticated, "gssapi-with-mic");
+}
+
+static void
+input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
+{
+        Authctxt *authctxt = ctxt;
+        Gssctxt *gssctxt;
+        int authenticated = 0;
+        Buffer b;
+        gss_buffer_desc mic, gssbuf;
+        u_int len;
+
+        if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+                fatal("No authentication or GSSAPI context");
+
+        gssctxt = authctxt->methoddata;
+
+        mic.value = packet_get_string(&len);
+        mic.length = len;
+
+        ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
+            "gssapi-with-mic");
+
+        gssbuf.value = buffer_ptr(&b);
+        gssbuf.length = buffer_len(&b);
+
+        if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
+                authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
+        else
+                logit("GSSAPI MIC check failed");
+
+        buffer_free(&b);
+        xfree(mic.value);
+
+        authctxt->postponed = 0;
+        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+        dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL);
         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
-        userauth_finish(authctxt, authenticated, "gssapi");
+        userauth_finish(authctxt, authenticated, "gssapi-with-mic");
 }
 
 Authmethod method_gssapi = {
-        "gssapi",
+        "gssapi-with-mic",
         userauth_gssapi,
         &options.gss_authentication
 };
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 505d3eff4..1111ed67a 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-hostbased.c,v 1.5 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: auth2-hostbased.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -114,7 +114,7 @@ userauth_hostbased(Authctxt *authctxt)
                         buffer_len(&b))) == 1)
                 authenticated = 1;
 
-        buffer_clear(&b);
+        buffer_free(&b);
 done:
         debug2("userauth_hostbased: authenticated %d", authenticated);
         if (key != NULL)
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 67fb4c921..a4f482d2e 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -38,16 +38,24 @@ extern ServerOptions options;
 static int
 userauth_passwd(Authctxt *authctxt)
 {
-        char *password;
+        char *password, *newpass;
         int authenticated = 0;
         int change;
-        u_int len;
+        u_int len, newlen;
+
         change = packet_get_char();
-        if (change)
-                logit("password change not supported");
         password = packet_get_string(&len);
+        if (change) {
+                /* discard new password from packet */
+                newpass = packet_get_string(&newlen);
+                memset(newpass, 0, newlen);
+                xfree(newpass);
+        }
         packet_check_eom();
-        if (PRIVSEP(auth_password(authctxt, password)) == 1
+
+        if (change)
+                logit("password change not supported");
+        else if (PRIVSEP(auth_password(authctxt, password)) == 1
 #ifdef HAVE_CYGWIN
             && check_nt_auth(1, authctxt->pw)
 #endif
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d51e939f1..3063eecc3 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.6 2004/01/19 21:25:15 markus Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -123,9 +123,9 @@ userauth_pubkey(Authctxt *authctxt)
                 authenticated = 0;
                 if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
                     PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-                                buffer_len(&b))) == 1)
+                    buffer_len(&b))) == 1)
                         authenticated = 1;
-                buffer_clear(&b);
+                buffer_free(&b);
                 xfree(sig);
         } else {
                 debug("test whether pkalg/pkblob are acceptable");
@@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
         Key *found;
         char *fp;
 
-        if (pw == NULL)
-                return 0;
-
         /* Temporarily use the user's uid. */
         temporarily_use_uid(pw);
 
diff --git a/auth2.c b/auth2.c
index 41e77efdc..a9490ccfd 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $");
 
 #include "ssh2.h"
 #include "xmalloc.h"
@@ -45,8 +45,6 @@ extern ServerOptions options;
 extern u_char *session_id2;
 extern u_int session_id2_len;
 
-Authctxt *x_authctxt = NULL;
-
 /* methods */
 
 extern Authmethod method_none;
@@ -79,19 +77,14 @@ static void input_userauth_request(int, u_int32_t, void *);
 static Authmethod *authmethod_lookup(const char *);
 static char *authmethods_get(void);
 int user_key_allowed(struct passwd *, Key *);
-int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 
 /*
  * loop until authctxt->success == TRUE
  */
 
-Authctxt *
-do_authentication2(void)
+void
+do_authentication2(Authctxt *authctxt)
 {
-        Authctxt *authctxt = authctxt_new();
-
-        x_authctxt = authctxt;          /*XXX*/
-
         /* challenge-response is implemented via keyboard interactive */
         if (options.challenge_response_authentication)
                 options.kbd_interactive_authentication = 1;
@@ -99,8 +92,6 @@ do_authentication2(void)
         dispatch_init(&dispatch_protocol_error);
         dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
         dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
-
-        return (authctxt);
 }
 
 static void
@@ -264,14 +255,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
         }
 }
 
-/* get current user */
-
-struct passwd*
-auth_get_user(void)
-{
-        return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL;
-}
-
 #define DELIM   ","
 
 static char *
diff --git a/authfd.c b/authfd.c
index c78db6d94..42ca08256 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.63 2003/11/21 11:57:03 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -114,7 +114,8 @@ ssh_get_authentication_socket(void)
 static int
 ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
 {
-        int l, len;
+        int l;
+        u_int len;
         char buf[1024];
 
         /* Get the length of the message, and format it in the buffer. */
@@ -147,7 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
         /* Extract the length, and check it for sanity. */
         len = GET_32BIT(buf);
         if (len > 256 * 1024)
-                fatal("Authentication response too long: %d", len);
+                fatal("Authentication response too long: %u", len);
 
         /* Read the rest of the response in to the buffer. */
         buffer_clear(reply);
@@ -292,7 +293,7 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version)
 
         /* Get the number of entries in the response and check it for sanity. */
         auth->howmany = buffer_get_int(&auth->identities);
-        if (auth->howmany > 1024)
+        if ((u_int)auth->howmany > 1024)
                 fatal("Too many identities in authentication reply: %d",
                     auth->howmany);
 
@@ -589,7 +590,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
 }
 
 int
-ssh_update_card(AuthenticationConnection *auth, int add, 
+ssh_update_card(AuthenticationConnection *auth, int add,
     const char *reader_id, const char *pin, u_int life, u_int confirm)
 {
         Buffer msg;
@@ -606,7 +607,7 @@ ssh_update_card(AuthenticationConnection *auth, int add,
         buffer_put_char(&msg, type);
         buffer_put_cstring(&msg, reader_id);
         buffer_put_cstring(&msg, pin);
-        
+
         if (constrained) {
                 if (life != 0) {
                         buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
diff --git a/authfd.h b/authfd.h
index 74b825c51..0a6a4e3ec 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */
+/*      $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -83,7 +83,7 @@ int	 ssh_add_identity_constrained(AuthenticationConnection *, Key *,
 int      ssh_remove_identity(AuthenticationConnection *, Key *);
 int      ssh_remove_all_identities(AuthenticationConnection *, int);
 int      ssh_lock_agent(AuthenticationConnection *, int, const char *);
-int      ssh_update_card(AuthenticationConnection *, int, const char *, 
+int      ssh_update_card(AuthenticationConnection *, int, const char *,
     const char *, u_int, u_int);
 
 int
diff --git a/authfile.c b/authfile.c
index 1f46093e3..83ddd635f 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.54 2003/05/24 09:30:39 djm Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.55 2003/09/18 07:56:05 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -143,6 +143,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
         fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
         if (fd < 0) {
                 error("open %s failed: %s.", filename, strerror(errno));
+                buffer_free(&encrypted);
                 return 0;
         }
         if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
diff --git a/bufaux.c b/bufaux.c
index 37cc27ff6..bf148316d 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.32 2004/02/23 15:12:46 markus Exp $");
 
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -50,7 +50,7 @@ RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
  * by (bits+7)/8 bytes of binary data, msb first.
  */
 void
-buffer_put_bignum(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 {
         int bits = BN_num_bits(value);
         int bin_size = (bits + 7) / 8;
@@ -80,7 +80,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
 void
 buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 {
-        int bits, bytes;
+        u_int bits, bytes;
         u_char buf[2], *bin;
 
         /* Get the number for bits. */
@@ -101,48 +101,49 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
  * Stores an BIGNUM in the buffer in SSH2 format.
  */
 void
-buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
+buffer_put_bignum2(Buffer *buffer, const BIGNUM *value)
 {
-        int bytes = BN_num_bytes(value) + 1;
-        u_char *buf = xmalloc(bytes);
+        u_int bytes;
+        u_char *buf;
         int oi;
-        int hasnohigh = 0;
+        u_int hasnohigh = 0;
 
+        if (BN_is_zero(value)) {
+                buffer_put_int(buffer, 0);
+                return;
+        }
+        if (value->neg)
+                fatal("buffer_put_bignum2: negative numbers not supported");
+        bytes = BN_num_bytes(value) + 1; /* extra padding byte */
+        if (bytes < 2)
+                fatal("buffer_put_bignum2: BN too small");
+        buf = xmalloc(bytes);
         buf[0] = '\0';
         /* Get the value of in binary */
         oi = BN_bn2bin(value, buf+1);
         if (oi != bytes-1)
-                fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
-                    oi, bytes);
+                fatal("buffer_put_bignum2: BN_bn2bin() failed: "
+                    "oi %d != bin_size %d", oi, bytes);
         hasnohigh = (buf[1] & 0x80) ? 0 : 1;
-        if (value->neg) {
-                /**XXX should be two's-complement */
-                int i, carry;
-                u_char *uc = buf;
-                logit("negativ!");
-                for (i = bytes-1, carry = 1; i>=0; i--) {
-                        uc[i] ^= 0xff;
-                        if (carry)
-                                carry = !++uc[i];
-                }
-        }
         buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
         memset(buf, 0, bytes);
         xfree(buf);
 }
 
-/* XXX does not handle negative BNs */
 void
 buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
 {
         u_int len;
         u_char *bin = buffer_get_string(buffer, &len);
 
+        if (len > 0 && (bin[0] & 0x80))
+                fatal("buffer_get_bignum2: negative numbers not supported");
         if (len > 8 * 1024)
                 fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
         BN_bin2bn(bin, len, value);
         xfree(bin);
 }
+
 /*
  * Returns integers from the buffer (msb first).
  */
diff --git a/bufaux.h b/bufaux.h
index 935553579..61c72e353 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bufaux.h,v 1.18 2002/04/20 09:14:58 markus Exp $      */
+/*      $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,8 +18,8 @@
 #include "buffer.h"
 #include <openssl/bn.h>
 
-void    buffer_put_bignum(Buffer *, BIGNUM *);
-void    buffer_put_bignum2(Buffer *, BIGNUM *);
+void    buffer_put_bignum(Buffer *, const BIGNUM *);
+void    buffer_put_bignum2(Buffer *, const BIGNUM *);
 void    buffer_get_bignum(Buffer *, BIGNUM *);
 void    buffer_get_bignum2(Buffer *, BIGNUM *);
 
diff --git a/buffer.c b/buffer.c
index a80880bb9..9217cb269 100644
--- a/buffer.c
+++ b/buffer.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.19 2003/09/18 07:54:48 markus Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -105,7 +105,7 @@ restart:
                 goto restart;
         }
         /* Increase the size of the buffer and retry. */
-        
+
         newlen = buffer->alloc + len + 32768;
         if (newlen > 0xa00000)
                 fatal("buffer_append_space: alloc %u not supported",
@@ -169,7 +169,7 @@ buffer_ptr(Buffer *buffer)
 void
 buffer_dump(Buffer *buffer)
 {
-        int i;
+        u_int i;
         u_char *ucp = buffer->buf;
 
         for (i = buffer->offset; i < buffer->end; i++) {
diff --git a/canohost.c b/canohost.c
index 438175f76..f5145922e 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.38 2003/09/23 20:17:11 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -20,6 +20,7 @@ RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $");
 #include "canohost.h"
 
 static void check_ip_options(int, char *);
+static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
 
 /*
  * Return the canonical name of the host at the other end of the socket. The
@@ -40,31 +41,11 @@ get_remote_hostname(int socket, int use_dns)
         memset(&from, 0, sizeof(from));
         if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) {
                 debug("getpeername failed: %.100s", strerror(errno));
-                fatal_cleanup();
+                cleanup_exit(255);
         }
-#ifdef IPV4_IN_IPV6
-        if (from.ss_family == AF_INET6) {
-                struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from;
-
-                /* Detect IPv4 in IPv6 mapped address and convert it to */
-                /* plain (AF_INET) IPv4 address */
-                if (IN6_IS_ADDR_V4MAPPED(&from6->sin6_addr)) {
-                        struct sockaddr_in *from4 = (struct sockaddr_in *)&from;
-                        struct in_addr addr;
-                        u_int16_t port;
-
-                        memcpy(&addr, ((char *)&from6->sin6_addr) + 12, sizeof(addr));
-                        port = from6->sin6_port;
-
-                        memset(&from, 0, sizeof(from));
-
-                        from4->sin_family = AF_INET;
-                        fromlen = sizeof(*from4);
-                        memcpy(&from4->sin_addr, &addr, sizeof(addr));
-                        from4->sin_port = port;
-                }
-        }
-#endif
+
+        ipv64_normalise_mapped(&from, &fromlen);
+
         if (from.ss_family == AF_INET6)
                 fromlen = sizeof(struct sockaddr_in6);
 
@@ -185,6 +166,31 @@ check_ip_options(int socket, char *ipaddr)
 #endif /* IP_OPTIONS */
 }
 
+static void
+ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
+{
+        struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr;
+        struct sockaddr_in *a4 = (struct sockaddr_in *)addr;
+        struct in_addr inaddr;
+        u_int16_t port;
+
+        if (addr->ss_family != AF_INET6 || 
+            !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr))
+                return;
+
+        debug3("Normalising mapped IPv4 in IPv6 address");
+
+        memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr));
+        port = a6->sin6_port;
+
+        memset(addr, 0, sizeof(*a4));
+
+        a4->sin_family = AF_INET;
+        *len = sizeof(*a4);
+        memcpy(&a4->sin_addr, &inaddr, sizeof(inaddr));
+        a4->sin_port = port;
+}
+
 /*
  * Return the canonical name of the host in the other side of the current
  * connection.  The host name is cached, so it is efficient to call this
@@ -296,7 +302,7 @@ get_remote_ipaddr(void)
                         canonical_host_ip =
                             get_peer_ipaddr(packet_get_connection_in());
                         if (canonical_host_ip == NULL)
-                                fatal_cleanup();
+                                cleanup_exit(255);
                 } else {
                         /* If not on socket, return UNKNOWN. */
                         canonical_host_ip = xstrdup("UNKNOWN");
@@ -336,7 +342,7 @@ get_sock_port(int sock, int local)
         } else {
                 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
                         debug("getpeername failed: %.100s", strerror(errno));
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 }
         }
 
diff --git a/channels.c b/channels.c
index 65a6a7f00..e663c2159 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.194 2003/08/29 10:04:36 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.200 2004/01/19 09:24:21 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -217,7 +217,6 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
                 channels = xmalloc(channels_alloc * sizeof(Channel *));
                 for (i = 0; i < channels_alloc; i++)
                         channels[i] = NULL;
-                fatal_add_cleanup((void (*) (void *)) channel_free_all, NULL);
         }
         /* Try to find a free slot where to put the new channel. */
         for (found = -1, i = 0; i < channels_alloc; i++)
@@ -229,12 +228,13 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
         if (found == -1) {
                 /* There are no free slots.  Take last+1 slot and expand the array.  */
                 found = channels_alloc;
-                channels_alloc += 10;
                 if (channels_alloc > 10000)
                         fatal("channel_new: internal error: channels_alloc %d "
                             "too big.", channels_alloc);
+                channels = xrealloc(channels,
+                    (channels_alloc + 10) * sizeof(Channel *));
+                channels_alloc += 10;
                 debug2("channel: expanding %d", channels_alloc);
-                channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
                 for (i = found; i < channels_alloc; i++)
                         channels[i] = NULL;
         }
@@ -970,7 +970,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
         have = buffer_len(&c->input);
         if (!(c->flags & SSH_SOCKS5_AUTHDONE)) {
                 /* format: ver | nmethods | methods */
-                if (have < 2) 
+                if (have < 2)
                         return 0;
                 nmethods = p[1];
                 if (have < nmethods + 2)
@@ -1035,7 +1035,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
         else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL)
                 return -1;
         c->host_port = ntohs(dest_port);
-        
+
         debug2("channel %d: dynamic request: socks5 host %s port %u command %u",
             c->self, c->path, c->host_port, s5_req.command);
 
@@ -1397,9 +1397,9 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
                 data = buffer_ptr(&c->output);
                 dlen = buffer_len(&c->output);
 #ifdef _AIX
-                /* XXX: Later AIX versions can't push as much data to tty */ 
-                if (compat20 && c->wfd_isatty && dlen > 8*1024)
-                        dlen = 8*1024;
+                /* XXX: Later AIX versions can't push as much data to tty */
+                if (compat20 && c->wfd_isatty)
+                        dlen = MIN(dlen, 8*1024);
 #endif
                 len = write(c->wfd, data, dlen);
                 if (len < 0 && (errno == EINTR || errno == EAGAIN))
@@ -1817,13 +1817,25 @@ channel_input_data(int type, u_int32_t seq, void *ctxt)
             c->type != SSH_CHANNEL_X11_OPEN)
                 return;
 
-        /* same for protocol 1.5 if output end is no longer open */
-        if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN)
-                return;
-
         /* Get the data. */
         data = packet_get_string(&data_len);
 
+        /*
+         * Ignore data for protocol > 1.3 if output end is no longer open.
+         * For protocol 2 the sending side is reducing its window as it sends
+         * data, so we must 'fake' consumption of the data in order to ensure
+         * that window updates are sent back.  Otherwise the connection might
+         * deadlock.
+         */
+        if (!compat13 && c->ostate != CHAN_OUTPUT_OPEN) {
+                if (compat20) {
+                        c->local_window -= data_len;
+                        c->local_consumed += data_len;
+                }
+                xfree(data);
+                return;
+        }
+
         if (compat20) {
                 if (data_len > c->local_maxpacket) {
                         logit("channel %d: rcvd big packet %d, maxpack %d",
@@ -2195,7 +2207,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
                         continue;
                 }
                 /* Start listening for connections on the socket. */
-                if (listen(sock, 5) < 0) {
+                if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                         error("listen: %.100s", strerror(errno));
                         close(sock);
                         continue;
@@ -2550,7 +2562,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
         /* Start listening for connections on the socket. */
         for (n = 0; n < num_socks; n++) {
                 sock = socks[n];
-                if (listen(sock, 5) < 0) {
+                if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                         error("listen: %.100s", strerror(errno));
                         close(sock);
                         return -1;
@@ -2838,46 +2850,3 @@ auth_request_forwarding(void)
         packet_send();
         packet_write_wait();
 }
-
-/* This is called to process an SSH_SMSG_AGENT_OPEN message. */
-
-void
-auth_input_open_request(int type, u_int32_t seq, void *ctxt)
-{
-        Channel *c = NULL;
-        int remote_id, sock;
-
-        /* Read the remote channel number from the message. */
-        remote_id = packet_get_int();
-        packet_check_eom();
-
-        /*
-         * Get a connection to the local authentication agent (this may again
-         * get forwarded).
-         */
-        sock = ssh_get_authentication_socket();
-
-        /*
-         * If we could not connect the agent, send an error message back to
-         * the server. This should never happen unless the agent dies,
-         * because authentication forwarding is only enabled if we have an
-         * agent.
-         */
-        if (sock >= 0) {
-                c = channel_new("", SSH_CHANNEL_OPEN, sock, sock,
-                    -1, 0, 0, 0, "authentication agent connection", 1);
-                c->remote_id = remote_id;
-                c->force_drain = 1;
-        }
-        if (c == NULL) {
-                packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
-                packet_put_int(remote_id);
-        } else {
-                /* Send a confirmation to the remote host. */
-                debug("Forwarding authentication connection.");
-                packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
-                packet_put_int(remote_id);
-                packet_put_int(c->self);
-        }
-        packet_send();
-}
diff --git a/channels.h b/channels.h
index bd2e92589..7d981479b 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $    */
+/*      $OpenBSD: channels.h,v 1.71 2003/09/23 20:41:11 markus Exp $    */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -214,7 +214,6 @@ void	 deny_input_open(int, u_int32_t, void *);
 /* agent forwarding */
 
 void     auth_request_forwarding(void);
-void     auth_input_open_request(int, u_int32_t, void *);
 
 /* channel close */
 
diff --git a/cipher-3des1.c b/cipher-3des1.c
index f9a352397..f815e8ae5 100644
--- a/cipher-3des1.c
+++ b/cipher-3des1.c
@@ -23,12 +23,16 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher-3des1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
+RCSID("$OpenBSD: cipher-3des1.c,v 1.2 2003/12/22 20:29:55 markus Exp $");
 
 #include <openssl/evp.h>
 #include "xmalloc.h"
 #include "log.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x00906000L
+#define SSH_OLD_EVP
+#endif
+
 /*
  * This is used by SSH1:
  *
@@ -122,6 +126,9 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
         struct ssh1_3des_ctx *c;
 
         if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+                EVP_CIPHER_CTX_cleanup(&c->k1);
+                EVP_CIPHER_CTX_cleanup(&c->k2);
+                EVP_CIPHER_CTX_cleanup(&c->k3);
                 memset(c, 0, sizeof(*c));
                 xfree(c);
                 EVP_CIPHER_CTX_set_app_data(ctx, NULL);
diff --git a/cipher-acss.c b/cipher-acss.c
new file mode 100644
index 000000000..3a966a74d
--- /dev/null
+++ b/cipher-acss.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+#include <openssl/evp.h>
+
+RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $");
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+
+#include "acss.h"
+
+#define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data)
+
+typedef struct {
+        ACSS_KEY ks;
+} EVP_ACSS_KEY;
+
+#define EVP_CTRL_SET_ACSS_MODE          0xff06
+#define EVP_CTRL_SET_ACSS_SUBKEY        0xff07
+
+static int
+acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 
+    const unsigned char *iv, int enc)
+{
+        acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
+        return 1;
+}
+
+static int
+acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, 
+    unsigned int inl)
+{
+        acss(&data(ctx)->ks,inl,in,out);
+        return 1;
+}
+
+static int
+acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        switch(type) {
+        case EVP_CTRL_SET_ACSS_MODE:
+                data(ctx)->ks.mode = arg;
+                return 1;
+        case EVP_CTRL_SET_ACSS_SUBKEY:
+                acss_setsubkey(&data(ctx)->ks,(unsigned char *)ptr);
+                return 1;
+        default:
+                return -1;
+        }
+}
+
+const EVP_CIPHER *
+evp_acss(void)
+{
+        static EVP_CIPHER acss_cipher;
+
+        memset(&acss_cipher, 0, sizeof(EVP_CIPHER));
+
+        acss_cipher.nid = NID_undef;
+        acss_cipher.block_size = 1;
+        acss_cipher.key_len = 5;
+        acss_cipher.init = acss_init_key;
+        acss_cipher.do_cipher = acss_ciph;
+        acss_cipher.ctx_size = sizeof(EVP_ACSS_KEY);
+        acss_cipher.ctrl = acss_ctrl;
+
+        return (&acss_cipher);
+}
+#endif
+
diff --git a/cipher-aes.c b/cipher-aes.c
index c41def600..22d500d42 100644
--- a/cipher-aes.c
+++ b/cipher-aes.c
@@ -24,13 +24,17 @@
 
 #include "includes.h"
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
-RCSID("$OpenBSD: cipher-aes.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
+RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
 
 #include <openssl/evp.h>
 #include "rijndael.h"
 #include "xmalloc.h"
 #include "log.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x00906000L
+#define SSH_OLD_EVP
+#endif
+
 #define RIJNDAEL_BLOCKSIZE 16
 struct ssh_rijndael_ctx
 {
diff --git a/cipher-ctr.c b/cipher-ctr.c
index a2bab5c14..395dabedd 100644
--- a/cipher-ctr.c
+++ b/cipher-ctr.c
@@ -14,13 +14,17 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $");
+RCSID("$OpenBSD: cipher-ctr.c,v 1.4 2004/02/06 23:41:13 dtucker Exp $");
 
 #include <openssl/evp.h>
 
 #include "log.h"
 #include "xmalloc.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x00906000L
+#define SSH_OLD_EVP
+#endif
+
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 #include "rijndael.h"
 #define AES_KEY rijndael_ctx
@@ -90,7 +94,8 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
                 EVP_CIPHER_CTX_set_app_data(ctx, c);
         }
         if (key != NULL)
-                AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
+                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                     &c->aes_ctx);
         if (iv != NULL)
                 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
         return (1);
@@ -135,7 +140,9 @@ evp_aes_128_ctr(void)
         aes_ctr.init = ssh_aes_ctr_init;
         aes_ctr.cleanup = ssh_aes_ctr_cleanup;
         aes_ctr.do_cipher = ssh_aes_ctr;
+#ifndef SSH_OLD_EVP
         aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
             EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+#endif
         return (&aes_ctr);
 }
diff --git a/cipher.c b/cipher.c
index e7c3c5411..c13ff5862 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.68 2004/01/23 19:26:33 hshoexer Exp $");
 
 #include "xmalloc.h"
 #include "log.h"
@@ -52,6 +52,17 @@ RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $");
 extern const EVP_CIPHER *evp_rijndael(void);
 extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
 #endif
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+#  define EVP_CTRL_SET_ACSS_MODE xxx    /* used below */
+# else
+#  define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
+# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
+#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
+
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
@@ -87,29 +98,33 @@ struct Cipher {
         { "rijndael-cbc@lysator.liu.se",
                                 SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x00905000L
         { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },
         { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
         { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
-
+#endif
+#if defined(EVP_CTRL_SET_ACSS_MODE)
+        { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, EVP_acss },
+#endif
         { NULL,                 SSH_CIPHER_ILLEGAL, 0, 0, NULL }
 };
 
 /*--*/
 
 u_int
-cipher_blocksize(Cipher *c)
+cipher_blocksize(const Cipher *c)
 {
         return (c->block_size);
 }
 
 u_int
-cipher_keylen(Cipher *c)
+cipher_keylen(const Cipher *c)
 {
         return (c->key_len);
 }
 
 u_int
-cipher_get_number(Cipher *c)
+cipher_get_number(const Cipher *c)
 {
         return (c->number);
 }
@@ -309,7 +324,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
  */
 
 int
-cipher_get_keyiv_len(CipherContext *cc)
+cipher_get_keyiv_len(const CipherContext *cc)
 {
         Cipher *c = cc->cipher;
         int ivlen;
@@ -395,12 +410,12 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
 #endif
 
 int
-cipher_get_keycontext(CipherContext *cc, u_char *dat)
+cipher_get_keycontext(const CipherContext *cc, u_char *dat)
 {
         Cipher *c = cc->cipher;
         int plen = 0;
 
-        if (c->evptype == EVP_rc4) {
+        if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
                 plen = EVP_X_STATE_LEN(cc->evp);
                 if (dat == NULL)
                         return (plen);
@@ -415,7 +430,7 @@ cipher_set_keycontext(CipherContext *cc, u_char *dat)
         Cipher *c = cc->cipher;
         int plen;
 
-        if (c->evptype == EVP_rc4) {
+        if (c->evptype == EVP_rc4 || c->evptype == EVP_acss) {
                 plen = EVP_X_STATE_LEN(cc->evp);
                 memcpy(EVP_X_STATE(cc->evp), dat, plen);
         }
diff --git a/cipher.h b/cipher.h
index fc7f6dd0f..74b3669fd 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: cipher.h,v 1.33 2002/03/18 17:13:15 markus Exp $      */
+/*      $OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $       */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -79,13 +79,13 @@ void	 cipher_init(CipherContext *, Cipher *, const u_char *, u_int,
 void     cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
 void     cipher_cleanup(CipherContext *);
 void     cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
-u_int    cipher_blocksize(Cipher *);
-u_int    cipher_keylen(Cipher *);
+u_int    cipher_blocksize(const Cipher *);
+u_int    cipher_keylen(const Cipher *);
 
-u_int    cipher_get_number(Cipher *);
+u_int    cipher_get_number(const Cipher *);
 void     cipher_get_keyiv(CipherContext *, u_char *, u_int);
 void     cipher_set_keyiv(CipherContext *, u_char *);
-int      cipher_get_keyiv_len(CipherContext *);
-int      cipher_get_keycontext(CipherContext *, u_char *);
+int      cipher_get_keyiv_len(const CipherContext *);
+int      cipher_get_keycontext(const CipherContext *, u_char *);
 void     cipher_set_keycontext(CipherContext *, u_char *);
 #endif                          /* CIPHER_H */
diff --git a/cleanup.c b/cleanup.c
new file mode 100644
index 000000000..11d1d4d9a
--- /dev/null
+++ b/cleanup.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $");
+
+#include "log.h"
+
+/* default implementation */
+void
+cleanup_exit(int i)
+{
+        _exit(i);
+}
diff --git a/clientloop.c b/clientloop.c
index d445230e5..626b29a5a 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.112 2003/06/28 16:23:06 deraadt Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -89,6 +89,9 @@ extern Options options;
 /* Flag indicating that stdin should be redirected from /dev/null. */
 extern int stdin_null_flag;
 
+/* Flag indicating that no shell has been requested */
+extern int no_shell_flag;
+
 /*
  * Name of the host we are connecting to.  This is the name given on the
  * command line, or the HostName specified for the user-supplied name in a
@@ -124,6 +127,7 @@ static int connection_in;	/* Connection to server (input). */
 static int connection_out;      /* Connection to server (output). */
 static int need_rekeying;       /* Set to non-zero if rekeying is requested. */
 static int session_closed = 0;  /* In SSH2: login session closed. */
+static int server_alive_timeouts = 0;
 
 static void client_init_dispatch(void);
 int     session_ident = -1;
@@ -139,7 +143,6 @@ leave_non_blocking(void)
         if (in_non_blocking_mode) {
                 (void) fcntl(fileno(stdin), F_SETFL, 0);
                 in_non_blocking_mode = 0;
-                fatal_remove_cleanup((void (*) (void *)) leave_non_blocking, NULL);
         }
 }
 
@@ -150,7 +153,6 @@ enter_non_blocking(void)
 {
         in_non_blocking_mode = 1;
         (void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
-        fatal_add_cleanup((void (*) (void *)) leave_non_blocking, NULL);
 }
 
 /*
@@ -312,18 +314,35 @@ client_check_window_change(void)
         }
 }
 
+static void
+client_global_request_reply(int type, u_int32_t seq, void *ctxt)
+{
+        server_alive_timeouts = 0;
+        client_global_request_reply_fwd(type, seq, ctxt);
+}
+
+static void
+server_alive_check(void)
+{
+        if (++server_alive_timeouts > options.server_alive_count_max)
+                packet_disconnect("Timeout, server not responding.");
+        packet_start(SSH2_MSG_GLOBAL_REQUEST);
+        packet_put_cstring("keepalive@openssh.com");
+        packet_put_char(1);     /* boolean: want reply */
+        packet_send();
+}
+
 /*
  * Waits until the client can do something (some data becomes available on
  * one of the file descriptors).
  */
 
-static int
+static void
 client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
     int *maxfdp, int *nallocp, int rekeying)
 {
         struct timeval tv, *tvp;
-        int n;
-        extern Options options;
+        int ret;
 
         /* Add any selections by the channel mechanism. */
         channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
@@ -353,7 +372,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
                         /* clear mask since we did not call select() */
                         memset(*readsetp, 0, *nallocp);
                         memset(*writesetp, 0, *nallocp);
-                        return 0;
+                        return;
                 } else {
                         FD_SET(connection_in, *readsetp);
                 }
@@ -366,27 +385,18 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
         /*
          * Wait for something to happen.  This will suspend the process until
          * some selected descriptor can be read, written, or has some other
-         * event pending. Note: if you want to implement SSH_MSG_IGNORE
-         * messages to fool traffic analysis, this might be the place to do
-         * it: just have a random timeout for the select, and send a random
-         * SSH_MSG_IGNORE packet when the timeout expires.
+         * event pending.
          */
 
-        /*
-         * We don't do the 'random' bit, but we want periodic ignored
-         * message anyway, so as to notice when the other ends TCP
-         * has given up during an outage.
-         */
-
-        if (options.protocolkeepalives > 0) {
-                tvp = &tv;
-                tv.tv_sec = options.protocolkeepalives;
+        if (options.server_alive_interval == 0 || !compat20)
+                tvp = NULL;
+        else {  
+                tv.tv_sec = options.server_alive_interval;
                 tv.tv_usec = 0;
-        } else
-                tvp = 0;
-
-        n = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
-        if (n < 0) {
+                tvp = &tv;
+        }
+        ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
+        if (ret < 0) {
                 char buf[100];
 
                 /*
@@ -398,13 +408,13 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
                 memset(*writesetp, 0, *nallocp);
 
                 if (errno == EINTR)
-                        return 0;
+                        return;
                 /* Note: we might still have data in the buffers. */
                 snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
                 buffer_append(&stderr_buffer, buf, strlen(buf));
                 quit_pending = 1;
-        }
-        return n == 0;
+        } else if (ret == 0)
+                server_alive_check();
 }
 
 static void
@@ -863,8 +873,7 @@ client_channel_closed(int id, void *arg)
                     id, session_ident);
         channel_cancel_cleanup(id);
         session_closed = 1;
-        if (in_raw_mode())
-                leave_raw_mode();
+        leave_raw_mode();
 }
 
 /*
@@ -879,7 +888,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
 {
         fd_set *readset = NULL, *writeset = NULL;
         double start_time, total_time;
-        int timed_out;
         int max_fd = 0, max_fd2 = 0, len, rekeying = 0, nalloc = 0;
         char buf[100];
 
@@ -993,7 +1001,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                  * available on one of the descriptors).
                  */
                 max_fd2 = max_fd;
-                timed_out = client_wait_until_can_do_something(&readset, &writeset,
+                client_wait_until_can_do_something(&readset, &writeset,
                     &max_fd2, &nalloc, rekeying);
 
                 if (quit_pending)
@@ -1016,21 +1024,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                 if (quit_pending)
                         break;
 
-                if(timed_out) {
-                        /*
-                         * Nothing is happening, so synthesize some
-                         * bogus activity
-                         */
-                        packet_start(compat20
-                                     ? SSH2_MSG_IGNORE
-                                     : SSH_MSG_IGNORE);
-                        packet_put_cstring("");
-                        packet_send();
-                        if (FD_ISSET(connection_out, writeset))
-                                packet_write_poll();
-                        continue;
-                }
-
                 if (!compat20) {
                         /* Buffer data from stdin */
                         client_process_input(readset);
@@ -1069,12 +1062,19 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
         if (!isatty(fileno(stderr)))
                 unset_nonblock(fileno(stderr));
 
-        if (received_signal) {
-                if (in_non_blocking_mode)       /* XXX */
-                        leave_non_blocking();
-                fatal("Killed by signal %d.", (int) received_signal);
+        /*
+         * If there was no shell or command requested, there will be no remote
+         * exit status to be returned.  In that case, clear error code if the
+         * connection was deliberately terminated at this end.
+         */
+        if (no_shell_flag && received_signal == SIGTERM) {
+                received_signal = 0;
+                exit_status = 0;
         }
 
+        if (received_signal)
+                fatal("Killed by signal %d.", (int) received_signal);
+
         /*
          * In interactive mode (with pseudo tty) display a message indicating
          * that the connection has been closed.
@@ -1166,6 +1166,46 @@ client_input_exit_status(int type, u_int32_t seq, void *ctxt)
         /* Flag that we want to exit. */
         quit_pending = 1;
 }
+static void
+client_input_agent_open(int type, u_int32_t seq, void *ctxt)
+{
+        Channel *c = NULL;
+        int remote_id, sock;
+
+        /* Read the remote channel number from the message. */
+        remote_id = packet_get_int();
+        packet_check_eom();
+
+        /*
+         * Get a connection to the local authentication agent (this may again
+         * get forwarded).
+         */
+        sock = ssh_get_authentication_socket();
+
+        /*
+         * If we could not connect the agent, send an error message back to
+         * the server. This should never happen unless the agent dies,
+         * because authentication forwarding is only enabled if we have an
+         * agent.
+         */
+        if (sock >= 0) {
+                c = channel_new("", SSH_CHANNEL_OPEN, sock, sock,
+                    -1, 0, 0, 0, "authentication agent connection", 1);
+                c->remote_id = remote_id;
+                c->force_drain = 1;
+        }
+        if (c == NULL) {
+                packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
+                packet_put_int(remote_id);
+        } else {
+                /* Send a confirmation to the remote host. */
+                debug("Forwarding authentication connection.");
+                packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
+                packet_put_int(remote_id);
+                packet_put_int(c->self);
+        }
+        packet_send();
+}
 
 static Channel *
 client_request_forwarded_tcpip(const char *request_type, int rchan)
@@ -1353,7 +1393,8 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
 
         rtype = packet_get_string(NULL);
         want_reply = packet_get_char();
-        debug("client_input_global_request: rtype %s want_reply %d", rtype, want_reply);
+        debug("client_input_global_request: rtype %s want_reply %d",
+            rtype, want_reply);
         if (want_reply) {
                 packet_start(success ?
                     SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
@@ -1401,7 +1442,7 @@ client_init_dispatch_13(void)
         dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
 
         dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
-            &auth_input_open_request : &deny_input_open);
+            &client_input_agent_open : &deny_input_open);
         dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
             &x11_input_open : &deny_input_open);
 }
@@ -1422,3 +1463,12 @@ client_init_dispatch(void)
         else
                 client_init_dispatch_15();
 }
+
+/* client specific fatal cleanup */
+void
+cleanup_exit(int i)
+{
+        leave_raw_mode();
+        leave_non_blocking();
+        _exit(i);
+}
diff --git a/clientloop.h b/clientloop.h
index 8056a40c3..56af06bc1 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: clientloop.h,v 1.7 2002/04/22 21:04:52 markus Exp $   */
+/*      $OpenBSD: clientloop.h,v 1.8 2003/12/16 15:49:51 markus Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,4 +37,4 @@
 
 /* Client side main loop for the interactive session. */
 int      client_loop(int, int, int);
-void     client_global_request_reply(int type, u_int32_t seq, void *ctxt);
+void     client_global_request_reply_fwd(int, u_int32_t, void *);
diff --git a/compat.c b/compat.c
index af1d14321..2fdebe7fa 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.69 2003/08/29 10:03:15 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $");
 
 #include "buffer.h"
 #include "packet.h"
@@ -79,11 +79,7 @@ compat_datafellows(const char *version)
                 { "OpenSSH_2.5.3*",     SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
                 { "OpenSSH_2.*,"
                   "OpenSSH_3.0*,"
-                  "OpenSSH_3.1*",       SSH_BUG_EXTEOF|SSH_BUG_GSSAPI_BER},
-                { "OpenSSH_3.2*,"
-                  "OpenSSH_3.3*,"
-                  "OpenSSH_3.4*,"
-                  "OpenSSH_3.5*",       SSH_BUG_GSSAPI_BER},
+                  "OpenSSH_3.1*",       SSH_BUG_EXTEOF},
                 { "Sun_SSH_1.0*",       SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
                 { "OpenSSH*",           0 },
                 { "*MindTerm*",         0 },
diff --git a/compat.h b/compat.h
index 7a5004455..efa0f081e 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: compat.h,v 1.36 2003/08/29 10:03:15 markus Exp $      */
+/*      $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $      */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,7 +55,6 @@
 #define SSH_BUG_EXTEOF          0x00200000
 #define SSH_BUG_PROBE           0x00400000
 #define SSH_BUG_FIRSTKEX        0x00800000
-#define SSH_BUG_GSSAPI_BER      0x01000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
diff --git a/compress.c b/compress.c
index 85a361d3a..0d1c7e55e 100644
--- a/compress.c
+++ b/compress.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compress.c,v 1.19 2002/03/18 17:31:54 provos Exp $");
+RCSID("$OpenBSD: compress.c,v 1.21 2004/01/13 19:45:15 markus Exp $");
 
 #include "log.h"
 #include "buffer.h"
@@ -56,12 +56,14 @@ buffer_compress_init_recv(void)
 void
 buffer_compress_uninit(void)
 {
-        debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
-            outgoing_stream.total_in, outgoing_stream.total_out,
+        debug("compress outgoing: raw data %llu, compressed %llu, factor %.2f",
+            (unsigned long long)outgoing_stream.total_in,
+            (unsigned long long)outgoing_stream.total_out,
             outgoing_stream.total_in == 0 ? 0.0 :
             (double) outgoing_stream.total_out / outgoing_stream.total_in);
-        debug("compress incoming: raw data %lu, compressed %lu, factor %.2f",
-            incoming_stream.total_out, incoming_stream.total_in,
+        debug("compress incoming: raw data %llu, compressed %llu, factor %.2f",
+            (unsigned long long)incoming_stream.total_out,
+            (unsigned long long)incoming_stream.total_in,
             incoming_stream.total_out == 0 ? 0.0 :
             (double) incoming_stream.total_in / incoming_stream.total_out);
         if (compress_init_recv_called == 1 && inflate_failed == 0)
diff --git a/config.guess b/config.guess
index 11271623b..59d4b87a5 100755
--- a/config.guess
+++ b/config.guess
@@ -176,7 +176,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
                 fi
                 ;;
             *)
-                os=netbsd
+                os=netbsd
                 ;;
         esac
         # The OS release
@@ -382,23 +382,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     # MiNT.  But MiNT is downward compatible to TOS, so this should
     # be no problem.
     atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
-        echo m68k-atari-mint${UNAME_RELEASE}
+        echo m68k-atari-mint${UNAME_RELEASE}
         exit 0 ;;
     atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
         echo m68k-atari-mint${UNAME_RELEASE}
-        exit 0 ;;
+        exit 0 ;;
     *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
-        echo m68k-atari-mint${UNAME_RELEASE}
+        echo m68k-atari-mint${UNAME_RELEASE}
         exit 0 ;;
     milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
-        echo m68k-milan-mint${UNAME_RELEASE}
-        exit 0 ;;
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit 0 ;;
     hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
-        echo m68k-hades-mint${UNAME_RELEASE}
-        exit 0 ;;
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit 0 ;;
     *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
-        echo m68k-unknown-mint${UNAME_RELEASE}
-        exit 0 ;;
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit 0 ;;
     powerpc:machten:*:*)
         echo powerpc-apple-machten${UNAME_RELEASE}
         exit 0 ;;
@@ -464,8 +464,8 @@ EOF
         echo m88k-motorola-sysv3
         exit 0 ;;
     AViiON:dgux:*:*)
-        # DG/UX returns AViiON for all architectures
-        UNAME_PROCESSOR=`/usr/bin/uname -p`
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
         if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
         then
             if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
@@ -478,7 +478,7 @@ EOF
         else
             echo i586-dg-dgux${UNAME_RELEASE}
         fi
-        exit 0 ;;
+        exit 0 ;;
     M88*:DolphinOS:*:*) # DolphinOS (SVR3)
         echo m88k-dolphin-sysv3
         exit 0 ;;
@@ -574,52 +574,52 @@ EOF
             9000/[678][0-9][0-9])
                 if [ -x /usr/bin/getconf ]; then
                     sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
-                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
-                    case "${sc_cpu_version}" in
-                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
-                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
-                      532)                      # CPU_PA_RISC2_0
-                        case "${sc_kernel_bits}" in
-                          32) HP_ARCH="hppa2.0n" ;;
-                          64) HP_ARCH="hppa2.0w" ;;
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
                           '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
-                        esac ;;
-                    esac
+                        esac ;;
+                    esac
                 fi
                 if [ "${HP_ARCH}" = "" ]; then
                     eval $set_cc_for_build
                     sed 's/^              //' << EOF >$dummy.c
 
-              #define _HPUX_SOURCE
-              #include <stdlib.h>
-              #include <unistd.h>
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
 
-              int main ()
-              {
-              #if defined(_SC_KERNEL_BITS)
-                  long bits = sysconf(_SC_KERNEL_BITS);
-              #endif
-                  long cpu  = sysconf (_SC_CPU_VERSION);
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
 
-                  switch (cpu)
-                {
-                case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
-                case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
-                case CPU_PA_RISC2_0:
-              #if defined(_SC_KERNEL_BITS)
-                    switch (bits)
-                        {
-                        case 64: puts ("hppa2.0w"); break;
-                        case 32: puts ("hppa2.0n"); break;
-                        default: puts ("hppa2.0"); break;
-                        } break;
-              #else  /* !defined(_SC_KERNEL_BITS) */
-                    puts ("hppa2.0"); break;
-              #endif
-                default: puts ("hppa1.0"); break;
-                }
-                  exit (0);
-              }
+                  switch (cpu)
+                {
+                case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+                case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+                case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+                    switch (bits)
+                        {
+                        case 64: puts ("hppa2.0w"); break;
+                        case 32: puts ("hppa2.0n"); break;
+                        default: puts ("hppa2.0"); break;
+                        } break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+                    puts ("hppa2.0"); break;
+              #endif
+                default: puts ("hppa1.0"); break;
+                }
+                  exit (0);
+              }
 EOF
                     (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
                     test -z "$HP_ARCH" && HP_ARCH=hppa
@@ -699,22 +699,22 @@ EOF
         exit 0 ;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
         echo c1-convex-bsd
-        exit 0 ;;
+        exit 0 ;;
     C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
         if getsysinfo -f scalar_acc
         then echo c32-convex-bsd
         else echo c2-convex-bsd
         fi
-        exit 0 ;;
+        exit 0 ;;
     C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
         echo c34-convex-bsd
-        exit 0 ;;
+        exit 0 ;;
     C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
         echo c38-convex-bsd
-        exit 0 ;;
+        exit 0 ;;
     C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
         echo c4-convex-bsd
-        exit 0 ;;
+        exit 0 ;;
     CRAY*Y-MP:*:*:*)
         echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
         exit 0 ;;
@@ -738,10 +738,10 @@ EOF
         exit 0 ;;
     F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
         FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
-        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
-        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
-        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
-        exit 0 ;;
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit 0 ;;
     i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
         echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
         exit 0 ;;
@@ -874,7 +874,7 @@ EOF
           EV6)   UNAME_MACHINE=alphaev6 ;;
           EV67)  UNAME_MACHINE=alphaev67 ;;
           EV68*) UNAME_MACHINE=alphaev68 ;;
-        esac
+        esac
         objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
         if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
         echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
@@ -916,7 +916,7 @@ EOF
                                     s/.*supported targets: *//
                                     s/ .*//
                                     p'`
-        case "$ld_supported_targets" in
+        case "$ld_supported_targets" in
           elf32-i386)
                 TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
                 ;;
@@ -968,11 +968,11 @@ EOF
         echo i386-sequent-sysv4
         exit 0 ;;
     i*86:UNIX_SV:4.2MP:2.*)
-        # Unixware is an offshoot of SVR4, but it has its own version
-        # number series starting with 2...
-        # I am not positive that other SVR4 systems won't match this,
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
         # I just have to hope.  -- rms.
-        # Use sysv4.2uw... so that sysv4* matches it.
+        # Use sysv4.2uw... so that sysv4* matches it.
         echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
         exit 0 ;;
     i*86:OS/2:*:*)
@@ -1028,10 +1028,10 @@ EOF
         exit 0 ;;
     pc:*:*:*)
         # Left here for compatibility:
-        # uname -m prints for DJGPP always 'pc', but it prints nothing about
-        # the processor, so we play safe by assuming i386.
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
         echo i386-pc-msdosdjgpp
-        exit 0 ;;
+        exit 0 ;;
     Intel:Mach:3*:*)
         echo i386-pc-mach3
         exit 0 ;;
@@ -1066,8 +1066,8 @@ EOF
         /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
           && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
     3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
-        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
-          && echo i486-ncr-sysv4 && exit 0 ;;
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && echo i486-ncr-sysv4 && exit 0 ;;
     m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
         echo m68k-unknown-lynxos${UNAME_RELEASE}
         exit 0 ;;
@@ -1101,9 +1101,9 @@ EOF
         fi
         exit 0 ;;
     PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
-                      # says <Richard.M.Bartel@ccMail.Census.GOV>
-        echo i586-unisys-sysv4
-        exit 0 ;;
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit 0 ;;
     *:UNIX_System_V:4*:FTX*)
         # From Gerald Hewes <hewes@openmarket.com>.
         # How about differentiating between stratus architectures? -djm
@@ -1125,11 +1125,11 @@ EOF
         exit 0 ;;
     R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
         if [ -d /usr/nec ]; then
-                echo mips-nec-sysv${UNAME_RELEASE}
+                echo mips-nec-sysv${UNAME_RELEASE}
         else
-                echo mips-unknown-sysv${UNAME_RELEASE}
+                echo mips-unknown-sysv${UNAME_RELEASE}
         fi
-        exit 0 ;;
+        exit 0 ;;
     BeBox:BeOS:*:*)     # BeOS running on hardware made by Be, PPC only.
         echo powerpc-be-beos
         exit 0 ;;
@@ -1238,11 +1238,11 @@ main ()
 #include <sys/param.h>
   printf ("m68k-sony-newsos%s\n",
 #ifdef NEWSOS4
-          "4"
+          "4"
 #else
           ""
 #endif
-         ); exit (0);
+         ); exit (0);
 #endif
 #endif
 
diff --git a/config.h.in b/config.h.in
index 41495c4fb..32622dc5f 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,5 @@
 /* config.h.in.  Generated automatically from configure.ac by autoheader.  */
-/* $Id: acconfig.h,v 1.166 2003/09/16 01:52:19 dtucker Exp $ */
+/* $Id: acconfig.h,v 1.173 2004/02/06 05:24:31 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -42,6 +42,12 @@
 /* Define if your setregid() is broken */
 #undef BROKEN_SETREGID
 
+/* Define if your setresuid() is broken */
+#undef BROKEN_SETRESUID
+
+/* Define if your setresgid() is broken */
+#undef BROKEN_SETRESGID
+
 /* Define to a Set Process Title type if your system is */
 /* supported by bsd-setproctitle.c */
 #undef SPT_TYPE
@@ -60,6 +66,9 @@
 /* from environment and PATH */
 #undef LOGIN_PROGRAM_FALLBACK
 
+/* Full path of your "passwd" program */
+#undef _PATH_PASSWD_PROG
+
 /* Define if your password has a pw_class field */
 #undef HAVE_PW_CLASS_IN_PASSWD
 
@@ -90,6 +99,9 @@
 /* Define if you have the getuserattr function.  */
 #undef HAVE_GETUSERATTR
 
+/* Define if you have the basename function. */
+#undef HAVE_BASENAME
+
 /* Work around problematic Linux PAM modules handling of PAM_TTY */
 #undef PAM_TTY_KLUDGE
 
@@ -248,6 +260,9 @@
 /* Define this if you are using the Heimdal version of Kerberos V5 */
 #undef HEIMDAL
 
+/* Define this if you want to use libkafs' AFS support */
+#undef USE_AFS
+
 /* Define if you want S/Key support */
 #undef SKEY
 
@@ -416,15 +431,15 @@
 #undef LOCKED_PASSWD_PREFIX
 #undef LOCKED_PASSWD_SUBSTR
 
-/* Define if DNS support is to be activated */
-#undef DNS
-
 /* Define if getrrsetbyname() exists */
 #undef HAVE_GETRRSETBYNAME
 
 /* Define if HEADER.ad exists in arpa/nameser.h */
 #undef HAVE_HEADER_AD
 
+/* Define if your resolver libs need this for getrrsetbyname */
+#undef BIND_8_COMPAT
+
 
 /* Define if the `getpgrp' function takes no argument. */
 #undef GETPGRP_VOID
@@ -438,9 +453,6 @@
 /* Define if you have the `b64_pton' function. */
 #undef HAVE_B64_PTON
 
-/* Define if you have the `basename' function. */
-#undef HAVE_BASENAME
-
 /* Define if you have the `bcopy' function. */
 #undef HAVE_BCOPY
 
@@ -453,6 +465,9 @@
 /* Define if you have the `clock' function. */
 #undef HAVE_CLOCK
 
+/* Define if gai_strerror() returns const char * */
+#undef HAVE_CONST_GAI_STRERROR_PROTO
+
 /* Define if you have the <crypt.h> header file. */
 #undef HAVE_CRYPT_H
 
@@ -552,9 +567,24 @@
 /* Define if you have the <glob.h> header file. */
 #undef HAVE_GLOB_H
 
+/* Define if you have the <gssapi_generic.h> header file. */
+#undef HAVE_GSSAPI_GENERIC_H
+
+/* Define if you have the <gssapi/gssapi_generic.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_GENERIC_H
+
+/* Define if you have the <gssapi/gssapi.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_H
+
+/* Define if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
 /* Define if you have the <gssapi.h> header file. */
 #undef HAVE_GSSAPI_H
 
+/* Define if you have the <gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_KRB5_H
+
 /* Define if you have the <ia.h> header file. */
 #undef HAVE_IA_H
 
@@ -669,6 +699,9 @@
 /* Define if you have the `pam_getenvlist' function. */
 #undef HAVE_PAM_GETENVLIST
 
+/* Define if you have the <pam/pam_appl.h> header file. */
+#undef HAVE_PAM_PAM_APPL_H
+
 /* Define if you have the `pam_putenv' function. */
 #undef HAVE_PAM_PUTENV
 
@@ -825,6 +858,9 @@
 /* Define if you have the `strsep' function. */
 #undef HAVE_STRSEP
 
+/* Define if you have the `strtoul' function. */
+#undef HAVE_STRTOUL
+
 /* Define if `st_blksize' is member of `struct stat'. */
 #undef HAVE_STRUCT_STAT_ST_BLKSIZE
 
@@ -852,12 +888,18 @@
 /* Define if you have the <sys/pstat.h> header file. */
 #undef HAVE_SYS_PSTAT_H
 
+/* Define if you have the <sys/ptms.h> header file. */
+#undef HAVE_SYS_PTMS_H
+
 /* Define if you have the <sys/select.h> header file. */
 #undef HAVE_SYS_SELECT_H
 
 /* Define if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H
 
+/* Define if you have the <sys/stream.h> header file. */
+#undef HAVE_SYS_STREAM_H
+
 /* Define if you have the <sys/stropts.h> header file. */
 #undef HAVE_SYS_STROPTS_H
 
@@ -906,6 +948,9 @@
 /* Define if you have the `updwtmp' function. */
 #undef HAVE_UPDWTMP
 
+/* Define if you have the `updwtmpx' function. */
+#undef HAVE_UPDWTMPX
+
 /* Define if you have the <usersec.h> header file. */
 #undef HAVE_USERSEC_H
 
@@ -933,6 +978,9 @@
 /* Define if you have the `vhangup' function. */
 #undef HAVE_VHANGUP
 
+/* Define if you have the <vis.h> header file. */
+#undef HAVE_VIS_H
+
 /* Define if you have the `vsnprintf' function. */
 #undef HAVE_VSNPRINTF
 
diff --git a/config.sub b/config.sub
index 79657cd18..d77dd77b4 100755
--- a/config.sub
+++ b/config.sub
@@ -162,10 +162,10 @@ case $os in
                 os=-chorusos
                 basic_machine=$1
                 ;;
-        -chorusrdb)
-                os=-chorusrdb
+        -chorusrdb)
+                os=-chorusrdb
                 basic_machine=$1
-                ;;
+                ;;
         -hiux*)
                 os=-hiuxwe2
                 ;;
@@ -926,6 +926,10 @@ case $basic_machine in
                 basic_machine=sv1-cray
                 os=-unicos
                 ;;
+        sx*-nec)
+                basic_machine=sx6-nec
+                os=-sysv
+                ;;
         symmetry)
                 basic_machine=i386-sequent
                 os=-dynix
@@ -1006,6 +1010,10 @@ case $basic_machine in
                 basic_machine=hppa1.1-winbond
                 os=-proelf
                 ;;
+        windows32)
+                basic_machine=i386-pc
+                os=-windows32-msvcrt
+                ;;
         xps | xps100)
                 basic_machine=xps100-honeywell
                 ;;
@@ -1102,8 +1110,8 @@ esac
 if [ x"$os" != x"" ]
 then
 case $os in
-        # First match some system type aliases
-        # that might get confused with valid system types.
+        # First match some system type aliases
+        # that might get confused with valid system types.
         # -solaris* is a basic system type, with this one exception.
         -solaris1 | -solaris1.*)
                 os=`echo $os | sed -e 's|solaris1|sunos4|'`
diff --git a/configure b/configure
index 096c51af7..c39957b7c 100755
--- a/configure
+++ b/configure
@@ -669,6 +669,7 @@ Optional Features:
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
   --disable-largefile     omit support for large files
   --disable-strip         Disable calling strip(1) on install
+  --disable-etc-default-login       Disable using PATH from /etc/default/login no
   --disable-lastlog       disable use of lastlog even if detected no
   --disable-utmp          disable use of utmp even if detected no
   --disable-utmpx         disable use of utmpx even if detected no
@@ -681,17 +682,18 @@ Optional Features:
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --without-rpath         Disable auto-added -R linker paths
   --with-osfsia           Enable Digital Unix SIA
   --with-cflags           Specify additional flags to pass to compiler
   --with-cppflags         Specify additional flags to pass to preprocessor
   --with-ldflags          Specify additional flags to pass to linker
   --with-libs             Specify additional libraries to link with
-  --without-rpath         Disable auto-added -R linker paths
   --with-zlib=PATH        Use zlib in PATH
+  --without-zlib-version-check Disable zlib version check
   --with-skey[=PATH]      Enable S/Key support
-                            (optionally in PATH)
+                            (optionally in PATH)
   --with-tcp-wrappers[=PATH]      Enable tcpwrappers support
-                            (optionally in PATH)
+                            (optionally in PATH)
   --with-pam              Enable PAM support
   --with-ssl-dir=PATH     Specify path to OpenSSL installation
   --with-rand-helper      Use subprocess to gather strong randomness
@@ -701,7 +703,6 @@ Optional Packages:
   --with-privsep-user=user Specify non-privileged user for privilege separation
   --with-sectok           Enable smartcard support using libsectok
   --with-opensc=PFX       Enable smartcard support using OpenSC
-  --with-dns              Support for fetching keys from DNS (experimental)
   --with-kerberos5=PATH   Enable Kerberos 5 support
   --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
   --with-xauth=PATH       Specify path to xauth program
@@ -908,7 +909,7 @@ if test -z "$CONFIG_SITE"; then
 fi
 for ac_site_file in $CONFIG_SITE; do
   if test -r "$ac_site_file"; then
-    { echo "$as_me:911: loading site script $ac_site_file" >&5
+    { echo "$as_me:912: loading site script $ac_site_file" >&5
 echo "$as_me: loading site script $ac_site_file" >&6;}
     cat "$ac_site_file" >&5
     . "$ac_site_file"
@@ -919,7 +920,7 @@ if test -r "$cache_file"; then
   # Some versions of bash will fail to source /dev/null (special
   # files actually), so we avoid doing that.
   if test -f "$cache_file"; then
-    { echo "$as_me:922: loading cache $cache_file" >&5
+    { echo "$as_me:923: loading cache $cache_file" >&5
 echo "$as_me: loading cache $cache_file" >&6;}
     case $cache_file in
       [\\/]* | ?:[\\/]* ) . $cache_file;;
@@ -927,7 +928,7 @@ echo "$as_me: loading cache $cache_file" >&6;}
     esac
   fi
 else
-  { echo "$as_me:930: creating cache $cache_file" >&5
+  { echo "$as_me:931: creating cache $cache_file" >&5
 echo "$as_me: creating cache $cache_file" >&6;}
   >$cache_file
 fi
@@ -943,21 +944,21 @@ for ac_var in `(set) 2>&1 |
   eval ac_new_val="\$ac_env_${ac_var}_value"
   case $ac_old_set,$ac_new_set in
     set,)
-      { echo "$as_me:946: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+      { echo "$as_me:947: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
 echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
       ac_cache_corrupted=: ;;
     ,set)
-      { echo "$as_me:950: error: \`$ac_var' was not set in the previous run" >&5
+      { echo "$as_me:951: error: \`$ac_var' was not set in the previous run" >&5
 echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
       ac_cache_corrupted=: ;;
     ,);;
     *)
       if test "x$ac_old_val" != "x$ac_new_val"; then
-        { echo "$as_me:956: error: \`$ac_var' has changed since the previous run:" >&5
+        { echo "$as_me:957: error: \`$ac_var' has changed since the previous run:" >&5
 echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
-        { echo "$as_me:958:   former value:  $ac_old_val" >&5
+        { echo "$as_me:959:   former value:  $ac_old_val" >&5
 echo "$as_me:   former value:  $ac_old_val" >&2;}
-        { echo "$as_me:960:   current value: $ac_new_val" >&5
+        { echo "$as_me:961:   current value: $ac_new_val" >&5
 echo "$as_me:   current value: $ac_new_val" >&2;}
         ac_cache_corrupted=:
       fi;;
@@ -976,9 +977,9 @@ echo "$as_me:   current value: $ac_new_val" >&2;}
   fi
 done
 if $ac_cache_corrupted; then
-  { echo "$as_me:979: error: changes in the environment can compromise the build" >&5
+  { echo "$as_me:980: error: changes in the environment can compromise the build" >&5
 echo "$as_me: error: changes in the environment can compromise the build" >&2;}
-  { { echo "$as_me:981: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+  { { echo "$as_me:982: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
 echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -998,10 +999,10 @@ esac
 echo "#! $SHELL" >conftest.sh
 echo  "exit 0"   >>conftest.sh
 chmod +x conftest.sh
-if { (echo "$as_me:1001: PATH=\".;.\"; conftest.sh") >&5
+if { (echo "$as_me:1002: PATH=\".;.\"; conftest.sh") >&5
   (PATH=".;."; conftest.sh) 2>&5
   ac_status=$?
-  echo "$as_me:1004: \$? = $ac_status" >&5
+  echo "$as_me:1005: \$? = $ac_status" >&5
   (exit $ac_status); }; then
   ac_path_separator=';'
 else
@@ -1020,7 +1021,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:1023: checking for $ac_word" >&5
+echo "$as_me:1024: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1035,7 +1036,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_CC="${ac_tool_prefix}gcc"
-echo "$as_me:1038: found $ac_dir/$ac_word" >&5
+echo "$as_me:1039: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1043,10 +1044,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1046: result: $CC" >&5
+  echo "$as_me:1047: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1049: result: no" >&5
+  echo "$as_me:1050: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1055,7 +1056,7 @@ if test -z "$ac_cv_prog_CC"; then
   ac_ct_CC=$CC
   # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
-echo "$as_me:1058: checking for $ac_word" >&5
+echo "$as_me:1059: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1070,7 +1071,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_CC="gcc"
-echo "$as_me:1073: found $ac_dir/$ac_word" >&5
+echo "$as_me:1074: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1078,10 +1079,10 @@ fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:1081: result: $ac_ct_CC" >&5
+  echo "$as_me:1082: result: $ac_ct_CC" >&5
 echo "${ECHO_T}$ac_ct_CC" >&6
 else
-  echo "$as_me:1084: result: no" >&5
+  echo "$as_me:1085: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1094,7 +1095,7 @@ if test -z "$CC"; then
   if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
 set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:1097: checking for $ac_word" >&5
+echo "$as_me:1098: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1109,7 +1110,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_CC="${ac_tool_prefix}cc"
-echo "$as_me:1112: found $ac_dir/$ac_word" >&5
+echo "$as_me:1113: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1117,10 +1118,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1120: result: $CC" >&5
+  echo "$as_me:1121: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1123: result: no" >&5
+  echo "$as_me:1124: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1129,7 +1130,7 @@ if test -z "$ac_cv_prog_CC"; then
   ac_ct_CC=$CC
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo "$as_me:1132: checking for $ac_word" >&5
+echo "$as_me:1133: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1144,7 +1145,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_CC="cc"
-echo "$as_me:1147: found $ac_dir/$ac_word" >&5
+echo "$as_me:1148: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1152,10 +1153,10 @@ fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:1155: result: $ac_ct_CC" >&5
+  echo "$as_me:1156: result: $ac_ct_CC" >&5
 echo "${ECHO_T}$ac_ct_CC" >&6
 else
-  echo "$as_me:1158: result: no" >&5
+  echo "$as_me:1159: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1168,7 +1169,7 @@ fi
 if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
-echo "$as_me:1171: checking for $ac_word" >&5
+echo "$as_me:1172: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1188,7 +1189,7 @@ if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
   continue
 fi
 ac_cv_prog_CC="cc"
-echo "$as_me:1191: found $ac_dir/$ac_word" >&5
+echo "$as_me:1192: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1210,10 +1211,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1213: result: $CC" >&5
+  echo "$as_me:1214: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1216: result: no" >&5
+  echo "$as_me:1217: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1224,7 +1225,7 @@ if test -z "$CC"; then
   do
     # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:1227: checking for $ac_word" >&5
+echo "$as_me:1228: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1239,7 +1240,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
-echo "$as_me:1242: found $ac_dir/$ac_word" >&5
+echo "$as_me:1243: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1247,10 +1248,10 @@ fi
 fi
 CC=$ac_cv_prog_CC
 if test -n "$CC"; then
-  echo "$as_me:1250: result: $CC" >&5
+  echo "$as_me:1251: result: $CC" >&5
 echo "${ECHO_T}$CC" >&6
 else
-  echo "$as_me:1253: result: no" >&5
+  echo "$as_me:1254: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1263,7 +1264,7 @@ if test -z "$CC"; then
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:1266: checking for $ac_word" >&5
+echo "$as_me:1267: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1278,7 +1279,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_CC="$ac_prog"
-echo "$as_me:1281: found $ac_dir/$ac_word" >&5
+echo "$as_me:1282: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1286,10 +1287,10 @@ fi
 fi
 ac_ct_CC=$ac_cv_prog_ac_ct_CC
 if test -n "$ac_ct_CC"; then
-  echo "$as_me:1289: result: $ac_ct_CC" >&5
+  echo "$as_me:1290: result: $ac_ct_CC" >&5
 echo "${ECHO_T}$ac_ct_CC" >&6
 else
-  echo "$as_me:1292: result: no" >&5
+  echo "$as_me:1293: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1301,32 +1302,32 @@ fi
 
 fi
 
-test -z "$CC" && { { echo "$as_me:1304: error: no acceptable cc found in \$PATH" >&5
+test -z "$CC" && { { echo "$as_me:1305: error: no acceptable cc found in \$PATH" >&5
 echo "$as_me: error: no acceptable cc found in \$PATH" >&2;}
    { (exit 1); exit 1; }; }
 
 # Provide some information about the compiler.
-echo "$as_me:1309:" \
+echo "$as_me:1310:" \
      "checking for C compiler version" >&5
 ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:1312: \"$ac_compiler --version </dev/null >&5\"") >&5
+{ (eval echo "$as_me:1313: \"$ac_compiler --version </dev/null >&5\"") >&5
   (eval $ac_compiler --version </dev/null >&5) 2>&5
   ac_status=$?
-  echo "$as_me:1315: \$? = $ac_status" >&5
+  echo "$as_me:1316: \$? = $ac_status" >&5
   (exit $ac_status); }
-{ (eval echo "$as_me:1317: \"$ac_compiler -v </dev/null >&5\"") >&5
+{ (eval echo "$as_me:1318: \"$ac_compiler -v </dev/null >&5\"") >&5
   (eval $ac_compiler -v </dev/null >&5) 2>&5
   ac_status=$?
-  echo "$as_me:1320: \$? = $ac_status" >&5
+  echo "$as_me:1321: \$? = $ac_status" >&5
   (exit $ac_status); }
-{ (eval echo "$as_me:1322: \"$ac_compiler -V </dev/null >&5\"") >&5
+{ (eval echo "$as_me:1323: \"$ac_compiler -V </dev/null >&5\"") >&5
   (eval $ac_compiler -V </dev/null >&5) 2>&5
   ac_status=$?
-  echo "$as_me:1325: \$? = $ac_status" >&5
+  echo "$as_me:1326: \$? = $ac_status" >&5
   (exit $ac_status); }
 
 cat >conftest.$ac_ext <<_ACEOF
-#line 1329 "configure"
+#line 1330 "configure"
 #include "confdefs.h"
 
 int
@@ -1342,13 +1343,13 @@ ac_clean_files="$ac_clean_files a.out a.exe"
 # Try to create an executable without -o first, disregard a.out.
 # It will help us diagnose broken compilers, and finding out an intuition
 # of exeext.
-echo "$as_me:1345: checking for C compiler default output" >&5
+echo "$as_me:1346: checking for C compiler default output" >&5
 echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6
 ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:1348: \"$ac_link_default\"") >&5
+if { (eval echo "$as_me:1349: \"$ac_link_default\"") >&5
   (eval $ac_link_default) 2>&5
   ac_status=$?
-  echo "$as_me:1351: \$? = $ac_status" >&5
+  echo "$as_me:1352: \$? = $ac_status" >&5
   (exit $ac_status); }; then
   # Find the output, starting from the most likely.  This scheme is
 # not robust to junk in `.', hence go to wildcards (a.*) only as a last
@@ -1371,34 +1372,34 @@ done
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
-{ { echo "$as_me:1374: error: C compiler cannot create executables" >&5
+{ { echo "$as_me:1375: error: C compiler cannot create executables" >&5
 echo "$as_me: error: C compiler cannot create executables" >&2;}
    { (exit 77); exit 77; }; }
 fi
 
 ac_exeext=$ac_cv_exeext
-echo "$as_me:1380: result: $ac_file" >&5
+echo "$as_me:1381: result: $ac_file" >&5
 echo "${ECHO_T}$ac_file" >&6
 
 # Check the compiler produces executables we can run.  If not, either
 # the compiler is broken, or we cross compile.
-echo "$as_me:1385: checking whether the C compiler works" >&5
+echo "$as_me:1386: checking whether the C compiler works" >&5
 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
 # FIXME: These cross compiler hacks should be removed for Autoconf 3.0
 # If not cross compiling, check that we can run a simple program.
 if test "$cross_compiling" != yes; then
   if { ac_try='./$ac_file'
-  { (eval echo "$as_me:1391: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1392: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1394: \$? = $ac_status" >&5
+  echo "$as_me:1395: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
     cross_compiling=no
   else
     if test "$cross_compiling" = maybe; then
         cross_compiling=yes
     else
-        { { echo "$as_me:1401: error: cannot run C compiled programs.
+        { { echo "$as_me:1402: error: cannot run C compiled programs.
 If you meant to cross compile, use \`--host'." >&5
 echo "$as_me: error: cannot run C compiled programs.
 If you meant to cross compile, use \`--host'." >&2;}
@@ -1406,24 +1407,24 @@ If you meant to cross compile, use \`--host'." >&2;}
     fi
   fi
 fi
-echo "$as_me:1409: result: yes" >&5
+echo "$as_me:1410: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 rm -f a.out a.exe conftest$ac_cv_exeext
 ac_clean_files=$ac_clean_files_save
 # Check the compiler produces executables we can run.  If not, either
 # the compiler is broken, or we cross compile.
-echo "$as_me:1416: checking whether we are cross compiling" >&5
+echo "$as_me:1417: checking whether we are cross compiling" >&5
 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:1418: result: $cross_compiling" >&5
+echo "$as_me:1419: result: $cross_compiling" >&5
 echo "${ECHO_T}$cross_compiling" >&6
 
-echo "$as_me:1421: checking for executable suffix" >&5
+echo "$as_me:1422: checking for executable suffix" >&5
 echo $ECHO_N "checking for executable suffix... $ECHO_C" >&6
-if { (eval echo "$as_me:1423: \"$ac_link\"") >&5
+if { (eval echo "$as_me:1424: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:1426: \$? = $ac_status" >&5
+  echo "$as_me:1427: \$? = $ac_status" >&5
   (exit $ac_status); }; then
   # If both `conftest.exe' and `conftest' are `present' (well, observable)
 # catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
@@ -1439,25 +1440,25 @@ for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do
   esac
 done
 else
-  { { echo "$as_me:1442: error: cannot compute EXEEXT: cannot compile and link" >&5
+  { { echo "$as_me:1443: error: cannot compute EXEEXT: cannot compile and link" >&5
 echo "$as_me: error: cannot compute EXEEXT: cannot compile and link" >&2;}
    { (exit 1); exit 1; }; }
 fi
 
 rm -f conftest$ac_cv_exeext
-echo "$as_me:1448: result: $ac_cv_exeext" >&5
+echo "$as_me:1449: result: $ac_cv_exeext" >&5
 echo "${ECHO_T}$ac_cv_exeext" >&6
 
 rm -f conftest.$ac_ext
 EXEEXT=$ac_cv_exeext
 ac_exeext=$EXEEXT
-echo "$as_me:1454: checking for object suffix" >&5
+echo "$as_me:1455: checking for object suffix" >&5
 echo $ECHO_N "checking for object suffix... $ECHO_C" >&6
 if test "${ac_cv_objext+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1460 "configure"
+#line 1461 "configure"
 #include "confdefs.h"
 
 int
@@ -1469,10 +1470,10 @@ main ()
 }
 _ACEOF
 rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:1472: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1473: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1475: \$? = $ac_status" >&5
+  echo "$as_me:1476: \$? = $ac_status" >&5
   (exit $ac_status); }; then
   for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
   case $ac_file in
@@ -1484,24 +1485,24 @@ done
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
-{ { echo "$as_me:1487: error: cannot compute OBJEXT: cannot compile" >&5
+{ { echo "$as_me:1488: error: cannot compute OBJEXT: cannot compile" >&5
 echo "$as_me: error: cannot compute OBJEXT: cannot compile" >&2;}
    { (exit 1); exit 1; }; }
 fi
 
 rm -f conftest.$ac_cv_objext conftest.$ac_ext
 fi
-echo "$as_me:1494: result: $ac_cv_objext" >&5
+echo "$as_me:1495: result: $ac_cv_objext" >&5
 echo "${ECHO_T}$ac_cv_objext" >&6
 OBJEXT=$ac_cv_objext
 ac_objext=$OBJEXT
-echo "$as_me:1498: checking whether we are using the GNU C compiler" >&5
+echo "$as_me:1499: checking whether we are using the GNU C compiler" >&5
 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
 if test "${ac_cv_c_compiler_gnu+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1504 "configure"
+#line 1505 "configure"
 #include "confdefs.h"
 
 int
@@ -1516,16 +1517,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1519: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1520: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1522: \$? = $ac_status" >&5
+  echo "$as_me:1523: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1525: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1526: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1528: \$? = $ac_status" >&5
+  echo "$as_me:1529: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_compiler_gnu=yes
 else
@@ -1537,19 +1538,19 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 ac_cv_c_compiler_gnu=$ac_compiler_gnu
 
 fi
-echo "$as_me:1540: result: $ac_cv_c_compiler_gnu" >&5
+echo "$as_me:1541: result: $ac_cv_c_compiler_gnu" >&5
 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
 GCC=`test $ac_compiler_gnu = yes && echo yes`
 ac_test_CFLAGS=${CFLAGS+set}
 ac_save_CFLAGS=$CFLAGS
 CFLAGS="-g"
-echo "$as_me:1546: checking whether $CC accepts -g" >&5
+echo "$as_me:1547: checking whether $CC accepts -g" >&5
 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
 if test "${ac_cv_prog_cc_g+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1552 "configure"
+#line 1553 "configure"
 #include "confdefs.h"
 
 int
@@ -1561,16 +1562,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1564: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1565: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1567: \$? = $ac_status" >&5
+  echo "$as_me:1568: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1570: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1571: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1573: \$? = $ac_status" >&5
+  echo "$as_me:1574: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_prog_cc_g=yes
 else
@@ -1580,7 +1581,7 @@ ac_cv_prog_cc_g=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:1583: result: $ac_cv_prog_cc_g" >&5
+echo "$as_me:1584: result: $ac_cv_prog_cc_g" >&5
 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
 if test "$ac_test_CFLAGS" = set; then
   CFLAGS=$ac_save_CFLAGS
@@ -1607,16 +1608,16 @@ cat >conftest.$ac_ext <<_ACEOF
 #endif
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1610: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1611: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1613: \$? = $ac_status" >&5
+  echo "$as_me:1614: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1616: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1617: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1619: \$? = $ac_status" >&5
+  echo "$as_me:1620: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   for ac_declaration in \
    ''\
@@ -1628,7 +1629,7 @@ if { (eval echo "$as_me:1610: \"$ac_compile\"") >&5
    'void exit (int);'
 do
   cat >conftest.$ac_ext <<_ACEOF
-#line 1631 "configure"
+#line 1632 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 $ac_declaration
@@ -1641,16 +1642,16 @@ exit (42);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1644: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1645: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1647: \$? = $ac_status" >&5
+  echo "$as_me:1648: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1650: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1651: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1653: \$? = $ac_status" >&5
+  echo "$as_me:1654: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   :
 else
@@ -1660,7 +1661,7 @@ continue
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
   cat >conftest.$ac_ext <<_ACEOF
-#line 1663 "configure"
+#line 1664 "configure"
 #include "confdefs.h"
 $ac_declaration
 int
@@ -1672,16 +1673,16 @@ exit (42);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1675: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1676: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1678: \$? = $ac_status" >&5
+  echo "$as_me:1679: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1681: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1682: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1684: \$? = $ac_status" >&5
+  echo "$as_me:1685: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   break
 else
@@ -1725,7 +1726,7 @@ for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
   fi
 done
 if test -z "$ac_aux_dir"; then
-  { { echo "$as_me:1728: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
+  { { echo "$as_me:1729: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
 echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -1735,11 +1736,11 @@ ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
 
 # Make sure we can run config.sub.
 $ac_config_sub sun4 >/dev/null 2>&1 ||
-  { { echo "$as_me:1738: error: cannot run $ac_config_sub" >&5
+  { { echo "$as_me:1739: error: cannot run $ac_config_sub" >&5
 echo "$as_me: error: cannot run $ac_config_sub" >&2;}
    { (exit 1); exit 1; }; }
 
-echo "$as_me:1742: checking build system type" >&5
+echo "$as_me:1743: checking build system type" >&5
 echo $ECHO_N "checking build system type... $ECHO_C" >&6
 if test "${ac_cv_build+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1748,23 +1749,23 @@ else
 test -z "$ac_cv_build_alias" &&
   ac_cv_build_alias=`$ac_config_guess`
 test -z "$ac_cv_build_alias" &&
-  { { echo "$as_me:1751: error: cannot guess build type; you must specify one" >&5
+  { { echo "$as_me:1752: error: cannot guess build type; you must specify one" >&5
 echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
    { (exit 1); exit 1; }; }
 ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
-  { { echo "$as_me:1755: error: $ac_config_sub $ac_cv_build_alias failed." >&5
+  { { echo "$as_me:1756: error: $ac_config_sub $ac_cv_build_alias failed." >&5
 echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed." >&2;}
    { (exit 1); exit 1; }; }
 
 fi
-echo "$as_me:1760: result: $ac_cv_build" >&5
+echo "$as_me:1761: result: $ac_cv_build" >&5
 echo "${ECHO_T}$ac_cv_build" >&6
 build=$ac_cv_build
 build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
 build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
 build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 
-echo "$as_me:1767: checking host system type" >&5
+echo "$as_me:1768: checking host system type" >&5
 echo $ECHO_N "checking host system type... $ECHO_C" >&6
 if test "${ac_cv_host+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1773,19 +1774,19 @@ else
 test -z "$ac_cv_host_alias" &&
   ac_cv_host_alias=$ac_cv_build_alias
 ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
-  { { echo "$as_me:1776: error: $ac_config_sub $ac_cv_host_alias failed" >&5
+  { { echo "$as_me:1777: error: $ac_config_sub $ac_cv_host_alias failed" >&5
 echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
    { (exit 1); exit 1; }; }
 
 fi
-echo "$as_me:1781: result: $ac_cv_host" >&5
+echo "$as_me:1782: result: $ac_cv_host" >&5
 echo "${ECHO_T}$ac_cv_host" >&6
 host=$ac_cv_host
 host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
 host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
 host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 
-echo "$as_me:1788: checking whether byte ordering is bigendian" >&5
+echo "$as_me:1789: checking whether byte ordering is bigendian" >&5
 echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
 if test "${ac_cv_c_bigendian+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1793,7 +1794,7 @@ else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat >conftest.$ac_ext <<_ACEOF
-#line 1796 "configure"
+#line 1797 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1810,20 +1811,20 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1813: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1814: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1816: \$? = $ac_status" >&5
+  echo "$as_me:1817: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1819: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1820: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1822: \$? = $ac_status" >&5
+  echo "$as_me:1823: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat >conftest.$ac_ext <<_ACEOF
-#line 1826 "configure"
+#line 1827 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1840,16 +1841,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:1843: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:1844: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:1846: \$? = $ac_status" >&5
+  echo "$as_me:1847: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:1849: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1850: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1852: \$? = $ac_status" >&5
+  echo "$as_me:1853: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_c_bigendian=yes
 else
@@ -1865,12 +1866,12 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 if test $ac_cv_c_bigendian = unknown; then
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:1868: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:1869: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 1873 "configure"
+#line 1874 "configure"
 #include "confdefs.h"
 int
 main ()
@@ -1886,15 +1887,15 @@ main ()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:1889: \"$ac_link\"") >&5
+if { (eval echo "$as_me:1890: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:1892: \$? = $ac_status" >&5
+  echo "$as_me:1893: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:1894: \"$ac_try\"") >&5
+  { (eval echo "$as_me:1895: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:1897: \$? = $ac_status" >&5
+  echo "$as_me:1898: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_c_bigendian=no
 else
@@ -1907,7 +1908,7 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 fi
 fi
-echo "$as_me:1910: result: $ac_cv_c_bigendian" >&5
+echo "$as_me:1911: result: $ac_cv_c_bigendian" >&5
 echo "${ECHO_T}$ac_cv_c_bigendian" >&6
 if test $ac_cv_c_bigendian = yes; then
 
@@ -1922,7 +1923,7 @@ for ac_prog in mawk gawk nawk awk
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:1925: checking for $ac_word" >&5
+echo "$as_me:1926: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_AWK+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -1937,7 +1938,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_AWK="$ac_prog"
-echo "$as_me:1940: found $ac_dir/$ac_word" >&5
+echo "$as_me:1941: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -1945,10 +1946,10 @@ fi
 fi
 AWK=$ac_cv_prog_AWK
 if test -n "$AWK"; then
-  echo "$as_me:1948: result: $AWK" >&5
+  echo "$as_me:1949: result: $AWK" >&5
 echo "${ECHO_T}$AWK" >&6
 else
-  echo "$as_me:1951: result: no" >&5
+  echo "$as_me:1952: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -1960,7 +1961,7 @@ ac_cpp='$CPP $CPPFLAGS'
 ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:1963: checking how to run the C preprocessor" >&5
+echo "$as_me:1964: checking how to run the C preprocessor" >&5
 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
@@ -1981,18 +1982,18 @@ do
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp. "Syntax error" is here to catch this case.
   cat >conftest.$ac_ext <<_ACEOF
-#line 1984 "configure"
+#line 1985 "configure"
 #include "confdefs.h"
 #include <assert.h>
                      Syntax error
 _ACEOF
-if { (eval echo "$as_me:1989: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:1990: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:1995: \$? = $ac_status" >&5
+  echo "$as_me:1996: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -2015,17 +2016,17 @@ rm -f conftest.err conftest.$ac_ext
   # OK, works on sane cases.  Now check whether non-existent headers
   # can be detected and how.
   cat >conftest.$ac_ext <<_ACEOF
-#line 2018 "configure"
+#line 2019 "configure"
 #include "confdefs.h"
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:2022: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:2023: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:2028: \$? = $ac_status" >&5
+  echo "$as_me:2029: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -2062,7 +2063,7 @@ fi
 else
   ac_cv_prog_CPP=$CPP
 fi
-echo "$as_me:2065: result: $CPP" >&5
+echo "$as_me:2066: result: $CPP" >&5
 echo "${ECHO_T}$CPP" >&6
 ac_preproc_ok=false
 for ac_c_preproc_warn_flag in '' yes
@@ -2072,18 +2073,18 @@ do
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp. "Syntax error" is here to catch this case.
   cat >conftest.$ac_ext <<_ACEOF
-#line 2075 "configure"
+#line 2076 "configure"
 #include "confdefs.h"
 #include <assert.h>
                      Syntax error
 _ACEOF
-if { (eval echo "$as_me:2080: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:2081: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:2086: \$? = $ac_status" >&5
+  echo "$as_me:2087: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -2106,17 +2107,17 @@ rm -f conftest.err conftest.$ac_ext
   # OK, works on sane cases.  Now check whether non-existent headers
   # can be detected and how.
   cat >conftest.$ac_ext <<_ACEOF
-#line 2109 "configure"
+#line 2110 "configure"
 #include "confdefs.h"
 #include <ac_nonexistent.h>
 _ACEOF
-if { (eval echo "$as_me:2113: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:2114: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:2119: \$? = $ac_status" >&5
+  echo "$as_me:2120: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -2144,7 +2145,7 @@ rm -f conftest.err conftest.$ac_ext
 if $ac_preproc_ok; then
   :
 else
-  { { echo "$as_me:2147: error: C preprocessor \"$CPP\" fails sanity check" >&5
+  { { echo "$as_me:2148: error: C preprocessor \"$CPP\" fails sanity check" >&5
 echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -2158,7 +2159,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 if test -n "$ac_tool_prefix"; then
   # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
 set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:2161: checking for $ac_word" >&5
+echo "$as_me:2162: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2173,7 +2174,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
-echo "$as_me:2176: found $ac_dir/$ac_word" >&5
+echo "$as_me:2177: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -2181,10 +2182,10 @@ fi
 fi
 RANLIB=$ac_cv_prog_RANLIB
 if test -n "$RANLIB"; then
-  echo "$as_me:2184: result: $RANLIB" >&5
+  echo "$as_me:2185: result: $RANLIB" >&5
 echo "${ECHO_T}$RANLIB" >&6
 else
-  echo "$as_me:2187: result: no" >&5
+  echo "$as_me:2188: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2193,7 +2194,7 @@ if test -z "$ac_cv_prog_RANLIB"; then
   ac_ct_RANLIB=$RANLIB
   # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
-echo "$as_me:2196: checking for $ac_word" >&5
+echo "$as_me:2197: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2208,7 +2209,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   $as_executable_p "$ac_dir/$ac_word" || continue
 ac_cv_prog_ac_ct_RANLIB="ranlib"
-echo "$as_me:2211: found $ac_dir/$ac_word" >&5
+echo "$as_me:2212: found $ac_dir/$ac_word" >&5
 break
 done
 
@@ -2217,10 +2218,10 @@ fi
 fi
 ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
 if test -n "$ac_ct_RANLIB"; then
-  echo "$as_me:2220: result: $ac_ct_RANLIB" >&5
+  echo "$as_me:2221: result: $ac_ct_RANLIB" >&5
 echo "${ECHO_T}$ac_ct_RANLIB" >&6
 else
-  echo "$as_me:2223: result: no" >&5
+  echo "$as_me:2224: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2241,7 +2242,7 @@ fi
 # AFS /usr/afsws/bin/install, which mishandles nonexistent args
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:2244: checking for a BSD compatible install" >&5
+echo "$as_me:2245: checking for a BSD compatible install" >&5
 echo $ECHO_N "checking for a BSD compatible install... $ECHO_C" >&6
 if test -z "$INSTALL"; then
 if test "${ac_cv_path_install+set}" = set; then
@@ -2290,7 +2291,7 @@ fi
     INSTALL=$ac_install_sh
   fi
 fi
-echo "$as_me:2293: result: $INSTALL" >&5
+echo "$as_me:2294: result: $INSTALL" >&5
 echo "${ECHO_T}$INSTALL" >&6
 
 # Use test -z because SunOS4 sh mishandles braces in ${var-val}.
@@ -2303,7 +2304,7 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
 
 # Extract the first word of "ar", so it can be a program name with args.
 set dummy ar; ac_word=$2
-echo "$as_me:2306: checking for $ac_word" >&5
+echo "$as_me:2307: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_AR+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2320,7 +2321,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_AR="$ac_dir/$ac_word"
-   echo "$as_me:2323: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2324: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2331,10 +2332,10 @@ fi
 AR=$ac_cv_path_AR
 
 if test -n "$AR"; then
-  echo "$as_me:2334: result: $AR" >&5
+  echo "$as_me:2335: result: $AR" >&5
 echo "${ECHO_T}$AR" >&6
 else
-  echo "$as_me:2337: result: no" >&5
+  echo "$as_me:2338: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2342,7 +2343,7 @@ for ac_prog in perl5 perl
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:2345: checking for $ac_word" >&5
+echo "$as_me:2346: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PERL+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2359,7 +2360,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PERL="$ac_dir/$ac_word"
-   echo "$as_me:2362: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2363: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2370,10 +2371,10 @@ fi
 PERL=$ac_cv_path_PERL
 
 if test -n "$PERL"; then
-  echo "$as_me:2373: result: $PERL" >&5
+  echo "$as_me:2374: result: $PERL" >&5
 echo "${ECHO_T}$PERL" >&6
 else
-  echo "$as_me:2376: result: no" >&5
+  echo "$as_me:2377: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2382,7 +2383,7 @@ done
 
 # Extract the first word of "sed", so it can be a program name with args.
 set dummy sed; ac_word=$2
-echo "$as_me:2385: checking for $ac_word" >&5
+echo "$as_me:2386: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_SED+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2399,7 +2400,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_SED="$ac_dir/$ac_word"
-   echo "$as_me:2402: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2403: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2410,16 +2411,16 @@ fi
 SED=$ac_cv_path_SED
 
 if test -n "$SED"; then
-  echo "$as_me:2413: result: $SED" >&5
+  echo "$as_me:2414: result: $SED" >&5
 echo "${ECHO_T}$SED" >&6
 else
-  echo "$as_me:2416: result: no" >&5
+  echo "$as_me:2417: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 # Extract the first word of "ent", so it can be a program name with args.
 set dummy ent; ac_word=$2
-echo "$as_me:2422: checking for $ac_word" >&5
+echo "$as_me:2423: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_ENT+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2436,7 +2437,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_ENT="$ac_dir/$ac_word"
-   echo "$as_me:2439: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2440: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2447,16 +2448,16 @@ fi
 ENT=$ac_cv_path_ENT
 
 if test -n "$ENT"; then
-  echo "$as_me:2450: result: $ENT" >&5
+  echo "$as_me:2451: result: $ENT" >&5
 echo "${ECHO_T}$ENT" >&6
 else
-  echo "$as_me:2453: result: no" >&5
+  echo "$as_me:2454: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 # Extract the first word of "bash", so it can be a program name with args.
 set dummy bash; ac_word=$2
-echo "$as_me:2459: checking for $ac_word" >&5
+echo "$as_me:2460: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2473,7 +2474,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_TEST_MINUS_S_SH="$ac_dir/$ac_word"
-   echo "$as_me:2476: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2477: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2484,16 +2485,16 @@ fi
 TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
 
 if test -n "$TEST_MINUS_S_SH"; then
-  echo "$as_me:2487: result: $TEST_MINUS_S_SH" >&5
+  echo "$as_me:2488: result: $TEST_MINUS_S_SH" >&5
 echo "${ECHO_T}$TEST_MINUS_S_SH" >&6
 else
-  echo "$as_me:2490: result: no" >&5
+  echo "$as_me:2491: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 # Extract the first word of "ksh", so it can be a program name with args.
 set dummy ksh; ac_word=$2
-echo "$as_me:2496: checking for $ac_word" >&5
+echo "$as_me:2497: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2510,7 +2511,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_TEST_MINUS_S_SH="$ac_dir/$ac_word"
-   echo "$as_me:2513: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2514: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2521,16 +2522,16 @@ fi
 TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
 
 if test -n "$TEST_MINUS_S_SH"; then
-  echo "$as_me:2524: result: $TEST_MINUS_S_SH" >&5
+  echo "$as_me:2525: result: $TEST_MINUS_S_SH" >&5
 echo "${ECHO_T}$TEST_MINUS_S_SH" >&6
 else
-  echo "$as_me:2527: result: no" >&5
+  echo "$as_me:2528: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 # Extract the first word of "sh", so it can be a program name with args.
 set dummy sh; ac_word=$2
-echo "$as_me:2533: checking for $ac_word" >&5
+echo "$as_me:2534: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2547,7 +2548,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_TEST_MINUS_S_SH="$ac_dir/$ac_word"
-   echo "$as_me:2550: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2551: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2558,16 +2559,16 @@ fi
 TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
 
 if test -n "$TEST_MINUS_S_SH"; then
-  echo "$as_me:2561: result: $TEST_MINUS_S_SH" >&5
+  echo "$as_me:2562: result: $TEST_MINUS_S_SH" >&5
 echo "${ECHO_T}$TEST_MINUS_S_SH" >&6
 else
-  echo "$as_me:2564: result: no" >&5
+  echo "$as_me:2565: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
 # Extract the first word of "sh", so it can be a program name with args.
 set dummy sh; ac_word=$2
-echo "$as_me:2570: checking for $ac_word" >&5
+echo "$as_me:2571: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_SH+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2584,7 +2585,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_SH="$ac_dir/$ac_word"
-   echo "$as_me:2587: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2588: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2595,10 +2596,10 @@ fi
 SH=$ac_cv_path_SH
 
 if test -n "$SH"; then
-  echo "$as_me:2598: result: $SH" >&5
+  echo "$as_me:2599: result: $SH" >&5
 echo "${ECHO_T}$SH" >&6
 else
-  echo "$as_me:2601: result: no" >&5
+  echo "$as_me:2602: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2610,7 +2611,7 @@ if test "${enable_largefile+set}" = set; then
 fi;
 if test "$enable_largefile" != no; then
 
-  echo "$as_me:2613: checking for special C compiler options needed for large files" >&5
+  echo "$as_me:2614: checking for special C compiler options needed for large files" >&5
 echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6
 if test "${ac_cv_sys_largefile_CC+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2622,7 +2623,7 @@ else
          # IRIX 6.2 and later do not support large files by default,
          # so use the C compiler's -n32 option if that helps.
          cat >conftest.$ac_ext <<_ACEOF
-#line 2625 "configure"
+#line 2626 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  /* Check that off_t can represent 2**63 - 1 correctly.
@@ -2642,16 +2643,16 @@ main ()
 }
 _ACEOF
          rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2645: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:2646: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:2648: \$? = $ac_status" >&5
+  echo "$as_me:2649: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2651: \"$ac_try\"") >&5
+  { (eval echo "$as_me:2652: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:2654: \$? = $ac_status" >&5
+  echo "$as_me:2655: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   break
 else
@@ -2661,16 +2662,16 @@ fi
 rm -f conftest.$ac_objext
          CC="$CC -n32"
          rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2664: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:2665: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:2667: \$? = $ac_status" >&5
+  echo "$as_me:2668: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2670: \"$ac_try\"") >&5
+  { (eval echo "$as_me:2671: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:2673: \$? = $ac_status" >&5
+  echo "$as_me:2674: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sys_largefile_CC=' -n32'; break
 else
@@ -2684,13 +2685,13 @@ rm -f conftest.$ac_objext
        rm -f conftest.$ac_ext
     fi
 fi
-echo "$as_me:2687: result: $ac_cv_sys_largefile_CC" >&5
+echo "$as_me:2688: result: $ac_cv_sys_largefile_CC" >&5
 echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6
   if test "$ac_cv_sys_largefile_CC" != no; then
     CC=$CC$ac_cv_sys_largefile_CC
   fi
 
-  echo "$as_me:2693: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+  echo "$as_me:2694: checking for _FILE_OFFSET_BITS value needed for large files" >&5
 echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6
 if test "${ac_cv_sys_file_offset_bits+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2698,7 +2699,7 @@ else
   while :; do
   ac_cv_sys_file_offset_bits=no
   cat >conftest.$ac_ext <<_ACEOF
-#line 2701 "configure"
+#line 2702 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  /* Check that off_t can represent 2**63 - 1 correctly.
@@ -2718,16 +2719,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2721: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:2722: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:2724: \$? = $ac_status" >&5
+  echo "$as_me:2725: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2727: \"$ac_try\"") >&5
+  { (eval echo "$as_me:2728: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:2730: \$? = $ac_status" >&5
+  echo "$as_me:2731: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   break
 else
@@ -2736,7 +2737,7 @@ cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
   cat >conftest.$ac_ext <<_ACEOF
-#line 2739 "configure"
+#line 2740 "configure"
 #include "confdefs.h"
 #define _FILE_OFFSET_BITS 64
 #include <sys/types.h>
@@ -2757,16 +2758,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2760: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:2761: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:2763: \$? = $ac_status" >&5
+  echo "$as_me:2764: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2766: \"$ac_try\"") >&5
+  { (eval echo "$as_me:2767: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:2769: \$? = $ac_status" >&5
+  echo "$as_me:2770: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sys_file_offset_bits=64; break
 else
@@ -2777,7 +2778,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
   break
 done
 fi
-echo "$as_me:2780: result: $ac_cv_sys_file_offset_bits" >&5
+echo "$as_me:2781: result: $ac_cv_sys_file_offset_bits" >&5
 echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6
 if test "$ac_cv_sys_file_offset_bits" != no; then
 
@@ -2787,7 +2788,7 @@ EOF
 
 fi
 rm -f conftest*
-  echo "$as_me:2790: checking for _LARGE_FILES value needed for large files" >&5
+  echo "$as_me:2791: checking for _LARGE_FILES value needed for large files" >&5
 echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6
 if test "${ac_cv_sys_large_files+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2795,7 +2796,7 @@ else
   while :; do
   ac_cv_sys_large_files=no
   cat >conftest.$ac_ext <<_ACEOF
-#line 2798 "configure"
+#line 2799 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
  /* Check that off_t can represent 2**63 - 1 correctly.
@@ -2815,16 +2816,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2818: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:2819: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:2821: \$? = $ac_status" >&5
+  echo "$as_me:2822: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2824: \"$ac_try\"") >&5
+  { (eval echo "$as_me:2825: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:2827: \$? = $ac_status" >&5
+  echo "$as_me:2828: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   break
 else
@@ -2833,7 +2834,7 @@ cat conftest.$ac_ext >&5
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
   cat >conftest.$ac_ext <<_ACEOF
-#line 2836 "configure"
+#line 2837 "configure"
 #include "confdefs.h"
 #define _LARGE_FILES 1
 #include <sys/types.h>
@@ -2854,16 +2855,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:2857: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:2858: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:2860: \$? = $ac_status" >&5
+  echo "$as_me:2861: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:2863: \"$ac_try\"") >&5
+  { (eval echo "$as_me:2864: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:2866: \$? = $ac_status" >&5
+  echo "$as_me:2867: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sys_large_files=1; break
 else
@@ -2874,7 +2875,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
   break
 done
 fi
-echo "$as_me:2877: result: $ac_cv_sys_large_files" >&5
+echo "$as_me:2878: result: $ac_cv_sys_large_files" >&5
 echo "${ECHO_T}$ac_cv_sys_large_files" >&6
 if test "$ac_cv_sys_large_files" != no; then
 
@@ -2887,7 +2888,7 @@ rm -f conftest*
 fi
 
 if test -z "$AR" ; then
-        { { echo "$as_me:2890: error: *** 'ar' missing, please install or fix your \$PATH ***" >&5
+        { { echo "$as_me:2891: error: *** 'ar' missing, please install or fix your \$PATH ***" >&5
 echo "$as_me: error: *** 'ar' missing, please install or fix your \$PATH ***" >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -2902,7 +2903,7 @@ else
         # Search for login
         # Extract the first word of "login", so it can be a program name with args.
 set dummy login; ac_word=$2
-echo "$as_me:2905: checking for $ac_word" >&5
+echo "$as_me:2906: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_LOGIN_PROGRAM_FALLBACK+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2919,7 +2920,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_LOGIN_PROGRAM_FALLBACK="$ac_dir/$ac_word"
-   echo "$as_me:2922: found $ac_dir/$ac_word" >&5
+   echo "$as_me:2923: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -2930,10 +2931,10 @@ fi
 LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK
 
 if test -n "$LOGIN_PROGRAM_FALLBACK"; then
-  echo "$as_me:2933: result: $LOGIN_PROGRAM_FALLBACK" >&5
+  echo "$as_me:2934: result: $LOGIN_PROGRAM_FALLBACK" >&5
 echo "${ECHO_T}$LOGIN_PROGRAM_FALLBACK" >&6
 else
-  echo "$as_me:2936: result: no" >&5
+  echo "$as_me:2937: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -2945,11 +2946,55 @@ EOF
         fi
 fi
 
+# Extract the first word of "passwd", so it can be a program name with args.
+set dummy passwd; ac_word=$2
+echo "$as_me:2951: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_PATH_PASSWD_PROG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $PATH_PASSWD_PROG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path.
+  ;;
+  *)
+  ac_save_IFS=$IFS; IFS=$ac_path_separator
+ac_dummy="$PATH"
+for ac_dir in $ac_dummy; do
+  IFS=$ac_save_IFS
+  test -z "$ac_dir" && ac_dir=.
+  if $as_executable_p "$ac_dir/$ac_word"; then
+   ac_cv_path_PATH_PASSWD_PROG="$ac_dir/$ac_word"
+   echo "$as_me:2968: found $ac_dir/$ac_word" >&5
+   break
+fi
+done
+
+  ;;
+esac
+fi
+PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG
+
+if test -n "$PATH_PASSWD_PROG"; then
+  echo "$as_me:2979: result: $PATH_PASSWD_PROG" >&5
+echo "${ECHO_T}$PATH_PASSWD_PROG" >&6
+else
+  echo "$as_me:2982: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+if test ! -z "$PATH_PASSWD_PROG" ; then
+        cat >>confdefs.h <<EOF
+#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG"
+EOF
+
+fi
+
 if test -z "$LD" ; then
         LD=$CC
 fi
 
-echo "$as_me:2952: checking for $CC option to accept ANSI C" >&5
+echo "$as_me:2997: checking for $CC option to accept ANSI C" >&5
 echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
 if test "${ac_cv_prog_cc_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -2957,7 +3002,7 @@ else
   ac_cv_prog_cc_stdc=no
 ac_save_CC=$CC
 cat >conftest.$ac_ext <<_ACEOF
-#line 2960 "configure"
+#line 3005 "configure"
 #include "confdefs.h"
 #include <stdarg.h>
 #include <stdio.h>
@@ -3006,16 +3051,16 @@ for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIO
 do
   CC="$ac_save_CC $ac_arg"
   rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3009: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:3054: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:3012: \$? = $ac_status" >&5
+  echo "$as_me:3057: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3015: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3060: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3018: \$? = $ac_status" >&5
+  echo "$as_me:3063: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_prog_cc_stdc=$ac_arg
 break
@@ -3032,15 +3077,15 @@ fi
 
 case "x$ac_cv_prog_cc_stdc" in
   x|xno)
-    echo "$as_me:3035: result: none needed" >&5
+    echo "$as_me:3080: result: none needed" >&5
 echo "${ECHO_T}none needed" >&6 ;;
   *)
-    echo "$as_me:3038: result: $ac_cv_prog_cc_stdc" >&5
+    echo "$as_me:3083: result: $ac_cv_prog_cc_stdc" >&5
 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
     CC="$CC $ac_cv_prog_cc_stdc" ;;
 esac
 
-echo "$as_me:3043: checking for inline" >&5
+echo "$as_me:3088: checking for inline" >&5
 echo $ECHO_N "checking for inline... $ECHO_C" >&6
 if test "${ac_cv_c_inline+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3048,7 +3093,7 @@ else
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat >conftest.$ac_ext <<_ACEOF
-#line 3051 "configure"
+#line 3096 "configure"
 #include "confdefs.h"
 #ifndef __cplusplus
 static $ac_kw int static_foo () {return 0; }
@@ -3057,16 +3102,16 @@ $ac_kw int foo () {return 0; }
 
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3060: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:3105: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:3063: \$? = $ac_status" >&5
+  echo "$as_me:3108: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3066: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3111: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3069: \$? = $ac_status" >&5
+  echo "$as_me:3114: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_c_inline=$ac_kw; break
 else
@@ -3077,7 +3122,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 done
 
 fi
-echo "$as_me:3080: result: $ac_cv_c_inline" >&5
+echo "$as_me:3125: result: $ac_cv_c_inline" >&5
 echo "${ECHO_T}$ac_cv_c_inline" >&6
 case $ac_cv_c_inline in
   inline | yes) ;;
@@ -3096,22 +3141,33 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
         CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
 fi
 
+# Check whether --with-rpath or --without-rpath was given.
+if test "${with_rpath+set}" = set; then
+  withval="$with_rpath"
+
+                if test "x$withval" = "xno" ; then
+                        need_dash_r=""
+                fi
+                if test "x$withval" = "xyes" ; then
+                        need_dash_r=1
+                fi
+
+fi;
+
 # Check for some target-specific stuff
 case "$host" in
 *-*-aix*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
-        echo "$as_me:3104: checking how to specify blibpath for linker ($LD)" >&5
+        echo "$as_me:3160: checking how to specify blibpath for linker ($LD)" >&5
 echo $ECHO_N "checking how to specify blibpath for linker ($LD)... $ECHO_C" >&6
         if (test -z "$blibpath"); then
-                blibpath="/usr/lib:/lib:/usr/local/lib"
+                blibpath="/usr/lib:/lib"
         fi
         saved_LDFLAGS="$LDFLAGS"
         for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
                 if (test -z "$blibflags"); then
                         LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
                         cat >conftest.$ac_ext <<_ACEOF
-#line 3114 "configure"
+#line 3170 "configure"
 #include "confdefs.h"
 
 int
@@ -3123,16 +3179,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3126: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3182: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3129: \$? = $ac_status" >&5
+  echo "$as_me:3185: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3132: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3188: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3135: \$? = $ac_status" >&5
+  echo "$as_me:3191: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   blibflags=$tryflags
 else
@@ -3143,23 +3199,23 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
                 fi
         done
         if (test -z "$blibflags"); then
-                echo "$as_me:3146: result: not found" >&5
+                echo "$as_me:3202: result: not found" >&5
 echo "${ECHO_T}not found" >&6
-                { { echo "$as_me:3148: error: *** must be able to specify blibpath on AIX - check config.log" >&5
+                { { echo "$as_me:3204: error: *** must be able to specify blibpath on AIX - check config.log" >&5
 echo "$as_me: error: *** must be able to specify blibpath on AIX - check config.log" >&2;}
    { (exit 1); exit 1; }; }
         else
-                echo "$as_me:3152: result: $blibflags" >&5
+                echo "$as_me:3208: result: $blibflags" >&5
 echo "${ECHO_T}$blibflags" >&6
         fi
         LDFLAGS="$saved_LDFLAGS"
-                echo "$as_me:3156: checking for authenticate" >&5
+                echo "$as_me:3212: checking for authenticate" >&5
 echo $ECHO_N "checking for authenticate... $ECHO_C" >&6
 if test "${ac_cv_func_authenticate+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 3162 "configure"
+#line 3218 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char authenticate (); below.  */
@@ -3190,16 +3246,16 @@ f = authenticate;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3193: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3249: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3196: \$? = $ac_status" >&5
+  echo "$as_me:3252: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3199: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3255: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3202: \$? = $ac_status" >&5
+  echo "$as_me:3258: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_authenticate=yes
 else
@@ -3209,7 +3265,7 @@ ac_cv_func_authenticate=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:3212: result: $ac_cv_func_authenticate" >&5
+echo "$as_me:3268: result: $ac_cv_func_authenticate" >&5
 echo "${ECHO_T}$ac_cv_func_authenticate" >&6
 if test $ac_cv_func_authenticate = yes; then
   cat >>confdefs.h <<\EOF
@@ -3217,7 +3273,7 @@ if test $ac_cv_func_authenticate = yes; then
 EOF
 
 else
-  echo "$as_me:3220: checking for authenticate in -ls" >&5
+  echo "$as_me:3276: checking for authenticate in -ls" >&5
 echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6
 if test "${ac_cv_lib_s_authenticate+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3225,7 +3281,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-ls  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 3228 "configure"
+#line 3284 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -3244,16 +3300,16 @@ authenticate ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3247: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3303: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3250: \$? = $ac_status" >&5
+  echo "$as_me:3306: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3253: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3309: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3256: \$? = $ac_status" >&5
+  echo "$as_me:3312: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_s_authenticate=yes
 else
@@ -3264,7 +3320,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:3267: result: $ac_cv_lib_s_authenticate" >&5
+echo "$as_me:3323: result: $ac_cv_lib_s_authenticate" >&5
 echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6
 if test $ac_cv_lib_s_authenticate = yes; then
    cat >>confdefs.h <<\EOF
@@ -3277,13 +3333,13 @@ fi
 
 fi
 
-                echo "$as_me:3280: checking whether loginfailed is declared" >&5
+                echo "$as_me:3336: checking whether loginfailed is declared" >&5
 echo $ECHO_N "checking whether loginfailed is declared... $ECHO_C" >&6
 if test "${ac_cv_have_decl_loginfailed+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 3286 "configure"
+#line 3342 "configure"
 #include "confdefs.h"
 #include <usersec.h>
 
@@ -3299,16 +3355,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3302: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:3358: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:3305: \$? = $ac_status" >&5
+  echo "$as_me:3361: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3308: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3364: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3311: \$? = $ac_status" >&5
+  echo "$as_me:3367: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_have_decl_loginfailed=yes
 else
@@ -3318,13 +3374,13 @@ ac_cv_have_decl_loginfailed=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:3321: result: $ac_cv_have_decl_loginfailed" >&5
+echo "$as_me:3377: result: $ac_cv_have_decl_loginfailed" >&5
 echo "${ECHO_T}$ac_cv_have_decl_loginfailed" >&6
 if test $ac_cv_have_decl_loginfailed = yes; then
-  echo "$as_me:3324: checking if loginfailed takes 4 arguments" >&5
+  echo "$as_me:3380: checking if loginfailed takes 4 arguments" >&5
 echo $ECHO_N "checking if loginfailed takes 4 arguments... $ECHO_C" >&6
                   cat >conftest.$ac_ext <<_ACEOF
-#line 3327 "configure"
+#line 3383 "configure"
 #include "confdefs.h"
 #include <usersec.h>
 int
@@ -3336,18 +3392,18 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:3339: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:3395: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:3342: \$? = $ac_status" >&5
+  echo "$as_me:3398: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:3345: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3401: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3348: \$? = $ac_status" >&5
+  echo "$as_me:3404: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:3350: result: yes" >&5
+  echo "$as_me:3406: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                          cat >>confdefs.h <<\EOF
 #define AIX_LOGINFAILED_4ARG 1
@@ -3356,7 +3412,7 @@ EOF
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
-echo "$as_me:3359: result: no" >&5
+echo "$as_me:3415: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
@@ -3366,13 +3422,13 @@ fi
 for ac_func in setauthdb
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:3369: checking for $ac_func" >&5
+echo "$as_me:3425: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 3375 "configure"
+#line 3431 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -3403,16 +3459,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3406: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3462: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3409: \$? = $ac_status" >&5
+  echo "$as_me:3465: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3412: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3468: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3415: \$? = $ac_status" >&5
+  echo "$as_me:3471: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -3422,7 +3478,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:3425: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:3481: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -3506,16 +3562,28 @@ EOF
 #define IP_TOS_IS_BROKEN 1
 EOF
 
+        cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
         ;;
 *-*-darwin*)
-        echo "$as_me:3511: checking if we have working getaddrinfo" >&5
+        echo "$as_me:3579: checking if we have working getaddrinfo" >&5
 echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6
         if test "$cross_compiling" = yes; then
-  echo "$as_me:3514: result: assume it is working" >&5
+  echo "$as_me:3582: result: assume it is working" >&5
 echo "${ECHO_T}assume it is working" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 3518 "configure"
+#line 3586 "configure"
 #include "confdefs.h"
 #include <mach-o/dyld.h>
 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -3525,23 +3593,23 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:3528: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3596: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3531: \$? = $ac_status" >&5
+  echo "$as_me:3599: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:3533: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3601: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3536: \$? = $ac_status" >&5
+  echo "$as_me:3604: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:3538: result: working" >&5
+  echo "$as_me:3606: result: working" >&5
 echo "${ECHO_T}working" >&6
 else
   echo "$as_me: program exited with status $ac_status" >&5
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
-echo "$as_me:3544: result: buggy" >&5
+echo "$as_me:3612: result: buggy" >&5
 echo "${ECHO_T}buggy" >&6
         cat >>confdefs.h <<\EOF
 #define BROKEN_GETADDRINFO 1
@@ -3550,6 +3618,22 @@ EOF
 fi
 rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
+        cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<EOF
+#define BIND_8_COMPAT 1
+EOF
+
         ;;
 *-*-hpux10.26)
         if test -z "$GCC"; then
@@ -3574,14 +3658,6 @@ EOF
 EOF
 
         cat >>confdefs.h <<\EOF
-#define DISABLE_SHADOW 1
-EOF
-
-        cat >>confdefs.h <<\EOF
-#define DISABLE_UTMP 1
-EOF
-
-        cat >>confdefs.h <<\EOF
 #define LOCKED_PASSWD_STRING "*"
 EOF
 
@@ -3591,7 +3667,7 @@ EOF
 
         LIBS="$LIBS -lsec -lsecpw"
 
-echo "$as_me:3594: checking for t_error in -lxnet" >&5
+echo "$as_me:3670: checking for t_error in -lxnet" >&5
 echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
 if test "${ac_cv_lib_xnet_t_error+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3599,7 +3675,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lxnet  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 3602 "configure"
+#line 3678 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -3618,16 +3694,16 @@ t_error ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3621: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3697: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3624: \$? = $ac_status" >&5
+  echo "$as_me:3700: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3627: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3703: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3630: \$? = $ac_status" >&5
+  echo "$as_me:3706: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_xnet_t_error=yes
 else
@@ -3638,7 +3714,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:3641: result: $ac_cv_lib_xnet_t_error" >&5
+echo "$as_me:3717: result: $ac_cv_lib_xnet_t_error" >&5
 echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
 if test $ac_cv_lib_xnet_t_error = yes; then
   cat >>confdefs.h <<EOF
@@ -3648,7 +3724,7 @@ EOF
   LIBS="-lxnet $LIBS"
 
 else
-  { { echo "$as_me:3651: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
+  { { echo "$as_me:3727: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
 echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -3674,14 +3750,6 @@ EOF
 EOF
 
         cat >>confdefs.h <<\EOF
-#define DISABLE_SHADOW 1
-EOF
-
-        cat >>confdefs.h <<\EOF
-#define DISABLE_UTMP 1
-EOF
-
-        cat >>confdefs.h <<\EOF
 #define LOCKED_PASSWD_STRING "*"
 EOF
 
@@ -3691,7 +3759,7 @@ EOF
 
         LIBS="$LIBS -lsec"
 
-echo "$as_me:3694: checking for t_error in -lxnet" >&5
+echo "$as_me:3762: checking for t_error in -lxnet" >&5
 echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
 if test "${ac_cv_lib_xnet_t_error+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3699,7 +3767,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lxnet  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 3702 "configure"
+#line 3770 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -3718,16 +3786,16 @@ t_error ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3721: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3789: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3724: \$? = $ac_status" >&5
+  echo "$as_me:3792: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3727: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3795: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3730: \$? = $ac_status" >&5
+  echo "$as_me:3798: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_xnet_t_error=yes
 else
@@ -3738,7 +3806,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:3741: result: $ac_cv_lib_xnet_t_error" >&5
+echo "$as_me:3809: result: $ac_cv_lib_xnet_t_error" >&5
 echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
 if test $ac_cv_lib_xnet_t_error = yes; then
   cat >>confdefs.h <<EOF
@@ -3748,7 +3816,7 @@ EOF
   LIBS="-lxnet $LIBS"
 
 else
-  { { echo "$as_me:3751: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
+  { { echo "$as_me:3819: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
 echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -3774,10 +3842,6 @@ EOF
 EOF
 
         cat >>confdefs.h <<\EOF
-#define DISABLE_SHADOW 1
-EOF
-
-        cat >>confdefs.h <<\EOF
 #define DISABLE_UTMP 1
 EOF
 
@@ -3789,9 +3853,16 @@ EOF
 #define SPT_TYPE SPT_PSTAT
 EOF
 
+        case "$host" in
+        *-*-hpux11.11*)
+                cat >>confdefs.h <<\EOF
+#define BROKEN_GETADDRINFO 1
+EOF
+;;
+        esac
         LIBS="$LIBS -lsec"
 
-echo "$as_me:3794: checking for t_error in -lxnet" >&5
+echo "$as_me:3865: checking for t_error in -lxnet" >&5
 echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
 if test "${ac_cv_lib_xnet_t_error+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -3799,7 +3870,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lxnet  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 3802 "configure"
+#line 3873 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -3818,16 +3889,16 @@ t_error ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3821: \"$ac_link\"") >&5
+if { (eval echo "$as_me:3892: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3824: \$? = $ac_status" >&5
+  echo "$as_me:3895: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3827: \"$ac_try\"") >&5
+  { (eval echo "$as_me:3898: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3830: \$? = $ac_status" >&5
+  echo "$as_me:3901: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_xnet_t_error=yes
 else
@@ -3838,7 +3909,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:3841: result: $ac_cv_lib_xnet_t_error" >&5
+echo "$as_me:3912: result: $ac_cv_lib_xnet_t_error" >&5
 echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
 if test $ac_cv_lib_xnet_t_error = yes; then
   cat >>confdefs.h <<EOF
@@ -3848,21 +3919,31 @@ EOF
   LIBS="-lxnet $LIBS"
 
 else
-  { { echo "$as_me:3851: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
+  { { echo "$as_me:3922: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
 echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
    { (exit 1); exit 1; }; }
 fi
 
         ;;
 *-*-irix5*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS"
         PATH="$PATH:/usr/etc"
         cat >>confdefs.h <<\EOF
 #define BROKEN_INET_NTOA 1
 EOF
 
         cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
 #define WITH_ABBREV_NO_TTY 1
 EOF
 
@@ -3872,8 +3953,6 @@ EOF
 
         ;;
 *-*-irix6*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS"
         PATH="$PATH:/usr/etc"
         cat >>confdefs.h <<\EOF
 #define WITH_IRIX_ARRAY 1
@@ -3887,13 +3966,13 @@ EOF
 #define WITH_IRIX_AUDIT 1
 EOF
 
-        echo "$as_me:3890: checking for jlimit_startjob" >&5
+        echo "$as_me:3969: checking for jlimit_startjob" >&5
 echo $ECHO_N "checking for jlimit_startjob... $ECHO_C" >&6
 if test "${ac_cv_func_jlimit_startjob+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 3896 "configure"
+#line 3975 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char jlimit_startjob (); below.  */
@@ -3924,16 +4003,16 @@ f = jlimit_startjob;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:3927: \"$ac_link\"") >&5
+if { (eval echo "$as_me:4006: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:3930: \$? = $ac_status" >&5
+  echo "$as_me:4009: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:3933: \"$ac_try\"") >&5
+  { (eval echo "$as_me:4012: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:3936: \$? = $ac_status" >&5
+  echo "$as_me:4015: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_jlimit_startjob=yes
 else
@@ -3943,7 +4022,7 @@ ac_cv_func_jlimit_startjob=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:3946: result: $ac_cv_func_jlimit_startjob" >&5
+echo "$as_me:4025: result: $ac_cv_func_jlimit_startjob" >&5
 echo "${ECHO_T}$ac_cv_func_jlimit_startjob" >&6
 if test $ac_cv_func_jlimit_startjob = yes; then
   cat >>confdefs.h <<\EOF
@@ -3957,6 +4036,18 @@ fi
 EOF
 
         cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
 #define WITH_ABBREV_NO_TTY 1
 EOF
 
@@ -4004,11 +4095,27 @@ EOF
         ;;
 *-*-netbsd*)
         check_for_libcrypt_before=1
-        need_dash_r=1
+        if test "x$withval" != "xno" ; then
+                need_dash_r=1
+        fi
         ;;
 *-*-freebsd*)
         check_for_libcrypt_later=1
         ;;
+*-*-bsdi*)
+        cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        ;;
 *-next-*)
         conf_lastlog_location="/usr/adm/lastlog"
         conf_utmp_location=/etc/utmp
@@ -4030,13 +4137,8 @@ EOF
 #define BROKEN_SAVED_UIDS 1
 EOF
 
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        CFLAGS="$CFLAGS"
         ;;
 *-*-solaris*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
-        need_dash_r=1
         cat >>confdefs.h <<\EOF
 #define PAM_SUN_CODEBASE 1
 EOF
@@ -4065,11 +4167,11 @@ EOF
         external_path_file=/etc/default/login
         # hardwire lastlog location (can't detect it on some versions)
         conf_lastlog_location="/var/adm/lastlog"
-        echo "$as_me:4068: checking for obsolete utmp and wtmp in solaris2.x" >&5
+        echo "$as_me:4170: checking for obsolete utmp and wtmp in solaris2.x" >&5
 echo $ECHO_N "checking for obsolete utmp and wtmp in solaris2.x... $ECHO_C" >&6
         sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'`
         if test "$sol2ver" -ge 8; then
-                echo "$as_me:4072: result: yes" >&5
+                echo "$as_me:4174: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                 cat >>confdefs.h <<\EOF
 #define DISABLE_UTMP 1
@@ -4080,7 +4182,7 @@ EOF
 EOF
 
         else
-                echo "$as_me:4083: result: no" >&5
+                echo "$as_me:4185: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
         ;;
@@ -4090,13 +4192,13 @@ echo "${ECHO_T}no" >&6
 for ac_func in getpwanam
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:4093: checking for $ac_func" >&5
+echo "$as_me:4195: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4099 "configure"
+#line 4201 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -4127,16 +4229,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4130: \"$ac_link\"") >&5
+if { (eval echo "$as_me:4232: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4133: \$? = $ac_status" >&5
+  echo "$as_me:4235: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4136: \"$ac_try\"") >&5
+  { (eval echo "$as_me:4238: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4139: \$? = $ac_status" >&5
+  echo "$as_me:4241: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -4146,7 +4248,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4149: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:4251: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4169,8 +4271,6 @@ EOF
 
         ;;
 *-ncr-sysv*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         LIBS="$LIBS -lc89"
         cat >>confdefs.h <<\EOF
 #define USE_PIPES 1
@@ -4180,11 +4280,80 @@ EOF
 #define SSHD_ACQUIRES_CTTY 1
 EOF
 
+        cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
         ;;
 *-sni-sysv*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
         # /usr/ucblib MUST NOT be searched on ReliantUNIX
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
+
+echo "$as_me:4299: checking for dlsym in -ldl" >&5
+echo $ECHO_N "checking for dlsym in -ldl... $ECHO_C" >&6
+if test "${ac_cv_lib_dl_dlsym+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+#line 4307 "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char dlsym ();
+int
+main ()
+{
+dlsym ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:4326: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:4329: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:4332: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:4335: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_dl_dlsym=yes
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ac_cv_lib_dl_dlsym=no
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:4346: result: $ac_cv_lib_dl_dlsym" >&5
+echo "${ECHO_T}$ac_cv_lib_dl_dlsym" >&6
+if test $ac_cv_lib_dl_dlsym = yes; then
+  cat >>confdefs.h <<EOF
+#define HAVE_LIBDL 1
+EOF
+
+  LIBS="-ldl $LIBS"
+
+fi
+
         IPADDR_IN_DISPLAY=yes
         cat >>confdefs.h <<\EOF
 #define USE_PIPES 1
@@ -4195,6 +4364,18 @@ EOF
 EOF
 
         cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
 #define SSHD_ACQUIRES_CTTY 1
 EOF
 
@@ -4204,8 +4385,6 @@ EOF
         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
         ;;
 *-*-sysv4.2*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         cat >>confdefs.h <<\EOF
 #define USE_PIPES 1
 EOF
@@ -4224,8 +4403,6 @@ EOF
 
         ;;
 *-*-sysv5*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         cat >>confdefs.h <<\EOF
 #define USE_PIPES 1
 EOF
@@ -4244,13 +4421,10 @@ EOF
 
         ;;
 *-*-sysv*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         ;;
 *-*-sco3.2v4*)
-        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
-        LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
+        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
+        LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
         RANLIB=true
         no_dev_ptmx=1
         cat >>confdefs.h <<\EOF
@@ -4280,13 +4454,13 @@ EOF
 for ac_func in getluid setluid
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:4283: checking for $ac_func" >&5
+echo "$as_me:4457: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4289 "configure"
+#line 4463 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -4317,16 +4491,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4320: \"$ac_link\"") >&5
+if { (eval echo "$as_me:4494: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4323: \$? = $ac_status" >&5
+  echo "$as_me:4497: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4326: \"$ac_try\"") >&5
+  { (eval echo "$as_me:4500: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4329: \$? = $ac_status" >&5
+  echo "$as_me:4503: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -4336,7 +4510,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4339: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:4513: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4353,8 +4527,6 @@ done
         if test -z "$GCC"; then
                 CFLAGS="$CFLAGS -belf"
         fi
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         LIBS="$LIBS -lprot -lx -ltinfo -lm"
         no_dev_ptmx=1
         cat >>confdefs.h <<\EOF
@@ -4392,13 +4564,13 @@ EOF
 for ac_func in getluid setluid
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:4395: checking for $ac_func" >&5
+echo "$as_me:4567: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4401 "configure"
+#line 4573 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -4429,16 +4601,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4432: \"$ac_link\"") >&5
+if { (eval echo "$as_me:4604: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4435: \$? = $ac_status" >&5
+  echo "$as_me:4607: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4438: \"$ac_try\"") >&5
+  { (eval echo "$as_me:4610: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4441: \$? = $ac_status" >&5
+  echo "$as_me:4613: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -4448,7 +4620,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4451: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:4623: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4462,6 +4634,22 @@ done
         ;;
 *-*-unicosmk*)
         cat >>confdefs.h <<\EOF
+#define NO_SSH_LASTLOG 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
 #define USE_PIPES 1
 EOF
 
@@ -4475,6 +4663,18 @@ EOF
         ;;
 *-*-unicosmp*)
         cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
 #define WITH_ABBREV_NO_TTY 1
 EOF
 
@@ -4487,11 +4687,23 @@ EOF
 EOF
 
         LDFLAGS="$LDFLAGS"
-        LIBS="$LIBS -lgen -lacid"
+        LIBS="$LIBS -lgen -lacid -ldb"
         MANTYPE=cat
         ;;
 *-*-unicos*)
         cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
 #define USE_PIPES 1
 EOF
 
@@ -4508,7 +4720,7 @@ EOF
         MANTYPE=cat
         ;;
 *-dec-osf*)
-        echo "$as_me:4511: checking for Digital Unix SIA" >&5
+        echo "$as_me:4723: checking for Digital Unix SIA" >&5
 echo $ECHO_N "checking for Digital Unix SIA... $ECHO_C" >&6
         no_osfsia=""
 
@@ -4517,7 +4729,7 @@ if test "${with_osfsia+set}" = set; then
   withval="$with_osfsia"
 
                         if test "x$withval" = "xno" ; then
-                                echo "$as_me:4520: result: disabled" >&5
+                                echo "$as_me:4732: result: disabled" >&5
 echo "${ECHO_T}disabled" >&6
                                 no_osfsia=1
                         fi
@@ -4525,7 +4737,7 @@ echo "${ECHO_T}disabled" >&6
 fi;
         if test -z "$no_osfsia" ; then
                 if test -f /etc/sia/matrix.conf; then
-                        echo "$as_me:4528: result: yes" >&5
+                        echo "$as_me:4740: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                         cat >>confdefs.h <<\EOF
 #define HAVE_OSF_SIA 1
@@ -4541,20 +4753,28 @@ EOF
 
                         LIBS="$LIBS -lsecurity -ldb -lm -laud"
                 else
-                        echo "$as_me:4544: result: no" >&5
+                        echo "$as_me:4756: result: no" >&5
 echo "${ECHO_T}no" >&6
+                        cat >>confdefs.h <<\EOF
+#define LOCKED_PASSWD_SUBSTR "Nologin"
+EOF
+
                 fi
         fi
         cat >>confdefs.h <<\EOF
-#define DISABLE_FD_PASSING 1
+#define BROKEN_GETADDRINFO 1
 EOF
 
         cat >>confdefs.h <<\EOF
-#define BROKEN_GETADDRINFO 1
+#define SETEUID_BREAKS_SETUID 1
 EOF
 
         cat >>confdefs.h <<\EOF
-#define LOCKED_PASSWD_SUBSTR "Nologin"
+#define BROKEN_SETREUID 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
 EOF
 
         ;;
@@ -4625,15 +4845,15 @@ if test "${with_libs+set}" = set; then
 
 fi;
 
-echo "$as_me:4628: checking compiler and flags for sanity" >&5
+echo "$as_me:4848: checking compiler and flags for sanity" >&5
 echo $ECHO_N "checking compiler and flags for sanity... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:4631: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:4851: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4636 "configure"
+#line 4856 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4641,26 +4861,26 @@ int main(){exit(0);}
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:4644: \"$ac_link\"") >&5
+if { (eval echo "$as_me:4864: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4647: \$? = $ac_status" >&5
+  echo "$as_me:4867: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:4649: \"$ac_try\"") >&5
+  { (eval echo "$as_me:4869: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4652: \$? = $ac_status" >&5
+  echo "$as_me:4872: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-        echo "$as_me:4654: result: yes" >&5
+        echo "$as_me:4874: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: program exited with status $ac_status" >&5
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:4661: result: no" >&5
+                echo "$as_me:4881: result: no" >&5
 echo "${ECHO_T}no" >&6
-                { { echo "$as_me:4663: error: *** compiler cannot create working executables, check config.log ***" >&5
+                { { echo "$as_me:4883: error: *** compiler cannot create working executables, check config.log ***" >&5
 echo "$as_me: error: *** compiler cannot create working executables, check config.log ***" >&2;}
    { (exit 1); exit 1; }; }
 
@@ -4673,32 +4893,32 @@ fi
 for ac_header in bstring.h crypt.h endian.h features.h floatingpoint.h \
         getopt.h glob.h ia.h lastlog.h limits.h login.h \
         login_cap.h maillock.h netdb.h netgroup.h \
-        netinet/in_systm.h paths.h pty.h readpassphrase.h \
+        netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
         strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
-        sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
-        sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
+        sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
+        sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
         sys/un.h time.h tmpdir.h ttyent.h usersec.h \
-        util.h utime.h utmp.h utmpx.h
+        util.h utime.h utmp.h utmpx.h vis.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:4685: checking for $ac_header" >&5
+echo "$as_me:4905: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4691 "configure"
+#line 4911 "configure"
 #include "confdefs.h"
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:4695: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:4915: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:4701: \$? = $ac_status" >&5
+  echo "$as_me:4921: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -4717,7 +4937,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:4720: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:4940: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -4728,13 +4948,13 @@ fi
 done
 
 # Checks for libraries.
-echo "$as_me:4731: checking for yp_match" >&5
+echo "$as_me:4951: checking for yp_match" >&5
 echo $ECHO_N "checking for yp_match... $ECHO_C" >&6
 if test "${ac_cv_func_yp_match+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4737 "configure"
+#line 4957 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char yp_match (); below.  */
@@ -4765,16 +4985,16 @@ f = yp_match;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4768: \"$ac_link\"") >&5
+if { (eval echo "$as_me:4988: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4771: \$? = $ac_status" >&5
+  echo "$as_me:4991: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4774: \"$ac_try\"") >&5
+  { (eval echo "$as_me:4994: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4777: \$? = $ac_status" >&5
+  echo "$as_me:4997: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_yp_match=yes
 else
@@ -4784,13 +5004,13 @@ ac_cv_func_yp_match=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4787: result: $ac_cv_func_yp_match" >&5
+echo "$as_me:5007: result: $ac_cv_func_yp_match" >&5
 echo "${ECHO_T}$ac_cv_func_yp_match" >&6
 if test $ac_cv_func_yp_match = yes; then
   :
 else
 
-echo "$as_me:4793: checking for yp_match in -lnsl" >&5
+echo "$as_me:5013: checking for yp_match in -lnsl" >&5
 echo $ECHO_N "checking for yp_match in -lnsl... $ECHO_C" >&6
 if test "${ac_cv_lib_nsl_yp_match+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -4798,7 +5018,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lnsl  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 4801 "configure"
+#line 5021 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -4817,16 +5037,16 @@ yp_match ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4820: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5040: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4823: \$? = $ac_status" >&5
+  echo "$as_me:5043: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4826: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5046: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4829: \$? = $ac_status" >&5
+  echo "$as_me:5049: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_nsl_yp_match=yes
 else
@@ -4837,7 +5057,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:4840: result: $ac_cv_lib_nsl_yp_match" >&5
+echo "$as_me:5060: result: $ac_cv_lib_nsl_yp_match" >&5
 echo "${ECHO_T}$ac_cv_lib_nsl_yp_match" >&6
 if test $ac_cv_lib_nsl_yp_match = yes; then
   cat >>confdefs.h <<EOF
@@ -4850,13 +5070,13 @@ fi
 
 fi
 
-echo "$as_me:4853: checking for setsockopt" >&5
+echo "$as_me:5073: checking for setsockopt" >&5
 echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6
 if test "${ac_cv_func_setsockopt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 4859 "configure"
+#line 5079 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char setsockopt (); below.  */
@@ -4887,16 +5107,16 @@ f = setsockopt;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4890: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5110: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4893: \$? = $ac_status" >&5
+  echo "$as_me:5113: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4896: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5116: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4899: \$? = $ac_status" >&5
+  echo "$as_me:5119: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_setsockopt=yes
 else
@@ -4906,13 +5126,13 @@ ac_cv_func_setsockopt=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:4909: result: $ac_cv_func_setsockopt" >&5
+echo "$as_me:5129: result: $ac_cv_func_setsockopt" >&5
 echo "${ECHO_T}$ac_cv_func_setsockopt" >&6
 if test $ac_cv_func_setsockopt = yes; then
   :
 else
 
-echo "$as_me:4915: checking for setsockopt in -lsocket" >&5
+echo "$as_me:5135: checking for setsockopt in -lsocket" >&5
 echo $ECHO_N "checking for setsockopt in -lsocket... $ECHO_C" >&6
 if test "${ac_cv_lib_socket_setsockopt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -4920,7 +5140,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lsocket  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 4923 "configure"
+#line 5143 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -4939,16 +5159,16 @@ setsockopt ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:4942: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5162: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:4945: \$? = $ac_status" >&5
+  echo "$as_me:5165: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:4948: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5168: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:4951: \$? = $ac_status" >&5
+  echo "$as_me:5171: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_socket_setsockopt=yes
 else
@@ -4959,7 +5179,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:4962: result: $ac_cv_lib_socket_setsockopt" >&5
+echo "$as_me:5182: result: $ac_cv_lib_socket_setsockopt" >&5
 echo "${ECHO_T}$ac_cv_lib_socket_setsockopt" >&6
 if test $ac_cv_lib_socket_setsockopt = yes; then
   cat >>confdefs.h <<EOF
@@ -4974,7 +5194,7 @@ fi
 
 if test "x$with_tcp_wrappers" != "xno" ; then
     if test "x$do_sco3_extra_lib_check" = "xyes" ; then
-        echo "$as_me:4977: checking for innetgr in -lrpc" >&5
+        echo "$as_me:5197: checking for innetgr in -lrpc" >&5
 echo $ECHO_N "checking for innetgr in -lrpc... $ECHO_C" >&6
 if test "${ac_cv_lib_rpc_innetgr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -4982,7 +5202,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lrpc -lyp -lrpc $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 4985 "configure"
+#line 5205 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5001,16 +5221,16 @@ innetgr ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5004: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5224: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5007: \$? = $ac_status" >&5
+  echo "$as_me:5227: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5010: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5230: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5013: \$? = $ac_status" >&5
+  echo "$as_me:5233: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_rpc_innetgr=yes
 else
@@ -5021,7 +5241,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:5024: result: $ac_cv_lib_rpc_innetgr" >&5
+echo "$as_me:5244: result: $ac_cv_lib_rpc_innetgr" >&5
 echo "${ECHO_T}$ac_cv_lib_rpc_innetgr" >&6
 if test $ac_cv_lib_rpc_innetgr = yes; then
   LIBS="-lrpc -lyp -lrpc $LIBS"
@@ -5033,13 +5253,13 @@ fi
 for ac_func in dirname
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:5036: checking for $ac_func" >&5
+echo "$as_me:5256: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5042 "configure"
+#line 5262 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -5070,16 +5290,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5073: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5293: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5076: \$? = $ac_status" >&5
+  echo "$as_me:5296: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5079: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5299: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5082: \$? = $ac_status" >&5
+  echo "$as_me:5302: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -5089,7 +5309,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:5092: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:5312: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5099,23 +5319,23 @@ EOF
 for ac_header in libgen.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:5102: checking for $ac_header" >&5
+echo "$as_me:5322: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5108 "configure"
+#line 5328 "configure"
 #include "confdefs.h"
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:5112: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:5332: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:5118: \$? = $ac_status" >&5
+  echo "$as_me:5338: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -5134,7 +5354,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:5137: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:5357: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5146,7 +5366,7 @@ done
 
 else
 
-        echo "$as_me:5149: checking for dirname in -lgen" >&5
+        echo "$as_me:5369: checking for dirname in -lgen" >&5
 echo $ECHO_N "checking for dirname in -lgen... $ECHO_C" >&6
 if test "${ac_cv_lib_gen_dirname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5154,7 +5374,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lgen  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 5157 "configure"
+#line 5377 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5173,16 +5393,16 @@ dirname ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5176: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5396: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5179: \$? = $ac_status" >&5
+  echo "$as_me:5399: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5182: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5402: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5185: \$? = $ac_status" >&5
+  echo "$as_me:5405: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_gen_dirname=yes
 else
@@ -5193,11 +5413,11 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:5196: result: $ac_cv_lib_gen_dirname" >&5
+echo "$as_me:5416: result: $ac_cv_lib_gen_dirname" >&5
 echo "${ECHO_T}$ac_cv_lib_gen_dirname" >&6
 if test $ac_cv_lib_gen_dirname = yes; then
 
-                echo "$as_me:5200: checking for broken dirname" >&5
+                echo "$as_me:5420: checking for broken dirname" >&5
 echo $ECHO_N "checking for broken dirname... $ECHO_C" >&6
 if test "${ac_cv_have_broken_dirname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5206,12 +5426,12 @@ else
                         save_LIBS="$LIBS"
                         LIBS="$LIBS -lgen"
                         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:5209: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:5429: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5214 "configure"
+#line 5434 "configure"
 #include "confdefs.h"
 
 #include <libgen.h>
@@ -5231,15 +5451,15 @@ int main(int argc, char **argv) {
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:5234: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5454: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5237: \$? = $ac_status" >&5
+  echo "$as_me:5457: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:5239: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5459: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5242: \$? = $ac_status" >&5
+  echo "$as_me:5462: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_broken_dirname="no"
 else
@@ -5254,7 +5474,7 @@ fi
                         LIBS="$save_LIBS"
 
 fi
-echo "$as_me:5257: result: $ac_cv_have_broken_dirname" >&5
+echo "$as_me:5477: result: $ac_cv_have_broken_dirname" >&5
 echo "${ECHO_T}$ac_cv_have_broken_dirname" >&6
                 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
                         LIBS="$LIBS -lgen"
@@ -5265,23 +5485,23 @@ EOF
 for ac_header in libgen.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:5268: checking for $ac_header" >&5
+echo "$as_me:5488: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5274 "configure"
+#line 5494 "configure"
 #include "confdefs.h"
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:5278: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:5498: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:5284: \$? = $ac_status" >&5
+  echo "$as_me:5504: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -5300,7 +5520,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:5303: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:5523: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5317,13 +5537,13 @@ fi
 fi
 done
 
-echo "$as_me:5320: checking for getspnam" >&5
+echo "$as_me:5540: checking for getspnam" >&5
 echo $ECHO_N "checking for getspnam... $ECHO_C" >&6
 if test "${ac_cv_func_getspnam+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5326 "configure"
+#line 5546 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char getspnam (); below.  */
@@ -5354,16 +5574,16 @@ f = getspnam;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5357: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5577: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5360: \$? = $ac_status" >&5
+  echo "$as_me:5580: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5363: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5583: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5366: \$? = $ac_status" >&5
+  echo "$as_me:5586: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_getspnam=yes
 else
@@ -5373,12 +5593,12 @@ ac_cv_func_getspnam=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:5376: result: $ac_cv_func_getspnam" >&5
+echo "$as_me:5596: result: $ac_cv_func_getspnam" >&5
 echo "${ECHO_T}$ac_cv_func_getspnam" >&6
 if test $ac_cv_func_getspnam = yes; then
   :
 else
-  echo "$as_me:5381: checking for getspnam in -lgen" >&5
+  echo "$as_me:5601: checking for getspnam in -lgen" >&5
 echo $ECHO_N "checking for getspnam in -lgen... $ECHO_C" >&6
 if test "${ac_cv_lib_gen_getspnam+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5386,7 +5606,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lgen  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 5389 "configure"
+#line 5609 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5405,16 +5625,16 @@ getspnam ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5408: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5628: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5411: \$? = $ac_status" >&5
+  echo "$as_me:5631: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5414: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5634: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5417: \$? = $ac_status" >&5
+  echo "$as_me:5637: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_gen_getspnam=yes
 else
@@ -5425,7 +5645,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:5428: result: $ac_cv_lib_gen_getspnam" >&5
+echo "$as_me:5648: result: $ac_cv_lib_gen_getspnam" >&5
 echo "${ECHO_T}$ac_cv_lib_gen_getspnam" >&6
 if test $ac_cv_lib_gen_getspnam = yes; then
   LIBS="$LIBS -lgen"
@@ -5433,7 +5653,7 @@ fi
 
 fi
 
-echo "$as_me:5436: checking for library containing basename" >&5
+echo "$as_me:5656: checking for library containing basename" >&5
 echo $ECHO_N "checking for library containing basename... $ECHO_C" >&6
 if test "${ac_cv_search_basename+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5441,7 +5661,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_basename=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 5444 "configure"
+#line 5664 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5460,16 +5680,16 @@ basename ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5463: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5683: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5466: \$? = $ac_status" >&5
+  echo "$as_me:5686: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5469: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5689: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5472: \$? = $ac_status" >&5
+  echo "$as_me:5692: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_basename="none required"
 else
@@ -5481,7 +5701,7 @@ if test "$ac_cv_search_basename" = no; then
   for ac_lib in gen; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 5484 "configure"
+#line 5704 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5500,16 +5720,16 @@ basename ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5503: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5723: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5506: \$? = $ac_status" >&5
+  echo "$as_me:5726: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5509: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5729: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5512: \$? = $ac_status" >&5
+  echo "$as_me:5732: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_basename="-l$ac_lib"
 break
@@ -5522,7 +5742,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:5525: result: $ac_cv_search_basename" >&5
+echo "$as_me:5745: result: $ac_cv_search_basename" >&5
 echo "${ECHO_T}$ac_cv_search_basename" >&6
 if test "$ac_cv_search_basename" != no; then
   test "$ac_cv_search_basename" = "none required" || LIBS="$ac_cv_search_basename $LIBS"
@@ -5532,25 +5752,12 @@ EOF
 
 fi
 
-# Check whether --with-rpath or --without-rpath was given.
-if test "${with_rpath+set}" = set; then
-  withval="$with_rpath"
-
-                if test "x$withval" = "xno" ; then
-                        need_dash_r=""
-                fi
-                if test "x$withval" = "xyes" ; then
-                        need_dash_r=1
-                fi
-
-fi;
-
 # Check whether --with-zlib or --without-zlib was given.
 if test "${with_zlib+set}" = set; then
   withval="$with_zlib"
 
                 if test "x$withval" = "xno" ; then
-                        { { echo "$as_me:5553: error: *** zlib is required ***" >&5
+                        { { echo "$as_me:5760: error: *** zlib is required ***" >&5
 echo "$as_me: error: *** zlib is required ***" >&2;}
    { (exit 1); exit 1; }; }
                 fi
@@ -5575,7 +5782,7 @@ echo "$as_me: error: *** zlib is required ***" >&2;}
 
 fi;
 
-echo "$as_me:5578: checking for deflate in -lz" >&5
+echo "$as_me:5785: checking for deflate in -lz" >&5
 echo $ECHO_N "checking for deflate in -lz... $ECHO_C" >&6
 if test "${ac_cv_lib_z_deflate+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5583,7 +5790,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lz  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 5586 "configure"
+#line 5793 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5602,16 +5809,16 @@ deflate ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5605: \"$ac_link\"") >&5
+if { (eval echo "$as_me:5812: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5608: \$? = $ac_status" >&5
+  echo "$as_me:5815: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5611: \"$ac_try\"") >&5
+  { (eval echo "$as_me:5818: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5614: \$? = $ac_status" >&5
+  echo "$as_me:5821: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_z_deflate=yes
 else
@@ -5622,7 +5829,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:5625: result: $ac_cv_lib_z_deflate" >&5
+echo "$as_me:5832: result: $ac_cv_lib_z_deflate" >&5
 echo "${ECHO_T}$ac_cv_lib_z_deflate" >&6
 if test $ac_cv_lib_z_deflate = yes; then
   cat >>confdefs.h <<EOF
@@ -5632,18 +5839,192 @@ EOF
   LIBS="-lz $LIBS"
 
 else
-  { { echo "$as_me:5635: error: *** zlib missing - please install first or check config.log ***" >&5
+
+                saved_CPPFLAGS="$CPPFLAGS"
+                saved_LDFLAGS="$LDFLAGS"
+                save_LIBS="$LIBS"
+                                if test -n "${need_dash_r}"; then
+                        LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+                else
+                        LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+                fi
+                CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+                LIBS="$LIBS -lz"
+                cat >conftest.$ac_ext <<_ACEOF
+#line 5854 "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char deflate ();
+int
+main ()
+{
+deflate ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:5873: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:5876: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:5879: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:5882: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  cat >>confdefs.h <<\EOF
+#define HAVE_LIBZ 1
+EOF
+
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+
+                                { { echo "$as_me:5892: error: *** zlib missing - please install first or check config.log ***" >&5
 echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
    { (exit 1); exit 1; }; }
+
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+
+fi
+
+echo "$as_me:5901: checking for zlib.h" >&5
+echo $ECHO_N "checking for zlib.h... $ECHO_C" >&6
+if test "${ac_cv_header_zlib_h+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 5907 "configure"
+#include "confdefs.h"
+#include <zlib.h>
+_ACEOF
+if { (eval echo "$as_me:5911: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  egrep -v '^ *\+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:5917: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_cv_header_zlib_h=yes
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  ac_cv_header_zlib_h=no
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+echo "$as_me:5936: result: $ac_cv_header_zlib_h" >&5
+echo "${ECHO_T}$ac_cv_header_zlib_h" >&6
+if test $ac_cv_header_zlib_h = yes; then
+  :
+else
+  { { echo "$as_me:5941: error: *** zlib.h missing - please install first or check config.log ***" >&5
+echo "$as_me: error: *** zlib.h missing - please install first or check config.log ***" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# Check whether --with-zlib-version-check or --without-zlib-version-check was given.
+if test "${with_zlib_version_check+set}" = set; then
+  withval="$with_zlib_version_check"
+    if test "x$withval" = "xno" ; then
+                zlib_check_nonfatal=1
+           fi
+
+fi;
+
+echo "$as_me:5955: checking for zlib 1.1.4 or greater" >&5
+echo $ECHO_N "checking for zlib 1.1.4 or greater... $ECHO_C" >&6
+if test "$cross_compiling" = yes; then
+  { { echo "$as_me:5958: error: cannot run test program while cross compiling" >&5
+echo "$as_me: error: cannot run test program while cross compiling" >&2;}
+   { (exit 1); exit 1; }; }
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 5963 "configure"
+#include "confdefs.h"
+
+#include <zlib.h>
+int main()
+{
+        int a, b, c, v;
+        if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
+                exit(1);
+        v = a*1000000 + b*1000 + c;
+        if (v >= 1001004)
+                exit(0);
+        exit(2);
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:5980: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:5983: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:5985: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:5988: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  echo "$as_me:5990: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ echo "$as_me:5996: result: no" >&5
+echo "${ECHO_T}no" >&6
+          if test -z "$zlib_check_nonfatal" ; then
+                { { echo "$as_me:5999: error: *** zlib too old - check config.log ***
+Your reported zlib version has known security problems.  It's possible your
+vendor has fixed these problems without changing the version number.  If you
+are sure this is the case, you can disable the check by running
+\"./configure --without-zlib-version-check\".
+If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&5
+echo "$as_me: error: *** zlib too old - check config.log ***
+Your reported zlib version has known security problems.  It's possible your
+vendor has fixed these problems without changing the version number.  If you
+are sure this is the case, you can disable the check by running
+\"./configure --without-zlib-version-check\".
+If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&2;}
+   { (exit 1); exit 1; }; }
+          else
+                { echo "$as_me:6013: WARNING: zlib version may have security problems" >&5
+echo "$as_me: WARNING: zlib version may have security problems" >&2;}
+          fi
+
+fi
+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
-echo "$as_me:5640: checking for strcasecmp" >&5
+echo "$as_me:6021: checking for strcasecmp" >&5
 echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6
 if test "${ac_cv_func_strcasecmp+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5646 "configure"
+#line 6027 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char strcasecmp (); below.  */
@@ -5674,16 +6055,16 @@ f = strcasecmp;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5677: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6058: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5680: \$? = $ac_status" >&5
+  echo "$as_me:6061: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5683: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6064: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5686: \$? = $ac_status" >&5
+  echo "$as_me:6067: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_strcasecmp=yes
 else
@@ -5693,12 +6074,12 @@ ac_cv_func_strcasecmp=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:5696: result: $ac_cv_func_strcasecmp" >&5
+echo "$as_me:6077: result: $ac_cv_func_strcasecmp" >&5
 echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6
 if test $ac_cv_func_strcasecmp = yes; then
   :
 else
-   echo "$as_me:5701: checking for strcasecmp in -lresolv" >&5
+   echo "$as_me:6082: checking for strcasecmp in -lresolv" >&5
 echo $ECHO_N "checking for strcasecmp in -lresolv... $ECHO_C" >&6
 if test "${ac_cv_lib_resolv_strcasecmp+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5706,7 +6087,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lresolv  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 5709 "configure"
+#line 6090 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5725,16 +6106,16 @@ strcasecmp ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5728: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6109: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5731: \$? = $ac_status" >&5
+  echo "$as_me:6112: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5734: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6115: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5737: \$? = $ac_status" >&5
+  echo "$as_me:6118: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_resolv_strcasecmp=yes
 else
@@ -5745,7 +6126,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:5748: result: $ac_cv_lib_resolv_strcasecmp" >&5
+echo "$as_me:6129: result: $ac_cv_lib_resolv_strcasecmp" >&5
 echo "${ECHO_T}$ac_cv_lib_resolv_strcasecmp" >&6
 if test $ac_cv_lib_resolv_strcasecmp = yes; then
   LIBS="$LIBS -lresolv"
@@ -5753,13 +6134,13 @@ fi
 
 fi
 
-echo "$as_me:5756: checking for utimes" >&5
+echo "$as_me:6137: checking for utimes" >&5
 echo $ECHO_N "checking for utimes... $ECHO_C" >&6
 if test "${ac_cv_func_utimes+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5762 "configure"
+#line 6143 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char utimes (); below.  */
@@ -5790,16 +6171,16 @@ f = utimes;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5793: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6174: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5796: \$? = $ac_status" >&5
+  echo "$as_me:6177: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5799: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6180: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5802: \$? = $ac_status" >&5
+  echo "$as_me:6183: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_utimes=yes
 else
@@ -5809,12 +6190,12 @@ ac_cv_func_utimes=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:5812: result: $ac_cv_func_utimes" >&5
+echo "$as_me:6193: result: $ac_cv_func_utimes" >&5
 echo "${ECHO_T}$ac_cv_func_utimes" >&6
 if test $ac_cv_func_utimes = yes; then
   :
 else
-   echo "$as_me:5817: checking for utimes in -lc89" >&5
+   echo "$as_me:6198: checking for utimes in -lc89" >&5
 echo $ECHO_N "checking for utimes in -lc89... $ECHO_C" >&6
 if test "${ac_cv_lib_c89_utimes+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5822,7 +6203,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lc89  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 5825 "configure"
+#line 6206 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5841,16 +6222,16 @@ utimes ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5844: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6225: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5847: \$? = $ac_status" >&5
+  echo "$as_me:6228: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5850: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6231: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5853: \$? = $ac_status" >&5
+  echo "$as_me:6234: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_c89_utimes=yes
 else
@@ -5861,7 +6242,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:5864: result: $ac_cv_lib_c89_utimes" >&5
+echo "$as_me:6245: result: $ac_cv_lib_c89_utimes" >&5
 echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6
 if test $ac_cv_lib_c89_utimes = yes; then
   cat >>confdefs.h <<\EOF
@@ -5876,23 +6257,23 @@ fi
 for ac_header in libutil.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:5879: checking for $ac_header" >&5
+echo "$as_me:6260: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 5885 "configure"
+#line 6266 "configure"
 #include "confdefs.h"
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:5889: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:6270: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:5895: \$? = $ac_status" >&5
+  echo "$as_me:6276: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -5911,7 +6292,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:5914: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:6295: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -5921,7 +6302,7 @@ EOF
 fi
 done
 
-echo "$as_me:5924: checking for library containing login" >&5
+echo "$as_me:6305: checking for library containing login" >&5
 echo $ECHO_N "checking for library containing login... $ECHO_C" >&6
 if test "${ac_cv_search_login+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5929,7 +6310,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_login=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 5932 "configure"
+#line 6313 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5948,16 +6329,16 @@ login ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5951: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6332: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5954: \$? = $ac_status" >&5
+  echo "$as_me:6335: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5957: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6338: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:5960: \$? = $ac_status" >&5
+  echo "$as_me:6341: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_login="none required"
 else
@@ -5969,7 +6350,7 @@ if test "$ac_cv_search_login" = no; then
   for ac_lib in util bsd; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 5972 "configure"
+#line 6353 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -5988,16 +6369,16 @@ login ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:5991: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6372: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:5994: \$? = $ac_status" >&5
+  echo "$as_me:6375: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:5997: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6378: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6000: \$? = $ac_status" >&5
+  echo "$as_me:6381: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_login="-l$ac_lib"
 break
@@ -6010,7 +6391,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:6013: result: $ac_cv_search_login" >&5
+echo "$as_me:6394: result: $ac_cv_search_login" >&5
 echo "${ECHO_T}$ac_cv_search_login" >&6
 if test "$ac_cv_search_login" != no; then
   test "$ac_cv_search_login" = "none required" || LIBS="$ac_cv_search_login $LIBS"
@@ -6023,13 +6404,13 @@ fi
 for ac_func in logout updwtmp logwtmp
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:6026: checking for $ac_func" >&5
+echo "$as_me:6407: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6032 "configure"
+#line 6413 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6060,16 +6441,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6063: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6444: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6066: \$? = $ac_status" >&5
+  echo "$as_me:6447: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6069: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6450: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6072: \$? = $ac_status" >&5
+  echo "$as_me:6453: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -6079,7 +6460,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6082: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:6463: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6092,13 +6473,13 @@ done
 for ac_func in strftime
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:6095: checking for $ac_func" >&5
+echo "$as_me:6476: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6101 "configure"
+#line 6482 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6129,16 +6510,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6132: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6513: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6135: \$? = $ac_status" >&5
+  echo "$as_me:6516: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6138: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6519: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6141: \$? = $ac_status" >&5
+  echo "$as_me:6522: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -6148,7 +6529,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6151: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:6532: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6157,7 +6538,7 @@ EOF
 
 else
   # strftime is in -lintl on SCO UNIX.
-echo "$as_me:6160: checking for strftime in -lintl" >&5
+echo "$as_me:6541: checking for strftime in -lintl" >&5
 echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6
 if test "${ac_cv_lib_intl_strftime+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6165,7 +6546,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lintl  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 6168 "configure"
+#line 6549 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -6184,16 +6565,16 @@ strftime ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6187: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6568: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6190: \$? = $ac_status" >&5
+  echo "$as_me:6571: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6193: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6574: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6196: \$? = $ac_status" >&5
+  echo "$as_me:6577: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_intl_strftime=yes
 else
@@ -6204,7 +6585,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:6207: result: $ac_cv_lib_intl_strftime" >&5
+echo "$as_me:6588: result: $ac_cv_lib_intl_strftime" >&5
 echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6
 if test $ac_cv_lib_intl_strftime = yes; then
   cat >>confdefs.h <<\EOF
@@ -6218,10 +6599,10 @@ fi
 done
 
 # Check for ALTDIRFUNC glob() extension
-echo "$as_me:6221: checking for GLOB_ALTDIRFUNC support" >&5
+echo "$as_me:6602: checking for GLOB_ALTDIRFUNC support" >&5
 echo $ECHO_N "checking for GLOB_ALTDIRFUNC support... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 6224 "configure"
+#line 6605 "configure"
 #include "confdefs.h"
 
                 #include <glob.h>
@@ -6237,55 +6618,55 @@ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
 #define GLOB_HAS_ALTDIRFUNC 1
 EOF
 
-                echo "$as_me:6240: result: yes" >&5
+                echo "$as_me:6621: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
 
-                echo "$as_me:6245: result: no" >&5
+                echo "$as_me:6626: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
 rm -f conftest*
 
 # Check for g.gl_matchc glob() extension
-echo "$as_me:6252: checking for gl_matchc field in glob_t" >&5
+echo "$as_me:6633: checking for gl_matchc field in glob_t" >&5
 echo $ECHO_N "checking for gl_matchc field in glob_t... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 6255 "configure"
+#line 6636 "configure"
 #include "confdefs.h"
 
-                #include <glob.h>
+                #include <glob.h>
                 int main(void){glob_t g; g.gl_matchc = 1;}
 
 _ACEOF
 if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
   egrep "FOUNDIT" >/dev/null 2>&1; then
 
-                cat >>confdefs.h <<\EOF
+                cat >>confdefs.h <<\EOF
 #define GLOB_HAS_GL_MATCHC 1
 EOF
 
-                echo "$as_me:6269: result: yes" >&5
+                echo "$as_me:6650: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
 
-                echo "$as_me:6274: result: no" >&5
+                echo "$as_me:6655: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
 rm -f conftest*
 
-echo "$as_me:6280: checking whether struct dirent allocates space for d_name" >&5
+echo "$as_me:6661: checking whether struct dirent allocates space for d_name" >&5
 echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:6283: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:6664: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6288 "configure"
+#line 6669 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -6294,24 +6675,24 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:6297: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6678: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6300: \$? = $ac_status" >&5
+  echo "$as_me:6681: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:6302: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6683: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6305: \$? = $ac_status" >&5
+  echo "$as_me:6686: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:6307: result: yes" >&5
+  echo "$as_me:6688: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: program exited with status $ac_status" >&5
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:6314: result: no" >&5
+                echo "$as_me:6695: result: no" >&5
 echo "${ECHO_T}no" >&6
                 cat >>confdefs.h <<\EOF
 #define BROKEN_ONE_BYTE_DIRENT_D_NAME 1
@@ -6342,15 +6723,15 @@ EOF
                         LIBS="-lskey $LIBS"
                         SKEY_MSG="yes"
 
-                        echo "$as_me:6345: checking for s/key support" >&5
+                        echo "$as_me:6726: checking for s/key support" >&5
 echo $ECHO_N "checking for s/key support... $ECHO_C" >&6
                         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:6348: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:6729: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6353 "configure"
+#line 6734 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6359,26 +6740,26 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:6362: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6743: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6365: \$? = $ac_status" >&5
+  echo "$as_me:6746: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:6367: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6748: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6370: \$? = $ac_status" >&5
+  echo "$as_me:6751: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:6372: result: yes" >&5
+  echo "$as_me:6753: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: program exited with status $ac_status" >&5
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                                        echo "$as_me:6379: result: no" >&5
+                                        echo "$as_me:6760: result: no" >&5
 echo "${ECHO_T}no" >&6
-                                        { { echo "$as_me:6381: error: ** Incomplete or missing s/key libraries." >&5
+                                        { { echo "$as_me:6762: error: ** Incomplete or missing s/key libraries." >&5
 echo "$as_me: error: ** Incomplete or missing s/key libraries." >&2;}
    { (exit 1); exit 1; }; }
 
@@ -6422,10 +6803,10 @@ if test "${with_tcp_wrappers+set}" = set; then
                         fi
                         LIBWRAP="-lwrap"
                         LIBS="$LIBWRAP $LIBS"
-                        echo "$as_me:6425: checking for libwrap" >&5
+                        echo "$as_me:6806: checking for libwrap" >&5
 echo $ECHO_N "checking for libwrap... $ECHO_C" >&6
                         cat >conftest.$ac_ext <<_ACEOF
-#line 6428 "configure"
+#line 6809 "configure"
 #include "confdefs.h"
 
 #include <tcpd.h>
@@ -6440,19 +6821,19 @@ hosts_access(0);
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6443: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6824: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6446: \$? = $ac_status" >&5
+  echo "$as_me:6827: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6449: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6830: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6452: \$? = $ac_status" >&5
+  echo "$as_me:6833: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
-                                        echo "$as_me:6455: result: yes" >&5
+                                        echo "$as_me:6836: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                                         cat >>confdefs.h <<\EOF
 #define LIBWRAP 1
@@ -6464,7 +6845,7 @@ else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                                        { { echo "$as_me:6467: error: *** libwrap missing" >&5
+                                        { { echo "$as_me:6848: error: *** libwrap missing" >&5
 echo "$as_me: error: *** libwrap missing" >&2;}
    { (exit 1); exit 1; }; }
 
@@ -6476,28 +6857,28 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi;
 
 for ac_func in \
-        arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \
+        arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
         bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
-        gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
+        getaddrinfo getcwd getgrouplist getnameinfo getopt \
         getpeereid _getpty getrlimit getttyent glob inet_aton \
         inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
         mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
         pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
         setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
-        setproctitle setregid setresgid setresuid setreuid setrlimit \
+        setproctitle setregid setreuid setrlimit \
         setsid setvbuf sigaction sigvec snprintf socketpair strerror \
-        strlcat strlcpy strmode strnvis sysconf tcgetpgrp \
-        truncate utimes vhangup vsnprintf waitpid \
+        strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
+        truncate updwtmpx utimes vhangup vsnprintf waitpid \
 
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:6494: checking for $ac_func" >&5
+echo "$as_me:6875: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6500 "configure"
+#line 6881 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6528,16 +6909,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6531: \"$ac_link\"") >&5
+if { (eval echo "$as_me:6912: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6534: \$? = $ac_status" >&5
+  echo "$as_me:6915: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6537: \"$ac_try\"") >&5
+  { (eval echo "$as_me:6918: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6540: \$? = $ac_status" >&5
+  echo "$as_me:6921: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -6547,7 +6928,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6550: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:6931: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6557,7 +6938,124 @@ EOF
 fi
 done
 
-echo "$as_me:6560: checking for library containing nanosleep" >&5
+# IRIX has a const char return value for gai_strerror()
+
+for ac_func in gai_strerror
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:6946: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 6952 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+char (*f) ();
+
+int
+main ()
+{
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+f = $ac_func;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:6983: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:6986: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:6989: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:6992: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+eval "$as_ac_var=no"
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:7002: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+EOF
+
+        cat >>confdefs.h <<\EOF
+#define HAVE_GAI_STRERROR 1
+EOF
+
+        cat >conftest.$ac_ext <<_ACEOF
+#line 7014 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);
+int
+main ()
+{
+
+char *str;
+
+str = gai_strerror(0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:7034: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:7037: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:7040: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:7043: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+cat >>confdefs.h <<\EOF
+#define HAVE_CONST_GAI_STRERROR_PROTO 1
+EOF
+
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+fi
+done
+
+echo "$as_me:7058: checking for library containing nanosleep" >&5
 echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6
 if test "${ac_cv_search_nanosleep+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -6565,7 +7063,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_nanosleep=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 6568 "configure"
+#line 7066 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -6584,16 +7082,16 @@ nanosleep ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6587: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7085: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6590: \$? = $ac_status" >&5
+  echo "$as_me:7088: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6593: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7091: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6596: \$? = $ac_status" >&5
+  echo "$as_me:7094: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_nanosleep="none required"
 else
@@ -6605,7 +7103,7 @@ if test "$ac_cv_search_nanosleep" = no; then
   for ac_lib in rt posix4; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 6608 "configure"
+#line 7106 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -6624,16 +7122,16 @@ nanosleep ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6627: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7125: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6630: \$? = $ac_status" >&5
+  echo "$as_me:7128: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6633: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7131: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6636: \$? = $ac_status" >&5
+  echo "$as_me:7134: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_nanosleep="-l$ac_lib"
 break
@@ -6646,7 +7144,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:6649: result: $ac_cv_search_nanosleep" >&5
+echo "$as_me:7147: result: $ac_cv_search_nanosleep" >&5
 echo "${ECHO_T}$ac_cv_search_nanosleep" >&6
 if test "$ac_cv_search_nanosleep" != no; then
   test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS"
@@ -6656,13 +7154,13 @@ EOF
 
 fi
 
-echo "$as_me:6659: checking for ANSI C header files" >&5
+echo "$as_me:7157: checking for ANSI C header files" >&5
 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
 if test "${ac_cv_header_stdc+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6665 "configure"
+#line 7163 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -6670,13 +7168,13 @@ else
 #include <float.h>
 
 _ACEOF
-if { (eval echo "$as_me:6673: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:7171: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:6679: \$? = $ac_status" >&5
+  echo "$as_me:7177: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -6698,7 +7196,7 @@ rm -f conftest.err conftest.$ac_ext
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
-#line 6701 "configure"
+#line 7199 "configure"
 #include "confdefs.h"
 #include <string.h>
 
@@ -6716,7 +7214,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
   cat >conftest.$ac_ext <<_ACEOF
-#line 6719 "configure"
+#line 7217 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 
@@ -6737,7 +7235,7 @@ if test $ac_cv_header_stdc = yes; then
   :
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6740 "configure"
+#line 7238 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #if ((' ' & 0x0FF) == 0x020)
@@ -6763,15 +7261,15 @@ main ()
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:6766: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7264: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6769: \$? = $ac_status" >&5
+  echo "$as_me:7267: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:6771: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7269: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6774: \$? = $ac_status" >&5
+  echo "$as_me:7272: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   :
 else
@@ -6784,7 +7282,7 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 fi
 fi
-echo "$as_me:6787: result: $ac_cv_header_stdc" >&5
+echo "$as_me:7285: result: $ac_cv_header_stdc" >&5
 echo "${ECHO_T}$ac_cv_header_stdc" >&6
 if test $ac_cv_header_stdc = yes; then
 
@@ -6800,28 +7298,28 @@ for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
                   inttypes.h stdint.h unistd.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:6803: checking for $ac_header" >&5
+echo "$as_me:7301: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6809 "configure"
+#line 7307 "configure"
 #include "confdefs.h"
 $ac_includes_default
 #include <$ac_header>
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:6815: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:7313: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:6818: \$? = $ac_status" >&5
+  echo "$as_me:7316: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:6821: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7319: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6824: \$? = $ac_status" >&5
+  echo "$as_me:7322: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_Header=yes"
 else
@@ -6831,7 +7329,7 @@ eval "$as_ac_Header=no"
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:6834: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:7332: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6841,13 +7339,13 @@ EOF
 fi
 done
 
-echo "$as_me:6844: checking whether strsep is declared" >&5
+echo "$as_me:7342: checking whether strsep is declared" >&5
 echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6
 if test "${ac_cv_have_decl_strsep+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6850 "configure"
+#line 7348 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -6862,16 +7360,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:6865: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:7363: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:6868: \$? = $ac_status" >&5
+  echo "$as_me:7366: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:6871: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7369: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6874: \$? = $ac_status" >&5
+  echo "$as_me:7372: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_have_decl_strsep=yes
 else
@@ -6881,20 +7379,20 @@ ac_cv_have_decl_strsep=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:6884: result: $ac_cv_have_decl_strsep" >&5
+echo "$as_me:7382: result: $ac_cv_have_decl_strsep" >&5
 echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6
 if test $ac_cv_have_decl_strsep = yes; then
 
 for ac_func in strsep
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:6891: checking for $ac_func" >&5
+echo "$as_me:7389: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6897 "configure"
+#line 7395 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -6925,16 +7423,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6928: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7426: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:6931: \$? = $ac_status" >&5
+  echo "$as_me:7429: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6934: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7432: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6937: \$? = $ac_status" >&5
+  echo "$as_me:7435: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -6944,7 +7442,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:6947: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:7445: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -6956,13 +7454,13 @@ done
 
 fi
 
-echo "$as_me:6959: checking whether getrusage is declared" >&5
+echo "$as_me:7457: checking whether getrusage is declared" >&5
 echo $ECHO_N "checking whether getrusage is declared... $ECHO_C" >&6
 if test "${ac_cv_have_decl_getrusage+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 6965 "configure"
+#line 7463 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -6977,16 +7475,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:6980: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:7478: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:6983: \$? = $ac_status" >&5
+  echo "$as_me:7481: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:6986: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7484: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:6989: \$? = $ac_status" >&5
+  echo "$as_me:7487: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_have_decl_getrusage=yes
 else
@@ -6996,20 +7494,20 @@ ac_cv_have_decl_getrusage=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:6999: result: $ac_cv_have_decl_getrusage" >&5
+echo "$as_me:7497: result: $ac_cv_have_decl_getrusage" >&5
 echo "${ECHO_T}$ac_cv_have_decl_getrusage" >&6
 if test $ac_cv_have_decl_getrusage = yes; then
 
 for ac_func in getrusage
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7006: checking for $ac_func" >&5
+echo "$as_me:7504: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7012 "configure"
+#line 7510 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7040,16 +7538,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7043: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7541: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7046: \$? = $ac_status" >&5
+  echo "$as_me:7544: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7049: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7547: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7052: \$? = $ac_status" >&5
+  echo "$as_me:7550: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7059,7 +7557,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7062: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:7560: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7071,13 +7569,13 @@ done
 
 fi
 
-echo "$as_me:7074: checking whether tcsendbreak is declared" >&5
+echo "$as_me:7572: checking whether tcsendbreak is declared" >&5
 echo $ECHO_N "checking whether tcsendbreak is declared... $ECHO_C" >&6
 if test "${ac_cv_have_decl_tcsendbreak+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7080 "configure"
+#line 7578 "configure"
 #include "confdefs.h"
 #include <termios.h>
 
@@ -7093,16 +7591,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7096: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:7594: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:7099: \$? = $ac_status" >&5
+  echo "$as_me:7597: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:7102: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7600: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7105: \$? = $ac_status" >&5
+  echo "$as_me:7603: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_have_decl_tcsendbreak=yes
 else
@@ -7112,7 +7610,7 @@ ac_cv_have_decl_tcsendbreak=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:7115: result: $ac_cv_have_decl_tcsendbreak" >&5
+echo "$as_me:7613: result: $ac_cv_have_decl_tcsendbreak" >&5
 echo "${ECHO_T}$ac_cv_have_decl_tcsendbreak" >&6
 if test $ac_cv_have_decl_tcsendbreak = yes; then
   cat >>confdefs.h <<\EOF
@@ -7124,13 +7622,84 @@ else
 for ac_func in tcsendbreak
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7127: checking for $ac_func" >&5
+echo "$as_me:7625: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 7631 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+char (*f) ();
+
+int
+main ()
+{
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+f = $ac_func;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:7662: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:7665: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:7668: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:7671: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+eval "$as_ac_var=no"
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:7681: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+EOF
+
+fi
+done
+
+fi
+
+for ac_func in setresuid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:7696: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7133 "configure"
+#line 7702 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7161,16 +7730,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7164: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7733: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7167: \$? = $ac_status" >&5
+  echo "$as_me:7736: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7170: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7739: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7173: \$? = $ac_status" >&5
+  echo "$as_me:7742: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7180,28 +7749,183 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7183: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:7752: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
 #define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
 EOF
 
+                echo "$as_me:7759: checking if setresuid seems to work" >&5
+echo $ECHO_N "checking if setresuid seems to work... $ECHO_C" >&6
+        if test "$cross_compiling" = yes; then
+  { { echo "$as_me:7762: error: cannot run test program while cross compiling" >&5
+echo "$as_me: error: cannot run test program while cross compiling" >&2;}
+   { (exit 1); exit 1; }; }
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 7767 "configure"
+#include "confdefs.h"
+
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:7776: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:7779: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:7781: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:7784: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  echo "$as_me:7786: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+cat >>confdefs.h <<\EOF
+#define BROKEN_SETRESUID 1
+EOF
+
+                 echo "$as_me:7796: result: not implemented" >&5
+echo "${ECHO_T}not implemented" >&6
+
+fi
+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+
 fi
 done
 
+for ac_func in setresgid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:7809: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 7815 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+char (*f) ();
+
+int
+main ()
+{
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+f = $ac_func;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:7846: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:7849: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:7852: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:7855: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+eval "$as_ac_var=no"
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:7865: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+EOF
+
+                echo "$as_me:7872: checking if setresgid seems to work" >&5
+echo $ECHO_N "checking if setresgid seems to work... $ECHO_C" >&6
+        if test "$cross_compiling" = yes; then
+  { { echo "$as_me:7875: error: cannot run test program while cross compiling" >&5
+echo "$as_me: error: cannot run test program while cross compiling" >&2;}
+   { (exit 1); exit 1; }; }
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 7880 "configure"
+#include "confdefs.h"
+
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:7889: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:7892: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:7894: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:7897: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  echo "$as_me:7899: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+cat >>confdefs.h <<\EOF
+#define BROKEN_SETRESGID 1
+EOF
+
+                 echo "$as_me:7909: result: not implemented" >&5
+echo "${ECHO_T}not implemented" >&6
+
+fi
+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+fi
+done
+
 for ac_func in gettimeofday time
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7198: checking for $ac_func" >&5
+echo "$as_me:7922: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7204 "configure"
+#line 7928 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7232,16 +7956,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7235: \"$ac_link\"") >&5
+if { (eval echo "$as_me:7959: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7238: \$? = $ac_status" >&5
+  echo "$as_me:7962: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7241: \"$ac_try\"") >&5
+  { (eval echo "$as_me:7965: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7244: \$? = $ac_status" >&5
+  echo "$as_me:7968: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7251,7 +7975,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7254: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:7978: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7264,13 +7988,13 @@ done
 for ac_func in endutent getutent getutid getutline pututline setutent
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7267: checking for $ac_func" >&5
+echo "$as_me:7991: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7273 "configure"
+#line 7997 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7301,16 +8025,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7304: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8028: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7307: \$? = $ac_status" >&5
+  echo "$as_me:8031: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7310: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8034: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7313: \$? = $ac_status" >&5
+  echo "$as_me:8037: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7320,7 +8044,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7323: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:8047: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7333,13 +8057,13 @@ done
 for ac_func in utmpname
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7336: checking for $ac_func" >&5
+echo "$as_me:8060: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7342 "configure"
+#line 8066 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7370,16 +8094,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7373: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8097: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7376: \$? = $ac_status" >&5
+  echo "$as_me:8100: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7379: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8103: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7382: \$? = $ac_status" >&5
+  echo "$as_me:8106: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7389,7 +8113,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7392: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:8116: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7402,13 +8126,13 @@ done
 for ac_func in endutxent getutxent getutxid getutxline pututxline
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7405: checking for $ac_func" >&5
+echo "$as_me:8129: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7411 "configure"
+#line 8135 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7439,16 +8163,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7442: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8166: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7445: \$? = $ac_status" >&5
+  echo "$as_me:8169: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7448: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8172: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7451: \$? = $ac_status" >&5
+  echo "$as_me:8175: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7458,7 +8182,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7461: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:8185: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7471,13 +8195,13 @@ done
 for ac_func in setutxent utmpxname
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:7474: checking for $ac_func" >&5
+echo "$as_me:8198: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7480 "configure"
+#line 8204 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -7508,16 +8232,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7511: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8235: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7514: \$? = $ac_status" >&5
+  echo "$as_me:8238: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7517: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8241: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7520: \$? = $ac_status" >&5
+  echo "$as_me:8244: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -7527,7 +8251,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7530: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:8254: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -7537,13 +8261,13 @@ EOF
 fi
 done
 
-echo "$as_me:7540: checking for daemon" >&5
+echo "$as_me:8264: checking for daemon" >&5
 echo $ECHO_N "checking for daemon... $ECHO_C" >&6
 if test "${ac_cv_func_daemon+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7546 "configure"
+#line 8270 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char daemon (); below.  */
@@ -7574,16 +8298,16 @@ f = daemon;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7577: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8301: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7580: \$? = $ac_status" >&5
+  echo "$as_me:8304: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7583: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8307: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7586: \$? = $ac_status" >&5
+  echo "$as_me:8310: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_daemon=yes
 else
@@ -7593,7 +8317,7 @@ ac_cv_func_daemon=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7596: result: $ac_cv_func_daemon" >&5
+echo "$as_me:8320: result: $ac_cv_func_daemon" >&5
 echo "${ECHO_T}$ac_cv_func_daemon" >&6
 if test $ac_cv_func_daemon = yes; then
   cat >>confdefs.h <<\EOF
@@ -7601,7 +8325,7 @@ if test $ac_cv_func_daemon = yes; then
 EOF
 
 else
-  echo "$as_me:7604: checking for daemon in -lbsd" >&5
+  echo "$as_me:8328: checking for daemon in -lbsd" >&5
 echo $ECHO_N "checking for daemon in -lbsd... $ECHO_C" >&6
 if test "${ac_cv_lib_bsd_daemon+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -7609,7 +8333,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lbsd  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 7612 "configure"
+#line 8336 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -7628,16 +8352,16 @@ daemon ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7631: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8355: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7634: \$? = $ac_status" >&5
+  echo "$as_me:8358: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7637: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8361: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7640: \$? = $ac_status" >&5
+  echo "$as_me:8364: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_bsd_daemon=yes
 else
@@ -7648,7 +8372,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:7651: result: $ac_cv_lib_bsd_daemon" >&5
+echo "$as_me:8375: result: $ac_cv_lib_bsd_daemon" >&5
 echo "${ECHO_T}$ac_cv_lib_bsd_daemon" >&6
 if test $ac_cv_lib_bsd_daemon = yes; then
   LIBS="$LIBS -lbsd"; cat >>confdefs.h <<\EOF
@@ -7659,13 +8383,13 @@ fi
 
 fi
 
-echo "$as_me:7662: checking for getpagesize" >&5
+echo "$as_me:8386: checking for getpagesize" >&5
 echo $ECHO_N "checking for getpagesize... $ECHO_C" >&6
 if test "${ac_cv_func_getpagesize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7668 "configure"
+#line 8392 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char getpagesize (); below.  */
@@ -7696,16 +8420,16 @@ f = getpagesize;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7699: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8423: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7702: \$? = $ac_status" >&5
+  echo "$as_me:8426: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7705: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8429: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7708: \$? = $ac_status" >&5
+  echo "$as_me:8432: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_getpagesize=yes
 else
@@ -7715,7 +8439,7 @@ ac_cv_func_getpagesize=no
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:7718: result: $ac_cv_func_getpagesize" >&5
+echo "$as_me:8442: result: $ac_cv_func_getpagesize" >&5
 echo "${ECHO_T}$ac_cv_func_getpagesize" >&6
 if test $ac_cv_func_getpagesize = yes; then
   cat >>confdefs.h <<\EOF
@@ -7723,7 +8447,7 @@ if test $ac_cv_func_getpagesize = yes; then
 EOF
 
 else
-  echo "$as_me:7726: checking for getpagesize in -lucb" >&5
+  echo "$as_me:8450: checking for getpagesize in -lucb" >&5
 echo $ECHO_N "checking for getpagesize in -lucb... $ECHO_C" >&6
 if test "${ac_cv_lib_ucb_getpagesize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -7731,7 +8455,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lucb  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 7734 "configure"
+#line 8458 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -7750,16 +8474,16 @@ getpagesize ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:7753: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8477: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7756: \$? = $ac_status" >&5
+  echo "$as_me:8480: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:7759: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8483: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7762: \$? = $ac_status" >&5
+  echo "$as_me:8486: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_ucb_getpagesize=yes
 else
@@ -7770,7 +8494,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:7773: result: $ac_cv_lib_ucb_getpagesize" >&5
+echo "$as_me:8497: result: $ac_cv_lib_ucb_getpagesize" >&5
 echo "${ECHO_T}$ac_cv_lib_ucb_getpagesize" >&6
 if test $ac_cv_lib_ucb_getpagesize = yes; then
   LIBS="$LIBS -lucb"; cat >>confdefs.h <<\EOF
@@ -7783,15 +8507,15 @@ fi
 
 # Check for broken snprintf
 if test "x$ac_cv_func_snprintf" = "xyes" ; then
-        echo "$as_me:7786: checking whether snprintf correctly terminates long strings" >&5
+        echo "$as_me:8510: checking whether snprintf correctly terminates long strings" >&5
 echo $ECHO_N "checking whether snprintf correctly terminates long strings... $ECHO_C" >&6
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:7789: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:8513: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7794 "configure"
+#line 8518 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7799,30 +8523,30 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:7802: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8526: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7805: \$? = $ac_status" >&5
+  echo "$as_me:8529: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:7807: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8531: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7810: \$? = $ac_status" >&5
+  echo "$as_me:8534: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:7812: result: yes" >&5
+  echo "$as_me:8536: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: program exited with status $ac_status" >&5
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                        echo "$as_me:7819: result: no" >&5
+                        echo "$as_me:8543: result: no" >&5
 echo "${ECHO_T}no" >&6
                         cat >>confdefs.h <<\EOF
 #define BROKEN_SNPRINTF 1
 EOF
 
-                        { echo "$as_me:7825: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
+                        { echo "$as_me:8549: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
 echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
 
 fi
@@ -7831,11 +8555,11 @@ fi
 fi
 
 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
-echo "$as_me:7834: checking for (overly) strict mkstemp" >&5
+echo "$as_me:8558: checking for (overly) strict mkstemp" >&5
 echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
 
-                echo "$as_me:7838: result: yes" >&5
+                echo "$as_me:8562: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                 cat >>confdefs.h <<\EOF
 #define HAVE_STRICT_MKSTEMP 1
@@ -7843,7 +8567,7 @@ EOF
 
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7846 "configure"
+#line 8570 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -7855,18 +8579,18 @@ unlink(template); exit(0);
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:7858: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8582: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7861: \$? = $ac_status" >&5
+  echo "$as_me:8585: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:7863: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8587: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7866: \$? = $ac_status" >&5
+  echo "$as_me:8590: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
-                echo "$as_me:7869: result: no" >&5
+                echo "$as_me:8593: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 else
@@ -7874,7 +8598,7 @@ else
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:7877: result: yes" >&5
+                echo "$as_me:8601: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                 cat >>confdefs.h <<\EOF
 #define HAVE_STRICT_MKSTEMP 1
@@ -7886,15 +8610,15 @@ fi
 fi
 
 if test ! -z "$check_for_openpty_ctty_bug"; then
-        echo "$as_me:7889: checking if openpty correctly handles controlling tty" >&5
+        echo "$as_me:8613: checking if openpty correctly handles controlling tty" >&5
 echo $ECHO_N "checking if openpty correctly handles controlling tty... $ECHO_C" >&6
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:7892: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:8616: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 7897 "configure"
+#line 8621 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7931,18 +8655,18 @@ main()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:7934: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8658: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:7937: \$? = $ac_status" >&5
+  echo "$as_me:8661: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:7939: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8663: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7942: \$? = $ac_status" >&5
+  echo "$as_me:8666: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
-                        echo "$as_me:7945: result: yes" >&5
+                        echo "$as_me:8669: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
@@ -7950,7 +8674,7 @@ else
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                        echo "$as_me:7953: result: no" >&5
+                        echo "$as_me:8677: result: no" >&5
 echo "${ECHO_T}no" >&6
                         cat >>confdefs.h <<\EOF
 #define SSHD_ACQUIRES_CTTY 1
@@ -7961,14 +8685,14 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 fi
 
-echo "$as_me:7964: checking whether getpgrp takes no argument" >&5
+echo "$as_me:8688: checking whether getpgrp takes no argument" >&5
 echo $ECHO_N "checking whether getpgrp takes no argument... $ECHO_C" >&6
 if test "${ac_cv_func_getpgrp_void+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   # Use it with a single arg.
 cat >conftest.$ac_ext <<_ACEOF
-#line 7971 "configure"
+#line 8695 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -7980,16 +8704,16 @@ getpgrp (0);
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:7983: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:8707: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:7986: \$? = $ac_status" >&5
+  echo "$as_me:8710: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:7989: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8713: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:7992: \$? = $ac_status" >&5
+  echo "$as_me:8716: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_func_getpgrp_1=yes
 else
@@ -8000,7 +8724,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 # Use it with no arg.
 cat >conftest.$ac_ext <<_ACEOF
-#line 8003 "configure"
+#line 8727 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -8012,16 +8736,16 @@ getpgrp ();
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8015: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:8739: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:8018: \$? = $ac_status" >&5
+  echo "$as_me:8742: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:8021: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8745: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8024: \$? = $ac_status" >&5
+  echo "$as_me:8748: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_func_getpgrp_0=yes
 else
@@ -8035,12 +8759,12 @@ case $ac_func_getpgrp_0:$ac_func_getpgrp_1 in
   yes:no) ac_cv_func_getpgrp_void=yes;;
   no:yes) ac_cv_func_getpgrp_void=false;;
   *) if test "$cross_compiling" = yes; then
-  { { echo "$as_me:8038: error: cannot check getpgrp if cross compiling" >&5
+  { { echo "$as_me:8762: error: cannot check getpgrp if cross compiling" >&5
 echo "$as_me: error: cannot check getpgrp if cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8043 "configure"
+#line 8767 "configure"
 #include "confdefs.h"
 $ac_includes_default
 
@@ -8094,15 +8818,15 @@ main ()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:8097: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8821: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8100: \$? = $ac_status" >&5
+  echo "$as_me:8824: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:8102: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8826: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8105: \$? = $ac_status" >&5
+  echo "$as_me:8829: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_func_getpgrp_void=yes
 else
@@ -8116,7 +8840,7 @@ fi;;
 esac # $ac_func_getpgrp_0:$ac_func_getpgrp_1
 
 fi
-echo "$as_me:8119: result: $ac_cv_func_getpgrp_void" >&5
+echo "$as_me:8843: result: $ac_cv_func_getpgrp_void" >&5
 echo "${ECHO_T}$ac_cv_func_getpgrp_void" >&6
 if test $ac_cv_func_getpgrp_void = yes; then
 
@@ -8134,13 +8858,14 @@ if test "${with_pam+set}" = set; then
   withval="$with_pam"
 
                 if test "x$withval" != "xno" ; then
-                        if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
-                                { { echo "$as_me:8138: error: PAM headers not found" >&5
+                        if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+                           test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+                                { { echo "$as_me:8863: error: PAM headers not found" >&5
 echo "$as_me: error: PAM headers not found" >&2;}
    { (exit 1); exit 1; }; }
                         fi
 
-echo "$as_me:8143: checking for dlopen in -ldl" >&5
+echo "$as_me:8868: checking for dlopen in -ldl" >&5
 echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
 if test "${ac_cv_lib_dl_dlopen+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -8148,7 +8873,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-ldl  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 8151 "configure"
+#line 8876 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -8167,16 +8892,16 @@ dlopen ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8170: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8895: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8173: \$? = $ac_status" >&5
+  echo "$as_me:8898: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8176: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8901: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8179: \$? = $ac_status" >&5
+  echo "$as_me:8904: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_dl_dlopen=yes
 else
@@ -8187,7 +8912,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:8190: result: $ac_cv_lib_dl_dlopen" >&5
+echo "$as_me:8915: result: $ac_cv_lib_dl_dlopen" >&5
 echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
 if test $ac_cv_lib_dl_dlopen = yes; then
   cat >>confdefs.h <<EOF
@@ -8198,7 +8923,7 @@ EOF
 
 fi
 
-echo "$as_me:8201: checking for pam_set_item in -lpam" >&5
+echo "$as_me:8926: checking for pam_set_item in -lpam" >&5
 echo $ECHO_N "checking for pam_set_item in -lpam... $ECHO_C" >&6
 if test "${ac_cv_lib_pam_pam_set_item+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -8206,7 +8931,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lpam  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 8209 "configure"
+#line 8934 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -8225,16 +8950,16 @@ pam_set_item ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8228: \"$ac_link\"") >&5
+if { (eval echo "$as_me:8953: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8231: \$? = $ac_status" >&5
+  echo "$as_me:8956: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8234: \"$ac_try\"") >&5
+  { (eval echo "$as_me:8959: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8237: \$? = $ac_status" >&5
+  echo "$as_me:8962: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_pam_pam_set_item=yes
 else
@@ -8245,7 +8970,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:8248: result: $ac_cv_lib_pam_pam_set_item" >&5
+echo "$as_me:8973: result: $ac_cv_lib_pam_pam_set_item" >&5
 echo "${ECHO_T}$ac_cv_lib_pam_pam_set_item" >&6
 if test $ac_cv_lib_pam_pam_set_item = yes; then
   cat >>confdefs.h <<EOF
@@ -8255,7 +8980,7 @@ EOF
   LIBS="-lpam $LIBS"
 
 else
-  { { echo "$as_me:8258: error: *** libpam missing" >&5
+  { { echo "$as_me:8983: error: *** libpam missing" >&5
 echo "$as_me: error: *** libpam missing" >&2;}
    { (exit 1); exit 1; }; }
 fi
@@ -8263,13 +8988,13 @@ fi
 for ac_func in pam_getenvlist
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:8266: checking for $ac_func" >&5
+echo "$as_me:8991: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8272 "configure"
+#line 8997 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8300,16 +9025,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8303: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9028: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8306: \$? = $ac_status" >&5
+  echo "$as_me:9031: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8309: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9034: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8312: \$? = $ac_status" >&5
+  echo "$as_me:9037: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -8319,7 +9044,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8322: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:9047: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8332,13 +9057,13 @@ done
 for ac_func in pam_putenv
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:8335: checking for $ac_func" >&5
+echo "$as_me:9060: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8341 "configure"
+#line 9066 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -8369,16 +9094,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8372: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9097: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8375: \$? = $ac_status" >&5
+  echo "$as_me:9100: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8378: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9103: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8381: \$? = $ac_status" >&5
+  echo "$as_me:9106: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -8388,7 +9113,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:8391: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:9116: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -8398,7 +9123,6 @@ EOF
 fi
 done
 
-                        disable_shadow=yes
                         PAM_MSG="yes"
 
                         cat >>confdefs.h <<\EOF
@@ -8418,14 +9142,18 @@ fi;
 # Check for older PAM
 if test "x$PAM_MSG" = "xyes" ; then
         # Check PAM strerror arguments (old PAM)
-        echo "$as_me:8421: checking whether pam_strerror takes only one argument" >&5
+        echo "$as_me:9145: checking whether pam_strerror takes only one argument" >&5
 echo $ECHO_N "checking whether pam_strerror takes only one argument... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 8424 "configure"
+#line 9148 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
 #include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
 
 int
 main ()
@@ -8436,18 +9164,18 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:8439: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:9167: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:8442: \$? = $ac_status" >&5
+  echo "$as_me:9170: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:8445: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9173: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8448: \$? = $ac_status" >&5
+  echo "$as_me:9176: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  echo "$as_me:8450: result: no" >&5
+  echo "$as_me:9178: result: no" >&5
 echo "${ECHO_T}no" >&6
 else
   echo "$as_me: failed program was:" >&5
@@ -8457,7 +9185,7 @@ cat conftest.$ac_ext >&5
 #define HAVE_OLD_PAM 1
 EOF
 
-                        echo "$as_me:8460: result: yes" >&5
+                        echo "$as_me:9188: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                         PAM_MSG="yes (old library)"
 
@@ -8465,70 +9193,6 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 
-# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
-# because the system crypt() is more featureful.
-if test "x$check_for_libcrypt_before" = "x1"; then
-
-echo "$as_me:8472: checking for crypt in -lcrypt" >&5
-echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
-if test "${ac_cv_lib_crypt_crypt+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypt  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line 8480 "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
-   builtin and then its argument prototype would still apply.  */
-char crypt ();
-int
-main ()
-{
-crypt ();
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8499: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:8502: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8505: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:8508: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-  ac_cv_lib_crypt_crypt=yes
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_crypt_crypt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:8519: result: $ac_cv_lib_crypt_crypt" >&5
-echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
-if test $ac_cv_lib_crypt_crypt = yes; then
-  cat >>confdefs.h <<EOF
-#define HAVE_LIBCRYPT 1
-EOF
-
-  LIBS="-lcrypt $LIBS"
-
-fi
-
-fi
-
 # Search for OpenSSL
 saved_CPPFLAGS="$CPPFLAGS"
 saved_LDFLAGS="$LDFLAGS"
@@ -8559,9 +9223,9 @@ if test "${with_ssl_dir+set}" = set; then
                 fi
 
 fi;
-LIBS="$LIBS -lcrypto"
+LIBS="-lcrypto $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 8564 "configure"
+#line 9228 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -8580,16 +9244,16 @@ RAND_add ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8583: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9247: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8586: \$? = $ac_status" >&5
+  echo "$as_me:9250: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8589: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9253: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8592: \$? = $ac_status" >&5
+  echo "$as_me:9256: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   cat >>confdefs.h <<\EOF
 #define HAVE_OPENSSL 1
@@ -8606,7 +9270,7 @@ cat conftest.$ac_ext >&5
                 fi
                 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
                 cat >conftest.$ac_ext <<_ACEOF
-#line 8609 "configure"
+#line 9273 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -8625,16 +9289,16 @@ RAND_add ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8628: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9292: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8631: \$? = $ac_status" >&5
+  echo "$as_me:9295: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8634: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9298: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8637: \$? = $ac_status" >&5
+  echo "$as_me:9301: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   cat >>confdefs.h <<\EOF
 #define HAVE_OPENSSL 1
@@ -8644,7 +9308,7 @@ else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                                { { echo "$as_me:8647: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&5
+                                { { echo "$as_me:9311: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&5
 echo "$as_me: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&2;}
    { (exit 1); exit 1; }; }
 
@@ -8655,15 +9319,15 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 # Determine OpenSSL header version
-echo "$as_me:8658: checking OpenSSL header version" >&5
+echo "$as_me:9322: checking OpenSSL header version" >&5
 echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:8661: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:9325: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8666 "configure"
+#line 9330 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -8671,12 +9335,12 @@ else
 #include <openssl/opensslv.h>
 #define DATA "conftest.sslincver"
 int main(void) {
-        FILE *fd;
-        int rc;
+        FILE *fd;
+        int rc;
 
-        fd = fopen(DATA,"w");
-        if(fd == NULL)
-                exit(1);
+        fd = fopen(DATA,"w");
+        if(fd == NULL)
+                exit(1);
 
         if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
                 exit(1);
@@ -8686,19 +9350,19 @@ int main(void) {
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:8689: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9353: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8692: \$? = $ac_status" >&5
+  echo "$as_me:9356: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:8694: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9358: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8697: \$? = $ac_status" >&5
+  echo "$as_me:9361: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                 ssl_header_ver=`cat conftest.sslincver`
-                echo "$as_me:8701: result: $ssl_header_ver" >&5
+                echo "$as_me:9365: result: $ssl_header_ver" >&5
 echo "${ECHO_T}$ssl_header_ver" >&6
 
 else
@@ -8706,9 +9370,9 @@ else
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:8709: result: not found" >&5
+                echo "$as_me:9373: result: not found" >&5
 echo "${ECHO_T}not found" >&6
-                { { echo "$as_me:8711: error: OpenSSL version header not found." >&5
+                { { echo "$as_me:9375: error: OpenSSL version header not found." >&5
 echo "$as_me: error: OpenSSL version header not found." >&2;}
    { (exit 1); exit 1; }; }
 
@@ -8717,15 +9381,15 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
 # Determine OpenSSL library version
-echo "$as_me:8720: checking OpenSSL library version" >&5
+echo "$as_me:9384: checking OpenSSL library version" >&5
 echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:8723: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:9387: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8728 "configure"
+#line 9392 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -8734,12 +9398,12 @@ else
 #include <openssl/crypto.h>
 #define DATA "conftest.ssllibver"
 int main(void) {
-        FILE *fd;
-        int rc;
+        FILE *fd;
+        int rc;
 
-        fd = fopen(DATA,"w");
-        if(fd == NULL)
-                exit(1);
+        fd = fopen(DATA,"w");
+        if(fd == NULL)
+                exit(1);
 
         if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
                 exit(1);
@@ -8749,19 +9413,19 @@ int main(void) {
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:8752: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9416: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8755: \$? = $ac_status" >&5
+  echo "$as_me:9419: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:8757: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9421: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8760: \$? = $ac_status" >&5
+  echo "$as_me:9424: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                 ssl_library_ver=`cat conftest.ssllibver`
-                echo "$as_me:8764: result: $ssl_library_ver" >&5
+                echo "$as_me:9428: result: $ssl_library_ver" >&5
 echo "${ECHO_T}$ssl_library_ver" >&6
 
 else
@@ -8769,9 +9433,9 @@ else
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:8772: result: not found" >&5
+                echo "$as_me:9436: result: not found" >&5
 echo "${ECHO_T}not found" >&6
-                { { echo "$as_me:8774: error: OpenSSL library not found." >&5
+                { { echo "$as_me:9438: error: OpenSSL library not found." >&5
 echo "$as_me: error: OpenSSL library not found." >&2;}
    { (exit 1); exit 1; }; }
 
@@ -8780,15 +9444,15 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
 # Sanity check OpenSSL headers
-echo "$as_me:8783: checking whether OpenSSL's headers match the library" >&5
+echo "$as_me:9447: checking whether OpenSSL's headers match the library" >&5
 echo $ECHO_N "checking whether OpenSSL's headers match the library... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:8786: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:9450: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8791 "configure"
+#line 9455 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -8797,18 +9461,18 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:8800: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9464: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8803: \$? = $ac_status" >&5
+  echo "$as_me:9467: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:8805: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9469: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8808: \$? = $ac_status" >&5
+  echo "$as_me:9472: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
-                echo "$as_me:8811: result: yes" >&5
+                echo "$as_me:9475: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
@@ -8816,9 +9480,9 @@ else
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:8819: result: no" >&5
+                echo "$as_me:9483: result: no" >&5
 echo "${ECHO_T}no" >&6
-                { { echo "$as_me:8821: error: Your OpenSSL headers do not match your library.
+                { { echo "$as_me:9485: error: Your OpenSSL headers do not match your library.
 Check config.log for details.
 Also see contrib/findssl.sh for help identifying header/library mismatches." >&5
 echo "$as_me: error: Your OpenSSL headers do not match your library.
@@ -8830,10 +9494,74 @@ fi
 rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+
+echo "$as_me:9501: checking for crypt in -lcrypt" >&5
+echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
+if test "${ac_cv_lib_crypt_crypt+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypt  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+#line 9509 "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char crypt ();
+int
+main ()
+{
+crypt ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:9528: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:9531: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:9534: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:9537: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_crypt_crypt=yes
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ac_cv_lib_crypt_crypt=no
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:9548: result: $ac_cv_lib_crypt_crypt" >&5
+echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
+if test $ac_cv_lib_crypt_crypt = yes; then
+  cat >>confdefs.h <<EOF
+#define HAVE_LIBCRYPT 1
+EOF
+
+  LIBS="-lcrypt $LIBS"
+
+fi
+
+fi
+
 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-# version in OpenSSL. Skip this for PAM
+# version in OpenSSL.
 if test "x$check_for_libcrypt_later" = "x1"; then
-        echo "$as_me:8836: checking for crypt in -lcrypt" >&5
+        echo "$as_me:9564: checking for crypt in -lcrypt" >&5
 echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
 if test "${ac_cv_lib_crypt_crypt+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -8841,7 +9569,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lcrypt  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 8844 "configure"
+#line 9572 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -8860,16 +9588,16 @@ crypt ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:8863: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9591: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8866: \$? = $ac_status" >&5
+  echo "$as_me:9594: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:8869: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9597: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8872: \$? = $ac_status" >&5
+  echo "$as_me:9600: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_crypt_crypt=yes
 else
@@ -8880,7 +9608,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:8883: result: $ac_cv_lib_crypt_crypt" >&5
+echo "$as_me:9611: result: $ac_cv_lib_crypt_crypt" >&5
 echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
 if test $ac_cv_lib_crypt_crypt = yes; then
   LIBS="$LIBS -lcrypt"
@@ -8891,15 +9619,15 @@ fi
 ### Configure cryptographic random number support
 
 # Check wheter OpenSSL seeds itself
-echo "$as_me:8894: checking whether OpenSSL's PRNG is internally seeded" >&5
+echo "$as_me:9622: checking whether OpenSSL's PRNG is internally seeded" >&5
 echo $ECHO_N "checking whether OpenSSL's PRNG is internally seeded... $ECHO_C" >&6
 if test "$cross_compiling" = yes; then
-  { { echo "$as_me:8897: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:9625: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 8902 "configure"
+#line 9630 "configure"
 #include "confdefs.h"
 
 #include <string.h>
@@ -8908,19 +9636,19 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:8911: \"$ac_link\"") >&5
+if { (eval echo "$as_me:9639: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:8914: \$? = $ac_status" >&5
+  echo "$as_me:9642: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:8916: \"$ac_try\"") >&5
+  { (eval echo "$as_me:9644: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:8919: \$? = $ac_status" >&5
+  echo "$as_me:9647: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                 OPENSSL_SEEDS_ITSELF=yes
-                echo "$as_me:8923: result: yes" >&5
+                echo "$as_me:9651: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
@@ -8928,7 +9656,7 @@ else
 echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:8931: result: no" >&5
+                echo "$as_me:9659: result: no" >&5
 echo "${ECHO_T}no" >&6
                 # Default to use of the rand helper if OpenSSL doesn't
                 # seed itself
@@ -8948,7 +9676,7 @@ if test "${with_rand_helper+set}" = set; then
                         # Force use of OpenSSL's internal RNG, even if
                         # the previous test showed it to be unseeded.
                         if test -z "$OPENSSL_SEEDS_ITSELF" ; then
-                                { echo "$as_me:8951: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5
+                                { echo "$as_me:9679: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5
 echo "$as_me: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&2;}
                                 OPENSSL_SEEDS_ITSELF=yes
                                 USE_RAND_HELPER=""
@@ -8989,7 +9717,7 @@ if test "${with_prngd_port+set}" = set; then
                 [0-9]*)
                         ;;
                 *)
-                        { { echo "$as_me:8992: error: You must specify a numeric port number for --with-prngd-port" >&5
+                        { { echo "$as_me:9720: error: You must specify a numeric port number for --with-prngd-port" >&5
 echo "$as_me: error: You must specify a numeric port number for --with-prngd-port" >&2;}
    { (exit 1); exit 1; }; }
                         ;;
@@ -9020,7 +9748,7 @@ if test "${with_prngd_socket+set}" = set; then
                 /*)
                         ;;
                 *)
-                        { { echo "$as_me:9023: error: You must specify an absolute path to the entropy socket" >&5
+                        { { echo "$as_me:9751: error: You must specify an absolute path to the entropy socket" >&5
 echo "$as_me: error: You must specify an absolute path to the entropy socket" >&2;}
    { (exit 1); exit 1; }; }
                         ;;
@@ -9028,12 +9756,12 @@ echo "$as_me: error: You must specify an absolute path to the entropy socket" >&
 
                 if test ! -z "$withval" ; then
                         if test ! -z "$PRNGD_PORT" ; then
-                                { { echo "$as_me:9031: error: You may not specify both a PRNGD/EGD port and socket" >&5
+                                { { echo "$as_me:9759: error: You may not specify both a PRNGD/EGD port and socket" >&5
 echo "$as_me: error: You may not specify both a PRNGD/EGD port and socket" >&2;}
    { (exit 1); exit 1; }; }
                         fi
                         if test ! -r "$withval" ; then
-                                { echo "$as_me:9036: WARNING: Entropy socket is not readable" >&5
+                                { echo "$as_me:9764: WARNING: Entropy socket is not readable" >&5
 echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
                         fi
                         PRNGD_SOCKET="$withval"
@@ -9047,7 +9775,7 @@ else
 
                 # Check for existing socket only if we don't have a random device already
                 if test "$USE_RAND_HELPER" = yes ; then
-                        echo "$as_me:9050: checking for PRNGD/EGD socket" >&5
+                        echo "$as_me:9778: checking for PRNGD/EGD socket" >&5
 echo $ECHO_N "checking for PRNGD/EGD socket... $ECHO_C" >&6
                         # Insert other locations here
                         for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
@@ -9061,10 +9789,10 @@ EOF
                                 fi
                         done
                         if test ! -z "$PRNGD_SOCKET" ; then
-                                echo "$as_me:9064: result: $PRNGD_SOCKET" >&5
+                                echo "$as_me:9792: result: $PRNGD_SOCKET" >&5
 echo "${ECHO_T}$PRNGD_SOCKET" >&6
                         else
-                                echo "$as_me:9067: result: not found" >&5
+                                echo "$as_me:9795: result: not found" >&5
 echo "${ECHO_T}not found" >&6
                         fi
                 fi
@@ -9120,7 +9848,7 @@ PATH=$PATH:/etc:$OPATH
 
         # Extract the first word of "ls", so it can be a program name with args.
 set dummy ls; ac_word=$2
-echo "$as_me:9123: checking for $ac_word" >&5
+echo "$as_me:9851: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_LS+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9137,7 +9865,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_LS="$ac_dir/$ac_word"
-   echo "$as_me:9140: found $ac_dir/$ac_word" >&5
+   echo "$as_me:9868: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9148,10 +9876,10 @@ fi
 PROG_LS=$ac_cv_path_PROG_LS
 
 if test -n "$PROG_LS"; then
-  echo "$as_me:9151: result: $PROG_LS" >&5
+  echo "$as_me:9879: result: $PROG_LS" >&5
 echo "${ECHO_T}$PROG_LS" >&6
 else
-  echo "$as_me:9154: result: no" >&5
+  echo "$as_me:9882: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9161,7 +9889,7 @@ fi
 
         # Extract the first word of "netstat", so it can be a program name with args.
 set dummy netstat; ac_word=$2
-echo "$as_me:9164: checking for $ac_word" >&5
+echo "$as_me:9892: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_NETSTAT+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9178,7 +9906,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_NETSTAT="$ac_dir/$ac_word"
-   echo "$as_me:9181: found $ac_dir/$ac_word" >&5
+   echo "$as_me:9909: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9189,10 +9917,10 @@ fi
 PROG_NETSTAT=$ac_cv_path_PROG_NETSTAT
 
 if test -n "$PROG_NETSTAT"; then
-  echo "$as_me:9192: result: $PROG_NETSTAT" >&5
+  echo "$as_me:9920: result: $PROG_NETSTAT" >&5
 echo "${ECHO_T}$PROG_NETSTAT" >&6
 else
-  echo "$as_me:9195: result: no" >&5
+  echo "$as_me:9923: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9202,7 +9930,7 @@ fi
 
         # Extract the first word of "arp", so it can be a program name with args.
 set dummy arp; ac_word=$2
-echo "$as_me:9205: checking for $ac_word" >&5
+echo "$as_me:9933: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_ARP+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9219,7 +9947,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_ARP="$ac_dir/$ac_word"
-   echo "$as_me:9222: found $ac_dir/$ac_word" >&5
+   echo "$as_me:9950: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9230,10 +9958,10 @@ fi
 PROG_ARP=$ac_cv_path_PROG_ARP
 
 if test -n "$PROG_ARP"; then
-  echo "$as_me:9233: result: $PROG_ARP" >&5
+  echo "$as_me:9961: result: $PROG_ARP" >&5
 echo "${ECHO_T}$PROG_ARP" >&6
 else
-  echo "$as_me:9236: result: no" >&5
+  echo "$as_me:9964: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9243,7 +9971,7 @@ fi
 
         # Extract the first word of "ifconfig", so it can be a program name with args.
 set dummy ifconfig; ac_word=$2
-echo "$as_me:9246: checking for $ac_word" >&5
+echo "$as_me:9974: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_IFCONFIG+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9260,7 +9988,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_IFCONFIG="$ac_dir/$ac_word"
-   echo "$as_me:9263: found $ac_dir/$ac_word" >&5
+   echo "$as_me:9991: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9271,10 +9999,10 @@ fi
 PROG_IFCONFIG=$ac_cv_path_PROG_IFCONFIG
 
 if test -n "$PROG_IFCONFIG"; then
-  echo "$as_me:9274: result: $PROG_IFCONFIG" >&5
+  echo "$as_me:10002: result: $PROG_IFCONFIG" >&5
 echo "${ECHO_T}$PROG_IFCONFIG" >&6
 else
-  echo "$as_me:9277: result: no" >&5
+  echo "$as_me:10005: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9284,7 +10012,7 @@ fi
 
         # Extract the first word of "jstat", so it can be a program name with args.
 set dummy jstat; ac_word=$2
-echo "$as_me:9287: checking for $ac_word" >&5
+echo "$as_me:10015: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_JSTAT+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9301,7 +10029,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_JSTAT="$ac_dir/$ac_word"
-   echo "$as_me:9304: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10032: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9312,10 +10040,10 @@ fi
 PROG_JSTAT=$ac_cv_path_PROG_JSTAT
 
 if test -n "$PROG_JSTAT"; then
-  echo "$as_me:9315: result: $PROG_JSTAT" >&5
+  echo "$as_me:10043: result: $PROG_JSTAT" >&5
 echo "${ECHO_T}$PROG_JSTAT" >&6
 else
-  echo "$as_me:9318: result: no" >&5
+  echo "$as_me:10046: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9325,7 +10053,7 @@ fi
 
         # Extract the first word of "ps", so it can be a program name with args.
 set dummy ps; ac_word=$2
-echo "$as_me:9328: checking for $ac_word" >&5
+echo "$as_me:10056: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_PS+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9342,7 +10070,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_PS="$ac_dir/$ac_word"
-   echo "$as_me:9345: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10073: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9353,10 +10081,10 @@ fi
 PROG_PS=$ac_cv_path_PROG_PS
 
 if test -n "$PROG_PS"; then
-  echo "$as_me:9356: result: $PROG_PS" >&5
+  echo "$as_me:10084: result: $PROG_PS" >&5
 echo "${ECHO_T}$PROG_PS" >&6
 else
-  echo "$as_me:9359: result: no" >&5
+  echo "$as_me:10087: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9366,7 +10094,7 @@ fi
 
         # Extract the first word of "sar", so it can be a program name with args.
 set dummy sar; ac_word=$2
-echo "$as_me:9369: checking for $ac_word" >&5
+echo "$as_me:10097: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_SAR+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9383,7 +10111,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_SAR="$ac_dir/$ac_word"
-   echo "$as_me:9386: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10114: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9394,10 +10122,10 @@ fi
 PROG_SAR=$ac_cv_path_PROG_SAR
 
 if test -n "$PROG_SAR"; then
-  echo "$as_me:9397: result: $PROG_SAR" >&5
+  echo "$as_me:10125: result: $PROG_SAR" >&5
 echo "${ECHO_T}$PROG_SAR" >&6
 else
-  echo "$as_me:9400: result: no" >&5
+  echo "$as_me:10128: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9407,7 +10135,7 @@ fi
 
         # Extract the first word of "w", so it can be a program name with args.
 set dummy w; ac_word=$2
-echo "$as_me:9410: checking for $ac_word" >&5
+echo "$as_me:10138: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_W+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9424,7 +10152,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_W="$ac_dir/$ac_word"
-   echo "$as_me:9427: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10155: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9435,10 +10163,10 @@ fi
 PROG_W=$ac_cv_path_PROG_W
 
 if test -n "$PROG_W"; then
-  echo "$as_me:9438: result: $PROG_W" >&5
+  echo "$as_me:10166: result: $PROG_W" >&5
 echo "${ECHO_T}$PROG_W" >&6
 else
-  echo "$as_me:9441: result: no" >&5
+  echo "$as_me:10169: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9448,7 +10176,7 @@ fi
 
         # Extract the first word of "who", so it can be a program name with args.
 set dummy who; ac_word=$2
-echo "$as_me:9451: checking for $ac_word" >&5
+echo "$as_me:10179: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_WHO+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9465,7 +10193,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_WHO="$ac_dir/$ac_word"
-   echo "$as_me:9468: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10196: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9476,10 +10204,10 @@ fi
 PROG_WHO=$ac_cv_path_PROG_WHO
 
 if test -n "$PROG_WHO"; then
-  echo "$as_me:9479: result: $PROG_WHO" >&5
+  echo "$as_me:10207: result: $PROG_WHO" >&5
 echo "${ECHO_T}$PROG_WHO" >&6
 else
-  echo "$as_me:9482: result: no" >&5
+  echo "$as_me:10210: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9489,7 +10217,7 @@ fi
 
         # Extract the first word of "last", so it can be a program name with args.
 set dummy last; ac_word=$2
-echo "$as_me:9492: checking for $ac_word" >&5
+echo "$as_me:10220: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_LAST+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9506,7 +10234,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_LAST="$ac_dir/$ac_word"
-   echo "$as_me:9509: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10237: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9517,10 +10245,10 @@ fi
 PROG_LAST=$ac_cv_path_PROG_LAST
 
 if test -n "$PROG_LAST"; then
-  echo "$as_me:9520: result: $PROG_LAST" >&5
+  echo "$as_me:10248: result: $PROG_LAST" >&5
 echo "${ECHO_T}$PROG_LAST" >&6
 else
-  echo "$as_me:9523: result: no" >&5
+  echo "$as_me:10251: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9530,7 +10258,7 @@ fi
 
         # Extract the first word of "lastlog", so it can be a program name with args.
 set dummy lastlog; ac_word=$2
-echo "$as_me:9533: checking for $ac_word" >&5
+echo "$as_me:10261: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_LASTLOG+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9547,7 +10275,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_LASTLOG="$ac_dir/$ac_word"
-   echo "$as_me:9550: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10278: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9558,10 +10286,10 @@ fi
 PROG_LASTLOG=$ac_cv_path_PROG_LASTLOG
 
 if test -n "$PROG_LASTLOG"; then
-  echo "$as_me:9561: result: $PROG_LASTLOG" >&5
+  echo "$as_me:10289: result: $PROG_LASTLOG" >&5
 echo "${ECHO_T}$PROG_LASTLOG" >&6
 else
-  echo "$as_me:9564: result: no" >&5
+  echo "$as_me:10292: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9571,7 +10299,7 @@ fi
 
         # Extract the first word of "df", so it can be a program name with args.
 set dummy df; ac_word=$2
-echo "$as_me:9574: checking for $ac_word" >&5
+echo "$as_me:10302: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_DF+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9588,7 +10316,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_DF="$ac_dir/$ac_word"
-   echo "$as_me:9591: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10319: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9599,10 +10327,10 @@ fi
 PROG_DF=$ac_cv_path_PROG_DF
 
 if test -n "$PROG_DF"; then
-  echo "$as_me:9602: result: $PROG_DF" >&5
+  echo "$as_me:10330: result: $PROG_DF" >&5
 echo "${ECHO_T}$PROG_DF" >&6
 else
-  echo "$as_me:9605: result: no" >&5
+  echo "$as_me:10333: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9612,7 +10340,7 @@ fi
 
         # Extract the first word of "vmstat", so it can be a program name with args.
 set dummy vmstat; ac_word=$2
-echo "$as_me:9615: checking for $ac_word" >&5
+echo "$as_me:10343: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_VMSTAT+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9629,7 +10357,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_VMSTAT="$ac_dir/$ac_word"
-   echo "$as_me:9632: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10360: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9640,10 +10368,10 @@ fi
 PROG_VMSTAT=$ac_cv_path_PROG_VMSTAT
 
 if test -n "$PROG_VMSTAT"; then
-  echo "$as_me:9643: result: $PROG_VMSTAT" >&5
+  echo "$as_me:10371: result: $PROG_VMSTAT" >&5
 echo "${ECHO_T}$PROG_VMSTAT" >&6
 else
-  echo "$as_me:9646: result: no" >&5
+  echo "$as_me:10374: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9653,7 +10381,7 @@ fi
 
         # Extract the first word of "uptime", so it can be a program name with args.
 set dummy uptime; ac_word=$2
-echo "$as_me:9656: checking for $ac_word" >&5
+echo "$as_me:10384: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_UPTIME+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9670,7 +10398,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_UPTIME="$ac_dir/$ac_word"
-   echo "$as_me:9673: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10401: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9681,10 +10409,10 @@ fi
 PROG_UPTIME=$ac_cv_path_PROG_UPTIME
 
 if test -n "$PROG_UPTIME"; then
-  echo "$as_me:9684: result: $PROG_UPTIME" >&5
+  echo "$as_me:10412: result: $PROG_UPTIME" >&5
 echo "${ECHO_T}$PROG_UPTIME" >&6
 else
-  echo "$as_me:9687: result: no" >&5
+  echo "$as_me:10415: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9694,7 +10422,7 @@ fi
 
         # Extract the first word of "ipcs", so it can be a program name with args.
 set dummy ipcs; ac_word=$2
-echo "$as_me:9697: checking for $ac_word" >&5
+echo "$as_me:10425: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_IPCS+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9711,7 +10439,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_IPCS="$ac_dir/$ac_word"
-   echo "$as_me:9714: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10442: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9722,10 +10450,10 @@ fi
 PROG_IPCS=$ac_cv_path_PROG_IPCS
 
 if test -n "$PROG_IPCS"; then
-  echo "$as_me:9725: result: $PROG_IPCS" >&5
+  echo "$as_me:10453: result: $PROG_IPCS" >&5
 echo "${ECHO_T}$PROG_IPCS" >&6
 else
-  echo "$as_me:9728: result: no" >&5
+  echo "$as_me:10456: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9735,7 +10463,7 @@ fi
 
         # Extract the first word of "tail", so it can be a program name with args.
 set dummy tail; ac_word=$2
-echo "$as_me:9738: checking for $ac_word" >&5
+echo "$as_me:10466: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_PROG_TAIL+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9752,7 +10480,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_PROG_TAIL="$ac_dir/$ac_word"
-   echo "$as_me:9755: found $ac_dir/$ac_word" >&5
+   echo "$as_me:10483: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -9763,10 +10491,10 @@ fi
 PROG_TAIL=$ac_cv_path_PROG_TAIL
 
 if test -n "$PROG_TAIL"; then
-  echo "$as_me:9766: result: $PROG_TAIL" >&5
+  echo "$as_me:10494: result: $PROG_TAIL" >&5
 echo "${ECHO_T}$PROG_TAIL" >&6
 else
-  echo "$as_me:9769: result: no" >&5
+  echo "$as_me:10497: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -9797,13 +10525,13 @@ if test ! -z "$SONY" ; then
 fi
 
 # Checks for data types
-echo "$as_me:9800: checking for char" >&5
+echo "$as_me:10528: checking for char" >&5
 echo $ECHO_N "checking for char... $ECHO_C" >&6
 if test "${ac_cv_type_char+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9806 "configure"
+#line 10534 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -9818,16 +10546,16 @@ if (sizeof (char))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9821: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10549: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:9824: \$? = $ac_status" >&5
+  echo "$as_me:10552: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9827: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10555: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:9830: \$? = $ac_status" >&5
+  echo "$as_me:10558: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_char=yes
 else
@@ -9837,10 +10565,10 @@ ac_cv_type_char=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:9840: result: $ac_cv_type_char" >&5
+echo "$as_me:10568: result: $ac_cv_type_char" >&5
 echo "${ECHO_T}$ac_cv_type_char" >&6
 
-echo "$as_me:9843: checking size of char" >&5
+echo "$as_me:10571: checking size of char" >&5
 echo $ECHO_N "checking size of char... $ECHO_C" >&6
 if test "${ac_cv_sizeof_char+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -9849,7 +10577,7 @@ else
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
-#line 9852 "configure"
+#line 10580 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -9861,21 +10589,21 @@ int _array_ [1 - 2 * !((sizeof (char)) >= 0)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9864: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10592: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:9867: \$? = $ac_status" >&5
+  echo "$as_me:10595: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9870: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10598: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:9873: \$? = $ac_status" >&5
+  echo "$as_me:10601: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 9878 "configure"
+#line 10606 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -9887,16 +10615,16 @@ int _array_ [1 - 2 * !((sizeof (char)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9890: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10618: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:9893: \$? = $ac_status" >&5
+  echo "$as_me:10621: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9896: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10624: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:9899: \$? = $ac_status" >&5
+  echo "$as_me:10627: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid; break
 else
@@ -9912,7 +10640,7 @@ cat conftest.$ac_ext >&5
 ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 9915 "configure"
+#line 10643 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -9924,16 +10652,16 @@ int _array_ [1 - 2 * !((sizeof (char)) >= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9927: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10655: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:9930: \$? = $ac_status" >&5
+  echo "$as_me:10658: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9933: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10661: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:9936: \$? = $ac_status" >&5
+  echo "$as_me:10664: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=$ac_mid; break
 else
@@ -9949,7 +10677,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
   cat >conftest.$ac_ext <<_ACEOF
-#line 9952 "configure"
+#line 10680 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -9961,16 +10689,16 @@ int _array_ [1 - 2 * !((sizeof (char)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:9964: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10692: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:9967: \$? = $ac_status" >&5
+  echo "$as_me:10695: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:9970: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10698: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:9973: \$? = $ac_status" >&5
+  echo "$as_me:10701: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid
 else
@@ -9983,12 +10711,12 @@ done
 ac_cv_sizeof_char=$ac_lo
 else
   if test "$cross_compiling" = yes; then
-  { { echo "$as_me:9986: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:10714: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 9991 "configure"
+#line 10719 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10004,15 +10732,15 @@ fclose (f);
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:10007: \"$ac_link\"") >&5
+if { (eval echo "$as_me:10735: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:10010: \$? = $ac_status" >&5
+  echo "$as_me:10738: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:10012: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10740: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10015: \$? = $ac_status" >&5
+  echo "$as_me:10743: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sizeof_char=`cat conftest.val`
 else
@@ -10028,19 +10756,19 @@ else
   ac_cv_sizeof_char=0
 fi
 fi
-echo "$as_me:10031: result: $ac_cv_sizeof_char" >&5
+echo "$as_me:10759: result: $ac_cv_sizeof_char" >&5
 echo "${ECHO_T}$ac_cv_sizeof_char" >&6
 cat >>confdefs.h <<EOF
 #define SIZEOF_CHAR $ac_cv_sizeof_char
 EOF
 
-echo "$as_me:10037: checking for short int" >&5
+echo "$as_me:10765: checking for short int" >&5
 echo $ECHO_N "checking for short int... $ECHO_C" >&6
 if test "${ac_cv_type_short_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10043 "configure"
+#line 10771 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10055,16 +10783,16 @@ if (sizeof (short int))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10058: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10786: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10061: \$? = $ac_status" >&5
+  echo "$as_me:10789: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10064: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10792: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10067: \$? = $ac_status" >&5
+  echo "$as_me:10795: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_short_int=yes
 else
@@ -10074,10 +10802,10 @@ ac_cv_type_short_int=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10077: result: $ac_cv_type_short_int" >&5
+echo "$as_me:10805: result: $ac_cv_type_short_int" >&5
 echo "${ECHO_T}$ac_cv_type_short_int" >&6
 
-echo "$as_me:10080: checking size of short int" >&5
+echo "$as_me:10808: checking size of short int" >&5
 echo $ECHO_N "checking size of short int... $ECHO_C" >&6
 if test "${ac_cv_sizeof_short_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -10086,7 +10814,7 @@ else
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
-#line 10089 "configure"
+#line 10817 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10098,21 +10826,21 @@ int _array_ [1 - 2 * !((sizeof (short int)) >= 0)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10101: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10829: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10104: \$? = $ac_status" >&5
+  echo "$as_me:10832: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10107: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10835: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10110: \$? = $ac_status" >&5
+  echo "$as_me:10838: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10115 "configure"
+#line 10843 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10124,16 +10852,16 @@ int _array_ [1 - 2 * !((sizeof (short int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10127: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10855: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10130: \$? = $ac_status" >&5
+  echo "$as_me:10858: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10133: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10861: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10136: \$? = $ac_status" >&5
+  echo "$as_me:10864: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid; break
 else
@@ -10149,7 +10877,7 @@ cat conftest.$ac_ext >&5
 ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10152 "configure"
+#line 10880 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10161,16 +10889,16 @@ int _array_ [1 - 2 * !((sizeof (short int)) >= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10164: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10892: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10167: \$? = $ac_status" >&5
+  echo "$as_me:10895: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10170: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10898: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10173: \$? = $ac_status" >&5
+  echo "$as_me:10901: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=$ac_mid; break
 else
@@ -10186,7 +10914,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
   cat >conftest.$ac_ext <<_ACEOF
-#line 10189 "configure"
+#line 10917 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10198,16 +10926,16 @@ int _array_ [1 - 2 * !((sizeof (short int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10201: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:10929: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10204: \$? = $ac_status" >&5
+  echo "$as_me:10932: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10207: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10935: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10210: \$? = $ac_status" >&5
+  echo "$as_me:10938: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid
 else
@@ -10220,12 +10948,12 @@ done
 ac_cv_sizeof_short_int=$ac_lo
 else
   if test "$cross_compiling" = yes; then
-  { { echo "$as_me:10223: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:10951: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10228 "configure"
+#line 10956 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10241,15 +10969,15 @@ fclose (f);
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:10244: \"$ac_link\"") >&5
+if { (eval echo "$as_me:10972: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:10247: \$? = $ac_status" >&5
+  echo "$as_me:10975: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:10249: \"$ac_try\"") >&5
+  { (eval echo "$as_me:10977: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10252: \$? = $ac_status" >&5
+  echo "$as_me:10980: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sizeof_short_int=`cat conftest.val`
 else
@@ -10265,19 +10993,19 @@ else
   ac_cv_sizeof_short_int=0
 fi
 fi
-echo "$as_me:10268: result: $ac_cv_sizeof_short_int" >&5
+echo "$as_me:10996: result: $ac_cv_sizeof_short_int" >&5
 echo "${ECHO_T}$ac_cv_sizeof_short_int" >&6
 cat >>confdefs.h <<EOF
 #define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int
 EOF
 
-echo "$as_me:10274: checking for int" >&5
+echo "$as_me:11002: checking for int" >&5
 echo $ECHO_N "checking for int... $ECHO_C" >&6
 if test "${ac_cv_type_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10280 "configure"
+#line 11008 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10292,16 +11020,16 @@ if (sizeof (int))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10295: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11023: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10298: \$? = $ac_status" >&5
+  echo "$as_me:11026: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10301: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11029: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10304: \$? = $ac_status" >&5
+  echo "$as_me:11032: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_int=yes
 else
@@ -10311,10 +11039,10 @@ ac_cv_type_int=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10314: result: $ac_cv_type_int" >&5
+echo "$as_me:11042: result: $ac_cv_type_int" >&5
 echo "${ECHO_T}$ac_cv_type_int" >&6
 
-echo "$as_me:10317: checking size of int" >&5
+echo "$as_me:11045: checking size of int" >&5
 echo $ECHO_N "checking size of int... $ECHO_C" >&6
 if test "${ac_cv_sizeof_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -10323,7 +11051,7 @@ else
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
-#line 10326 "configure"
+#line 11054 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10335,21 +11063,21 @@ int _array_ [1 - 2 * !((sizeof (int)) >= 0)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10338: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11066: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10341: \$? = $ac_status" >&5
+  echo "$as_me:11069: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10344: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11072: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10347: \$? = $ac_status" >&5
+  echo "$as_me:11075: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10352 "configure"
+#line 11080 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10361,16 +11089,16 @@ int _array_ [1 - 2 * !((sizeof (int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10364: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11092: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10367: \$? = $ac_status" >&5
+  echo "$as_me:11095: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10370: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11098: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10373: \$? = $ac_status" >&5
+  echo "$as_me:11101: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid; break
 else
@@ -10386,7 +11114,7 @@ cat conftest.$ac_ext >&5
 ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10389 "configure"
+#line 11117 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10398,16 +11126,16 @@ int _array_ [1 - 2 * !((sizeof (int)) >= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10401: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11129: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10404: \$? = $ac_status" >&5
+  echo "$as_me:11132: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10407: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11135: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10410: \$? = $ac_status" >&5
+  echo "$as_me:11138: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=$ac_mid; break
 else
@@ -10423,7 +11151,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
   cat >conftest.$ac_ext <<_ACEOF
-#line 10426 "configure"
+#line 11154 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10435,16 +11163,16 @@ int _array_ [1 - 2 * !((sizeof (int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10438: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11166: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10441: \$? = $ac_status" >&5
+  echo "$as_me:11169: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10444: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11172: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10447: \$? = $ac_status" >&5
+  echo "$as_me:11175: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid
 else
@@ -10457,12 +11185,12 @@ done
 ac_cv_sizeof_int=$ac_lo
 else
   if test "$cross_compiling" = yes; then
-  { { echo "$as_me:10460: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:11188: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10465 "configure"
+#line 11193 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10478,15 +11206,15 @@ fclose (f);
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:10481: \"$ac_link\"") >&5
+if { (eval echo "$as_me:11209: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:10484: \$? = $ac_status" >&5
+  echo "$as_me:11212: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:10486: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11214: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10489: \$? = $ac_status" >&5
+  echo "$as_me:11217: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sizeof_int=`cat conftest.val`
 else
@@ -10502,19 +11230,19 @@ else
   ac_cv_sizeof_int=0
 fi
 fi
-echo "$as_me:10505: result: $ac_cv_sizeof_int" >&5
+echo "$as_me:11233: result: $ac_cv_sizeof_int" >&5
 echo "${ECHO_T}$ac_cv_sizeof_int" >&6
 cat >>confdefs.h <<EOF
 #define SIZEOF_INT $ac_cv_sizeof_int
 EOF
 
-echo "$as_me:10511: checking for long int" >&5
+echo "$as_me:11239: checking for long int" >&5
 echo $ECHO_N "checking for long int... $ECHO_C" >&6
 if test "${ac_cv_type_long_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10517 "configure"
+#line 11245 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10529,16 +11257,16 @@ if (sizeof (long int))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10532: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11260: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10535: \$? = $ac_status" >&5
+  echo "$as_me:11263: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10538: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11266: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10541: \$? = $ac_status" >&5
+  echo "$as_me:11269: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_long_int=yes
 else
@@ -10548,10 +11276,10 @@ ac_cv_type_long_int=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10551: result: $ac_cv_type_long_int" >&5
+echo "$as_me:11279: result: $ac_cv_type_long_int" >&5
 echo "${ECHO_T}$ac_cv_type_long_int" >&6
 
-echo "$as_me:10554: checking size of long int" >&5
+echo "$as_me:11282: checking size of long int" >&5
 echo $ECHO_N "checking size of long int... $ECHO_C" >&6
 if test "${ac_cv_sizeof_long_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -10560,7 +11288,7 @@ else
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
-#line 10563 "configure"
+#line 11291 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10572,21 +11300,21 @@ int _array_ [1 - 2 * !((sizeof (long int)) >= 0)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10575: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11303: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10578: \$? = $ac_status" >&5
+  echo "$as_me:11306: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10581: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11309: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10584: \$? = $ac_status" >&5
+  echo "$as_me:11312: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10589 "configure"
+#line 11317 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10598,16 +11326,16 @@ int _array_ [1 - 2 * !((sizeof (long int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10601: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11329: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10604: \$? = $ac_status" >&5
+  echo "$as_me:11332: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10607: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11335: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10610: \$? = $ac_status" >&5
+  echo "$as_me:11338: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid; break
 else
@@ -10623,7 +11351,7 @@ cat conftest.$ac_ext >&5
 ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10626 "configure"
+#line 11354 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10635,16 +11363,16 @@ int _array_ [1 - 2 * !((sizeof (long int)) >= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10638: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11366: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10641: \$? = $ac_status" >&5
+  echo "$as_me:11369: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10644: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11372: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10647: \$? = $ac_status" >&5
+  echo "$as_me:11375: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=$ac_mid; break
 else
@@ -10660,7 +11388,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
   cat >conftest.$ac_ext <<_ACEOF
-#line 10663 "configure"
+#line 11391 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10672,16 +11400,16 @@ int _array_ [1 - 2 * !((sizeof (long int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10675: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11403: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10678: \$? = $ac_status" >&5
+  echo "$as_me:11406: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10681: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11409: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10684: \$? = $ac_status" >&5
+  echo "$as_me:11412: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid
 else
@@ -10694,12 +11422,12 @@ done
 ac_cv_sizeof_long_int=$ac_lo
 else
   if test "$cross_compiling" = yes; then
-  { { echo "$as_me:10697: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:11425: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10702 "configure"
+#line 11430 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10715,15 +11443,15 @@ fclose (f);
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:10718: \"$ac_link\"") >&5
+if { (eval echo "$as_me:11446: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:10721: \$? = $ac_status" >&5
+  echo "$as_me:11449: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:10723: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11451: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10726: \$? = $ac_status" >&5
+  echo "$as_me:11454: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sizeof_long_int=`cat conftest.val`
 else
@@ -10739,19 +11467,19 @@ else
   ac_cv_sizeof_long_int=0
 fi
 fi
-echo "$as_me:10742: result: $ac_cv_sizeof_long_int" >&5
+echo "$as_me:11470: result: $ac_cv_sizeof_long_int" >&5
 echo "${ECHO_T}$ac_cv_sizeof_long_int" >&6
 cat >>confdefs.h <<EOF
 #define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
 EOF
 
-echo "$as_me:10748: checking for long long int" >&5
+echo "$as_me:11476: checking for long long int" >&5
 echo $ECHO_N "checking for long long int... $ECHO_C" >&6
 if test "${ac_cv_type_long_long_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10754 "configure"
+#line 11482 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10766,16 +11494,16 @@ if (sizeof (long long int))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10769: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11497: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10772: \$? = $ac_status" >&5
+  echo "$as_me:11500: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10775: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11503: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10778: \$? = $ac_status" >&5
+  echo "$as_me:11506: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_long_long_int=yes
 else
@@ -10785,10 +11513,10 @@ ac_cv_type_long_long_int=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:10788: result: $ac_cv_type_long_long_int" >&5
+echo "$as_me:11516: result: $ac_cv_type_long_long_int" >&5
 echo "${ECHO_T}$ac_cv_type_long_long_int" >&6
 
-echo "$as_me:10791: checking size of long long int" >&5
+echo "$as_me:11519: checking size of long long int" >&5
 echo $ECHO_N "checking size of long long int... $ECHO_C" >&6
 if test "${ac_cv_sizeof_long_long_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -10797,7 +11525,7 @@ else
   if test "$cross_compiling" = yes; then
   # Depending upon the size, compute the lo and hi bounds.
 cat >conftest.$ac_ext <<_ACEOF
-#line 10800 "configure"
+#line 11528 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10809,21 +11537,21 @@ int _array_ [1 - 2 * !((sizeof (long long int)) >= 0)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10812: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11540: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10815: \$? = $ac_status" >&5
+  echo "$as_me:11543: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10818: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11546: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10821: \$? = $ac_status" >&5
+  echo "$as_me:11549: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=0 ac_mid=0
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10826 "configure"
+#line 11554 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10835,16 +11563,16 @@ int _array_ [1 - 2 * !((sizeof (long long int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10838: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11566: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10841: \$? = $ac_status" >&5
+  echo "$as_me:11569: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10844: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11572: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10847: \$? = $ac_status" >&5
+  echo "$as_me:11575: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid; break
 else
@@ -10860,7 +11588,7 @@ cat conftest.$ac_ext >&5
 ac_hi=-1 ac_mid=-1
   while :; do
     cat >conftest.$ac_ext <<_ACEOF
-#line 10863 "configure"
+#line 11591 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10872,16 +11600,16 @@ int _array_ [1 - 2 * !((sizeof (long long int)) >= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10875: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11603: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10878: \$? = $ac_status" >&5
+  echo "$as_me:11606: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10881: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11609: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10884: \$? = $ac_status" >&5
+  echo "$as_me:11612: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_lo=$ac_mid; break
 else
@@ -10897,7 +11625,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 while test "x$ac_lo" != "x$ac_hi"; do
   ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
   cat >conftest.$ac_ext <<_ACEOF
-#line 10900 "configure"
+#line 11628 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10909,16 +11637,16 @@ int _array_ [1 - 2 * !((sizeof (long long int)) <= $ac_mid)]
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:10912: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11640: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:10915: \$? = $ac_status" >&5
+  echo "$as_me:11643: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:10918: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11646: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10921: \$? = $ac_status" >&5
+  echo "$as_me:11649: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_hi=$ac_mid
 else
@@ -10931,12 +11659,12 @@ done
 ac_cv_sizeof_long_long_int=$ac_lo
 else
   if test "$cross_compiling" = yes; then
-  { { echo "$as_me:10934: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:11662: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 10939 "configure"
+#line 11667 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -10952,15 +11680,15 @@ fclose (f);
 }
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:10955: \"$ac_link\"") >&5
+if { (eval echo "$as_me:11683: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:10958: \$? = $ac_status" >&5
+  echo "$as_me:11686: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:10960: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11688: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:10963: \$? = $ac_status" >&5
+  echo "$as_me:11691: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_sizeof_long_long_int=`cat conftest.val`
 else
@@ -10976,7 +11704,7 @@ else
   ac_cv_sizeof_long_long_int=0
 fi
 fi
-echo "$as_me:10979: result: $ac_cv_sizeof_long_long_int" >&5
+echo "$as_me:11707: result: $ac_cv_sizeof_long_long_int" >&5
 echo "${ECHO_T}$ac_cv_sizeof_long_long_int" >&6
 cat >>confdefs.h <<EOF
 #define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int
@@ -10988,14 +11716,14 @@ if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
 fi
 
 # More checks for data types
-echo "$as_me:10991: checking for u_int type" >&5
+echo "$as_me:11719: checking for u_int type" >&5
 echo $ECHO_N "checking for u_int type... $ECHO_C" >&6
 if test "${ac_cv_have_u_int+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 10998 "configure"
+#line 11726 "configure"
 #include "confdefs.h"
  #include <sys/types.h>
 int
@@ -11007,16 +11735,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11010: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11738: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11013: \$? = $ac_status" >&5
+  echo "$as_me:11741: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11016: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11744: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11019: \$? = $ac_status" >&5
+  echo "$as_me:11747: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_u_int="yes"
 else
@@ -11028,7 +11756,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11031: result: $ac_cv_have_u_int" >&5
+echo "$as_me:11759: result: $ac_cv_have_u_int" >&5
 echo "${ECHO_T}$ac_cv_have_u_int" >&6
 if test "x$ac_cv_have_u_int" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11038,14 +11766,14 @@ EOF
         have_u_int=1
 fi
 
-echo "$as_me:11041: checking for intXX_t types" >&5
+echo "$as_me:11769: checking for intXX_t types" >&5
 echo $ECHO_N "checking for intXX_t types... $ECHO_C" >&6
 if test "${ac_cv_have_intxx_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11048 "configure"
+#line 11776 "configure"
 #include "confdefs.h"
  #include <sys/types.h>
 int
@@ -11057,16 +11785,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11060: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11788: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11063: \$? = $ac_status" >&5
+  echo "$as_me:11791: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11066: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11794: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11069: \$? = $ac_status" >&5
+  echo "$as_me:11797: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_intxx_t="yes"
 else
@@ -11078,7 +11806,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11081: result: $ac_cv_have_intxx_t" >&5
+echo "$as_me:11809: result: $ac_cv_have_intxx_t" >&5
 echo "${ECHO_T}$ac_cv_have_intxx_t" >&6
 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11089,12 +11817,12 @@ EOF
 fi
 
 if (test -z "$have_intxx_t" && \
-           test "x$ac_cv_header_stdint_h" = "xyes")
+           test "x$ac_cv_header_stdint_h" = "xyes")
 then
-    echo "$as_me:11094: checking for intXX_t types in stdint.h" >&5
+    echo "$as_me:11822: checking for intXX_t types in stdint.h" >&5
 echo $ECHO_N "checking for intXX_t types in stdint.h... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 11097 "configure"
+#line 11825 "configure"
 #include "confdefs.h"
  #include <stdint.h>
 int
@@ -11106,43 +11834,43 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11109: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11837: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11112: \$? = $ac_status" >&5
+  echo "$as_me:11840: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11115: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11843: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11118: \$? = $ac_status" >&5
+  echo "$as_me:11846: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                         cat >>confdefs.h <<\EOF
 #define HAVE_INTXX_T 1
 EOF
 
-                        echo "$as_me:11125: result: yes" >&5
+                        echo "$as_me:11853: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:11131: result: no" >&5
+ echo "$as_me:11859: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 
-echo "$as_me:11138: checking for int64_t type" >&5
+echo "$as_me:11866: checking for int64_t type" >&5
 echo $ECHO_N "checking for int64_t type... $ECHO_C" >&6
 if test "${ac_cv_have_int64_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11145 "configure"
+#line 11873 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11163,16 +11891,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11166: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11894: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11169: \$? = $ac_status" >&5
+  echo "$as_me:11897: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11172: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11900: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11175: \$? = $ac_status" >&5
+  echo "$as_me:11903: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_int64_t="yes"
 else
@@ -11184,7 +11912,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11187: result: $ac_cv_have_int64_t" >&5
+echo "$as_me:11915: result: $ac_cv_have_int64_t" >&5
 echo "${ECHO_T}$ac_cv_have_int64_t" >&6
 if test "x$ac_cv_have_int64_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11193,14 +11921,14 @@ EOF
 
 fi
 
-echo "$as_me:11196: checking for u_intXX_t types" >&5
+echo "$as_me:11924: checking for u_intXX_t types" >&5
 echo $ECHO_N "checking for u_intXX_t types... $ECHO_C" >&6
 if test "${ac_cv_have_u_intxx_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11203 "configure"
+#line 11931 "configure"
 #include "confdefs.h"
  #include <sys/types.h>
 int
@@ -11212,16 +11940,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11215: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11943: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11218: \$? = $ac_status" >&5
+  echo "$as_me:11946: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11221: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11949: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11224: \$? = $ac_status" >&5
+  echo "$as_me:11952: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_u_intxx_t="yes"
 else
@@ -11233,7 +11961,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11236: result: $ac_cv_have_u_intxx_t" >&5
+echo "$as_me:11964: result: $ac_cv_have_u_intxx_t" >&5
 echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6
 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11244,10 +11972,10 @@ EOF
 fi
 
 if test -z "$have_u_intxx_t" ; then
-    echo "$as_me:11247: checking for u_intXX_t types in sys/socket.h" >&5
+    echo "$as_me:11975: checking for u_intXX_t types in sys/socket.h" >&5
 echo $ECHO_N "checking for u_intXX_t types in sys/socket.h... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 11250 "configure"
+#line 11978 "configure"
 #include "confdefs.h"
  #include <sys/socket.h>
 int
@@ -11259,43 +11987,43 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11262: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:11990: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11265: \$? = $ac_status" >&5
+  echo "$as_me:11993: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11268: \"$ac_try\"") >&5
+  { (eval echo "$as_me:11996: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11271: \$? = $ac_status" >&5
+  echo "$as_me:11999: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                         cat >>confdefs.h <<\EOF
 #define HAVE_U_INTXX_T 1
 EOF
 
-                        echo "$as_me:11278: result: yes" >&5
+                        echo "$as_me:12006: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:11284: result: no" >&5
+ echo "$as_me:12012: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 
-echo "$as_me:11291: checking for u_int64_t types" >&5
+echo "$as_me:12019: checking for u_int64_t types" >&5
 echo $ECHO_N "checking for u_int64_t types... $ECHO_C" >&6
 if test "${ac_cv_have_u_int64_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11298 "configure"
+#line 12026 "configure"
 #include "confdefs.h"
  #include <sys/types.h>
 int
@@ -11307,16 +12035,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11310: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12038: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11313: \$? = $ac_status" >&5
+  echo "$as_me:12041: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11316: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12044: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11319: \$? = $ac_status" >&5
+  echo "$as_me:12047: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_u_int64_t="yes"
 else
@@ -11328,7 +12056,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11331: result: $ac_cv_have_u_int64_t" >&5
+echo "$as_me:12059: result: $ac_cv_have_u_int64_t" >&5
 echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6
 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11339,10 +12067,10 @@ EOF
 fi
 
 if test -z "$have_u_int64_t" ; then
-    echo "$as_me:11342: checking for u_int64_t type in sys/bitypes.h" >&5
+    echo "$as_me:12070: checking for u_int64_t type in sys/bitypes.h" >&5
 echo $ECHO_N "checking for u_int64_t type in sys/bitypes.h... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 11345 "configure"
+#line 12073 "configure"
 #include "confdefs.h"
  #include <sys/bitypes.h>
 int
@@ -11354,29 +12082,29 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11357: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12085: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11360: \$? = $ac_status" >&5
+  echo "$as_me:12088: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11363: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12091: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11366: \$? = $ac_status" >&5
+  echo "$as_me:12094: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                         cat >>confdefs.h <<\EOF
 #define HAVE_U_INT64_T 1
 EOF
 
-                        echo "$as_me:11373: result: yes" >&5
+                        echo "$as_me:12101: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:11379: result: no" >&5
+ echo "$as_me:12107: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
@@ -11384,14 +12112,14 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 
 if test -z "$have_u_intxx_t" ; then
-        echo "$as_me:11387: checking for uintXX_t types" >&5
+        echo "$as_me:12115: checking for uintXX_t types" >&5
 echo $ECHO_N "checking for uintXX_t types... $ECHO_C" >&6
 if test "${ac_cv_have_uintxx_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 11394 "configure"
+#line 12122 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11405,16 +12133,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11408: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12136: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11411: \$? = $ac_status" >&5
+  echo "$as_me:12139: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11414: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12142: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11417: \$? = $ac_status" >&5
+  echo "$as_me:12145: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_uintxx_t="yes"
 else
@@ -11426,7 +12154,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11429: result: $ac_cv_have_uintxx_t" >&5
+echo "$as_me:12157: result: $ac_cv_have_uintxx_t" >&5
 echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6
         if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
                 cat >>confdefs.h <<\EOF
@@ -11437,10 +12165,10 @@ EOF
 fi
 
 if test -z "$have_uintxx_t" ; then
-    echo "$as_me:11440: checking for uintXX_t types in stdint.h" >&5
+    echo "$as_me:12168: checking for uintXX_t types in stdint.h" >&5
 echo $ECHO_N "checking for uintXX_t types in stdint.h... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 11443 "configure"
+#line 12171 "configure"
 #include "confdefs.h"
  #include <stdint.h>
 int
@@ -11452,29 +12180,29 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11455: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12183: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11458: \$? = $ac_status" >&5
+  echo "$as_me:12186: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11461: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12189: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11464: \$? = $ac_status" >&5
+  echo "$as_me:12192: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                         cat >>confdefs.h <<\EOF
 #define HAVE_UINTXX_T 1
 EOF
 
-                        echo "$as_me:11471: result: yes" >&5
+                        echo "$as_me:12199: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:11477: result: no" >&5
+ echo "$as_me:12205: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
@@ -11482,12 +12210,12 @@ rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 
 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
-           test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+           test "x$ac_cv_header_sys_bitypes_h" = "xyes")
 then
-        echo "$as_me:11487: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+        echo "$as_me:12215: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
 echo $ECHO_N "checking for intXX_t and u_intXX_t types in sys/bitypes.h... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 11490 "configure"
+#line 12218 "configure"
 #include "confdefs.h"
 
 #include <sys/bitypes.h>
@@ -11505,16 +12233,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11508: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12236: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11511: \$? = $ac_status" >&5
+  echo "$as_me:12239: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11514: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12242: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11517: \$? = $ac_status" >&5
+  echo "$as_me:12245: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                         cat >>confdefs.h <<\EOF
@@ -11525,27 +12253,27 @@ EOF
 #define HAVE_INTXX_T 1
 EOF
 
-                        echo "$as_me:11528: result: yes" >&5
+                        echo "$as_me:12256: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
-echo "$as_me:11534: result: no" >&5
+echo "$as_me:12262: result: no" >&5
 echo "${ECHO_T}no" >&6
 
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
 
-echo "$as_me:11541: checking for u_char" >&5
+echo "$as_me:12269: checking for u_char" >&5
 echo $ECHO_N "checking for u_char... $ECHO_C" >&6
 if test "${ac_cv_have_u_char+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11548 "configure"
+#line 12276 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11559,16 +12287,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11562: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12290: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11565: \$? = $ac_status" >&5
+  echo "$as_me:12293: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11568: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12296: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11571: \$? = $ac_status" >&5
+  echo "$as_me:12299: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_u_char="yes"
 else
@@ -11580,7 +12308,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11583: result: $ac_cv_have_u_char" >&5
+echo "$as_me:12311: result: $ac_cv_have_u_char" >&5
 echo "${ECHO_T}$ac_cv_have_u_char" >&6
 if test "x$ac_cv_have_u_char" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11589,13 +12317,13 @@ EOF
 
 fi
 
-   echo "$as_me:11592: checking for socklen_t" >&5
+   echo "$as_me:12320: checking for socklen_t" >&5
 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
 if test "${ac_cv_type_socklen_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11598 "configure"
+#line 12326 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -11612,16 +12340,16 @@ if (sizeof (socklen_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11615: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12343: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11618: \$? = $ac_status" >&5
+  echo "$as_me:12346: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11621: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12349: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11624: \$? = $ac_status" >&5
+  echo "$as_me:12352: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_socklen_t=yes
 else
@@ -11631,13 +12359,13 @@ ac_cv_type_socklen_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11634: result: $ac_cv_type_socklen_t" >&5
+echo "$as_me:12362: result: $ac_cv_type_socklen_t" >&5
 echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
 if test $ac_cv_type_socklen_t = yes; then
   :
 else
 
-      echo "$as_me:11640: checking for socklen_t equivalent" >&5
+      echo "$as_me:12368: checking for socklen_t equivalent" >&5
 echo $ECHO_N "checking for socklen_t equivalent... $ECHO_C" >&6
       if test "${curl_cv_socklen_t_equiv+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -11649,7 +12377,7 @@ else
          for arg2 in "struct sockaddr" void; do
             for t in int size_t unsigned long "unsigned long"; do
                cat >conftest.$ac_ext <<_ACEOF
-#line 11652 "configure"
+#line 12380 "configure"
 #include "confdefs.h"
 
                   #include <sys/types.h>
@@ -11669,16 +12397,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11672: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12400: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11675: \$? = $ac_status" >&5
+  echo "$as_me:12403: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11678: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12406: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11681: \$? = $ac_status" >&5
+  echo "$as_me:12409: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
 
                   curl_cv_socklen_t_equiv="$t"
@@ -11693,14 +12421,14 @@ rm -f conftest.$ac_objext conftest.$ac_ext
          done
 
          if test "x$curl_cv_socklen_t_equiv" = x; then
-            { { echo "$as_me:11696: error: Cannot find a type to use in place of socklen_t" >&5
+            { { echo "$as_me:12424: error: Cannot find a type to use in place of socklen_t" >&5
 echo "$as_me: error: Cannot find a type to use in place of socklen_t" >&2;}
    { (exit 1); exit 1; }; }
          fi
 
 fi
 
-      echo "$as_me:11703: result: $curl_cv_socklen_t_equiv" >&5
+      echo "$as_me:12431: result: $curl_cv_socklen_t_equiv" >&5
 echo "${ECHO_T}$curl_cv_socklen_t_equiv" >&6
 
 cat >>confdefs.h <<EOF
@@ -11709,13 +12437,13 @@ EOF
 
 fi
 
-echo "$as_me:11712: checking for sig_atomic_t" >&5
+echo "$as_me:12440: checking for sig_atomic_t" >&5
 echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
 if test "${ac_cv_type_sig_atomic_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 11718 "configure"
+#line 12446 "configure"
 #include "confdefs.h"
 #include <signal.h>
 
@@ -11731,16 +12459,16 @@ if (sizeof (sig_atomic_t))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11734: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12462: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11737: \$? = $ac_status" >&5
+  echo "$as_me:12465: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11740: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12468: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11743: \$? = $ac_status" >&5
+  echo "$as_me:12471: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_sig_atomic_t=yes
 else
@@ -11750,7 +12478,7 @@ ac_cv_type_sig_atomic_t=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:11753: result: $ac_cv_type_sig_atomic_t" >&5
+echo "$as_me:12481: result: $ac_cv_type_sig_atomic_t" >&5
 echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
 if test $ac_cv_type_sig_atomic_t = yes; then
 
@@ -11760,14 +12488,14 @@ EOF
 
 fi
 
-echo "$as_me:11763: checking for size_t" >&5
+echo "$as_me:12491: checking for size_t" >&5
 echo $ECHO_N "checking for size_t... $ECHO_C" >&6
 if test "${ac_cv_have_size_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11770 "configure"
+#line 12498 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11781,16 +12509,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11784: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12512: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11787: \$? = $ac_status" >&5
+  echo "$as_me:12515: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11790: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12518: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11793: \$? = $ac_status" >&5
+  echo "$as_me:12521: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_size_t="yes"
 else
@@ -11802,7 +12530,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11805: result: $ac_cv_have_size_t" >&5
+echo "$as_me:12533: result: $ac_cv_have_size_t" >&5
 echo "${ECHO_T}$ac_cv_have_size_t" >&6
 if test "x$ac_cv_have_size_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11811,14 +12539,14 @@ EOF
 
 fi
 
-echo "$as_me:11814: checking for ssize_t" >&5
+echo "$as_me:12542: checking for ssize_t" >&5
 echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
 if test "${ac_cv_have_ssize_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11821 "configure"
+#line 12549 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11832,16 +12560,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11835: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12563: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11838: \$? = $ac_status" >&5
+  echo "$as_me:12566: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11841: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12569: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11844: \$? = $ac_status" >&5
+  echo "$as_me:12572: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_ssize_t="yes"
 else
@@ -11853,7 +12581,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11856: result: $ac_cv_have_ssize_t" >&5
+echo "$as_me:12584: result: $ac_cv_have_ssize_t" >&5
 echo "${ECHO_T}$ac_cv_have_ssize_t" >&6
 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11862,14 +12590,14 @@ EOF
 
 fi
 
-echo "$as_me:11865: checking for clock_t" >&5
+echo "$as_me:12593: checking for clock_t" >&5
 echo $ECHO_N "checking for clock_t... $ECHO_C" >&6
 if test "${ac_cv_have_clock_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11872 "configure"
+#line 12600 "configure"
 #include "confdefs.h"
 
 #include <time.h>
@@ -11883,16 +12611,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11886: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12614: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11889: \$? = $ac_status" >&5
+  echo "$as_me:12617: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11892: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12620: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11895: \$? = $ac_status" >&5
+  echo "$as_me:12623: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_clock_t="yes"
 else
@@ -11904,7 +12632,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11907: result: $ac_cv_have_clock_t" >&5
+echo "$as_me:12635: result: $ac_cv_have_clock_t" >&5
 echo "${ECHO_T}$ac_cv_have_clock_t" >&6
 if test "x$ac_cv_have_clock_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -11913,14 +12641,14 @@ EOF
 
 fi
 
-echo "$as_me:11916: checking for sa_family_t" >&5
+echo "$as_me:12644: checking for sa_family_t" >&5
 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
 if test "${ac_cv_have_sa_family_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 11923 "configure"
+#line 12651 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11935,23 +12663,23 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11938: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12666: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11941: \$? = $ac_status" >&5
+  echo "$as_me:12669: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11944: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12672: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11947: \$? = $ac_status" >&5
+  echo "$as_me:12675: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_sa_family_t="yes"
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
  cat >conftest.$ac_ext <<_ACEOF
-#line 11954 "configure"
+#line 12682 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -11967,16 +12695,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:11970: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12698: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:11973: \$? = $ac_status" >&5
+  echo "$as_me:12701: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:11976: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12704: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:11979: \$? = $ac_status" >&5
+  echo "$as_me:12707: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_sa_family_t="yes"
 else
@@ -11991,7 +12719,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:11994: result: $ac_cv_have_sa_family_t" >&5
+echo "$as_me:12722: result: $ac_cv_have_sa_family_t" >&5
 echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6
 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12000,14 +12728,14 @@ EOF
 
 fi
 
-echo "$as_me:12003: checking for pid_t" >&5
+echo "$as_me:12731: checking for pid_t" >&5
 echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
 if test "${ac_cv_have_pid_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12010 "configure"
+#line 12738 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -12021,16 +12749,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12024: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12752: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12027: \$? = $ac_status" >&5
+  echo "$as_me:12755: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12030: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12758: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12033: \$? = $ac_status" >&5
+  echo "$as_me:12761: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_pid_t="yes"
 else
@@ -12042,7 +12770,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12045: result: $ac_cv_have_pid_t" >&5
+echo "$as_me:12773: result: $ac_cv_have_pid_t" >&5
 echo "${ECHO_T}$ac_cv_have_pid_t" >&6
 if test "x$ac_cv_have_pid_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12051,14 +12779,14 @@ EOF
 
 fi
 
-echo "$as_me:12054: checking for mode_t" >&5
+echo "$as_me:12782: checking for mode_t" >&5
 echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
 if test "${ac_cv_have_mode_t+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12061 "configure"
+#line 12789 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -12072,16 +12800,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12075: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12803: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12078: \$? = $ac_status" >&5
+  echo "$as_me:12806: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12081: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12809: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12084: \$? = $ac_status" >&5
+  echo "$as_me:12812: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_mode_t="yes"
 else
@@ -12093,7 +12821,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12096: result: $ac_cv_have_mode_t" >&5
+echo "$as_me:12824: result: $ac_cv_have_mode_t" >&5
 echo "${ECHO_T}$ac_cv_have_mode_t" >&6
 if test "x$ac_cv_have_mode_t" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12102,14 +12830,14 @@ EOF
 
 fi
 
-echo "$as_me:12105: checking for struct sockaddr_storage" >&5
+echo "$as_me:12833: checking for struct sockaddr_storage" >&5
 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
 if test "${ac_cv_have_struct_sockaddr_storage+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12112 "configure"
+#line 12840 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -12124,16 +12852,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12127: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12855: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12130: \$? = $ac_status" >&5
+  echo "$as_me:12858: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12133: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12861: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12136: \$? = $ac_status" >&5
+  echo "$as_me:12864: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_struct_sockaddr_storage="yes"
 else
@@ -12145,7 +12873,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12148: result: $ac_cv_have_struct_sockaddr_storage" >&5
+echo "$as_me:12876: result: $ac_cv_have_struct_sockaddr_storage" >&5
 echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6
 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12154,14 +12882,14 @@ EOF
 
 fi
 
-echo "$as_me:12157: checking for struct sockaddr_in6" >&5
+echo "$as_me:12885: checking for struct sockaddr_in6" >&5
 echo $ECHO_N "checking for struct sockaddr_in6... $ECHO_C" >&6
 if test "${ac_cv_have_struct_sockaddr_in6+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12164 "configure"
+#line 12892 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -12176,16 +12904,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12179: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12907: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12182: \$? = $ac_status" >&5
+  echo "$as_me:12910: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12185: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12913: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12188: \$? = $ac_status" >&5
+  echo "$as_me:12916: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_struct_sockaddr_in6="yes"
 else
@@ -12197,7 +12925,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12200: result: $ac_cv_have_struct_sockaddr_in6" >&5
+echo "$as_me:12928: result: $ac_cv_have_struct_sockaddr_in6" >&5
 echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6
 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12206,14 +12934,14 @@ EOF
 
 fi
 
-echo "$as_me:12209: checking for struct in6_addr" >&5
+echo "$as_me:12937: checking for struct in6_addr" >&5
 echo $ECHO_N "checking for struct in6_addr... $ECHO_C" >&6
 if test "${ac_cv_have_struct_in6_addr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12216 "configure"
+#line 12944 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -12228,16 +12956,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12231: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:12959: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12234: \$? = $ac_status" >&5
+  echo "$as_me:12962: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12237: \"$ac_try\"") >&5
+  { (eval echo "$as_me:12965: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12240: \$? = $ac_status" >&5
+  echo "$as_me:12968: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_struct_in6_addr="yes"
 else
@@ -12249,7 +12977,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12252: result: $ac_cv_have_struct_in6_addr" >&5
+echo "$as_me:12980: result: $ac_cv_have_struct_in6_addr" >&5
 echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6
 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12258,14 +12986,14 @@ EOF
 
 fi
 
-echo "$as_me:12261: checking for struct addrinfo" >&5
+echo "$as_me:12989: checking for struct addrinfo" >&5
 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
 if test "${ac_cv_have_struct_addrinfo+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12268 "configure"
+#line 12996 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -12281,16 +13009,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12284: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:13012: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12287: \$? = $ac_status" >&5
+  echo "$as_me:13015: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12290: \"$ac_try\"") >&5
+  { (eval echo "$as_me:13018: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12293: \$? = $ac_status" >&5
+  echo "$as_me:13021: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_struct_addrinfo="yes"
 else
@@ -12302,7 +13030,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12305: result: $ac_cv_have_struct_addrinfo" >&5
+echo "$as_me:13033: result: $ac_cv_have_struct_addrinfo" >&5
 echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6
 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12311,14 +13039,14 @@ EOF
 
 fi
 
-echo "$as_me:12314: checking for struct timeval" >&5
+echo "$as_me:13042: checking for struct timeval" >&5
 echo $ECHO_N "checking for struct timeval... $ECHO_C" >&6
 if test "${ac_cv_have_struct_timeval+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 12321 "configure"
+#line 13049 "configure"
 #include "confdefs.h"
  #include <sys/time.h>
 int
@@ -12330,16 +13058,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12333: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:13061: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12336: \$? = $ac_status" >&5
+  echo "$as_me:13064: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12339: \"$ac_try\"") >&5
+  { (eval echo "$as_me:13067: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12342: \$? = $ac_status" >&5
+  echo "$as_me:13070: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_struct_timeval="yes"
 else
@@ -12351,7 +13079,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:12354: result: $ac_cv_have_struct_timeval" >&5
+echo "$as_me:13082: result: $ac_cv_have_struct_timeval" >&5
 echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6
 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -12361,13 +13089,13 @@ EOF
         have_struct_timeval=1
 fi
 
-echo "$as_me:12364: checking for struct timespec" >&5
+echo "$as_me:13092: checking for struct timespec" >&5
 echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6
 if test "${ac_cv_type_struct_timespec+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12370 "configure"
+#line 13098 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -12382,16 +13110,16 @@ if (sizeof (struct timespec))
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:12385: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:13113: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:12388: \$? = $ac_status" >&5
+  echo "$as_me:13116: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:12391: \"$ac_try\"") >&5
+  { (eval echo "$as_me:13119: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12394: \$? = $ac_status" >&5
+  echo "$as_me:13122: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_type_struct_timespec=yes
 else
@@ -12401,7 +13129,7 @@ ac_cv_type_struct_timespec=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:12404: result: $ac_cv_type_struct_timespec" >&5
+echo "$as_me:13132: result: $ac_cv_type_struct_timespec" >&5
 echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6
 if test $ac_cv_type_struct_timespec = yes; then
 
@@ -12421,12 +13149,12 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \
         exit 1;
 else
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:12424: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:13152: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 12429 "configure"
+#line 13157 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -12445,7 +13173,7 @@ main()
         strcpy(expected_out, "9223372036854775807");
         snprintf(buf, mazsize, "%lld", num);
         if(strcmp(buf, expected_out) != 0)
-                exit(1);
+                exit(1);
         exit(0);
 }
 #else
@@ -12454,15 +13182,15 @@ main() { exit(0); }
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:12457: \"$ac_link\"") >&5
+if { (eval echo "$as_me:13185: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:12460: \$? = $ac_status" >&5
+  echo "$as_me:13188: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:12462: \"$ac_try\"") >&5
+  { (eval echo "$as_me:13190: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:12465: \$? = $ac_status" >&5
+  echo "$as_me:13193: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    true
 else
@@ -12481,14 +13209,14 @@ fi
 # look for field 'ut_host' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
-        echo "$as_me:12484: checking for ut_host field in utmp.h" >&5
+        echo "$as_me:13212: checking for ut_host field in utmp.h" >&5
 echo $ECHO_N "checking for ut_host field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12491 "configure"
+#line 13219 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12505,7 +13233,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12508: result: $ossh_result" >&5
+                echo "$as_me:13236: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12514,21 +13242,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12517: result: no" >&5
+                echo "$as_me:13245: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_host' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
-        echo "$as_me:12524: checking for ut_host field in utmpx.h" >&5
+        echo "$as_me:13252: checking for ut_host field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_host field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12531 "configure"
+#line 13259 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -12545,7 +13273,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12548: result: $ossh_result" >&5
+                echo "$as_me:13276: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12554,21 +13282,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12557: result: no" >&5
+                echo "$as_me:13285: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'syslen' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"syslen
-        echo "$as_me:12564: checking for syslen field in utmpx.h" >&5
+        echo "$as_me:13292: checking for syslen field in utmpx.h" >&5
 echo $ECHO_N "checking for syslen field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12571 "configure"
+#line 13299 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -12585,7 +13313,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12588: result: $ossh_result" >&5
+                echo "$as_me:13316: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12594,21 +13322,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12597: result: no" >&5
+                echo "$as_me:13325: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_pid' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid
-        echo "$as_me:12604: checking for ut_pid field in utmp.h" >&5
+        echo "$as_me:13332: checking for ut_pid field in utmp.h" >&5
 echo $ECHO_N "checking for ut_pid field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12611 "configure"
+#line 13339 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12625,7 +13353,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12628: result: $ossh_result" >&5
+                echo "$as_me:13356: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12634,21 +13362,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12637: result: no" >&5
+                echo "$as_me:13365: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_type' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
-        echo "$as_me:12644: checking for ut_type field in utmp.h" >&5
+        echo "$as_me:13372: checking for ut_type field in utmp.h" >&5
 echo $ECHO_N "checking for ut_type field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12651 "configure"
+#line 13379 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12665,7 +13393,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12668: result: $ossh_result" >&5
+                echo "$as_me:13396: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12674,21 +13402,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12677: result: no" >&5
+                echo "$as_me:13405: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_type' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
-        echo "$as_me:12684: checking for ut_type field in utmpx.h" >&5
+        echo "$as_me:13412: checking for ut_type field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_type field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12691 "configure"
+#line 13419 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -12705,7 +13433,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12708: result: $ossh_result" >&5
+                echo "$as_me:13436: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12714,21 +13442,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12717: result: no" >&5
+                echo "$as_me:13445: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_tv' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
-        echo "$as_me:12724: checking for ut_tv field in utmp.h" >&5
+        echo "$as_me:13452: checking for ut_tv field in utmp.h" >&5
 echo $ECHO_N "checking for ut_tv field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12731 "configure"
+#line 13459 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12745,7 +13473,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12748: result: $ossh_result" >&5
+                echo "$as_me:13476: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12754,21 +13482,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12757: result: no" >&5
+                echo "$as_me:13485: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_id' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
-        echo "$as_me:12764: checking for ut_id field in utmp.h" >&5
+        echo "$as_me:13492: checking for ut_id field in utmp.h" >&5
 echo $ECHO_N "checking for ut_id field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12771 "configure"
+#line 13499 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12785,7 +13513,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12788: result: $ossh_result" >&5
+                echo "$as_me:13516: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12794,21 +13522,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12797: result: no" >&5
+                echo "$as_me:13525: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_id' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
-        echo "$as_me:12804: checking for ut_id field in utmpx.h" >&5
+        echo "$as_me:13532: checking for ut_id field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_id field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12811 "configure"
+#line 13539 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -12825,7 +13553,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12828: result: $ossh_result" >&5
+                echo "$as_me:13556: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12834,21 +13562,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12837: result: no" >&5
+                echo "$as_me:13565: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_addr' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
-        echo "$as_me:12844: checking for ut_addr field in utmp.h" >&5
+        echo "$as_me:13572: checking for ut_addr field in utmp.h" >&5
 echo $ECHO_N "checking for ut_addr field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12851 "configure"
+#line 13579 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12865,7 +13593,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12868: result: $ossh_result" >&5
+                echo "$as_me:13596: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12874,21 +13602,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12877: result: no" >&5
+                echo "$as_me:13605: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_addr' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
-        echo "$as_me:12884: checking for ut_addr field in utmpx.h" >&5
+        echo "$as_me:13612: checking for ut_addr field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_addr field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12891 "configure"
+#line 13619 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -12905,7 +13633,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12908: result: $ossh_result" >&5
+                echo "$as_me:13636: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12914,21 +13642,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12917: result: no" >&5
+                echo "$as_me:13645: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_addr_v6' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
-        echo "$as_me:12924: checking for ut_addr_v6 field in utmp.h" >&5
+        echo "$as_me:13652: checking for ut_addr_v6 field in utmp.h" >&5
 echo $ECHO_N "checking for ut_addr_v6 field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12931 "configure"
+#line 13659 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -12945,7 +13673,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12948: result: $ossh_result" >&5
+                echo "$as_me:13676: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12954,21 +13682,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12957: result: no" >&5
+                echo "$as_me:13685: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_addr_v6' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
-        echo "$as_me:12964: checking for ut_addr_v6 field in utmpx.h" >&5
+        echo "$as_me:13692: checking for ut_addr_v6 field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_addr_v6 field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 12971 "configure"
+#line 13699 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -12985,7 +13713,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:12988: result: $ossh_result" >&5
+                echo "$as_me:13716: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -12994,21 +13722,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:12997: result: no" >&5
+                echo "$as_me:13725: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_exit' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit
-        echo "$as_me:13004: checking for ut_exit field in utmp.h" >&5
+        echo "$as_me:13732: checking for ut_exit field in utmp.h" >&5
 echo $ECHO_N "checking for ut_exit field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 13011 "configure"
+#line 13739 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -13025,7 +13753,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:13028: result: $ossh_result" >&5
+                echo "$as_me:13756: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -13034,21 +13762,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:13037: result: no" >&5
+                echo "$as_me:13765: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_time' in header 'utmp.h'
                 ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
-        echo "$as_me:13044: checking for ut_time field in utmp.h" >&5
+        echo "$as_me:13772: checking for ut_time field in utmp.h" >&5
 echo $ECHO_N "checking for ut_time field in utmp.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 13051 "configure"
+#line 13779 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 
@@ -13065,7 +13793,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:13068: result: $ossh_result" >&5
+                echo "$as_me:13796: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -13074,21 +13802,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:13077: result: no" >&5
+                echo "$as_me:13805: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_time' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
-        echo "$as_me:13084: checking for ut_time field in utmpx.h" >&5
+        echo "$as_me:13812: checking for ut_time field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_time field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 13091 "configure"
+#line 13819 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -13105,7 +13833,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:13108: result: $ossh_result" >&5
+                echo "$as_me:13836: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -13114,21 +13842,21 @@ EOF
 
                 fi
         else
-                echo "$as_me:13117: result: no" >&5
+                echo "$as_me:13845: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
 # look for field 'ut_tv' in header 'utmpx.h'
                 ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
                 ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
-        echo "$as_me:13124: checking for ut_tv field in utmpx.h" >&5
+        echo "$as_me:13852: checking for ut_tv field in utmpx.h" >&5
 echo $ECHO_N "checking for ut_tv field in utmpx.h... $ECHO_C" >&6
         if eval "test \"\${$ossh_varname+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
                 cat >conftest.$ac_ext <<_ACEOF
-#line 13131 "configure"
+#line 13859 "configure"
 #include "confdefs.h"
 #include <utmpx.h>
 
@@ -13145,7 +13873,7 @@ fi
 
         ossh_result=`eval 'echo $'"$ossh_varname"`
         if test -n "`echo $ossh_varname`"; then
-                echo "$as_me:13148: result: $ossh_result" >&5
+                echo "$as_me:13876: result: $ossh_result" >&5
 echo "${ECHO_T}$ossh_result" >&6
                 if test "x$ossh_result" = "xyes"; then
                         cat >>confdefs.h <<\EOF
@@ -13154,17 +13882,17 @@ EOF
 
                 fi
         else
-                echo "$as_me:13157: result: no" >&5
+                echo "$as_me:13885: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 
-echo "$as_me:13161: checking for struct stat.st_blksize" >&5
+echo "$as_me:13889: checking for struct stat.st_blksize" >&5
 echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6
 if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13167 "configure"
+#line 13895 "configure"
 #include "confdefs.h"
 $ac_includes_default
 int
@@ -13178,16 +13906,16 @@ return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13181: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:13909: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:13184: \$? = $ac_status" >&5
+  echo "$as_me:13912: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13187: \"$ac_try\"") >&5
+  { (eval echo "$as_me:13915: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13190: \$? = $ac_status" >&5
+  echo "$as_me:13918: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_member_struct_stat_st_blksize=yes
 else
@@ -13197,7 +13925,7 @@ ac_cv_member_struct_stat_st_blksize=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:13200: result: $ac_cv_member_struct_stat_st_blksize" >&5
+echo "$as_me:13928: result: $ac_cv_member_struct_stat_st_blksize" >&5
 echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6
 if test $ac_cv_member_struct_stat_st_blksize = yes; then
 
@@ -13207,14 +13935,14 @@ EOF
 
 fi
 
-echo "$as_me:13210: checking for ss_family field in struct sockaddr_storage" >&5
+echo "$as_me:13938: checking for ss_family field in struct sockaddr_storage" >&5
 echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6
 if test "${ac_cv_have_ss_family_in_struct_ss+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13217 "configure"
+#line 13945 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -13229,16 +13957,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13232: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:13960: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:13235: \$? = $ac_status" >&5
+  echo "$as_me:13963: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13238: \"$ac_try\"") >&5
+  { (eval echo "$as_me:13966: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13241: \$? = $ac_status" >&5
+  echo "$as_me:13969: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_ss_family_in_struct_ss="yes"
 else
@@ -13249,7 +13977,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:13252: result: $ac_cv_have_ss_family_in_struct_ss" >&5
+echo "$as_me:13980: result: $ac_cv_have_ss_family_in_struct_ss" >&5
 echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6
 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13258,14 +13986,14 @@ EOF
 
 fi
 
-echo "$as_me:13261: checking for __ss_family field in struct sockaddr_storage" >&5
+echo "$as_me:13989: checking for __ss_family field in struct sockaddr_storage" >&5
 echo $ECHO_N "checking for __ss_family field in struct sockaddr_storage... $ECHO_C" >&6
 if test "${ac_cv_have___ss_family_in_struct_ss+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13268 "configure"
+#line 13996 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -13280,16 +14008,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13283: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:14011: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:13286: \$? = $ac_status" >&5
+  echo "$as_me:14014: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13289: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14017: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13292: \$? = $ac_status" >&5
+  echo "$as_me:14020: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have___ss_family_in_struct_ss="yes"
 else
@@ -13301,7 +14029,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:13304: result: $ac_cv_have___ss_family_in_struct_ss" >&5
+echo "$as_me:14032: result: $ac_cv_have___ss_family_in_struct_ss" >&5
 echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6
 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13310,14 +14038,14 @@ EOF
 
 fi
 
-echo "$as_me:13313: checking for pw_class field in struct passwd" >&5
+echo "$as_me:14041: checking for pw_class field in struct passwd" >&5
 echo $ECHO_N "checking for pw_class field in struct passwd... $ECHO_C" >&6
 if test "${ac_cv_have_pw_class_in_struct_passwd+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13320 "configure"
+#line 14048 "configure"
 #include "confdefs.h"
 
 #include <pwd.h>
@@ -13331,16 +14059,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13334: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:14062: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:13337: \$? = $ac_status" >&5
+  echo "$as_me:14065: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13340: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14068: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13343: \$? = $ac_status" >&5
+  echo "$as_me:14071: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_pw_class_in_struct_passwd="yes"
 else
@@ -13352,7 +14080,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:13355: result: $ac_cv_have_pw_class_in_struct_passwd" >&5
+echo "$as_me:14083: result: $ac_cv_have_pw_class_in_struct_passwd" >&5
 echo "${ECHO_T}$ac_cv_have_pw_class_in_struct_passwd" >&6
 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13361,14 +14089,14 @@ EOF
 
 fi
 
-echo "$as_me:13364: checking for pw_expire field in struct passwd" >&5
+echo "$as_me:14092: checking for pw_expire field in struct passwd" >&5
 echo $ECHO_N "checking for pw_expire field in struct passwd... $ECHO_C" >&6
 if test "${ac_cv_have_pw_expire_in_struct_passwd+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13371 "configure"
+#line 14099 "configure"
 #include "confdefs.h"
 
 #include <pwd.h>
@@ -13382,16 +14110,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13385: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:14113: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:13388: \$? = $ac_status" >&5
+  echo "$as_me:14116: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13391: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14119: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13394: \$? = $ac_status" >&5
+  echo "$as_me:14122: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_pw_expire_in_struct_passwd="yes"
 else
@@ -13403,7 +14131,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:13406: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5
+echo "$as_me:14134: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5
 echo "${ECHO_T}$ac_cv_have_pw_expire_in_struct_passwd" >&6
 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13412,14 +14140,14 @@ EOF
 
 fi
 
-echo "$as_me:13415: checking for pw_change field in struct passwd" >&5
+echo "$as_me:14143: checking for pw_change field in struct passwd" >&5
 echo $ECHO_N "checking for pw_change field in struct passwd... $ECHO_C" >&6
 if test "${ac_cv_have_pw_change_in_struct_passwd+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13422 "configure"
+#line 14150 "configure"
 #include "confdefs.h"
 
 #include <pwd.h>
@@ -13433,16 +14161,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:13436: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:14164: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:13439: \$? = $ac_status" >&5
+  echo "$as_me:14167: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:13442: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14170: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13445: \$? = $ac_status" >&5
+  echo "$as_me:14173: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_pw_change_in_struct_passwd="yes"
 else
@@ -13454,7 +14182,7 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
 fi
-echo "$as_me:13457: result: $ac_cv_have_pw_change_in_struct_passwd" >&5
+echo "$as_me:14185: result: $ac_cv_have_pw_change_in_struct_passwd" >&5
 echo "${ECHO_T}$ac_cv_have_pw_change_in_struct_passwd" >&6
 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13463,19 +14191,19 @@ EOF
 
 fi
 
-echo "$as_me:13466: checking for msg_accrights field in struct msghdr" >&5
+echo "$as_me:14194: checking for msg_accrights field in struct msghdr" >&5
 echo $ECHO_N "checking for msg_accrights field in struct msghdr... $ECHO_C" >&6
 if test "${ac_cv_have_accrights_in_msghdr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:13473: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:14201: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13478 "configure"
+#line 14206 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -13492,15 +14220,15 @@ exit(0);
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:13495: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14223: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13498: \$? = $ac_status" >&5
+  echo "$as_me:14226: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:13500: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14228: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13503: \$? = $ac_status" >&5
+  echo "$as_me:14231: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_accrights_in_msghdr="yes"
 else
@@ -13514,7 +14242,7 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
 fi
-echo "$as_me:13517: result: $ac_cv_have_accrights_in_msghdr" >&5
+echo "$as_me:14245: result: $ac_cv_have_accrights_in_msghdr" >&5
 echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6
 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13523,19 +14251,19 @@ EOF
 
 fi
 
-echo "$as_me:13526: checking for msg_control field in struct msghdr" >&5
+echo "$as_me:14254: checking for msg_control field in struct msghdr" >&5
 echo $ECHO_N "checking for msg_control field in struct msghdr... $ECHO_C" >&6
 if test "${ac_cv_have_control_in_msghdr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         if test "$cross_compiling" = yes; then
-  { { echo "$as_me:13533: error: cannot run test program while cross compiling" >&5
+  { { echo "$as_me:14261: error: cannot run test program while cross compiling" >&5
 echo "$as_me: error: cannot run test program while cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13538 "configure"
+#line 14266 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -13552,15 +14280,15 @@ exit(0);
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:13555: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14283: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13558: \$? = $ac_status" >&5
+  echo "$as_me:14286: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:13560: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14288: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13563: \$? = $ac_status" >&5
+  echo "$as_me:14291: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_control_in_msghdr="yes"
 else
@@ -13574,7 +14302,7 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
 fi
-echo "$as_me:13577: result: $ac_cv_have_control_in_msghdr" >&5
+echo "$as_me:14305: result: $ac_cv_have_control_in_msghdr" >&5
 echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6
 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13583,14 +14311,14 @@ EOF
 
 fi
 
-echo "$as_me:13586: checking if libc defines __progname" >&5
+echo "$as_me:14314: checking if libc defines __progname" >&5
 echo $ECHO_N "checking if libc defines __progname... $ECHO_C" >&6
 if test "${ac_cv_libc_defines___progname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13593 "configure"
+#line 14321 "configure"
 #include "confdefs.h"
 
 int
@@ -13602,16 +14330,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13605: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14333: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13608: \$? = $ac_status" >&5
+  echo "$as_me:14336: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13611: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14339: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13614: \$? = $ac_status" >&5
+  echo "$as_me:14342: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_libc_defines___progname="yes"
 else
@@ -13623,7 +14351,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:13626: result: $ac_cv_libc_defines___progname" >&5
+echo "$as_me:14354: result: $ac_cv_libc_defines___progname" >&5
 echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6
 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13632,14 +14360,14 @@ EOF
 
 fi
 
-echo "$as_me:13635: checking whether $CC implements __FUNCTION__" >&5
+echo "$as_me:14363: checking whether $CC implements __FUNCTION__" >&5
 echo $ECHO_N "checking whether $CC implements __FUNCTION__... $ECHO_C" >&6
 if test "${ac_cv_cc_implements___FUNCTION__+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13642 "configure"
+#line 14370 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -13653,16 +14381,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13656: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14384: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13659: \$? = $ac_status" >&5
+  echo "$as_me:14387: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13662: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14390: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13665: \$? = $ac_status" >&5
+  echo "$as_me:14393: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_cc_implements___FUNCTION__="yes"
 else
@@ -13674,7 +14402,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:13677: result: $ac_cv_cc_implements___FUNCTION__" >&5
+echo "$as_me:14405: result: $ac_cv_cc_implements___FUNCTION__" >&5
 echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6
 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13683,14 +14411,14 @@ EOF
 
 fi
 
-echo "$as_me:13686: checking whether $CC implements __func__" >&5
+echo "$as_me:14414: checking whether $CC implements __func__" >&5
 echo $ECHO_N "checking whether $CC implements __func__... $ECHO_C" >&6
 if test "${ac_cv_cc_implements___func__+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13693 "configure"
+#line 14421 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -13704,16 +14432,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13707: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14435: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13710: \$? = $ac_status" >&5
+  echo "$as_me:14438: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13713: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14441: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13716: \$? = $ac_status" >&5
+  echo "$as_me:14444: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_cc_implements___func__="yes"
 else
@@ -13725,7 +14453,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:13728: result: $ac_cv_cc_implements___func__" >&5
+echo "$as_me:14456: result: $ac_cv_cc_implements___func__" >&5
 echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6
 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13734,14 +14462,14 @@ EOF
 
 fi
 
-echo "$as_me:13737: checking whether getopt has optreset support" >&5
+echo "$as_me:14465: checking whether getopt has optreset support" >&5
 echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6
 if test "${ac_cv_have_getopt_optreset+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13744 "configure"
+#line 14472 "configure"
 #include "confdefs.h"
 
 #include <getopt.h>
@@ -13755,16 +14483,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13758: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14486: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13761: \$? = $ac_status" >&5
+  echo "$as_me:14489: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13764: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14492: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13767: \$? = $ac_status" >&5
+  echo "$as_me:14495: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_have_getopt_optreset="yes"
 else
@@ -13776,7 +14504,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:13779: result: $ac_cv_have_getopt_optreset" >&5
+echo "$as_me:14507: result: $ac_cv_have_getopt_optreset" >&5
 echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6
 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13785,14 +14513,14 @@ EOF
 
 fi
 
-echo "$as_me:13788: checking if libc defines sys_errlist" >&5
+echo "$as_me:14516: checking if libc defines sys_errlist" >&5
 echo $ECHO_N "checking if libc defines sys_errlist... $ECHO_C" >&6
 if test "${ac_cv_libc_defines_sys_errlist+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13795 "configure"
+#line 14523 "configure"
 #include "confdefs.h"
 
 int
@@ -13804,16 +14532,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13807: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14535: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13810: \$? = $ac_status" >&5
+  echo "$as_me:14538: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13813: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14541: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13816: \$? = $ac_status" >&5
+  echo "$as_me:14544: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_libc_defines_sys_errlist="yes"
 else
@@ -13825,7 +14553,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:13828: result: $ac_cv_libc_defines_sys_errlist" >&5
+echo "$as_me:14556: result: $ac_cv_libc_defines_sys_errlist" >&5
 echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6
 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13834,14 +14562,14 @@ EOF
 
 fi
 
-echo "$as_me:13837: checking if libc defines sys_nerr" >&5
+echo "$as_me:14565: checking if libc defines sys_nerr" >&5
 echo $ECHO_N "checking if libc defines sys_nerr... $ECHO_C" >&6
 if test "${ac_cv_libc_defines_sys_nerr+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
 
         cat >conftest.$ac_ext <<_ACEOF
-#line 13844 "configure"
+#line 14572 "configure"
 #include "confdefs.h"
 
 int
@@ -13853,16 +14581,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13856: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14584: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13859: \$? = $ac_status" >&5
+  echo "$as_me:14587: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13862: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14590: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13865: \$? = $ac_status" >&5
+  echo "$as_me:14593: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    ac_cv_libc_defines_sys_nerr="yes"
 else
@@ -13874,7 +14602,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 
 fi
-echo "$as_me:13877: result: $ac_cv_libc_defines_sys_nerr" >&5
+echo "$as_me:14605: result: $ac_cv_libc_defines_sys_nerr" >&5
 echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6
 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
         cat >>confdefs.h <<\EOF
@@ -13905,23 +14633,23 @@ if test "${with_sectok+set}" = set; then
 for ac_header in sectok.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:13908: checking for $ac_header" >&5
+echo "$as_me:14636: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 13914 "configure"
+#line 14642 "configure"
 #include "confdefs.h"
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:13918: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:14646: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:13924: \$? = $ac_status" >&5
+  echo "$as_me:14652: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -13940,7 +14668,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:13943: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:14671: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -13951,12 +14679,12 @@ fi
 done
 
                         if test "$ac_cv_header_sectok_h" != yes; then
-                                { { echo "$as_me:13954: error: Can't find sectok.h" >&5
+                                { { echo "$as_me:14682: error: Can't find sectok.h" >&5
 echo "$as_me: error: Can't find sectok.h" >&2;}
    { (exit 1); exit 1; }; }
                         fi
 
-echo "$as_me:13959: checking for sectok_open in -lsectok" >&5
+echo "$as_me:14687: checking for sectok_open in -lsectok" >&5
 echo $ECHO_N "checking for sectok_open in -lsectok... $ECHO_C" >&6
 if test "${ac_cv_lib_sectok_sectok_open+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -13964,7 +14692,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lsectok  $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 13967 "configure"
+#line 14695 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -13983,16 +14711,16 @@ sectok_open ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:13986: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14714: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:13989: \$? = $ac_status" >&5
+  echo "$as_me:14717: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:13992: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14720: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:13995: \$? = $ac_status" >&5
+  echo "$as_me:14723: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_sectok_sectok_open=yes
 else
@@ -14003,7 +14731,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14006: result: $ac_cv_lib_sectok_sectok_open" >&5
+echo "$as_me:14734: result: $ac_cv_lib_sectok_sectok_open" >&5
 echo "${ECHO_T}$ac_cv_lib_sectok_sectok_open" >&6
 if test $ac_cv_lib_sectok_sectok_open = yes; then
   cat >>confdefs.h <<EOF
@@ -14015,7 +14743,7 @@ EOF
 fi
 
                         if test "$ac_cv_lib_sectok_sectok_open" != yes; then
-                                { { echo "$as_me:14018: error: Can't find libsectok" >&5
+                                { { echo "$as_me:14746: error: Can't find libsectok" >&5
 echo "$as_me: error: Can't find libsectok" >&2;}
    { (exit 1); exit 1; }; }
                         fi
@@ -14045,7 +14773,7 @@ if test x$opensc_config_prefix != x ; then
   OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
   # Extract the first word of "opensc-config", so it can be a program name with args.
 set dummy opensc-config; ac_word=$2
-echo "$as_me:14048: checking for $ac_word" >&5
+echo "$as_me:14776: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_OPENSC_CONFIG+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14062,7 +14790,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_OPENSC_CONFIG="$ac_dir/$ac_word"
-   echo "$as_me:14065: found $ac_dir/$ac_word" >&5
+   echo "$as_me:14793: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -14074,10 +14802,10 @@ fi
 OPENSC_CONFIG=$ac_cv_path_OPENSC_CONFIG
 
 if test -n "$OPENSC_CONFIG"; then
-  echo "$as_me:14077: result: $OPENSC_CONFIG" >&5
+  echo "$as_me:14805: result: $OPENSC_CONFIG" >&5
 echo "${ECHO_T}$OPENSC_CONFIG" >&6
 else
-  echo "$as_me:14080: result: no" >&5
+  echo "$as_me:14808: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -14098,20 +14826,8 @@ EOF
   fi
 fi
 
-# Check whether user wants DNS support
-DNS_MSG="no"
-
-# Check whether --with-dns or --without-dns was given.
-if test "${with_dns+set}" = set; then
-  withval="$with_dns"
-
-                if test "x$withval" != "xno" ; then
-                        DNS_MSG="yes"
-                        cat >>confdefs.h <<\EOF
-#define DNS 1
-EOF
-
-                        echo "$as_me:14114: checking for library containing getrrsetbyname" >&5
+# Check libraries needed by DNS fingerprint support
+echo "$as_me:14830: checking for library containing getrrsetbyname" >&5
 echo $ECHO_N "checking for library containing getrrsetbyname... $ECHO_C" >&6
 if test "${ac_cv_search_getrrsetbyname+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14119,7 +14835,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_getrrsetbyname=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 14122 "configure"
+#line 14838 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14138,16 +14854,16 @@ getrrsetbyname ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14141: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14857: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14144: \$? = $ac_status" >&5
+  echo "$as_me:14860: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14147: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14863: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14150: \$? = $ac_status" >&5
+  echo "$as_me:14866: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_getrrsetbyname="none required"
 else
@@ -14159,7 +14875,7 @@ if test "$ac_cv_search_getrrsetbyname" = no; then
   for ac_lib in resolv; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 14162 "configure"
+#line 14878 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14178,16 +14894,16 @@ getrrsetbyname ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14181: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14897: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14184: \$? = $ac_status" >&5
+  echo "$as_me:14900: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14187: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14903: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14190: \$? = $ac_status" >&5
+  echo "$as_me:14906: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_getrrsetbyname="-l$ac_lib"
 break
@@ -14200,7 +14916,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:14203: result: $ac_cv_search_getrrsetbyname" >&5
+echo "$as_me:14919: result: $ac_cv_search_getrrsetbyname" >&5
 echo "${ECHO_T}$ac_cv_search_getrrsetbyname" >&6
 if test "$ac_cv_search_getrrsetbyname" != no; then
   test "$ac_cv_search_getrrsetbyname" = "none required" || LIBS="$ac_cv_search_getrrsetbyname $LIBS"
@@ -14210,8 +14926,8 @@ EOF
 
 else
 
-                                        # Needed by our getrrsetbyname()
-                                        echo "$as_me:14214: checking for library containing res_query" >&5
+                # Needed by our getrrsetbyname()
+                echo "$as_me:14930: checking for library containing res_query" >&5
 echo $ECHO_N "checking for library containing res_query... $ECHO_C" >&6
 if test "${ac_cv_search_res_query+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14219,7 +14935,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_res_query=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 14222 "configure"
+#line 14938 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14238,16 +14954,16 @@ res_query ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14241: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14957: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14244: \$? = $ac_status" >&5
+  echo "$as_me:14960: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14247: \"$ac_try\"") >&5
+  { (eval echo "$as_me:14963: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14250: \$? = $ac_status" >&5
+  echo "$as_me:14966: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_res_query="none required"
 else
@@ -14259,7 +14975,7 @@ if test "$ac_cv_search_res_query" = no; then
   for ac_lib in resolv; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 14262 "configure"
+#line 14978 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14278,16 +14994,16 @@ res_query ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14281: \"$ac_link\"") >&5
+if { (eval echo "$as_me:14997: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14284: \$? = $ac_status" >&5
+  echo "$as_me:15000: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14287: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15003: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14290: \$? = $ac_status" >&5
+  echo "$as_me:15006: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_res_query="-l$ac_lib"
 break
@@ -14300,14 +15016,14 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:14303: result: $ac_cv_search_res_query" >&5
+echo "$as_me:15019: result: $ac_cv_search_res_query" >&5
 echo "${ECHO_T}$ac_cv_search_res_query" >&6
 if test "$ac_cv_search_res_query" != no; then
   test "$ac_cv_search_res_query" = "none required" || LIBS="$ac_cv_search_res_query $LIBS"
 
 fi
 
-                                        echo "$as_me:14310: checking for library containing dn_expand" >&5
+                echo "$as_me:15026: checking for library containing dn_expand" >&5
 echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6
 if test "${ac_cv_search_dn_expand+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14315,7 +15031,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_dn_expand=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 14318 "configure"
+#line 15034 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14334,16 +15050,16 @@ dn_expand ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14337: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15053: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14340: \$? = $ac_status" >&5
+  echo "$as_me:15056: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14343: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15059: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14346: \$? = $ac_status" >&5
+  echo "$as_me:15062: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_dn_expand="none required"
 else
@@ -14355,7 +15071,7 @@ if test "$ac_cv_search_dn_expand" = no; then
   for ac_lib in resolv; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 14358 "configure"
+#line 15074 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14374,16 +15090,16 @@ dn_expand ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14377: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15093: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14380: \$? = $ac_status" >&5
+  echo "$as_me:15096: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14383: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15099: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14386: \$? = $ac_status" >&5
+  echo "$as_me:15102: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_dn_expand="-l$ac_lib"
 break
@@ -14396,7 +15112,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:14399: result: $ac_cv_search_dn_expand" >&5
+echo "$as_me:15115: result: $ac_cv_search_dn_expand" >&5
 echo "${ECHO_T}$ac_cv_search_dn_expand" >&6
 if test "$ac_cv_search_dn_expand" != no; then
   test "$ac_cv_search_dn_expand" = "none required" || LIBS="$ac_cv_search_dn_expand $LIBS"
@@ -14406,13 +15122,13 @@ fi
 for ac_func in _getshort _getlong
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:14409: checking for $ac_func" >&5
+echo "$as_me:15125: checking for $ac_func" >&5
 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
 if eval "test \"\${$as_ac_var+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14415 "configure"
+#line 15131 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func (); below.  */
@@ -14443,16 +15159,16 @@ f = $ac_func;
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14446: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15162: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14449: \$? = $ac_status" >&5
+  echo "$as_me:15165: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14452: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15168: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14455: \$? = $ac_status" >&5
+  echo "$as_me:15171: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   eval "$as_ac_var=yes"
 else
@@ -14462,7 +15178,7 @@ eval "$as_ac_var=no"
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
-echo "$as_me:14465: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "$as_me:15181: result: `eval echo '${'$as_ac_var'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
 if test `eval echo '${'$as_ac_var'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -14472,13 +15188,13 @@ EOF
 fi
 done
 
-                                        echo "$as_me:14475: checking for HEADER.ad" >&5
+                echo "$as_me:15191: checking for HEADER.ad" >&5
 echo $ECHO_N "checking for HEADER.ad... $ECHO_C" >&6
 if test "${ac_cv_member_HEADER_ad+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14481 "configure"
+#line 15197 "configure"
 #include "confdefs.h"
 #include <arpa/nameser.h>
 
@@ -14493,16 +15209,16 @@ return 0;
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:14496: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:15212: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:14499: \$? = $ac_status" >&5
+  echo "$as_me:15215: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:14502: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15218: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14505: \$? = $ac_status" >&5
+  echo "$as_me:15221: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_member_HEADER_ad=yes
 else
@@ -14512,7 +15228,7 @@ ac_cv_member_HEADER_ad=no
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 fi
-echo "$as_me:14515: result: $ac_cv_member_HEADER_ad" >&5
+echo "$as_me:15231: result: $ac_cv_member_HEADER_ad" >&5
 echo "${ECHO_T}$ac_cv_member_HEADER_ad" >&6
 if test $ac_cv_member_HEADER_ad = yes; then
   cat >>confdefs.h <<\EOF
@@ -14523,34 +15239,99 @@ fi
 
 fi
 
-                fi
-
-fi;
-
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
 
 # Check whether --with-kerberos5 or --without-kerberos5 was given.
 if test "${with_kerberos5+set}" = set; then
   withval="$with_kerberos5"
+   if test "x$withval" != "xno" ; then
+                if test "x$withval" = "xyes" ; then
+                        KRB5ROOT="/usr/local"
+                else
+                        KRB5ROOT=${withval}
+                fi
 
-                if test "x$withval" != "xno" ; then
-                        if test "x$withval" = "xyes" ; then
-                                KRB5ROOT="/usr/local"
-                        else
-                                KRB5ROOT=${withval}
-                        fi
-                        CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-                        LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
-                        cat >>confdefs.h <<\EOF
+                cat >>confdefs.h <<\EOF
 #define KRB5 1
 EOF
 
-                        KRB5_MSG="yes"
-                        echo "$as_me:14550: checking whether we are using Heimdal" >&5
+                KRB5_MSG="yes"
+
+                echo "$as_me:15261: checking for krb5-config" >&5
+echo $ECHO_N "checking for krb5-config... $ECHO_C" >&6
+                if test -x  $KRB5ROOT/bin/krb5-config ; then
+                        KRB5CONF=$KRB5ROOT/bin/krb5-config
+                        echo "$as_me:15265: result: $KRB5CONF" >&5
+echo "${ECHO_T}$KRB5CONF" >&6
+
+                        echo "$as_me:15268: checking for gssapi support" >&5
+echo $ECHO_N "checking for gssapi support... $ECHO_C" >&6
+                        if $KRB5CONF | grep gssapi >/dev/null ; then
+                                echo "$as_me:15271: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+                                cat >>confdefs.h <<\EOF
+#define GSSAPI 1
+EOF
+
+                                k5confopts=gssapi
+                        else
+                                echo "$as_me:15279: result: no" >&5
+echo "${ECHO_T}no" >&6
+                                k5confopts=""
+                        fi
+                        K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
+                        K5LIBS="`$KRB5CONF --libs $k5confopts`"
+                        CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+                        echo "$as_me:15286: checking whether we are using Heimdal" >&5
+echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6
+                        cat >conftest.$ac_ext <<_ACEOF
+#line 15289 "configure"
+#include "confdefs.h"
+ #include <krb5.h>
+int
+main ()
+{
+ char *tmp = heimdal_version;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:15301: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:15304: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:15307: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:15310: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+   echo "$as_me:15312: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+                                         cat >>confdefs.h <<\EOF
+#define HEIMDAL 1
+EOF
+
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+echo "$as_me:15321: result: no" >&5
+echo "${ECHO_T}no" >&6
+
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+                else
+                        echo "$as_me:15327: result: no" >&5
+echo "${ECHO_T}no" >&6
+                        CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+                        LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+                        echo "$as_me:15331: checking whether we are using Heimdal" >&5
 echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6
-                        cat >conftest.$ac_ext <<_ACEOF
-#line 14553 "configure"
+                        cat >conftest.$ac_ext <<_ACEOF
+#line 15334 "configure"
 #include "confdefs.h"
  #include <krb5.h>
 int
@@ -14562,41 +15343,35 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:14565: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:15346: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:14568: \$? = $ac_status" >&5
+  echo "$as_me:15349: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:14571: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15352: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14574: \$? = $ac_status" >&5
+  echo "$as_me:15355: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:14576: result: yes" >&5
+   echo "$as_me:15357: result: yes" >&5
 echo "${ECHO_T}yes" >&6
-                                         cat >>confdefs.h <<\EOF
+                                         cat >>confdefs.h <<\EOF
 #define HEIMDAL 1
 EOF
 
-                                         K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+                                         K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
 
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:14587: result: no" >&5
+ echo "$as_me:15368: result: no" >&5
 echo "${ECHO_T}no" >&6
-                                         K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+                                         K5LIBS="-lkrb5 -lk5crypto -lcom_err"
 
 fi
 rm -f conftest.$ac_objext conftest.$ac_ext
-                        if test ! -z "$need_dash_r" ; then
-                                LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
-                        fi
-                        if test ! -z "$blibpath" ; then
-                                blibpath="$blibpath:${KRB5ROOT}/lib"
-                        fi
-                        echo "$as_me:14599: checking for library containing dn_expand" >&5
+                        echo "$as_me:15374: checking for library containing dn_expand" >&5
 echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6
 if test "${ac_cv_search_dn_expand+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14604,7 +15379,7 @@ else
   ac_func_search_save_LIBS=$LIBS
 ac_cv_search_dn_expand=no
 cat >conftest.$ac_ext <<_ACEOF
-#line 14607 "configure"
+#line 15382 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14623,16 +15398,16 @@ dn_expand ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14626: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15401: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14629: \$? = $ac_status" >&5
+  echo "$as_me:15404: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14632: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15407: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14635: \$? = $ac_status" >&5
+  echo "$as_me:15410: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_dn_expand="none required"
 else
@@ -14644,7 +15419,7 @@ if test "$ac_cv_search_dn_expand" = no; then
   for ac_lib in resolv; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
     cat >conftest.$ac_ext <<_ACEOF
-#line 14647 "configure"
+#line 15422 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14663,16 +15438,16 @@ dn_expand ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14666: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15441: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14669: \$? = $ac_status" >&5
+  echo "$as_me:15444: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14672: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15447: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14675: \$? = $ac_status" >&5
+  echo "$as_me:15450: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_search_dn_expand="-l$ac_lib"
 break
@@ -14685,14 +15460,14 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 fi
 LIBS=$ac_func_search_save_LIBS
 fi
-echo "$as_me:14688: result: $ac_cv_search_dn_expand" >&5
+echo "$as_me:15463: result: $ac_cv_search_dn_expand" >&5
 echo "${ECHO_T}$ac_cv_search_dn_expand" >&6
 if test "$ac_cv_search_dn_expand" != no; then
   test "$ac_cv_search_dn_expand" = "none required" || LIBS="$ac_cv_search_dn_expand $LIBS"
 
 fi
 
-                        echo "$as_me:14695: checking for gss_init_sec_context in -lgssapi" >&5
+                        echo "$as_me:15470: checking for gss_init_sec_context in -lgssapi" >&5
 echo $ECHO_N "checking for gss_init_sec_context in -lgssapi... $ECHO_C" >&6
 if test "${ac_cv_lib_gssapi_gss_init_sec_context+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14700,7 +15475,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lgssapi $K5LIBS $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14703 "configure"
+#line 15478 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14719,16 +15494,16 @@ gss_init_sec_context ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14722: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15497: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14725: \$? = $ac_status" >&5
+  echo "$as_me:15500: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14728: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15503: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14731: \$? = $ac_status" >&5
+  echo "$as_me:15506: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_gssapi_gss_init_sec_context=yes
 else
@@ -14739,7 +15514,7 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14742: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
+echo "$as_me:15517: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
 echo "${ECHO_T}$ac_cv_lib_gssapi_gss_init_sec_context" >&6
 if test $ac_cv_lib_gssapi_gss_init_sec_context = yes; then
    cat >>confdefs.h <<\EOF
@@ -14748,7 +15523,7 @@ EOF
 
                                   K5LIBS="-lgssapi $K5LIBS"
 else
-   echo "$as_me:14751: checking for gss_init_sec_context in -lgssapi_krb5" >&5
+   echo "$as_me:15526: checking for gss_init_sec_context in -lgssapi_krb5" >&5
 echo $ECHO_N "checking for gss_init_sec_context in -lgssapi_krb5... $ECHO_C" >&6
 if test "${ac_cv_lib_gssapi_krb5_gss_init_sec_context+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -14756,7 +15531,7 @@ else
   ac_check_lib_save_LIBS=$LIBS
 LIBS="-lgssapi_krb5 $K5LIBS $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
-#line 14759 "configure"
+#line 15534 "configure"
 #include "confdefs.h"
 
 /* Override any gcc2 internal prototype to avoid an error.  */
@@ -14775,16 +15550,16 @@ gss_init_sec_context ();
 }
 _ACEOF
 rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:14778: \"$ac_link\"") >&5
+if { (eval echo "$as_me:15553: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:14781: \$? = $ac_status" >&5
+  echo "$as_me:15556: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:14784: \"$ac_try\"") >&5
+  { (eval echo "$as_me:15559: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:14787: \$? = $ac_status" >&5
+  echo "$as_me:15562: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
   ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
 else
@@ -14795,38 +15570,38 @@ fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-echo "$as_me:14798: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
+echo "$as_me:15573: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
 echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6
 if test $ac_cv_lib_gssapi_krb5_gss_init_sec_context = yes; then
    cat >>confdefs.h <<\EOF
 #define GSSAPI 1
 EOF
 
-                                          K5LIBS="-lgssapi_krb5 $K5LIBS"
+                                          K5LIBS="-lgssapi_krb5 $K5LIBS"
 else
-  { echo "$as_me:14807: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
+  { echo "$as_me:15582: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
 echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;}
 fi
 
 fi
 
-                        echo "$as_me:14813: checking for gssapi.h" >&5
+                        echo "$as_me:15588: checking for gssapi.h" >&5
 echo $ECHO_N "checking for gssapi.h... $ECHO_C" >&6
 if test "${ac_cv_header_gssapi_h+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14819 "configure"
+#line 15594 "configure"
 #include "confdefs.h"
 #include <gssapi.h>
 _ACEOF
-if { (eval echo "$as_me:14823: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:15598: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:14829: \$? = $ac_status" >&5
+  echo "$as_me:15604: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -14845,7 +15620,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:14848: result: $ac_cv_header_gssapi_h" >&5
+echo "$as_me:15623: result: $ac_cv_header_gssapi_h" >&5
 echo "${ECHO_T}$ac_cv_header_gssapi_h" >&6
 if test $ac_cv_header_gssapi_h = yes; then
   :
@@ -14856,23 +15631,23 @@ else
 for ac_header in gssapi.h
 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:14859: checking for $ac_header" >&5
+echo "$as_me:15634: checking for $ac_header" >&5
 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14865 "configure"
+#line 15640 "configure"
 #include "confdefs.h"
 #include <$ac_header>
 _ACEOF
-if { (eval echo "$as_me:14869: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:15644: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:14875: \$? = $ac_status" >&5
+  echo "$as_me:15650: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -14891,7 +15666,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:14894: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "$as_me:15669: result: `eval echo '${'$as_ac_Header'}'`" >&5
 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
 if test `eval echo '${'$as_ac_Header'}'` = yes; then
   cat >>confdefs.h <<EOF
@@ -14899,7 +15674,7 @@ if test `eval echo '${'$as_ac_Header'}'` = yes; then
 EOF
 
 else
-  { echo "$as_me:14902: WARNING: Cannot find any suitable gss-api header - build may fail" >&5
+  { echo "$as_me:15677: WARNING: Cannot find any suitable gss-api header - build may fail" >&5
 echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;}
 
 fi
@@ -14909,23 +15684,23 @@ fi
 
                         oldCPP="$CPPFLAGS"
                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
-                        echo "$as_me:14912: checking for gssapi_krb5.h" >&5
+                        echo "$as_me:15687: checking for gssapi_krb5.h" >&5
 echo $ECHO_N "checking for gssapi_krb5.h... $ECHO_C" >&6
 if test "${ac_cv_header_gssapi_krb5_h+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 14918 "configure"
+#line 15693 "configure"
 #include "confdefs.h"
 #include <gssapi_krb5.h>
 _ACEOF
-if { (eval echo "$as_me:14922: \"$ac_cpp conftest.$ac_ext\"") >&5
+if { (eval echo "$as_me:15697: \"$ac_cpp conftest.$ac_ext\"") >&5
   (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
   ac_status=$?
   egrep -v '^ *\+' conftest.er1 >conftest.err
   rm -f conftest.er1
   cat conftest.err >&5
-  echo "$as_me:14928: \$? = $ac_status" >&5
+  echo "$as_me:15703: \$? = $ac_status" >&5
   (exit $ac_status); } >/dev/null; then
   if test -s conftest.err; then
     ac_cpp_err=$ac_c_preproc_warn_flag
@@ -14944,7 +15719,7 @@ else
 fi
 rm -f conftest.err conftest.$ac_ext
 fi
-echo "$as_me:14947: result: $ac_cv_header_gssapi_krb5_h" >&5
+echo "$as_me:15722: result: $ac_cv_header_gssapi_krb5_h" >&5
 echo "${ECHO_T}$ac_cv_header_gssapi_krb5_h" >&6
 if test $ac_cv_header_gssapi_krb5_h = yes; then
   :
@@ -14952,11 +15727,260 @@ else
    CPPFLAGS="$oldCPP"
 fi
 
-                        KRB5=yes
-                fi
+                fi
+                if test ! -z "$need_dash_r" ; then
+                        LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+                fi
+                if test ! -z "$blibpath" ; then
+                        blibpath="$blibpath:${KRB5ROOT}/lib"
+                fi
+        fi
+
+for ac_header in gssapi.h gssapi/gssapi.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:15742: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 15748 "configure"
+#include "confdefs.h"
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:15752: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  egrep -v '^ *\+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:15758: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+echo "$as_me:15777: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+EOF
+
+fi
+done
+
+for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:15790: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 15796 "configure"
+#include "confdefs.h"
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:15800: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  egrep -v '^ *\+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:15806: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+echo "$as_me:15825: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+EOF
+
+fi
+done
+
+for ac_header in gssapi_generic.h gssapi/gssapi_generic.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:15838: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+#line 15844 "configure"
+#include "confdefs.h"
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:15848: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  egrep -v '^ *\+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:15854: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+echo "$as_me:15873: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<EOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+EOF
+
+fi
+done
+
+        LIBS="$LIBS $K5LIBS"
+        echo "$as_me:15884: checking for library containing k_hasafs" >&5
+echo $ECHO_N "checking for library containing k_hasafs... $ECHO_C" >&6
+if test "${ac_cv_search_k_hasafs+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+ac_cv_search_k_hasafs=no
+cat >conftest.$ac_ext <<_ACEOF
+#line 15892 "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char k_hasafs ();
+int
+main ()
+{
+k_hasafs ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:15911: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:15914: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:15917: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:15920: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_k_hasafs="none required"
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_k_hasafs" = no; then
+  for ac_lib in kafs; do
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+    cat >conftest.$ac_ext <<_ACEOF
+#line 15932 "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char k_hasafs ();
+int
+main ()
+{
+k_hasafs ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:15951: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:15954: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:15957: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:15960: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_k_hasafs="-l$ac_lib"
+break
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+  done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:15973: result: $ac_cv_search_k_hasafs" >&5
+echo "${ECHO_T}$ac_cv_search_k_hasafs" >&6
+if test "$ac_cv_search_k_hasafs" != no; then
+  test "$ac_cv_search_k_hasafs" = "none required" || LIBS="$ac_cv_search_k_hasafs $LIBS"
+  cat >>confdefs.h <<\EOF
+#define USE_AFS 1
+EOF
+
+fi
 
 fi;
-LIBS="$LIBS $K5LIBS"
 
 # Looking for programs, paths and files
 
@@ -14989,7 +16013,7 @@ else
                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
                 # Extract the first word of "xauth", so it can be a program name with args.
 set dummy xauth; ac_word=$2
-echo "$as_me:14992: checking for $ac_word" >&5
+echo "$as_me:16016: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_xauth_path+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -15006,7 +16030,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_xauth_path="$ac_dir/$ac_word"
-   echo "$as_me:15009: found $ac_dir/$ac_word" >&5
+   echo "$as_me:16033: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -15017,10 +16041,10 @@ fi
 xauth_path=$ac_cv_path_xauth_path
 
 if test -n "$xauth_path"; then
-  echo "$as_me:15020: result: $xauth_path" >&5
+  echo "$as_me:16044: result: $xauth_path" >&5
 echo "${ECHO_T}$xauth_path" >&6
 else
-  echo "$as_me:15023: result: no" >&5
+  echo "$as_me:16047: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -15064,13 +16088,13 @@ fi
 
 if test -z "$no_dev_ptmx" ; then
         if test "x$disable_ptmx_check" != "xyes" ; then
-                echo "$as_me:15067: checking for \"/dev/ptmx\"" >&5
+                echo "$as_me:16091: checking for \"/dev/ptmx\"" >&5
 echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6
 if test "${ac_cv_file___dev_ptmx_+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   test "$cross_compiling" = yes &&
-  { { echo "$as_me:15073: error: cannot check for file existence when cross compiling" >&5
+  { { echo "$as_me:16097: error: cannot check for file existence when cross compiling" >&5
 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 if test -r ""/dev/ptmx""; then
@@ -15079,7 +16103,7 @@ else
   ac_cv_file___dev_ptmx_=no
 fi
 fi
-echo "$as_me:15082: result: $ac_cv_file___dev_ptmx_" >&5
+echo "$as_me:16106: result: $ac_cv_file___dev_ptmx_" >&5
 echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
 if test $ac_cv_file___dev_ptmx_ = yes; then
 
@@ -15093,13 +16117,13 @@ fi
 
         fi
 fi
-echo "$as_me:15096: checking for \"/dev/ptc\"" >&5
+echo "$as_me:16120: checking for \"/dev/ptc\"" >&5
 echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
 if test "${ac_cv_file___dev_ptc_+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   test "$cross_compiling" = yes &&
-  { { echo "$as_me:15102: error: cannot check for file existence when cross compiling" >&5
+  { { echo "$as_me:16126: error: cannot check for file existence when cross compiling" >&5
 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 if test -r ""/dev/ptc""; then
@@ -15108,7 +16132,7 @@ else
   ac_cv_file___dev_ptc_=no
 fi
 fi
-echo "$as_me:15111: result: $ac_cv_file___dev_ptc_" >&5
+echo "$as_me:16135: result: $ac_cv_file___dev_ptc_" >&5
 echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
 if test $ac_cv_file___dev_ptc_ = yes; then
 
@@ -15131,7 +16155,7 @@ if test "${with_mantype+set}" = set; then
                         MANTYPE=$withval
                         ;;
                 *)
-                        { { echo "$as_me:15134: error: invalid man type: $withval" >&5
+                        { { echo "$as_me:16158: error: invalid man type: $withval" >&5
 echo "$as_me: error: invalid man type: $withval" >&2;}
    { (exit 1); exit 1; }; }
                         ;;
@@ -15144,7 +16168,7 @@ if test -z "$MANTYPE"; then
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
-echo "$as_me:15147: checking for $ac_word" >&5
+echo "$as_me:16171: checking for $ac_word" >&5
 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
 if test "${ac_cv_path_NROFF+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -15161,7 +16185,7 @@ for ac_dir in $ac_dummy; do
   test -z "$ac_dir" && ac_dir=.
   if $as_executable_p "$ac_dir/$ac_word"; then
    ac_cv_path_NROFF="$ac_dir/$ac_word"
-   echo "$as_me:15164: found $ac_dir/$ac_word" >&5
+   echo "$as_me:16188: found $ac_dir/$ac_word" >&5
    break
 fi
 done
@@ -15172,10 +16196,10 @@ fi
 NROFF=$ac_cv_path_NROFF
 
 if test -n "$NROFF"; then
-  echo "$as_me:15175: result: $NROFF" >&5
+  echo "$as_me:16199: result: $NROFF" >&5
 echo "${ECHO_T}$NROFF" >&6
 else
-  echo "$as_me:15178: result: no" >&5
+  echo "$as_me:16202: result: no" >&5
 echo "${ECHO_T}no" >&6
 fi
 
@@ -15232,10 +16256,10 @@ EOF
 fi;
 
 if test -z "$disable_shadow" ; then
-        echo "$as_me:15235: checking if the systems has expire shadow information" >&5
+        echo "$as_me:16259: checking if the systems has expire shadow information" >&5
 echo $ECHO_N "checking if the systems has expire shadow information... $ECHO_C" >&6
         cat >conftest.$ac_ext <<_ACEOF
-#line 15238 "configure"
+#line 16262 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -15251,16 +16275,16 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15254: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:16278: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:15257: \$? = $ac_status" >&5
+  echo "$as_me:16281: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:15260: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16284: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15263: \$? = $ac_status" >&5
+  echo "$as_me:16287: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    sp_expire_available=yes
 else
@@ -15271,14 +16295,14 @@ fi
 rm -f conftest.$ac_objext conftest.$ac_ext
 
         if test "x$sp_expire_available" = "xyes" ; then
-                echo "$as_me:15274: result: yes" >&5
+                echo "$as_me:16298: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                 cat >>confdefs.h <<\EOF
 #define HAS_SHADOW_EXPIRE 1
 EOF
 
         else
-                echo "$as_me:15281: result: no" >&5
+                echo "$as_me:16305: result: no" >&5
 echo "${ECHO_T}no" >&6
         fi
 fi
@@ -15309,13 +16333,19 @@ fi;
 fi
 
 # check for /etc/default/login and use it if present.
-echo "$as_me:15312: checking for \"/etc/default/login\"" >&5
+# Check whether --enable-etc-default-login or --disable-etc-default-login was given.
+if test "${enable_etc_default_login+set}" = set; then
+  enableval="$enable_etc_default_login"
+
+else
+
+echo "$as_me:16342: checking for \"/etc/default/login\"" >&5
 echo $ECHO_N "checking for \"/etc/default/login\"... $ECHO_C" >&6
 if test "${ac_cv_file___etc_default_login_+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   test "$cross_compiling" = yes &&
-  { { echo "$as_me:15318: error: cannot check for file existence when cross compiling" >&5
+  { { echo "$as_me:16348: error: cannot check for file existence when cross compiling" >&5
 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
    { (exit 1); exit 1; }; }
 if test -r ""/etc/default/login""; then
@@ -15324,7 +16354,7 @@ else
   ac_cv_file___etc_default_login_=no
 fi
 fi
-echo "$as_me:15327: result: $ac_cv_file___etc_default_login_" >&5
+echo "$as_me:16357: result: $ac_cv_file___etc_default_login_" >&5
 echo "${ECHO_T}$ac_cv_file___etc_default_login_" >&6
 if test $ac_cv_file___etc_default_login_ = yes; then
    external_path_file=/etc/default/login
@@ -15337,6 +16367,8 @@ EOF
 
 fi
 
+fi;
+
 if test $ac_cv_func_login_getcapbool = "yes" -a \
         $ac_cv_header_login_cap_h = "yes" ; then
         external_path_file=/etc/login.conf
@@ -15350,7 +16382,7 @@ if test "${with_default_path+set}" = set; then
   withval="$with_default_path"
 
                 if test "x$external_path_file" = "x/etc/login.conf" ; then
-                        { echo "$as_me:15353: WARNING:
+                        { echo "$as_me:16385: WARNING:
 --with-default-path=PATH has no effect on this system.
 Edit /etc/login.conf instead." >&5
 echo "$as_me: WARNING:
@@ -15358,7 +16390,7 @@ echo "$as_me: WARNING:
 Edit /etc/login.conf instead." >&2;}
                 elif test "x$withval" != "xno" ; then
                         if test ! -z "$external_path_file" ; then
-                                { echo "$as_me:15361: WARNING:
+                                { echo "$as_me:16393: WARNING:
 --with-default-path=PATH will only be used if PATH is not defined in
 $external_path_file ." >&5
 echo "$as_me: WARNING:
@@ -15371,11 +16403,11 @@ $external_path_file ." >&2;}
 
 else
    if test "x$external_path_file" = "x/etc/login.conf" ; then
-                { echo "$as_me:15374: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
+                { echo "$as_me:16406: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
 echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;}
         else
                 if test ! -z "$external_path_file" ; then
-                        { echo "$as_me:15378: WARNING:
+                        { echo "$as_me:16410: WARNING:
 If PATH is defined in $external_path_file, ensure the path to scp is included,
 otherwise scp will not work." >&5
 echo "$as_me: WARNING:
@@ -15387,7 +16419,7 @@ otherwise scp will not work." >&2;}
 
 else
   cat >conftest.$ac_ext <<_ACEOF
-#line 15390 "configure"
+#line 16422 "configure"
 #include "confdefs.h"
 
 /* find out what STDPATH is */
@@ -15424,15 +16456,15 @@ main()
 
 _ACEOF
 rm -f conftest$ac_exeext
-if { (eval echo "$as_me:15427: \"$ac_link\"") >&5
+if { (eval echo "$as_me:16459: \"$ac_link\"") >&5
   (eval $ac_link) 2>&5
   ac_status=$?
-  echo "$as_me:15430: \$? = $ac_status" >&5
+  echo "$as_me:16462: \$? = $ac_status" >&5
   (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
-  { (eval echo "$as_me:15432: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16464: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15435: \$? = $ac_status" >&5
+  echo "$as_me:16467: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
    user_path=`cat conftest.stdpath`
 else
@@ -15456,7 +16488,7 @@ fi
                         echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
                         if test $? -ne 0  ; then
                                 user_path=$user_path:$t_bindir
-                                echo "$as_me:15459: result: Adding $t_bindir to USER_PATH so scp will work" >&5
+                                echo "$as_me:16491: result: Adding $t_bindir to USER_PATH so scp will work" >&5
 echo "${ECHO_T}Adding $t_bindir to USER_PATH so scp will work" >&6
                         fi
                 fi
@@ -15486,7 +16518,7 @@ EOF
 
 fi;
 
-echo "$as_me:15489: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
+echo "$as_me:16521: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
 echo $ECHO_N "checking if we need to convert IPv4 in IPv6-mapped addresses... $ECHO_C" >&6
 IPV4_IN6_HACK_MSG="no"
 
@@ -15495,7 +16527,7 @@ if test "${with_4in6+set}" = set; then
   withval="$with_4in6"
 
                 if test "x$withval" != "xno" ; then
-                        echo "$as_me:15498: result: yes" >&5
+                        echo "$as_me:16530: result: yes" >&5
 echo "${ECHO_T}yes" >&6
                         cat >>confdefs.h <<\EOF
 #define IPV4_IN_IPV6 1
@@ -15503,14 +16535,14 @@ EOF
 
                         IPV4_IN6_HACK_MSG="yes"
                 else
-                        echo "$as_me:15506: result: no" >&5
+                        echo "$as_me:16538: result: no" >&5
 echo "${ECHO_T}no" >&6
                 fi
 
 else
 
                 if test "x$inet6_default_4in6" = "xyes"; then
-                        echo "$as_me:15513: result: yes (default)" >&5
+                        echo "$as_me:16545: result: yes (default)" >&5
 echo "${ECHO_T}yes (default)" >&6
                         cat >>confdefs.h <<\EOF
 #define IPV4_IN_IPV6 1
@@ -15518,7 +16550,7 @@ EOF
 
                         IPV4_IN6_HACK_MSG="yes"
                 else
-                        echo "$as_me:15521: result: no (default)" >&5
+                        echo "$as_me:16553: result: no (default)" >&5
 echo "${ECHO_T}no (default)" >&6
                 fi
 
@@ -15547,7 +16579,7 @@ piddir=/var/run
 if test ! -d $piddir ; then
         piddir=`eval echo ${sysconfdir}`
         case $piddir in
-                NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+                NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
         esac
 fi
 
@@ -15558,7 +16590,7 @@ if test "${with_pid_dir+set}" = set; then
                 if test "x$withval" != "xno" ; then
                         piddir=$withval
                         if test ! -d $piddir ; then
-                        { echo "$as_me:15561: WARNING: ** no $piddir directory on this system **" >&5
+                        { echo "$as_me:16593: WARNING: ** no $piddir directory on this system **" >&5
 echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
                         fi
                 fi
@@ -15681,10 +16713,10 @@ EOF
 
 fi;
 
-echo "$as_me:15684: checking if your system defines LASTLOG_FILE" >&5
+echo "$as_me:16716: checking if your system defines LASTLOG_FILE" >&5
 echo $ECHO_N "checking if your system defines LASTLOG_FILE... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 15687 "configure"
+#line 16719 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -15708,29 +16740,29 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15711: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:16743: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:15714: \$? = $ac_status" >&5
+  echo "$as_me:16746: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:15717: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16749: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15720: \$? = $ac_status" >&5
+  echo "$as_me:16752: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:15722: result: yes" >&5
+   echo "$as_me:16754: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                echo "$as_me:15728: result: no" >&5
+                echo "$as_me:16760: result: no" >&5
 echo "${ECHO_T}no" >&6
-                echo "$as_me:15730: checking if your system defines _PATH_LASTLOG" >&5
+                echo "$as_me:16762: checking if your system defines _PATH_LASTLOG" >&5
 echo $ECHO_N "checking if your system defines _PATH_LASTLOG... $ECHO_C" >&6
                 cat >conftest.$ac_ext <<_ACEOF
-#line 15733 "configure"
+#line 16765 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -15751,24 +16783,24 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15754: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:16786: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:15757: \$? = $ac_status" >&5
+  echo "$as_me:16789: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:15760: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16792: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15763: \$? = $ac_status" >&5
+  echo "$as_me:16795: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:15765: result: yes" >&5
+   echo "$as_me:16797: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
 
-                        echo "$as_me:15771: result: no" >&5
+                        echo "$as_me:16803: result: no" >&5
 echo "${ECHO_T}no" >&6
                         system_lastlog_path=no
 
@@ -15786,7 +16818,7 @@ if test -z "$conf_lastlog_location"; then
                                 fi
                 done
                 if test -z "$conf_lastlog_location"; then
-                        { echo "$as_me:15789: WARNING: ** Cannot find lastlog **" >&5
+                        { echo "$as_me:16821: WARNING: ** Cannot find lastlog **" >&5
 echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
                                         fi
         fi
@@ -15799,10 +16831,10 @@ EOF
 
 fi
 
-echo "$as_me:15802: checking if your system defines UTMP_FILE" >&5
+echo "$as_me:16834: checking if your system defines UTMP_FILE" >&5
 echo $ECHO_N "checking if your system defines UTMP_FILE... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 15805 "configure"
+#line 16837 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -15820,23 +16852,23 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15823: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:16855: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:15826: \$? = $ac_status" >&5
+  echo "$as_me:16858: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:15829: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16861: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15832: \$? = $ac_status" >&5
+  echo "$as_me:16864: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:15834: result: yes" >&5
+   echo "$as_me:16866: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:15839: result: no" >&5
+ echo "$as_me:16871: result: no" >&5
 echo "${ECHO_T}no" >&6
           system_utmp_path=no
 
@@ -15864,10 +16896,10 @@ EOF
 
 fi
 
-echo "$as_me:15867: checking if your system defines WTMP_FILE" >&5
+echo "$as_me:16899: checking if your system defines WTMP_FILE" >&5
 echo $ECHO_N "checking if your system defines WTMP_FILE... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 15870 "configure"
+#line 16902 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -15885,23 +16917,23 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15888: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:16920: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:15891: \$? = $ac_status" >&5
+  echo "$as_me:16923: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:15894: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16926: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15897: \$? = $ac_status" >&5
+  echo "$as_me:16929: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:15899: result: yes" >&5
+   echo "$as_me:16931: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:15904: result: no" >&5
+ echo "$as_me:16936: result: no" >&5
 echo "${ECHO_T}no" >&6
           system_wtmp_path=no
 
@@ -15929,10 +16961,10 @@ EOF
 
 fi
 
-echo "$as_me:15932: checking if your system defines UTMPX_FILE" >&5
+echo "$as_me:16964: checking if your system defines UTMPX_FILE" >&5
 echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 15935 "configure"
+#line 16967 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -15953,23 +16985,23 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:15956: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:16988: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:15959: \$? = $ac_status" >&5
+  echo "$as_me:16991: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:15962: \"$ac_try\"") >&5
+  { (eval echo "$as_me:16994: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:15965: \$? = $ac_status" >&5
+  echo "$as_me:16997: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:15967: result: yes" >&5
+   echo "$as_me:16999: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:15972: result: no" >&5
+ echo "$as_me:17004: result: no" >&5
 echo "${ECHO_T}no" >&6
           system_utmpx_path=no
 
@@ -15989,10 +17021,10 @@ EOF
 
 fi
 
-echo "$as_me:15992: checking if your system defines WTMPX_FILE" >&5
+echo "$as_me:17024: checking if your system defines WTMPX_FILE" >&5
 echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6
 cat >conftest.$ac_ext <<_ACEOF
-#line 15995 "configure"
+#line 17027 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -16013,23 +17045,23 @@ main ()
 }
 _ACEOF
 rm -f conftest.$ac_objext
-if { (eval echo "$as_me:16016: \"$ac_compile\"") >&5
+if { (eval echo "$as_me:17048: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
-  echo "$as_me:16019: \$? = $ac_status" >&5
+  echo "$as_me:17051: \$? = $ac_status" >&5
   (exit $ac_status); } &&
          { ac_try='test -s conftest.$ac_objext'
-  { (eval echo "$as_me:16022: \"$ac_try\"") >&5
+  { (eval echo "$as_me:17054: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
-  echo "$as_me:16025: \$? = $ac_status" >&5
+  echo "$as_me:17057: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-   echo "$as_me:16027: result: yes" >&5
+   echo "$as_me:17059: result: yes" >&5
 echo "${ECHO_T}yes" >&6
 else
   echo "$as_me: failed program was:" >&5
 cat conftest.$ac_ext >&5
- echo "$as_me:16032: result: no" >&5
+ echo "$as_me:17064: result: no" >&5
 echo "${ECHO_T}no" >&6
           system_wtmpx_path=no
 
@@ -16051,7 +17083,7 @@ fi
 
 if test ! -z "$blibpath" ; then
         LDFLAGS="$LDFLAGS $blibflags$blibpath"
-        { echo "$as_me:16054: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5
+        { echo "$as_me:17086: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5
 echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;}
 fi
 
@@ -16143,7 +17175,7 @@ DEFS=-DHAVE_CONFIG_H
 : ${CONFIG_STATUS=./config.status}
 ac_clean_files_save=$ac_clean_files
 ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:16146: creating $CONFIG_STATUS" >&5
+{ echo "$as_me:17178: creating $CONFIG_STATUS" >&5
 echo "$as_me: creating $CONFIG_STATUS" >&6;}
 cat >$CONFIG_STATUS <<_ACEOF
 #! $SHELL
@@ -16316,7 +17348,7 @@ cat >>$CONFIG_STATUS <<\EOF
     echo "$ac_cs_version"; exit 0 ;;
   --he | --h)
     # Conflict between --help and --header
-    { { echo "$as_me:16319: error: ambiguous option: $1
+    { { echo "$as_me:17351: error: ambiguous option: $1
 Try \`$0 --help' for more information." >&5
 echo "$as_me: error: ambiguous option: $1
 Try \`$0 --help' for more information." >&2;}
@@ -16335,7 +17367,7 @@ Try \`$0 --help' for more information." >&2;}
     ac_need_defaults=false;;
 
   # This is an error.
-  -*) { { echo "$as_me:16338: error: unrecognized option: $1
+  -*) { { echo "$as_me:17370: error: unrecognized option: $1
 Try \`$0 --help' for more information." >&5
 echo "$as_me: error: unrecognized option: $1
 Try \`$0 --help' for more information." >&2;}
@@ -16375,7 +17407,7 @@ do
   "scard/Makefile" ) CONFIG_FILES="$CONFIG_FILES scard/Makefile" ;;
   "ssh_prng_cmds" ) CONFIG_FILES="$CONFIG_FILES ssh_prng_cmds" ;;
   "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
-  *) { { echo "$as_me:16378: error: invalid argument: $ac_config_target" >&5
+  *) { { echo "$as_me:17410: error: invalid argument: $ac_config_target" >&5
 echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
    { (exit 1); exit 1; }; };;
   esac
@@ -16485,6 +17517,7 @@ s,@ENT@,$ENT,;t t
 s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
 s,@SH@,$SH,;t t
 s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t
+s,@PATH_PASSWD_PROG@,$PATH_PASSWD_PROG,;t t
 s,@LD@,$LD,;t t
 s,@LIBWRAP@,$LIBWRAP,;t t
 s,@LIBPAM@,$LIBPAM,;t t
@@ -16631,7 +17664,7 @@ done; }
   esac
 
   if test x"$ac_file" != x-; then
-    { echo "$as_me:16634: creating $ac_file" >&5
+    { echo "$as_me:17667: creating $ac_file" >&5
 echo "$as_me: creating $ac_file" >&6;}
     rm -f "$ac_file"
   fi
@@ -16649,7 +17682,7 @@ echo "$as_me: creating $ac_file" >&6;}
       -) echo $tmp/stdin ;;
       [\\/$]*)
          # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:16652: error: cannot find input file: $f" >&5
+         test -f "$f" || { { echo "$as_me:17685: error: cannot find input file: $f" >&5
 echo "$as_me: error: cannot find input file: $f" >&2;}
    { (exit 1); exit 1; }; }
          echo $f;;
@@ -16662,7 +17695,7 @@ echo "$as_me: error: cannot find input file: $f" >&2;}
            echo $srcdir/$f
          else
            # /dev/null tree
-           { { echo "$as_me:16665: error: cannot find input file: $f" >&5
+           { { echo "$as_me:17698: error: cannot find input file: $f" >&5
 echo "$as_me: error: cannot find input file: $f" >&2;}
    { (exit 1); exit 1; }; }
          fi;;
@@ -16723,7 +17756,7 @@ for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
   * )   ac_file_in=$ac_file.in ;;
   esac
 
-  test x"$ac_file" != x- && { echo "$as_me:16726: creating $ac_file" >&5
+  test x"$ac_file" != x- && { echo "$as_me:17759: creating $ac_file" >&5
 echo "$as_me: creating $ac_file" >&6;}
 
   # First look for the input files in the build tree, otherwise in the
@@ -16734,7 +17767,7 @@ echo "$as_me: creating $ac_file" >&6;}
       -) echo $tmp/stdin ;;
       [\\/$]*)
          # Absolute (can't be DOS-style, as IFS=:)
-         test -f "$f" || { { echo "$as_me:16737: error: cannot find input file: $f" >&5
+         test -f "$f" || { { echo "$as_me:17770: error: cannot find input file: $f" >&5
 echo "$as_me: error: cannot find input file: $f" >&2;}
    { (exit 1); exit 1; }; }
          echo $f;;
@@ -16747,7 +17780,7 @@ echo "$as_me: error: cannot find input file: $f" >&2;}
            echo $srcdir/$f
          else
            # /dev/null tree
-           { { echo "$as_me:16750: error: cannot find input file: $f" >&5
+           { { echo "$as_me:17783: error: cannot find input file: $f" >&5
 echo "$as_me: error: cannot find input file: $f" >&2;}
    { (exit 1); exit 1; }; }
          fi;;
@@ -16777,7 +17810,7 @@ s/[\\&,]/\\&/g
 s,[\\$`],\\&,g
 t clear
 : clear
-s,^[    ]*#[    ]*define[       ][      ]*\([^  (][^    (]*\)\(([^)]*)\)[       ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
+s,^[    ]*#[    ]*define[       ][      ]*\(\([^        (][^    (]*\)([^)]*)\)[         ]*\(.*\)$,${ac_dA}\2${ac_dB}\1${ac_dC}\3${ac_dD},gp
 t end
 s,^[    ]*#[    ]*define[       ][      ]*\([^  ][^     ]*\)[   ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
 : end
@@ -16864,7 +17897,7 @@ cat >>$CONFIG_STATUS <<\EOF
   rm -f $tmp/in
   if test x"$ac_file" != x-; then
     if cmp -s $ac_file $tmp/config.h 2>/dev/null; then
-      { echo "$as_me:16867: $ac_file is unchanged" >&5
+      { echo "$as_me:17900: $ac_file is unchanged" >&5
 echo "$as_me: $ac_file is unchanged" >&6;}
     else
       ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
@@ -16968,7 +18001,6 @@ if test ! -z "$superuser_path" ; then
 echo "          sshd superuser user PATH: $J"
 fi
 echo "                    Manpage format: $MANTYPE"
-echo "                       DNS support: $DNS_MSG"
 echo "                       PAM support: $PAM_MSG"
 echo "                 KerberosV support: $KRB5_MSG"
 echo "                 Smartcard support: $SCARD_MSG"
diff --git a/configure.ac b/configure.ac
index 7ddcb777f..836e31730 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.154.2.1 2003/09/16 05:48:15 tim Exp $
+# $Id: configure.ac,v 1.202 2004/02/24 05:47:04 tim Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -42,24 +42,39 @@ else
         fi
 fi
 
+AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
+if test ! -z "$PATH_PASSWD_PROG" ; then
+        AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
+fi
+
 if test -z "$LD" ; then
         LD=$CC
 fi
 AC_SUBST(LD)
         
 AC_C_INLINE
-if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
         CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
 fi
 
+AC_ARG_WITH(rpath,
+        [  --without-rpath         Disable auto-added -R linker paths],
+        [
+                if test "x$withval" = "xno" ; then      
+                        need_dash_r=""
+                fi
+                if test "x$withval" = "xyes" ; then
+                        need_dash_r=1
+                fi
+        ]
+)
+
 # Check for some target-specific stuff
 case "$host" in
 *-*-aix*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
-        AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 
+        AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
         if (test -z "$blibpath"); then
-                blibpath="/usr/lib:/lib:/usr/local/lib"
+                blibpath="/usr/lib:/lib"
         fi
         saved_LDFLAGS="$LDFLAGS"
         for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
@@ -120,6 +135,9 @@ case "$host" in
         ;;
 *-*-dgux*)
         AC_DEFINE(IP_TOS_IS_BROKEN)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         ;;
 *-*-darwin*)
         AC_MSG_CHECKING(if we have working getaddrinfo)
@@ -132,6 +150,10 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         [AC_MSG_RESULT(buggy)
         AC_DEFINE(BROKEN_GETADDRINFO)],
         [AC_MSG_RESULT(assume it is working)])
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
+        AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
         ;;
 *-*-hpux10.26)
         if test -z "$GCC"; then
@@ -143,8 +165,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(LOGIN_NO_ENDOPT)
         AC_DEFINE(LOGIN_NEEDS_UTMPX)
-        AC_DEFINE(DISABLE_SHADOW)
-        AC_DEFINE(DISABLE_UTMP)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
         LIBS="$LIBS -lsec -lsecpw"
@@ -160,8 +180,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(LOGIN_NO_ENDOPT)
         AC_DEFINE(LOGIN_NEEDS_UTMPX)
-        AC_DEFINE(DISABLE_SHADOW)
-        AC_DEFINE(DISABLE_UTMP)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
         LIBS="$LIBS -lsec"
@@ -174,30 +192,35 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(LOGIN_NO_ENDOPT)
         AC_DEFINE(LOGIN_NEEDS_UTMPX)
-        AC_DEFINE(DISABLE_SHADOW)
         AC_DEFINE(DISABLE_UTMP)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+        case "$host" in
+        *-*-hpux11.11*)
+                AC_DEFINE(BROKEN_GETADDRINFO);;
+        esac
         LIBS="$LIBS -lsec"
         AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
         ;;
 *-*-irix5*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS"
         PATH="$PATH:/usr/etc"
         AC_DEFINE(BROKEN_INET_NTOA)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(WITH_ABBREV_NO_TTY)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
         ;;
 *-*-irix6*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS"
         PATH="$PATH:/usr/etc"
         AC_DEFINE(WITH_IRIX_ARRAY)
         AC_DEFINE(WITH_IRIX_PROJECT)
         AC_DEFINE(WITH_IRIX_AUDIT)
         AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
         AC_DEFINE(BROKEN_INET_NTOA)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(WITH_ABBREV_NO_TTY)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
         ;;
@@ -222,11 +245,18 @@ mips-sony-bsd|mips-sony-newsos4)
         ;;
 *-*-netbsd*)
         check_for_libcrypt_before=1
-        need_dash_r=1
+        if test "x$withval" != "xno" ; then     
+                need_dash_r=1
+        fi
         ;;
 *-*-freebsd*)
         check_for_libcrypt_later=1
         ;;
+*-*-bsdi*)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
+        ;;
 *-next-*)
         conf_lastlog_location="/usr/adm/lastlog"
         conf_utmp_location=/etc/utmp
@@ -236,13 +266,8 @@ mips-sony-bsd|mips-sony-newsos4)
         AC_DEFINE(BROKEN_REALPATH)
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(BROKEN_SAVED_UIDS)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        CFLAGS="$CFLAGS"
         ;;
 *-*-solaris*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" 
-        need_dash_r=1
         AC_DEFINE(PAM_SUN_CODEBASE)
         AC_DEFINE(LOGIN_NEEDS_UTMPX)
         AC_DEFINE(LOGIN_NEEDS_TERM)
@@ -273,19 +298,22 @@ mips-sony-bsd|mips-sony-newsos4)
         AC_DEFINE(USE_PIPES)
         ;;
 *-ncr-sysv*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         LIBS="$LIBS -lc89"
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(SSHD_ACQUIRES_CTTY)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         ;;
 *-sni-sysv*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
         # /usr/ucblib MUST NOT be searched on ReliantUNIX
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
+        AC_CHECK_LIB(dl, dlsym, ,)
         IPADDR_IN_DISPLAY=yes
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(IP_TOS_IS_BROKEN)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(SSHD_ACQUIRES_CTTY)
         external_path_file=/etc/default/login
         # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
@@ -293,29 +321,22 @@ mips-sony-bsd|mips-sony-newsos4)
         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
         ;;
 *-*-sysv4.2*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
         AC_DEFINE(BROKEN_SETREUID)
         AC_DEFINE(BROKEN_SETREGID)
         ;;
 *-*-sysv5*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
         AC_DEFINE(BROKEN_SETREUID)
         AC_DEFINE(BROKEN_SETREGID)
         ;;
 *-*-sysv*)
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         ;;
 *-*-sco3.2v4*)
-        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
-        LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
+        CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
+        LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
         RANLIB=true
         no_dev_ptmx=1
         AC_DEFINE(BROKEN_SYS_TERMIO_H)
@@ -332,8 +353,6 @@ mips-sony-bsd|mips-sony-newsos4)
         if test -z "$GCC"; then
                 CFLAGS="$CFLAGS -belf"
         fi
-        CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-        LDFLAGS="$LDFLAGS -L/usr/local/lib"
         LIBS="$LIBS -lprot -lx -ltinfo -lm"
         no_dev_ptmx=1
         AC_DEFINE(USE_PIPES)
@@ -348,6 +367,10 @@ mips-sony-bsd|mips-sony-newsos4)
         MANTYPE=man
         ;;
 *-*-unicosmk*)
+        AC_DEFINE(NO_SSH_LASTLOG)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(DISABLE_FD_PASSING)
         LDFLAGS="$LDFLAGS"
@@ -355,14 +378,20 @@ mips-sony-bsd|mips-sony-newsos4)
         MANTYPE=cat
         ;;
 *-*-unicosmp*)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(WITH_ABBREV_NO_TTY)
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(DISABLE_FD_PASSING)
         LDFLAGS="$LDFLAGS"
-        LIBS="$LIBS -lgen -lacid"
+        LIBS="$LIBS -lgen -lacid -ldb"
         MANTYPE=cat
         ;;
 *-*-unicos*)
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(USE_PIPES)
         AC_DEFINE(DISABLE_FD_PASSING)
         AC_DEFINE(NO_SSH_LASTLOG)
@@ -391,11 +420,13 @@ mips-sony-bsd|mips-sony-newsos4)
                         LIBS="$LIBS -lsecurity -ldb -lm -laud"
                 else
                         AC_MSG_RESULT(no)
+                        AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
                 fi
         fi
-        AC_DEFINE(DISABLE_FD_PASSING)
         AC_DEFINE(BROKEN_GETADDRINFO)
-        AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
+        AC_DEFINE(SETEUID_BREAKS_SETUID)
+        AC_DEFINE(BROKEN_SETREUID)
+        AC_DEFINE(BROKEN_SETREGID)
         ;;
 
 *-*-nto-qnx)
@@ -457,13 +488,13 @@ int main(){exit(0);}
 AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
         getopt.h glob.h ia.h lastlog.h limits.h login.h \
         login_cap.h maillock.h netdb.h netgroup.h \
-        netinet/in_systm.h paths.h pty.h readpassphrase.h \
+        netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
         strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
-        sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
-        sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
+        sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \
+        sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
         sys/un.h time.h tmpdir.h ttyent.h usersec.h \
-        util.h utime.h utmp.h utmpx.h)
+        util.h utime.h utmp.h utmpx.h vis.h)
 
 # Checks for libraries.
 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
@@ -517,18 +548,6 @@ AC_CHECK_FUNC(getspnam, ,
         AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
 
-AC_ARG_WITH(rpath,
-        [  --without-rpath         Disable auto-added -R linker paths],
-        [
-                if test "x$withval" = "xno" ; then      
-                        need_dash_r=""
-                fi
-                if test "x$withval" = "xyes" ; then
-                        need_dash_r=1
-                fi
-        ]
-)
-
 dnl zlib is required
 AC_ARG_WITH(zlib,
         [  --with-zlib=PATH        Use zlib in PATH],
@@ -557,13 +576,70 @@ AC_ARG_WITH(zlib,
         ]
 )
 
-AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
+AC_CHECK_LIB(z, deflate, ,
+        [
+                saved_CPPFLAGS="$CPPFLAGS"
+                saved_LDFLAGS="$LDFLAGS"
+                save_LIBS="$LIBS"
+                dnl Check default zlib install dir
+                if test -n "${need_dash_r}"; then
+                        LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+                else
+                        LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+                fi
+                CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+                LIBS="$LIBS -lz"
+                AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
+                        [
+                                AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
+                        ]
+                )
+        ]
+)
+AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
+
+AC_ARG_WITH(zlib-version-check,
+        [  --without-zlib-version-check Disable zlib version check],
+        [  if test "x$withval" = "xno" ; then
+                zlib_check_nonfatal=1
+           fi
+        ]
+)
+
+AC_MSG_CHECKING(for zlib 1.1.4 or greater)
+AC_TRY_RUN([
+#include <zlib.h>
+int main()
+{
+        int a, b, c, v;
+        if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
+                exit(1);
+        v = a*1000000 + b*1000 + c;
+        if (v >= 1001004)
+                exit(0);
+        exit(2);
+}
+        ],
+        AC_MSG_RESULT(yes),
+        [ AC_MSG_RESULT(no)
+          if test -z "$zlib_check_nonfatal" ; then
+                AC_MSG_ERROR([*** zlib too old - check config.log ***
+Your reported zlib version has known security problems.  It's possible your
+vendor has fixed these problems without changing the version number.  If you
+are sure this is the case, you can disable the check by running
+"./configure --without-zlib-version-check".
+If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
+          else
+                AC_MSG_WARN([zlib version may have security problems])
+          fi
+        ]
+)
 
 dnl UnixWare 2.x
-AC_CHECK_FUNC(strcasecmp, 
+AC_CHECK_FUNC(strcasecmp,
         [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
 )
-AC_CHECK_FUNC(utimes, 
+AC_CHECK_FUNC(utimes,
         [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
                                         LIBS="$LIBS -lc89"]) ]
 )
@@ -583,7 +659,7 @@ AC_EGREP_CPP(FOUNDIT,
                 #ifdef GLOB_ALTDIRFUNC
                 FOUNDIT
                 #endif
-        ], 
+        ],
         [
                 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
                 AC_MSG_RESULT(yes)
@@ -596,17 +672,17 @@ AC_EGREP_CPP(FOUNDIT,
 # Check for g.gl_matchc glob() extension
 AC_MSG_CHECKING(for gl_matchc field in glob_t)
 AC_EGREP_CPP(FOUNDIT,
-        [
-                #include <glob.h>
+        [
+                #include <glob.h>
                 int main(void){glob_t g; g.gl_matchc = 1;}
-        ],
-        [
-                AC_DEFINE(GLOB_HAS_GL_MATCHC)
-                AC_MSG_RESULT(yes)
-        ],
-        [
-                AC_MSG_RESULT(no)
-        ]
+        ],
+        [
+                AC_DEFINE(GLOB_HAS_GL_MATCHC)
+                AC_MSG_RESULT(yes)
+        ],
+        [
+                AC_MSG_RESULT(no)
+        ]
 )
 
 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
@@ -616,7 +692,7 @@ AC_TRY_RUN(
 #include <dirent.h>
 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
         ],
-        [AC_MSG_RESULT(yes)], 
+        [AC_MSG_RESULT(yes)],
         [
                 AC_MSG_RESULT(no)
                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
@@ -624,10 +700,10 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
 )
 
 # Check whether user wants S/Key support
-SKEY_MSG="no" 
+SKEY_MSG="no"
 AC_ARG_WITH(skey,
         [  --with-skey[[=PATH]]      Enable S/Key support
-                            (optionally in PATH)],
+                            (optionally in PATH)],
         [
                 if test "x$withval" != "xno" ; then
 
@@ -638,7 +714,7 @@ AC_ARG_WITH(skey,
 
                         AC_DEFINE(SKEY)
                         LIBS="-lskey $LIBS"
-                        SKEY_MSG="yes" 
+                        SKEY_MSG="yes"
         
                         AC_MSG_CHECKING([for s/key support])
                         AC_TRY_RUN(
@@ -660,7 +736,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
 TCPW_MSG="no"
 AC_ARG_WITH(tcp-wrappers,
         [  --with-tcp-wrappers[[=PATH]]      Enable tcpwrappers support
-                            (optionally in PATH)],
+                            (optionally in PATH)],
         [
                 if test "x$withval" != "xno" ; then
                         saved_LIBS="$LIBS"
@@ -712,20 +788,35 @@ AC_ARG_WITH(tcp-wrappers,
 
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
-        arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \
+        arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
         bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
-        gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
+        getaddrinfo getcwd getgrouplist getnameinfo getopt \
         getpeereid _getpty getrlimit getttyent glob inet_aton \
         inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
         mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
         pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
         setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
-        setproctitle setregid setresgid setresuid setreuid setrlimit \
+        setproctitle setregid setreuid setrlimit \
         setsid setvbuf sigaction sigvec snprintf socketpair strerror \
-        strlcat strlcpy strmode strnvis sysconf tcgetpgrp \
-        truncate utimes vhangup vsnprintf waitpid \
+        strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
+        truncate updwtmpx utimes vhangup vsnprintf waitpid \
 )
 
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+        AC_DEFINE(HAVE_GAI_STRERROR)
+        AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);],[
+char *str;
+
+str = gai_strerror(0);],[
+                AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+                [Define if gai_strerror() returns const char *])])])
+
 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
 
 dnl Make sure prototypes are defined for these before using them.
@@ -735,10 +826,38 @@ AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
 dnl tcsendbreak might be a macro
 AC_CHECK_DECL(tcsendbreak,
         [AC_DEFINE(HAVE_TCSENDBREAK)],
-        [AC_CHECK_FUNCS(tcsendbreak)], 
+        [AC_CHECK_FUNCS(tcsendbreak)],
         [#include <termios.h>]
 )
 
+AC_CHECK_FUNCS(setresuid, [
+        dnl Some platorms have setresuid that isn't implemented, test for this
+        AC_MSG_CHECKING(if setresuid seems to work)
+        AC_TRY_RUN([
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+                ],
+                [AC_MSG_RESULT(yes)],
+                [AC_DEFINE(BROKEN_SETRESUID)
+                 AC_MSG_RESULT(not implemented)]
+        )
+])
+
+AC_CHECK_FUNCS(setresgid, [
+        dnl Some platorms have setresgid that isn't implemented, test for this
+        AC_MSG_CHECKING(if setresgid seems to work)
+        AC_TRY_RUN([
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+                ],
+                [AC_MSG_RESULT(yes)],
+                [AC_DEFINE(BROKEN_SETRESGID)
+                 AC_MSG_RESULT(not implemented)]
+        )
+])
+
 dnl    Checks for time functions
 AC_CHECK_FUNCS(gettimeofday time)
 dnl    Checks for utmp functions
@@ -748,12 +867,12 @@ dnl    Checks for utmpx functions
 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
 
-AC_CHECK_FUNC(daemon, 
+AC_CHECK_FUNC(daemon,
         [AC_DEFINE(HAVE_DAEMON)],
         [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
 )
 
-AC_CHECK_FUNC(getpagesize, 
+AC_CHECK_FUNC(getpagesize,
         [AC_DEFINE(HAVE_GETPAGESIZE)],
         [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
 )
@@ -766,7 +885,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
 #include <stdio.h>
 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
                 ],
-                [AC_MSG_RESULT(yes)], 
+                [AC_MSG_RESULT(yes)],
                 [
                         AC_MSG_RESULT(no)
                         AC_DEFINE(BROKEN_SNPRINTF)
@@ -790,14 +909,14 @@ unlink(template); exit(0);
         [
                 AC_MSG_RESULT(no)
         ],
-        [ 
+        [
                 AC_MSG_RESULT(yes)
                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
         ],
         [
                 AC_MSG_RESULT(yes)
                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
-        ] 
+        ]
 )
 fi
 
@@ -822,7 +941,7 @@ main()
                 exit(1);
         } else if (pid > 0) {   /* parent */
                 waitpid(pid, &status, 0);
-                if (WIFEXITED(status)) 
+                if (WIFEXITED(status))
                         exit(WEXITSTATUS(status));
                 else
                         exit(2);
@@ -856,7 +975,8 @@ AC_ARG_WITH(pam,
         [  --with-pam              Enable PAM support ],
         [
                 if test "x$withval" != "xno" ; then
-                        if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
+                        if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+                           test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
                                 AC_MSG_ERROR([PAM headers not found])
                         fi
 
@@ -865,7 +985,6 @@ AC_ARG_WITH(pam,
                         AC_CHECK_FUNCS(pam_getenvlist)
                         AC_CHECK_FUNCS(pam_putenv)
 
-                        disable_shadow=yes
                         PAM_MSG="yes"
 
                         AC_DEFINE(USE_PAM)
@@ -886,9 +1005,13 @@ if test "x$PAM_MSG" = "xyes" ; then
         AC_TRY_COMPILE(
                 [
 #include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
 #include <security/pam_appl.h>
-                ], 
-                [(void)pam_strerror((pam_handle_t *)NULL, -1);], 
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+                ],
+                [(void)pam_strerror((pam_handle_t *)NULL, -1);],
                 [AC_MSG_RESULT(no)],
                 [
                         AC_DEFINE(HAVE_OLD_PAM)
@@ -898,12 +1021,6 @@ if test "x$PAM_MSG" = "xyes" ; then
         )
 fi
 
-# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
-# because the system crypt() is more featureful.
-if test "x$check_for_libcrypt_before" = "x1"; then
-        AC_CHECK_LIB(crypt, crypt)
-fi
-
 # Search for OpenSSL
 saved_CPPFLAGS="$CPPFLAGS"
 saved_LDFLAGS="$LDFLAGS"
@@ -932,7 +1049,7 @@ AC_ARG_WITH(ssl-dir,
                 fi
         ]
 )
-LIBS="$LIBS -lcrypto"
+LIBS="-lcrypto $LIBS"
 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
         [
                 dnl Check default openssl install dir
@@ -959,12 +1076,12 @@ AC_TRY_RUN(
 #include <openssl/opensslv.h>
 #define DATA "conftest.sslincver"
 int main(void) {
-        FILE *fd;
-        int rc;
+        FILE *fd;
+        int rc;
 
-        fd = fopen(DATA,"w");
-        if(fd == NULL)
-                exit(1);
+        fd = fopen(DATA,"w");
+        if(fd == NULL)
+                exit(1);
 
         if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
                 exit(1);
@@ -992,12 +1109,12 @@ AC_TRY_RUN(
 #include <openssl/crypto.h>
 #define DATA "conftest.ssllibver"
 int main(void) {
-        FILE *fd;
-        int rc;
+        FILE *fd;
+        int rc;
 
-        fd = fopen(DATA,"w");
-        if(fd == NULL)
-                exit(1);
+        fd = fopen(DATA,"w");
+        if(fd == NULL)
+                exit(1);
 
         if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
                 exit(1);
@@ -1034,8 +1151,14 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.])
         ]
 )
 
-# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 
-# version in OpenSSL. Skip this for PAM
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+        AC_CHECK_LIB(crypt, crypt)
+fi
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
+# version in OpenSSL.
 if test "x$check_for_libcrypt_later" = "x1"; then
         AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
 fi
@@ -1069,7 +1192,7 @@ AC_ARG_WITH(rand-helper,
         [  --with-rand-helper      Use subprocess to gather strong randomness ],
         [
                 if test "x$withval" = "xno" ; then
-                        # Force use of OpenSSL's internal RNG, even if 
+                        # Force use of OpenSSL's internal RNG, even if
                         # the previous test showed it to be unseeded.
                         if test -z "$OPENSSL_SEEDS_ITSELF" ; then
                                 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
@@ -1206,7 +1329,7 @@ test -d /sbin && PATH=$PATH:/sbin
 test -d /usr/sbin && PATH=$PATH:/usr/sbin
 PATH=$PATH:/etc:$OPATH
 
-# These programs are used by the command hashing source to gather entropy 
+# These programs are used by the command hashing source to gather entropy
 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
@@ -1262,8 +1385,8 @@ fi
 # More checks for data types
 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
         AC_TRY_COMPILE(
-                [ #include <sys/types.h> ], 
-                [ u_int a; a = 1;], 
+                [ #include <sys/types.h> ],
+                [ u_int a; a = 1;],
                 [ ac_cv_have_u_int="yes" ],
                 [ ac_cv_have_u_int="no" ]
         )
@@ -1275,8 +1398,8 @@ fi
 
 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
         AC_TRY_COMPILE(
-                [ #include <sys/types.h> ], 
-                [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], 
+                [ #include <sys/types.h> ],
+                [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
                 [ ac_cv_have_intxx_t="yes" ],
                 [ ac_cv_have_intxx_t="no" ]
         )
@@ -1287,12 +1410,12 @@ if test "x$ac_cv_have_intxx_t" = "xyes" ; then
 fi
 
 if (test -z "$have_intxx_t" && \
-           test "x$ac_cv_header_stdint_h" = "xyes")
+           test "x$ac_cv_header_stdint_h" = "xyes")
 then
     AC_MSG_CHECKING([for intXX_t types in stdint.h])
         AC_TRY_COMPILE(
-                [ #include <stdint.h> ], 
-                [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], 
+                [ #include <stdint.h> ],
+                [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
                 [
                         AC_DEFINE(HAVE_INTXX_T)
                         AC_MSG_RESULT(yes)
@@ -1312,8 +1435,8 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
 #ifdef HAVE_SYS_BITYPES_H
 # include <sys/bitypes.h>
 #endif
-                ], 
-                [ int64_t a; a = 1;], 
+                ],
+                [ int64_t a; a = 1;],
                 [ ac_cv_have_int64_t="yes" ],
                 [ ac_cv_have_int64_t="no" ]
         )
@@ -1324,8 +1447,8 @@ fi
 
 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
         AC_TRY_COMPILE(
-                [ #include <sys/types.h> ], 
-                [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], 
+                [ #include <sys/types.h> ],
+                [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
                 [ ac_cv_have_u_intxx_t="yes" ],
                 [ ac_cv_have_u_intxx_t="no" ]
         )
@@ -1338,8 +1461,8 @@ fi
 if test -z "$have_u_intxx_t" ; then
     AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
         AC_TRY_COMPILE(
-                [ #include <sys/socket.h> ], 
-                [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], 
+                [ #include <sys/socket.h> ],
+                [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
                 [
                         AC_DEFINE(HAVE_U_INTXX_T)
                         AC_MSG_RESULT(yes)
@@ -1350,8 +1473,8 @@ fi
 
 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
         AC_TRY_COMPILE(
-                [ #include <sys/types.h> ], 
-                [ u_int64_t a; a = 1;], 
+                [ #include <sys/types.h> ],
+                [ u_int64_t a; a = 1;],
                 [ ac_cv_have_u_int64_t="yes" ],
                 [ ac_cv_have_u_int64_t="no" ]
         )
@@ -1364,7 +1487,7 @@ fi
 if test -z "$have_u_int64_t" ; then
     AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
         AC_TRY_COMPILE(
-                [ #include <sys/bitypes.h> ], 
+                [ #include <sys/bitypes.h> ],
                 [ u_int64_t a; a = 1],
                 [
                         AC_DEFINE(HAVE_U_INT64_T)
@@ -1379,8 +1502,8 @@ if test -z "$have_u_intxx_t" ; then
                 AC_TRY_COMPILE(
                         [
 #include <sys/types.h>
-                        ], 
-                        [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], 
+                        ],
+                        [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
                         [ ac_cv_have_uintxx_t="yes" ],
                         [ ac_cv_have_uintxx_t="no" ]
                 )
@@ -1393,8 +1516,8 @@ fi
 if test -z "$have_uintxx_t" ; then
     AC_MSG_CHECKING([for uintXX_t types in stdint.h])
         AC_TRY_COMPILE(
-                [ #include <stdint.h> ], 
-                [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], 
+                [ #include <stdint.h> ],
+                [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
                 [
                         AC_DEFINE(HAVE_UINTXX_T)
                         AC_MSG_RESULT(yes)
@@ -1404,25 +1527,25 @@ if test -z "$have_uintxx_t" ; then
 fi
 
 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
-           test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+           test "x$ac_cv_header_sys_bitypes_h" = "xyes")
 then
         AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
         AC_TRY_COMPILE(
                 [
 #include <sys/bitypes.h>
-                ], 
+                ],
                 [
                         int8_t a; int16_t b; int32_t c;
                         u_int8_t e; u_int16_t f; u_int32_t g;
                         a = b = c = e = f = g = 1;
-                ], 
+                ],
                 [
                         AC_DEFINE(HAVE_U_INTXX_T)
                         AC_DEFINE(HAVE_INTXX_T)
                         AC_MSG_RESULT(yes)
                 ],
                 [AC_MSG_RESULT(no)]
-        ) 
+        )
 fi
 
 
@@ -1603,8 +1726,8 @@ fi
 
 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
         AC_TRY_COMPILE(
-                [ #include <sys/time.h> ], 
-                [ struct timeval tv; tv.tv_sec = 1;], 
+                [ #include <sys/time.h> ],
+                [ struct timeval tv; tv.tv_sec = 1;],
                 [ ac_cv_have_struct_timeval="yes" ],
                 [ ac_cv_have_struct_timeval="no" ]
         )
@@ -1644,7 +1767,7 @@ main()
         strcpy(expected_out, "9223372036854775807");
         snprintf(buf, mazsize, "%lld", num);
         if(strcmp(buf, expected_out) != 0)
-                exit(1);
+                exit(1);
         exit(0);
 }
 #else
@@ -1802,8 +1925,8 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
 fi
 
 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
-        AC_TRY_LINK([], 
-                [ extern char *__progname; printf("%s", __progname); ], 
+        AC_TRY_LINK([],
+                [ extern char *__progname; printf("%s", __progname); ],
                 [ ac_cv_libc_defines___progname="yes" ],
                 [ ac_cv_libc_defines___progname="no" ]
         )
@@ -1815,8 +1938,8 @@ fi
 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
         AC_TRY_LINK([
 #include <stdio.h>
-], 
-                [ printf("%s", __FUNCTION__); ], 
+],
+                [ printf("%s", __FUNCTION__); ],
                 [ ac_cv_cc_implements___FUNCTION__="yes" ],
                 [ ac_cv_cc_implements___FUNCTION__="no" ]
         )
@@ -1828,8 +1951,8 @@ fi
 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
         AC_TRY_LINK([
 #include <stdio.h>
-], 
-                [ printf("%s", __func__); ], 
+],
+                [ printf("%s", __func__); ],
                 [ ac_cv_cc_implements___func__="yes" ],
                 [ ac_cv_cc_implements___func__="no" ]
         )
@@ -1854,8 +1977,8 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
 fi
 
 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
-        AC_TRY_LINK([], 
-                [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], 
+        AC_TRY_LINK([],
+                [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
                 [ ac_cv_libc_defines_sys_errlist="yes" ],
                 [ ac_cv_libc_defines_sys_errlist="no" ]
         )
@@ -1866,8 +1989,8 @@ fi
 
 
 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
-        AC_TRY_LINK([], 
-                [ extern int sys_nerr; printf("%i", sys_nerr);], 
+        AC_TRY_LINK([],
+                [ extern int sys_nerr; printf("%i", sys_nerr);],
                 [ ac_cv_libc_defines_sys_nerr="yes" ],
                 [ ac_cv_libc_defines_sys_nerr="no" ]
         )
@@ -1876,7 +1999,7 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
         AC_DEFINE(HAVE_SYS_NERR)
 fi
 
-SCARD_MSG="no" 
+SCARD_MSG="no"
 # Check whether user wants sectok support
 AC_ARG_WITH(sectok,
         [  --with-sectok           Enable smartcard support using libsectok],
@@ -1902,7 +2025,7 @@ AC_ARG_WITH(sectok,
                         fi
                         AC_DEFINE(SMARTCARD)
                         AC_DEFINE(USE_SECTOK)
-                        SCARD_MSG="yes, using sectok" 
+                        SCARD_MSG="yes, using sectok"
                 fi
         ]
 )
@@ -1922,65 +2045,76 @@ if test x$opensc_config_prefix != x ; then
     LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
     AC_DEFINE(SMARTCARD)
     AC_DEFINE(USE_OPENSC)
-    SCARD_MSG="yes, using OpenSC" 
+    SCARD_MSG="yes, using OpenSC"
   fi
 fi
 
-# Check whether user wants DNS support
-DNS_MSG="no" 
-AC_ARG_WITH(dns,
-        [  --with-dns              Support for fetching keys from DNS (experimental)],
+# Check libraries needed by DNS fingerprint support
+AC_SEARCH_LIBS(getrrsetbyname, resolv,
+        [AC_DEFINE(HAVE_GETRRSETBYNAME)],
         [
-                if test "x$withval" != "xno" ; then
-                        DNS_MSG="yes"
-                        AC_DEFINE(DNS)
-                        AC_SEARCH_LIBS(getrrsetbyname, resolv, 
-                                [AC_DEFINE(HAVE_GETRRSETBYNAME)],
-                                [
-                                        # Needed by our getrrsetbyname()
-                                        AC_SEARCH_LIBS(res_query, resolv)
-                                        AC_SEARCH_LIBS(dn_expand, resolv)
-                                        AC_CHECK_FUNCS(_getshort _getlong)
-                                        AC_CHECK_MEMBER(HEADER.ad,
-                                                [AC_DEFINE(HAVE_HEADER_AD)],,
-                                                [#include <arpa/nameser.h>])
-                                ])
-                fi
-        ]
-)
+                # Needed by our getrrsetbyname()
+                AC_SEARCH_LIBS(res_query, resolv)
+                AC_SEARCH_LIBS(dn_expand, resolv)
+                AC_CHECK_FUNCS(_getshort _getlong)
+                AC_CHECK_MEMBER(HEADER.ad,
+                        [AC_DEFINE(HAVE_HEADER_AD)],,
+                        [#include <arpa/nameser.h>])
+        ])
 
 # Check whether user wants Kerberos 5 support
-KRB5_MSG="no" 
+KRB5_MSG="no"
 AC_ARG_WITH(kerberos5,
-        [  --with-kerberos5=PATH   Enable Kerberos 5 support],
-        [
-                if test "x$withval" != "xno" ; then
-                        if test "x$withval" = "xyes" ; then
-                                KRB5ROOT="/usr/local"
-                        else
-                                KRB5ROOT=${withval}
-                        fi
+        [  --with-kerberos5=PATH   Enable Kerberos 5 support],
+        [ if test "x$withval" != "xno" ; then
+                if test "x$withval" = "xyes" ; then
+                        KRB5ROOT="/usr/local"
+                else
+                        KRB5ROOT=${withval}
+                fi
+
+                AC_DEFINE(KRB5)
+                KRB5_MSG="yes"
+
+                AC_MSG_CHECKING(for krb5-config)
+                if test -x  $KRB5ROOT/bin/krb5-config ; then
+                        KRB5CONF=$KRB5ROOT/bin/krb5-config
+                        AC_MSG_RESULT($KRB5CONF)
+
+                        AC_MSG_CHECKING(for gssapi support)
+                        if $KRB5CONF | grep gssapi >/dev/null ; then
+                                AC_MSG_RESULT(yes)
+                                AC_DEFINE(GSSAPI)
+                                k5confopts=gssapi
+                        else
+                                AC_MSG_RESULT(no)
+                                k5confopts=""
+                        fi
+                        K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
+                        K5LIBS="`$KRB5CONF --libs $k5confopts`"
+                        CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+                        AC_MSG_CHECKING(whether we are using Heimdal)
+                        AC_TRY_COMPILE([ #include <krb5.h> ],
+                                       [ char *tmp = heimdal_version; ],
+                                       [ AC_MSG_RESULT(yes)
+                                         AC_DEFINE(HEIMDAL) ],
+                                         AC_MSG_RESULT(no)
+                        )
+                else
+                        AC_MSG_RESULT(no)
                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-                        LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
-                        AC_DEFINE(KRB5)
-                        KRB5_MSG="yes"
-                        AC_MSG_CHECKING(whether we are using Heimdal)
-                        AC_TRY_COMPILE([ #include <krb5.h> ],
-                                       [ char *tmp = heimdal_version; ],
-                                       [ AC_MSG_RESULT(yes)
-                                         AC_DEFINE(HEIMDAL)
-                                         K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
-                                       ],
-                                       [ AC_MSG_RESULT(no)
-                                         K5LIBS="-lkrb5 -lk5crypto -lcom_err"
-                                       ]
-                        )
-                        if test ! -z "$need_dash_r" ; then
-                                LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
-                        fi
-                        if test ! -z "$blibpath" ; then
-                                blibpath="$blibpath:${KRB5ROOT}/lib"
-                        fi
+                        LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+                        AC_MSG_CHECKING(whether we are using Heimdal)
+                        AC_TRY_COMPILE([ #include <krb5.h> ],
+                                       [ char *tmp = heimdal_version; ],
+                                       [ AC_MSG_RESULT(yes)
+                                         AC_DEFINE(HEIMDAL)
+                                         K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+                                       ],
+                                       [ AC_MSG_RESULT(no)
+                                         K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+                                       ]
+                        )
                         AC_SEARCH_LIBS(dn_expand, resolv)
 
                         AC_CHECK_LIB(gssapi,gss_init_sec_context,
@@ -1988,7 +2122,7 @@ AC_ARG_WITH(kerberos5,
                                   K5LIBS="-lgssapi $K5LIBS" ],
                                 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
                                         [ AC_DEFINE(GSSAPI)
-                                          K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+                                          K5LIBS="-lgssapi_krb5 $K5LIBS" ],
                                         AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
                                         $K5LIBS)
                                 ],
@@ -1996,10 +2130,10 @@ AC_ARG_WITH(kerberos5,
                         
                         AC_CHECK_HEADER(gssapi.h, ,
                                 [ unset ac_cv_header_gssapi_h
-                                  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 
+                                  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
                                   AC_CHECK_HEADERS(gssapi.h, ,
                                         AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
-                                  ) 
+                                  )
                                 ]
                         )
 
@@ -2008,11 +2142,23 @@ AC_ARG_WITH(kerberos5,
                         AC_CHECK_HEADER(gssapi_krb5.h, ,
                                         [ CPPFLAGS="$oldCPP" ])
 
-                        KRB5=yes
-                fi
-        ]
+                fi
+                if test ! -z "$need_dash_r" ; then
+                        LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+                fi
+                if test ! -z "$blibpath" ; then
+                        blibpath="$blibpath:${KRB5ROOT}/lib"
+                fi
+        fi
+
+        AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
+        AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
+        AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+
+        LIBS="$LIBS $K5LIBS"
+        AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
+        ]
 )
-LIBS="$LIBS $K5LIBS"
 
 # Looking for programs, paths and files
 
@@ -2075,7 +2221,7 @@ fi
 
 if test -z "$no_dev_ptmx" ; then
         if test "x$disable_ptmx_check" != "xyes" ; then
-                AC_CHECK_FILE("/dev/ptmx", 
+                AC_CHECK_FILE("/dev/ptmx",
                         [
                                 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
                                 have_dev_ptmx=1
@@ -2083,7 +2229,7 @@ if test -z "$no_dev_ptmx" ; then
                 )
         fi
 fi
-AC_CHECK_FILE("/dev/ptc", 
+AC_CHECK_FILE("/dev/ptc",
         [
                 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
                 have_dev_ptc=1
@@ -2124,13 +2270,13 @@ fi
 AC_SUBST(mansubdir)
 
 # Check whether to enable MD5 passwords
-MD5_MSG="no" 
+MD5_MSG="no"
 AC_ARG_WITH(md5-passwords,
         [  --with-md5-passwords    Enable use of MD5 passwords],
         [
                 if test "x$withval" != "xno" ; then
                         AC_DEFINE(HAVE_MD5_PASSWORDS)
-                        MD5_MSG="yes" 
+                        MD5_MSG="yes"
                 fi
         ]
 )
@@ -2170,24 +2316,28 @@ if test ! -z "$IPADDR_IN_DISPLAY" ; then
         DISPLAY_HACK_MSG="yes"
         AC_DEFINE(IPADDR_IN_DISPLAY)
 else
-        DISPLAY_HACK_MSG="no" 
+        DISPLAY_HACK_MSG="no"
         AC_ARG_WITH(ipaddr-display,
                 [  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
                 [
                         if test "x$withval" != "xno" ; then     
                                 AC_DEFINE(IPADDR_IN_DISPLAY)
-                                DISPLAY_HACK_MSG="yes" 
+                                DISPLAY_HACK_MSG="yes"
                         fi
                 ]
         )
 fi
 
 # check for /etc/default/login and use it if present.
+AC_ARG_ENABLE(etc-default-login,
+        [  --disable-etc-default-login       Disable using PATH from /etc/default/login [no]],,
+[
 AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
 
 if test "x$external_path_file" = "x/etc/default/login"; then
         AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
 fi
+])
 
 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
 if test $ac_cv_func_login_getcapbool = "yes" -a \
@@ -2196,7 +2346,7 @@ if test $ac_cv_func_login_getcapbool = "yes" -a \
 fi
 
 # Whether to mess with the default path
-SERVER_PATH_MSG="(default)" 
+SERVER_PATH_MSG="(default)"
 AC_ARG_WITH(default-path,
         [  --with-default-path=    Specify default \$PATH environment for server],
         [
@@ -2211,7 +2361,7 @@ Edit /etc/login.conf instead.])
 $external_path_file .])
                         fi
                         user_path="$withval"
-                        SERVER_PATH_MSG="$withval" 
+                        SERVER_PATH_MSG="$withval"
                 fi
         ],
         [ if test "x$external_path_file" = "x/etc/login.conf" ; then
@@ -2295,14 +2445,14 @@ AC_ARG_WITH(superuser-path,
 
 
 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
-IPV4_IN6_HACK_MSG="no" 
+IPV4_IN6_HACK_MSG="no"
 AC_ARG_WITH(4in6,
         [  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
         [
                 if test "x$withval" != "xno" ; then
                         AC_MSG_RESULT(yes)
                         AC_DEFINE(IPV4_IN_IPV6)
-                        IPV4_IN6_HACK_MSG="yes" 
+                        IPV4_IN6_HACK_MSG="yes"
                 else
                         AC_MSG_RESULT(no)
                 fi
@@ -2310,7 +2460,7 @@ AC_ARG_WITH(4in6,
                 if test "x$inet6_default_4in6" = "xyes"; then
                         AC_MSG_RESULT([yes (default)])
                         AC_DEFINE(IPV4_IN_IPV6)
-                        IPV4_IN6_HACK_MSG="yes" 
+                        IPV4_IN6_HACK_MSG="yes"
                 else
                         AC_MSG_RESULT([no (default)])
                 fi
@@ -2335,7 +2485,7 @@ piddir=/var/run
 if test ! -d $piddir ; then     
         piddir=`eval echo ${sysconfdir}`
         case $piddir in
-                NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+                NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
         esac
 fi
 
@@ -2407,7 +2557,7 @@ AC_ARG_ENABLE(pututline,
         [  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
         [
                 if test "x$enableval" = "xno" ; then
-                        AC_DEFINE(DISABLE_PUTUTLINE) 
+                        AC_DEFINE(DISABLE_PUTUTLINE)
                 fi
         ]
 )
@@ -2661,7 +2811,6 @@ if test ! -z "$superuser_path" ; then
 echo "          sshd superuser user PATH: $J"
 fi
 echo "                    Manpage format: $MANTYPE"
-echo "                       DNS support: $DNS_MSG"
 echo "                       PAM support: $PAM_MSG"
 echo "                 KerberosV support: $KRB5_MSG"
 echo "                 Smartcard support: $SCARD_MSG"
@@ -2690,7 +2839,7 @@ echo ""
 if test "x$PAM_MSG" = "xyes" ; then
         echo "PAM is enabled. You may need to install a PAM control file "
         echo "for sshd, otherwise password authentication may fail. "
-        echo "Example PAM control files can be found in the contrib/ " 
+        echo "Example PAM control files can be found in the contrib/ "
         echo "subdirectory"
         echo ""
 fi
diff --git a/contrib/README b/contrib/README
index 67dbbd277..9de3d961d 100644
--- a/contrib/README
+++ b/contrib/README
@@ -1,4 +1,4 @@
-Other patches and addons for OpenSSH. Please send submissions to 
+Other patches and addons for OpenSSH. Please send submissions to
 djm@mindrot.org
 
 Externally maintained
@@ -7,7 +7,7 @@ Externally maintained
 SSH Proxy Command -- connect.c
 
 Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
-which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or 
+which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
 https CONNECT style proxy server. His page for connect.c has extensive
 documentation on its use as well as compiled versions for Win32.
 
@@ -47,7 +47,7 @@ Dominik Brettnacher <domi@saargate.de>
 mdoc2man.pl:
 
 Converts mdoc formated manpages into normal manpages.  This can be used
-on Solaris machines to provide manpages that are not preformated. 
+on Solaris machines to provide manpages that are not preformated.
 Contributed by Mark D. Roth <roth@feep.net>
 
 redhat:
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 727ac446d..4a5c32b0e 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -1,12 +1,12 @@
 #!/bin/sh
 #
 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
-# $Id: buildbff.sh,v 1.6 2003/08/25 05:01:04 dtucker Exp $
+# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $
 #
 # Author: Darren Tucker (dtucker at zip dot com dot au)
 # This file is placed in the public domain and comes with absolutely
 # no warranty.
-# 
+#
 # Based originally on Ben Lindstrom's buildpkg.sh for Solaris
 #
 
@@ -45,7 +45,7 @@ fi
 if [ ! -f Makefile ]
 then
         echo "Makefile not found (did you run configure?)"
-        exit 1 
+        exit 1
 fi
 
 #
@@ -96,12 +96,12 @@ then
         PRIVSEP_PATH=/var/empty
 fi
 
-# Clean package build directory 
+# Clean package build directory
 rm -rf $objdir/$PKGDIR
 FAKE_ROOT=$objdir/$PKGDIR/root
 mkdir -p $FAKE_ROOT
 
-# Start by faking root install 
+# Start by faking root install
 echo "Faking root install..."
 cd $objdir
 make install-nokeys DESTDIR=$FAKE_ROOT
@@ -136,15 +136,15 @@ echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
 #
 # Set ssh and sshd parameters as per config.local
 #
-if [ "${PERMIT_ROOT_LOGIN}" = no ] 
+if [ "${PERMIT_ROOT_LOGIN}" = no ]
 then
-        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
-                $FAKE_ROOT/${sysconfdir}/sshd_config
+        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
 fi
 if [ "${X11_FORWARDING}" = yes ]
 then
-        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
-                $FAKE_ROOT/${sysconfdir}/sshd_config
+        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
 fi
 
 
@@ -190,13 +190,13 @@ cat <<EOF >>../openssh.post_i
 echo Creating configs from defaults if necessary.
 for cfgfile in ssh_config sshd_config ssh_prng_cmds
 do
-        if [ ! -f $sysconfdir/\$cfgfile ]
-        then
-                echo "Creating \$cfgfile from default"
-                cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
-        else
-                echo "\$cfgfile already exists."
-        fi
+        if [ ! -f $sysconfdir/\$cfgfile ]
+        then
+                echo "Creating \$cfgfile from default"
+                cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
+        else
+                echo "\$cfgfile already exists."
+        fi
 done
 echo
 
@@ -244,19 +244,19 @@ echo
 # Generate keys unless they already exist
 echo Creating host keys if required.
 if [ -f "$sysconfdir/ssh_host_key" ] ; then
-        echo "$sysconfdir/ssh_host_key already exists, skipping."
+        echo "$sysconfdir/ssh_host_key already exists, skipping."
 else
-        $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
+        $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
 fi
 if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
-        echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
+        echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
 else
-        $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
+        $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
 fi
 if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
-        echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
-else 
-        $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
+        echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
+else
+        $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
 fi
 echo
 
@@ -369,7 +369,7 @@ echo Creating $PKGNAME-$VERSION.bff with backup...
 rm -f $PKGNAME-$VERSION.bff
 (
         echo "./lpp_name"
-        find . ! -name lpp_name -a ! -name . -print 
+        find . ! -name lpp_name -a ! -name . -print
 ) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist
 
 #
diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh
index 4f408e678..e2641e79c 100755
--- a/contrib/aix/inventory.sh
+++ b/contrib/aix/inventory.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # inventory.sh
-# $Id: inventory.sh,v 1.5 2003/08/26 03:43:13 dtucker Exp $
+# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $
 #
 # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
 # This file is placed into the public domain.
@@ -59,5 +59,5 @@ find . ! -name . -print | perl -ne '{
         } elsif ( -d $_ ) {
                 # Entry is Directory
                 print "\ttype=DIRECTORY\n";
-        } 
+        }
 }'
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 97d6adf51..599244b5d 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,11 +17,11 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
 %if %{use_stable}
-  %define version       3.7p1
+  %define version       3.8p1
   %define cvs           %{nil}
   %define release       1
 %else
-  %define version       2.9.9p2
+  %define version       3.8p1
   %define cvs           cvs20011009
   %define release       0r1
 %endif
@@ -180,7 +180,6 @@ CFLAGS="$RPM_OPT_FLAGS" \
 %configure \
             --with-pam \
             --with-tcp-wrappers \
-            --with-ipv4-default \
             --with-privsep-path=%{_var}/empty/sshd \
             #leave this line for easy edits.
 
@@ -364,4 +363,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
 
-$Id: openssh.spec,v 1.43.2.2 2003/09/16 06:02:40 djm Exp $
+$Id: openssh.spec,v 1.48 2004/02/24 05:00:04 djm Exp $
diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen
index 28a97b9b4..3c5c17182 100755
--- a/contrib/caldera/ssh-host-keygen
+++ b/contrib/caldera/ssh-host-keygen
@@ -1,6 +1,6 @@
 #! /bin/sh
 #
-# $Id: ssh-host-keygen,v 1.1 2001/04/27 05:50:50 tim Exp $
+# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $
 #
 # This script is normally run only *once* for a given host
 # (in a given period of time) -- on updates/upgrades/recovery
@@ -12,7 +12,7 @@ keydir=@sysconfdir@
 keygen=@sshkeygen@
 
 if [ -f $keydir/ssh_host_key -o \
-             -f $keydir/ssh_host_key.pub ]; then
+             -f $keydir/ssh_host_key.pub ]; then
   echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
 else
   echo "Generating 1024 bit SSH1 RSA host key."
@@ -20,7 +20,7 @@ else
 fi
 
 if [ -f $keydir/ssh_host_rsa_key -o \
-             -f $keydir/ssh_host_rsa_key.pub ]; then
+             -f $keydir/ssh_host_rsa_key.pub ]; then
   echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
 else
   echo "Generating 1024 bit SSH2 RSA host key."
@@ -28,7 +28,7 @@ else
 fi
 
 if [ -f $keydir/ssh_host_dsa_key -o \
-             -f $keydir/ssh_host_dsa_key.pub ]; then
+             -f $keydir/ssh_host_dsa_key.pub ]; then
   echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
 else
   echo "Generating SSH2 DSA host key."
diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init
index 90b36379a..983146f4f 100755
--- a/contrib/caldera/sshd.init
+++ b/contrib/caldera/sshd.init
@@ -1,6 +1,6 @@
 #! /bin/bash
 #
-# $Id: sshd.init,v 1.3 2001/11/03 19:09:33 tim Exp $
+# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
 #
 ### BEGIN INIT INFO
 # Provides:
@@ -64,11 +64,11 @@ case "$1" in
   SVIemptyConfig @sysconfdir@/sshd_config && exit 6
 
   if [ ! \( -f @sysconfdir@/ssh_host_key -a            \
-            -f @sysconfdir@/ssh_host_key.pub \) -a     \
+            -f @sysconfdir@/ssh_host_key.pub \) -a     \
        ! \( -f @sysconfdir@/ssh_host_rsa_key -a        \
-            -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
+            -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
        ! \( -f @sysconfdir@/ssh_host_dsa_key -a        \
-            -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
+            -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
 
     echo "$SVIsubsys: host key not initialized: skipped!"
     echo "$SVIsubsys: use ssh-host-keygen to generate one!"
diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile
new file mode 100644
index 000000000..09e8ea2db
--- /dev/null
+++ b/contrib/cygwin/Makefile
@@ -0,0 +1,56 @@
+srcdir=../..
+prefix=/usr
+exec_prefix=$(prefix)
+bindir=$(prefix)/bin
+datadir=$(prefix)/share
+docdir=$(datadir)/doc
+sshdocdir=$(docdir)/openssh
+cygdocdir=$(docdir)/Cygwin
+sysconfdir=/etc
+defaultsdir=$(sysconfdir)/defaults/etc
+PRIVSEP_PATH=/var/empty
+INSTALL=/usr/bin/install -c
+
+DESTDIR=
+
+all:
+        @echo
+        @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
+        @echo "Be sure having DESTDIR set correctly!"
+        @echo
+
+move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
+        $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
+        mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
+        mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
+
+remove-empty-dir:
+        rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+
+install-sshdoc:
+        $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
+        $(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
+        $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
+        $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
+        $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+        $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
+        $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+        $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
+        $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
+        $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
+        $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
+        $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
+
+install-cygwindoc: README
+        $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
+        $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
+
+install-doc: install-sshdoc install-cygwindoc
+
+install-scripts: ssh-host-config ssh-user-config
+        $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+        $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
+        $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
+
+cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
+        @echo "Cygwin specific configuration finished."
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index ec58964c9..fc0a2f69b 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -1,4 +1,49 @@
-This package is the actual port of OpenSSH to Cygwin 1.5.
+This package describes important Cygwin specific stuff concerning OpenSSH.
+
+The binary package is usually built for recent Cygwin versions and might
+not run on older versions.  Please check http://cygwin.com/ for information
+about current Cygwin releases.
+
+Build instructions are at the end of the file.
+
+===========================================================================
+Important change since 3.7.1p2-2:
+
+The ssh-host-config file doesn't create the /etc/ssh_config and
+/etc/sshd_config files from builtin here-scripts anymore, but it uses
+skeleton files installed in /etc/defaults/etc.
+
+Also it now tries hard to create appropriate permissions on files.
+Same applies for ssh-user-config.
+
+After creating the sshd service with ssh-host-config, it's advisable to
+call ssh-user-config for all affected users, also already exising user
+configurations.  In the latter case, file and directory permissions are
+checked and changed, if requireed to match the host configuration.
+
+Important note for Windows 2003 Server users:
+---------------------------------------------
+
+2003 Server has a funny new feature.  When starting services under SYSTEM
+account, these services have nearly all user rights which SYSTEM holds...
+except for the "Create a token object" right, which is needed to allow
+public key authentication :-(
+
+There's no way around this, except for creating a substitute account which
+has the appropriate privileges.  Basically, this account should be member
+of the administrators group, plus it should have the following user rights:
+
+        Create a token object
+        Logon as a service
+        Replace a process level token
+        Increase Quota
+
+The ssh-host-config script asks you, if it should create such an account,
+called "sshd_server".  If you say "no" here, you're on your own.  Please
+follow the instruction in ssh-host-config exactly if possible.  Note that
+ssh-user-config sets the permissions on 2003 Server machines dependent of
+whether a sshd_server account exists or not.
+===========================================================================
 
 ===========================================================================
 Important change since 3.4p1-2:
@@ -58,7 +103,7 @@ features of the FAT/FAT32 filesystems.
 
 If you are installing OpenSSH the first time, you can generate global config
 files and server keys by running
-   
+
    /usr/bin/ssh-host-config
 
 Note that this binary archive doesn't contain default config files in /etc.
@@ -73,10 +118,12 @@ some options:
 
 usage: ssh-host-config [OPTION]...
 Options:
-    --debug      -d        Enable shell's debug output.
-    --yes        -y        Answer all questions with "yes" automatically.
-    --no         -n        Answer all questions with "no" automatically.
-    --port       -p <n>    sshd listens on port n.
+    --debug  -d            Enable shell's debug output.
+    --yes    -y            Answer all questions with "yes" automatically.
+    --no     -n            Answer all questions with "no" automatically.
+    --cygwin -c <options>  Use "options" as value for CYGWIN environment var.
+    --port   -p <n>        sshd listens on port n.
+    --pwd    -w <passwd>   Use "pwd" as password for user 'sshd_server'.
 
 Additionally ssh-host-config now asks if it should install sshd as a
 service when running under NT/W2K. This requires cygrunsrv installed.
@@ -114,54 +161,6 @@ ${SYSTEMROOT}/system32/drivers/etc/services file:
 
    ssh         22/tcp          #SSH daemon
 
-===========================================================================
-The following restrictions only apply to Cygwin versions up to 1.3.1
-===========================================================================
-
-Authentication to sshd is possible in one of two ways.
-You'll have to decide before starting sshd!
-
-- If you want to authenticate via RSA and you want to login to that
-  machine to exactly one user account you can do so by running sshd
-  under that user account. You must change /etc/sshd_config
-  to contain the following:
-
-  RSAAuthentication yes
-
-  Moreover it's possible to use rhosts and/or rhosts with
-  RSA authentication by setting the following in sshd_config:
-
-  RhostsAuthentication yes
-  RhostsRSAAuthentication yes
-
-- If you want to be able to login to different user accounts you'll
-  have to start sshd under system account or any other account that
-  is able to switch user context. Note that administrators are _not_
-  able to do that by default! You'll have to give the following
-  special user rights to the user:
-  "Act as part of the operating system"
-  "Replace process level token"
-  "Increase quotas"
-  and if used via service manager
-  "Logon as a service".
-
-  The system account does of course own that user rights by default.
-
-  Unfortunately, if you choose that way, you can only logon with
-  NT password authentification and you should change
-  /etc/sshd_config to contain the following:
-
-    PasswordAuthentication yes
-    RhostsAuthentication no
-    RhostsRSAAuthentication no
-    RSAAuthentication no
-
-  However you can login to the user which has started sshd with
-  RSA authentication anyway. If you want that, change the RSA
-  authentication setting back to "yes":
-     
-    RSAAuthentication yes
-
 Please note that OpenSSH does never use the value of $HOME to
 search for the users configuration files! It always uses the
 value of the pw_dir field in /etc/passwd as the home directory.
@@ -169,7 +168,7 @@ If no home diretory is set in /etc/passwd, the root directory
 is used instead!
 
 You may use all features of the CYGWIN=ntsec setting the same
-way as they are used by the `login' port on sources.redhat.com:
+way as they are used by Cygwin's login(1) port:
 
   The pw_gecos field may contain an additional field, that begins
   with (upper case!) "U-", followed by the domain and the username
@@ -186,6 +185,8 @@ way as they are used by the `login' port on sources.redhat.com:
 
     locuser::1104:513:John Doe,U-user,S-1-5-21-...
 
+Note that the CYGWIN=ntsec setting is required for public key authentication.
+
 SSH2 server and user keys are generated by the `ssh-*-config' scripts
 as well.
 
@@ -194,15 +195,30 @@ configure are used for the Cygwin binary distribution:
 
         --prefix=/usr \
         --sysconfdir=/etc \
-        --libexecdir='${exec_prefix}/sbin'
-
-You must have installed the zlib and openssl packages to be able to
+        --libexecdir='$(sbindir)' \
+        --localstatedir=/var \
+        --datadir='$(prefix)/share' \
+        --mandir='$(datadir)/man' \
+        --with-tcp-wrappers
+
+If you want to create a Cygwin package, equivalent to the one
+in the Cygwin binary distribution, install like this:
+
+        mkdir /tmp/cygwin-ssh
+        cd $(builddir)
+        make install DESTDIR=/tmp/cygwin-ssh
+        cd $(srcdir)/contrib/cygwin
+        make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh
+        cd /tmp/cygwin-ssh
+        find * \! -type d | tar cvjfT my-openssh.tar.bz2 -
+        
+You must have installed the zlib and openssl-devel packages to be able to
 build OpenSSH!
 
 Please send requests, error reports etc. to cygwin@cygwin.com.
 
 Have fun,
 
-Corinna Vinschen <vinschen@redhat.com>
+Corinna Vinschen
 Cygwin Developer
 Red Hat Inc.
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index e9c56aea9..9c0dabf41 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
 #
-# ssh-host-config, Copyright 2000, Red Hat Inc.
+# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 
@@ -9,10 +9,7 @@ PREFIX=/usr
 
 # Directory where the config files are stored
 SYSCONFDIR=/etc
-
-# Subdirectory where an old package might be installed
-OLDPREFIX=/usr/local
-OLDSYSCONFDIR=${OLDPREFIX}/etc
+LOCALSTATEDIR=/var
 
 progname=$0
 auto_answer=""
@@ -27,9 +24,11 @@ request()
 {
   if [ "${auto_answer}" = "yes" ]
   then
+    echo "$1 (yes/no) yes"
     return 0
   elif [ "${auto_answer}" = "no" ]
   then
+    echo "$1 (yes/no) no"
     return 1
   fi
 
@@ -37,7 +36,7 @@ request()
   while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
   do
     echo -n "$1 (yes/no) "
-    read answer
+    read -e answer
   done
   if [ "X${answer}" = "Xyes" ]
   then
@@ -60,7 +59,7 @@ do
   option=$1
   shift
 
-  case "$option" in
+  case "${option}" in
   -d | --debug )
     set -x
     ;;
@@ -73,21 +72,33 @@ do
     auto_answer=no
     ;;
 
+  -c | --cygwin )
+    cygwin_value="$1"
+    shift
+    ;;
+
   -p | --port )
     port_number=$1
     shift
     ;;
 
+  -w | --pwd )
+    password_value="$1"
+    shift
+    ;;
+
   *)
     echo "usage: ${progname} [OPTION]..."
     echo
     echo "This script creates an OpenSSH host configuration."
     echo
     echo "Options:"
-    echo "    --debug  -d     Enable shell's debug output."
-    echo "    --yes    -y     Answer all questions with \"yes\" automatically."
-    echo "    --no     -n     Answer all questions with \"no\" automatically."
-    echo "    --port   -p <n> sshd listens on port n."
+    echo "  --debug  -d            Enable shell's debug output."
+    echo "  --yes    -y            Answer all questions with \"yes\" automatically."
+    echo "  --no     -n            Answer all questions with \"no\" automatically."
+    echo "  --cygwin -c <options>  Use \"options\" as value for CYGWIN environment var."
+    echo "  --port   -p <n>        sshd listens on port n."
+    echo "  --pwd    -w <passwd>   Use \"pwd\" as password for user 'sshd_server'."
     echo
     exit 1
     ;;
@@ -96,8 +107,13 @@ do
 done
 
 # Check if running on NT
-_sys="`uname -a`"
-_nt=`expr "$_sys" : "CYGWIN_NT"`
+_sys="`uname`"
+_nt=`expr "${_sys}" : "CYGWIN_NT"`
+# If running on NT, check if running under 2003 Server or later
+if [ ${_nt} -gt 0 ]
+then
+  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+fi
 
 # Check for running ssh/sshd processes first. Refuse to do anything while
 # some ssh processes are still running
@@ -137,87 +153,33 @@ fi
 
 # Create /var/log and /var/log/lastlog if not already existing
 
-if [ -f /var/log ]
+if [ -f ${LOCALSTATEDIR}/log ]
 then
-  echo "Creating /var/log failed\!"
+  echo "Creating ${LOCALSTATEDIR}/log failed!"
 else
-  if [ ! -d /var/log ]
+  if [ ! -d ${LOCALSTATEDIR}/log ]
   then
-    mkdir -p /var/log
+    mkdir -p ${LOCALSTATEDIR}/log
   fi
-  if [ -d /var/log/lastlog ]
+  if [ -d ${LOCALSTATEDIR}/log/lastlog ]
   then
-    echo "Creating /var/log/lastlog failed\!"
-  elif [ ! -f /var/log/lastlog ]
+    chmod 777 ${LOCALSTATEDIR}/log/lastlog
+  elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ]
   then
-    cat /dev/null > /var/log/lastlog
+    cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
+    chmod 666 ${LOCALSTATEDIR}/log/lastlog
   fi
 fi
 
 # Create /var/empty file used as chroot jail for privilege separation
-if [ -f /var/empty ]
+if [ -f ${LOCALSTATEDIR}/empty ]
 then
-  echo "Creating /var/empty failed\!"
+  echo "Creating ${LOCALSTATEDIR}/empty failed!"
 else
-  mkdir -p /var/empty
-  # On NT change ownership of that dir to user "system"
-  if [ $_nt -gt 0 ]
+  mkdir -p ${LOCALSTATEDIR}/empty
+  if [ ${_nt} -gt 0 ]
   then
-    chmod 755 /var/empty
-    chown system.system /var/empty
-  fi
-fi
-
-# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
-# the same as ${PREFIX}
-
-old_install=0
-if [ "${OLDPREFIX}" != "${PREFIX}" ]
-then
-  if [ -f "${OLDPREFIX}/sbin/sshd" ]
-  then
-    echo
-    echo "You seem to have an older installation in ${OLDPREFIX}."
-    echo
-    # Check if old global configuration files exist
-    if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
-    then
-      if request "Do you want to copy your config files to your new installation?"
-      then
-        cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
-        cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
-        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
-        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
-        cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
-        cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
-      fi
-    fi
-    if request "Do you want to erase your old installation?"
-    then
-      rm -f ${OLDPREFIX}/bin/ssh.exe
-      rm -f ${OLDPREFIX}/bin/ssh-config
-      rm -f ${OLDPREFIX}/bin/scp.exe
-      rm -f ${OLDPREFIX}/bin/ssh-add.exe
-      rm -f ${OLDPREFIX}/bin/ssh-agent.exe
-      rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
-      rm -f ${OLDPREFIX}/bin/slogin
-      rm -f ${OLDSYSCONFDIR}/ssh_host_key
-      rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
-      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
-      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
-      rm -f ${OLDSYSCONFDIR}/ssh_config
-      rm -f ${OLDSYSCONFDIR}/sshd_config
-      rm -f ${OLDPREFIX}/man/man1/ssh.1
-      rm -f ${OLDPREFIX}/man/man1/scp.1
-      rm -f ${OLDPREFIX}/man/man1/ssh-add.1
-      rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
-      rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
-      rm -f ${OLDPREFIX}/man/man1/slogin.1
-      rm -f ${OLDPREFIX}/man/man8/sshd.8
-      rm -f ${OLDPREFIX}/sbin/sshd.exe
-      rm -f ${OLDPREFIX}/sbin/sftp-server.exe
-    fi
-    old_install=1
+    chmod 755 ${LOCALSTATEDIR}/empty
   fi
 fi
 
@@ -255,52 +217,16 @@ then
   fi
 fi
 
-# Create default ssh_config from here script
+# Create default ssh_config from skeleton file in /etc/defaults/etc
 
 if [ ! -f "${SYSCONFDIR}/ssh_config" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_config file"
-  cat > ${SYSCONFDIR}/ssh_config << EOF
-# This is the ssh client system-wide configuration file.  See
-# ssh_config(5) for more information.  This file provides defaults for
-# users, and the values can be changed in per-user configuration files
-# or on the command line.
-
-# Configuration data is parsed as follows:
-#  1. command line options
-#  2. user-specific file
-#  3. system-wide file
-# Any configuration value is only changed the first time it is set.
-# Thus, host-specific definitions should be at the beginning of the
-# configuration file, and defaults at the end.
-
-# Site-wide defaults for various options
-
-# Host *
-#   ForwardAgent no
-#   ForwardX11 no
-#   RhostsRSAAuthentication no
-#   RSAAuthentication yes
-#   PasswordAuthentication yes
-#   HostbasedAuthentication no
-#   BatchMode no
-#   CheckHostIP yes
-#   AddressFamily any
-#   ConnectTimeout 0
-#   StrictHostKeyChecking ask
-#   IdentityFile ~/.ssh/identity
-#   IdentityFile ~/.ssh/id_dsa
-#   IdentityFile ~/.ssh/id_rsa
-#   Port 22
-#   Protocol 2,1
-#   Cipher 3des
-#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
-#   EscapeChar ~
-EOF
-  if [ "$port_number" != "22" ]
+  cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config
+  if [ "${port_number}" != "22" ]
   then
     echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
-    echo "    Port $port_number" >> ${SYSCONFDIR}/ssh_config
+    echo "    Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
   fi
 fi
 
@@ -322,35 +248,35 @@ fi
 
 # Prior to creating or modifying sshd_config, care for privilege separation
 
-if [ "$privsep_configured" != "yes" ]
+if [ "${privsep_configured}" != "yes" ]
 then
-  if [ $_nt -gt 0 ]
+  if [ ${_nt} -gt 0 ]
   then
     echo "Privilege separation is set to yes by default since OpenSSH 3.3."
     echo "However, this requires a non-privileged account called 'sshd'."
-    echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
+    echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
     echo
-    if request "Shall privilege separation be used?"
+    if request "Should privilege separation be used?"
     then
       privsep_used=yes
       grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
       net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
-      if [ "$sshd_in_passwd" != "yes" ]
+      if [ "${sshd_in_passwd}" != "yes" ]
       then
-        if [ "$sshd_in_sam" != "yes" ]
+        if [ "${sshd_in_sam}" != "yes" ]
         then
           echo "Warning: The following function requires administrator privileges!"
-          if request "Shall this script create a local user 'sshd' on this machine?"
+          if request "Should this script create a local user 'sshd' on this machine?"
           then
-            dos_var_empty=`cygpath -w /var/empty`
-            net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
-            if [ "$sshd_in_sam" != "yes" ]
+            dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
+            net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
+            if [ "${sshd_in_sam}" != "yes" ]
             then
               echo "Warning: Creating the user 'sshd' failed!"
             fi
           fi
         fi
-        if [ "$sshd_in_sam" != "yes" ]
+        if [ "${sshd_in_sam}" != "yes" ]
         then
           echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
           echo "         Privilege separation set to 'no' again!"
@@ -365,161 +291,85 @@ then
     fi
   else
     # On 9x don't use privilege separation.  Since security isn't
-    # available it just adds useless addtional processes.
+    # available it just adds useless additional processes.
     privsep_used=no
   fi
 fi
 
-# Create default sshd_config from here script or modify to add the
-# missing privsep configuration option
+# Create default sshd_config from skeleton files in /etc/defaults/etc or
+# modify to add the missing privsep configuration option
 
 if [ ! -f "${SYSCONFDIR}/sshd_config" ]
 then
   echo "Generating ${SYSCONFDIR}/sshd_config file"
-  cat > ${SYSCONFDIR}/sshd_config << EOF
-# This is the sshd server system-wide configuration file.  See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options change a
-# default value.
-
-Port $port_number
-#Protocol 2,1
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-# HostKey for protocol version 1
-#HostKey ${SYSCONFDIR}/ssh_host_key
-# HostKeys for protocol version 2
-#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
-#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
-
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 768
-
-# Logging
-#obsoletes QuietMode and FascistLogging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin yes
-# The following setting overrides permission checks on host key files
-# and directories. For security reasons set this to "yes" when running
-# NT/W2K, NTFS and CYGWIN=ntsec.
-StrictModes no
-
-#RSAAuthentication yes
-#PubkeyAuthentication yes
-#AuthorizedKeysFile     .ssh/authorized_keys
-
-# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
-
-#AllowTcpForwarding yes
-#GatewayPorts no
-#X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PrintMotd yes
-#PrintLastLog yes
-#KeepAlive yes
-#UseLogin no
-UsePrivilegeSeparation $privsep_used
-#PermitUserEnvironment no
-#Compression yes
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS yes
-#PidFile /var/run/sshd.pid
-#MaxStartups 10
-
-# no default banner path
-#Banner /some/path
-
-# override default of no subsystems
-Subsystem      sftp    /usr/sbin/sftp-server
-EOF
-elif [ "$privsep_configured" != "yes" ]
+  sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
+          s/^#Port 22/Port ${port_number}/
+          s/^#StrictModes yes/StrictModes no/" \
+      < ${SYSCONFDIR}/defaults/etc/sshd_config \
+      > ${SYSCONFDIR}/sshd_config
+elif [ "${privsep_configured}" != "yes" ]
 then
   echo >> ${SYSCONFDIR}/sshd_config
-  echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
+  echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
 fi
 
 # Care for services file
-if [ $_nt -gt 0 ]
+_my_etcdir="/ssh-host-config.$$"
+if [ ${_nt} -gt 0 ]
 then
-  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
-  _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
+  _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
+  _services="${_my_etcdir}/services"
+  # On NT, 27 spaces, no space after the hash
+  _spaces="                           #"
 else
-  _wservices="${WINDIR}\\SERVICES"
-  _wserv_tmp="${WINDIR}\\SERV.$$"
+  _win_etcdir="${WINDIR}"
+  _services="${_my_etcdir}/SERVICES"
+  # On 9x, 18 spaces (95 is very touchy), a space after the hash
+  _spaces="                  # "
 fi
-_services=`cygpath -u "${_wservices}"`
-_serv_tmp=`cygpath -u "${_wserv_tmp}"`
+_serv_tmp="${_my_etcdir}/srv.out.$$"
 
-mount -t -f "${_wservices}" "${_services}"
-mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
+mount -t -f "${_win_etcdir}" "${_my_etcdir}"
+
+# Depends on the above mount
+_wservices=`cygpath -w "${_services}"`
 
 # Remove sshd 22/port from services
 if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
 then
   grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
   if [ -f "${_serv_tmp}" ]
-  then 
+  then
     if mv "${_serv_tmp}" "${_services}"
     then
-      echo "Removing sshd from ${_services}"
+      echo "Removing sshd from ${_wservices}"
     else
-      echo "Removing sshd from ${_services} failed\!"
-    fi 
+      echo "Removing sshd from ${_wservices} failed!"
+    fi
     rm -f "${_serv_tmp}"
   else
-    echo "Removing sshd from ${_services} failed\!"
+    echo "Removing sshd from ${_wservices} failed!"
   fi
 fi
 
 # Add ssh 22/tcp  and ssh 22/udp to services
 if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
 then
-  awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp                           #SSH Remote Login Protocol\nssh                22/udp                           #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
-  if [ -f "${_serv_tmp}" ]
+  if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh                22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
   then
     if mv "${_serv_tmp}" "${_services}"
     then
-      echo "Added ssh to ${_services}"
+      echo "Added ssh to ${_wservices}"
     else
-      echo "Adding ssh to ${_services} failed\!"
+      echo "Adding ssh to ${_wservices} failed!"
     fi
     rm -f "${_serv_tmp}"
   else
-    echo "Adding ssh to ${_services} failed\!"
+    echo "WARNING: Adding ssh to ${_wservices} failed!"
   fi
 fi
 
-umount "${_services}"
-umount "${_serv_tmp}"
+umount "${_my_etcdir}"
 
 # Care for inetd.conf file
 _inetcnf="${SYSCONFDIR}/inetd.conf"
@@ -538,13 +388,13 @@ then
     then
       if mv "${_inetcnf_tmp}" "${_inetcnf}"
       then
-        echo "Removed sshd from ${_inetcnf}"
+        echo "Removed sshd from ${_inetcnf}"
       else
-        echo "Removing sshd from ${_inetcnf} failed\!"
+        echo "Removing sshd from ${_inetcnf} failed!"
       fi
       rm -f "${_inetcnf_tmp}"
     else
-      echo "Removing sshd from ${_inetcnf} failed\!"
+      echo "Removing sshd from ${_inetcnf} failed!"
     fi
   fi
 
@@ -562,34 +412,181 @@ then
 fi
 
 # On NT ask if sshd should be installed as service
-if [ $_nt -gt 0 ]
+if [ ${_nt} -gt 0 ]
 then
-  echo
-  echo "Do you want to install sshd as service?"
-  if request "(Say \"no\" if it's already installed as service)"
+  # But only if it is not already installed
+  if ! cygrunsrv -Q sshd > /dev/null 2>&1
   then
     echo
-    echo "Which value should the environment variable CYGWIN have when"
-    echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
-    echo "able to change user context without password."
-    echo -n "Default is \"binmode ntsec tty\".  CYGWIN="
-    read _cygwin
-    [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
-    if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
+    echo
+    echo "Warning: The following functions require administrator privileges!"
+    echo
+    echo "Do you want to install sshd as service?"
+    if request "(Say \"no\" if it's already installed as service)"
+    then
+      if [ $_nt2003 -gt 0 ]
+      then
+        grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes
+        if [ "${sshd_server_in_passwd}" = "yes" ]
+        then
+          # Drop sshd_server from passwd since it could have wrong settings
+          grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$
+          rm -f ${SYSCONFDIR}/passwd
+          mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd
+          chmod g-w,o-w ${SYSCONFDIR}/passwd
+        fi
+        net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes
+        if [ "${sshd_server_in_sam}" != "yes" ]
+        then
+          echo
+          echo "You appear to be running Windows 2003 Server or later.  On 2003 and"
+          echo "later systems, it's not possible to use the LocalSystem account"
+          echo "if sshd should allow passwordless logon (e. g. public key authentication)."
+          echo "If you want to enable that functionality, it's required to create a new"
+          echo "account 'sshd_server' with special privileges, which is then used to run"
+          echo "the sshd service under."
+          echo
+          echo "Should this script create a new local account 'sshd_server' which has"
+          if request "the required privileges?"
+          then
+            _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group`
+            if [ -z "${_admingroup}" ]
+            then
+              echo "There's no group with SID S-1-5-32-544 (Local administrators group) in"
+              echo "your ${SYSCONFDIR}/group file.  Please regenerate this entry using 'mkgroup -l'"
+              echo "and restart this script."
+              exit 1
+            fi
+            dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
+            while [ "${sshd_server_in_sam}" != "yes" ]
+            do
+              if [ -n "${password_value}" ]
+              then
+                _password="${password_value}"
+                # Allow to ask for password if first try fails
+                password_value=""
+              else
+                echo
+                echo "Please enter a password for new user 'sshd_server'.  Please be sure that"
+                echo "this password matches the password rules given on your system."
+                echo -n "Entering no password will exit the configuration.  PASSWORD="
+                read -e _password
+                if [ -z "${_password}" ]
+                then
+                  echo
+                  echo "Exiting configuration.  No user sshd_server has been created,"
+                  echo "no sshd service installed."
+                  exit 1
+                fi
+              fi
+              net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes
+              if [ "${sshd_server_in_sam}" != "yes" ]
+              then
+                echo "Creating the user 'sshd_server' failed!  Reason:"
+                cat /tmp/nu.$$
+                rm /tmp/nu.$$
+              fi
+            done
+            net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes
+            if [ "${sshd_server_in_admingroup}" != "yes" ]
+            then
+              echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!"
+              echo "Please add sshd_server to local group ${_admingroup} before"
+              echo "starting the sshd service!"
+              echo
+            fi
+            passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'`
+            if [ "${passwd_has_expiry_flags}" != "yes" ]
+            then
+              echo
+              echo "WARNING: User sshd_server has password expiry set to system default."
+              echo "Please check that password never expires or set it to your needs."
+            elif ! passwd -e sshd_server
+            then
+              echo
+              echo "WARNING: Setting password expiry for user sshd_server failed!"
+              echo "Please check that password never expires or set it to your needs."
+            fi
+            editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
+            editrights -a SeCreateTokenPrivilege -u sshd_server &&
+            editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
+            editrights -a SeDenyNetworkLogonRight -u sshd_server &&
+            editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
+            editrights -a SeIncreaseQuotaPrivilege -u sshd_server &&
+            editrights -a SeServiceLogonRight -u sshd_server &&
+            sshd_server_got_all_rights="yes"
+            if [ "${sshd_server_got_all_rights}" != "yes" ]
+            then
+              echo
+              echo "Assigning the appropriate privileges to user 'sshd_server' failed!"
+              echo "Can't create sshd service!"
+              exit 1
+            fi
+            echo
+            echo "User 'sshd_server' has been created with password '${_password}'."
+            echo "If you change the password, please keep in mind to change the password"
+            echo "for the sshd service, too."
+            echo
+            echo "Also keep in mind that the user sshd_server needs read permissions on all"
+            echo "users' .ssh/authorized_keys file to allow public key authentication for"
+            echo "these users!.  (Re-)running ssh-user-config for each user will set the"
+            echo "required permissions correctly."
+            echo
+          fi
+        fi
+        if [ "${sshd_server_in_sam}" = "yes" ]
+        then
+          mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
+        fi
+      fi
+      if [ -n "${cygwin_value}" ]
+      then
+        _cygwin="${cygwin_value}"
+      else
+        echo
+        echo "Which value should the environment variable CYGWIN have when"
+        echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
+        echo "able to change user context without password."
+        echo -n "Default is \"ntsec\".  CYGWIN="
+        read -e _cygwin
+      fi
+      [ -z "${_cygwin}" ] && _cygwin="ntsec"
+      if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
+      then
+        if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}"
+        then
+          echo
+          echo "The service has been installed under sshd_server account."
+          echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
+        fi
+      else
+        if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
+        then
+          echo
+          echo "The service has been installed under LocalSystem account."
+          echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
+        fi
+      fi
+    fi
+    # Now check if sshd has been successfully installed.  This allows to
+    # set the ownership of the affected files correctly.
+    if cygrunsrv -Q sshd > /dev/null 2>&1
     then
-      chown system ${SYSCONFDIR}/ssh*
-      echo
-      echo "The service has been installed under LocalSystem account."
+      if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
+      then
+        _user="sshd_server"
+      else
+        _user="system"
+      fi
+      chown "${_user}" ${SYSCONFDIR}/ssh*
+      chown "${_user}".544 ${LOCALSTATEDIR}/empty
+      if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+      then
+        chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
+      fi
     fi
   fi
 fi
 
-if [ "${old_install}" = "1" ]
-then
-  echo
-  echo "Note: If you have used sshd as service or from inetd, don't forget to"
-  echo "      change the path to sshd.exe in the service entry or in inetd.conf."
-fi
-
 echo
 echo "Host configuration finished. Have fun!"
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 4da113181..fe07ce360 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,9 +1,12 @@
 #!/bin/sh
 #
-# ssh-user-config, Copyright 2000, Red Hat Inc.
+# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
 progname=$0
 auto_answer=""
 auto_passphrase="no"
@@ -33,6 +36,15 @@ request()
   fi
 }
 
+# Check if running on NT
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
+# If running on NT, check if running under 2003 Server or later
+if [ $_nt -gt 0 ]
+then
+  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
+fi
+
 # Check options
 
 while :
@@ -84,27 +96,27 @@ done
 
 # Ask user if user identity should be generated
 
-if [ ! -f /etc/passwd ]
+if [ ! -f ${SYSCONFDIR}/passwd ]
 then
-  echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file'
+  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
   echo 'first using mkpasswd. Check if it contains an entry for you and'
   echo 'please care for the home directory in your entry as well.'
   exit 1
 fi
 
 uid=`id -u`
-pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd`
+pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`
 
 if [ "X${pwdhome}" = "X" ]
 then
-  echo 'There is no home directory set for you in /etc/passwd.'
+  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
   echo 'Setting $HOME is not sufficient!'
   exit 1
 fi
 
 if [ ! -d "${pwdhome}" ]
 then
-  echo "${pwdhome} is set in /etc/passwd as your home directory"
+  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
   echo 'but it is not a valid directory. Cannot create user identity files.'
   exit 1
 fi
@@ -114,7 +126,7 @@ fi
 if [ "X${pwdhome}" = "X/" ]
 then
   # But first raise a warning!
-  echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!'
+  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
   if request "Would you like to proceed anyway?"
   then
     pwdhome=''
@@ -123,6 +135,17 @@ then
   fi
 fi
 
+if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+then
+  echo
+  echo 'WARNING: group and other have been revoked write permission to your home'
+  echo "         directory ${pwdhome}."
+  echo '         This is required by OpenSSH to allow public key authentication using'
+  echo '         the key files stored in your .ssh subdirectory.'
+  echo '         Revert this change ONLY if you know what you are doing!'
+  echo
+fi
+
 if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
 then
   echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
@@ -139,6 +162,21 @@ then
   fi
 fi
 
+if [ $_nt -gt 0 ]
+then
+  _user="system"
+  if [ $_nt2003 -gt 0 ]
+  then
+    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
+  fi
+  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
+  then
+    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
+    echo "Please try to solve this problem first."
+    exit 1
+  fi
+fi
+
 if [ ! -f "${pwdhome}/.ssh/identity" ]
 then
   if request "Shall I create an SSH1 RSA identity file for you?"
@@ -196,5 +234,17 @@ then
   fi
 fi
 
+if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
+then
+  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+  then
+    echo
+    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+    echo "failed.  Please care for the correct permissions.  The minimum requirement"
+    echo "is, the owner and ${_user} both need read permissions."
+    echo
+  fi
+fi
+
 echo
 echo "Configuration finished. Have fun!"
diff --git a/contrib/findssl.sh b/contrib/findssl.sh
index 87a4abce2..0c08d4a18 100644
--- a/contrib/findssl.sh
+++ b/contrib/findssl.sh
@@ -9,24 +9,24 @@
 #       Written by Darren Tucker (dtucker at zip dot com dot au)
 #       This file is placed in the public domain.
 #
-# $Id: findssl.sh,v 1.1 2003/06/24 10:22:10 dtucker Exp $
+# $Id: findssl.sh,v 1.2 2003/11/21 12:48:56 djm Exp $
 #       2002-07-27: Initial release.
 #       2002-08-04: Added public domain notice.
 #       2003-06-24: Incorporated readme, set library paths. First cvs version.
 #
-# "OpenSSL headers do not match your library" are usually caused by 
+# "OpenSSL headers do not match your library" are usually caused by
 # OpenSSH's configure picking up an older version of OpenSSL headers
 # or libraries.  You can use the following # procedure to help identify
 # the cause.
-# 
+#
 # The  output  of  configure  will  tell you the versions of the OpenSSL
 # headers and libraries that were picked up, for example:
-# 
+#
 # checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
 # checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
 # checking whether OpenSSL's headers match the library... no
 # configure: error: Your OpenSSL headers do not match your library
-# 
+#
 # Now run findssl.sh. This should identify the headers and libraries
 # present  and  their  versions.  You  should  be  able  to identify the
 # libraries  and headers used and adjust your CFLAGS or remove incorrect
@@ -37,7 +37,7 @@
 # Searching for OpenSSL header files.
 # 0x0090604fL /usr/include/openssl/opensslv.h
 # 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
-# 
+#
 # Searching for OpenSSL shared library files.
 # 0x0090602fL /lib/libcrypto.so.0.9.6b
 # 0x0090602fL /lib/libcrypto.so.2
@@ -46,11 +46,11 @@
 # 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
 # 0x0090600fL /usr/lib/libcrypto.so.0.9.6
 # 0x0090600fL /usr/lib/libcrypto.so.1
-# 
+#
 # Searching for OpenSSL static library files.
 # 0x0090602fL /usr/lib/libcrypto.a
 # 0x0090604fL /usr/local/ssl/lib/libcrypto.a
-# 
+#
 # In  this  example, I gave configure no extra flags, so it's picking up
 # the  OpenSSL header from /usr/include/openssl (90604f) and the library
 # from /usr/lib/ (90602f).
diff --git a/contrib/gnome-ssh-askpass1.c b/contrib/gnome-ssh-askpass1.c
index b6b342b84..4d51032d1 100644
--- a/contrib/gnome-ssh-askpass1.c
+++ b/contrib/gnome-ssh-askpass1.c
@@ -23,14 +23,14 @@
  */
 
 /*
- * This is a simple GNOME SSH passphrase grabber. To use it, set the 
- * environment variable SSH_ASKPASS to point to the location of 
- * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
  *
  * There is only two run-time options: if you set the environment variable
  * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
- * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
- * pointer will be grabbed too. These may have some benefit to security if 
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
  * you don't trust your X server. We grab the keyboard always.
  */
 
@@ -87,7 +87,7 @@ passphrase_dialog(char *message)
                 }
 
         entry = gtk_entry_new();
-        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, 
+        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
             FALSE, 0);
         gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
         gtk_widget_grab_focus(entry);
@@ -105,7 +105,7 @@ passphrase_dialog(char *message)
         /* Grab focus */
         if (grab_server)
                 XGrabServer(GDK_DISPLAY());
-        if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, 
+        if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
             NULL, NULL, GDK_CURRENT_TIME))
                 goto nograb;
         if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
index 9e8eaf920..0ce8daec9 100644
--- a/contrib/gnome-ssh-askpass2.c
+++ b/contrib/gnome-ssh-askpass2.c
@@ -25,14 +25,14 @@
 /* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
 
 /*
- * This is a simple GNOME SSH passphrase grabber. To use it, set the 
- * environment variable SSH_ASKPASS to point to the location of 
- * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
  *
  * There is only two run-time options: if you set the environment variable
  * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
- * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
- * pointer will be grabbed too. These may have some benefit to security if 
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
  * you don't trust your X server. We grab the keyboard always.
  */
 
@@ -103,7 +103,7 @@ passphrase_dialog(char *message)
                                         message);
 
         entry = gtk_entry_new();
-        gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, 
+        gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
             FALSE, 0);
         gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
         gtk_widget_grab_focus(entry);
@@ -124,7 +124,7 @@ passphrase_dialog(char *message)
         if (grab_pointer) {
                 for(;;) {
                         status = gdk_pointer_grab(
-                           (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, 
+                           (GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
                            NULL, GDK_CURRENT_TIME);
                         if (status == GDK_GRAB_SUCCESS)
                                 break;
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index ce7c564c3..05750e3a9 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.7p1
+%define ver 3.8p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -34,6 +34,11 @@
 %{?skip_x11_askpass:%define no_x11_askpass 1}
 %{?skip_gnome_askpass:%define no_gnome_askpass 1}
 
+# Add option to build without GTK2 for older platforms with only GTK+.
+# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
+# rpm -ba|--rebuild --define 'no_gtk2 1'
+%{?no_gtk2:%define gtk2 0}
+
 # Is this a build for RHL 6.x or earlier?
 %{?build_6x:%define build6x 1}
 
@@ -176,6 +181,11 @@ environment.
 CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
 %endif
 
+%if %{kerberos5}
+K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
+echo K5DIR=$K5DIR
+%endif
+
 %configure \
         --sysconfdir=%{_sysconfdir}/ssh \
         --libexecdir=%{_libexecdir}/openssh \
@@ -185,16 +195,17 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
         --with-default-path=/usr/local/bin:/bin:/usr/bin \
         --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
         --with-privsep-path=%{_var}/empty/sshd \
+        --with-md5-passwords \
 %if %{scard}
         --with-smartcard \
 %endif
 %if %{rescue}
-        --without-pam --with-md5-passwords \
+        --without-pam \
 %else
         --with-pam \
 %endif
 %if %{kerberos5}
-         --with-kerberos5=/usr/kerberos \
+         --with-kerberos5=$K5DIR \
 %endif
 
 
@@ -392,7 +403,7 @@ fi
 
 %changelog
 * Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
-- Remove noip6 option. This may be controlled at run-time in client config 
+- Remove noip6 option. This may be controlled at run-time in client config
   file using new AddressFamily directive
 
 * Mon May 12 2003 Damien Miller <djm@mindrot.org>
@@ -552,7 +563,7 @@ fi
 
 * Sun Apr  8 2001 Preston Brown <pbrown@redhat.com>
 - remove explicit openssl requirement, fixes builddistro issue
-- make initscript stop() function wait until sshd really dead to avoid 
+- make initscript stop() function wait until sshd really dead to avoid
   races in condrestart
 
 * Mon Apr  2 2001 Nalin Dahyabhai <nalin@redhat.com>
diff --git a/contrib/solaris/README b/contrib/solaris/README
index 9b0a46e29..eb4c590f4 100755
--- a/contrib/solaris/README
+++ b/contrib/solaris/README
@@ -17,7 +17,7 @@ Directions:
 
 If all goes well you should have a solaris package ready to be installed.
 
-If you have any problems with this script please post them to 
+If you have any problems with this script please post them to
 openssh-unix-dev@mindrot.org and I will try to assist you as best as I can.
 
 - Ben Lindstrom
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
index c41b3f963..29d096306 100755
--- a/contrib/solaris/buildpkg.sh
+++ b/contrib/solaris/buildpkg.sh
@@ -5,7 +5,7 @@
 # The following code has been provide under Public Domain License.  I really
 # don't care what you use it for.  Just as long as you don't complain to me
 # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
-# 
+#
 umask 022
 #
 # Options for building the package
@@ -13,7 +13,7 @@ umask 022
 #
 # uncommenting TEST_DIR and using
 # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
-# and 
+# and
 # PKGNAME=tOpenSSH should allow testing a package without interfering
 # with a real OpenSSH package on a system. This is not needed on systems
 # that support the -R option to pkgadd.
@@ -23,9 +23,10 @@ SYSVINIT_NAME=opensshd
 MAKE=${MAKE:="make"}
 SSHDUID=67      # Default privsep uid
 SSHDGID=67      # Default privsep gid
-# uncomment these next two as needed
+# uncomment these next three as needed
 #PERMIT_ROOT_LOGIN=no
 #X11_FORWARDING=yes
+#USR_LOCAL_IS_SYMLINK=yes
 # list of system directories we do NOT want to change owner/group/perms
 # when installing our package
 SYSTEM_DIR="/etc        \
@@ -81,7 +82,7 @@ export PATH
 # we will look for config.local to override the above options
 [ -s ./config.local ]  &&  . ./config.local
 
-## Start by faking root install 
+## Start by faking root install
 echo "Faking root install..."
 START=`pwd`
 OPENSSHD_IN=`dirname $0`/opensshd.in
@@ -98,20 +99,20 @@ fi
 ## Fill in some details, like prefix and sysconfdir
 for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
 do
-        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
+        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
 done
 
 
 ## Collect value of privsep user
 for confvar in SSH_PRIVSEP_USER
 do
-        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
 done
 
 ## Set privsep defaults if not defined
 if [ -z "$SSH_PRIVSEP_USER" ]
 then
-        SSH_PRIVSEP_USER=sshd
+        SSH_PRIVSEP_USER=sshd
 fi
 
 ## Extract common info requires for the 'info' part of the package.
@@ -243,16 +244,16 @@ fi
 
 if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
 then
-        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
-        echo "or group."
+        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+        echo "or group."
 else
-        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
 
-        # create group if required
-        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-        then
-                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
-        else
+        # create group if required
+        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+        else
                 # Use gid of 67 if possible
                 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
                 then
@@ -260,15 +261,15 @@ else
                 else
                         sshdgid="-g $SSHDGID"
                 fi
-                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
-                \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
-        fi
-
-        # Create user if required
-        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-        then
-                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
-        else
+                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+                \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
+        fi
+
+        # Create user if required
+        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        else
                 # Use uid of 67 if possible
                 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
                 then
@@ -276,10 +277,10 @@ else
                 else
                         sshduid="-u $SSHDUID"
                 fi
-                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
                 \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
                 \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
-        fi
+        fi
 fi
 
 [ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
@@ -358,18 +359,24 @@ cat >mk-proto.awk << _EOF
             BEGIN { print "i pkginfo"; print "i preinstall"; \\
                     print "i postinstall"; print "i preremove"; \\
                     print "i request"; print "i space"; \\
-                    split("$SYSTEM_DIR",sys_files); }
+                    split("$SYSTEM_DIR",sys_files); }
             {
              for (dir in sys_files) { if ( \$3 != sys_files[dir] )
-                     { \$5="root"; \$6="sys"; }
-                else
-                     { \$4="?"; \$5="?"; \$6="?"; break;}
+                     { \$5="root"; \$6="sys"; }
+                else
+                     { \$4="?"; \$5="?"; \$6="?"; break;}
             } }
             { print; }
 _EOF
 find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
         pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
 
+# /usr/local is a symlink on some systems
+[ "${USR_LOCAL_IS_SYMLINK}" = yes ]  &&  {
+        grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
+        mv prototype.new prototype
+}
+
 ## Step back a directory and now build the package.
 echo "Building package.."
 cd ..
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
index 48b6c5702..50e18deea 100755
--- a/contrib/solaris/opensshd.in
+++ b/contrib/solaris/opensshd.in
@@ -22,24 +22,24 @@ HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
 
 checkkeys() {
     if [ ! -f $HOST_KEY_RSA1 ]; then
-        ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+        ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
     fi
     if [ ! -f $HOST_KEY_DSA ]; then
-        ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
+        ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
     fi
     if [ ! -f $HOST_KEY_RSA ]; then
-        ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
+        ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
     fi
 }
 
 stop_service() {
     if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
-        PID=`${CAT} ${PIDFILE}`
+        PID=`${CAT} ${PIDFILE}`
     fi
     if [  ${PID:=0} -gt 1 -a  ! "X$PID" = "X "  ]; then
-        ${KILL} ${PID}
+        ${KILL} ${PID}
     else
-        echo "Unable to read PID file"
+        echo "Unable to read PID file"
     fi
 }
 
@@ -55,8 +55,8 @@ start_service() {
 
     sshd_rc=$?
     if [ $sshd_rc -ne 0 ]; then
-        echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
-        exit $sshd_rc
+        echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
+        exit $sshd_rc
     fi
     echo done.
 }
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index ca7437bd6..7eb71adf4 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name: openssh
-Version: 3.7p1
+Version: 3.8p1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz
@@ -30,7 +30,7 @@ two untrusted hosts over an insecure network.  X11 connections and
 arbitrary TCP/IP ports can also be forwarded over the secure channel.
 
 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
-up to date in terms of security and features, as well as removing all 
+up to date in terms of security and features, as well as removing all
 patented algorithms to seperate libraries (OpenSSL).
 
 This package includes all files necessary for both the OpenSSH
@@ -100,8 +100,8 @@ make
 
 cd contrib
 gcc -O -g `gnome-config --cflags gnome gnomeui` \
-        gnome-ssh-askpass.c -o gnome-ssh-askpass \
-        `gnome-config --libs gnome gnomeui`
+        gnome-ssh-askpass.c -o gnome-ssh-askpass \
+        `gnome-config --libs gnome gnomeui`
 cd ..
 
 %install
@@ -140,34 +140,34 @@ else
   echo "  /var/adm/fillup-templates/rc.config.sshd"
 fi
 if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-        echo "Generating SSH host key..."
+        echo "Generating SSH host key..."
         /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
 fi
 if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-        echo "Generating SSH DSA host key..."
+        echo "Generating SSH DSA host key..."
         /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
 fi
 if test -r /var/run/sshd.pid
 then
-        echo "Restarting the running SSH daemon..."
+        echo "Restarting the running SSH daemon..."
         /usr/sbin/rcsshd restart >&2
 fi
 
 %preun
 if [ "$1" = 0 ]
 then
-        echo "Stopping the SSH daemon..."
+        echo "Stopping the SSH daemon..."
         /usr/sbin/rcsshd stop >&2
         echo "Removing SSH stop/start scripts from the rc directories..."
-        rm /sbin/init.d/rc2.d/K20sshd
-        rm /sbin/init.d/rc2.d/S20sshd
-        rm /sbin/init.d/rc3.d/K20sshd
-        rm /sbin/init.d/rc3.d/S20sshd
+        rm /sbin/init.d/rc2.d/K20sshd
+        rm /sbin/init.d/rc2.d/S20sshd
+        rm /sbin/init.d/rc3.d/K20sshd
+        rm /sbin/init.d/rc3.d/S20sshd
 fi
 
 %files
 %defattr(-,root,root)
-%doc ChangeLog OVERVIEW README* 
+%doc ChangeLog OVERVIEW README*
 %doc RFC.nroff TODO CREDITS LICENCE
 %attr(0755,root,root) %dir /etc/ssh
 %attr(0644,root,root) %config /etc/ssh/ssh_config
diff --git a/debian/changelog b/debian/changelog
index fce34d72b..b05e92200 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-openssh (1:3.7.1p2-1) UNRELEASED; urgency=low
+openssh (1:3.8p1-1) UNRELEASED; urgency=low
 
   * New upstream release (closes: #232281):
     - New PAM implementation based on that in FreeBSD. This runs PAM session
@@ -12,13 +12,11 @@ openssh (1:3.7.1p2-1) UNRELEASED; urgency=low
     than this, to maintain the standard Debian sshd configuration.
   * Comment out PAMAuthenticationViaKbdInt and RhostsAuthentication in
     sshd_config on upgrade. Neither option is supported any more.
+  * ServerAliveInterval implemented upstream, so ProtocolKeepAlives is now a
+    compatibility alias. The semantics differ slightly, though; see
+    ssh_config(5) for details.
   * Remove -fno-builtin-log, -DHAVE_MMAP_ANON_SHARED, and
     -D__FILE_OFFSET_BITS=64 compiler options, which are no longer necessary.
-  * Darren Tucker:
-    - Supply newlines in chauthtok PAM conversation function and in
-      accumulated PAM_TEXT_INFO and PAM_ERROR_MSG messages.
-    - Store output from pam_session and pam_setcred for display after login,
-      to fix problems with missing output from PAM session modules.
 
  -- Colin Watson <cjwatson@debian.org>  Tue, 23 Sep 2003 19:22:38 +0100
 
diff --git a/defines.h b/defines.h
index e662966fb..5e1cac7bc 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
-/* $Id: defines.h,v 1.103 2003/09/16 01:52:19 dtucker Exp $ */
+/* $Id: defines.h,v 1.110 2004/02/10 02:01:14 dtucker Exp $ */
 
 
 /* Constants */
@@ -84,7 +84,7 @@ enum
 # define S_ISDIR(mode)  (((mode) & (_S_IFMT)) == (_S_IFDIR))
 #endif /* S_ISDIR */
 
-#ifndef S_ISREG 
+#ifndef S_ISREG
 # define S_ISREG(mode)  (((mode) & (_S_IFMT)) == (_S_IFREG))
 #endif /* S_ISREG */
 
@@ -129,6 +129,10 @@ including rpc/rpc.h breaks Solaris 6
 #define INADDR_LOOPBACK ((u_long)0x7f000001)
 #endif
 
+#ifndef __unused
+#define __unused
+#endif
+
 /* Types */
 
 /* If sys/types.h does not supply intXX_t, supply them ourselves */
@@ -240,6 +244,7 @@ typedef unsigned char u_char;
 #ifndef HAVE_SIZE_T
 typedef unsigned int size_t;
 # define HAVE_SIZE_T
+# define SIZE_T_MAX UINT_MAX
 #endif /* HAVE_SIZE_T */
 
 #ifndef HAVE_SSIZE_T
@@ -529,6 +534,14 @@ struct winsize {
 #  define krb5_get_err_text(context,code) error_message(code)
 #endif
 
+/* Maximum number of file descriptors available */
+#ifdef HAVE_SYSCONF
+# define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX)
+#else
+# define SSH_SYSFDMAX 10000
+#endif
+
+
 /*
  * Define this to use pipes instead of socketpairs for communicating with the
  * client program.  Socketpairs do not seem to work on all systems.
@@ -572,6 +585,9 @@ struct winsize {
 #  endif
 #endif
 
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# define USE_SHADOW
+#endif
 
 /* The login() library function in libutil is first choice */
 #if defined(HAVE_LOGIN) && !defined(DISABLE_LOGIN)
diff --git a/dh.c b/dh.c
index 996428b7f..c7a3e18be 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $");
 
 #include "xmalloc.h"
 
@@ -198,7 +198,7 @@ dh_gen_key(DH *dh, int need)
 
         if (dh->p == NULL)
                 fatal("dh_gen_key: dh->p == NULL");
-        if (2*need >= BN_num_bits(dh->p))
+        if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p))
                 fatal("dh_gen_key: group too small: %d (2*need %d)",
                     BN_num_bits(dh->p), 2*need);
         do {
@@ -279,11 +279,9 @@ int
 dh_estimate(int bits)
 {
 
-        if (bits < 64)
-                return (512);   /* O(2**63) */
-        if (bits < 128)
+        if (bits <= 128)
                 return (1024);  /* O(2**86) */
-        if (bits < 192)
+        if (bits <= 192)
                 return (2048);  /* O(2**116) */
         return (4096);          /* O(2**156) */
 }
diff --git a/dns.c b/dns.c
index 90ab5601a..ad634f1f7 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $   */
+/*      $OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $     */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
 
 #include "includes.h"
 
-#ifdef DNS
 #include <openssl/bn.h>
 #ifdef LWRES
 #include <lwres/netdb.h>
@@ -44,7 +43,7 @@
 #include "uuencode.h"
 
 extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
+RCSID("$OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $");
 
 #ifndef LWRES
 static const char *errset_text[] = {
@@ -84,7 +83,7 @@ dns_result_totext(unsigned int error)
  */
 static int
 dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
-    u_char **digest, u_int *digest_len, Key *key)
+    u_char **digest, u_int *digest_len, const Key *key)
 {
         int success = 0;
 
@@ -146,16 +145,15 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
 
 /*
  * Verify the given hostname, address and host key using DNS.
- * Returns 0 if key verifies or -1 if key does NOT verify
+ * Returns 0 if lookup succeeds, -1 otherwise
  */
 int
 verify_host_key_dns(const char *hostname, struct sockaddr *address,
-    Key *hostkey)
+    const Key *hostkey, int *flags)
 {
         int counter;
         int result;
         struct rrsetinfo *fingerprints = NULL;
-        int failures = 0;
 
         u_int8_t hostkey_algorithm;
         u_int8_t hostkey_digest_type;
@@ -167,6 +165,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
         u_char *dnskey_digest;
         u_int dnskey_digest_len;
 
+        *flags = 0;
 
         debug3("verify_hostkey_dns");
         if (hostkey == NULL)
@@ -176,28 +175,29 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
             DNS_RDATATYPE_SSHFP, 0, &fingerprints);
         if (result) {
                 verbose("DNS lookup error: %s", dns_result_totext(result));
-                return DNS_VERIFY_ERROR;
+                return -1;
         }
 
-#ifdef DNSSEC
-        /* Only accept validated answers */
-        if (!fingerprints->rri_flags & RRSET_VALIDATED) {
-                error("Ignored unvalidated fingerprint from DNS.");
-                freerrset(fingerprints);
-                return DNS_VERIFY_ERROR;
+        if (fingerprints->rri_flags & RRSET_VALIDATED) {
+                *flags |= DNS_VERIFY_SECURE;
+                debug("found %d secure fingerprints in DNS",
+                    fingerprints->rri_nrdatas);
+        } else {
+                debug("found %d insecure fingerprints in DNS",
+                    fingerprints->rri_nrdatas);
         }
-#endif
-
-        debug("found %d fingerprints in DNS", fingerprints->rri_nrdatas);
 
         /* Initialize host key parameters */
         if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
             &hostkey_digest, &hostkey_digest_len, hostkey)) {
                 error("Error calculating host key fingerprint.");
                 freerrset(fingerprints);
-                return DNS_VERIFY_ERROR;
+                return -1;
         }
 
+        if (fingerprints->rri_nrdatas)
+                *flags |= DNS_VERIFY_FOUND;
+
         for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++)  {
                 /*
                  * Extract the key from the answer. Ignore any badly
@@ -219,35 +219,22 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
                             memcmp(hostkey_digest, dnskey_digest,
                             hostkey_digest_len) == 0) {
 
-                                /* Matching algoritm and digest. */
-                                freerrset(fingerprints);
-                                debug("matching host key fingerprint found in DNS");
-                                return DNS_VERIFY_OK;
-                        } else {
-                                /* Correct algorithm but bad digest */
-                                debug("verify_hostkey_dns: failed");
-                                failures++;
+                                *flags |= DNS_VERIFY_MATCH;
                         }
                 }
         }
 
         freerrset(fingerprints);
 
-        if (failures) {
-                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-                error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
-                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-                error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
-                error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
-                error("It is also possible that the %s host key has just been changed.",
-                    key_type(hostkey));
-                error("Please contact your system administrator.");
-                return DNS_VERIFY_FAILED;
-        }
-
-        debug("fingerprints found in DNS, but none of them matched");
+        if (*flags & DNS_VERIFY_FOUND)
+                if (*flags & DNS_VERIFY_MATCH)
+                        debug("matching host key fingerprint found in DNS");
+                else
+                        debug("mismatching host key fingerprint found in DNS");
+        else
+                debug("no host key fingerprint found in DNS");
 
-        return DNS_VERIFY_ERROR;
+        return 0;
 }
 
 
@@ -255,7 +242,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
  * Export the fingerprint of a key as a DNS resource record
  */
 int
-export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
+export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
 {
         u_int8_t rdata_pubkey_algorithm = 0;
         u_int8_t rdata_digest_type = SSHFP_HASH_SHA1;
@@ -286,5 +273,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
 
         return success;
 }
-
-#endif /* DNS */
diff --git a/dns.h b/dns.h
index ba0ea9fb4..c5da22ef6 100644
--- a/dns.h
+++ b/dns.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $   */
+/*      $OpenBSD: dns.h,v 1.5 2003/11/12 16:39:58 jakob Exp $   */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
 
 #include "includes.h"
 
-#ifdef DNS
 #ifndef DNS_H
 #define DNS_H
 
@@ -46,12 +45,12 @@ enum sshfp_hashes {
 #define DNS_RDATACLASS_IN       1
 #define DNS_RDATATYPE_SSHFP     44
 
-#define DNS_VERIFY_FAILED       -1
-#define DNS_VERIFY_OK           0
-#define DNS_VERIFY_ERROR        1
+#define DNS_VERIFY_FOUND        0x00000001
+#define DNS_VERIFY_MATCH        0x00000002
+#define DNS_VERIFY_SECURE       0x00000004
 
-int     verify_host_key_dns(const char *, struct sockaddr *, Key *);
-int     export_dns_rr(const char *, Key *, FILE *, int);
+
+int     verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *);
+int     export_dns_rr(const char *, const Key *, FILE *, int);
 
 #endif /* DNS_H */
-#endif /* DNS */
diff --git a/entropy.c b/entropy.c
index d7c7fdf6e..572e8cece 100644
--- a/entropy.c
+++ b/entropy.c
@@ -36,16 +36,16 @@
 
 /*
  * Portable OpenSSH PRNG seeding:
- * If OpenSSL has not "internally seeded" itself (e.g. pulled data from 
- * /dev/random), then we execute a "ssh-rand-helper" program which 
- * collects entropy and writes it to stdout. The child program must 
+ * If OpenSSL has not "internally seeded" itself (e.g. pulled data from
+ * /dev/random), then we execute a "ssh-rand-helper" program which
+ * collects entropy and writes it to stdout. The child program must
  * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr
  * attached, so error/debugging output should be visible.
  *
  * XXX: we should tell the child how many bytes we need.
  */
 
-RCSID("$Id: entropy.c,v 1.46 2003/08/25 01:16:21 mouring Exp $");
+RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $");
 
 #ifndef OPENSSL_PRNG_ONLY
 #define RANDOM_SEED_SIZE 48
@@ -86,16 +86,16 @@ seed_rng(void)
                 close(p[1]);
                 close(devnull);
 
-                if (original_uid != original_euid && 
-                    ( seteuid(getuid()) == -1 || 
+                if (original_uid != original_euid &&
+                    ( seteuid(getuid()) == -1 ||
                       setuid(original_uid) == -1) ) {
-                        fprintf(stderr, "(rand child) setuid(%li): %s\n", 
+                        fprintf(stderr, "(rand child) setuid(%li): %s\n",
                             (long int)original_uid, strerror(errno));
                         _exit(1);
                 }
-                
+
                 execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL);
-                fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", 
+                fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n",
                     SSH_RAND_HELPER, strerror(errno));
                 _exit(1);
         }
@@ -114,12 +114,12 @@ seed_rng(void)
         close(p[0]);
 
         if (waitpid(pid, &ret, 0) == -1)
-               fatal("Couldn't wait for ssh-rand-helper completion: %s", 
+               fatal("Couldn't wait for ssh-rand-helper completion: %s",
                    strerror(errno));
         signal(SIGCHLD, old_sigchld);
 
         /* We don't mind if the child exits upon a SIGPIPE */
-        if (!WIFEXITED(ret) && 
+        if (!WIFEXITED(ret) &&
             (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE))
                 fatal("ssh-rand-helper terminated abnormally");
         if (WEXITSTATUS(ret) != 0)
@@ -134,7 +134,7 @@ seed_rng(void)
 }
 
 void
-init_rng(void) 
+init_rng(void)
 {
 #if defined (DISABLED_BY_DEBIAN)
   /* drow: Is this check still too strict for Debian?  */
diff --git a/fatal.c b/fatal.c
index 9e7d16000..ae1aaac6e 100644
--- a/fatal.c
+++ b/fatal.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: fatal.c,v 1.1 2002/02/22 12:20:34 markus Exp $");
+RCSID("$OpenBSD: fatal.c,v 1.2 2003/09/23 20:17:11 markus Exp $");
 
 #include "log.h"
 
@@ -36,5 +36,5 @@ fatal(const char *fmt,...)
         va_start(args, fmt);
         do_log(SYSLOG_LEVEL_FATAL, fmt, args);
         va_end(args);
-        fatal_cleanup();
+        cleanup_exit(255);
 }
diff --git a/fixprogs b/fixprogs
index 61840cf81..af76ee392 100755
--- a/fixprogs
+++ b/fixprogs
@@ -65,7 +65,7 @@ foreach (@infile) {
       ($null, $null, $rate) = split(/,/, $ent[0]);
       $est = $rate / $entscale;         # scale the estimate back
     }
-  }    
+  }
   print OUT "\"$cmd\" $path $est\n";
 }
 
diff --git a/groupaccess.c b/groupaccess.c
index fbf794fc8..f50879f83 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -31,7 +31,7 @@ RCSID("$OpenBSD: groupaccess.c,v 1.6 2003/04/08 20:21:28 itojun Exp $");
 #include "log.h"
 
 static int ngroups;
-static char *groups_byname[NGROUPS_MAX + 1];    /* +1 for base/primary group */
+static char **groups_byname;
 
 /*
  * Initialize group access list for user with primary (base) and
@@ -40,19 +40,27 @@ static char *groups_byname[NGROUPS_MAX + 1];	/* +1 for base/primary group */
 int
 ga_init(const char *user, gid_t base)
 {
-        gid_t groups_bygid[NGROUPS_MAX + 1];
+        gid_t *groups_bygid;
         int i, j;
         struct group *gr;
 
         if (ngroups > 0)
                 ga_free();
 
-        ngroups = sizeof(groups_bygid) / sizeof(gid_t);
+        ngroups = NGROUPS_MAX;
+#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
+        ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
+#endif
+
+        groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
+        groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
+
         if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
                 logit("getgrouplist: groups list too small");
         for (i = 0, j = 0; i < ngroups; i++)
                 if ((gr = getgrgid(groups_bygid[i])) != NULL)
                         groups_byname[j++] = xstrdup(gr->gr_name);
+        xfree(groups_bygid);
         return (ngroups = j);
 }
 
@@ -84,5 +92,6 @@ ga_free(void)
                 for (i = 0; i < ngroups; i++)
                         xfree(groups_byname[i]);
                 ngroups = 0;
+                xfree(groups_byname);
         }
 }
diff --git a/gss-genr.c b/gss-genr.c
index bda12d6f1..3f5727b3e 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: gss-genr.c,v 1.1 2003/08/22 10:56:09 markus Exp $     */
+/*      $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $        */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -33,9 +33,12 @@
 #include "compat.h"
 #include "log.h"
 #include "monitor_wrap.h"
+#include "ssh2.h"
 
 #include "ssh-gss.h"
 
+extern u_char *session_id2;
+extern u_int session_id2_len;
 
 /* Check that the OID in a data stream matches that in the context */
 int
@@ -245,6 +248,28 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
 }
 
 OM_uint32
+ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+{
+        if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
+            GSS_C_QOP_DEFAULT, buffer, hash)))
+                ssh_gssapi_error(ctx);
+
+        return (ctx->major);
+}
+
+void
+ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+    const char *context)
+{
+        buffer_init(b);
+        buffer_put_string(b, session_id2, session_id2_len);
+        buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST);
+        buffer_put_cstring(b, user);
+        buffer_put_cstring(b, service);
+        buffer_put_cstring(b, context);
+}
+
+OM_uint32
 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
         if (*ctx)
                 ssh_gssapi_delete_ctx(ctx);
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index f48e09911..8ba3e7182 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $        */
+/*      $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $   */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -39,16 +39,20 @@
 extern ServerOptions options;
 
 #ifdef HEIMDAL
-#include <krb5.h>
+# include <krb5.h>
 #else
-#include <gssapi_krb5.h>
+# ifdef HAVE_GSSAPI_KRB5
+#  include <gssapi_krb5.h>
+# elif HAVE_GSSAPI_GSSAPI_KRB5
+#  include <gssapi/gssapi_krb5.h>
+# endif
 #endif
 
 static krb5_context krb_context = NULL;
 
 /* Initialise the krb5 library, for the stuff that GSSAPI won't do */
 
-static int 
+static int
 ssh_gssapi_krb5_init()
 {
         krb5_error_code problem;
@@ -108,6 +112,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         krb5_error_code problem;
         krb5_principal princ;
         OM_uint32 maj_status, min_status;
+        int len;
 
         if (client->creds == NULL) {
                 debug("No credentials stored");
@@ -127,10 +132,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         {
                 int tmpfd;
                 char ccname[40];
-    
-                snprintf(ccname, sizeof(ccname), 
+
+                snprintf(ccname, sizeof(ccname),
                     "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
-    
+
                 if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
                         logit("mkstemp(): %.100s", strerror(errno));
                         problem = errno;
@@ -151,7 +156,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         }
 #endif  /* #ifdef HEIMDAL */
 
-        if ((problem = krb5_parse_name(krb_context, 
+        if ((problem = krb5_parse_name(krb_context,
             client->exportedname.value, &princ))) {
                 logit("krb5_parse_name(): %.100s",
                     krb5_get_err_text(krb_context, problem));
@@ -169,7 +174,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 
         krb5_free_principal(krb_context, princ);
 
-        if ((maj_status = gss_krb5_copy_ccache(&min_status, 
+        if ((maj_status = gss_krb5_copy_ccache(&min_status,
             client->creds, ccache))) {
                 logit("gss_krb5_copy_ccache() failed");
                 krb5_cc_destroy(krb_context, ccache);
@@ -178,11 +183,13 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
 
         client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
         client->store.envvar = "KRB5CCNAME";
-        client->store.envval = xstrdup(client->store.filename);
+        len = strlen(client->store.filename) + 6;
+        client->store.envval = xmalloc(len);
+        snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
 
 #ifdef USE_PAM
         if (options.use_pam)
-                do_pam_putenv(client->store.envvar,client->store.envval);
+                do_pam_putenv(client->store.envvar, client->store.envval);
 #endif
 
         krb5_cc_close(krb_context, ccache);
diff --git a/gss-serv.c b/gss-serv.c
index 8fd1d63f0..de32a3f2e 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: gss-serv.c,v 1.3 2003/08/31 13:31:57 markus Exp $     */
+/*      $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $     */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -232,9 +232,9 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
         return (ctx->major);
 }
 
-/* As user - called through fatal cleanup hook */
+/* As user - called on fatal/exit */
 void
-ssh_gssapi_cleanup_creds(void *ignored)
+ssh_gssapi_cleanup_creds(void)
 {
         if (gssapi_client.store.filename != NULL) {
                 /* Unlink probably isn't sufficient */
@@ -249,8 +249,6 @@ ssh_gssapi_storecreds(void)
 {
         if (gssapi_client.mech && gssapi_client.mech->storecreds) {
                 (*gssapi_client.mech->storecreds)(&gssapi_client);
-                if (options.gss_cleanup_creds)
-                        fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL);
         } else
                 debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
 }
@@ -289,4 +287,14 @@ ssh_gssapi_userok(char *user)
         return (0);
 }
 
+/* Priviledged */
+OM_uint32
+ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+{
+        ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
+            gssbuf, gssmic, NULL);
+
+        return (ctx->major);
+}
+
 #endif
diff --git a/hostfile.c b/hostfile.c
index 42a8aa71d..88c054912 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.31 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $");
 
 #include "packet.h"
 #include "match.h"
@@ -72,7 +72,7 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
 }
 
 static int
-hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum)
+hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum)
 {
         if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL)
                 return 1;
@@ -98,7 +98,7 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i
 
 static HostStatus
 check_host_in_hostfile_by_key_or_type(const char *filename,
-    const char *host, Key *key, int keytype, Key *found, int *numret)
+    const char *host, const Key *key, int keytype, Key *found, int *numret)
 {
         FILE *f;
         char line[8192];
@@ -188,7 +188,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
 }
 
 HostStatus
-check_host_in_hostfile(const char *filename, const char *host, Key *key,
+check_host_in_hostfile(const char *filename, const char *host, const Key *key,
     Key *found, int *numret)
 {
         if (key == NULL)
@@ -211,7 +211,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
  */
 
 int
-add_host_to_hostfile(const char *filename, const char *host, Key *key)
+add_host_to_hostfile(const char *filename, const char *host, const Key *key)
 {
         FILE *f;
         int success = 0;
diff --git a/hostfile.h b/hostfile.h
index e3d116581..efcddc9f9 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $   */
+/*      $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $     */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,8 +20,8 @@ typedef enum {
 
 int      hostfile_read_key(char **, u_int *, Key *);
 HostStatus check_host_in_hostfile(const char *, const char *,
-            Key *, Key *, int *);
-int     add_host_to_hostfile(const char *, const char *, Key *);
+            const Key *, Key *, int *);
+int     add_host_to_hostfile(const char *, const char *, const Key *);
 int     lookup_key_in_hostfile_by_type(const char *, const char *,
             int, Key *, int *);
 
diff --git a/includes.h b/includes.h
index 033cd91fa..ca943c7e6 100644
--- a/includes.h
+++ b/includes.h
@@ -134,6 +134,12 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #ifdef HAVE_SYS_STRTIO_H
 #include <sys/strtio.h> /* for TIOCCBRK on HP-UX */
 #endif
+#if defined(HAVE_SYS_PTMS_H) && defined(HAVE_DEV_PTMX)
+# if defined(HAVE_SYS_STREAM_H)
+#  include <sys/stream.h>       /* reqd for queue_t on Solaris 2.5.1 */
+# endif
+#include <sys/ptms.h>   /* for grantpt() and friends */
+#endif
 
 #include <netinet/in_systm.h> /* For typedefs */
 #include <netinet/in.h> /* For IPv6 macros */
@@ -147,7 +153,11 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 # include <rpc/types.h> /* For INADDR_LOOPBACK */
 #endif
 #ifdef USE_PAM
+#if defined(HAVE_SECURITY_PAM_APPL_H)
 # include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+# include <pam/pam_appl.h>
+#endif
 #endif
 #ifdef HAVE_READPASSPHRASE_H
 # include <readpassphrase.h>
@@ -165,6 +175,11 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 # include <libutil.h> /* Openpty on FreeBSD at least */
 #endif
 
+#if defined(KRB5) && defined(USE_AFS)
+# include <krb5.h>
+# include <kafs.h>
+#endif
+
 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
 
 #include "defines.h"
diff --git a/install-sh b/install-sh
index e9de23842..220abbf61 100755
--- a/install-sh
+++ b/install-sh
@@ -125,7 +125,7 @@ if [ x"$dir_arg" != x ]; then
 else
 
 # Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
+# might cause directories to be created, which would be especially bad
 # if $src (and thus $dsttmp) contains '*'.
 
         if [ -f $src -o -d $src ]
@@ -180,7 +180,7 @@ while [ $# -ne 0 ] ; do
         shift
 
         if [ ! -d "${pathcomp}" ] ;
-        then
+        then
                 $mkdirprog "${pathcomp}"
         else
                 true
@@ -202,17 +202,17 @@ else
 
 # If we're going to rename the final executable, determine the name now.
 
-        if [ x"$transformarg" = x ] 
+        if [ x"$transformarg" = x ]
         then
                 dstfile=`basename $dst`
         else
-                dstfile=`basename $dst $transformbasename | 
+                dstfile=`basename $dst $transformbasename |
                         sed $transformarg`$transformbasename
         fi
 
 # don't allow the sed command to completely eliminate the filename
 
-        if [ x"$dstfile" = x ] 
+        if [ x"$dstfile" = x ]
         then
                 dstfile=`basename $dst`
         else
@@ -243,7 +243,7 @@ else
 # Now rename the file to the real destination.
 
         $doit $rmcmd -f $dstdir/$dstfile &&
-        $doit $mvcmd $dsttmp $dstdir/$dstfile 
+        $doit $mvcmd $dsttmp $dstdir/$dstfile
 
 fi &&
 
diff --git a/kex.c b/kex.c
index b070ccf42..5a952c9c2 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $");
 
 #include <openssl/crypto.h>
 
@@ -310,7 +310,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
         xfree(hostkeyalg);
 }
 
-static int 
+static int
 proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
 {
         static int check[] = {
@@ -392,7 +392,7 @@ kex_choose_conf(Kex *kex)
         kex->we_need = need;
 
         /* ignore the next message if the proposals do not match */
-        if (first_kex_follows && !proposals_match(my, peer) && 
+        if (first_kex_follows && !proposals_match(my, peer) &&
            !(datafellows & SSH_BUG_FIRSTKEX)) {
                 type = packet_read();
                 debug2("skipping next packet (type %u)", type);
diff --git a/kexgexc.c b/kexgexc.c
index f14ac44ca..0193183b9 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+RCSID("$OpenBSD: kexgexc.c,v 1.2 2003/12/08 11:00:47 markus Exp $");
 
 #include "xmalloc.h"
 #include "key.h"
@@ -49,16 +49,14 @@ kexgex_client(Kex *kex)
         nbits = dh_estimate(kex->we_need * 8);
 
         if (datafellows & SSH_OLD_DHGEX) {
-                debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
-
                 /* Old GEX request */
                 packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
                 packet_put_int(nbits);
                 min = DH_GRP_MIN;
                 max = DH_GRP_MAX;
-        } else {
-                debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
 
+                debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits);
+        } else {
                 /* New GEX request */
                 min = DH_GRP_MIN;
                 max = DH_GRP_MAX;
@@ -66,6 +64,9 @@ kexgex_client(Kex *kex)
                 packet_put_int(min);
                 packet_put_int(nbits);
                 packet_put_int(max);
+
+                debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent",
+                    min, nbits, max);
         }
 #ifdef DEBUG_KEXDH
         fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
diff --git a/key.c b/key.c
index 54318cbbf..323e6ff84 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $");
+RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/evp.h>
 
@@ -143,8 +143,9 @@ key_free(Key *k)
         }
         xfree(k);
 }
+
 int
-key_equal(Key *a, Key *b)
+key_equal(const Key *a, const Key *b)
 {
         if (a == NULL || b == NULL || a->type != b->type)
                 return 0;
@@ -170,7 +171,8 @@ key_equal(Key *a, Key *b)
 }
 
 u_char*
-key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
+key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+    u_int *dgst_raw_length)
 {
         const EVP_MD *md = NULL;
         EVP_MD_CTX ctx;
@@ -292,7 +294,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
 }
 
 char *
-key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
+key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
 {
         char *retval = NULL;
         u_char *dgst_raw;
@@ -490,7 +492,7 @@ key_read(Key *ret, char **cpp)
 }
 
 int
-key_write(Key *key, FILE *f)
+key_write(const Key *key, FILE *f)
 {
         int n, success = 0;
         u_int len, bits = 0;
@@ -522,8 +524,8 @@ key_write(Key *key, FILE *f)
         return success;
 }
 
-char *
-key_type(Key *k)
+const char *
+key_type(const Key *k)
 {
         switch (k->type) {
         case KEY_RSA1:
@@ -539,8 +541,8 @@ key_type(Key *k)
         return "unknown";
 }
 
-char *
-key_ssh_name(Key *k)
+const char *
+key_ssh_name(const Key *k)
 {
         switch (k->type) {
         case KEY_RSA:
@@ -554,7 +556,7 @@ key_ssh_name(Key *k)
 }
 
 u_int
-key_size(Key *k)
+key_size(const Key *k)
 {
         switch (k->type) {
         case KEY_RSA1:
@@ -611,7 +613,7 @@ key_generate(int type, u_int bits)
 }
 
 Key *
-key_from_private(Key *k)
+key_from_private(const Key *k)
 {
         Key *n = NULL;
         switch (k->type) {
@@ -676,7 +678,7 @@ key_names_valid2(const char *names)
 }
 
 Key *
-key_from_blob(u_char *blob, u_int blen)
+key_from_blob(const u_char *blob, u_int blen)
 {
         Buffer b;
         char *ktype;
@@ -726,7 +728,7 @@ key_from_blob(u_char *blob, u_int blen)
 }
 
 int
-key_to_blob(Key *key, u_char **blobp, u_int *lenp)
+key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
 {
         Buffer b;
         int len;
@@ -768,9 +770,9 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
 
 int
 key_sign(
-    Key *key,
+    const Key *key,
     u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+    const u_char *data, u_int datalen)
 {
         switch (key->type) {
         case KEY_DSA:
@@ -792,9 +794,9 @@ key_sign(
  */
 int
 key_verify(
-    Key *key,
-    u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+    const Key *key,
+    const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
         if (signaturelen == 0)
                 return -1;
@@ -815,7 +817,7 @@ key_verify(
 
 /* Converts a private to a public key */
 Key *
-key_demote(Key *k)
+key_demote(const Key *k)
 {
         Key *pk;
 
diff --git a/key.h b/key.h
index 28753fdfa..50df8500b 100644
--- a/key.h
+++ b/key.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */
+/*      $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $  */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,33 +55,33 @@ struct Key {
         DSA     *dsa;
 };
 
-Key     *key_new(int);
-Key     *key_new_private(int);
-void     key_free(Key *);
-Key     *key_demote(Key *);
-int      key_equal(Key *, Key *);
-char    *key_fingerprint(Key *, enum fp_type, enum fp_rep);
-u_char  *key_fingerprint_raw(Key *, enum fp_type, u_int *);
-char    *key_type(Key *);
-int      key_write(Key *, FILE *);
-int      key_read(Key *, char **);
-u_int    key_size(Key *);
+Key             *key_new(int);
+Key             *key_new_private(int);
+void             key_free(Key *);
+Key             *key_demote(const Key *);
+int              key_equal(const Key *, const Key *);
+char            *key_fingerprint(const Key *, enum fp_type, enum fp_rep);
+u_char          *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
+const char      *key_type(const Key *);
+int              key_write(const Key *, FILE *);
+int              key_read(Key *, char **);
+u_int            key_size(const Key *);
 
 Key     *key_generate(int, u_int);
-Key     *key_from_private(Key *);
+Key     *key_from_private(const Key *);
 int      key_type_from_name(char *);
 
-Key     *key_from_blob(u_char *, u_int);
-int      key_to_blob(Key *, u_char **, u_int *);
-char    *key_ssh_name(Key *);
-int      key_names_valid2(const char *);
+Key             *key_from_blob(const u_char *, u_int);
+int              key_to_blob(const Key *, u_char **, u_int *);
+const char      *key_ssh_name(const Key *);
+int              key_names_valid2(const char *);
 
-int      key_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int      key_verify(Key *, u_char *, u_int, u_char *, u_int);
+int      key_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 
-int      ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int      ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
-int      ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
-int      ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
+int      ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+int      ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
+int      ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
 
 #endif
diff --git a/log.c b/log.c
index 45affca13..dd9e9b802 100644
--- a/log.c
+++ b/log.c
@@ -34,7 +34,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.28 2003/05/24 09:02:22 djm Exp $");
+RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $");
 
 #include "log.h"
 #include "xmalloc.h"
@@ -184,83 +184,6 @@ debug3(const char *fmt,...)
         va_end(args);
 }
 
-/* Fatal cleanup */
-
-struct fatal_cleanup {
-        struct fatal_cleanup *next;
-        void (*proc) (void *);
-        void *context;
-};
-
-static struct fatal_cleanup *fatal_cleanups = NULL;
-
-/* Registers a cleanup function to be called by fatal() before exiting. */
-
-void
-fatal_add_cleanup(void (*proc) (void *), void *context)
-{
-        struct fatal_cleanup *cu;
-
-        cu = xmalloc(sizeof(*cu));
-        cu->proc = proc;
-        cu->context = context;
-        cu->next = fatal_cleanups;
-        fatal_cleanups = cu;
-}
-
-/* Removes a cleanup frunction to be called at fatal(). */
-
-void
-fatal_remove_cleanup(void (*proc) (void *context), void *context)
-{
-        struct fatal_cleanup **cup, *cu;
-
-        for (cup = &fatal_cleanups; *cup; cup = &cu->next) {
-                cu = *cup;
-                if (cu->proc == proc && cu->context == context) {
-                        *cup = cu->next;
-                        xfree(cu);
-                        return;
-                }
-        }
-        fatal("fatal_remove_cleanup: no such cleanup function: 0x%lx 0x%lx",
-            (u_long) proc, (u_long) context);
-}
-
-/* Remove all cleanups, to be called after fork() */
-void
-fatal_remove_all_cleanups(void)
-{
-        struct fatal_cleanup *cu, *next_cu;
-
-        for (cu = fatal_cleanups; cu; cu = next_cu) {
-                next_cu = cu->next;
-                xfree(cu);
-        }
-        fatal_cleanups = NULL;
-}
-
-/* Cleanup and exit */
-void
-fatal_cleanup(void)
-{
-        struct fatal_cleanup *cu, *next_cu;
-        static int called = 0;
-
-        if (called)
-                exit(255);
-        called = 1;
-        /* Call cleanup functions. */
-        for (cu = fatal_cleanups; cu; cu = next_cu) {
-                next_cu = cu->next;
-                debug("Calling cleanup 0x%lx(0x%lx)",
-                    (u_long) cu->proc, (u_long) cu->context);
-                (*cu->proc) (cu->context);
-        }
-        exit(255);
-}
-
-
 /*
  * Initialize the log.
  */
@@ -344,7 +267,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
 void
 do_log(LogLevel level, const char *fmt, va_list args)
 {
-#ifdef OPENLOG_R
+#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
         struct syslog_data sdata = SYSLOG_DATA_INIT;
 #endif
         char msgbuf[MSGBUFSIZ];
@@ -400,7 +323,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
                 snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
                 write(STDERR_FILENO, msgbuf, strlen(msgbuf));
         } else {
-#ifdef OPENLOG_R
+#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
                 openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
                 syslog_r(pri, &sdata, "%.500s", fmtbuf);
                 closelog_r(&sdata);
diff --git a/log.h b/log.h
index 5c0402b52..14700be9c 100644
--- a/log.h
+++ b/log.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: log.h,v 1.9 2003/04/08 20:21:28 itojun Exp $  */
+/*      $OpenBSD: log.h,v 1.10 2003/09/23 20:17:11 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -62,11 +62,6 @@ void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
 void     debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
 void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
 
-void     fatal_cleanup(void);
-void     fatal_add_cleanup(void (*) (void *), void *);
-void     fatal_remove_cleanup(void (*) (void *), void *);
-void     fatal_remove_all_cleanups(void);
-
 void     do_log(LogLevel, const char *, va_list);
-
+void     cleanup_exit(int);
 #endif
diff --git a/loginrec.c b/loginrec.c
index bdac3e959..71dbaea15 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -158,7 +158,7 @@
 #include "log.h"
 #include "atomicio.h"
 
-RCSID("$Id: loginrec.c,v 1.52 2003/07/06 05:20:46 dtucker Exp $");
+RCSID("$Id: loginrec.c,v 1.54 2004/02/10 05:49:35 dtucker Exp $");
 
 #ifdef HAVE_UTIL_H
 #  include <util.h>
@@ -442,7 +442,7 @@ login_write (struct logininfo *li)
 int
 login_utmp_only(struct logininfo *li)
 {
-        li->type = LTYPE_LOGIN; 
+        li->type = LTYPE_LOGIN;
         login_set_current_time(li);
 # ifdef USE_UTMP
         utmp_write_entry(li);
@@ -1183,6 +1183,7 @@ wtmp_get_entry(struct logininfo *li)
 static int
 wtmpx_write(struct logininfo *li, struct utmpx *utx)
 {
+#ifndef HAVE_UPDWTMPX
         struct stat buf;
         int fd, ret = 1;
 
@@ -1202,6 +1203,10 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx)
         (void)close(fd);
 
         return ret;
+#else
+        updwtmpx(WTMPX_FILE, utx);
+        return 1;
+#endif
 }
 
 
@@ -1534,7 +1539,7 @@ lastlog_get_entry(struct logininfo *li)
                 lastlog_populate_entry(li, &last);
                 return (1);
         case -1:
-                error("%s: Error reading from %s: %s", __func__, 
+                error("%s: Error reading from %s: %s", __func__,
                     LASTLOG_FILE, strerror(errno));
                 return (0);
         default:
diff --git a/mac.c b/mac.c
index ab9a03d84..097f0b93b 100644
--- a/mac.c
+++ b/mac.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: mac.c,v 1.5 2002/05/16 22:02:50 markus Exp $");
+RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
 
 #include <openssl/hmac.h>
 
@@ -77,7 +77,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
 
         if (mac->key == NULL)
                 fatal("mac_compute: no key");
-        if (mac->mac_len > sizeof(m))
+        if ((u_int)mac->mac_len > sizeof(m))
                 fatal("mac_compute: mac too long");
         HMAC_Init(&c, mac->key, mac->key_len, mac->md);
         PUT_32BIT(b, seqno);
diff --git a/md5crypt.c b/md5crypt.c
index e14d53ac1..8f2523e62 100644
--- a/md5crypt.c
+++ b/md5crypt.c
@@ -1,9 +1,9 @@
 /*
  * ----------------------------------------------------------------------------
  * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this 
- * notice you can do whatever you want with this stuff. If we meet some 
- * day, and you think this stuff is worth it, you can buy me a beer in 
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this
+ * notice you can do whatever you want with this stuff. If we meet some
+ * day, and you think this stuff is worth it, you can buy me a beer in
  * return.   Poul-Henning Kamp
  * ----------------------------------------------------------------------------
  */
@@ -13,7 +13,7 @@
 #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
 #include <openssl/md5.h>
 
-RCSID("$Id: md5crypt.c,v 1.7 2003/05/30 06:58:23 dtucker Exp $");
+RCSID("$Id: md5crypt.c,v 1.9 2003/11/21 12:56:47 djm Exp $");
 
 /* 0 ... 63 => ascii - 64 */
 static unsigned char itoa64[] =
@@ -35,7 +35,7 @@ to64(unsigned long v, int n)
                 *s++ = itoa64[v&0x3f];
                 v >>= 6;
         }
-        
+
         return (buf);
 }
 
diff --git a/mdoc2man.awk b/mdoc2man.awk
index 856e2d7c5..9135af07e 100644
--- a/mdoc2man.awk
+++ b/mdoc2man.awk
@@ -76,19 +76,19 @@ function add(str) {
       skip=1
       ext=1
       if(length(line)&&!(match(line," $")||prenl))
-        add(OFS)
+        add(OFS)
     } else if(match(words[w],"^Xc$")) {
       skip=1
       ext=0
       if(!extopt)
-        prenl++
+        prenl++
       w=nwords
     } else if(match(words[w],"^Bd$")) {
       skip=1
       if(match(words[w+1],"-literal")) {
-        literal=1
-        prenl++
-        w=nwords
+        literal=1
+        prenl++
+        w=nwords
       }
     } else if(match(words[w],"^Ed$")) {
       skip=1
@@ -96,7 +96,7 @@ function add(str) {
     } else if(match(words[w],"^Ns$")) {
       skip=1
       if(!nospace)
-        nospace=1
+        nospace=1
       sub(" $","",line)
     } else if(match(words[w],"^No$")) {
       skip=1
@@ -107,20 +107,20 @@ function add(str) {
       add("``")
       add(words[++w])
       while(w<nwords&&!match(words[w+1],"^[\\.,]"))
-        add(OFS words[++w])
+        add(OFS words[++w])
       add("''")
       if(!nospace&&match(words[w+1],"^[\\.,]"))
-        nospace=1
+        nospace=1
     } else if(match(words[w],"^Sq|Ql$")) {
       skip=1
       add("`" words[++w] "'")
       if(!nospace&&match(words[w+1],"^[\\.,]"))
-        nospace=1
+        nospace=1
     } else if(match(words[w],"^Oo$")) {
       skip=1
       extopt=1
       if(!nospace)
-        nospace=1
+        nospace=1
       add("[")
     } else if(match(words[w],"^Oc$")) {
       skip=1
@@ -129,9 +129,9 @@ function add(str) {
     }
     if(!skip) {
       if(!nospace&&length(line)&&!(match(line," $")||prenl))
-        add(OFS)
+        add(OFS)
       if(nospace==1)
-        nospace=0
+        nospace=0
     }
     if(match(words[w],"^Dd$")) {
       date=wtail()
@@ -158,69 +158,69 @@ function add(str) {
     } else if(match(words[w],"^Re$")) {
       prenl++
       for(i=nrefauthors-1;i>0;i--) {
-        add(refauthors[i])
-        if(i>1)
-          add(", ")
+        add(refauthors[i])
+        if(i>1)
+          add(", ")
       }
       if(nrefauthors>1)
-        add(" and ")
+        add(" and ")
       add(refauthors[0] ", \\fI" reftitle "\\fP")
       if(length(refissue))
-        add(", " refissue)
+        add(", " refissue)
       if(length(refdate))
-        add(", " refdate)
+        add(", " refdate)
       if(length(refopt))
-        add(", " refopt)
+        add(", " refopt)
       add(".")
       reference=0
     } else if(reference) {
       if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() }
       if(match(words[w],"^%T$")) {
-        reftitle=wtail()
-        sub("^\"","",reftitle)
-        sub("\"$","",reftitle)
+        reftitle=wtail()
+        sub("^\"","",reftitle)
+        sub("\"$","",reftitle)
       }
       if(match(words[w],"^%N$")) { refissue=wtail() }
       if(match(words[w],"^%D$")) { refdate=wtail() }
       if(match(words[w],"^%O$")) { refopt=wtail() }
     } else if(match(words[w],"^Nm$")) {
       if(synopsis) {
-        add(".br")
-        prenl++
+        add(".br")
+        prenl++
       }
       n=words[++w]
       if(!length(name))
-        name=n
+        name=n
       if(!length(n))
-        n=name
+        n=name
       add("\\fB" n "\\fP")
       if(!nospace&&match(words[w+1],"^[\\.,]"))
-        nospace=1
+        nospace=1
     } else if(match(words[w],"^Nd$")) {
       add("\\- " wtail())
     } else if(match(words[w],"^Fl$")) {
       add("\\fB\\-" words[++w] "\\fP")
       if(!nospace&&match(words[w+1],"^[\\.,]"))
-        nospace=1
+        nospace=1
     } else if(match(words[w],"^Ar$")) {
       add("\\fI")
       if(w==nwords)
-        add("file ...\\fP")
+        add("file ...\\fP")
       else {
-        add(words[++w] "\\fP")
-        while(match(words[w+1],"^\\|$"))
-          add(OFS words[++w] " \\fI" words[++w] "\\fP")
+        add(words[++w] "\\fP")
+        while(match(words[w+1],"^\\|$"))
+          add(OFS words[++w] " \\fI" words[++w] "\\fP")
       }
       if(!nospace&&match(words[w+1],"^[\\.,]"))
-        nospace=1
+        nospace=1
     } else if(match(words[w],"^Cm$")) {
       add("\\fB" words[++w] "\\fP")
       while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
-        add(words[++w])
+        add(words[++w])
     } else if(match(words[w],"^Op$")) {
       option=1
       if(!nospace)
-        nospace=1
+        nospace=1
       add("[")
     } else if(match(words[w],"^Pp$")) {
       prenl++
@@ -232,10 +232,10 @@ function add(str) {
       add("\\fI")
       w++
       if(match(words[w],"^\\."))
-        add("\\&")
+        add("\\&")
       add(words[w] "\\fP")
       while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
-        add(words[++w])
+        add(words[++w])
     } else if(match(words[w],"^Dv$")) {
       add(".BR")
     } else if(match(words[w],"^Em|Ev$")) {
@@ -254,69 +254,69 @@ function add(str) {
       plain=1
       add("\\fB")
       while(w<nwords) {
-        w++
-        if(match(words[w],"^Op$")) {
-          w++
-          add("[")
-          words[nwords]=words[nwords] "]"
-        }
-        if(match(words[w],"^Ar$")) {
-          add("\\fI" words[++w] "\\fP")
-        } else if(match(words[w],"^[\\.,]")) {
-          sub(" $","",line)
-          if(plain) {
-            add("\\fP")
-            plain=0
-          }
-          add(words[w])
-        } else {
-          if(!plain) {
-            add("\\fB")
-            plain=1
-          }
-          add(words[w])
-        }
-        if(!nospace)
-          add(OFS)
+        w++
+        if(match(words[w],"^Op$")) {
+          w++
+          add("[")
+          words[nwords]=words[nwords] "]"
+        }
+        if(match(words[w],"^Ar$")) {
+          add("\\fI" words[++w] "\\fP")
+        } else if(match(words[w],"^[\\.,]")) {
+          sub(" $","",line)
+          if(plain) {
+            add("\\fP")
+            plain=0
+          }
+          add(words[w])
+        } else {
+          if(!plain) {
+            add("\\fB")
+            plain=1
+          }
+          add(words[w])
+        }
+        if(!nospace)
+          add(OFS)
       }
       sub(" $","",line)
       if(plain)
-        add("\\fP")
+        add("\\fP")
     } else if(match(words[w],"^Bl$")) {
       oldoptlist=optlist
       if(match(words[w+1],"-bullet"))
-        optlist=1
+        optlist=1
       else if(match(words[w+1],"-enum")) {
-        optlist=2
-        enum=0
+        optlist=2
+        enum=0
       } else if(match(words[w+1],"-tag"))
-        optlist=3
+        optlist=3
       else if(match(words[w+1],"-item"))
-        optlist=4
+        optlist=4
       else if(match(words[w+1],"-bullet"))
-        optlist=1
+        optlist=1
       w=nwords
     } else if(match(words[w],"^El$")) {
       optlist=oldoptlist
     } else if(match(words[w],"^It$")&&optlist) {
       if(optlist==1)
-        add(".IP \\(bu")
+        add(".IP \\(bu")
       else if(optlist==2)
-        add(".IP " ++enum ".")
+        add(".IP " ++enum ".")
       else if(optlist==3) {
-        add(".TP")
-        prenl++
-        if(match(words[w+1],"^Pa|Ev$")) {
-          add(".B")
-          w++
-        }
+        add(".TP")
+        prenl++
+        if(match(words[w+1],"^Pa|Ev$")) {
+          add(".B")
+          w++
+        }
       } else if(optlist==4)
-        add(".IP")
+        add(".IP")
     } else if(match(words[w],"^Sm$")) {
       if(match(words[w+1],"off"))
-        nospace=2
+        nospace=2
       else if(match(words[w+1],"on"))
-        nospace=0
+        nospace=0
       w++
     } else if(!skip) {
       add(words[w])
diff --git a/misc.c b/misc.c
index c457a952c..1f320353e 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.21 2003/04/12 10:15:36 markus Exp $");
+RCSID("$OpenBSD: misc.c,v 1.23 2003/10/28 09:08:06 markus Exp $");
 
 #include "misc.h"
 #include "log.h"
@@ -97,7 +97,7 @@ set_nodelay(int fd)
 
         optlen = sizeof opt;
         if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
-                error("getsockopt TCP_NODELAY: %.100s", strerror(errno));
+                debug("getsockopt TCP_NODELAY: %.100s", strerror(errno));
                 return;
         }
         if (opt == 1) {
@@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...)
 {
         va_list ap;
         char buf[1024];
+        int nalloc;
 
         va_start(ap, fmt);
         vsnprintf(buf, sizeof(buf), fmt, ap);
         va_end(ap);
 
+        nalloc = args->nalloc;
         if (args->list == NULL) {
-                args->nalloc = 32;
+                nalloc = 32;
                 args->num = 0;
-        } else if (args->num+2 >= args->nalloc)
-                args->nalloc *= 2;
+        } else if (args->num+2 >= nalloc)
+                nalloc *= 2;
 
-        args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
+        args->list = xrealloc(args->list, nalloc * sizeof(char *));
+        args->nalloc = nalloc;
         args->list[args->num++] = xstrdup(buf);
         args->list[args->num] = NULL;
 }
diff --git a/mkinstalldirs b/mkinstalldirs
index 614ef33d8..47d5f43fe 100755
--- a/mkinstalldirs
+++ b/mkinstalldirs
@@ -4,7 +4,7 @@
 # Created: 1993-05-16
 # Public domain
 
-# $Id: mkinstalldirs,v 1.1 2000/05/20 05:33:45 damien Exp $
+# $Id: mkinstalldirs,v 1.2 2003/11/21 12:48:55 djm Exp $
 
 errstatus=0
 
@@ -22,13 +22,13 @@ do
      esac
 
      if test ! -d "$pathcomp"; then
-        echo "mkdir $pathcomp"
+        echo "mkdir $pathcomp"
 
-        mkdir "$pathcomp" || lasterr=$?
+        mkdir "$pathcomp" || lasterr=$?
 
-        if test ! -d "$pathcomp"; then
-          errstatus=$lasterr
-        fi
+        if test ! -d "$pathcomp"; then
+          errstatus=$lasterr
+        fi
      fi
 
      pathcomp="$pathcomp/"
diff --git a/moduli b/moduli
index 6b94e2e23..52639d336 100644
--- a/moduli
+++ b/moduli
@@ -1,158 +1,186 @@
-#       $OpenBSD: moduli,v 1.1 2001/06/22 22:07:54 provos Exp $
+#       $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $
 
 # Time Type Tests Tries Size Generator Modulus
-20010328182134 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449C221CB
-20010328182222 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449C95A43
-20010328182256 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449CC8CFB
-20010328182409 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449D9BDB7
-20010328182628 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449FB6EF3
-20010328182708 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A000153
-20010328182758 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A06E9EB
-20010328182946 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A1F2C93
-20010328183015 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A206ADB
-20010328183112 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A2A109B
-20010328183143 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A2BC1BB
-20010328183301 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A3ADCEB
-20010328183532 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A5E8BAF
-20010328183646 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A6D54D7
-20010328183712 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A6EC46F
-20010328184223 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AB8626F
-20010328184337 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AC7DC73
-20010328184634 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AEFF073
-20010328184714 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AF594FF
-20010328184807 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AFEEC53
-20010328184910 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B0B3513
-20010328185030 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B165707
-20010328185334 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B3A9673
-20010328185423 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B426623
-20010328185451 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B4427DB
-20010328185637 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B5E3FC7
-20010328185720 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B65964B
-20010328185757 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B6A9373
-20010328185844 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B7203B3
-20010328185933 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B7A9FFF
-20010328190006 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B7DAAD3
-20010328190054 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B855C2F
-20010328190139 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B8C53EB
-20010328190304 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B9F26C3
-20010328190329 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BA00697
-20010328190412 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BA54313
-20010328190506 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BAEEF27
-20010328190550 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BB5CE0B
-20010328200734 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC33395187
-20010328201124 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC334ED15B
-20010328201358 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3359FC07
-20010328201537 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC335F7A83
-20010328201829 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC336D1433
-20010328202120 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC337B253B
-20010328202848 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC33A3D43F
-20010328203335 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC33BF24A3
-20010328204332 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC34011B8B
-20010328204443 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3402A92F
-20010328204617 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3406D343
-20010328205458 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3436FA2B
-20010328210413 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3471CF1B
-20010328213513 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC352AF5EF
-20010328215014 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC358CC3CB
-20010328215520 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35A9B7FF
-20010328215733 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35B2927F
-20010328220114 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35C47323
-20010328220334 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35CFA9C3
-20010328220653 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35E0BB37
-20010328220915 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35E9CC23
-20010328221256 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35FD7D67
-20010328221457 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC36052CCB
-20010328222639 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC364A1E07
-20010328224126 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC36AD5557
-20010328225125 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC36EE57BF
-20010328225751 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3716A70B
-20010328225943 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC371D010B
-20010328230054 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC371EB5C7
-20010328230301 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC37275F4B
-20010328230628 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3738C3F3
-20010329000424 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853ACAACAB
-20010329001637 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853AE5BE0F
-20010329002229 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853AEDE2D3
-20010329003652 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853B0F32CB
-20010329005040 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853B30E503
-20010329014643 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853BC9AF57
-20010329021950 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853C205263
-20010329023256 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853C3F2E53
-20010329031049 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853CA28BBF
-20010329032045 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853CB81103
-20010329052113 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853DF13B47
-20010329052449 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853DF3ED53
-20010329060404 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853E5D25E7
-20010329062856 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853E9CF013
-20010329063152 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853E9E1CEB
-20010329070601 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853EF58B7F
-20010329071302 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F017697
-20010329072011 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F0E72D3
-20010329072445 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F14CE17
-20010329073641 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F2EEBA3
-20010329075209 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F52E927
-20010329080750 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F776F8B
-20010329084002 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853FC98043
-20010329084744 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853FD7EAAF
-20010329090209 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853FF9AF5F
-20010329093527 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385404E330B
-20010329094652 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938540672D1F
-20010329103445 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938540E4B213
-20010329111418 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993854144947F
-20010329112031 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385414F223B
-20010329112413 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938541522073
-20010329114209 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385417C8E53
-20010329125026 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385422E41AB
-20010329132045 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385427DD3FF
-20010329134105 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938542AFA2D7
-20010329134914 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938542C04A37
-20010403222140 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0AB16DAF
-20010403225231 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0AC56CFF
-20010404053436 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0C2F4B7F
-20010404092851 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D04E7F7
-20010404093943 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D07794B
-20010404102659 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D2BE8CF
-20010404112553 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D5D012B
-20010404174625 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0EA59E17
-20010404184645 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0ED6DA4F
-20010404193402 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0EFB39B3
-20010404230716 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0FB07C1B
-20010405044433 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B10DD9FC3
-20010405053429 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B11038737
-20010405062826 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B112E24E7
-20010405092601 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B11C9E9FB
-20010405113007 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B123803EB
-20010405122212 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B12612ED3
-20010405182035 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B13A25087
-20010405210758 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B142C4E23
-20010405220222 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B145878F3
-20010406020130 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B152AF6AB
-20010406053538 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B15E78C8B
-20010406073014 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1649BFEF
-20010406074100 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B164D4E3F
-20010406103625 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B16E07B33
-20010406131946 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B17706243
-20010406170234 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B182FD957
-20010406182949 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B18768903
-20010406203157 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B18DCFC3B
-20010407022825 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1A1AF797
-20010407071024 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1B1551E7
-20010407112402 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1BF78EC7
-20010407123215 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1C30021B
-20010407161504 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1CF27743
-20010407171629 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1D25FAD7
-20010407191502 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1D8C2753
-20010420002705 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10C1E08F3
-20010420005243 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10C219FB3
-20010420035225 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10C660B3F
-20010420145749 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10D741313
-20010420205718 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10DD41193
-20010420232458 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10E0AB4EF
-20010421003952 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10E22F857
-20010421013245 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10E31828B
-20010421085157 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10EE28B2B
-20010421092617 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10EE97A3B
-20010421135621 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10F52C463
-20010422012438 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C110627AF3
-20010422042530 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C110A793B3
-20010422163438 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C111D2A227
+20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB
+20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7
+20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97
+20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7
+20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B
+20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3
+20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3
+20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB
+20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383
+20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F
+20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B
+20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F
+20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B
+20031210005548 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB235892F3
+20031210005700 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB236C3F03
+20031210005841 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB238BC713
+20031210010040 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23B466C3
+20031210010119 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23BB1F8B
+20031210010313 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E03DDB
+20031210010335 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23E130AB
+20031210010422 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23EA20A3
+20031210010500 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23F1807B
+20031210010628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2409DC07
+20031210010759 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2425487F
+20031210010906 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24397A3F
+20031210010945 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2440ABF7
+20031210011017 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2445C00B
+20031210011059 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB244E4EBF
+20031210011158 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB245E056B
+20031210011340 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24808F43
+20031210011408 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24834C0B
+20031210011517 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2495148B
+20031210011632 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB24A89B27
+20031210014802 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D3B9DD3
+20031210015017 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D463D83
+20031210015524 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D68288B
+20031210015701 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D6C64C3
+20031210020258 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772D94316B
+20031210022106 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E1F8453
+20031210022738 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E4BDAC7
+20031210022948 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E5541E7
+20031210023056 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E56464B
+20031210023414 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E695C8B
+20031210024039 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772E939ABF
+20031210024457 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EAE295B
+20031210024630 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EB2BDFB
+20031210025118 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772ED059DB
+20031210025540 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772EECB4D3
+20031210025956 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F043973
+20031210030256 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F134903
+20031210030415 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F15B5EB
+20031210030717 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F25BF3B
+20031210030826 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F2670D7
+20031210031055 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F31E5F3
+20031210031311 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F3BFE2B
+20031210032243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F83082B
+20031210032437 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F898187
+20031210032703 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772F95718B
+20031210032953 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA3F5CB
+20031210033059 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FA48FEB
+20031210033247 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FAA6267
+20031210033633 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FC1BE7B
+20031210034313 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF18FA7
+20031210034507 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A772FF84977
+20031210035121 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730233FBF
+20031210035813 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773054E8F3
+20031210035955 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730597847
+20031210040259 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77306A1B57
+20031210040704 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308258FB
+20031210040913 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A77308A63F7
+20031210042047 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DEEF8F
+20031210042156 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730DFE787
+20031210042511 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7730F1D3CB
+20031210042907 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A773107039B
+20031210043815 2 6 100 1535 5 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731492E37
+20031210045243 2 6 100 1535 2 FB54DC620BB7A5C2A28520E9FFC81958D7A76156412B647E9FCC729F84553FFB4428705868631244E0F804376D5F434C76608B93626D3AA169360C9DD40DFA3429F2E53AA4014730B49FFB6CCBC7FF9D0C391341610280598F7F8EE4E4F956683C59A740C7AB17A5C628694D4C36E6D6A54629822059ACD4C7C8C860262E7CBD04196BB41E7D194C91CFAB58353072EA09390E795733510D69D1267376B2FFA7BA2C88028820012DC84F6F250D88D1B6B44E22FCCDCDD3A3EC654A7731AB1953
+20031210054833 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C0B0F8B
+20031210055609 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1C1CF773
+20031210065401 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1CDD973F
+20031210071146 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D11D9FB
+20031210071754 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D1ED47B
+20031210072552 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D32CE4F
+20031210073644 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D4EC983
+20031210074309 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D5D4F07
+20031210075517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1D7DE133
+20031210081718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1DC395C3
+20031210084322 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E1A5567
+20031210085218 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E3127AB
+20031210090542 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1E586AD7
+20031210093920 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1EC6C9D3
+20031210100616 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F19C713
+20031210103627 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F7B82B3
+20031210104559 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F95C2EF
+20031210104836 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1F969EAF
+20031210110201 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FBEA0DF
+20031210111610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE4C70B
+20031210111837 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE50DBB
+20031210112215 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F1FE964FF
+20031210124102 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F20F33023
+20031210125610 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21208AFB
+20031210130630 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F213CBA8B
+20031210132517 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21754843
+20031210132855 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2179D39B
+20031210140211 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F21E6E73B
+20031210141340 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22068817
+20031210143133 2 6 100 2047 5 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F223D6017
+20031210143812 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F224A70F3
+20031210150410 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22A24CFB
+20031210153131 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F22FAA253
+20031210153718 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F23071C7B
+20031210154203 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F230FFC0B
+20031210161808 2 6 100 2047 2 EEFD0DF9B60CBF61DDBA3364F8B6254256FC2DF3211B1D80F4556816C5D629B0A40228861BEE7B4497444DD9375EF7E8997BB7294C6AA097A1E5AD47DB72C14956898FD11CA292ED76215E09D8067835150928D5F09267B29214159C0CB695EECC90E05C0E21374ED6F04759B3F0E162EE2CFBC8259BC1A1F28C809700E1F3ECBA24A99A78BCCC6E776348705837F86A2B4A34DB592753468905179802788F52C337E0187F69C30D52C99546290D09154EAFEE72F9CA32A989AA45AD68220539A6AA302AEA4DCCCE7E6FCF6DEE57440A4511B4BAF5B4832D27247FDED231168413B12A0E1147A5706C56238788A7707463452E1254F2503BA197756F2383B65B
+20031210185714 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061924F36F3
+20031210204537 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C04AB3
+20031210205604 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C3734B
+20031210210523 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306192C58A0B
+20031210233701 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193680D03
+20031211013125 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306193E1DD73
+20031211052015 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306194DA94E3
+20031211064439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619531A017
+20031211074935 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195731BAB
+20031211081053 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306195830BAB
+20031211123240 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306196A4C097
+20031211160831 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061978B740B
+20031211195847 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619889E1B3
+20031211201456 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619892ED83
+20031211221441 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619910A74B
+20031211223303 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061991D35CB
+20031211235558 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199712CCB
+20031212005818 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A306199AE96DB
+20031212033251 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619A50DDD3
+20031212053332 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619AB31B57
+20031212084926 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619B8949F7
+20031212130319 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619C84A1A3
+20031212192346 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E1B24BB
+20031212210042 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619E7F37FB
+20031213002102 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A30619F59BABB
+20031213061439 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A0D9208F
+20031213071620 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A115D66F
+20031213072644 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1186097
+20031213090613 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A17DACC7
+20031213110037 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A1F577E7
+20031213113226 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2113AC3
+20031213120232 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A22A232B
+20031213121926 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A23443D3
+20031213130353 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A25D51E7
+20031213143149 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2B63CBB
+20031213153322 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A2F05FC7
+20031213180906 2 6 100 3071 2 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A39439A3
+20031213183520 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3A7705F
+20031213192228 2 6 100 3071 5 DBB2151A52F948EE950BE096B2B7C2A260C5BBE57C02EC432FA6E2025306FE486F77352C63622A8F40A65ECD815737C9837C7803980D25CBFAA3438A1BA8A7D41F214A836AB31A067B5813967059AE75B73358FE33930E7B9BEE4149CD71A9234F9E7C35C5097456E2BF17F748E70FB2AB12BC9D75C1BB024CCEA7556384034A22840352DA1CF6EB9E09FA6C5B6317A74DF67318935850079364F06665282743B45E0ABE6866867FB13BE2A082F604E0BA399215A072CE818104A53F37D08F0373CE7DBBF4EBCEFF05349A025A7DD06D5E79205CD74919862E06BFD15990391BBBA75BD27A36C422165AA6CA14F6A1AA5CEB6D862456C7BDA91982DF12D159B859248A9159B935635199498628871815BF0C9F0706265988F9ABB278CBBB941A07E46A713D8F2C10E174C3E4138C3C125BF582359E4D6C3773609C9D6293C22C620AAAE50EF3BDFA3B97D802993BFE0E7BE01FAB3F3E8CE4A2454E5A01E2C08DE17D9D5B9F76D8466FBA22A14C11CA5C7E678514FD72B3DF3D0A3061A3D2DEA7
+20031213125532 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8050C3B
+20031213125653 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923E8EB2F2B
+20031213125813 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAB66F4B
+20031213125934 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EAFE508B
+20031213130055 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EB96812B
+20031213130217 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBB738CB
+20031213130337 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EBDB337F
+20031213130458 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECA8B62B
+20031213130619 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ECBCE443
+20031213130740 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED1637DB
+20031213130901 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923ED3EA08F
+20031213131021 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EDC96C6B
+20031213131142 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923EEB92FCF
+20031213131303 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F2D2CCF3
+20031213131424 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F6C89BBB
+20031213131545 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F7962EDB
+20031213131706 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F85A4767
+20031213131827 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F8A196C7
+20031213131947 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923F94500EF
+20031213132108 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FAF467BF
+20031213132229 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB5A7803
+20031213132350 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FB7D5467
+20031213132511 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FC4A16D7
+20031213132632 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FEEDC36F
+20031213132752 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9923FFA077EF
+20031213132913 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400725B7B
+20031213133034 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992400728FFB
+20031213133155 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924011CFA13
+20031213133316 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240165703F
+20031213133436 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA99240166BA7B
+20031213133557 2 6 200 4095 5 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA9924018E41B7
+20031213133718 2 6 200 4095 2 CE96240B0B5684D9E281FDA07D5B6C316E14C7AE83913F86D13CAD2546F93B533D15629D4B3E2C76753C5ABCC29A8FB610CA1C3EB1014B0FD8209C330FFF6EB8A562474B7D387E3F8074FA29D0B58BAD5E6967A0AD667C41D41E1241669431F865C57E9EEB00E69BEB1D18C3B940810324B394FAB8F75B27A9B4E7972F07B4916A6A3D50F0445024697155382BF1AD14F90F8BAB7E9D3CCBAE6CD84E488A98770A8C64943582C6D2BB529511945ABA146115273EB6BD718B62FEBFCD503FB56E8D4262E17DC5CE1A9B1D3E8FFA5CE0B825498BC6254DA9CC69DDF7AD9BA582AB8F812C4DE3228C88C5640BAEF5F62B7C039588D6CD7F694F039507AA3AAF4FB368A3712230FFC05B66A14C7003E2AD6A938D544B8B9908C4536F945AC4BDB1CA623F2826A25CA16B39730C9FE940A8642EB35088ED341BE768C10B152C8A65D32E4DBE68764E6B2ABDE6824088B6BE258D7E3AEA155CB919E1C500CDCEE435515CF09575F75551C16FBA0F3AEDE0AABA544E89A58E4C34E255EAAFD8F65340DAA55E3ED8AB903FE188416340ACE15D36F9CEDE379CC3586E6D320F72AA310A1B0A781D06B7418A50525105FA749306AC59A788D6866B7DDD0F4C059BA6CEE43FAD5AD2A362B9DE1C57324ADE8B5B46C6B1DDABD82F0670F7A4DA869F204EFB27EA7E049BC7D6CFD2071682C894161922A99108EB3BB8922113BA992402C07A93
diff --git a/moduli.c b/moduli.c
index eb2c0fd18..a09073aed 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.1 2003/07/28 09:49:56 djm Exp $ */
+/* $OpenBSD: moduli.c,v 1.5 2003/12/22 09:16:57 djm Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -44,15 +44,6 @@
 
 #include <openssl/bn.h>
 
-
-/*
- * Debugging defines 
- */
-
-/* define DEBUG_LARGE 1 */
-/* define DEBUG_SMALL 1 */
-/* define DEBUG_TEST  1 */
-
 /*
  * File output defines
  */
@@ -81,9 +72,10 @@
 #define QTEST_JACOBI            (0x08)
 #define QTEST_ELLIPTIC          (0x10)
 
-/* Size: decimal.
+/*
+ * Size: decimal.
  * Specifies the number of the most significant bit (0 to M).
- ** WARNING: internally, usually 1 to N.
+ * WARNING: internally, usually 1 to N.
  */
 #define QSIZE_MINIMUM           (511)
 
@@ -151,7 +143,7 @@ qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries,
 
         time(&time_now);
         gtm = gmtime(&time_now);
-        
+
         res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ",
             gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday,
             gtm->tm_hour, gtm->tm_min, gtm->tm_sec,
@@ -178,7 +170,7 @@ sieve_large(u_int32_t s)
 {
         u_int32_t r, u;
 
-        debug2("sieve_large %u", s);
+        debug3("sieve_large %u", s);
         largetries++;
         /* r = largebase mod s */
         r = BN_mod_word(largebase, s);
@@ -244,9 +236,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
         largememory = memory;
 
         /*
-         * Set power to the length in bits of the prime to be generated.
-         * This is changed to 1 less than the desired safe prime moduli p.
-         */
+         * Set power to the length in bits of the prime to be generated.
+         * This is changed to 1 less than the desired safe prime moduli p.
+         */
         if (power > TEST_MAXIMUM) {
                 error("Too many bits: %u > %lu", power, TEST_MAXIMUM);
                 return (-1);
@@ -257,16 +249,16 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
         power--; /* decrement before squaring */
 
         /*
-         * The density of ordinary primes is on the order of 1/bits, so the
-         * density of safe primes should be about (1/bits)**2. Set test range
-         * to something well above bits**2 to be reasonably sure (but not
-         * guaranteed) of catching at least one safe prime.
+         * The density of ordinary primes is on the order of 1/bits, so the
+         * density of safe primes should be about (1/bits)**2. Set test range
+         * to something well above bits**2 to be reasonably sure (but not
+         * guaranteed) of catching at least one safe prime.
          */
         largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER));
 
         /*
-         * Need idea of how much memory is available. We don't have to use all
-         * of it.
+         * Need idea of how much memory is available. We don't have to use all
+         * of it.
          */
         if (largememory > LARGE_MAXIMUM) {
                 logit("Limited memory: %u MB; limit %lu MB",
@@ -315,8 +307,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
         q = BN_new();
 
         /*
-         * Generate random starting point for subprime search, or use
-         * specified parameter.
+         * Generate random starting point for subprime search, or use
+         * specified parameter.
          */
         largebase = BN_new();
         if (start == NULL)
@@ -329,13 +321,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
 
         time(&time_start);
 
-        logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), 
+        logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start),
             largenumbers, power);
         debug2("start point: 0x%s", BN_bn2hex(largebase));
 
         /*
-         * TinySieve
-         */
+         * TinySieve
+         */
         for (i = 0; i < tinybits; i++) {
                 if (BIT_TEST(TinySieve, i))
                         continue; /* 2*i+3 is composite */
@@ -351,9 +343,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
         }
 
         /*
-         * Start the small block search at the next possible prime. To avoid
-         * fencepost errors, the last pass is skipped.
-         */
+         * Start the small block search at the next possible prime. To avoid
+         * fencepost errors, the last pass is skipped.
+         */
         for (smallbase = TINY_NUMBER + 3;
              smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
              smallbase += TINY_NUMBER) {
@@ -386,8 +378,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
                 }
 
                 /*
-                 * SmallSieve
-                 */
+                 * SmallSieve
+                 */
                 for (i = 0; i < smallbits; i++) {
                         if (BIT_TEST(SmallSieve, i))
                                 continue; /* 2*i+smallbase is composite */
@@ -438,7 +430,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
  * The result is a list of so-call "safe" primes
  */
 int
-prime_test(FILE *in, FILE *out, u_int32_t trials, 
+prime_test(FILE *in, FILE *out, u_int32_t trials,
     u_int32_t generator_wanted)
 {
         BIGNUM *q, *p, *a;
@@ -483,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         debug2("%10u: known composite", count_in);
                         continue;
                 }
+
                 /* tries */
                 in_tries = strtoul(cp, &cp, 10);
 
@@ -507,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         in_size += 1;
                         generator_known = 0;
                         break;
-                default:
+                case QTYPE_UNSTRUCTURED:
+                case QTYPE_SAFE:
+                case QTYPE_SCHNOOR:
+                case QTYPE_STRONG:
+                case QTYPE_UNKNOWN:
                         debug2("%10u: (%u)", count_in, in_type);
                         a = p;
                         BN_hex2bn(&a, cp);
                         /* q = (p-1) / 2 */
                         BN_rshift(q, p, 1);
                         break;
+                default:
+                        debug2("Unknown prime type");
+                        break;
                 }
 
                 /*
@@ -533,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         in_tries += trials;
                 else
                         in_tries = trials;
+
                 /*
                  * guess unknown generator
                  */
@@ -544,9 +545,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         else {
                                 u_int32_t r = BN_mod_word(p, 10);
 
-                                if (r == 3 || r == 7) {
+                                if (r == 3 || r == 7)
                                         generator_known = 5;
-                                }
                         }
                 }
                 /*
@@ -559,30 +559,39 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                         continue;
                 }
 
+                /*
+                 * Primes with no known generator are useless for DH, so
+                 * skip those.
+                 */
+                if (generator_known == 0) {
+                        debug2("%10u: no known generator", count_in);
+                        continue;
+                }
+
                 count_possible++;
 
                 /*
-                 * The (1/4)^N performance bound on Miller-Rabin is 
-                 * extremely pessimistic, so don't spend a lot of time 
-                 * really verifying that q is prime until after we know 
-                 * that p is also prime. A single pass will weed out the 
+                 * The (1/4)^N performance bound on Miller-Rabin is
+                 * extremely pessimistic, so don't spend a lot of time
+                 * really verifying that q is prime until after we know
+                 * that p is also prime. A single pass will weed out the
                  * vast majority of composite q's.
                  */
                 if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
-                        debug2("%10u: q failed first possible prime test",
+                        debug("%10u: q failed first possible prime test",
                             count_in);
                         continue;
                 }
-        
+
                 /*
-                 * q is possibly prime, so go ahead and really make sure 
-                 * that p is prime. If it is, then we can go back and do 
-                 * the same for q. If p is composite, chances are that 
+                 * q is possibly prime, so go ahead and really make sure
+                 * that p is prime. If it is, then we can go back and do
+                 * the same for q. If p is composite, chances are that
                  * will show up on the first Rabin-Miller iteration so it
                  * doesn't hurt to specify a high iteration count.
                  */
                 if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
-                        debug2("%10u: p is not prime", count_in);
+                        debug("%10u: p is not prime", count_in);
                         continue;
                 }
                 debug("%10u: p is almost certainly prime", count_in);
@@ -594,7 +603,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
                 }
                 debug("%10u: q is almost certainly prime", count_in);
 
-                if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), 
+                if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
                     in_tries, in_size, generator_known, p)) {
                         res = -1;
                         break;
@@ -610,7 +619,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials,
         BN_CTX_free(ctx);
 
         logit("%.24s Found %u safe primes of %u candidates in %ld seconds",
-            ctime(&time_stop), count_out, count_possible, 
+            ctime(&time_stop), count_out, count_possible,
             (long) (time_stop - time_start));
 
         return (res);
diff --git a/monitor.c b/monitor.c
index e5656470d..009dcf182 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.49 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $");
 
 #include <openssl/dh.h>
 
@@ -134,6 +134,7 @@ int mm_answer_pam_free_ctx(int, Buffer *);
 int mm_answer_gss_setup_ctx(int, Buffer *);
 int mm_answer_gss_accept_ctx(int, Buffer *);
 int mm_answer_gss_userok(int, Buffer *);
+int mm_answer_gss_checkmic(int, Buffer *);
 #endif
 
 static Authctxt *authctxt;
@@ -193,6 +194,7 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+    {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
 #endif
     {0, 0, NULL}
 };
@@ -272,14 +274,17 @@ monitor_permit_authentications(int permit)
         }
 }
 
-Authctxt *
-monitor_child_preauth(struct monitor *pmonitor)
+void
+monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 {
         struct mon_table *ent;
         int authenticated = 0;
 
         debug3("preauth child monitor started");
 
+        authctxt = _authctxt;
+        memset(authctxt, 0, sizeof(*authctxt));
+
         if (compat20) {
                 mon_dispatch = mon_dispatch_proto20;
 
@@ -292,8 +297,6 @@ monitor_child_preauth(struct monitor *pmonitor)
                 monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
         }
 
-        authctxt = authctxt_new();
-
         /* The first few requests do not require asynchronous access */
         while (!authenticated) {
                 authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
@@ -306,11 +309,11 @@ monitor_child_preauth(struct monitor *pmonitor)
                                 authenticated = 0;
 #ifdef USE_PAM
                         /* PAM needs to perform account checks after auth */
-                        if (options.use_pam) {
+                        if (options.use_pam && authenticated) {
                                 Buffer m;
 
                                 buffer_init(&m);
-                                mm_request_receive_expect(pmonitor->m_sendfd, 
+                                mm_request_receive_expect(pmonitor->m_sendfd,
                                     MONITOR_REQ_PAM_ACCOUNT, &m);
                                 authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
                                 buffer_free(&m);
@@ -333,8 +336,6 @@ monitor_child_preauth(struct monitor *pmonitor)
             __func__, authctxt->user);
 
         mm_get_keystate(pmonitor);
-
-        return (authctxt);
 }
 
 static void
@@ -566,6 +567,7 @@ mm_answer_pwnamallow(int socket, Buffer *m)
 
         if (pwent == NULL) {
                 buffer_put_char(m, 0);
+                authctxt->pw = fakepw();
                 goto out;
         }
 
@@ -781,7 +783,7 @@ int
 mm_answer_pam_start(int socket, Buffer *m)
 {
         char *user;
-        
+
         if (!options.use_pam)
                 fatal("UsePAM not set, but ended up in %s anyway", __func__);
 
@@ -800,7 +802,7 @@ int
 mm_answer_pam_account(int socket, Buffer *m)
 {
         u_int ret;
-        
+
         if (!options.use_pam)
                 fatal("UsePAM not set, but ended up in %s anyway", __func__);
 
@@ -947,7 +949,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
 
         debug3("%s: key_from_blob: %p", __func__, key);
 
-        if (key != NULL && authctxt->pw != NULL) {
+        if (key != NULL && authctxt->valid) {
                 switch(type) {
                 case MM_USERKEY:
                         allowed = options.pubkey_authentication &&
@@ -1185,7 +1187,7 @@ mm_record_login(Session *s, struct passwd *pw)
                 if (getpeername(packet_get_connection_in(),
                         (struct sockaddr *) & from, &fromlen) < 0) {
                         debug("getpeername: %.100s", strerror(errno));
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 }
         }
         /* Record that there was a login on that tty from the remote host. */
@@ -1200,7 +1202,6 @@ mm_session_close(Session *s)
         debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
         if (s->ttyfd != -1) {
                 debug3("%s: tty %s ptyfd %d",  __func__, s->tty, s->ptyfd);
-                fatal_remove_cleanup(session_pty_cleanup2, (void *)s);
                 session_pty_cleanup2(s);
         }
         s->used = 0;
@@ -1225,7 +1226,6 @@ mm_answer_pty(int socket, Buffer *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
-        fatal_add_cleanup(session_pty_cleanup2, (void *)s);
         pty_setowner(authctxt->pw, s->tty);
 
         buffer_put_int(m, 1);
@@ -1708,6 +1708,7 @@ monitor_init(void)
 
         mon = xmalloc(sizeof(*mon));
 
+        mon->m_pid = 0;
         monitor_socketpair(pair);
 
         mon->m_recvfd = pair[0];
@@ -1784,15 +1785,43 @@ mm_answer_gss_accept_ctx(int socket, Buffer *m)
 
         gss_release_buffer(&minor, &out);
 
-        /* Complete - now we can do signing */
         if (major==GSS_S_COMPLETE) {
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
         }
         return (0);
 }
 
 int
+mm_answer_gss_checkmic(int socket, Buffer *m)
+{
+        gss_buffer_desc gssbuf, mic;
+        OM_uint32 ret;
+        u_int len;
+
+        gssbuf.value = buffer_get_string(m, &len);
+        gssbuf.length = len;
+        mic.value = buffer_get_string(m, &len);
+        mic.length = len;
+
+        ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
+
+        xfree(gssbuf.value);
+        xfree(mic.value);
+
+        buffer_clear(m);
+        buffer_put_int(m, ret);
+
+        mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m);
+
+        if (!GSS_ERROR(ret))
+                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+
+        return (0);
+}
+
+int
 mm_answer_gss_userok(int socket, Buffer *m)
 {
         int authenticated;
@@ -1805,7 +1834,7 @@ mm_answer_gss_userok(int socket, Buffer *m)
         debug3("%s: sending result %d", __func__, authenticated);
         mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m);
 
-        auth_method="gssapi";
+        auth_method="gssapi-with-mic";
 
         /* Monitor loop will terminate if authenticated */
         return (authenticated);
diff --git a/monitor.h b/monitor.h
index 2461156c7..621a4ad18 100644
--- a/monitor.h
+++ b/monitor.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor.h,v 1.11 2003/08/28 12:54:34 markus Exp $     */
+/*      $OpenBSD: monitor.h,v 1.13 2003/11/17 11:06:07 markus Exp $     */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -52,6 +52,7 @@ enum monitor_reqtype {
         MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP,
         MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
         MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
+        MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC,
         MONITOR_REQ_PAM_START,
         MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
         MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
@@ -76,7 +77,7 @@ void monitor_reinit(struct monitor *);
 void monitor_sync(struct monitor *);
 
 struct Authctxt;
-struct Authctxt *monitor_child_preauth(struct monitor *);
+void monitor_child_preauth(struct Authctxt *, struct monitor *);
 void monitor_child_postauth(struct monitor *);
 
 struct mon_table;
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 4034d569c..e7c15cecd 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dh.h>
@@ -66,6 +66,16 @@ extern struct monitor *pmonitor;
 extern Buffer input, output;
 extern ServerOptions options;
 
+int
+mm_is_monitor(void)
+{
+        /*
+         * m_pid is only set in the privileged part, and
+         * points to the unprivileged child.
+         */
+        return (pmonitor && pmonitor->m_pid > 0);
+}
+
 void
 mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
 {
@@ -94,7 +104,7 @@ mm_request_receive(int socket, Buffer *m)
         res = atomicio(read, socket, buf, sizeof(buf));
         if (res != sizeof(buf)) {
                 if (res == 0)
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 fatal("%s: read: %ld", __func__, (long)res);
         }
         msg_len = GET_32BIT(buf);
@@ -214,7 +224,8 @@ mm_getpwnamallow(const char *login)
         return (pw);
 }
 
-char *mm_auth2_read_banner(void)
+char *
+mm_auth2_read_banner(void)
 {
         Buffer m;
         char *banner;
@@ -225,10 +236,16 @@ char *mm_auth2_read_banner(void)
         mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m);
         buffer_clear(&m);
 
-        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m);
+        mm_request_receive_expect(pmonitor->m_recvfd,
+            MONITOR_ANS_AUTH2_READ_BANNER, &m);
         banner = buffer_get_string(&m, NULL);
         buffer_free(&m);
 
+        /* treat empty banner as missing banner */
+        if (strlen(banner) == 0) {
+                xfree(banner);
+                banner = NULL;
+        }
         return (banner);
 }
 
@@ -648,9 +665,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 }
 
 void
-mm_session_pty_cleanup2(void *session)
+mm_session_pty_cleanup2(Session *s)
 {
-        Session *s = session;
         Buffer m;
 
         if (s->ttyfd == -1)
@@ -699,12 +715,12 @@ mm_do_pam_account(void)
         buffer_init(&m);
         mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
 
-        mm_request_receive_expect(pmonitor->m_recvfd, 
+        mm_request_receive_expect(pmonitor->m_recvfd,
             MONITOR_ANS_PAM_ACCOUNT, &m);
         ret = buffer_get_int(&m);
 
         buffer_free(&m);
-        
+
         debug3("%s returning %d", __func__, ret);
 
         return (ret);
@@ -1118,6 +1134,25 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
         return (major);
 }
 
+OM_uint32
+mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+{
+        Buffer m;
+        OM_uint32 major;
+
+        buffer_init(&m);
+        buffer_put_string(&m, gssbuf->value, gssbuf->length);
+        buffer_put_string(&m, gssmic->value, gssmic->length);
+
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC,
+            &m);
+
+        major = buffer_get_int(&m);
+        buffer_free(&m);
+        return(major);
+}
+
 int
 mm_ssh_gssapi_userok(char *user)
 {
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 5e0334588..55be10b19 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor_wrap.h,v 1.11 2003/08/28 12:54:34 markus Exp $        */
+/*      $OpenBSD: monitor_wrap.h,v 1.13 2003/11/17 11:06:07 markus Exp $        */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -40,6 +40,7 @@ struct mm_master;
 struct passwd;
 struct Authctxt;
 
+int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
 void mm_inform_authserv(char *, char *);
@@ -61,6 +62,7 @@ OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctxt, gss_OID oid);
 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctxt,
    gss_buffer_desc *recv, gss_buffer_desc *send, OM_uint32 *flags);
 int mm_ssh_gssapi_userok(char *user);
+OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
 #endif
 
 #ifdef USE_PAM
@@ -72,9 +74,10 @@ int mm_sshpam_respond(void *, u_int, char **);
 void mm_sshpam_free_ctx(void *);
 #endif
 
+struct Session;
 void mm_terminate(void);
 int mm_pty_allocate(int *, int *, char *, int);
-void mm_session_pty_cleanup2(void *);
+void mm_session_pty_cleanup2(struct Session *);
 
 /* SSHv1 interfaces */
 void mm_ssh1_session_id(u_char *);
diff --git a/msg.c b/msg.c
index 6a806c3f5..30bc3f107 100644
--- a/msg.c
+++ b/msg.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: msg.c,v 1.6 2003/06/28 16:23:06 deraadt Exp $");
+RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $");
 
 #include "buffer.h"
 #include "getput.h"
@@ -30,7 +30,7 @@ RCSID("$OpenBSD: msg.c,v 1.6 2003/06/28 16:23:06 deraadt Exp $");
 #include "atomicio.h"
 #include "msg.h"
 
-void
+int
 ssh_msg_send(int fd, u_char type, Buffer *m)
 {
         u_char buf[5];
@@ -40,10 +40,15 @@ ssh_msg_send(int fd, u_char type, Buffer *m)
 
         PUT_32BIT(buf, mlen + 1);
         buf[4] = type;          /* 1st byte of payload is mesg-type */
-        if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf))
-                fatal("ssh_msg_send: write");
-        if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen)
-                fatal("ssh_msg_send: write");
+        if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
+                error("ssh_msg_send: write");
+                return (-1);
+        }
+        if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen) {
+                error("ssh_msg_send: write");
+                return (-1);
+        }
+        return (0);
 }
 
 int
@@ -57,17 +62,21 @@ ssh_msg_recv(int fd, Buffer *m)
 
         res = atomicio(read, fd, buf, sizeof(buf));
         if (res != sizeof(buf)) {
-                if (res == 0)
-                        return -1;
-                fatal("ssh_msg_recv: read: header %ld", (long)res);
+                if (res != 0)
+                        error("ssh_msg_recv: read: header %ld", (long)res);
+                return (-1);
         }
         msg_len = GET_32BIT(buf);
-        if (msg_len > 256 * 1024)
-                fatal("ssh_msg_recv: read: bad msg_len %u", msg_len);
+        if (msg_len > 256 * 1024) {
+                error("ssh_msg_recv: read: bad msg_len %u", msg_len);
+                return (-1);
+        }
         buffer_clear(m);
         buffer_append_space(m, msg_len);
         res = atomicio(read, fd, buffer_ptr(m), msg_len);
-        if (res != msg_len)
-                fatal("ssh_msg_recv: read: %ld != msg_len", (long)res);
-        return 0;
+        if (res != msg_len) {
+                error("ssh_msg_recv: read: %ld != msg_len", (long)res);
+                return (-1);
+        }
+        return (0);
 }
diff --git a/msg.h b/msg.h
index c07df88a7..0d3ea0658 100644
--- a/msg.h
+++ b/msg.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $     */
+/*      $OpenBSD: msg.h,v 1.3 2003/11/17 09:45:39 djm Exp $     */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
 #ifndef SSH_MSG_H
 #define SSH_MSG_H
 
-void     ssh_msg_send(int, u_char, Buffer *);
+int      ssh_msg_send(int, u_char, Buffer *);
 int      ssh_msg_recv(int, Buffer *);
 
 #endif
diff --git a/nchan.ms b/nchan.ms
index 2d080228c..57576017b 100644
--- a/nchan.ms
+++ b/nchan.ms
@@ -1,8 +1,8 @@
-.\"     $OpenBSD: nchan.ms,v 1.7 2001/01/29 01:58:17 niklas Exp $
+.\"     $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $
+.\"
 .\"
-.\" 
 .\" Copyright (c) 1999 Markus Friedl.  All rights reserved.
-.\" 
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -11,7 +11,7 @@
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
-.\" 
+.\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
diff --git a/nchan2.ms b/nchan2.ms
index 1cc51fa12..a7a67b127 100644
--- a/nchan2.ms
+++ b/nchan2.ms
@@ -1,7 +1,7 @@
-.\"     $OpenBSD: nchan2.ms,v 1.2 2001/10/03 10:05:57 markus Exp $
-.\" 
+.\"     $OpenBSD: nchan2.ms,v 1.3 2003/11/21 11:57:03 djm Exp $
+.\"
 .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
-.\" 
+.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@@ -10,7 +10,7 @@
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
-.\" 
+.\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index c48593f7b..5de20abbc 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.28 2003/07/24 06:52:14 mouring Exp $
+# $Id: Makefile.in,v 1.30 2004/01/21 06:07:23 djm Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -16,9 +16,9 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
 
-OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
 
-COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
 
 PORTS=port-irix.o port-aix.o
 
diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c
index 91a5ab0ed..dcaa03e5d 100644
--- a/openbsd-compat/base64.c
+++ b/openbsd-compat/base64.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/base64.c */
+
 /*      $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $      */
 
 /*
diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c
index 2054c8068..552dc1e1c 100644
--- a/openbsd-compat/basename.c
+++ b/openbsd-compat/basename.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */
+
 /*      $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $   */
 
 /*
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c
index 5f890968e..22003ff0a 100644
--- a/openbsd-compat/bsd-arc4random.c
+++ b/openbsd-compat/bsd-arc4random.c
@@ -1,31 +1,23 @@
 /*
- * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 #include "log.h"
 
-RCSID("$Id: bsd-arc4random.c,v 1.7 2003/05/18 14:13:38 djm Exp $");
+RCSID("$Id: bsd-arc4random.c,v 1.8 2004/02/17 05:49:55 djm Exp $");
 
 #ifndef HAVE_ARC4RANDOM
 
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index f2ac428cc..f630366be 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.c,v 1.12 2003/06/03 02:45:27 dtucker Exp $
+ * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $
  *
  * bsd-cray.c
  *
@@ -59,6 +59,28 @@
 #include <ia.h>
 #include <urm.h>
 #include "ssh.h"
+
+#include "includes.h"
+#include "sys/types.h"
+
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+# define      _SS_MAXSIZE     128     /* Implementation specific max size */
+# define       _SS_PADSIZE     (_SS_MAXSIZE - sizeof (struct sockaddr))
+
+# define ss_family ss_sa.sa_family
+#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
+
+#ifndef IN6_IS_ADDR_LOOPBACK
+# define IN6_IS_ADDR_LOOPBACK(a) \
+        (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \
+         ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1))
+#endif /* !IN6_IS_ADDR_LOOPBACK */
+
+#ifndef AF_INET6
+/* Define it to something that should never appear */
+#define AF_INET6 AF_MAX
+#endif
+
 #include "log.h"
 #include "servconf.h"
 #include "bsd-cray.h"
@@ -182,7 +204,7 @@ cray_setup (uid_t uid, char *username, const char *command)
         /* passwd stuff for ia_user */
         passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce;
         ia_user_ret_t uret;             /* stuff returned from ia_user */
-        ia_user_t usent                 /* ia_user main structure */
+        ia_user_t usent;                /* ia_user main structure */
         int ia_rcode;                   /* ia_user return code */
         ia_failure_t fsent;             /* ia_failure structure */
         ia_failure_ret_t fret;          /* ia_failure return stuff */
@@ -501,54 +523,54 @@ cray_setup (uid_t uid, char *username, const char *command)
                                         break;
                                 default:
                                         valid_acct = nam2acid(acct_name);
-                                        if (valid_acct == -1) {
+                                        if (valid_acct == -1) 
                                                 printf(
                                                     "Account id not found for"
                                                     " account name \"%s\"\n\n",
                                                     acct_name);
                                         break;
-                                        }
-                                        /*
-                                         * If an account was given, search the user's
-                                         * acids array to verify they can use this account.
-                                         */
-                                        if ((valid_acct != -1) &&
-                                            !(ue.ue_permbits & PERMBITS_ACCTID)) {
-                                                for (i = 0; i < MAXVIDS; i++) {
-                                                        if (ue.ue_acids[i] == -1)
-                                                                break;
-                                                        if (valid_acct == ue.ue_acids[i])
-                                                                break;
-                                                }
-                                                if (i == MAXVIDS ||
-                                                    ue.ue_acids[i] == -1) {
-                                                        fprintf(stderr, "Cannot set"
-                                                            " account name to "
-                                                            "\"%s\", permission "
-                                                            "denied\n\n", acct_name);
-                                                        valid_acct = -1;
-                                                }
-                                        }
                                 }
-                        } else {
                                 /*
-                                 * The client isn't connected to a terminal and can't
-                                 * respond to an acid prompt.  Use default acid.
+                                 * If an account was given, search the user's
+                                 * acids array to verify they can use this account.
                                  */
-                                debug("cray_setup: ttyname false case, %.100s",
-                                    ttyname);
-                                valid_acct = ue.ue_acids[0];
+                                if ((valid_acct != -1) &&
+                                    !(ue.ue_permbits & PERMBITS_ACCTID)) {
+                                        for (i = 0; i < MAXVIDS; i++) {
+                                                if (ue.ue_acids[i] == -1)
+                                                        break;
+                                                if (valid_acct == ue.ue_acids[i])
+                                                        break;
+                                        }
+                                        if (i == MAXVIDS ||
+                                            ue.ue_acids[i] == -1) {
+                                                fprintf(stderr, "Cannot set"
+                                                    " account name to "
+                                                    "\"%s\", permission "
+                                                    "denied\n\n", acct_name);
+                                                valid_acct = -1;
+                                        }
+                                }
                         }
                 } else {
                         /*
-                         * The user doesn't have the askacid permbit set or
-                         * only has one valid account to use.
+                         * The client isn't connected to a terminal and can't
+                         * respond to an acid prompt.  Use default acid.
                          */
+                        debug("cray_setup: ttyname false case, %.100s",
+                            ttyname);
                         valid_acct = ue.ue_acids[0];
                 }
-                if (acctid(0, valid_acct) < 0) {
-                        printf ("Bad account id: %d\n", valid_acct);
-                        exit(1);
+        } else {
+                /*
+                 * The user doesn't have the askacid permbit set or
+                 * only has one valid account to use.
+                 */
+                valid_acct = ue.ue_acids[0];
+        }
+        if (acctid(0, valid_acct) < 0) {
+                printf ("Bad account id: %d\n", valid_acct);
+                exit(1);
         }
 
         /* 
@@ -778,4 +800,17 @@ cray_set_tmpdir(struct utmp *ut)
         ut->ut_jid = jid;
         strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
 }
-#endif
+#endif /* UNICOS */
+
+#ifdef _UNICOSMP
+#include <pwd.h>
+/*
+ * Set job id and create tmpdir directory.
+ */
+void
+cray_init_job(struct passwd *pw)
+{
+        initrm_silent(pw->pw_uid);
+        return;
+}
+#endif /* _UNICOSMP */
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index a121ea152..de6ba1a8d 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-cray.h,v 1.10 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */
 
 /*
  * Copyright (c) 2002, Cray Inc.  (Wendy Palm <wendyp@cray.com>)
@@ -53,7 +53,6 @@ extern char cray_tmpdir[];
 # define MAXHOSTNAMELEN  64
 #endif
 #ifndef _CRAYT3E
-# include <sys/ttold.h>
 # define TIOCGPGRP (tIOC|20)
 #endif
 
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c
index bcda2c155..fe2edad71 100644
--- a/openbsd-compat/bsd-getpeereid.c
+++ b/openbsd-compat/bsd-getpeereid.c
@@ -1,30 +1,22 @@
 /*
- * Copyright (c) 2002 Damien Miller.  All rights reserved.
+ * Copyright (c) 2002,2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 
-RCSID("$Id: bsd-getpeereid.c,v 1.2 2003/03/24 22:07:52 djm Exp $");
+RCSID("$Id: bsd-getpeereid.c,v 1.3 2004/02/17 05:49:55 djm Exp $");
 
 #if !defined(HAVE_GETPEEREID)
 
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 08b089bdc..7b06786f5 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -1,31 +1,23 @@
 /*
- * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
+ * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 #include "xmalloc.h"
 
-RCSID("$Id: bsd-misc.c,v 1.19 2003/08/25 01:16:21 mouring Exp $");
+RCSID("$Id: bsd-misc.c,v 1.21 2004/02/17 05:49:55 djm Exp $");
 
 /*
  * NB. duplicate __progname in case it is an alias for argv[0]
@@ -164,7 +156,6 @@ int nanosleep(const struct timespec *req, struct timespec *rem)
 
         return(rc);
 }
-
 #endif
 
 #ifndef HAVE_TCGETPGRP
@@ -223,6 +214,7 @@ mysignal(int sig, mysig_t act)
         }
         return (osa.sa_handler);
 #else
+        #undef signal
         return (signal(sig, act));
 #endif
 }
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 6b70473f3..c8073942c 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -1,27 +1,19 @@
-/* $Id: bsd-misc.h,v 1.13 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: bsd-misc.h,v 1.14 2004/02/17 05:49:55 djm Exp $ */
 
 /*
- * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
+ * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #ifndef _BSD_MISC_H
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
new file mode 100644
index 000000000..daf5f8b81
--- /dev/null
+++ b/openbsd-compat/bsd-openpty.c
@@ -0,0 +1,203 @@
+/*
+ * Please note: this implementation of openpty() is far from complete.
+ * it is just enough for portable OpenSSH's needs.
+ */
+
+/*
+ * Copyright (c) 2004 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ *                    All rights reserved
+ * Allocating a pseudo-terminal, and making it the controlling tty.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+#if !defined(HAVE_OPENPTY)
+
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif /* HAVE_UTIL_H */
+
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+#if defined(HAVE_DEV_PTMX) && defined(HAVE_SYS_STROPTS_H)
+# include <sys/stropts.h>
+#endif
+
+#ifndef O_NOCTTY
+#define O_NOCTTY 0
+#endif
+
+int
+openpty(int *amaster, int *aslave, char *name, struct termios *termp,
+   struct winsize *winp)
+{
+#if defined(HAVE__GETPTY)
+        /*
+         * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more
+         * pty's automagically when needed
+         */
+        char *slave;
+
+        if ((slave = _getpty(amaster, O_RDWR, 0622, 0)) == NULL)
+                return (-1);
+
+        /* Open the slave side. */
+        if ((*aslave = open(slave, O_RDWR | O_NOCTTY)) == -1) {
+                close(*amaster);
+                return (-1);
+        }
+        return (0);
+
+#elif defined(HAVE_DEV_PTMX)
+        /*
+         * This code is used e.g. on Solaris 2.x.  (Note that Solaris 2.3
+         * also has bsd-style ptys, but they simply do not work.)
+         */
+        int ptm;
+        char *pts;
+        mysig_t old_signal;
+
+        if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1)
+                return (-1);
+
+        /* XXX: need to close ptm on error? */
+        old_signal = signal(SIGCHLD, SIG_DFL);
+        if (grantpt(ptm) < 0)
+                return (-1);
+        signal(SIGCHLD, old_signal);
+
+        if (unlockpt(ptm) < 0)
+                return (-1);
+
+        if ((pts = ptsname(ptm)) == NULL)
+                return (-1);
+        *amaster = ptm;
+
+        /* Open the slave side. */
+        if ((*aslave = open(pts, O_RDWR | O_NOCTTY)) == -1) {
+                close(*amaster);
+                return (-1);
+        }
+
+#ifndef HAVE_CYGWIN
+        /*
+         * Try to push the appropriate streams modules, as described 
+         * in Solaris pts(7).
+         */
+        ioctl(*aslave, I_PUSH, "ptem");
+        ioctl(*aslave, I_PUSH, "ldterm");
+# ifndef __hpux
+        ioctl(*aslave, I_PUSH, "ttcompat");
+# endif /* __hpux */
+#endif /* HAVE_CYGWIN */
+
+        return (0);
+
+#elif defined(HAVE_DEV_PTS_AND_PTC)
+        /* AIX-style pty code. */
+        const char *ttname;
+
+        if ((*amaster = open("/dev/ptc", O_RDWR | O_NOCTTY)) == -1)
+                return (-1);
+        if ((ttname = ttyname(*amaster)) == NULL)
+                return (-1);
+        if ((*aslave = open(ttname, O_RDWR | O_NOCTTY)) == -1) {
+                close(*amaster);
+                return (-1);
+        }
+        return (0);
+
+#elif defined(_UNICOS)
+        char ptbuf[64], ttbuf[64];
+        int i;
+        int highpty;
+
+        highpty = 128;
+#ifdef _SC_CRAY_NPTY
+        if ((highpty = sysconf(_SC_CRAY_NPTY)) == -1)
+                highpty = 128;
+#endif /* _SC_CRAY_NPTY */
+
+        for (i = 0; i < highpty; i++) {
+                snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i);
+                snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i);
+                if ((*amaster = open(ptbuf, O_RDWR|O_NOCTTY)) == -1)
+                        continue;
+                /* Open the slave side. */
+                if ((*aslave = open(ttbuf, O_RDWR|O_NOCTTY)) == -1) {
+                        close(*amaster);
+                        return (-1);
+                }
+                return (0);
+        }
+        return (-1);
+
+#else
+        /* BSD-style pty code. */
+        char ptbuf[64], ttbuf[64];
+        int i;
+        const char *ptymajors = "pqrstuvwxyzabcdefghijklmno"
+            "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+        const char *ptyminors = "0123456789abcdef";
+        int num_minors = strlen(ptyminors);
+        int num_ptys = strlen(ptymajors) * num_minors;
+        struct termios tio;
+
+        for (i = 0; i < num_ptys; i++) {
+                snprintf(ptbuf, sizeof(ptbuf), "/dev/pty%c%c", 
+                    ptymajors[i / num_minors], ptyminors[i % num_minors]);
+                snprintf(ttbuf, sizeof(ttbuf), "/dev/tty%c%c",
+                    ptymajors[i / num_minors], ptyminors[i % num_minors]);
+
+                if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1) {
+                        /* Try SCO style naming */
+                        snprintf(ptbuf, sizeof(ptbuf), "/dev/ptyp%d", i);
+                        snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%d", i);
+                        if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1)
+                                continue;
+                }
+
+                /* Open the slave side. */
+                if ((*aslave = open(ttbuf, O_RDWR | O_NOCTTY)) == -1) {
+                        close(*amaster);
+                        return (-1);
+                }
+                /* set tty modes to a sane state for broken clients */
+                if (tcgetattr(*amaster, &tio) != -1) {
+                        tio.c_lflag |= (ECHO | ISIG | ICANON);
+                        tio.c_oflag |= (OPOST | ONLCR);
+                        tio.c_iflag |= ICRNL;
+                        tcsetattr(*amaster, TCSANOW, &tio);
+                }
+
+                return (0);
+        }
+        return (-1);
+#endif
+}
+
+#endif /* !defined(HAVE_OPENPTY) */
+
diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c
index 6dd45f6a7..c0be5fff9 100644
--- a/openbsd-compat/daemon.c
+++ b/openbsd-compat/daemon.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */
+
 /*-
  * Copyright (c) 1990, 1993
  *      The Regents of the University of California.  All rights reserved.
diff --git a/openbsd-compat/dirname.c b/openbsd-compat/dirname.c
index 1ab7516d8..25ab34dd6 100644
--- a/openbsd-compat/dirname.c
+++ b/openbsd-compat/dirname.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */
+
 /*      $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $    */
 
 /*
diff --git a/openbsd-compat/fake-rfc2553.c b/openbsd-compat/fake-rfc2553.c
index f44924836..0186b5300 100644
--- a/openbsd-compat/fake-rfc2553.c
+++ b/openbsd-compat/fake-rfc2553.c
@@ -37,7 +37,7 @@
 
 #include "includes.h"
 
-RCSID("$Id: fake-rfc2553.c,v 1.4 2003/06/13 22:43:23 djm Exp $");
+RCSID("$Id: fake-rfc2553.c,v 1.5 2003/09/22 02:08:23 dtucker Exp $");
 
 #ifndef HAVE_GETNAMEINFO
 int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, 
@@ -77,7 +77,11 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
 #endif /* !HAVE_GETNAMEINFO */
 
 #ifndef HAVE_GAI_STRERROR
+#ifdef HAVE_CONST_GAI_STRERROR_PROTO
+const char *
+#else
 char *
+#endif
 gai_strerror(int err)
 {
         switch (err) {
diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h
index b70b928f8..eb88605fa 100644
--- a/openbsd-compat/fake-rfc2553.h
+++ b/openbsd-compat/fake-rfc2553.h
@@ -1,4 +1,4 @@
-/* $Id: fake-rfc2553.h,v 1.6 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: fake-rfc2553.h,v 1.8 2004/02/10 02:05:41 dtucker Exp $ */
 
 /*
  * Copyright (C) 2000-2003 Damien Miller.  All rights reserved.
@@ -133,19 +133,23 @@ struct addrinfo {
 #endif /* !HAVE_STRUCT_ADDRINFO */
 
 #ifndef HAVE_GETADDRINFO
+#define getaddrinfo(a,b,c,d)    (ssh_getaddrinfo(a,b,c,d))
 int getaddrinfo(const char *, const char *, 
     const struct addrinfo *, struct addrinfo **);
 #endif /* !HAVE_GETADDRINFO */
 
-#ifndef HAVE_GAI_STRERROR
+#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO)
+#define gai_strerror(a)         (ssh_gai_strerror(a))
 char *gai_strerror(int);
 #endif /* !HAVE_GAI_STRERROR */
 
 #ifndef HAVE_FREEADDRINFO
+#define freeaddrinfo(a)         (ssh_freeaddrinfo(a))
 void freeaddrinfo(struct addrinfo *);
 #endif /* !HAVE_FREEADDRINFO */
 
 #ifndef HAVE_GETNAMEINFO
+#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g))
 int getnameinfo(const struct sockaddr *, size_t, char *, size_t, 
     char *, size_t, int);
 #endif /* !HAVE_GETNAMEINFO */
diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c
index 31d1cfe93..19be59172 100644
--- a/openbsd-compat/getcwd.c
+++ b/openbsd-compat/getcwd.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */
+
 /*
  * Copyright (c) 1989, 1991, 1993
  *      The Regents of the University of California.  All rights reserved.
diff --git a/openbsd-compat/getgrouplist.c b/openbsd-compat/getgrouplist.c
index 085cda8c3..59c164f44 100644
--- a/openbsd-compat/getgrouplist.c
+++ b/openbsd-compat/getgrouplist.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */
+
 /*
  * Copyright (c) 1991, 1993
  *      The Regents of the University of California.  All rights reserved.
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c
index 2136fbfcc..f5ee6778d 100644
--- a/openbsd-compat/getopt.c
+++ b/openbsd-compat/getopt.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
+
 /*
  * Copyright (c) 1987, 1993, 1994
  *      The Regents of the University of California.  All rights reserved.
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 44fa2755b..66d18142e 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
+
 /* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */
 
 /*
@@ -45,12 +47,10 @@
 
 #include "includes.h"
 
-#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
+#ifndef HAVE_GETRRSETBYNAME
 
 #include "getrrsetbyname.h"
 
-/* #include "thread_private.h" */
-
 #define ANSWER_BUFFER_SIZE 1024*64
 
 struct dns_query {
@@ -159,7 +159,6 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
     unsigned int rdtype, unsigned int flags,
     struct rrsetinfo **res)
 {
-        struct __res_state *_resp = &_res;
         int result;
         struct rrsetinfo *rrset = NULL;
         struct dns_response *response;
@@ -188,19 +187,19 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
         }
 
         /* initialize resolver */
-        if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
+        if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
                 result = ERRSET_FAIL;
                 goto fail;
         }
 
 #ifdef DEBUG
-        _resp->options |= RES_DEBUG;
+        _res.options |= RES_DEBUG;
 #endif /* DEBUG */
 
 #ifdef RES_USE_DNSSEC
         /* turn on DNSSEC if EDNS0 is configured */
-        if (_resp->options & RES_USE_EDNS0)
-                _resp->options |= RES_USE_DNSSEC;
+        if (_res.options & RES_USE_EDNS0)
+                _res.options |= RES_USE_DNSSEC;
 #endif /* RES_USE_DNSEC */
 
         /* make query */
@@ -575,4 +574,4 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
         return (n);
 }
 
-#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
+#endif /* !defined(HAVE_GETRRSETBYNAME) */
diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h
index 6466a54d6..39995b63f 100644
--- a/openbsd-compat/getrrsetbyname.h
+++ b/openbsd-compat/getrrsetbyname.h
@@ -1,3 +1,5 @@
+/* OPENBSD BASED ON : include/netdb.h */
+
 /* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */
 
 /*
@@ -48,7 +50,7 @@
 
 #include "includes.h"
 
-#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
+#ifndef HAVE_GETRRSETBYNAME
 
 #include <sys/types.h>
 #include <netinet/in.h>
@@ -56,6 +58,14 @@
 #include <netdb.h>
 #include <resolv.h>
 
+#ifndef HFIXEDSZ
+#define HFIXEDSZ 12
+#endif
+
+#ifndef T_SIG
+#define T_SIG 24
+#endif
+
 /*
  * Flags for getrrsetbyname()
  */
@@ -95,6 +105,6 @@ struct rrsetinfo {
 int             getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **);
 void            freerrset(struct rrsetinfo *);
 
-#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
+#endif /* !defined(HAVE_GETRRSETBYNAME) */
 
 #endif /* _GETRRSETBYNAME_H */
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 50f35c304..7fafc8c40 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */
+
 /*
  * Copyright (c) 1989, 1993
  *      The Regents of the University of California.  All rights reserved.
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h
index aceddbc48..3428b2013 100644
--- a/openbsd-compat/glob.h
+++ b/openbsd-compat/glob.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: include/glob.h */
+
 /*      $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $        */
 /*      $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $     */
 
diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c
index 5de49868d..c141bcc68 100644
--- a/openbsd-compat/inet_aton.c
+++ b/openbsd-compat/inet_aton.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */
+
 /*      $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $   */
 
 /*
diff --git a/openbsd-compat/inet_ntoa.c b/openbsd-compat/inet_ntoa.c
index e0384491d..dc010dc53 100644
--- a/openbsd-compat/inet_ntoa.c
+++ b/openbsd-compat/inet_ntoa.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */
+
 /*
  * Copyright (c) 1983, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -43,7 +45,6 @@ static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert E
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <stdio.h>
-#include "inet_ntoa.h"
 
 char *inet_ntoa(struct in_addr in)
 {
diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c
index 075eac44f..7031625b4 100644
--- a/openbsd-compat/inet_ntop.c
+++ b/openbsd-compat/inet_ntop.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */
+
 /*      $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $    */
 
 /* Copyright (c) 1996 by Internet Software Consortium.
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
index 2cd747835..aff8d2005 100644
--- a/openbsd-compat/mktemp.c
+++ b/openbsd-compat/mktemp.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
+
 /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */
 /* Changes: Removed mktemp */
 
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 852948c54..6be1bcda4 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.24 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: openbsd-compat.h,v 1.25 2004/01/21 06:07:23 djm Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -138,8 +138,9 @@ unsigned int arc4random(void);
 void arc4random_stir(void);
 #endif /* !HAVE_ARC4RANDOM */
 
-
-
+#ifndef HAVE_OPENPTY
+int openpty(int *, int *, char *, struct termios *, struct winsize *);
+#endif /* HAVE_OPENPTY */
 
 /* #include <sys/types.h> XXX needed? For size_t */
 
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 7a981634b..2895f0d44 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -24,17 +24,25 @@
  *
  */
 #include "includes.h"
+#include "auth.h"
 #include "ssh.h"
 #include "log.h"
 #include "servconf.h"
+#include "canohost.h"
+#include "xmalloc.h"
+#include "buffer.h"
 
 #ifdef _AIX
 
 #include <uinfo.h>
-#include <../xmalloc.h>
 #include "port-aix.h"
 
 extern ServerOptions options;
+extern Buffer loginmsg;
+
+# ifdef HAVE_SETAUTHDB
+static char old_registry[REGISTRY_SIZE] = "";
+# endif
 
 /*
  * AIX has a "usrinfo" area where logname and other stuff is stored - 
@@ -62,7 +70,7 @@ aix_usrinfo(struct passwd *pw)
         xfree(cp);
 }
 
-#ifdef WITH_AIXAUTHENTICATE
+# ifdef WITH_AIXAUTHENTICATE
 /*
  * Remove embedded newlines in string (if any).
  * Used before logging messages returned by AIX authentication functions
@@ -82,41 +90,113 @@ aix_remove_embedded_newlines(char *p)
         if (*--p == ' ')
                 *p = '\0';
 }
-#endif /* WITH_AIXAUTHENTICATE */
+
+/*
+ * Do authentication via AIX's authenticate routine.  We loop until the
+ * reenter parameter is 0, but normally authenticate is called only once.
+ *
+ * Note: this function returns 1 on success, whereas AIX's authenticate()
+ * returns 0.
+ */
+int
+sys_auth_passwd(Authctxt *ctxt, const char *password)
+{
+        char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
+        int authsuccess = 0, expired, reenter, result;
+
+        do {
+                result = authenticate((char *)name, (char *)password, &reenter,
+                    &authmsg);
+                aix_remove_embedded_newlines(authmsg);  
+                debug3("AIX/authenticate result %d, msg %.100s", result,
+                    authmsg);
+        } while (reenter);
+
+        if (result == 0) {
+                authsuccess = 1;
+
+                host = (char *)get_canonical_hostname(options.use_dns);
+
+                /*
+                 * Record successful login.  We don't have a pty yet, so just
+                 * label the line as "ssh"
+                 */
+                aix_setauthdb(name);
+                if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
+                        if (msg != NULL) {
+                                debug("%s: msg %s", __func__, msg);
+                                buffer_append(&loginmsg, msg, strlen(msg));
+                                xfree(msg);
+                        }
+                }
+
+                /*
+                 * Check if the user's password is expired.
+                 */
+                expired = passwdexpired(name, &msg);
+                if (msg && *msg) {
+                        buffer_append(&loginmsg, msg, strlen(msg));
+                        aix_remove_embedded_newlines(msg);
+                }
+                debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
+
+                switch (expired) {
+                case 0: /* password not expired */
+                        break;
+                case 1: /* expired, password change required */
+                        ctxt->force_pwchange = 1;
+                        disable_forwarding();
+                        break;
+                default: /* user can't change(2) or other error (-1) */
+                        logit("Password can't be changed for user %s: %.100s",
+                            name, msg);
+                        if (msg)
+                                xfree(msg);
+                        authsuccess = 0;
+                }
+
+                aix_restoreauthdb();
+        }
+
+        if (authmsg != NULL)
+                xfree(authmsg);
+
+        return authsuccess;
+}
   
-# ifdef CUSTOM_FAILED_LOGIN
+#  ifdef CUSTOM_FAILED_LOGIN
 /*
  * record_failed_login: generic "login failed" interface function
  */
 void
 record_failed_login(const char *user, const char *ttyname)
 {
-        char *hostname = get_canonical_hostname(options.use_dns);
+        char *hostname = (char *)get_canonical_hostname(options.use_dns);
 
         if (geteuid() != 0)
                 return;
 
         aix_setauthdb(user);
-#  ifdef AIX_LOGINFAILED_4ARG
+#   ifdef AIX_LOGINFAILED_4ARG
         loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
-#  else
+#   else
         loginfailed((char *)user, hostname, (char *)ttyname);
-#  endif
+#   endif
+        aix_restoreauthdb();
 }
+#  endif /* CUSTOM_FAILED_LOGIN */
 
 /*
  * If we have setauthdb, retrieve the password registry for the user's
- * account then feed it to setauthdb.  This may load registry-specific method
- * code.  If we don't have setauthdb or have already called it this is a no-op.
+ * account then feed it to setauthdb.  This will mean that subsequent AIX auth
+ * functions will only use the specified loadable module.  If we don't have
+ * setauthdb this is a no-op.
  */
 void
 aix_setauthdb(const char *user)
 {
 #  ifdef HAVE_SETAUTHDB
-        static char *registry = NULL;
-
-        if (registry != NULL)   /* have already done setauthdb */
-                return;
+        char *registry;
 
         if (setuserdb(S_READ) == -1) {
                 debug3("%s: Could not open userdb to read", __func__);
@@ -124,18 +204,37 @@ aix_setauthdb(const char *user)
         }
         
         if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
-                if (setauthdb(registry, NULL) == 0)
-                        debug3("%s: AIX/setauthdb set registry %s", __func__,
-                            registry);
+                if (setauthdb(registry, old_registry) == 0)
+                        debug3("AIX/setauthdb set registry '%s'", registry);
                 else 
-                        debug3("%s: AIX/setauthdb set registry %s failed: %s",
-                            __func__, registry, strerror(errno));
+                        debug3("AIX/setauthdb set registry '%s' failed: %s",
+                            registry, strerror(errno));
         } else
                 debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
                     strerror(errno));
         enduserdb();
-#  endif
+#  endif /* HAVE_SETAUTHDB */
 }
-# endif /* CUSTOM_FAILED_LOGIN */
-#endif /* _AIX */
 
+/*
+ * Restore the user's registry settings from old_registry.
+ * Note that if the first aix_setauthdb fails, setauthdb("") is still safe
+ * (it restores the system default behaviour).  If we don't have setauthdb,
+ * this is a no-op.
+ */
+void
+aix_restoreauthdb(void)
+{
+#  ifdef HAVE_SETAUTHDB
+        if (setauthdb(old_registry, NULL) == 0)
+                debug3("%s: restoring old registry '%s'", __func__,
+                    old_registry);
+        else
+                debug3("%s: failed to restore old registry %s", __func__,
+                    old_registry);
+#  endif /* HAVE_SETAUTHDB */
+}
+
+# endif /* WITH_AIXAUTHENTICATE */
+
+#endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 09e7f9e97..3118af9a9 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.14 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: port-aix.h,v 1.19 2004/02/10 04:27:35 dtucker Exp $ */
 
 /*
  *
@@ -30,10 +30,10 @@
 #ifdef WITH_AIXAUTHENTICATE
 # include <login.h>
 # include <userpw.h>
-# include <usersec.h>
-# ifdef HAVE_SYS_AUDIT_H
+# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG)
 #  include <sys/audit.h>
 # endif
+# include <usersec.h>
 #endif
 
 /* Some versions define r_type in the above headers, which causes a conflict */
@@ -51,12 +51,23 @@
 # include <sys/timers.h>
 #endif
 
+/*
+ * According to the setauthdb man page, AIX password registries must be 15
+ * chars or less plus terminating NUL.
+ */
+#ifdef HAVE_SETAUTHDB
+# define REGISTRY_SIZE  16
+#endif
+
+void aix_usrinfo(struct passwd *);
+
 #ifdef WITH_AIXAUTHENTICATE
+# define CUSTOM_SYS_AUTH_PASSWD 1
 # define CUSTOM_FAILED_LOGIN 1
 void record_failed_login(const char *, const char *);
-void aix_setauthdb(const char *);
 #endif
 
-void aix_usrinfo(struct passwd *);
+void aix_setauthdb(const char *);
+void aix_restoreauthdb(void);
 void aix_remove_embedded_newlines(char *);
 #endif /* _AIX */
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
index 0d0baf569..4ee1be5de 100644
--- a/openbsd-compat/readpassphrase.c
+++ b/openbsd-compat/readpassphrase.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
+
 /*      $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $     */
 
 /*
diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h
index 92908a489..178edf346 100644
--- a/openbsd-compat/readpassphrase.h
+++ b/openbsd-compat/readpassphrase.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: include/readpassphrase.h */
+
 /*      $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $      */
 
 /*
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
index 77da14e7c..218fbecb2 100644
--- a/openbsd-compat/realpath.c
+++ b/openbsd-compat/realpath.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
+
 /*
  * Copyright (c) 1994
  *      The Regents of the University of California.  All rights reserved.
@@ -150,7 +152,7 @@ loop:
                         serrno = ENAMETOOLONG;
                         goto err1;
                 }
-                if (needslash == 0)
+                if (needslash)
                         strlcat(resolved, "/", MAXPATHLEN);
                 strlcat(resolved, wbuf, MAXPATHLEN);
         }
diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c
index 608a3b184..75167065c 100644
--- a/openbsd-compat/rresvport.c
+++ b/openbsd-compat/rresvport.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */
+
 /*
  * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
  * Copyright (c) 1983, 1993, 1994
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c
index c9941c195..b7ba0ce83 100644
--- a/openbsd-compat/setenv.c
+++ b/openbsd-compat/setenv.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */
+
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
index b41100fc6..6e2b19bb4 100644
--- a/openbsd-compat/setproctitle.c
+++ b/openbsd-compat/setproctitle.c
@@ -41,8 +41,8 @@
 #endif
 
 #define SPT_NONE        0       /* don't use it at all */
-#define SPT_PSTAT       1       /* cover argv with title information */
-#define SPT_REUSEARGV   2       /* use pstat(PSTAT_SETCMD, ...) */
+#define SPT_PSTAT       1       /* use pstat(PSTAT_SETCMD, ...) */
+#define SPT_REUSEARGV   2       /* cover argv with title information */
 
 #ifndef SPT_TYPE
 # define SPT_TYPE       SPT_NONE
diff --git a/openbsd-compat/sigact.c b/openbsd-compat/sigact.c
index 35fbab0eb..2772ac574 100644
--- a/openbsd-compat/sigact.c
+++ b/openbsd-compat/sigact.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */
+
 /*      $OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $   */
 
 /****************************************************************************
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
index cae16657c..70f01cb2a 100644
--- a/openbsd-compat/strlcat.c
+++ b/openbsd-compat/strlcat.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */
+
 /*      $OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $    */
 
 /*
diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
index c8fe29987..ccfa12a0a 100644
--- a/openbsd-compat/strlcpy.c
+++ b/openbsd-compat/strlcpy.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
+
 /*      $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $     */
 
 /*
diff --git a/openbsd-compat/strmode.c b/openbsd-compat/strmode.c
index adf5e273e..ea8d515e3 100644
--- a/openbsd-compat/strmode.c
+++ b/openbsd-compat/strmode.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */
+
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
  * All rights reserved.
diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c
index b13671343..330d84ce1 100644
--- a/openbsd-compat/strsep.c
+++ b/openbsd-compat/strsep.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */
+
 /*      $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $      */
 
 /*-
diff --git a/openbsd-compat/strtoul.c b/openbsd-compat/strtoul.c
new file mode 100644
index 000000000..24d0e253d
--- /dev/null
+++ b/openbsd-compat/strtoul.c
@@ -0,0 +1,114 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */
+
+/*
+ * Copyright (c) 1990 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRTOUL
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+/*
+ * Convert a string to an unsigned long integer.
+ *
+ * Ignores `locale' stuff.  Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+unsigned long
+strtoul(nptr, endptr, base)
+        const char *nptr;
+        char **endptr;
+        register int base;
+{
+        register const char *s;
+        register unsigned long acc, cutoff;
+        register int c;
+        register int neg, any, cutlim;
+
+        /*
+         * See strtol for comments as to the logic used.
+         */
+        s = nptr;
+        do {
+                c = (unsigned char) *s++;
+        } while (isspace(c));
+        if (c == '-') {
+                neg = 1;
+                c = *s++;
+        } else {
+                neg = 0;
+                if (c == '+')
+                        c = *s++;
+        }
+        if ((base == 0 || base == 16) &&
+            c == '0' && (*s == 'x' || *s == 'X')) {
+                c = s[1];
+                s += 2;
+                base = 16;
+        }
+        if (base == 0)
+                base = c == '0' ? 8 : 10;
+
+        cutoff = ULONG_MAX / (unsigned long)base;
+        cutlim = ULONG_MAX % (unsigned long)base;
+        for (acc = 0, any = 0;; c = (unsigned char) *s++) {
+                if (isdigit(c))
+                        c -= '0';
+                else if (isalpha(c))
+                        c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+                else
+                        break;
+                if (c >= base)
+                        break;
+                if (any < 0)
+                        continue;
+                if (acc > cutoff || acc == cutoff && c > cutlim) {
+                        any = -1;
+                        acc = ULONG_MAX;
+                        errno = ERANGE;
+                } else {
+                        any = 1;
+                        acc *= (unsigned long)base;
+                        acc += c;
+                }
+        }
+        if (neg && any > 0)
+                acc = -acc;
+        if (endptr != 0)
+                *endptr = (char *) (any ? s - 1 : nptr);
+        return (acc);
+}
+#endif /* !HAVE_STRTOUL */
diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h
index dd5c47525..8ff19e452 100644
--- a/openbsd-compat/sys-queue.h
+++ b/openbsd-compat/sys-queue.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: sys/sys/queue.h */
+
 /*      $OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $      */
 /*      $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $       */
 
diff --git a/openbsd-compat/sys-tree.h b/openbsd-compat/sys-tree.h
index 927ca04cd..73cfbe72a 100644
--- a/openbsd-compat/sys-tree.h
+++ b/openbsd-compat/sys-tree.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: sys/sys/tree.h */
+
 /*      $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $    */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c
index e6a2ce98d..1fb7a01e3 100644
--- a/openbsd-compat/vis.c
+++ b/openbsd-compat/vis.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */
+
 /*-
  * Copyright (c) 1989, 1993
  *      The Regents of the University of California.  All rights reserved.
diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h
index 1c131cc85..663355a24 100644
--- a/openbsd-compat/vis.h
+++ b/openbsd-compat/vis.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: include/vis.h */
+
 /*      $OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $ */
 /*      $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $      */
 
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index 5b5d69c72..a0fe6c620 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -104,10 +104,6 @@ shadow_pw(struct passwd *pw)
 
         if (spw != NULL)
                 pw_password = spw->ufld.fd_encrypt;
-# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
-        struct pr_passwd *spw;
-        if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
-                pw_password = spw->ufld.fd_encrypt;
 # endif
 
         return pw_password;
diff --git a/packet.c b/packet.c
index fd436d56f..f557cd75d 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.110 2003/09/19 09:02:02 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.112 2003/09/23 20:17:11 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -168,8 +168,6 @@ packet_set_connection(int fd_in, int fd_out, int new_setup_timeout)
                 buffer_init(&incoming_packet);
                 TAILQ_INIT(&outgoing);
         }
-        /* Kludge: arrange the close function to be called from fatal(). */
-        fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
 }
 
 /* Returns 1 if remote host is connected via socket, 0 if not. */
@@ -309,7 +307,7 @@ packet_connection_is_ipv4(void)
         if (to.ss_family == AF_INET)
                 return 1;
 #ifdef IPV4_IN_IPV6
-        if (to.ss_family == AF_INET6 && 
+        if (to.ss_family == AF_INET6 &&
             IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
                 return 1;
 #endif
@@ -884,7 +882,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
                 len = read(connection_in, buf, sizeof(buf));
                 if (len == 0) {
                         logit("Connection closed by %.200s", get_remote_ipaddr());
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 }
                 if (len < 0)
                         fatal("Read from socket failed: %.100s", strerror(errno));
@@ -1150,7 +1148,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
                                 logit("Received disconnect from %s: %u: %.400s",
                                     get_remote_ipaddr(), reason, msg);
                                 xfree(msg);
-                                fatal_cleanup();
+                                cleanup_exit(255);
                                 break;
                         case SSH2_MSG_UNIMPLEMENTED:
                                 seqnr = packet_get_int();
@@ -1175,7 +1173,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
                                 msg = packet_get_string(NULL);
                                 logit("Received disconnect from %s: %.400s",
                                     get_remote_ipaddr(), msg);
-                                fatal_cleanup();
+                                cleanup_exit(255);
                                 xfree(msg);
                                 break;
                         default:
@@ -1352,8 +1350,7 @@ packet_disconnect(const char *fmt,...)
 
         /* Close the connection. */
         packet_close();
-
-        fatal_cleanup();
+        cleanup_exit(255);
 }
 
 /* Checks if there is any buffered output, and tries to write some of the output. */
@@ -1420,10 +1417,10 @@ packet_not_very_much_data_to_write(void)
 }
 
 
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
 static void
 packet_set_tos(int interactive)
 {
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
         int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
 
         if (!packet_connection_is_on_socket() ||
@@ -1433,8 +1430,8 @@ packet_set_tos(int interactive)
             sizeof(tos)) < 0)
                 error("setsockopt IP_TOS %d: %.100s:",
                     tos, strerror(errno));
-}
 #endif
+}
 
 /* Informs that the current session is interactive.  Sets IP flags for that. */
 
@@ -1455,10 +1452,7 @@ packet_set_interactive(int interactive)
                 return;
         if (interactive)
                 set_nodelay(connection_in);
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
         packet_set_tos(interactive);
-#endif
-
 }
 
 /* Returns true if the current connection is interactive. */
diff --git a/pathnames.h b/pathnames.h
index 89e22c77a..53208cf58 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: pathnames.h,v 1.13 2002/05/23 19:24:30 markus Exp $   */
+/*      $OpenBSD: pathnames.h,v 1.14 2004/01/30 09:48:57 markus Exp $   */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -150,6 +150,11 @@
 #define _PATH_PRIVSEP_CHROOT_DIR        "/var/empty"
 #endif
 
+/* for passwd change */
+#ifndef _PATH_PASSWD_PROG
+#define _PATH_PASSWD_PROG             "/usr/bin/passwd"
+#endif
+
 #ifndef _PATH_LS
 #define _PATH_LS                        "ls"
 #endif
diff --git a/progressmeter.c b/progressmeter.c
index c315464ee..f42668526 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: progressmeter.c,v 1.15 2003/08/31 12:14:22 markus Exp $");
+RCSID("$OpenBSD: progressmeter.c,v 1.19 2004/02/05 15:33:33 markus Exp $");
 
 #include "progressmeter.h"
 #include "atomicio.h"
@@ -80,7 +80,7 @@ format_rate(char *buf, int size, off_t bytes)
                 bytes = (bytes + 512) / 1024;
         }
         snprintf(buf, size, "%3lld.%1lld%c%s",
-            (int64_t) bytes / 100,
+            (int64_t) (bytes + 5) / 100,
             (int64_t) (bytes + 5) / 10 % 10,
             unit[i],
             i ? "B" : " ");
@@ -107,7 +107,7 @@ refresh_progress_meter(void)
         off_t transferred;
         double elapsed;
         int percent;
-        int bytes_left;
+        off_t bytes_left;
         int cur_speed;
         int hours, minutes, seconds;
         int i, len;
@@ -120,14 +120,18 @@ refresh_progress_meter(void)
 
         if (bytes_left > 0)
                 elapsed = now - last_update;
-        else
+        else {
                 elapsed = now - start;
+                /* Calculate true total speed when done */
+                transferred = end_pos;
+                bytes_per_second = 0;
+        }
 
         /* calculate speed */
         if (elapsed != 0)
                 cur_speed = (transferred / elapsed);
         else
-                cur_speed = 0;
+                cur_speed = transferred;
 
 #define AGE_FACTOR 0.9
         if (bytes_per_second != 0) {
@@ -200,7 +204,7 @@ refresh_progress_meter(void)
                         strlcat(buf, "    ", win_size);
         }
 
-        atomicio(vwrite, STDOUT_FILENO, buf, win_size);
+        atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
         last_update = now;
 }
 
diff --git a/readconf.c b/readconf.c
index 0a1788ba0..3af3038bb 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -78,9 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
      RSAAuthentication yes
      RhostsRSAAuthentication yes
      StrictHostKeyChecking yes
-     KeepAlives no
-     ProtocolKeepAlives 0
-     SetupTimeOut 0
+     TcpKeepAlive no
      IdentityFile ~/.ssh/identity
      Port 22
      EscapeChar ~
@@ -91,14 +89,14 @@ RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
 
 typedef enum {
         oBadOption,
-        oForwardAgent, oForwardX11, oGatewayPorts,
+        oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
         oPasswordAuthentication, oRSAAuthentication,
         oChallengeResponseAuthentication, oXAuthLocation,
         oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
         oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
-        oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
+        oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
         oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
@@ -107,6 +105,7 @@ typedef enum {
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
         oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+        oServerAliveInterval, oServerAliveCountMax,
         oProtocolKeepAlives, oSetupTimeOut,
         oDeprecated, oUnsupported
 } OpCodes;
@@ -119,6 +118,7 @@ static struct {
 } keywords[] = {
         { "forwardagent", oForwardAgent },
         { "forwardx11", oForwardX11 },
+        { "forwardx11trusted", oForwardX11Trusted },
         { "xauthlocation", oXAuthLocation },
         { "gatewayports", oGatewayPorts },
         { "useprivilegedport", oUsePrivilegedPort },
@@ -171,7 +171,8 @@ static struct {
         { "stricthostkeychecking", oStrictHostKeyChecking },
         { "compression", oCompression },
         { "compressionlevel", oCompressionLevel },
-        { "keepalive", oKeepAlives },
+        { "tcpkeepalive", oTCPKeepAlive },
+        { "keepalive", oTCPKeepAlive },                         /* obsolete */
         { "numberofpasswordprompts", oNumberOfPasswordPrompts },
         { "loglevel", oLogLevel },
         { "dynamicforward", oDynamicForward },
@@ -185,15 +186,13 @@ static struct {
 #endif
         { "clearallforwardings", oClearAllForwardings },
         { "enablesshkeysign", oEnableSSHKeysign },
-#ifdef DNS
         { "verifyhostkeydns", oVerifyHostKeyDNS },
-#else
-        { "verifyhostkeydns", oUnsupported },
-#endif
         { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
         { "rekeylimit", oRekeyLimit },
         { "connecttimeout", oConnectTimeout },
         { "addressfamily", oAddressFamily },
+        { "serveraliveinterval", oServerAliveInterval },
+        { "serveralivecountmax", oServerAliveCountMax },
         { "protocolkeepalives", oProtocolKeepAlives },
         { "setuptimeout", oSetupTimeOut },
         { NULL, oBadOption }
@@ -314,7 +313,7 @@ process_config_line(Options *options, const char *host,
                 /* NOTREACHED */
         case oConnectTimeout:
                 intptr = &options->connection_timeout;
-/* parse_time: */
+parse_time:
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: missing time value.",
@@ -347,6 +346,10 @@ parse_flag:
                 intptr = &options->forward_x11;
                 goto parse_flag;
 
+        case oForwardX11Trusted:
+                intptr = &options->forward_x11_trusted;
+                goto parse_flag;
+
         case oGatewayPorts:
                 intptr = &options->gateway_ports;
                 goto parse_flag;
@@ -405,10 +408,11 @@ parse_flag:
 
         case oVerifyHostKeyDNS:
                 intptr = &options->verify_host_key_dns;
-                goto parse_flag;
+                goto parse_yesnoask;
 
         case oStrictHostKeyChecking:
                 intptr = &options->strict_host_key_checking;
+parse_yesnoask:
                 arg = strdelim(&s);
                 if (!arg || *arg == '\0')
                         fatal("%.200s line %d: Missing yes/no/ask argument.",
@@ -430,22 +434,14 @@ parse_flag:
                 intptr = &options->compression;
                 goto parse_flag;
 
-        case oKeepAlives:
-                intptr = &options->keepalives;
+        case oTCPKeepAlive:
+                intptr = &options->tcp_keep_alive;
                 goto parse_flag;
 
         case oNoHostAuthenticationForLocalhost:
                 intptr = &options->no_host_authentication_for_localhost;
                 goto parse_flag;
 
-        case oProtocolKeepAlives:
-                intptr = &options->protocolkeepalives;
-                goto parse_int;
-
-        case oSetupTimeOut:
-                intptr = &options->setuptimeout;
-                goto parse_int;
-
         case oNumberOfPasswordPrompts:
                 intptr = &options->number_of_password_prompts;
                 goto parse_int;
@@ -743,6 +739,19 @@ parse_int:
                 intptr = &options->enable_ssh_keysign;
                 goto parse_flag;
 
+        case oServerAliveInterval:
+        case oProtocolKeepAlives: /* Debian-specific compatibility alias */
+                intptr = &options->server_alive_interval;
+                goto parse_time;
+
+        case oServerAliveCountMax:
+                intptr = &options->server_alive_count_max;
+                goto parse_int;
+
+        case oSetupTimeOut:
+                intptr = &options->setuptimeout;
+                goto parse_int;
+
         case oDeprecated:
                 debug("%s line %d: Deprecated option \"%s\"",
                     filename, linenum, keyword);
@@ -819,6 +828,7 @@ initialize_options(Options * options)
         memset(options, 'X', sizeof(*options));
         options->forward_agent = -1;
         options->forward_x11 = -1;
+        options->forward_x11_trusted = -1;
         options->xauth_location = NULL;
         options->gateway_ports = -1;
         options->use_privileged_port = -1;
@@ -836,8 +846,7 @@ initialize_options(Options * options)
         options->check_host_ip = -1;
         options->strict_host_key_checking = -1;
         options->compression = -1;
-        options->keepalives = -1;
-        options->protocolkeepalives = -1;
+        options->tcp_keep_alive = -1;
         options->setuptimeout = -1;
         options->compression_level = -1;
         options->port = -1;
@@ -871,6 +880,8 @@ initialize_options(Options * options)
         options->no_host_authentication_for_localhost = - 1;
         options->rekey_limit = - 1;
         options->verify_host_key_dns = -1;
+        options->server_alive_interval = -1;
+        options->server_alive_count_max = -1;
 }
 
 /*
@@ -887,6 +898,8 @@ fill_default_options(Options * options)
                 options->forward_agent = 0;
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
+        if (options->forward_x11_trusted == -1)
+                options->forward_x11_trusted = 0;
         if (options->xauth_location == NULL)
                 options->xauth_location = _PATH_XAUTH;
         if (options->gateway_ports == -1)
@@ -900,7 +913,7 @@ fill_default_options(Options * options)
         if (options->challenge_response_authentication == -1)
                 options->challenge_response_authentication = 1;
         if (options->gss_authentication == -1)
-                options->gss_authentication = 1;
+                options->gss_authentication = 0;
         if (options->gss_deleg_creds == -1)
                 options->gss_deleg_creds = 0;
         if (options->password_authentication == -1)
@@ -919,16 +932,8 @@ fill_default_options(Options * options)
                 options->strict_host_key_checking = 2;  /* 2 is default */
         if (options->compression == -1)
                 options->compression = 0;
-        if (options->keepalives == -1)
-                options->keepalives = 1;
-        if (options->protocolkeepalives == -1){
-          if (options->batch_mode == 1) /*in batch mode, default is 5mins */
-                options->protocolkeepalives = 300;
-          else  options->protocolkeepalives = 0;}
-        if (options->setuptimeout == -1){
-          if (options->batch_mode == 1) /*in batch mode, default is 5mins */
-                options->setuptimeout = 300;
-          else  options->setuptimeout = 0;}
+        if (options->tcp_keep_alive == -1)
+                options->tcp_keep_alive = 1;
         if (options->compression_level == -1)
                 options->compression_level = 6;
         if (options->port == -1)
@@ -991,6 +996,22 @@ fill_default_options(Options * options)
                 options->rekey_limit = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
+        if (options->server_alive_interval == -1) {
+                /* in batch mode, default is 5mins */
+                if (options->batch_mode == 1)
+                        options->server_alive_interval = 300;
+                else
+                        options->server_alive_interval = 0;
+        }
+        if (options->server_alive_count_max == -1)
+                options->server_alive_count_max = 3;
+        if (options->setuptimeout == -1) {
+                /* in batch mode, default is 5mins */
+                if (options->batch_mode == 1)
+                        options->setuptimeout = 300;
+                else
+                        options->setuptimeout = 0;
+        }
         /* options->proxy_command should not be set by default */
         /* options->user will be set in the main program if appropriate */
         /* options->hostname will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index 56cbec539..8521f85ac 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: readconf.h,v 1.55 2003/09/01 18:15:50 markus Exp $    */
+/*      $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $    */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -30,6 +30,7 @@ typedef struct {
 typedef struct {
         int     forward_agent;  /* Forward authentication agent. */
         int     forward_x11;    /* Forward X11 display. */
+        int     forward_x11_trusted;    /* Trust Forward X11 display. */
         char   *xauth_location; /* Location for xauth program */
         int     gateway_ports;  /* Allow remote connects to forwarded ports. */
         int     use_privileged_port;    /* Don't use privileged port if false. */
@@ -52,8 +53,7 @@ typedef struct {
         int     compression;    /* Compress packets in both directions. */
         int     compression_level;      /* Compression level 1 (fast) to 9
                                          * (best). */
-        int     keepalives;     /* Set SO_KEEPALIVE. */
-        int     protocolkeepalives; /* ssh-level keepalives */
+        int     tcp_keep_alive; /* Set SO_KEEPALIVE. */
         int     setuptimeout; /* timeout in the protocol banner exchange */
         LogLevel log_level;     /* Level for logging. */
 
@@ -62,7 +62,7 @@ typedef struct {
         int     connection_attempts;    /* Max attempts (seconds) before
                                          * giving up */
         int     connection_timeout;     /* Max time (seconds) before
-                                         * aborting connection attempt */
+                                         * aborting connection attempt */
         int     number_of_password_prompts;     /* Max number of password
                                                  * prompts. */
         int     cipher;         /* Cipher to use. */
@@ -101,6 +101,8 @@ typedef struct {
         int     enable_ssh_keysign;
         int     rekey_limit;
         int     no_host_authentication_for_localhost;
+        int     server_alive_interval; 
+        int     server_alive_count_max;
 }       Options;
 
 
diff --git a/regress/Makefile b/regress/Makefile
index 623be8d82..76e28d36d 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.24 2003/07/03 08:24:13 markus Exp $
+#       $OpenBSD: Makefile,v 1.26 2003/10/11 11:49:49 dtucker Exp $
 
 REGRESS_TARGETS=        t1 t2 t3 t4 t5 t6 t7 t-exec
 tests:          $(REGRESS_TARGETS)
@@ -14,6 +14,7 @@ LTESTS= 	connect \
                 proto-mismatch \
                 exit-status \
                 transfer \
+                banner \
                 rekey \
                 stderr-data \
                 stderr-after-eof \
@@ -40,7 +41,7 @@ CLEANFILES=	t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
                 ssh_config ssh_proxy sshd_config sshd_proxy \
                 rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
                 rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
-                ls.copy remote_pid
+                ls.copy banner.in banner.out empty.in remote_pid
 
 #LTESTS +=      ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
 
diff --git a/regress/README.regress b/regress/README.regress
index 916894a88..b479c6c07 100644
--- a/regress/README.regress
+++ b/regress/README.regress
@@ -22,7 +22,7 @@ Environment variables.
 
 SUDO: path to sudo command, if desired. Note that some systems (notably
         systems using PAM) require sudo to execute some tests.
-TEST_SSH_TRACE: set yo "yes" for verbose output from tests 
+TEST_SSH_TRACE: set to "yes" for verbose output from tests 
 TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
 TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
         SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
@@ -82,5 +82,13 @@ Failed tests can be difficult to diagnose. Suggestions:
 
 Known Issues.
 
+- If you build with tcpwrappers and try to run the regression tests,
+  your hosts.allow must permit connections from localhost and from
+  "unknown".  This is because some tests are performed via the loopback
+  interface, while others are done with "sshd -i" as a ProxyCommand.  In
+  the latter case, when sshd calls getpeername() on the socket it will
+  fail (because it's not a tcp socket) and will be identified as
+  "unknown", which is then checked against tcpwrappers.
 
-$Id: README.regress,v 1.1 2003/09/04 05:39:54 dtucker Exp $
+
+$Id: README.regress,v 1.3 2004/01/28 01:26:14 dtucker Exp $
diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
index cd9c0023d..bd79d7cb8 100644
--- a/regress/agent-ptrace.sh
+++ b/regress/agent-ptrace.sh
@@ -5,7 +5,7 @@ tid="disallow agent ptrace attach"
 
 if have_prog uname ; then
         case `uname` in
-        Linux|HP-UX|SunOS|NetBSD|AIX|CYGWIN*)
+        AIX|CYGWIN*)
                 echo "skipped (not supported on this platform)"
                 exit 0
                 ;;
@@ -19,6 +19,15 @@ else
         exit 0
 fi
 
+if test -z "$SUDO" ; then
+        echo "skipped (SUDO not set)"
+        exit 0
+else
+        $SUDO chown 0 ${SSHAGENT}
+        $SUDO chgrp 0 ${SSHAGENT}
+        $SUDO chmod 2755 ${SSHAGENT}
+fi
+
 trace "start agent"
 eval `${SSHAGENT} -s` > /dev/null
 r=$?
@@ -32,7 +41,7 @@ EOF
         if [ $? -ne 0 ]; then
                 fail "gdb failed: exit code $?"
         fi
-        grep 'ptrace: Operation not permitted.' >/dev/null ${OBJ}/gdb.out
+        egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.' >/dev/null ${OBJ}/gdb.out
         r=$?
         rm -f ${OBJ}/gdb.out
         if [ $r -ne 0 ]; then
diff --git a/regress/banner.sh b/regress/banner.sh
new file mode 100644
index 000000000..0b9c95007
--- /dev/null
+++ b/regress/banner.sh
@@ -0,0 +1,44 @@
+#       $OpenBSD: banner.sh,v 1.2 2003/10/11 11:49:49 dtucker Exp $
+#       Placed in the Public Domain.
+
+tid="banner"
+echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy
+
+rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in
+touch $OBJ/empty.in
+
+trace "test missing banner file"
+verbose "test $tid: missing banner file"
+( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+        cmp $OBJ/empty.in $OBJ/banner.out ) || \
+        fail "missing banner file"
+
+for s in 0 10 100 1000 10000 100000 ; do
+        if [ "$s" = "0" ]; then
+                # create empty banner
+                touch $OBJ/banner.in
+        elif [ "$s" = "10" ]; then
+                # create 10-byte banner file
+                echo "abcdefghi" >$OBJ/banner.in
+        else
+                # increase size 10x
+                cp $OBJ/banner.in $OBJ/banner.out
+                for i in 0 1 2 3 4 5 6 7 8 ; do
+                        cat $OBJ/banner.out >> $OBJ/banner.in
+                done
+        fi
+
+        trace "test banner size $s"
+        verbose "test $tid: size $s"
+        ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+                cmp $OBJ/banner.in $OBJ/banner.out ) || \
+                fail "banner size $s mismatch"
+done
+
+trace "test suppress banner (-q)"
+verbose "test $tid: suppress banner (-q)"
+( ${SSH} -q -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+        cmp $OBJ/empty.in $OBJ/banner.out ) || \
+        fail "suppress banner (-q)"
+
+rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in
diff --git a/regress/sftp-badcmds.sh b/regress/sftp-badcmds.sh
index a6a19409d..eac189aaf 100644
--- a/regress/sftp-badcmds.sh
+++ b/regress/sftp-badcmds.sh
@@ -4,7 +4,7 @@
 tid="sftp invalid commands"
 
 DATA=/bin/ls${EXEEXT}
-DATA2=/bin/cat${EXEEXT}
+DATA2=/bin/sh${EXEEXT}
 NONEXIST=/NONEXIST.$$
 COPY=${OBJ}/copy
 GLOBFILES=`(cd /bin;echo l*)`
diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh
index f648eae80..365c47cfc 100644
--- a/regress/sftp-batch.sh
+++ b/regress/sftp-batch.sh
@@ -1,11 +1,11 @@
-#       $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+#     $OpenBSD: sftp-batch.sh,v 1.3 2004/01/13 09:49:06 djm Exp $
 #       Placed in the Public Domain.
 
 tid="sftp batchfile"
 
 DATA=/bin/ls${EXEEXT}
 COPY=${OBJ}/copy
-BATCH=${OBJ}/sftp-batch.tmp
+BATCH=${OBJ}/sftp.bb
 
 rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
 
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh
index 1256aeb2d..3669b19ff 100644
--- a/regress/sftp-cmds.sh
+++ b/regress/sftp-cmds.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: sftp-cmds.sh,v 1.5 2003/07/19 00:46:31 djm Exp $
+#       $OpenBSD: sftp-cmds.sh,v 1.6 2003/10/07 07:04:52 djm Exp $
 #       Placed in the Public Domain.
 
 # XXX - TODO: 
@@ -79,6 +79,20 @@ echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
         || fail "get failed"
 cmp $DATA ${COPY} || fail "corrupted copy after get"
 
+rm -f ${COPY}
+verbose "$tid: get quoted"
+echo "get \"$DATA\" $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+        || fail "get failed"
+cmp $DATA ${COPY} || fail "corrupted copy after get"
+
+rm -f ${QUOTECOPY}
+cp $DATA ${QUOTECOPY}
+verbose "$tid: get filename with quotes"
+echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+        || fail "put failed"
+cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes"
+rm -f ${QUOTECOPY} ${COPY}
+
 rm -f ${COPY}.dd/*
 verbose "$tid: get to directory"
 echo "get $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh
index 78ae6e9e1..c3715a242 100644
--- a/regress/ssh-com.sh
+++ b/regress/ssh-com.sh
@@ -1,4 +1,4 @@
-#       $OpenBSD: ssh-com.sh,v 1.5 2003/05/14 22:08:27 markus Exp $
+#       $OpenBSD: ssh-com.sh,v 1.6 2003/11/07 10:16:44 jmc Exp $
 #       Placed in the Public Domain.
 
 tid="connect to ssh.com server"
@@ -29,7 +29,7 @@ SRC=`dirname ${SCRIPT}`
 # ssh.com
 cat << EOF > $OBJ/sshd2_config
 #*:
-        # Port and ListenAdress are not used.
+        # Port and ListenAddress are not used.
         QuietMode                       yes
         Port                            4343
         ListenAddress                   127.0.0.1
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index cc7ea67fe..98851dc97 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -30,7 +30,7 @@ if [ ! -f $SCRIPT ]; then
         echo "not a file: $SCRIPT"
         exit 2
 fi
-if sh -n $SCRIPT; then
+if $TEST_SHELL -n $SCRIPT; then
         true
 else
         echo "syntax error in $SCRIPT"
@@ -185,7 +185,6 @@ Host *
         ChallengeResponseAuthentication no
         HostbasedAuthentication no
         PasswordAuthentication  no
-        RhostsAuthentication    no
         RhostsRSAAuthentication no
         BatchMode               yes
         StrictHostKeyChecking   yes
diff --git a/rijndael.c b/rijndael.c
index 6965ca3b0..1cd24de14 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */
+/*      $OpenBSD: rijndael.c,v 1.15 2003/11/21 11:57:03 djm Exp $ */
 
 /**
  * rijndael-alg-fst.c
@@ -725,7 +725,7 @@ static const u32 rcon[] = {
  * @return      the number of rounds for the given cipher key size.
  */
 static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) {
-        int i = 0;
+        int i = 0;
         u32 temp;
 
         rk[0] = GETU32(cipherKey     );
@@ -797,7 +797,7 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
                                 (Te4[(temp      ) & 0xff] & 0x000000ff);
                         rk[13] = rk[ 5] ^ rk[12];
                         rk[14] = rk[ 6] ^ rk[13];
-                        rk[15] = rk[ 7] ^ rk[14];
+                        rk[15] = rk[ 7] ^ rk[14];
                         rk += 8;
                 }
         }
@@ -871,50 +871,50 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
         s3 = GETU32(pt + 12) ^ rk[3];
 #ifdef FULL_UNROLL
     /* round 1: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
-        /* round 2: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+        /* round 2: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
     /* round 3: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
-        /* round 4: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+        /* round 4: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
     /* round 5: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
-        /* round 6: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+        /* round 6: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
     /* round 7: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
-        /* round 8: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+        /* round 8: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
     /* round 9: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
     if (Nr > 10) {
         /* round 10: */
         s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
@@ -1187,33 +1187,33 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
          * apply last round and
          * map cipher state to byte array block:
          */
-        s0 =
-                (Td4[(t0 >> 24)       ] & 0xff000000) ^
-                (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t1      ) & 0xff] & 0x000000ff) ^
-                rk[0];
+        s0 =
+                (Td4[(t0 >> 24)       ] & 0xff000000) ^
+                (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t1      ) & 0xff] & 0x000000ff) ^
+                rk[0];
         PUTU32(pt     , s0);
-        s1 =
-                (Td4[(t1 >> 24)       ] & 0xff000000) ^
-                (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t2      ) & 0xff] & 0x000000ff) ^
-                rk[1];
+        s1 =
+                (Td4[(t1 >> 24)       ] & 0xff000000) ^
+                (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t2      ) & 0xff] & 0x000000ff) ^
+                rk[1];
         PUTU32(pt +  4, s1);
-        s2 =
-                (Td4[(t2 >> 24)       ] & 0xff000000) ^
-                (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t3      ) & 0xff] & 0x000000ff) ^
-                rk[2];
+        s2 =
+                (Td4[(t2 >> 24)       ] & 0xff000000) ^
+                (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t3      ) & 0xff] & 0x000000ff) ^
+                rk[2];
         PUTU32(pt +  8, s2);
-        s3 =
-                (Td4[(t3 >> 24)       ] & 0xff000000) ^
-                (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t0      ) & 0xff] & 0x000000ff) ^
-                rk[3];
+        s3 =
+                (Td4[(t3 >> 24)       ] & 0xff000000) ^
+                (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+                (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+                (Td4[(t0      ) & 0xff] & 0x000000ff) ^
+                rk[3];
         PUTU32(pt + 12, s3);
 }
 
diff --git a/scard-opensc.c b/scard-opensc.c
index 2489fec45..a9b7ebc61 100644
--- a/scard-opensc.c
+++ b/scard-opensc.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2002 Juha Yrjölä.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -81,7 +81,7 @@ sc_close(void)
         }
 }
 
-static int 
+static int
 sc_init(void)
 {
         int r;
@@ -91,7 +91,7 @@ sc_init(void)
                 goto err;
         if (sc_reader_id >= ctx->reader_count) {
                 r = SC_ERROR_NO_READERS_FOUND;
-                error("Illegal reader number %d (max %d)", sc_reader_id, 
+                error("Illegal reader number %d (max %d)", sc_reader_id,
                     ctx->reader_count -1);
                 goto err;
         }
@@ -131,7 +131,7 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
                         goto err;
                 }
         }
-        r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, 
+        r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
                 usage, &key_obj);
         if (r) {
                 error("Unable to find private key from SmartCard: %s",
@@ -189,11 +189,11 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
         int r;
 
         if (padding != RSA_PKCS1_PADDING)
-                return -1;      
+                return -1;
         r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
         if (r)
                 return -1;
-        r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, 
+        r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
             from, flen, to, flen);
         sc_unlock(card);
         if (r < 0) {
@@ -223,7 +223,7 @@ sc_sign(int type, u_char *m, unsigned int m_len,
          * the key will be rejected as using a non-repudiation key
          * for authentication is not recommended. Note: This does not
          * prevent the use of a non-repudiation key for authentication
-         * if the sign or signrecover flag is set as well. 
+         * if the sign or signrecover flag is set as well.
          */
         r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
         if (r)
@@ -325,7 +325,7 @@ static void
 convert_rsa_to_rsa1(Key * in, Key * out)
 {
         struct sc_priv_data *priv;
-        
+
         out->rsa->flags = in->rsa->flags;
         out->flags = in->flags;
         RSA_set_method(out->rsa, RSA_get_method(in->rsa));
@@ -337,7 +337,7 @@ convert_rsa_to_rsa1(Key * in, Key * out)
         return;
 }
 
-static int 
+static int
 sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
 {
         int r;
@@ -349,7 +349,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
         EVP_PKEY *pubkey = NULL;
         u8 *p;
         char *tmp;
-        
+
         debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]);
         r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
         if (r) {
@@ -358,7 +358,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
         }
         x509 = X509_new();
         if (x509 == NULL) {
-                r = -1; 
+                r = -1;
                 goto err;
         }
         p = cert->data;
@@ -391,7 +391,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj)
         tmp = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
         debug("fingerprint %d %s", key_size(k), tmp);
         xfree(tmp);
-        
+
         return 0;
 err:
         if (cert)
diff --git a/scp.0 b/scp.0
index 2ebff48d0..d107ae7f7 100644
--- a/scp.0
+++ b/scp.0
@@ -1,12 +1,12 @@
-SCP(1)                    BSD General Commands Manual                   SCP(1)
+SCP(1)                     OpenBSD Reference Manual                     SCP(1)
 
 NAME
      scp - secure copy (remote file copy program)
 
 SYNOPSIS
-     scp [-pqrvBC1246] [-F ssh_config] [-S program] [-P port] [-c cipher]
-         [-i identity_file] [-l limit] [-o ssh_option] [[user@]host1:]file1
-         [...] [[user@]host2:]file2
+     scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
+         [-l limit] [-o ssh_option] [-P port] [-S program]
+         [[user@]host1:]file1 [...] [[user@]host2:]file2
 
 DESCRIPTION
      scp copies files between hosts on a network.  It uses ssh(1) for data
@@ -20,10 +20,28 @@ DESCRIPTION
 
      The options are as follows:
 
+     -1      Forces scp to use protocol 1.
+
+     -2      Forces scp to use protocol 2.
+
+     -4      Forces scp to use IPv4 addresses only.
+
+     -6      Forces scp to use IPv6 addresses only.
+
+     -B      Selects batch mode (prevents asking for passwords or passphras-
+             es).
+
+     -C      Compression enable.  Passes the -C flag to ssh(1) to enable com-
+             pression.
+
      -c cipher
              Selects the cipher to use for encrypting the data transfer.  This
              option is directly passed to ssh(1).
 
+     -F ssh_config
+             Specifies an alternative per-user configuration file for ssh.
+             This option is directly passed to ssh(1).
+
      -i identity_file
              Selects the file from which the identity (private key) for RSA
              authentication is read.  This option is directly passed to
@@ -32,49 +50,75 @@ DESCRIPTION
      -l limit
              Limits the used bandwidth, specified in Kbit/s.
 
-     -p      Preserves modification times, access times, and modes from the
-             original file.
-
-     -r      Recursively copy entire directories.
-
-     -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages
-             about their progress.  This is helpful in debugging connection,
-             authentication, and configuration problems.
-
-     -B      Selects batch mode (prevents asking for passwords or
-             passphrases).
-
-     -q      Disables the progress meter.
-
-     -C      Compression enable.  Passes the -C flag to ssh(1) to enable com-
-             pression.
-
-     -F ssh_config
-             Specifies an alternative per-user configuration file for ssh.
-             This option is directly passed to ssh(1).
+     -o ssh_option
+             Can be used to pass options to ssh in the format used in
+             ssh_config(5).  This is useful for specifying options for which
+             there is no separate scp command-line flag.  For full details of
+             the options listed below, and their possible values, see
+             ssh_config(5).
+
+                   AddressFamily
+                   BatchMode
+                   BindAddress
+                   ChallengeResponseAuthentication
+                   CheckHostIP
+                   Cipher
+                   Ciphers
+                   Compression
+                   CompressionLevel
+                   ConnectionAttempts
+                   ConnectionTimeout
+                   GlobalKnownHostsFile
+                   GSSAPIAuthentication
+                   GSSAPIDelegateCredentials
+                   Host
+                   HostbasedAuthentication
+                   HostKeyAlgorithms
+                   HostKeyAlias
+                   HostName
+                   IdentityFile
+                   LogLevel
+                   MACs
+                   NoHostAuthenticationForLocalhost
+                   NumberOfPasswordPrompts
+                   PasswordAuthentication
+                   Port
+                   PreferredAuthentications
+                   Protocol
+                   ProxyCommand
+                   PubkeyAuthentication
+                   RhostsRSAAuthentication
+                   RSAAuthentication
+                   ServerAliveInterval
+                   ServerAliveCountMax
+                   SmartcardDevice
+                   StrictHostKeyChecking
+                   TCPKeepAlive
+                   UsePrivilegedPort
+                   User
+                   UserKnownHostsFile
+                   VerifyHostKeyDNS
 
      -P port
              Specifies the port to connect to on the remote host.  Note that
-             this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already
+             this option is written with a capital `P', because -p is already
              reserved for preserving the times and modes of the file in
              rcp(1).
 
-     -S program
-             Name of program to use for the encrypted connection.  The program
-             must understand ssh(1) options.
-
-     -o ssh_option
-             Can be used to pass options to ssh in the format used in
-             ssh_config(5).  This is useful for specifying options for which
-             there is no separate scp command-line flag.
+     -p      Preserves modification times, access times, and modes from the
+             original file.
 
-     -1      Forces scp to use protocol 1.
+     -q      Disables the progress meter.
 
-     -2      Forces scp to use protocol 2.
+     -r      Recursively copy entire directories.
 
-     -4      Forces scp to use IPv4 addresses only.
+     -S program
+             Name of program to use for the encrypted connection.  The program
+             must understand ssh(1) options.
 
-     -6      Forces scp to use IPv6 addresses only.
+     -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages
+             about their progress.  This is helpful in debugging connection,
+             authentication, and configuration problems.
 
 DIAGNOSTICS
      scp exits with 0 on success or >0 if an error occurred.
@@ -88,7 +132,7 @@ HISTORY
      the University of California.
 
 AUTHORS
-     Timo Rinne M-bM-^LM-)tri@iki.fiM-bM-^LM-* and
-     Tatu Ylonen M-bM-^LM-)ylo@cs.hut.fiM-bM-^LM-*
+     Timo Rinne <tri@iki.fi>
+     Tatu Ylonen <ylo@cs.hut.fi>
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                             3
diff --git a/scp.1 b/scp.1
index a971500ee..f5ca1e45a 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.28 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -20,24 +20,24 @@
 .Sh SYNOPSIS
 .Nm scp
 .Bk -words
-.Op Fl pqrvBC1246
-.Op Fl F Ar ssh_config
-.Op Fl S Ar program
-.Op Fl P Ar port
+.Op Fl 1246BCpqrv
 .Op Fl c Ar cipher
+.Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
 .Op Fl l Ar limit
 .Op Fl o Ar ssh_option
+.Op Fl P Ar port
+.Op Fl S Ar program
 .Sm off
 .Oo
-.Op Ar user@
+.Op Ar user No @
 .Ar host1 No :
 .Oc Ns Ar file1
 .Sm on
 .Op Ar ...
 .Sm off
 .Oo
-.Op Ar user@
+.Op Ar user No @
 .Ar host2 No :
 .Oc Ar file2
 .Sm on
@@ -62,35 +62,24 @@ Copies between two remote hosts are permitted.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl c Ar cipher
-Selects the cipher to use for encrypting the data transfer.
-This option is directly passed to
-.Xr ssh 1 .
-.It Fl i Ar identity_file
-Selects the file from which the identity (private key) for RSA
-authentication is read.
-This option is directly passed to
-.Xr ssh 1 .
-.It Fl l Ar limit
-Limits the used bandwidth, specified in Kbit/s.
-.It Fl p
-Preserves modification times, access times, and modes from the
-original file.
-.It Fl r
-Recursively copy entire directories.
-.It Fl v
-Verbose mode.
-Causes
+.It Fl 1
+Forces
 .Nm
-and
-.Xr ssh 1
-to print debugging messages about their progress.
-This is helpful in
-debugging connection, authentication, and configuration problems.
+to use protocol 1.
+.It Fl 2
+Forces
+.Nm
+to use protocol 2.
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .It Fl B
 Selects batch mode (prevents asking for passwords or passphrases).
-.It Fl q
-Disables the progress meter.
 .It Fl C
 Compression enable.
 Passes the
@@ -98,12 +87,78 @@ Passes the
 flag to
 .Xr ssh 1
 to enable compression.
+.It Fl c Ar cipher
+Selects the cipher to use for encrypting the data transfer.
+This option is directly passed to
+.Xr ssh 1 .
 .It Fl F Ar ssh_config
 Specifies an alternative
 per-user configuration file for
 .Nm ssh .
 This option is directly passed to
 .Xr ssh 1 .
+.It Fl i Ar identity_file
+Selects the file from which the identity (private key) for RSA
+authentication is read.
+This option is directly passed to
+.Xr ssh 1 .
+.It Fl l Ar limit
+Limits the used bandwidth, specified in Kbit/s.
+.It Fl o Ar ssh_option
+Can be used to pass options to
+.Nm ssh
+in the format used in
+.Xr ssh_config 5 .
+This is useful for specifying options
+for which there is no separate
+.Nm scp
+command-line flag.
+For full details of the options listed below, and their possible values, see
+.Xr ssh_config 5 .
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It AddressFamily
+.It BatchMode
+.It BindAddress
+.It ChallengeResponseAuthentication
+.It CheckHostIP
+.It Cipher
+.It Ciphers
+.It Compression
+.It CompressionLevel
+.It ConnectionAttempts
+.It ConnectionTimeout
+.It GlobalKnownHostsFile
+.It GSSAPIAuthentication
+.It GSSAPIDelegateCredentials
+.It Host
+.It HostbasedAuthentication
+.It HostKeyAlgorithms
+.It HostKeyAlias
+.It HostName
+.It IdentityFile
+.It LogLevel
+.It MACs
+.It NoHostAuthenticationForLocalhost
+.It NumberOfPasswordPrompts
+.It PasswordAuthentication
+.It Port
+.It PreferredAuthentications
+.It Protocol
+.It ProxyCommand
+.It PubkeyAuthentication
+.It RhostsRSAAuthentication
+.It RSAAuthentication
+.It ServerAliveInterval
+.It ServerAliveCountMax
+.It SmartcardDevice
+.It StrictHostKeyChecking
+.It TCPKeepAlive
+.It UsePrivilegedPort
+.It User
+.It UserKnownHostsFile
+.It VerifyHostKeyDNS
+.El
 .It Fl P Ar port
 Specifies the port to connect to on the remote host.
 Note that this option is written with a capital
@@ -112,6 +167,13 @@ because
 .Fl p
 is already reserved for preserving the times and modes of the file in
 .Xr rcp 1 .
+.It Fl p
+Preserves modification times, access times, and modes from the
+original file.
+.It Fl q
+Disables the progress meter.
+.It Fl r
+Recursively copy entire directories.
 .It Fl S Ar program
 Name of
 .Ar program
@@ -119,31 +181,15 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
 options.
-.It Fl o Ar ssh_option
-Can be used to pass options to
-.Nm ssh
-in the format used in
-.Xr ssh_config 5 .
-This is useful for specifying options
-for which there is no separate
-.Nm scp
-command-line flag.
-.It Fl 1
-Forces
-.Nm
-to use protocol 1.
-.It Fl 2
-Forces
-.Nm
-to use protocol 2.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
+.It Fl v
+Verbose mode.
+Causes
 .Nm
-to use IPv6 addresses only.
+and
+.Xr ssh 1
+to print debugging messages about their progress.
+This is helpful in
+debugging connection, authentication, and configuration problems.
 .El
 .Sh DIAGNOSTICS
 .Nm
@@ -165,5 +211,4 @@ program in BSD source code from the Regents of the University of
 California.
 .Sh AUTHORS
 .An Timo Rinne Aq tri@iki.fi
-and
 .An Tatu Ylonen Aq ylo@cs.hut.fi
diff --git a/scp.c b/scp.c
index 4f9247c2d..1daa2ccf7 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.108 2003/07/18 01:54:25 deraadt Exp $");
+RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $");
 
 #include "xmalloc.h"
 #include "atomicio.h"
@@ -92,7 +92,7 @@ void bwlimit(int);
 arglist args;
 
 /* Bandwidth limit */
-off_t limitbw = 0;
+off_t limit_rate = 0;
 
 /* Name of current file being transferred. */
 char *curfile;
@@ -257,7 +257,7 @@ main(int argc, char **argv)
                         speed = strtod(optarg, &endp);
                         if (speed <= 0 || *endp != '\0')
                                 usage();
-                        limitbw = speed * 1024;
+                        limit_rate = speed * 1024;
                         break;
                 case 'p':
                         pflag = 1;
@@ -273,6 +273,7 @@ main(int argc, char **argv)
                         verbose_mode = 1;
                         break;
                 case 'q':
+                        addargs(&args, "-q");
                         showprogress = 0;
                         break;
 
@@ -426,7 +427,8 @@ toremote(char *targ, int argc, char **argv)
                         }
                         if (verbose_mode)
                                 fprintf(stderr, "Executing: %s\n", bp);
-                        (void) system(bp);
+                        if (system(bp) != 0)
+                                errs = 1;
                         (void) xfree(bp);
                 } else {        /* local to remote */
                         if (remin == -1) {
@@ -587,7 +589,7 @@ next:			(void) close(fd);
                                         haderr = result >= 0 ? EIO : errno;
                                 statbytes += result;
                         }
-                        if (limitbw)
+                        if (limit_rate)
                                 bwlimit(amt);
                 }
                 if (showprogress)
@@ -679,7 +681,7 @@ bwlimit(int amount)
                 return;
 
         lamt *= 8;
-        wait = (double)1000000L * lamt / limitbw;
+        wait = (double)1000000L * lamt / limit_rate;
 
         bwstart.tv_sec = wait / 1000000L;
         bwstart.tv_usec = wait % 1000000L;
@@ -905,8 +907,8 @@ bad:			run_err("%s: %s", np, strerror(errno));
                                 cp += j;
                                 statbytes += j;
                         } while (amt > 0);
-                
-                        if (limitbw)
+
+                        if (limit_rate)
                                 bwlimit(4096);
 
                         if (count == bp->cnt) {
@@ -1018,8 +1020,8 @@ void
 usage(void)
 {
         (void) fprintf(stderr,
-            "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n"
-            "           [-c cipher] [-i identity] [-l limit] [-o option]\n"
+            "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
+            "           [-l limit] [-o ssh_option] [-P port] [-S program]\n"
             "           [[user@]host1:]file1 [...] [[user@]host2:]file2\n");
         exit(1);
 }
diff --git a/servconf.c b/servconf.c
index 71e28b3cb..a72246b6c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $");
 
 #include "ssh.h"
 #include "log.h"
@@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options)
         options->x11_use_localhost = -1;
         options->xauth_location = NULL;
         options->strict_modes = -1;
-        options->keepalives = -1;
+        options->tcp_keep_alive = -1;
         options->log_facility = SYSLOG_FACILITY_NOT_SET;
         options->log_level = SYSLOG_LEVEL_NOT_SET;
         options->rhosts_rsa_authentication = -1;
@@ -72,6 +72,7 @@ initialize_server_options(ServerOptions *options)
         options->kerberos_authentication = -1;
         options->kerberos_or_local_passwd = -1;
         options->kerberos_ticket_cleanup = -1;
+        options->kerberos_get_afs_token = -1;
         options->gss_authentication=-1;
         options->gss_cleanup_creds = -1;
         options->password_authentication = -1;
@@ -110,7 +111,7 @@ fill_default_server_options(ServerOptions *options)
 {
         /* Portable-specific options */
         if (options->use_pam == -1)
-                options->use_pam = 1;
+                options->use_pam = 0;
 
         /* Standard Options */
         if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -159,8 +160,8 @@ fill_default_server_options(ServerOptions *options)
                 options->xauth_location = _PATH_XAUTH;
         if (options->strict_modes == -1)
                 options->strict_modes = 1;
-        if (options->keepalives == -1)
-                options->keepalives = 1;
+        if (options->tcp_keep_alive == -1)
+                options->tcp_keep_alive = 1;
         if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
                 options->log_facility = SYSLOG_FACILITY_AUTH;
         if (options->log_level == SYSLOG_LEVEL_NOT_SET)
@@ -181,6 +182,8 @@ fill_default_server_options(ServerOptions *options)
                 options->kerberos_or_local_passwd = 1;
         if (options->kerberos_ticket_cleanup == -1)
                 options->kerberos_ticket_cleanup = 1;
+        if (options->kerberos_get_afs_token == -1)
+                options->kerberos_get_afs_token = 0;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
         if (options->gss_cleanup_creds == -1)
@@ -250,11 +253,12 @@ typedef enum {
         sPermitRootLogin, sLogFacility, sLogLevel,
         sRhostsRSAAuthentication, sRSAAuthentication,
         sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+        sKerberosGetAFSToken,
         sKerberosTgtPassing, sChallengeResponseAuthentication,
         sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
         sPrintMotd, sPrintLastLog, sIgnoreRhosts,
         sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-        sStrictModes, sEmptyPasswd, sKeepAlives,
+        sStrictModes, sEmptyPasswd, sTCPKeepAlive,
         sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
         sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
         sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -301,19 +305,25 @@ static struct {
         { "kerberosauthentication", sKerberosAuthentication },
         { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
         { "kerberosticketcleanup", sKerberosTicketCleanup },
+#ifdef USE_AFS
+        { "kerberosgetafstoken", sKerberosGetAFSToken },
+#else
+        { "kerberosgetafstoken", sUnsupported },
+#endif
 #else
         { "kerberosauthentication", sUnsupported },
         { "kerberosorlocalpasswd", sUnsupported },
         { "kerberosticketcleanup", sUnsupported },
+        { "kerberosgetafstoken", sUnsupported },
 #endif
         { "kerberostgtpassing", sUnsupported },
         { "afstokenpassing", sUnsupported },
 #ifdef GSSAPI
         { "gssapiauthentication", sGssAuthentication },
-        { "gssapicleanupcreds", sGssCleanupCreds },
+        { "gssapicleanupcredentials", sGssCleanupCreds },
 #else
         { "gssapiauthentication", sUnsupported },
-        { "gssapicleanupcreds", sUnsupported },
+        { "gssapicleanupcredentials", sUnsupported },
 #endif
         { "passwordauthentication", sPasswordAuthentication },
         { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
@@ -334,7 +344,8 @@ static struct {
         { "permituserenvironment", sPermitUserEnvironment },
         { "uselogin", sUseLogin },
         { "compression", sCompression },
-        { "keepalive", sKeepAlives },
+        { "tcpkeepalive", sTCPKeepAlive },
+        { "keepalive", sTCPKeepAlive },                         /* obsolete alias */
         { "allowtcpforwarding", sAllowTcpForwarding },
         { "allowusers", sAllowUsers },
         { "denyusers", sDenyUsers },
@@ -629,6 +640,10 @@ parse_flag:
                 intptr = &options->kerberos_ticket_cleanup;
                 goto parse_flag;
 
+        case sKerberosGetAFSToken:
+                intptr = &options->kerberos_get_afs_token;
+                goto parse_flag;
+
         case sGssAuthentication:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
@@ -677,8 +692,8 @@ parse_flag:
                 intptr = &options->strict_modes;
                 goto parse_flag;
 
-        case sKeepAlives:
-                intptr = &options->keepalives;
+        case sTCPKeepAlive:
+                intptr = &options->tcp_keep_alive;
                 goto parse_flag;
 
         case sEmptyPasswd:
diff --git a/servconf.h b/servconf.h
index 828e94c5c..57c7e5fab 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $    */
+/*      $OpenBSD: servconf.h,v 1.67 2003/12/23 16:12:10 jakob Exp $     */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -58,7 +58,7 @@ typedef struct {
         int     x11_use_localhost;      /* If true, use localhost for fake X11 server. */
         char   *xauth_location; /* Location of xauth program */
         int     strict_modes;   /* If true, require string home dir modes. */
-        int     keepalives;     /* If true, set SO_KEEPALIVE. */
+        int     tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
         char   *ciphers;        /* Supported SSH2 ciphers. */
         char   *macs;           /* Supported SSH2 macs. */
         int     protocol;       /* Supported protocol versions. */
@@ -80,6 +80,8 @@ typedef struct {
                                                  * /etc/passwd */
         int     kerberos_ticket_cleanup;        /* If true, destroy ticket
                                                  * file on logout. */
+        int     kerberos_get_afs_token;         /* If true, try to get AFS token if
+                                                 * authenticated with Kerberos. */
         int     gss_authentication;     /* If true, permit GSSAPI authentication */
         int     gss_cleanup_creds;      /* If true, destroy cred cache on logout */
         int     password_authentication;        /* If true, permit password
diff --git a/serverloop.c b/serverloop.c
index 6dbb4fd12..c4e35a377 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.110 2003/06/24 08:23:46 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.115 2004/01/19 21:25:15 markus Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -60,7 +60,7 @@ extern ServerOptions options;
 
 /* XXX */
 extern Kex *xxx_kex;
-static Authctxt *xxx_authctxt;
+extern Authctxt *the_authctxt;
 
 static Buffer stdin_buffer;     /* Buffer for stdin data. */
 static Buffer stdout_buffer;    /* Buffer for stdout data. */
@@ -212,26 +212,23 @@ make_packets_from_stdout_data(void)
 static void
 client_alive_check(void)
 {
-        static int had_channel = 0;
-        int id;
-
-        id = channel_find_open();
-        if (id == -1) {
-                if (!had_channel)
-                        return;
-                packet_disconnect("No open channels after timeout!");
-        }
-        had_channel = 1;
+        int channel_id;
 
         /* timeout, check to see how many we have had */
         if (++client_alive_timeouts > options.client_alive_count_max)
                 packet_disconnect("Timeout, your session not responding.");
 
         /*
-         * send a bogus channel request with "wantreply",
+         * send a bogus global/channel request with "wantreply",
          * we should get back a failure
          */
-        channel_request_start(id, "keepalive@openssh.com", 1);
+        if ((channel_id = channel_find_open()) == -1) {
+                packet_start(SSH2_MSG_GLOBAL_REQUEST);
+                packet_put_cstring("keepalive@openssh.com");
+                packet_put_char(1);     /* boolean: want reply */
+        } else {
+                channel_request_start(channel_id, "keepalive@openssh.com", 1);
+        }
         packet_send();
 }
 
@@ -355,13 +352,13 @@ process_input(fd_set * readset)
                         connection_closed = 1;
                         if (compat20)
                                 return;
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 } else if (len < 0) {
                         if (errno != EINTR && errno != EAGAIN) {
                                 verbose("Read error from remote host "
                                     "%.100s: %.100s",
                                     get_remote_ipaddr(), strerror(errno));
-                                fatal_cleanup();
+                                cleanup_exit(255);
                         }
                 } else {
                         /* Buffer any received data. */
@@ -756,8 +753,6 @@ server_loop2(Authctxt *authctxt)
         max_fd = MAX(connection_in, connection_out);
         max_fd = MAX(max_fd, notify_pipe[0]);
 
-        xxx_authctxt = authctxt;
-
         server_init_dispatch();
 
         for (;;) {
@@ -799,9 +794,9 @@ server_loop2(Authctxt *authctxt)
 }
 
 static void
-server_input_channel_failure(int type, u_int32_t seq, void *ctxt)
+server_input_keep_alive(int type, u_int32_t seq, void *ctxt)
 {
-        debug("Got CHANNEL_FAILURE for keepalive");
+        debug("Got %d/%u for keepalive", type, seq);
         /*
          * reset timeout, since we got a sane answer from the client.
          * even if this was generated by something other than
@@ -810,7 +805,6 @@ server_input_channel_failure(int type, u_int32_t seq, void *ctxt)
         client_alive_timeouts = 0;
 }
 
-
 static void
 server_input_stdin_data(int type, u_int32_t seq, void *ctxt)
 {
@@ -856,7 +850,7 @@ server_input_window_size(int type, u_int32_t seq, void *ctxt)
 }
 
 static Channel *
-server_request_direct_tcpip(char *ctype)
+server_request_direct_tcpip(void)
 {
         Channel *c;
         int sock;
@@ -878,14 +872,14 @@ server_request_direct_tcpip(char *ctype)
         xfree(originator);
         if (sock < 0)
                 return NULL;
-        c = channel_new(ctype, SSH_CHANNEL_CONNECTING,
+        c = channel_new("direct-tcpip", SSH_CHANNEL_CONNECTING,
             sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
             CHAN_TCP_PACKET_DEFAULT, 0, "direct-tcpip", 1);
         return c;
 }
 
 static Channel *
-server_request_session(char *ctype)
+server_request_session(void)
 {
         Channel *c;
 
@@ -897,10 +891,10 @@ server_request_session(char *ctype)
          * SSH_CHANNEL_LARVAL.  Additionally, a callback for handling all
          * CHANNEL_REQUEST messages is registered.
          */
-        c = channel_new(ctype, SSH_CHANNEL_LARVAL,
+        c = channel_new("session", SSH_CHANNEL_LARVAL,
             -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
             0, "server-session", 1);
-        if (session_open(xxx_authctxt, c->self) != 1) {
+        if (session_open(the_authctxt, c->self) != 1) {
                 debug("session open failed, free channel %d", c->self);
                 channel_free(c);
                 return NULL;
@@ -926,9 +920,9 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
             ctype, rchan, rwindow, rmaxpack);
 
         if (strcmp(ctype, "session") == 0) {
-                c = server_request_session(ctype);
+                c = server_request_session();
         } else if (strcmp(ctype, "direct-tcpip") == 0) {
-                c = server_request_direct_tcpip(ctype);
+                c = server_request_direct_tcpip();
         }
         if (c != NULL) {
                 debug("server_input_channel_open: confirm %s", ctype);
@@ -974,9 +968,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
                 char *listen_address;
                 u_short listen_port;
 
-                pw = auth_get_user();
-                if (pw == NULL)
-                        fatal("server_input_global_request: no user");
+                pw = the_authctxt->pw;
+                if (pw == NULL || !the_authctxt->valid)
+                        fatal("server_input_global_request: no/invalid user");
                 listen_address = packet_get_string(NULL);
                 listen_port = (u_short)packet_get_int();
                 debug("server_input_global_request: tcpip-forward listen %s port %d",
@@ -1050,7 +1044,9 @@ server_init_dispatch_20(void)
         dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
         dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
         /* client_alive */
-        dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_channel_failure);
+        dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
+        dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
+        dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
         /* rekeying */
         dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
 }
diff --git a/session.c b/session.c
index 4497f5c0b..af2e71992 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.172 2004/01/30 09:48:57 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -58,6 +58,10 @@ RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $");
 #include "session.h"
 #include "monitor_wrap.h"
 
+#if defined(KRB5) && defined(USE_AFS)
+#include <kafs.h>
+#endif
+
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
@@ -66,7 +70,7 @@ RCSID("$OpenBSD: session.c,v 1.163 2003/08/31 13:29:05 markus Exp $");
 
 Session *session_new(void);
 void    session_set_fds(Session *, int, int, int);
-void    session_pty_cleanup(void *);
+void    session_pty_cleanup(Session *);
 void    session_proctitle(Session *);
 int     session_setup_x11fwd(Session *);
 void    do_exec_pty(Session *, const char *);
@@ -106,6 +110,8 @@ Session	sessions[MAX_SESSIONS];
 login_cap_t *lc;
 #endif
 
+static int is_child = 0;
+
 /* Name and directory of socket for authentication agent forwarding. */
 static char *auth_sock_name = NULL;
 static char *auth_sock_dir = NULL;
@@ -113,10 +119,8 @@ static char *auth_sock_dir = NULL;
 /* removes the agent forwarding socket */
 
 static void
-auth_sock_cleanup_proc(void *_pw)
+auth_sock_cleanup_proc(struct passwd *pw)
 {
-        struct passwd *pw = _pw;
-
         if (auth_sock_name != NULL) {
                 temporarily_use_uid(pw);
                 unlink(auth_sock_name);
@@ -144,7 +148,7 @@ auth_input_request_forwarding(struct passwd * pw)
         /* Allocate a buffer for the socket name, and format the name. */
         auth_sock_name = xmalloc(MAXPATHLEN);
         auth_sock_dir = xmalloc(MAXPATHLEN);
-        strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
+        strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
 
         /* Create private directory for socket */
         if (mkdtemp(auth_sock_dir) == NULL) {
@@ -160,9 +164,6 @@ auth_input_request_forwarding(struct passwd * pw)
         snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld",
                  auth_sock_dir, (long) getpid());
 
-        /* delete agent socket on fatal() */
-        fatal_add_cleanup(auth_sock_cleanup_proc, pw);
-
         /* Create the socket. */
         sock = socket(AF_UNIX, SOCK_STREAM, 0);
         if (sock < 0)
@@ -180,7 +181,7 @@ auth_input_request_forwarding(struct passwd * pw)
         restore_uid();
 
         /* Start listening on the socket. */
-        if (listen(sock, 5) < 0)
+        if (listen(sock, SSH_LISTEN_BACKLOG) < 0)
                 packet_disconnect("listen: %.100s", strerror(errno));
 
         /* Allocate a channel for the authentication agent socket. */
@@ -192,6 +193,15 @@ auth_input_request_forwarding(struct passwd * pw)
         return 1;
 }
 
+static void
+display_loginmsg(void)
+{
+        if (buffer_len(&loginmsg) > 0) {
+                buffer_append(&loginmsg, "\0", 1);
+                printf("%s\n", (char *)buffer_ptr(&loginmsg));
+                buffer_clear(&loginmsg);
+        }
+}
 
 void
 do_authenticated(Authctxt *authctxt)
@@ -207,7 +217,6 @@ do_authenticated(Authctxt *authctxt)
                 close(startup_pipe);
                 startup_pipe = -1;
         }
-
         /* setup the channel layer */
         if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
                 channel_permit_all_opens();
@@ -217,13 +226,7 @@ do_authenticated(Authctxt *authctxt)
         else
                 do_authenticated1(authctxt);
 
-        /* remove agent socket */
-        if (auth_sock_name != NULL)
-                auth_sock_cleanup_proc(authctxt->pw);
-#ifdef KRB5
-        if (options.kerberos_ticket_cleanup)
-                krb5_cleanup_proc(authctxt);
-#endif
+        do_cleanup(authctxt);
 }
 
 /*
@@ -395,17 +398,13 @@ do_exec_no_pty(Session *s, const char *command)
         session_proctitle(s);
 
 #if defined(USE_PAM)
-        if (options.use_pam) {
+        if (options.use_pam && !use_privsep)
                 do_pam_setcred(1);
-                if (is_pam_password_change_required())
-                        packet_disconnect("Password change required but no "
-                            "TTY available");
-        }
 #endif /* USE_PAM */
 
         /* Fork the child. */
         if ((pid = fork()) == 0) {
-                fatal_remove_all_cleanups();
+                is_child = 1;
 
                 /* Child.  Reinitialize the log since the pid has changed. */
                 log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -525,13 +524,14 @@ do_exec_pty(Session *s, const char *command)
 #if defined(USE_PAM)
         if (options.use_pam) {
                 do_pam_set_tty(s->tty);
-                do_pam_setcred(1);
+                if (!use_privsep)
+                        do_pam_setcred(1);
         }
 #endif
 
         /* Fork the child. */
         if ((pid = fork()) == 0) {
-                fatal_remove_all_cleanups();
+                is_child = 1;
 
                 /* Child.  Reinitialize the log because the pid has changed. */
                 log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -627,7 +627,7 @@ do_pre_login(Session *s)
                 if (getpeername(packet_get_connection_in(),
                     (struct sockaddr *) & from, &fromlen) < 0) {
                         debug("getpeername: %.100s", strerror(errno));
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 }
         }
 
@@ -687,7 +687,7 @@ do_login(Session *s, const char *command)
                 if (getpeername(packet_get_connection_in(),
                     (struct sockaddr *) & from, &fromlen) < 0) {
                         debug("getpeername: %.100s", strerror(errno));
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 }
         }
 
@@ -703,9 +703,10 @@ do_login(Session *s, const char *command)
          * If password change is needed, do it now.
          * This needs to occur before the ~/.hushlogin check.
          */
-        if (options.use_pam && is_pam_password_change_required()) {
-                print_pam_messages();
+        if (options.use_pam && !use_privsep && s->authctxt->force_pwchange) {
+                display_loginmsg();
                 do_pam_chauthtok();
+                s->authctxt->force_pwchange = 0;
                 /* XXX - signal [net] parent to enable forwardings */
         }
 #endif
@@ -713,17 +714,7 @@ do_login(Session *s, const char *command)
         if (check_quietlogin(s, command))
                 return;
 
-#ifdef USE_PAM
-        if (options.use_pam && !is_pam_password_change_required())
-                print_pam_messages();
-#endif /* USE_PAM */
-
-        /* display post-login message */
-        if (buffer_len(&loginmsg) > 0) {
-                buffer_append(&loginmsg, "\0", 1);
-                printf("%s\n", (char *)buffer_ptr(&loginmsg));
-        }
-        buffer_free(&loginmsg);
+        display_loginmsg();
 
 #ifndef NO_SSH_LASTLOG
         if (options.print_lastlog && s->last_login_time != 0) {
@@ -798,8 +789,9 @@ void
 child_set_env(char ***envp, u_int *envsizep, const char *name,
         const char *value)
 {
-        u_int i, namelen;
         char **env;
+        u_int envsize;
+        u_int i, namelen;
 
         /*
          * If we're passed an uninitialized list, allocate a single null
@@ -826,12 +818,13 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
                 xfree(env[i]);
         } else {
                 /* New variable.  Expand if necessary. */
-                if (i >= (*envsizep) - 1) {
-                        if (*envsizep >= 1000)
-                                fatal("child_set_env: too many env vars,"
-                                    " skipping: %.100s", name);
-                        (*envsizep) += 50;
-                        env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
+                envsize = *envsizep;
+                if (i >= envsize - 1) {
+                        if (envsize >= 1000)
+                                fatal("child_set_env: too many env vars");
+                        envsize += 50;
+                        env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+                        *envsizep = envsize;
                 }
                 /* Need to set the NULL pointer at end of array beyond the new slot. */
                 env[i + 1] = NULL;
@@ -912,9 +905,8 @@ static void
 read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
 {
         char **tmpenv = NULL, *var;
-        u_int i;
-        size_t tmpenvsize = 0;
-        mode_t mask;
+        u_int i, tmpenvsize = 0;
+        u_long mask;
 
         /*
          * We don't want to copy the whole file to the child's environment,
@@ -923,17 +915,20 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
          */
         read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
 
+        if (tmpenv == NULL)
+                return;
+
         if (uid == 0)
                 var = child_get_env(tmpenv, "SUPATH");
         else
                 var = child_get_env(tmpenv, "PATH");
         if (var != NULL)
                 child_set_env(env, envsize, "PATH", var);
-        
+
         if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
                 if (sscanf(var, "%5lo", &mask) == 1)
-                        umask(mask);
-        
+                        umask((mode_t)mask);
+
         for (i = 0; tmpenv[i] != NULL; i++)
                 xfree(tmpenv[i]);
         xfree(tmpenv);
@@ -958,7 +953,7 @@ void copy_environment(char **source, char ***env, u_int *envsize)
 
                 debug3("Copy environment: %s=%s", var_name, var_val);
                 child_set_env(env, envsize, var_name, var_val);
-                
+
                 xfree(var_name);
         }
 }
@@ -985,7 +980,7 @@ do_setup_env(Session *s, const char *shell)
 #endif
 
 #ifdef GSSAPI
-        /* Allow any GSSAPI methods that we've used to alter 
+        /* Allow any GSSAPI methods that we've used to alter
          * the childs environment as they see fit
          */
         ssh_gssapi_do_child(&env, &envsize);
@@ -1017,7 +1012,7 @@ do_setup_env(Session *s, const char *shell)
                 path = child_get_env(env, "PATH");
 #  endif /* HAVE_ETC_DEFAULT_LOGIN */
                 if (path == NULL || *path == '\0') {
-                        child_set_env(&env, &envsize, "PATH", 
+                        child_set_env(&env, &envsize, "PATH",
                             s->pw->pw_uid == 0 ?
                                 SUPERUSER_PATH : _PATH_STDPATH);
                 }
@@ -1100,8 +1095,13 @@ do_setup_env(Session *s, const char *shell)
          * been set by PAM.
          */
         if (options.use_pam) {
-                char **p = fetch_pam_environment();
+                char **p;
+
+                p = fetch_pam_child_environment();
+                copy_environment(p, &env, &envsize);
+                free_pam_environment(p);
 
+                p = fetch_pam_environment();
                 copy_environment(p, &env, &envsize);
                 free_pam_environment(p);
         }
@@ -1174,7 +1174,7 @@ do_rc_files(Session *s, const char *shell)
                 if (debug_flag) {
                         fprintf(stderr,
                             "Running %.500s remove %.100s\n",
-                            options.xauth_location, s->auth_display);
+                            options.xauth_location, s->auth_display);
                         fprintf(stderr,
                             "%.500s add %.100s %.100s %.100s\n",
                             options.xauth_location, s->auth_display,
@@ -1240,6 +1240,12 @@ do_setusercontext(struct passwd *pw)
 # ifdef __bsdi__
                 setpgid(0, 0);
 # endif
+# ifdef USE_PAM
+                if (options.use_pam) {
+                        do_pam_session();
+                        do_pam_setcred(0);
+                }
+# endif /* USE_PAM */
                 if (setusercontext(lc, pw, pw->pw_uid,
                     (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
                         perror("unable to set user context");
@@ -1266,7 +1272,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
 # ifdef USE_PAM
                 /*
-                 * PAM credentials may take the form of supplementary groups. 
+                 * PAM credentials may take the form of supplementary groups.
                  * These will have been wiped by the above initgroups() call.
                  * Reestablish them here.
                  */
@@ -1294,6 +1300,22 @@ do_setusercontext(struct passwd *pw)
 }
 
 static void
+do_pwchange(Session *s)
+{
+        fprintf(stderr, "WARNING: Your password has expired.\n");
+        if (s->ttyfd != -1) {
+                fprintf(stderr,
+                    "You must change your password now and login again!\n");
+                execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL);
+                perror("passwd");
+        } else {
+                fprintf(stderr,
+                    "Password change required but no TTY available.\n");
+        }
+        exit(1);
+}
+
+static void
 launch_login(struct passwd *pw, const char *hostname)
 {
         /* Launch login(1). */
@@ -1314,6 +1336,40 @@ launch_login(struct passwd *pw, const char *hostname)
         exit(1);
 }
 
+static void
+child_close_fds(void)
+{
+        int i;
+
+        if (packet_get_connection_in() == packet_get_connection_out())
+                close(packet_get_connection_in());
+        else {
+                close(packet_get_connection_in());
+                close(packet_get_connection_out());
+        }
+        /*
+         * Close all descriptors related to channels.  They will still remain
+         * open in the parent.
+         */
+        /* XXX better use close-on-exec? -markus */
+        channel_close_all();
+
+        /*
+         * Close any extra file descriptors.  Note that there may still be
+         * descriptors left by system functions.  They will be closed later.
+         */
+        endpwent();
+
+        /*
+         * Close any extra open file descriptors so that we don\'t have them
+         * hanging around in clients.  Note that we want to do this after
+         * initgroups, because at least on Solaris 2.3 it leaves file
+         * descriptors open.
+         */
+        for (i = 3; i < 64; i++)
+                close(i);
+}
+
 /*
  * Performs common processing for the child, such as setting up the
  * environment, closing extra file descriptors, setting the user and group
@@ -1327,11 +1383,18 @@ do_child(Session *s, const char *command)
         char *argv[10];
         const char *shell, *shell0, *hostname = NULL;
         struct passwd *pw = s->pw;
-        u_int i;
 
         /* remove hostkey from the child's memory */
         destroy_sensitive_data();
 
+        /* Force a password change */
+        if (s->authctxt->force_pwchange) {
+                do_setusercontext(pw);
+                child_close_fds();
+                do_pwchange(s);
+                exit(1);
+        }
+
         /* login(1) is only called if we execute the login shell */
         if (options.use_login && command != NULL)
                 options.use_login = 0;
@@ -1382,39 +1445,39 @@ do_child(Session *s, const char *command)
          * closed before building the environment, as we call
          * get_remote_ipaddr there.
          */
-        if (packet_get_connection_in() == packet_get_connection_out())
-                close(packet_get_connection_in());
-        else {
-                close(packet_get_connection_in());
-                close(packet_get_connection_out());
-        }
-        /*
-         * Close all descriptors related to channels.  They will still remain
-         * open in the parent.
-         */
-        /* XXX better use close-on-exec? -markus */
-        channel_close_all();
+        child_close_fds();
 
         /*
-         * Close any extra file descriptors.  Note that there may still be
-         * descriptors left by system functions.  They will be closed later.
+         * Must take new environment into use so that .ssh/rc,
+         * /etc/ssh/sshrc and xauth are run in the proper environment.
          */
-        endpwent();
+        environ = env;
 
+#if defined(KRB5) && defined(USE_AFS)
         /*
-         * Close any extra open file descriptors so that we don\'t have them
-         * hanging around in clients.  Note that we want to do this after
-         * initgroups, because at least on Solaris 2.3 it leaves file
-         * descriptors open.
+         * At this point, we check to see if AFS is active and if we have
+         * a valid Kerberos 5 TGT. If so, it seems like a good idea to see
+         * if we can (and need to) extend the ticket into an AFS token. If
+         * we don't do this, we run into potential problems if the user's
+         * home directory is in AFS and it's not world-readable.
          */
-        for (i = 3; i < 64; i++)
-                close(i);
 
-        /*
-         * Must take new environment into use so that .ssh/rc,
-         * /etc/ssh/sshrc and xauth are run in the proper environment.
-         */
-        environ = env;
+        if (options.kerberos_get_afs_token && k_hasafs() &&
+             (s->authctxt->krb5_ctx != NULL)) {
+                char cell[64];
+
+                debug("Getting AFS token");
+
+                k_setpag();
+
+                if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
+                        krb5_afslog(s->authctxt->krb5_ctx,
+                            s->authctxt->krb5_fwd_ccache, cell, NULL);
+
+                krb5_afslog_home(s->authctxt->krb5_ctx,
+                    s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir);
+        }
+#endif
 
         /* Change current directory to the user\'s home directory. */
         if (chdir(pw->pw_dir) < 0) {
@@ -1537,7 +1600,7 @@ session_open(Authctxt *authctxt, int chanid)
         }
         s->authctxt = authctxt;
         s->pw = authctxt->pw;
-        if (s->pw == NULL)
+        if (s->pw == NULL || !authctxt->valid)
                 fatal("no user for session %d", s->self);
         debug("session_open: session %d: link with channel %d", s->self, chanid);
         s->chanid = chanid;
@@ -1659,11 +1722,6 @@ session_pty_req(Session *s)
                 n_bytes = packet_remaining();
         tty_parse_modes(s->ttyfd, &n_bytes);
 
-        /*
-         * Add a cleanup function to clear the utmp entry and record logout
-         * time in case we call fatal() (e.g., the connection gets closed).
-         */
-        fatal_add_cleanup(session_pty_cleanup, (void *)s);
         if (!use_privsep)
                 pty_setowner(s->pw, s->tty);
 
@@ -1845,10 +1903,8 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
  * (e.g., due to a dropped connection).
  */
 void
-session_pty_cleanup2(void *session)
+session_pty_cleanup2(Session *s)
 {
-        Session *s = session;
-
         if (s == NULL) {
                 error("session_pty_cleanup: no session");
                 return;
@@ -1879,9 +1935,9 @@ session_pty_cleanup2(void *session)
 }
 
 void
-session_pty_cleanup(void *session)
+session_pty_cleanup(Session *s)
 {
-        PRIVSEP(session_pty_cleanup2(session));
+        PRIVSEP(session_pty_cleanup2(s));
 }
 
 static char *
@@ -1954,10 +2010,8 @@ void
 session_close(Session *s)
 {
         debug("session_close: session %d pid %ld", s->self, (long)s->pid);
-        if (s->ttyfd != -1) {
-                fatal_remove_cleanup(session_pty_cleanup, (void *)s);
+        if (s->ttyfd != -1)
                 session_pty_cleanup(s);
-        }
         if (s->term)
                 xfree(s->term);
         if (s->display)
@@ -2006,10 +2060,8 @@ session_close_by_channel(int id, void *arg)
                  * delay detach of session, but release pty, since
                  * the fd's to the child are already closed
                  */
-                if (s->ttyfd != -1) {
-                        fatal_remove_cleanup(session_pty_cleanup, (void *)s);
+                if (s->ttyfd != -1)
                         session_pty_cleanup(s);
-                }
                 return;
         }
         /* detach by removing callback */
@@ -2044,13 +2096,13 @@ session_tty_list(void)
         for (i = 0; i < MAX_SESSIONS; i++) {
                 Session *s = &sessions[i];
                 if (s->used && s->ttyfd != -1) {
-                        
+
                         if (strncmp(s->tty, "/dev/", 5) != 0) {
                                 cp = strrchr(s->tty, '/');
                                 cp = (cp == NULL) ? s->tty : cp + 1;
                         } else
                                 cp = s->tty + 5;
-                        
+
                         if (buf[0] != '\0')
                                 strlcat(buf, ",", sizeof buf);
                         strlcat(buf, cp, sizeof buf);
@@ -2150,8 +2202,51 @@ static void
 do_authenticated2(Authctxt *authctxt)
 {
         server_loop2(authctxt);
-#if defined(GSSAPI)
-        if (options.gss_cleanup_creds)
-                ssh_gssapi_cleanup_creds(NULL);
+}
+
+void
+do_cleanup(Authctxt *authctxt)
+{
+        static int called = 0;
+
+        debug("do_cleanup");
+
+        /* no cleanup if we're in the child for login shell */
+        if (is_child)
+                return;
+
+        /* avoid double cleanup */
+        if (called)
+                return;
+        called = 1;
+
+        if (authctxt == NULL)
+                return;
+#ifdef KRB5
+        if (options.kerberos_ticket_cleanup &&
+            authctxt->krb5_ctx)
+                krb5_cleanup_proc(authctxt);
+#endif
+
+#ifdef GSSAPI
+        if (compat20 && options.gss_cleanup_creds)
+                ssh_gssapi_cleanup_creds();
 #endif
+
+#ifdef USE_PAM
+        if (options.use_pam) {
+                sshpam_cleanup();
+                sshpam_thread_cleanup();
+        }
+#endif
+
+        /* remove agent socket */
+        auth_sock_cleanup_proc(authctxt->pw);
+
+        /*
+         * Cleanup ptys/utmp only if privsep is disabled,
+         * or if running in monitor.
+         */
+        if (!use_privsep || mm_is_monitor())
+                session_destroy_all(session_pty_cleanup2);
 }
diff --git a/session.h b/session.h
index 525e47f64..405b8fe8a 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: session.h,v 1.20 2003/08/22 10:56:09 markus Exp $     */
+/*      $OpenBSD: session.h,v 1.21 2003/09/23 20:17:11 markus Exp $     */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -56,13 +56,14 @@ struct Session {
 };
 
 void     do_authenticated(Authctxt *);
+void     do_cleanup(Authctxt *);
 
 int      session_open(Authctxt *, int);
 int      session_input_channel_req(Channel *, const char *);
 void     session_close_by_pid(pid_t, int);
 void     session_close_by_channel(int, void *);
 void     session_destroy_all(void (*)(Session *));
-void     session_pty_cleanup2(void *);
+void     session_pty_cleanup2(Session *);
 
 Session *session_new(void);
 Session *session_by_tty(char *);
diff --git a/sftp-client.c b/sftp-client.c
index ffff0fe5a..81c5dd497 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,25 +1,17 @@
 /*
- * Copyright (c) 2001-2003 Damien Miller.  All rights reserved.
+ * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 /* XXX: memleaks */
@@ -28,7 +20,7 @@
 /* XXX: copy between two remote sites */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.46 2004/02/17 05:39:51 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -798,7 +790,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
                 return(-1);
         }
 
-        local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, 
+        local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
             mode | S_IWRITE);
         if (local_fd == -1) {
                 error("Couldn't open local file \"%s\" for writing: %s",
@@ -946,7 +938,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
                 /* Override umask and utimes if asked */
 #ifdef HAVE_FCHMOD
                 if (pflag && fchmod(local_fd, mode) == -1)
-#else 
+#else
                 if (pflag && chmod(local_path, mode) == -1)
 #endif /* HAVE_FCHMOD */
                         error("Couldn't set mode on \"%s\": %s", local_path,
diff --git a/sftp-client.h b/sftp-client.h
index 98e08ffa7..a0e8e44b3 100644
--- a/sftp-client.h
+++ b/sftp-client.h
@@ -1,27 +1,19 @@
-/* $OpenBSD: sftp-client.h,v 1.11 2002/09/11 22:41:50 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.12 2004/02/17 05:39:51 djm Exp $ */
 
 /*
- * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
+ * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 /* Client side of SSH2 filexfer protocol */
diff --git a/sftp-common.c b/sftp-common.c
index 5313b134d..4cea3c305 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.9 2003/05/24 09:30:40 djm Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.10 2003/11/10 16:23:41 jakob Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -49,7 +49,7 @@ attrib_clear(Attrib *a)
 
 /* Convert from struct stat to filexfer attribs */
 void
-stat_to_attrib(struct stat *st, Attrib *a)
+stat_to_attrib(const struct stat *st, Attrib *a)
 {
         attrib_clear(a);
         a->flags = 0;
@@ -67,7 +67,7 @@ stat_to_attrib(struct stat *st, Attrib *a)
 
 /* Convert from filexfer attribs to struct stat */
 void
-attrib_to_stat(Attrib *a, struct stat *st)
+attrib_to_stat(const Attrib *a, struct stat *st)
 {
         memset(st, 0, sizeof(*st));
 
@@ -124,7 +124,7 @@ decode_attrib(Buffer *b)
 
 /* Encode attributes to buffer */
 void
-encode_attrib(Buffer *b, Attrib *a)
+encode_attrib(Buffer *b, const Attrib *a)
 {
         buffer_put_int(b, a->flags);
         if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
@@ -174,7 +174,7 @@ fx2txt(int status)
  * drwxr-xr-x    5 markus   markus       1024 Jan 13 18:39 .ssh
  */
 char *
-ls_file(char *name, struct stat *st, int remote)
+ls_file(const char *name, const struct stat *st, int remote)
 {
         int ulen, glen, sz = 0;
         struct passwd *pw;
diff --git a/sftp-common.h b/sftp-common.h
index 201611cc4..b42ba9140 100644
--- a/sftp-common.h
+++ b/sftp-common.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $     */
+/*      $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $   */
 
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -39,10 +39,10 @@ struct Attrib {
 };
 
 void     attrib_clear(Attrib *);
-void     stat_to_attrib(struct stat *, Attrib *);
-void     attrib_to_stat(Attrib *, struct stat *);
+void     stat_to_attrib(const struct stat *, Attrib *);
+void     attrib_to_stat(const Attrib *, struct stat *);
 Attrib  *decode_attrib(Buffer *);
-void     encode_attrib(Buffer *, Attrib *);
-char    *ls_file(char *, struct stat *, int);
+void     encode_attrib(Buffer *, const Attrib *);
+char    *ls_file(const char *, const struct stat *, int);
 
 const char *fx2txt(int);
diff --git a/sftp-glob.c b/sftp-glob.c
index ee122a2cd..16c5e206a 100644
--- a/sftp-glob.c
+++ b/sftp-glob.c
@@ -1,29 +1,21 @@
 /*
- * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
+ * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-glob.c,v 1.13 2002/09/11 22:41:50 djm Exp $");
+RCSID("$OpenBSD: sftp-glob.c,v 1.15 2004/02/17 07:17:29 djm Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -33,7 +25,9 @@ RCSID("$OpenBSD: sftp-glob.c,v 1.13 2002/09/11 22:41:50 djm Exp $");
 #include "sftp.h"
 #include "sftp-common.h"
 #include "sftp-client.h"
-#include "sftp-glob.h"
+
+int remote_glob(struct sftp_conn *, const char *, int,
+    int (*)(const char *, int), glob_t *);
 
 struct SFTP_OPENDIR {
         SFTP_DIRENT **dir;
@@ -70,7 +64,7 @@ fudge_readdir(struct SFTP_OPENDIR *od)
 #ifdef __GNU_LIBRARY__
         static int inum = 1;
 #endif /* __GNU_LIBRARY__ */
-        
+
         if (od->dir[od->offset] == NULL)
                 return(NULL);
 
@@ -89,7 +83,7 @@ fudge_readdir(struct SFTP_OPENDIR *od)
 #ifdef __GNU_LIBRARY__
         /*
          * Idiot glibc uses extensions to struct dirent for readdir with
-         * ALTDIRFUNCs. Not that this is documented anywhere but the 
+         * ALTDIRFUNCs. Not that this is documented anywhere but the
          * source... Fake an inode number to appease it.
          */
         ret->d_ino = inum++;
diff --git a/sftp-glob.h b/sftp-glob.h
deleted file mode 100644
index f879e8719..000000000
--- a/sftp-glob.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/* $OpenBSD: sftp-glob.h,v 1.8 2002/09/11 22:41:50 djm Exp $ */
-
-/*
- * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Remote sftp filename globbing */
-
-#ifndef _SFTP_GLOB_H
-#define _SFTP_GLOB_H
-
-#include "sftp-client.h"
-
-int remote_glob(struct sftp_conn *, const char *, int,
-    int (*)(const char *, int), glob_t *);
-
-#endif
diff --git a/sftp-int.c b/sftp-int.c
deleted file mode 100644
index 94299aa43..000000000
--- a/sftp-int.c
+++ /dev/null
@@ -1,1190 +0,0 @@
-/*
- * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* XXX: recursive operations */
-
-#include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.62 2003/08/25 08:13:09 fgsch Exp $");
-
-#include "buffer.h"
-#include "xmalloc.h"
-#include "log.h"
-#include "pathnames.h"
-
-#include "sftp.h"
-#include "sftp-common.h"
-#include "sftp-glob.h"
-#include "sftp-client.h"
-#include "sftp-int.h"
-
-/* File to read commands from */
-extern FILE *infile;
-
-/* Size of buffer used when copying files */
-extern size_t copy_buffer_len;
-
-/* Number of concurrent outstanding requests */
-extern int num_requests;
-
-/* This is set to 0 if the progressmeter is not desired. */
-int showprogress = 1;
-
-/* Seperators for interactive commands */
-#define WHITESPACE " \t\r\n"
-
-/* Define what type of ls view (0 - multi-column) */
-#define LONG_VIEW 1             /* Full view ala ls -l */
-#define SHORT_VIEW 2            /* Single row view ala ls -1 */
-
-/* Commands for interactive mode */
-#define I_CHDIR         1
-#define I_CHGRP         2
-#define I_CHMOD         3
-#define I_CHOWN         4
-#define I_GET           5
-#define I_HELP          6
-#define I_LCHDIR        7
-#define I_LLS           8
-#define I_LMKDIR        9
-#define I_LPWD          10
-#define I_LS            11
-#define I_LUMASK        12
-#define I_MKDIR         13
-#define I_PUT           14
-#define I_PWD           15
-#define I_QUIT          16
-#define I_RENAME        17
-#define I_RM            18
-#define I_RMDIR         19
-#define I_SHELL         20
-#define I_SYMLINK       21
-#define I_VERSION       22
-#define I_PROGRESS      23
-
-struct CMD {
-        const char *c;
-        const int n;
-};
-
-static const struct CMD cmds[] = {
-        { "bye",        I_QUIT },
-        { "cd",         I_CHDIR },
-        { "chdir",      I_CHDIR },
-        { "chgrp",      I_CHGRP },
-        { "chmod",      I_CHMOD },
-        { "chown",      I_CHOWN },
-        { "dir",        I_LS },
-        { "exit",       I_QUIT },
-        { "get",        I_GET },
-        { "mget",       I_GET },
-        { "help",       I_HELP },
-        { "lcd",        I_LCHDIR },
-        { "lchdir",     I_LCHDIR },
-        { "lls",        I_LLS },
-        { "lmkdir",     I_LMKDIR },
-        { "ln",         I_SYMLINK },
-        { "lpwd",       I_LPWD },
-        { "ls",         I_LS },
-        { "lumask",     I_LUMASK },
-        { "mkdir",      I_MKDIR },
-        { "progress",   I_PROGRESS },
-        { "put",        I_PUT },
-        { "mput",       I_PUT },
-        { "pwd",        I_PWD },
-        { "quit",       I_QUIT },
-        { "rename",     I_RENAME },
-        { "rm",         I_RM },
-        { "rmdir",      I_RMDIR },
-        { "symlink",    I_SYMLINK },
-        { "version",    I_VERSION },
-        { "!",          I_SHELL },
-        { "?",          I_HELP },
-        { NULL,                 -1}
-};
-
-static void
-help(void)
-{
-        printf("Available commands:\n");
-        printf("cd path                       Change remote directory to 'path'\n");
-        printf("lcd path                      Change local directory to 'path'\n");
-        printf("chgrp grp path                Change group of file 'path' to 'grp'\n");
-        printf("chmod mode path               Change permissions of file 'path' to 'mode'\n");
-        printf("chown own path                Change owner of file 'path' to 'own'\n");
-        printf("help                          Display this help text\n");
-        printf("get remote-path [local-path]  Download file\n");
-        printf("lls [ls-options [path]]       Display local directory listing\n");
-        printf("ln oldpath newpath            Symlink remote file\n");
-        printf("lmkdir path                   Create local directory\n");
-        printf("lpwd                          Print local working directory\n");
-        printf("ls [path]                     Display remote directory listing\n");
-        printf("lumask umask                  Set local umask to 'umask'\n");
-        printf("mkdir path                    Create remote directory\n");
-        printf("progress                      Toggle display of progress meter\n");
-        printf("put local-path [remote-path]  Upload file\n");
-        printf("pwd                           Display remote working directory\n");
-        printf("exit                          Quit sftp\n");
-        printf("quit                          Quit sftp\n");
-        printf("rename oldpath newpath        Rename remote file\n");
-        printf("rmdir path                    Remove remote directory\n");
-        printf("rm path                       Delete remote file\n");
-        printf("symlink oldpath newpath       Symlink remote file\n");
-        printf("version                       Show SFTP version\n");
-        printf("!command                      Execute 'command' in local shell\n");
-        printf("!                             Escape to local shell\n");
-        printf("?                             Synonym for help\n");
-}
-
-static void
-local_do_shell(const char *args)
-{
-        int status;
-        char *shell;
-        pid_t pid;
-
-        if (!*args)
-                args = NULL;
-
-        if ((shell = getenv("SHELL")) == NULL)
-                shell = _PATH_BSHELL;
-
-        if ((pid = fork()) == -1)
-                fatal("Couldn't fork: %s", strerror(errno));
-
-        if (pid == 0) {
-                /* XXX: child has pipe fds to ssh subproc open - issue? */
-                if (args) {
-                        debug3("Executing %s -c \"%s\"", shell, args);
-                        execl(shell, shell, "-c", args, (char *)NULL);
-                } else {
-                        debug3("Executing %s", shell);
-                        execl(shell, shell, (char *)NULL);
-                }
-                fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
-                    strerror(errno));
-                _exit(1);
-        }
-        while (waitpid(pid, &status, 0) == -1)
-                if (errno != EINTR)
-                        fatal("Couldn't wait for child: %s", strerror(errno));
-        if (!WIFEXITED(status))
-                error("Shell exited abormally");
-        else if (WEXITSTATUS(status))
-                error("Shell exited with status %d", WEXITSTATUS(status));
-}
-
-static void
-local_do_ls(const char *args)
-{
-        if (!args || !*args)
-                local_do_shell(_PATH_LS);
-        else {
-                int len = strlen(_PATH_LS " ") + strlen(args) + 1;
-                char *buf = xmalloc(len);
-
-                /* XXX: quoting - rip quoting code from ftp? */
-                snprintf(buf, len, _PATH_LS " %s", args);
-                local_do_shell(buf);
-                xfree(buf);
-        }
-}
-
-/* Strip one path (usually the pwd) from the start of another */
-static char *
-path_strip(char *path, char *strip)
-{
-        size_t len;
-
-        if (strip == NULL)
-                return (xstrdup(path));
-
-        len = strlen(strip);
-        if (strip != NULL && strncmp(path, strip, len) == 0) {
-                if (strip[len - 1] != '/' && path[len] == '/')
-                        len++;
-                return (xstrdup(path + len));
-        }
-
-        return (xstrdup(path));
-}
-
-static char *
-path_append(char *p1, char *p2)
-{
-        char *ret;
-        int len = strlen(p1) + strlen(p2) + 2;
-
-        ret = xmalloc(len);
-        strlcpy(ret, p1, len);
-        if (p1[strlen(p1) - 1] != '/')
-                strlcat(ret, "/", len);
-        strlcat(ret, p2, len);
-
-        return(ret);
-}
-
-static char *
-make_absolute(char *p, char *pwd)
-{
-        char *abs;
-
-        /* Derelativise */
-        if (p && p[0] != '/') {
-                abs = path_append(pwd, p);
-                xfree(p);
-                return(abs);
-        } else
-                return(p);
-}
-
-static int
-infer_path(const char *p, char **ifp)
-{
-        char *cp;
-
-        cp = strrchr(p, '/');
-        if (cp == NULL) {
-                *ifp = xstrdup(p);
-                return(0);
-        }
-
-        if (!cp[1]) {
-                error("Invalid path");
-                return(-1);
-        }
-
-        *ifp = xstrdup(cp + 1);
-        return(0);
-}
-
-static int
-parse_getput_flags(const char **cpp, int *pflag)
-{
-        const char *cp = *cpp;
-
-        /* Check for flags */
-        if (cp[0] == '-' && cp[1] && strchr(WHITESPACE, cp[2])) {
-                switch (cp[1]) {
-                case 'p':
-                case 'P':
-                        *pflag = 1;
-                        break;
-                default:
-                        error("Invalid flag -%c", cp[1]);
-                        return(-1);
-                }
-                cp += 2;
-                *cpp = cp + strspn(cp, WHITESPACE);
-        }
-
-        return(0);
-}
-
-static int
-parse_ls_flags(const char **cpp, int *lflag)
-{
-        const char *cp = *cpp;
-
-        /* Check for flags */
-        if (cp++[0] == '-') {
-                for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
-                        switch (*cp) {
-                        case 'l':
-                                *lflag = LONG_VIEW;
-                                break;
-                        case '1':
-                                *lflag = SHORT_VIEW;
-                                break;
-                        default:
-                                error("Invalid flag -%c", *cp);
-                                return(-1);
-                        }
-                }
-                *cpp = cp + strspn(cp, WHITESPACE);
-        }
-
-        return(0);
-}
-
-static int
-get_pathname(const char **cpp, char **path)
-{
-        const char *cp = *cpp, *end;
-        char quot;
-        int i, j;
-
-        cp += strspn(cp, WHITESPACE);
-        if (!*cp) {
-                *cpp = cp;
-                *path = NULL;
-                return (0);
-        }
-
-        *path = xmalloc(strlen(cp) + 1);
-
-        /* Check for quoted filenames */
-        if (*cp == '\"' || *cp == '\'') {
-                quot = *cp++;
-
-                /* Search for terminating quote, unescape some chars */
-                for (i = j = 0; i <= strlen(cp); i++) {
-                        if (cp[i] == quot) {    /* Found quote */
-                                (*path)[j] = '\0';
-                                break;
-                        }
-                        if (cp[i] == '\0') {    /* End of string */
-                                error("Unterminated quote");
-                                goto fail;
-                        }
-                        if (cp[i] == '\\') {    /* Escaped characters */
-                                i++;
-                                if (cp[i] != '\'' && cp[i] != '\"' && 
-                                    cp[i] != '\\') {
-                                        error("Bad escaped character '\%c'",
-                                            cp[i]);
-                                        goto fail;
-                                }
-                        }
-                        (*path)[j++] = cp[i];
-                }
-
-                if (j == 0) {
-                        error("Empty quotes");
-                        goto fail;
-                }
-                *cpp = cp + i + strspn(cp + i, WHITESPACE);
-        } else {
-                /* Read to end of filename */
-                end = strpbrk(cp, WHITESPACE);
-                if (end == NULL)
-                        end = strchr(cp, '\0');
-                *cpp = end + strspn(end, WHITESPACE);
-
-                memcpy(*path, cp, end - cp);
-                (*path)[end - cp] = '\0';
-        }
-        return (0);
-
- fail:
-        xfree(*path);
-        *path = NULL;   
-        return (-1);
-}
-
-static int
-is_dir(char *path)
-{
-        struct stat sb;
-
-        /* XXX: report errors? */
-        if (stat(path, &sb) == -1)
-                return(0);
-
-        return(sb.st_mode & S_IFDIR);
-}
-
-static int
-is_reg(char *path)
-{
-        struct stat sb;
-
-        if (stat(path, &sb) == -1)
-                fatal("stat %s: %s", path, strerror(errno));
-
-        return(S_ISREG(sb.st_mode));
-}
-
-static int
-remote_is_dir(struct sftp_conn *conn, char *path)
-{
-        Attrib *a;
-
-        /* XXX: report errors? */
-        if ((a = do_stat(conn, path, 1)) == NULL)
-                return(0);
-        if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
-                return(0);
-        return(a->perm & S_IFDIR);
-}
-
-static int
-process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
-{
-        char *abs_src = NULL;
-        char *abs_dst = NULL;
-        char *tmp;
-        glob_t g;
-        int err = 0;
-        int i;
-
-        abs_src = xstrdup(src);
-        abs_src = make_absolute(abs_src, pwd);
-
-        memset(&g, 0, sizeof(g));
-        debug3("Looking up %s", abs_src);
-        if (remote_glob(conn, abs_src, 0, NULL, &g)) {
-                error("File \"%s\" not found.", abs_src);
-                err = -1;
-                goto out;
-        }
-
-        /* If multiple matches, dst must be a directory or unspecified */
-        if (g.gl_matchc > 1 && dst && !is_dir(dst)) {
-                error("Multiple files match, but \"%s\" is not a directory",
-                    dst);
-                err = -1;
-                goto out;
-        }
-
-        for (i = 0; g.gl_pathv[i]; i++) {
-                if (infer_path(g.gl_pathv[i], &tmp)) {
-                        err = -1;
-                        goto out;
-                }
-
-                if (g.gl_matchc == 1 && dst) {
-                        /* If directory specified, append filename */
-                        if (is_dir(dst)) {
-                                if (infer_path(g.gl_pathv[0], &tmp)) {
-                                        err = 1;
-                                        goto out;
-                                }
-                                abs_dst = path_append(dst, tmp);
-                                xfree(tmp);
-                        } else
-                                abs_dst = xstrdup(dst);
-                } else if (dst) {
-                        abs_dst = path_append(dst, tmp);
-                        xfree(tmp);
-                } else
-                        abs_dst = tmp;
-
-                printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
-                if (do_download(conn, g.gl_pathv[i], abs_dst, pflag) == -1)
-                        err = -1;
-                xfree(abs_dst);
-                abs_dst = NULL;
-        }
-
-out:
-        xfree(abs_src);
-        if (abs_dst)
-                xfree(abs_dst);
-        globfree(&g);
-        return(err);
-}
-
-static int
-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
-{
-        char *tmp_dst = NULL;
-        char *abs_dst = NULL;
-        char *tmp;
-        glob_t g;
-        int err = 0;
-        int i;
-
-        if (dst) {
-                tmp_dst = xstrdup(dst);
-                tmp_dst = make_absolute(tmp_dst, pwd);
-        }
-
-        memset(&g, 0, sizeof(g));
-        debug3("Looking up %s", src);
-        if (glob(src, 0, NULL, &g)) {
-                error("File \"%s\" not found.", src);
-                err = -1;
-                goto out;
-        }
-
-        /* If multiple matches, dst may be directory or unspecified */
-        if (g.gl_matchc > 1 && tmp_dst && !remote_is_dir(conn, tmp_dst)) {
-                error("Multiple files match, but \"%s\" is not a directory",
-                    tmp_dst);
-                err = -1;
-                goto out;
-        }
-
-        for (i = 0; g.gl_pathv[i]; i++) {
-                if (!is_reg(g.gl_pathv[i])) {
-                        error("skipping non-regular file %s", 
-                            g.gl_pathv[i]);
-                        continue;
-                }
-                if (infer_path(g.gl_pathv[i], &tmp)) {
-                        err = -1;
-                        goto out;
-                }
-
-                if (g.gl_matchc == 1 && tmp_dst) {
-                        /* If directory specified, append filename */
-                        if (remote_is_dir(conn, tmp_dst)) {
-                                if (infer_path(g.gl_pathv[0], &tmp)) {
-                                        err = 1;
-                                        goto out;
-                                }
-                                abs_dst = path_append(tmp_dst, tmp);
-                                xfree(tmp);
-                        } else
-                                abs_dst = xstrdup(tmp_dst);
-
-                } else if (tmp_dst) {
-                        abs_dst = path_append(tmp_dst, tmp);
-                        xfree(tmp);
-                } else
-                        abs_dst = make_absolute(tmp, pwd);
-
-                printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
-                if (do_upload(conn, g.gl_pathv[i], abs_dst, pflag) == -1)
-                        err = -1;
-        }
-
-out:
-        if (abs_dst)
-                xfree(abs_dst);
-        if (tmp_dst)
-                xfree(tmp_dst);
-        globfree(&g);
-        return(err);
-}
-
-static int
-sdirent_comp(const void *aa, const void *bb)
-{
-        SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
-        SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
-
-        return (strcmp(a->filename, b->filename));
-}
-
-/* sftp ls.1 replacement for directories */
-static int
-do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
-{
-        int n, c = 1, colspace = 0, columns = 1;
-        SFTP_DIRENT **d;
-
-        if ((n = do_readdir(conn, path, &d)) != 0)
-                return (n);
-
-        if (!(lflag & SHORT_VIEW)) {
-                int m = 0, width = 80;
-                struct winsize ws;
-
-                /* Count entries for sort and find longest filename */
-                for (n = 0; d[n] != NULL; n++)
-                        m = MAX(m, strlen(d[n]->filename));
-
-                if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) 
-                        width = ws.ws_col;
-
-                columns = width / (m + 2);
-                columns = MAX(columns, 1);
-                colspace = width / columns;
-        }
-
-        qsort(d, n, sizeof(*d), sdirent_comp);
-
-        for (n = 0; d[n] != NULL; n++) {
-                char *tmp, *fname;
-
-                tmp = path_append(path, d[n]->filename);
-                fname = path_strip(tmp, strip_path);
-                xfree(tmp);
-
-                if (lflag & LONG_VIEW) {
-                        char *lname;
-                        struct stat sb;
-
-                        memset(&sb, 0, sizeof(sb));
-                        attrib_to_stat(&d[n]->a, &sb);
-                        lname = ls_file(fname, &sb, 1);
-                        printf("%s\n", lname);
-                        xfree(lname);
-                } else {
-                        printf("%-*s", colspace, fname);
-                        if (c >= columns) {
-                                printf("\n");
-                                c = 1;
-                        } else
-                                c++;
-                }
-
-                xfree(fname);
-        }
-
-        if (!(lflag & LONG_VIEW) && (c != 1))
-                printf("\n");
-
-        free_sftp_dirents(d);
-        return (0);
-}
-
-/* sftp ls.1 replacement which handles path globs */
-static int
-do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
-    int lflag)
-{
-        glob_t g;
-        int i, c = 1, colspace = 0, columns = 1;
-        Attrib *a;
-
-        memset(&g, 0, sizeof(g));
-
-        if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
-            NULL, &g)) {
-                error("Can't ls: \"%s\" not found", path);
-                return (-1);
-        }
-
-        /*
-         * If the glob returns a single match, which is the same as the
-         * input glob, and it is a directory, then just list its contents
-         */
-        if (g.gl_pathc == 1 &&
-            strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
-                if ((a = do_lstat(conn, path, 1)) == NULL) {
-                        globfree(&g);
-                        return (-1);
-                }
-                if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
-                    S_ISDIR(a->perm)) {
-                        globfree(&g);
-                        return (do_ls_dir(conn, path, strip_path, lflag));
-                }
-        }
-
-        if (!(lflag & SHORT_VIEW)) {
-                int m = 0, width = 80;
-                struct winsize ws;      
-
-                /* Count entries for sort and find longest filename */
-                for (i = 0; g.gl_pathv[i]; i++)
-                        m = MAX(m, strlen(g.gl_pathv[i]));
-
-                if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
-                        width = ws.ws_col;
-
-                columns = width / (m + 2);
-                columns = MAX(columns, 1);
-                colspace = width / columns;
-        }
-
-        for (i = 0; g.gl_pathv[i]; i++) {
-                char *fname;
-
-                fname = path_strip(g.gl_pathv[i], strip_path);
-
-                if (lflag & LONG_VIEW) {
-                        char *lname;
-                        struct stat sb;
-
-                        /*
-                         * XXX: this is slow - 1 roundtrip per path
-                         * A solution to this is to fork glob() and
-                         * build a sftp specific version which keeps the
-                         * attribs (which currently get thrown away)
-                         * that the server returns as well as the filenames.
-                         */
-                        memset(&sb, 0, sizeof(sb));
-                        a = do_lstat(conn, g.gl_pathv[i], 1);
-                        if (a != NULL)
-                                attrib_to_stat(a, &sb);
-                        lname = ls_file(fname, &sb, 1);
-                        printf("%s\n", lname);
-                        xfree(lname);
-                } else {
-                        printf("%-*s", colspace, fname);
-                        if (c >= columns) {
-                                printf("\n");
-                                c = 1;
-                        } else
-                                c++;
-                }
-                xfree(fname);
-        }
-
-        if (!(lflag & LONG_VIEW) && (c != 1))
-                printf("\n");
-
-        if (g.gl_pathc)
-                globfree(&g);
-
-        return (0);
-}
-
-static int
-parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
-    unsigned long *n_arg, char **path1, char **path2)
-{
-        const char *cmd, *cp = *cpp;
-        char *cp2;
-        int base = 0;
-        long l;
-        int i, cmdnum;
-
-        /* Skip leading whitespace */
-        cp = cp + strspn(cp, WHITESPACE);
-
-        /* Ignore blank lines and lines which begin with comment '#' char */
-        if (*cp == '\0' || *cp == '#')
-                return (0);
-
-        /* Check for leading '-' (disable error processing) */
-        *iflag = 0;
-        if (*cp == '-') {
-                *iflag = 1;
-                cp++;
-        }
-                
-        /* Figure out which command we have */
-        for (i = 0; cmds[i].c; i++) {
-                int cmdlen = strlen(cmds[i].c);
-
-                /* Check for command followed by whitespace */
-                if (!strncasecmp(cp, cmds[i].c, cmdlen) &&
-                    strchr(WHITESPACE, cp[cmdlen])) {
-                        cp += cmdlen;
-                        cp = cp + strspn(cp, WHITESPACE);
-                        break;
-                }
-        }
-        cmdnum = cmds[i].n;
-        cmd = cmds[i].c;
-
-        /* Special case */
-        if (*cp == '!') {
-                cp++;
-                cmdnum = I_SHELL;
-        } else if (cmdnum == -1) {
-                error("Invalid command.");
-                return (-1);
-        }
-
-        /* Get arguments and parse flags */
-        *lflag = *pflag = *n_arg = 0;
-        *path1 = *path2 = NULL;
-        switch (cmdnum) {
-        case I_GET:
-        case I_PUT:
-                if (parse_getput_flags(&cp, pflag))
-                        return(-1);
-                /* Get first pathname (mandatory) */
-                if (get_pathname(&cp, path1))
-                        return(-1);
-                if (*path1 == NULL) {
-                        error("You must specify at least one path after a "
-                            "%s command.", cmd);
-                        return(-1);
-                }
-                /* Try to get second pathname (optional) */
-                if (get_pathname(&cp, path2))
-                        return(-1);
-                break;
-        case I_RENAME:
-        case I_SYMLINK:
-                if (get_pathname(&cp, path1))
-                        return(-1);
-                if (get_pathname(&cp, path2))
-                        return(-1);
-                if (!*path1 || !*path2) {
-                        error("You must specify two paths after a %s "
-                            "command.", cmd);
-                        return(-1);
-                }
-                break;
-        case I_RM:
-        case I_MKDIR:
-        case I_RMDIR:
-        case I_CHDIR:
-        case I_LCHDIR:
-        case I_LMKDIR:
-                /* Get pathname (mandatory) */
-                if (get_pathname(&cp, path1))
-                        return(-1);
-                if (*path1 == NULL) {
-                        error("You must specify a path after a %s command.",
-                            cmd);
-                        return(-1);
-                }
-                break;
-        case I_LS:
-                if (parse_ls_flags(&cp, lflag))
-                        return(-1);
-                /* Path is optional */
-                if (get_pathname(&cp, path1))
-                        return(-1);
-                break;
-        case I_LLS:
-        case I_SHELL:
-                /* Uses the rest of the line */
-                break;
-        case I_LUMASK:
-                base = 8;
-        case I_CHMOD:
-                base = 8;
-        case I_CHOWN:
-        case I_CHGRP:
-                /* Get numeric arg (mandatory) */
-                l = strtol(cp, &cp2, base);
-                if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) &&
-                    errno == ERANGE) || l < 0) {
-                        error("You must supply a numeric argument "
-                            "to the %s command.", cmd);
-                        return(-1);
-                }
-                cp = cp2;
-                *n_arg = l;
-                if (cmdnum == I_LUMASK && strchr(WHITESPACE, *cp))
-                        break;
-                if (cmdnum == I_LUMASK || !strchr(WHITESPACE, *cp)) {
-                        error("You must supply a numeric argument "
-                            "to the %s command.", cmd);
-                        return(-1);
-                }
-                cp += strspn(cp, WHITESPACE);
-
-                /* Get pathname (mandatory) */
-                if (get_pathname(&cp, path1))
-                        return(-1);
-                if (*path1 == NULL) {
-                        error("You must specify a path after a %s command.",
-                            cmd);
-                        return(-1);
-                }
-                break;
-        case I_QUIT:
-        case I_PWD:
-        case I_LPWD:
-        case I_HELP:
-        case I_VERSION:
-        case I_PROGRESS:
-                break;
-        default:
-                fatal("Command not implemented");
-        }
-
-        *cpp = cp;
-        return(cmdnum);
-}
-
-static int
-parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
-    int err_abort)
-{
-        char *path1, *path2, *tmp;
-        int pflag, lflag, iflag, cmdnum, i;
-        unsigned long n_arg;
-        Attrib a, *aa;
-        char path_buf[MAXPATHLEN];
-        int err = 0;
-        glob_t g;
-
-        path1 = path2 = NULL;
-        cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg,
-            &path1, &path2);
-
-        if (iflag != 0)
-                err_abort = 0;
-
-        memset(&g, 0, sizeof(g));
-
-        /* Perform command */
-        switch (cmdnum) {
-        case 0:
-                /* Blank line */
-                break;
-        case -1:
-                /* Unrecognized command */
-                err = -1;
-                break;
-        case I_GET:
-                err = process_get(conn, path1, path2, *pwd, pflag);
-                break;
-        case I_PUT:
-                err = process_put(conn, path1, path2, *pwd, pflag);
-                break;
-        case I_RENAME:
-                path1 = make_absolute(path1, *pwd);
-                path2 = make_absolute(path2, *pwd);
-                err = do_rename(conn, path1, path2);
-                break;
-        case I_SYMLINK:
-                path2 = make_absolute(path2, *pwd);
-                err = do_symlink(conn, path1, path2);
-                break;
-        case I_RM:
-                path1 = make_absolute(path1, *pwd);
-                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
-                for (i = 0; g.gl_pathv[i]; i++) {
-                        printf("Removing %s\n", g.gl_pathv[i]);
-                        err = do_rm(conn, g.gl_pathv[i]);
-                        if (err != 0 && err_abort)
-                                break;
-                }
-                break;
-        case I_MKDIR:
-                path1 = make_absolute(path1, *pwd);
-                attrib_clear(&a);
-                a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
-                a.perm = 0777;
-                err = do_mkdir(conn, path1, &a);
-                break;
-        case I_RMDIR:
-                path1 = make_absolute(path1, *pwd);
-                err = do_rmdir(conn, path1);
-                break;
-        case I_CHDIR:
-                path1 = make_absolute(path1, *pwd);
-                if ((tmp = do_realpath(conn, path1)) == NULL) {
-                        err = 1;
-                        break;
-                }
-                if ((aa = do_stat(conn, tmp, 0)) == NULL) {
-                        xfree(tmp);
-                        err = 1;
-                        break;
-                }
-                if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) {
-                        error("Can't change directory: Can't check target");
-                        xfree(tmp);
-                        err = 1;
-                        break;
-                }
-                if (!S_ISDIR(aa->perm)) {
-                        error("Can't change directory: \"%s\" is not "
-                            "a directory", tmp);
-                        xfree(tmp);
-                        err = 1;
-                        break;
-                }
-                xfree(*pwd);
-                *pwd = tmp;
-                break;
-        case I_LS:
-                if (!path1) {
-                        do_globbed_ls(conn, *pwd, *pwd, lflag);
-                        break;
-                }
-
-                /* Strip pwd off beginning of non-absolute paths */
-                tmp = NULL;
-                if (*path1 != '/')
-                        tmp = *pwd;
-
-                path1 = make_absolute(path1, *pwd);
-                err = do_globbed_ls(conn, path1, tmp, lflag);
-                break;
-        case I_LCHDIR:
-                if (chdir(path1) == -1) {
-                        error("Couldn't change local directory to "
-                            "\"%s\": %s", path1, strerror(errno));
-                        err = 1;
-                }
-                break;
-        case I_LMKDIR:
-                if (mkdir(path1, 0777) == -1) {
-                        error("Couldn't create local directory "
-                            "\"%s\": %s", path1, strerror(errno));
-                        err = 1;
-                }
-                break;
-        case I_LLS:
-                local_do_ls(cmd);
-                break;
-        case I_SHELL:
-                local_do_shell(cmd);
-                break;
-        case I_LUMASK:
-                umask(n_arg);
-                printf("Local umask: %03lo\n", n_arg);
-                break;
-        case I_CHMOD:
-                path1 = make_absolute(path1, *pwd);
-                attrib_clear(&a);
-                a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
-                a.perm = n_arg;
-                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
-                for (i = 0; g.gl_pathv[i]; i++) {
-                        printf("Changing mode on %s\n", g.gl_pathv[i]);
-                        err = do_setstat(conn, g.gl_pathv[i], &a);
-                        if (err != 0 && err_abort)
-                                break;
-                }
-                break;
-        case I_CHOWN:
-        case I_CHGRP:
-                path1 = make_absolute(path1, *pwd);
-                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
-                for (i = 0; g.gl_pathv[i]; i++) {
-                        if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
-                                if (err != 0 && err_abort)
-                                        break;
-                                else
-                                        continue;
-                        }
-                        if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
-                                error("Can't get current ownership of "
-                                    "remote file \"%s\"", g.gl_pathv[i]);
-                                if (err != 0 && err_abort)
-                                        break;
-                                else
-                                        continue;
-                        }
-                        aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
-                        if (cmdnum == I_CHOWN) {
-                                printf("Changing owner on %s\n", g.gl_pathv[i]);
-                                aa->uid = n_arg;
-                        } else {
-                                printf("Changing group on %s\n", g.gl_pathv[i]);
-                                aa->gid = n_arg;
-                        }
-                        err = do_setstat(conn, g.gl_pathv[i], aa);
-                        if (err != 0 && err_abort)
-                                break;
-                }
-                break;
-        case I_PWD:
-                printf("Remote working directory: %s\n", *pwd);
-                break;
-        case I_LPWD:
-                if (!getcwd(path_buf, sizeof(path_buf))) {
-                        error("Couldn't get local cwd: %s", strerror(errno));
-                        err = -1;
-                        break;
-                }
-                printf("Local working directory: %s\n", path_buf);
-                break;
-        case I_QUIT:
-                /* Processed below */
-                break;
-        case I_HELP:
-                help();
-                break;
-        case I_VERSION:
-                printf("SFTP protocol version %u\n", sftp_proto_version(conn));
-                break;
-        case I_PROGRESS:
-                showprogress = !showprogress;
-                if (showprogress)
-                        printf("Progress meter enabled\n");
-                else
-                        printf("Progress meter disabled\n");
-                break;
-        default:
-                fatal("%d is not implemented", cmdnum);
-        }
-
-        if (g.gl_pathc)
-                globfree(&g);
-        if (path1)
-                xfree(path1);
-        if (path2)
-                xfree(path2);
-
-        /* If an unignored error occurs in batch mode we should abort. */
-        if (err_abort && err != 0)
-                return (-1);
-        else if (cmdnum == I_QUIT)
-                return (1);
-
-        return (0);
-}
-
-int
-interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
-{
-        char *pwd;
-        char *dir = NULL;
-        char cmd[2048];
-        struct sftp_conn *conn;
-        int err;
-
-        conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests);
-        if (conn == NULL)
-                fatal("Couldn't initialise connection to server");
-
-        pwd = do_realpath(conn, ".");
-        if (pwd == NULL)
-                fatal("Need cwd");
-
-        if (file1 != NULL) {
-                dir = xstrdup(file1);
-                dir = make_absolute(dir, pwd);
-
-                if (remote_is_dir(conn, dir) && file2 == NULL) {
-                        printf("Changing to: %s\n", dir);
-                        snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
-                        if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0)
-                                return (-1);
-                } else {
-                        if (file2 == NULL)
-                                snprintf(cmd, sizeof cmd, "get %s", dir);
-                        else
-                                snprintf(cmd, sizeof cmd, "get %s %s", dir,
-                                    file2);
-
-                        err = parse_dispatch_command(conn, cmd, &pwd, 1);
-                        xfree(dir);
-                        xfree(pwd);
-                        return (err);
-                }
-                xfree(dir);
-        }
-
-#if HAVE_SETVBUF
-        setvbuf(stdout, NULL, _IOLBF, 0);
-        setvbuf(infile, NULL, _IOLBF, 0);
-#else
-        setlinebuf(stdout);
-        setlinebuf(infile);
-#endif
-
-        err = 0;
-        for (;;) {
-                char *cp;
-
-                printf("sftp> ");
-
-                /* XXX: use libedit */
-                if (fgets(cmd, sizeof(cmd), infile) == NULL) {
-                        printf("\n");
-                        break;
-                } else if (infile != stdin) /* Bluff typing */
-                        printf("%s", cmd);
-
-                cp = strrchr(cmd, '\n');
-                if (cp)
-                        *cp = '\0';
-
-                err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin);
-                if (err != 0)
-                        break;
-        }
-        xfree(pwd);
-
-        /* err == 1 signifies normal "quit" exit */
-        return (err >= 0 ? 0 : -1);
-}
-
diff --git a/sftp-int.h b/sftp-int.h
deleted file mode 100644
index 8a04a03f6..000000000
--- a/sftp-int.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */
-
-/*
- * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-int      interactive_loop(int, int, char *, char *);
diff --git a/sftp-server.0 b/sftp-server.0
index fc57814f5..dad6bda73 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -1,4 +1,4 @@
-SFTP-SERVER(8)            BSD System ManagerM-bM-^@M-^Ys Manual           SFTP-SERVER(8)
+SFTP-SERVER(8)          OpenBSD System Manager's Manual         SFTP-SERVER(8)
 
 NAME
      sftp-server - SFTP server subsystem
@@ -8,20 +8,20 @@ SYNOPSIS
 
 DESCRIPTION
      sftp-server is a program that speaks the server side of SFTP protocol to
-     stdout and expects client requests from stdin.  sftp-server is not
-     intended to be called directly, but from sshd(8) using the Subsystem
-     option.  See sshd(8) for more information.
+     stdout and expects client requests from stdin.  sftp-server is not in-
+     tended to be called directly, but from sshd(8) using the Subsystem op-
+     tion.  See sshd_config(5) for more information.
 
 SEE ALSO
-     sftp(1), ssh(1), sshd(8)
+     sftp(1), ssh(1), sshd_config(5), sshd(8)
 
-     T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
+     T. Ylonen, and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
      filexfer-00.txt, January 2001, work in progress material.
 
 AUTHORS
-     Markus Friedl M-bM-^LM-)markus@openbsd.orgM-bM-^LM-*
+     Markus Friedl <markus@openbsd.org>
 
 HISTORY
      sftp-server first appeared in OpenBSD 2.8 .
 
-BSD                             August 30, 2000                            BSD
+OpenBSD 3.4                     August 30, 2000                              1
diff --git a/sftp-server.8 b/sftp-server.8
index 871f83796..42f5d437c 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.9 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.10 2003/10/08 08:27:36 jmc Exp $
 .\"
 .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
 .\"
@@ -41,11 +41,12 @@ using the
 .Cm Subsystem
 option.
 See
-.Xr sshd 8
+.Xr sshd_config 5
 for more information.
 .Sh SEE ALSO
 .Xr sftp 1 ,
 .Xr ssh 1 ,
+.Xr sshd_config 5 ,
 .Xr sshd 8
 .Rs
 .%A T. Ylonen
diff --git a/sftp-server.c b/sftp-server.c
index 9166853ed..1d13e97b2 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,28 +1,20 @@
 /*
- * Copyright (c) 2000, 2001, 2002 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.45 2004/02/19 21:15:04 markus Exp $");
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -149,7 +141,7 @@ handle_init(void)
 }
 
 static int
-handle_new(int use, char *name, int fd, DIR *dirp)
+handle_new(int use, const char *name, int fd, DIR *dirp)
 {
         int i;
 
@@ -184,7 +176,7 @@ handle_to_string(int handle, char **stringp, int *hlenp)
 }
 
 static int
-handle_from_string(char *handle, u_int hlen)
+handle_from_string(const char *handle, u_int hlen)
 {
         int val;
 
@@ -298,7 +290,7 @@ send_status(u_int32_t id, u_int32_t error)
         buffer_free(&msg);
 }
 static void
-send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
+send_data_or_handle(char type, u_int32_t id, const char *data, int dlen)
 {
         Buffer msg;
 
@@ -311,7 +303,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
 }
 
 static void
-send_data(u_int32_t id, char *data, int dlen)
+send_data(u_int32_t id, const char *data, int dlen)
 {
         TRACE("sent data id %u len %d", id, dlen);
         send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
@@ -330,7 +322,7 @@ send_handle(u_int32_t id, int handle)
 }
 
 static void
-send_names(u_int32_t id, int count, Stat *stats)
+send_names(u_int32_t id, int count, const Stat *stats)
 {
         Buffer msg;
         int i;
@@ -350,7 +342,7 @@ send_names(u_int32_t id, int count, Stat *stats)
 }
 
 static void
-send_attrib(u_int32_t id, Attrib *a)
+send_attrib(u_int32_t id, const Attrib *a)
 {
         Buffer msg;
 
@@ -567,7 +559,7 @@ process_fstat(void)
 }
 
 static struct timeval *
-attrib_to_tv(Attrib *a)
+attrib_to_tv(const Attrib *a)
 {
         static struct timeval tv[2];
 
diff --git a/sftp.0 b/sftp.0
index b72ea4700..acb400dad 100644
--- a/sftp.0
+++ b/sftp.0
@@ -1,12 +1,12 @@
-SFTP(1)                   BSD General Commands Manual                  SFTP(1)
+SFTP(1)                    OpenBSD Reference Manual                    SFTP(1)
 
 NAME
      sftp - secure file transfer program
 
 SYNOPSIS
-     sftp [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server]
-          [-B buffer_size] [-F ssh_config] [-P sftp_server path]
-          [-R num_requests] [-S program] host
+     sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
+          [-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program]
+          [-s subsystem | sftp_server] host
      sftp [[user@]host[:file [file]]]
      sftp [[user@]host[:dir[/]]]
      sftp -b batchfile [user@]host
@@ -15,8 +15,8 @@ DESCRIPTION
      sftp is an interactive file transfer program, similar to ftp(1), which
      performs all operations over an encrypted ssh(1) transport.  It may also
      use many features of ssh, such as public key authentication and compres-
-     sion.  sftp connects and logs into the specified host, then enters an
-     interactive command mode.
+     sion.  sftp connects and logs into the specified host, then enters an in-
+     teractive command mode.
 
      The second usage format will retrieve files automatically if a non-inter-
      active authentication method is used; otherwise it will do so after suc-
@@ -30,42 +30,81 @@ DESCRIPTION
      cation to obviate the need to enter a password at connection time (see
      sshd(8) and ssh-keygen(1) for details).  The options are as follows:
 
-     -b batchfile
-             Batch mode reads a series of commands from an input batchfile
-             instead of stdin.  Since it lacks user interaction it should be
-             used in conjunction with non-interactive authentication.  sftp
-             will abort if any of the following commands fail: get, put,
-             rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp,
-             lpwd and lmkdir.  Termination on error can be suppressed on a
-             command by command basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y
-             character (for example, -rm /tmp/blah*).
-
-     -o ssh_option
-             Can be used to pass options to ssh in the format used in
-             ssh_config(5).  This is useful for specifying options for which
-             there is no separate sftp command-line flag.  For example, to
-             specify an alternate port use: sftp -oPort=24.
-
-     -s subsystem | sftp_server
-             Specifies the SSH2 subsystem or the path for an sftp server on
-             the remote host.  A path is useful for using sftp over protocol
-             version 1, or when the remote sshd(8) does not have an sftp sub-
-             system configured.
-
-     -v      Raise logging level.  This option is also passed to ssh.
+     -1      Specify the use of protocol version 1.
 
      -B buffer_size
              Specify the size of the buffer that sftp uses when transferring
              files.  Larger buffers require fewer round trips at the cost of
              higher memory consumption.  The default is 32768 bytes.
 
-     -C      Enables compression (via sshM-bM-^@M-^Ys -C flag).
+     -b batchfile
+             Batch mode reads a series of commands from an input batchfile in-
+             stead of stdin.  Since it lacks user interaction it should be
+             used in conjunction with non-interactive authentication.  A
+             batchfile of `-' may be used to indicate standard input.  sftp
+             will abort if any of the following commands fail: get, put,
+             rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp,
+             lpwd and lmkdir.  Termination on error can be suppressed on a
+             command by command basis by prefixing the command with a `-'
+             character (for example, -rm /tmp/blah*).
+
+     -C      Enables compression (via ssh's -C flag).
 
      -F ssh_config
              Specifies an alternative per-user configuration file for ssh(1).
              This option is directly passed to ssh(1).
 
-     -P sftp_server path
+     -o ssh_option
+             Can be used to pass options to ssh in the format used in
+             ssh_config(5).  This is useful for specifying options for which
+             there is no separate sftp command-line flag.  For example, to
+             specify an alternate port use: sftp -oPort=24.  For full details
+             of the options listed below, and their possible values, see
+             ssh_config(5).
+
+                   AddressFamily
+                   BatchMode
+                   BindAddress
+                   ChallengeResponseAuthentication
+                   CheckHostIP
+                   Cipher
+                   Ciphers
+                   Compression
+                   CompressionLevel
+                   ConnectionAttempts
+                   ConnectionTimeout
+                   GlobalKnownHostsFile
+                   GSSAPIAuthentication
+                   GSSAPIDelegateCredentials
+                   Host
+                   HostbasedAuthentication
+                   HostKeyAlgorithms
+                   HostKeyAlias
+                   HostName
+                   IdentityFile
+                   LogLevel
+                   MACs
+                   NoHostAuthenticationForLocalhost
+                   NumberOfPasswordPrompts
+                   PasswordAuthentication
+                   Port
+                   PreferredAuthentications
+                   Protocol
+                   ProxyCommand
+                   PubkeyAuthentication
+                   RhostsRSAAuthentication
+                   RSAAuthentication
+                   ServerAliveInterval
+                   ServerAliveCountMax
+                   SmartcardDevice
+                   StrictHostKeyChecking
+                   TCPKeepAlive
+                   UsePrivilegedPort
+                   User
+                   UserKnownHostsFile
+                   VerifyHostKeyDNS
+
+     -P sftp_server_path
              Connect directly to a local sftp server (rather than via ssh(1))
              This option may be useful in debugging the client and server.
 
@@ -78,104 +117,104 @@ DESCRIPTION
              Name of the program to use for the encrypted connection.  The
              program must understand ssh(1) options.
 
-     -1      Specify the use of protocol version 1.
+     -s subsystem | sftp_server
+             Specifies the SSH2 subsystem or the path for an sftp server on
+             the remote host.  A path is useful for using sftp over protocol
+             version 1, or when the remote sshd(8) does not have an sftp sub-
+             system configured.
+
+     -v      Raise logging level.  This option is also passed to ssh.
 
 INTERACTIVE COMMANDS
      Once in interactive mode, sftp understands a set of commands similar to
-     those of ftp(1).  Commands are case insensitive and pathnames may be
-     enclosed in quotes if they contain spaces.
+     those of ftp(1).  Commands are case insensitive and pathnames may be en-
+     closed in quotes if they contain spaces.
 
-     bye     Quit sftp.
+     bye         Quit sftp.
 
-     cd path
-             Change remote directory to path.
-
-     lcd path
-             Change local directory to path.
+     cd path     Change remote directory to path.
 
      chgrp grp path
-             Change group of file path to grp.  grp must be a numeric GID.
+                 Change group of file path to grp.  grp must be a numeric GID.
 
      chmod mode path
-             Change permissions of file path to mode.
+                 Change permissions of file path to mode.
 
      chown own path
-             Change owner of file path to own.  own must be a numeric UID.
+                 Change owner of file path to own.  own must be a numeric UID.
 
-     exit    Quit sftp.
+     exit        Quit sftp.
 
      get [flags] remote-path [local-path]
-             Retrieve the remote-path and store it on the local machine.  If
-             the local path name is not specified, it is given the same name
-             it has on the remote machine.  If the -P flag is specified, then
-             the fileM-bM-^@M-^Ys full permission and access time are copied too.
+                 Retrieve the remote-path and store it on the local machine.
+                 If the local path name is not specified, it is given the same
+                 name it has on the remote machine.  If the -P flag is speci-
+                 fied, then the file's full permission and access time are
+                 copied too.
+
+     help        Display help text.
 
-     help    Display help text.
+     lcd path    Change local directory to path.
 
      lls [ls-options [path]]
-             Display local directory listing of either path or current direc-
-             tory if path is not specified.
+                 Display local directory listing of either path or current di-
+                 rectory if path is not specified.
 
      lmkdir path
-             Create local directory specified by path.
+                 Create local directory specified by path.
 
      ln oldpath newpath
-             Create a symbolic link from oldpath to newpath.
+                 Create a symbolic link from oldpath to newpath.
 
-     lpwd    Print local working directory.
+     lpwd        Print local working directory.
 
      ls [flags] [path]
-             Display remote directory listing of either path or current direc-
-             tory if path is not specified.  If the -l flag is specified, then
-             display additional details including permissions and ownership
-             information.
+                 Display remote directory listing of either path or current
+                 directory if path is not specified.  If the -l flag is speci-
+                 fied, then display additional details including permissions
+                 and ownership information.
 
      lumask umask
-             Set local umask to umask.
+                 Set local umask to umask.
 
-     mkdir path
-             Create remote directory specified by path.
+     mkdir path  Create remote directory specified by path.
 
-     progress
-             Toggle display of progress meter.
+     progress    Toggle display of progress meter.
 
      put [flags] local-path [remote-path]
-             Upload local-path and store it on the remote machine.  If the
-             remote path name is not specified, it is given the same name it
-             has on the local machine.  If the -P flag is specified, then the
-             fileM-bM-^@M-^Ys full permission and access time are copied too.
+                 Upload local-path and store it on the remote machine.  If the
+                 remote path name is not specified, it is given the same name
+                 it has on the local machine.  If the -P flag is specified,
+                 then the file's full permission and access time are copied
+                 too.
 
-     pwd     Display remote working directory.
+     pwd         Display remote working directory.
 
-     quit    Quit sftp.
+     quit        Quit sftp.
 
      rename oldpath newpath
-             Rename remote file from oldpath to newpath.
+                 Rename remote file from oldpath to newpath.
 
-     rmdir path
-             Remove remote directory specified by path.
+     rm path     Delete remote file specified by path.
 
-     rm path
-             Delete remote file specified by path.
+     rmdir path  Remove remote directory specified by path.
 
      symlink oldpath newpath
-             Create a symbolic link from oldpath to newpath.
+                 Create a symbolic link from oldpath to newpath.
 
-     version
-             Display the sftp protocol version.
+     version     Display the sftp protocol version.
 
-     ! command
-             Execute command in local shell.
+     ! command   Execute command in local shell.
 
-     !       Escape to local shell.
+     !           Escape to local shell.
 
-     ?       Synonym for help.
+     ?           Synonym for help.
 
 SEE ALSO
-     scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sftp-server(8),
-     sshd(8)
+     ftp(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5),
+     sftp-server(8), sshd(8)
 
-     T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
+     T. Ylonen, and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
      filexfer-00.txt, January 2001, work in progress material.
 
-BSD                            February 4, 2001                            BSD
+OpenBSD 3.4                    February 4, 2001                              4
diff --git a/sftp.1 b/sftp.1
index 753a4f2b9..2a67a888e 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.45 2003/09/02 18:50:06 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -31,15 +31,15 @@
 .Sh SYNOPSIS
 .Nm sftp
 .Bk -words
-.Op Fl vC1
-.Op Fl b Ar batchfile
-.Op Fl o Ar ssh_option
-.Op Fl s Ar subsystem | sftp_server
+.Op Fl 1Cv
 .Op Fl B Ar buffer_size
+.Op Fl b Ar batchfile
 .Op Fl F Ar ssh_config
-.Op Fl P Ar sftp_server path
+.Op Fl o Ar ssh_option
+.Op Fl P Ar sftp_server_path
 .Op Fl R Ar num_requests
 .Op Fl S Ar program
+.Op Fl s Ar subsystem | sftp_server
 .Ar host
 .Ek
 .Nm sftp
@@ -84,6 +84,15 @@ and
 for details).
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 1
+Specify the use of protocol version 1.
+.It Fl B Ar buffer_size
+Specify the size of the buffer that
+.Nm
+uses when transferring files.
+Larger buffers require fewer round trips at the cost of higher
+memory consumption.
+The default is 32768 bytes.
 .It Fl b Ar batchfile
 Batch mode reads a series of commands from an input
 .Ar batchfile
@@ -91,6 +100,11 @@ instead of
 .Em stdin .
 Since it lacks user interaction it should be used in conjunction with
 non-interactive authentication.
+A
+.Ar batchfile
+of
+.Sq \-
+may be used to indicate standard input.
 .Nm
 will abort if any of the following
 commands fail:
@@ -101,9 +115,19 @@ and
 .Ic lmkdir .
 Termination on error can be suppressed on a command by command basis by
 prefixing the command with a
-.Sq Ic \-
+.Sq \-
 character (for example,
 .Ic -rm /tmp/blah* ) .
+.It Fl C
+Enables compression (via ssh's
+.Fl C
+flag).
+.It Fl F Ar ssh_config
+Specifies an alternative
+per-user configuration file for
+.Xr ssh 1 .
+This option is directly passed to
+.Xr ssh 1 .
 .It Fl o Ar ssh_option
 Can be used to pass options to
 .Nm ssh
@@ -115,35 +139,53 @@ for which there is no separate
 command-line flag.
 For example, to specify an alternate port use:
 .Ic sftp -oPort=24 .
-.It Fl s Ar subsystem | sftp_server
-Specifies the SSH2 subsystem or the path for an sftp server
-on the remote host.
-A path is useful for using
-.Nm
-over protocol version 1, or when the remote
-.Xr sshd 8
-does not have an sftp subsystem configured.
-.It Fl v
-Raise logging level.
-This option is also passed to ssh.
-.It Fl B Ar buffer_size
-Specify the size of the buffer that
-.Nm
-uses when transferring files.
-Larger buffers require fewer round trips at the cost of higher
-memory consumption.
-The default is 32768 bytes.
-.It Fl C
-Enables compression (via ssh's
-.Fl C
-flag).
-.It Fl F Ar ssh_config
-Specifies an alternative
-per-user configuration file for
-.Xr ssh 1 .
-This option is directly passed to
-.Xr ssh 1 .
-.It Fl P Ar sftp_server path
+For full details of the options listed below, and their possible values, see
+.Xr ssh_config 5 .
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It AddressFamily
+.It BatchMode
+.It BindAddress
+.It ChallengeResponseAuthentication
+.It CheckHostIP
+.It Cipher
+.It Ciphers
+.It Compression
+.It CompressionLevel
+.It ConnectionAttempts
+.It ConnectionTimeout
+.It GlobalKnownHostsFile
+.It GSSAPIAuthentication
+.It GSSAPIDelegateCredentials
+.It Host
+.It HostbasedAuthentication
+.It HostKeyAlgorithms
+.It HostKeyAlias
+.It HostName
+.It IdentityFile
+.It LogLevel
+.It MACs
+.It NoHostAuthenticationForLocalhost
+.It NumberOfPasswordPrompts
+.It PasswordAuthentication
+.It Port
+.It PreferredAuthentications
+.It Protocol
+.It ProxyCommand
+.It PubkeyAuthentication
+.It RhostsRSAAuthentication
+.It RSAAuthentication
+.It ServerAliveInterval
+.It ServerAliveCountMax
+.It SmartcardDevice
+.It StrictHostKeyChecking
+.It TCPKeepAlive
+.It UsePrivilegedPort
+.It User
+.It UserKnownHostsFile
+.It VerifyHostKeyDNS
+.El
+.It Fl P Ar sftp_server_path
 Connect directly to a local sftp server
 (rather than via
 .Xr ssh 1 )
@@ -160,8 +202,17 @@ to use for the encrypted connection.
 The program must understand
 .Xr ssh 1
 options.
-.It Fl 1
-Specify the use of protocol version 1.
+.It Fl s Ar subsystem | sftp_server
+Specifies the SSH2 subsystem or the path for an sftp server
+on the remote host.
+A path is useful for using
+.Nm
+over protocol version 1, or when the remote
+.Xr sshd 8
+does not have an sftp subsystem configured.
+.It Fl v
+Raise logging level.
+This option is also passed to ssh.
 .El
 .Sh INTERACTIVE COMMANDS
 Once in interactive mode,
@@ -170,16 +221,13 @@ understands a set of commands similar to those of
 .Xr ftp 1 .
 Commands are case insensitive and pathnames may be enclosed in quotes if they
 contain spaces.
-.Bl -tag -width Ds
+.Bl -tag -width "lmdir path"
 .It Ic bye
 Quit
 .Nm sftp .
 .It Ic cd Ar path
 Change remote directory to
 .Ar path .
-.It Ic lcd Ar path
-Change local directory to
-.Ar path .
 .It Ic chgrp Ar grp Ar path
 Change group of file
 .Ar path
@@ -219,6 +267,9 @@ flag is specified, then the file's full permission and access time are
 copied too.
 .It Ic help
 Display help text.
+.It Ic lcd Ar path
+Change local directory to
+.Ar path .
 .It Ic lls Op Ar ls-options Op Ar path
 Display local directory listing of either
 .Ar path
@@ -280,12 +331,12 @@ Rename remote file from
 .Ar oldpath
 to
 .Ar newpath .
-.It Ic rmdir Ar path
-Remove remote directory specified by
-.Ar path .
 .It Ic rm Ar path
 Delete remote file specified by
 .Ar path .
+.It Ic rmdir Ar path
+Remove remote directory specified by
+.Ar path .
 .It Ic symlink Ar oldpath Ar newpath
 Create a symbolic link from
 .Ar oldpath
@@ -305,6 +356,7 @@ Escape to local shell.
 Synonym for help.
 .El
 .Sh SEE ALSO
+.Xr ftp 1 ,
 .Xr scp 1 ,
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
diff --git a/sftp.c b/sftp.c
index c2a6593b8..7f7f50731 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,30 +1,22 @@
 /*
- * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
+ * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.37 2003/07/10 20:05:55 markus Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.44 2004/02/17 11:03:08 djm Exp $");
 
 #include "buffer.h"
 #include "xmalloc.h"
@@ -35,7 +27,27 @@ RCSID("$OpenBSD: sftp.c,v 1.37 2003/07/10 20:05:55 markus Exp $");
 #include "sftp.h"
 #include "sftp-common.h"
 #include "sftp-client.h"
-#include "sftp-int.h"
+
+/* File to read commands from */
+FILE* infile;
+
+/* Are we in batchfile mode? */
+int batchmode = 0;
+
+/* Size of buffer used when copying files */
+size_t copy_buffer_len = 32768;
+
+/* Number of concurrent outstanding requests */
+size_t num_requests = 16;
+
+/* PID of ssh transport process */
+static pid_t sshpid = -1;
+
+/* This is set to 0 if the progressmeter is not desired. */
+int showprogress;
+
+int remote_glob(struct sftp_conn *, const char *, int,
+    int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -43,12 +55,1155 @@ extern char *__progname;
 char *__progname;
 #endif
 
-FILE* infile;
-size_t copy_buffer_len = 32768;
-size_t num_requests = 16;
-static pid_t sshpid = -1;
+/* Separators for interactive commands */
+#define WHITESPACE " \t\r\n"
+
+/* Define what type of ls view (0 - multi-column) */
+#define LONG_VIEW 1             /* Full view ala ls -l */
+#define SHORT_VIEW 2            /* Single row view ala ls -1 */
+
+/* Commands for interactive mode */
+#define I_CHDIR         1
+#define I_CHGRP         2
+#define I_CHMOD         3
+#define I_CHOWN         4
+#define I_GET           5
+#define I_HELP          6
+#define I_LCHDIR        7
+#define I_LLS           8
+#define I_LMKDIR        9
+#define I_LPWD          10
+#define I_LS            11
+#define I_LUMASK        12
+#define I_MKDIR         13
+#define I_PUT           14
+#define I_PWD           15
+#define I_QUIT          16
+#define I_RENAME        17
+#define I_RM            18
+#define I_RMDIR         19
+#define I_SHELL         20
+#define I_SYMLINK       21
+#define I_VERSION       22
+#define I_PROGRESS      23
+
+struct CMD {
+        const char *c;
+        const int n;
+};
+
+static const struct CMD cmds[] = {
+        { "bye",        I_QUIT },
+        { "cd",         I_CHDIR },
+        { "chdir",      I_CHDIR },
+        { "chgrp",      I_CHGRP },
+        { "chmod",      I_CHMOD },
+        { "chown",      I_CHOWN },
+        { "dir",        I_LS },
+        { "exit",       I_QUIT },
+        { "get",        I_GET },
+        { "mget",       I_GET },
+        { "help",       I_HELP },
+        { "lcd",        I_LCHDIR },
+        { "lchdir",     I_LCHDIR },
+        { "lls",        I_LLS },
+        { "lmkdir",     I_LMKDIR },
+        { "ln",         I_SYMLINK },
+        { "lpwd",       I_LPWD },
+        { "ls",         I_LS },
+        { "lumask",     I_LUMASK },
+        { "mkdir",      I_MKDIR },
+        { "progress",   I_PROGRESS },
+        { "put",        I_PUT },
+        { "mput",       I_PUT },
+        { "pwd",        I_PWD },
+        { "quit",       I_QUIT },
+        { "rename",     I_RENAME },
+        { "rm",         I_RM },
+        { "rmdir",      I_RMDIR },
+        { "symlink",    I_SYMLINK },
+        { "version",    I_VERSION },
+        { "!",          I_SHELL },
+        { "?",          I_HELP },
+        { NULL,                 -1}
+};
 
-extern int showprogress;
+int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
+
+static void
+help(void)
+{
+        printf("Available commands:\n");
+        printf("cd path                       Change remote directory to 'path'\n");
+        printf("lcd path                      Change local directory to 'path'\n");
+        printf("chgrp grp path                Change group of file 'path' to 'grp'\n");
+        printf("chmod mode path               Change permissions of file 'path' to 'mode'\n");
+        printf("chown own path                Change owner of file 'path' to 'own'\n");
+        printf("help                          Display this help text\n");
+        printf("get remote-path [local-path]  Download file\n");
+        printf("lls [ls-options [path]]       Display local directory listing\n");
+        printf("ln oldpath newpath            Symlink remote file\n");
+        printf("lmkdir path                   Create local directory\n");
+        printf("lpwd                          Print local working directory\n");
+        printf("ls [path]                     Display remote directory listing\n");
+        printf("lumask umask                  Set local umask to 'umask'\n");
+        printf("mkdir path                    Create remote directory\n");
+        printf("progress                      Toggle display of progress meter\n");
+        printf("put local-path [remote-path]  Upload file\n");
+        printf("pwd                           Display remote working directory\n");
+        printf("exit                          Quit sftp\n");
+        printf("quit                          Quit sftp\n");
+        printf("rename oldpath newpath        Rename remote file\n");
+        printf("rmdir path                    Remove remote directory\n");
+        printf("rm path                       Delete remote file\n");
+        printf("symlink oldpath newpath       Symlink remote file\n");
+        printf("version                       Show SFTP version\n");
+        printf("!command                      Execute 'command' in local shell\n");
+        printf("!                             Escape to local shell\n");
+        printf("?                             Synonym for help\n");
+}
+
+static void
+local_do_shell(const char *args)
+{
+        int status;
+        char *shell;
+        pid_t pid;
+
+        if (!*args)
+                args = NULL;
+
+        if ((shell = getenv("SHELL")) == NULL)
+                shell = _PATH_BSHELL;
+
+        if ((pid = fork()) == -1)
+                fatal("Couldn't fork: %s", strerror(errno));
+
+        if (pid == 0) {
+                /* XXX: child has pipe fds to ssh subproc open - issue? */
+                if (args) {
+                        debug3("Executing %s -c \"%s\"", shell, args);
+                        execl(shell, shell, "-c", args, (char *)NULL);
+                } else {
+                        debug3("Executing %s", shell);
+                        execl(shell, shell, (char *)NULL);
+                }
+                fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
+                    strerror(errno));
+                _exit(1);
+        }
+        while (waitpid(pid, &status, 0) == -1)
+                if (errno != EINTR)
+                        fatal("Couldn't wait for child: %s", strerror(errno));
+        if (!WIFEXITED(status))
+                error("Shell exited abormally");
+        else if (WEXITSTATUS(status))
+                error("Shell exited with status %d", WEXITSTATUS(status));
+}
+
+static void
+local_do_ls(const char *args)
+{
+        if (!args || !*args)
+                local_do_shell(_PATH_LS);
+        else {
+                int len = strlen(_PATH_LS " ") + strlen(args) + 1;
+                char *buf = xmalloc(len);
+
+                /* XXX: quoting - rip quoting code from ftp? */
+                snprintf(buf, len, _PATH_LS " %s", args);
+                local_do_shell(buf);
+                xfree(buf);
+        }
+}
+
+/* Strip one path (usually the pwd) from the start of another */
+static char *
+path_strip(char *path, char *strip)
+{
+        size_t len;
+
+        if (strip == NULL)
+                return (xstrdup(path));
+
+        len = strlen(strip);
+        if (strip != NULL && strncmp(path, strip, len) == 0) {
+                if (strip[len - 1] != '/' && path[len] == '/')
+                        len++;
+                return (xstrdup(path + len));
+        }
+
+        return (xstrdup(path));
+}
+
+static char *
+path_append(char *p1, char *p2)
+{
+        char *ret;
+        int len = strlen(p1) + strlen(p2) + 2;
+
+        ret = xmalloc(len);
+        strlcpy(ret, p1, len);
+        if (p1[strlen(p1) - 1] != '/')
+                strlcat(ret, "/", len);
+        strlcat(ret, p2, len);
+
+        return(ret);
+}
+
+static char *
+make_absolute(char *p, char *pwd)
+{
+        char *abs;
+
+        /* Derelativise */
+        if (p && p[0] != '/') {
+                abs = path_append(pwd, p);
+                xfree(p);
+                return(abs);
+        } else
+                return(p);
+}
+
+static int
+infer_path(const char *p, char **ifp)
+{
+        char *cp;
+
+        cp = strrchr(p, '/');
+        if (cp == NULL) {
+                *ifp = xstrdup(p);
+                return(0);
+        }
+
+        if (!cp[1]) {
+                error("Invalid path");
+                return(-1);
+        }
+
+        *ifp = xstrdup(cp + 1);
+        return(0);
+}
+
+static int
+parse_getput_flags(const char **cpp, int *pflag)
+{
+        const char *cp = *cpp;
+
+        /* Check for flags */
+        if (cp[0] == '-' && cp[1] && strchr(WHITESPACE, cp[2])) {
+                switch (cp[1]) {
+                case 'p':
+                case 'P':
+                        *pflag = 1;
+                        break;
+                default:
+                        error("Invalid flag -%c", cp[1]);
+                        return(-1);
+                }
+                cp += 2;
+                *cpp = cp + strspn(cp, WHITESPACE);
+        }
+
+        return(0);
+}
+
+static int
+parse_ls_flags(const char **cpp, int *lflag)
+{
+        const char *cp = *cpp;
+
+        /* Check for flags */
+        if (cp++[0] == '-') {
+                for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
+                        switch (*cp) {
+                        case 'l':
+                                *lflag = LONG_VIEW;
+                                break;
+                        case '1':
+                                *lflag = SHORT_VIEW;
+                                break;
+                        default:
+                                error("Invalid flag -%c", *cp);
+                                return(-1);
+                        }
+                }
+                *cpp = cp + strspn(cp, WHITESPACE);
+        }
+
+        return(0);
+}
+
+static int
+get_pathname(const char **cpp, char **path)
+{
+        const char *cp = *cpp, *end;
+        char quot;
+        int i, j;
+
+        cp += strspn(cp, WHITESPACE);
+        if (!*cp) {
+                *cpp = cp;
+                *path = NULL;
+                return (0);
+        }
+
+        *path = xmalloc(strlen(cp) + 1);
+
+        /* Check for quoted filenames */
+        if (*cp == '\"' || *cp == '\'') {
+                quot = *cp++;
+
+                /* Search for terminating quote, unescape some chars */
+                for (i = j = 0; i <= strlen(cp); i++) {
+                        if (cp[i] == quot) {    /* Found quote */
+                                i++;
+                                (*path)[j] = '\0';
+                                break;
+                        }
+                        if (cp[i] == '\0') {    /* End of string */
+                                error("Unterminated quote");
+                                goto fail;
+                        }
+                        if (cp[i] == '\\') {    /* Escaped characters */
+                                i++;
+                                if (cp[i] != '\'' && cp[i] != '\"' &&
+                                    cp[i] != '\\') {
+                                        error("Bad escaped character '\%c'",
+                                            cp[i]);
+                                        goto fail;
+                                }
+                        }
+                        (*path)[j++] = cp[i];
+                }
+
+                if (j == 0) {
+                        error("Empty quotes");
+                        goto fail;
+                }
+                *cpp = cp + i + strspn(cp + i, WHITESPACE);
+        } else {
+                /* Read to end of filename */
+                end = strpbrk(cp, WHITESPACE);
+                if (end == NULL)
+                        end = strchr(cp, '\0');
+                *cpp = end + strspn(end, WHITESPACE);
+
+                memcpy(*path, cp, end - cp);
+                (*path)[end - cp] = '\0';
+        }
+        return (0);
+
+ fail:
+        xfree(*path);
+        *path = NULL;
+        return (-1);
+}
+
+static int
+is_dir(char *path)
+{
+        struct stat sb;
+
+        /* XXX: report errors? */
+        if (stat(path, &sb) == -1)
+                return(0);
+
+        return(sb.st_mode & S_IFDIR);
+}
+
+static int
+is_reg(char *path)
+{
+        struct stat sb;
+
+        if (stat(path, &sb) == -1)
+                fatal("stat %s: %s", path, strerror(errno));
+
+        return(S_ISREG(sb.st_mode));
+}
+
+static int
+remote_is_dir(struct sftp_conn *conn, char *path)
+{
+        Attrib *a;
+
+        /* XXX: report errors? */
+        if ((a = do_stat(conn, path, 1)) == NULL)
+                return(0);
+        if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
+                return(0);
+        return(a->perm & S_IFDIR);
+}
+
+static int
+process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
+{
+        char *abs_src = NULL;
+        char *abs_dst = NULL;
+        char *tmp;
+        glob_t g;
+        int err = 0;
+        int i;
+
+        abs_src = xstrdup(src);
+        abs_src = make_absolute(abs_src, pwd);
+
+        memset(&g, 0, sizeof(g));
+        debug3("Looking up %s", abs_src);
+        if (remote_glob(conn, abs_src, 0, NULL, &g)) {
+                error("File \"%s\" not found.", abs_src);
+                err = -1;
+                goto out;
+        }
+
+        /* If multiple matches, dst must be a directory or unspecified */
+        if (g.gl_matchc > 1 && dst && !is_dir(dst)) {
+                error("Multiple files match, but \"%s\" is not a directory",
+                    dst);
+                err = -1;
+                goto out;
+        }
+
+        for (i = 0; g.gl_pathv[i]; i++) {
+                if (infer_path(g.gl_pathv[i], &tmp)) {
+                        err = -1;
+                        goto out;
+                }
+
+                if (g.gl_matchc == 1 && dst) {
+                        /* If directory specified, append filename */
+                        if (is_dir(dst)) {
+                                if (infer_path(g.gl_pathv[0], &tmp)) {
+                                        err = 1;
+                                        goto out;
+                                }
+                                abs_dst = path_append(dst, tmp);
+                                xfree(tmp);
+                        } else
+                                abs_dst = xstrdup(dst);
+                } else if (dst) {
+                        abs_dst = path_append(dst, tmp);
+                        xfree(tmp);
+                } else
+                        abs_dst = tmp;
+
+                printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
+                if (do_download(conn, g.gl_pathv[i], abs_dst, pflag) == -1)
+                        err = -1;
+                xfree(abs_dst);
+                abs_dst = NULL;
+        }
+
+out:
+        xfree(abs_src);
+        if (abs_dst)
+                xfree(abs_dst);
+        globfree(&g);
+        return(err);
+}
+
+static int
+process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag)
+{
+        char *tmp_dst = NULL;
+        char *abs_dst = NULL;
+        char *tmp;
+        glob_t g;
+        int err = 0;
+        int i;
+
+        if (dst) {
+                tmp_dst = xstrdup(dst);
+                tmp_dst = make_absolute(tmp_dst, pwd);
+        }
+
+        memset(&g, 0, sizeof(g));
+        debug3("Looking up %s", src);
+        if (glob(src, 0, NULL, &g)) {
+                error("File \"%s\" not found.", src);
+                err = -1;
+                goto out;
+        }
+
+        /* If multiple matches, dst may be directory or unspecified */
+        if (g.gl_matchc > 1 && tmp_dst && !remote_is_dir(conn, tmp_dst)) {
+                error("Multiple files match, but \"%s\" is not a directory",
+                    tmp_dst);
+                err = -1;
+                goto out;
+        }
+
+        for (i = 0; g.gl_pathv[i]; i++) {
+                if (!is_reg(g.gl_pathv[i])) {
+                        error("skipping non-regular file %s",
+                            g.gl_pathv[i]);
+                        continue;
+                }
+                if (infer_path(g.gl_pathv[i], &tmp)) {
+                        err = -1;
+                        goto out;
+                }
+
+                if (g.gl_matchc == 1 && tmp_dst) {
+                        /* If directory specified, append filename */
+                        if (remote_is_dir(conn, tmp_dst)) {
+                                if (infer_path(g.gl_pathv[0], &tmp)) {
+                                        err = 1;
+                                        goto out;
+                                }
+                                abs_dst = path_append(tmp_dst, tmp);
+                                xfree(tmp);
+                        } else
+                                abs_dst = xstrdup(tmp_dst);
+
+                } else if (tmp_dst) {
+                        abs_dst = path_append(tmp_dst, tmp);
+                        xfree(tmp);
+                } else
+                        abs_dst = make_absolute(tmp, pwd);
+
+                printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst);
+                if (do_upload(conn, g.gl_pathv[i], abs_dst, pflag) == -1)
+                        err = -1;
+        }
+
+out:
+        if (abs_dst)
+                xfree(abs_dst);
+        if (tmp_dst)
+                xfree(tmp_dst);
+        globfree(&g);
+        return(err);
+}
+
+static int
+sdirent_comp(const void *aa, const void *bb)
+{
+        SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
+        SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
+
+        return (strcmp(a->filename, b->filename));
+}
+
+/* sftp ls.1 replacement for directories */
+static int
+do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
+{
+        int n, c = 1, colspace = 0, columns = 1;
+        SFTP_DIRENT **d;
+
+        if ((n = do_readdir(conn, path, &d)) != 0)
+                return (n);
+
+        if (!(lflag & SHORT_VIEW)) {
+                int m = 0, width = 80;
+                struct winsize ws;
+                char *tmp;
+
+                /* Count entries for sort and find longest filename */
+                for (n = 0; d[n] != NULL; n++)
+                        m = MAX(m, strlen(d[n]->filename));
+
+                /* Add any subpath that also needs to be counted */
+                tmp = path_strip(path, strip_path);
+                m += strlen(tmp);
+                xfree(tmp);
+
+                if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
+                        width = ws.ws_col;
+
+                columns = width / (m + 2);
+                columns = MAX(columns, 1);
+                colspace = width / columns;
+                colspace = MIN(colspace, width);
+        }
+
+        qsort(d, n, sizeof(*d), sdirent_comp);
+
+        for (n = 0; d[n] != NULL; n++) {
+                char *tmp, *fname;
+
+                tmp = path_append(path, d[n]->filename);
+                fname = path_strip(tmp, strip_path);
+                xfree(tmp);
+
+                if (lflag & LONG_VIEW) {
+                        char *lname;
+                        struct stat sb;
+
+                        memset(&sb, 0, sizeof(sb));
+                        attrib_to_stat(&d[n]->a, &sb);
+                        lname = ls_file(fname, &sb, 1);
+                        printf("%s\n", lname);
+                        xfree(lname);
+                } else {
+                        printf("%-*s", colspace, fname);
+                        if (c >= columns) {
+                                printf("\n");
+                                c = 1;
+                        } else
+                                c++;
+                }
+
+                xfree(fname);
+        }
+
+        if (!(lflag & LONG_VIEW) && (c != 1))
+                printf("\n");
+
+        free_sftp_dirents(d);
+        return (0);
+}
+
+/* sftp ls.1 replacement which handles path globs */
+static int
+do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
+    int lflag)
+{
+        glob_t g;
+        int i, c = 1, colspace = 0, columns = 1;
+        Attrib *a;
+
+        memset(&g, 0, sizeof(g));
+
+        if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
+            NULL, &g)) {
+                error("Can't ls: \"%s\" not found", path);
+                return (-1);
+        }
+
+        /*
+         * If the glob returns a single match, which is the same as the
+         * input glob, and it is a directory, then just list its contents
+         */
+        if (g.gl_pathc == 1 &&
+            strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
+                if ((a = do_lstat(conn, path, 1)) == NULL) {
+                        globfree(&g);
+                        return (-1);
+                }
+                if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
+                    S_ISDIR(a->perm)) {
+                        globfree(&g);
+                        return (do_ls_dir(conn, path, strip_path, lflag));
+                }
+        }
+
+        if (!(lflag & SHORT_VIEW)) {
+                int m = 0, width = 80;
+                struct winsize ws;
+
+                /* Count entries for sort and find longest filename */
+                for (i = 0; g.gl_pathv[i]; i++)
+                        m = MAX(m, strlen(g.gl_pathv[i]));
+
+                if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1)
+                        width = ws.ws_col;
+
+                columns = width / (m + 2);
+                columns = MAX(columns, 1);
+                colspace = width / columns;
+        }
+
+        for (i = 0; g.gl_pathv[i]; i++) {
+                char *fname;
+
+                fname = path_strip(g.gl_pathv[i], strip_path);
+
+                if (lflag & LONG_VIEW) {
+                        char *lname;
+                        struct stat sb;
+
+                        /*
+                         * XXX: this is slow - 1 roundtrip per path
+                         * A solution to this is to fork glob() and
+                         * build a sftp specific version which keeps the
+                         * attribs (which currently get thrown away)
+                         * that the server returns as well as the filenames.
+                         */
+                        memset(&sb, 0, sizeof(sb));
+                        a = do_lstat(conn, g.gl_pathv[i], 1);
+                        if (a != NULL)
+                                attrib_to_stat(a, &sb);
+                        lname = ls_file(fname, &sb, 1);
+                        printf("%s\n", lname);
+                        xfree(lname);
+                } else {
+                        printf("%-*s", colspace, fname);
+                        if (c >= columns) {
+                                printf("\n");
+                                c = 1;
+                        } else
+                                c++;
+                }
+                xfree(fname);
+        }
+
+        if (!(lflag & LONG_VIEW) && (c != 1))
+                printf("\n");
+
+        if (g.gl_pathc)
+                globfree(&g);
+
+        return (0);
+}
+
+static int
+parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
+    unsigned long *n_arg, char **path1, char **path2)
+{
+        const char *cmd, *cp = *cpp;
+        char *cp2;
+        int base = 0;
+        long l;
+        int i, cmdnum;
+
+        /* Skip leading whitespace */
+        cp = cp + strspn(cp, WHITESPACE);
+
+        /* Ignore blank lines and lines which begin with comment '#' char */
+        if (*cp == '\0' || *cp == '#')
+                return (0);
+
+        /* Check for leading '-' (disable error processing) */
+        *iflag = 0;
+        if (*cp == '-') {
+                *iflag = 1;
+                cp++;
+        }
+
+        /* Figure out which command we have */
+        for (i = 0; cmds[i].c; i++) {
+                int cmdlen = strlen(cmds[i].c);
+
+                /* Check for command followed by whitespace */
+                if (!strncasecmp(cp, cmds[i].c, cmdlen) &&
+                    strchr(WHITESPACE, cp[cmdlen])) {
+                        cp += cmdlen;
+                        cp = cp + strspn(cp, WHITESPACE);
+                        break;
+                }
+        }
+        cmdnum = cmds[i].n;
+        cmd = cmds[i].c;
+
+        /* Special case */
+        if (*cp == '!') {
+                cp++;
+                cmdnum = I_SHELL;
+        } else if (cmdnum == -1) {
+                error("Invalid command.");
+                return (-1);
+        }
+
+        /* Get arguments and parse flags */
+        *lflag = *pflag = *n_arg = 0;
+        *path1 = *path2 = NULL;
+        switch (cmdnum) {
+        case I_GET:
+        case I_PUT:
+                if (parse_getput_flags(&cp, pflag))
+                        return(-1);
+                /* Get first pathname (mandatory) */
+                if (get_pathname(&cp, path1))
+                        return(-1);
+                if (*path1 == NULL) {
+                        error("You must specify at least one path after a "
+                            "%s command.", cmd);
+                        return(-1);
+                }
+                /* Try to get second pathname (optional) */
+                if (get_pathname(&cp, path2))
+                        return(-1);
+                break;
+        case I_RENAME:
+        case I_SYMLINK:
+                if (get_pathname(&cp, path1))
+                        return(-1);
+                if (get_pathname(&cp, path2))
+                        return(-1);
+                if (!*path1 || !*path2) {
+                        error("You must specify two paths after a %s "
+                            "command.", cmd);
+                        return(-1);
+                }
+                break;
+        case I_RM:
+        case I_MKDIR:
+        case I_RMDIR:
+        case I_CHDIR:
+        case I_LCHDIR:
+        case I_LMKDIR:
+                /* Get pathname (mandatory) */
+                if (get_pathname(&cp, path1))
+                        return(-1);
+                if (*path1 == NULL) {
+                        error("You must specify a path after a %s command.",
+                            cmd);
+                        return(-1);
+                }
+                break;
+        case I_LS:
+                if (parse_ls_flags(&cp, lflag))
+                        return(-1);
+                /* Path is optional */
+                if (get_pathname(&cp, path1))
+                        return(-1);
+                break;
+        case I_LLS:
+        case I_SHELL:
+                /* Uses the rest of the line */
+                break;
+        case I_LUMASK:
+                base = 8;
+        case I_CHMOD:
+                base = 8;
+        case I_CHOWN:
+        case I_CHGRP:
+                /* Get numeric arg (mandatory) */
+                l = strtol(cp, &cp2, base);
+                if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) &&
+                    errno == ERANGE) || l < 0) {
+                        error("You must supply a numeric argument "
+                            "to the %s command.", cmd);
+                        return(-1);
+                }
+                cp = cp2;
+                *n_arg = l;
+                if (cmdnum == I_LUMASK && strchr(WHITESPACE, *cp))
+                        break;
+                if (cmdnum == I_LUMASK || !strchr(WHITESPACE, *cp)) {
+                        error("You must supply a numeric argument "
+                            "to the %s command.", cmd);
+                        return(-1);
+                }
+                cp += strspn(cp, WHITESPACE);
+
+                /* Get pathname (mandatory) */
+                if (get_pathname(&cp, path1))
+                        return(-1);
+                if (*path1 == NULL) {
+                        error("You must specify a path after a %s command.",
+                            cmd);
+                        return(-1);
+                }
+                break;
+        case I_QUIT:
+        case I_PWD:
+        case I_LPWD:
+        case I_HELP:
+        case I_VERSION:
+        case I_PROGRESS:
+                break;
+        default:
+                fatal("Command not implemented");
+        }
+
+        *cpp = cp;
+        return(cmdnum);
+}
+
+static int
+parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
+    int err_abort)
+{
+        char *path1, *path2, *tmp;
+        int pflag, lflag, iflag, cmdnum, i;
+        unsigned long n_arg;
+        Attrib a, *aa;
+        char path_buf[MAXPATHLEN];
+        int err = 0;
+        glob_t g;
+
+        path1 = path2 = NULL;
+        cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg,
+            &path1, &path2);
+
+        if (iflag != 0)
+                err_abort = 0;
+
+        memset(&g, 0, sizeof(g));
+
+        /* Perform command */
+        switch (cmdnum) {
+        case 0:
+                /* Blank line */
+                break;
+        case -1:
+                /* Unrecognized command */
+                err = -1;
+                break;
+        case I_GET:
+                err = process_get(conn, path1, path2, *pwd, pflag);
+                break;
+        case I_PUT:
+                err = process_put(conn, path1, path2, *pwd, pflag);
+                break;
+        case I_RENAME:
+                path1 = make_absolute(path1, *pwd);
+                path2 = make_absolute(path2, *pwd);
+                err = do_rename(conn, path1, path2);
+                break;
+        case I_SYMLINK:
+                path2 = make_absolute(path2, *pwd);
+                err = do_symlink(conn, path1, path2);
+                break;
+        case I_RM:
+                path1 = make_absolute(path1, *pwd);
+                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
+                for (i = 0; g.gl_pathv[i]; i++) {
+                        printf("Removing %s\n", g.gl_pathv[i]);
+                        err = do_rm(conn, g.gl_pathv[i]);
+                        if (err != 0 && err_abort)
+                                break;
+                }
+                break;
+        case I_MKDIR:
+                path1 = make_absolute(path1, *pwd);
+                attrib_clear(&a);
+                a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+                a.perm = 0777;
+                err = do_mkdir(conn, path1, &a);
+                break;
+        case I_RMDIR:
+                path1 = make_absolute(path1, *pwd);
+                err = do_rmdir(conn, path1);
+                break;
+        case I_CHDIR:
+                path1 = make_absolute(path1, *pwd);
+                if ((tmp = do_realpath(conn, path1)) == NULL) {
+                        err = 1;
+                        break;
+                }
+                if ((aa = do_stat(conn, tmp, 0)) == NULL) {
+                        xfree(tmp);
+                        err = 1;
+                        break;
+                }
+                if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) {
+                        error("Can't change directory: Can't check target");
+                        xfree(tmp);
+                        err = 1;
+                        break;
+                }
+                if (!S_ISDIR(aa->perm)) {
+                        error("Can't change directory: \"%s\" is not "
+                            "a directory", tmp);
+                        xfree(tmp);
+                        err = 1;
+                        break;
+                }
+                xfree(*pwd);
+                *pwd = tmp;
+                break;
+        case I_LS:
+                if (!path1) {
+                        do_globbed_ls(conn, *pwd, *pwd, lflag);
+                        break;
+                }
+
+                /* Strip pwd off beginning of non-absolute paths */
+                tmp = NULL;
+                if (*path1 != '/')
+                        tmp = *pwd;
+
+                path1 = make_absolute(path1, *pwd);
+                err = do_globbed_ls(conn, path1, tmp, lflag);
+                break;
+        case I_LCHDIR:
+                if (chdir(path1) == -1) {
+                        error("Couldn't change local directory to "
+                            "\"%s\": %s", path1, strerror(errno));
+                        err = 1;
+                }
+                break;
+        case I_LMKDIR:
+                if (mkdir(path1, 0777) == -1) {
+                        error("Couldn't create local directory "
+                            "\"%s\": %s", path1, strerror(errno));
+                        err = 1;
+                }
+                break;
+        case I_LLS:
+                local_do_ls(cmd);
+                break;
+        case I_SHELL:
+                local_do_shell(cmd);
+                break;
+        case I_LUMASK:
+                umask(n_arg);
+                printf("Local umask: %03lo\n", n_arg);
+                break;
+        case I_CHMOD:
+                path1 = make_absolute(path1, *pwd);
+                attrib_clear(&a);
+                a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+                a.perm = n_arg;
+                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
+                for (i = 0; g.gl_pathv[i]; i++) {
+                        printf("Changing mode on %s\n", g.gl_pathv[i]);
+                        err = do_setstat(conn, g.gl_pathv[i], &a);
+                        if (err != 0 && err_abort)
+                                break;
+                }
+                break;
+        case I_CHOWN:
+        case I_CHGRP:
+                path1 = make_absolute(path1, *pwd);
+                remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
+                for (i = 0; g.gl_pathv[i]; i++) {
+                        if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
+                                if (err != 0 && err_abort)
+                                        break;
+                                else
+                                        continue;
+                        }
+                        if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
+                                error("Can't get current ownership of "
+                                    "remote file \"%s\"", g.gl_pathv[i]);
+                                if (err != 0 && err_abort)
+                                        break;
+                                else
+                                        continue;
+                        }
+                        aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
+                        if (cmdnum == I_CHOWN) {
+                                printf("Changing owner on %s\n", g.gl_pathv[i]);
+                                aa->uid = n_arg;
+                        } else {
+                                printf("Changing group on %s\n", g.gl_pathv[i]);
+                                aa->gid = n_arg;
+                        }
+                        err = do_setstat(conn, g.gl_pathv[i], aa);
+                        if (err != 0 && err_abort)
+                                break;
+                }
+                break;
+        case I_PWD:
+                printf("Remote working directory: %s\n", *pwd);
+                break;
+        case I_LPWD:
+                if (!getcwd(path_buf, sizeof(path_buf))) {
+                        error("Couldn't get local cwd: %s", strerror(errno));
+                        err = -1;
+                        break;
+                }
+                printf("Local working directory: %s\n", path_buf);
+                break;
+        case I_QUIT:
+                /* Processed below */
+                break;
+        case I_HELP:
+                help();
+                break;
+        case I_VERSION:
+                printf("SFTP protocol version %u\n", sftp_proto_version(conn));
+                break;
+        case I_PROGRESS:
+                showprogress = !showprogress;
+                if (showprogress)
+                        printf("Progress meter enabled\n");
+                else
+                        printf("Progress meter disabled\n");
+                break;
+        default:
+                fatal("%d is not implemented", cmdnum);
+        }
+
+        if (g.gl_pathc)
+                globfree(&g);
+        if (path1)
+                xfree(path1);
+        if (path2)
+                xfree(path2);
+
+        /* If an unignored error occurs in batch mode we should abort. */
+        if (err_abort && err != 0)
+                return (-1);
+        else if (cmdnum == I_QUIT)
+                return (1);
+
+        return (0);
+}
+
+int
+interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
+{
+        char *pwd;
+        char *dir = NULL;
+        char cmd[2048];
+        struct sftp_conn *conn;
+        int err;
+
+        conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests);
+        if (conn == NULL)
+                fatal("Couldn't initialise connection to server");
+
+        pwd = do_realpath(conn, ".");
+        if (pwd == NULL)
+                fatal("Need cwd");
+
+        if (file1 != NULL) {
+                dir = xstrdup(file1);
+                dir = make_absolute(dir, pwd);
+
+                if (remote_is_dir(conn, dir) && file2 == NULL) {
+                        printf("Changing to: %s\n", dir);
+                        snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
+                        if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0)
+                                return (-1);
+                } else {
+                        if (file2 == NULL)
+                                snprintf(cmd, sizeof cmd, "get %s", dir);
+                        else
+                                snprintf(cmd, sizeof cmd, "get %s %s", dir,
+                                    file2);
+
+                        err = parse_dispatch_command(conn, cmd, &pwd, 1);
+                        xfree(dir);
+                        xfree(pwd);
+                        return (err);
+                }
+                xfree(dir);
+        }
+
+#if HAVE_SETVBUF
+        setvbuf(stdout, NULL, _IOLBF, 0);
+        setvbuf(infile, NULL, _IOLBF, 0);
+#else
+       setlinebuf(stdout);
+       setlinebuf(infile);
+#endif
+
+        err = 0;
+        for (;;) {
+                char *cp;
+
+                printf("sftp> ");
+
+                /* XXX: use libedit */
+                if (fgets(cmd, sizeof(cmd), infile) == NULL) {
+                        printf("\n");
+                        break;
+                }
+
+                if (batchmode) /* Echo command */
+                        printf("%s", cmd);
+
+                cp = strrchr(cmd, '\n');
+                if (cp)
+                        *cp = '\0';
+
+                err = parse_dispatch_command(conn, cmd, &pwd, batchmode);
+                if (err != 0)
+                        break;
+        }
+        xfree(pwd);
+
+        /* err == 1 signifies normal "quit" exit */
+        return (err >= 0 ? 0 : -1);
+}
 
 static void
 killchild(int signo)
@@ -112,10 +1267,12 @@ usage(void)
         extern char *__progname;
 
         fprintf(stderr,
-            "usage: %s [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server]\n"
-            "            [-B buffer_size] [-F ssh_config] [-P sftp_server path]\n"
-            "            [-R num_requests] [-S program]\n"
-            "            [user@]host[:file [file]]\n", __progname);
+            "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n"
+            "            [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n"
+            "            [-S program] [-s subsystem | sftp_server] host\n"
+            "       %s [[user@]host[:file [file]]]\n"
+            "       %s [[user@]host[:dir[/]]]\n"
+            "       %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname);
         exit(1);
 }
 
@@ -138,8 +1295,9 @@ main(int argc, char **argv)
         addargs(&args, "-oForwardX11 no");
         addargs(&args, "-oForwardAgent no");
         addargs(&args, "-oClearAllForwardings yes");
+
         ll = SYSLOG_LEVEL_INFO;
-        infile = stdin;         /* Read from STDIN unless changed by -b */
+        infile = stdin;
 
         while ((ch = getopt(argc, argv, "1hvCo:s:S:b:B:F:P:R:")) != -1) {
                 switch (ch) {
@@ -169,13 +1327,15 @@ main(int argc, char **argv)
                         ssh_program = optarg;
                         break;
                 case 'b':
-                        if (infile == stdin) {
-                                infile = fopen(optarg, "r");
-                                if (infile == NULL)
-                                        fatal("%s (%s).", strerror(errno), optarg);
-                        } else
-                                fatal("Filename already specified.");
+                        if (batchmode)
+                                fatal("Batch file already specified.");
+
+                        /* Allow "-" as stdin */
+                        if (strcmp(optarg, "-") != 0 && 
+                           (infile = fopen(optarg, "r")) == NULL)
+                                fatal("%s (%s).", strerror(errno), optarg);
                         showprogress = 0;
+                        batchmode = 1;
                         break;
                 case 'P':
                         sftp_direct = optarg;
@@ -206,11 +1366,6 @@ main(int argc, char **argv)
                 userhost = xstrdup(argv[optind]);
                 file2 = argv[optind+1];
 
-                if ((cp = colon(userhost)) != NULL) {
-                        *cp++ = '\0';
-                        file1 = cp;
-                }
-
                 if ((host = strrchr(userhost, '@')) == NULL)
                         host = userhost;
                 else {
@@ -222,6 +1377,11 @@ main(int argc, char **argv)
                         addargs(&args, "-l%s",userhost);
                 }
 
+                if ((cp = colon(host)) != NULL) {
+                        *cp++ = '\0';
+                        file1 = cp;
+                }
+
                 host = cleanhostname(host);
                 if (!*host) {
                         fprintf(stderr, "Missing hostname\n");
@@ -239,26 +1399,28 @@ main(int argc, char **argv)
                     sftp_server : "sftp"));
                 args.list[0] = ssh_program;
 
-                fprintf(stderr, "Connecting to %s...\n", host);
+                if (!batchmode)
+                        fprintf(stderr, "Connecting to %s...\n", host);
                 connect_to_server(ssh_program, args.list, &in, &out);
         } else {
                 args.list = NULL;
                 addargs(&args, "sftp-server");
 
-                fprintf(stderr, "Attaching to %s...\n", sftp_direct);
+                if (!batchmode)
+                        fprintf(stderr, "Attaching to %s...\n", sftp_direct);
                 connect_to_server(sftp_direct, args.list, &in, &out);
         }
 
         err = interactive_loop(in, out, file1, file2);
 
 #if !defined(USE_PIPES)
-        shutdown(in, SHUT_RDWR);
-        shutdown(out, SHUT_RDWR);
+       shutdown(in, SHUT_RDWR);
+       shutdown(out, SHUT_RDWR);
 #endif
 
         close(in);
         close(out);
-        if (infile != stdin)
+        if (batchmode)
                 fclose(infile);
 
         while (waitpid(sshpid, NULL, 0) == -1)
diff --git a/ssh-add.0 b/ssh-add.0
index 95929d4d3..93116334b 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -1,4 +1,4 @@
-SSH-ADD(1)                BSD General Commands Manual               SSH-ADD(1)
+SSH-ADD(1)                 OpenBSD Reference Manual                 SSH-ADD(1)
 
 NAME
      ssh-add - adds RSA or DSA identities to the authentication agent
@@ -14,11 +14,11 @@ DESCRIPTION
      $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity.  Alterna-
      tive file names can be given on the command line.  If any file requires a
      passphrase, ssh-add asks for the passphrase from the user.  The
-     passphrase is read from the userM-bM-^@M-^Ys tty.  ssh-add retries the last
+     passphrase is read from the user's tty.  ssh-add retries the last
      passphrase if multiple identity files are given.
 
-     The authentication agent must be running and must be an ancestor of the
-     current process for ssh-add to work.
+     The authentication agent must be running and the SSH_AUTH_SOCK environ-
+     ment variable must contain the name of its socket for ssh-add to work.
 
      The options are as follows:
 
@@ -99,4 +99,4 @@ AUTHORS
      ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                             2
diff --git a/ssh-add.1 b/ssh-add.1
index fe0190859..6348197b3 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-add.1,v 1.39 2003/06/10 09:12:11 jmc Exp $
+.\"     $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -69,8 +69,9 @@ The passphrase is read from the user's tty.
 .Nm
 retries the last passphrase if multiple identity files are given.
 .Pp
-The authentication agent must be running and must be an ancestor of
-the current process for
+The authentication agent must be running and the
+.Ev SSH_AUTH_SOCK
+environment variable must contain the name of its socket for
 .Nm
 to work.
 .Pp
diff --git a/ssh-add.c b/ssh-add.c
index 2e394e5c1..e7699c95c 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.68 2003/06/16 10:22:45 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $");
 
 #include <openssl/evp.h>
 
@@ -169,14 +169,14 @@ add_file(AuthenticationConnection *ac, const char *filename)
                 }
         }
 
-        if (ssh_add_identity_constrained(ac, private, comment, lifetime,
-            confirm)) {
+        if (ssh_add_identity_constrained(ac, private, comment, lifetime,
+            confirm)) {
                 fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
                 ret = 0;
                 if (lifetime != 0)
                         fprintf(stderr,
                             "Lifetime set to %d seconds\n", lifetime);
-                if (confirm != 0)
+                if (confirm != 0)
                         fprintf(stderr,
                             "The user has to confirm each use of the key\n");
         } else if (ssh_add_identity(ac, private, comment)) {
diff --git a/ssh-agent.c b/ssh-agent.c
index c05c61468..e5232fc9b 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.111 2003/06/12 19:12:03 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -179,7 +179,7 @@ confirm_key(Identity *id)
         p = read_passphrase(prompt, RP_ALLOW_EOF);
         if (p != NULL) {
                 /*
-                 * Accept empty responses and responses consisting 
+                 * Accept empty responses and responses consisting
                  * of the word "yes" as affirmative.
                  */
                 if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
@@ -784,7 +784,7 @@ process_message(SocketEntry *e)
 static void
 new_socket(sock_type type, int fd)
 {
-        u_int i, old_alloc;
+        u_int i, old_alloc, new_alloc;
 
         if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
                 error("fcntl O_NONBLOCK: %s", strerror(errno));
@@ -795,25 +795,26 @@ new_socket(sock_type type, int fd)
         for (i = 0; i < sockets_alloc; i++)
                 if (sockets[i].type == AUTH_UNUSED) {
                         sockets[i].fd = fd;
-                        sockets[i].type = type;
                         buffer_init(&sockets[i].input);
                         buffer_init(&sockets[i].output);
                         buffer_init(&sockets[i].request);
+                        sockets[i].type = type;
                         return;
                 }
         old_alloc = sockets_alloc;
-        sockets_alloc += 10;
+        new_alloc = sockets_alloc + 10;
         if (sockets)
-                sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
+                sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
         else
-                sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
-        for (i = old_alloc; i < sockets_alloc; i++)
+                sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+        for (i = old_alloc; i < new_alloc; i++)
                 sockets[i].type = AUTH_UNUSED;
-        sockets[old_alloc].type = type;
+        sockets_alloc = new_alloc;
         sockets[old_alloc].fd = fd;
         buffer_init(&sockets[old_alloc].input);
         buffer_init(&sockets[old_alloc].output);
         buffer_init(&sockets[old_alloc].request);
+        sockets[old_alloc].type = type;
 }
 
 static int
@@ -948,7 +949,7 @@ after_select(fd_set *readset, fd_set *writeset)
 }
 
 static void
-cleanup_socket(void *p)
+cleanup_socket(void)
 {
         if (socket_name[0])
                 unlink(socket_name);
@@ -956,17 +957,17 @@ cleanup_socket(void *p)
                 rmdir(socket_dir);
 }
 
-static void
+void
 cleanup_exit(int i)
 {
-        cleanup_socket(NULL);
-        exit(i);
+        cleanup_socket();
+        _exit(i);
 }
 
 static void
 cleanup_handler(int sig)
 {
-        cleanup_socket(NULL);
+        cleanup_socket();
         _exit(2);
 }
 
@@ -1099,7 +1100,7 @@ main(int ac, char **av)
 
         if (agentsocket == NULL) {
                 /* Create private directory for agent socket */
-                strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir);
+                strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir);
                 if (mkdtemp(socket_dir) == NULL) {
                         perror("mkdtemp: private socket dir");
                         exit(1);
@@ -1137,7 +1138,7 @@ main(int ac, char **av)
 #ifdef HAVE_CYGWIN
         umask(prev_mask);
 #endif
-        if (listen(sock, 128) < 0) {
+        if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                 perror("listen");
                 cleanup_exit(1);
         }
@@ -1208,7 +1209,6 @@ main(int ac, char **av)
 #endif
 
 skip:
-        fatal_add_cleanup(cleanup_socket, NULL);
         new_socket(AUTH_SOCKET, sock);
         if (ac > 0) {
                 mysignal(SIGALRM, check_parent_exists);
diff --git a/ssh-dss.c b/ssh-dss.c
index 6cedcc4dc..381b7dedb 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -39,8 +39,8 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
 #define SIGBLOB_LEN     (2*INTBLOB_LEN)
 
 int
-ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
         DSA_SIG *sig;
         const EVP_MD *evp_md = EVP_sha1();
@@ -101,8 +101,8 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
         return 0;
 }
 int
-ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
         DSA_SIG *sig;
         const EVP_MD *evp_md = EVP_sha1();
@@ -119,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 
         /* fetch signature */
         if (datafellows & SSH_BUG_SIGBLOB) {
-                sigblob = signature;
+                sigblob = xmalloc(signaturelen);
+                memcpy(sigblob, signature, signaturelen);
                 len = signaturelen;
         } else {
                 /* ietf-drafts */
@@ -159,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
         BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
         BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
 
-        if (!(datafellows & SSH_BUG_SIGBLOB)) {
-                memset(sigblob, 0, len);
-                xfree(sigblob);
-        }
+        /* clean up */
+        memset(sigblob, 0, len);
+        xfree(sigblob);
 
         /* sha1 the data */
         EVP_DigestInit(&md, evp_md);
diff --git a/ssh-gss.h b/ssh-gss.h
index 6b58adb3a..4f032aa8f 100644
--- a/ssh-gss.h
+++ b/ssh-gss.h
@@ -1,3 +1,4 @@
+/*      $OpenBSD: ssh-gss.h,v 1.4 2003/11/17 11:06:07 markus Exp $      */
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
  *
@@ -29,11 +30,19 @@
 
 #include "buffer.h"
 
+#ifdef HAVE_GSSAPI_H
 #include <gssapi.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_H)
+#include <gssapi/gssapi.h>
+#endif
 
 #ifdef KRB5
-#ifndef HEIMDAL
-#include <gssapi_generic.h>
+# ifndef HEIMDAL
+#  ifdef HAVE_GSSAPI_GENERIC_H
+#   include <gssapi_generic.h>
+#  elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
+#   include <gssapi/gssapi_generic.h>
+#  endif
 
 /* MIT Kerberos doesn't seem to define GSS_NT_HOSTBASED_SERVICE */
 
@@ -49,6 +58,7 @@
 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE      63
 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR                  64
 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK                 65
+#define SSH2_MSG_USERAUTH_GSSAPI_MIC                    66
 
 #define SSH_GSS_OIDTYPE 0x06
 
@@ -107,13 +117,15 @@ void ssh_gssapi_error(Gssctxt *ctx);
 char *ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
 void ssh_gssapi_build_ctx(Gssctxt **ctx);
 void ssh_gssapi_delete_ctx(Gssctxt **ctx);
+OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
 OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid);
+void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
 
 /* In the server */
 int ssh_gssapi_userok(char *name);
-
+OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
 void ssh_gssapi_do_child(char ***envp, u_int *envsizep);
-void ssh_gssapi_cleanup_creds(void *ignored);
+void ssh_gssapi_cleanup_creds(void);
 void ssh_gssapi_storecreds(void);
 
 #endif /* GSSAPI */
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 2db957554..d4fcc682b 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -1,4 +1,4 @@
-SSH-KEYGEN(1)             BSD General Commands Manual            SSH-KEYGEN(1)
+SSH-KEYGEN(1)              OpenBSD Reference Manual              SSH-KEYGEN(1)
 
 NAME
      ssh-keygen - authentication key generation, management and conversion
@@ -16,8 +16,9 @@ SYNOPSIS
      ssh-keygen -D reader
      ssh-keygen -U reader [-f input_keyfile]
      ssh-keygen -r hostname [-f input_keyfile] [-g]
-     ssh-keygen -G output_file [-b bits] [-M memory] [-S start_point]
-     ssh-keygen -T output_file -f input_file [-a num_trials] [-W generator]
+     ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
+     ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-W
+                generator]
 
 DESCRIPTION
      ssh-keygen generates, manages and converts authentication keys for
@@ -35,17 +36,17 @@ DESCRIPTION
 
      Normally this program generates the key and asks for a file in which to
      store the private key.  The public key is stored in a file with the same
-     name but M-bM-^@M-^\.pubM-bM-^@M-^] appended.  The program also asks for a passphrase.  The
+     name but ``.pub'' appended.  The program also asks for a passphrase.  The
      passphrase may be empty to indicate no passphrase (host keys must have an
      empty passphrase), or it may be a string of arbitrary length.  A
-     passphrase is similar to a password, except it can be a phrase with a
-     series of words, punctuation, numbers, whitespace, or any string of char-
-     acters you want.  Good passphrases are 10-30 characters long, are not
-     simple sentences or otherwise easily guessable (English prose has only
-     1-2 bits of entropy per character, and provides very bad passphrases),
-     and contain a mix of upper and lowercase letters, numbers, and non-
-     alphanumeric characters.  The passphrase can be changed later by using
-     the -p option.
+     passphrase is similar to a password, except it can be a phrase with a se-
+     ries of words, punctuation, numbers, whitespace, or any string of charac-
+     ters you want.  Good passphrases are 10-30 characters long, are not sim-
+     ple sentences or otherwise easily guessable (English prose has only 1-2
+     bits of entropy per character, and provides very bad passphrases), and
+     contain a mix of upper and lowercase letters, numbers, and non-alphanu-
+     meric characters.  The passphrase can be changed later by using the -p
+     option.
 
      There is no way to recover a lost passphrase.  If the passphrase is lost
      or forgotten, a new key must be generated and copied to the corresponding
@@ -54,8 +55,8 @@ DESCRIPTION
      For RSA1 keys, there is also a comment field in the key file that is only
      for convenience to the user to help identify the key.  The comment can
      tell what the key is for, or whatever is useful.  The comment is initial-
-     ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the
-     -c option.
+     ized to ``user@host'' when the key is created, but can be changed using
+     the -c option.
 
      After a key is generated, instructions below detail where the keys should
      be placed to be activated.
@@ -77,7 +78,7 @@ DESCRIPTION
              the passphrase if the key has one, and for the new comment.
 
      -e      This option will read a private or public OpenSSH key file and
-             print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout.
+             print the key in a `SECSH Public Key File Format' to stdout.
              This option allows exporting keys for use by several commercial
              SSH implementations.
 
@@ -88,8 +89,8 @@ DESCRIPTION
 
      -i      This option will read an unencrypted private (or public) key file
              in SSH2-compatible format and print an OpenSSH compatible private
-             (or public) key to stdout.  ssh-keygen also reads the M-bM-^@M-^XSECSH
-             Public Key File FormatM-bM-^@M-^Y.  This option allows importing keys from
+             (or public) key to stdout.  ssh-keygen also reads the `SECSH
+             Public Key File Format'.  This option allows importing keys from
              several commercial SSH implementations.
 
      -l      Show fingerprint of specified public key file.  Private RSA1 keys
@@ -108,8 +109,8 @@ DESCRIPTION
 
      -t type
              Specifies the type of the key to create.  The possible values are
-             M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol
-             version 2.
+             ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto-
+             col version 2.
 
      -B      Show the bubblebabble digest of specified private or public key
              file.
@@ -149,15 +150,20 @@ DESCRIPTION
      -U reader
              Upload an existing RSA private key into the smartcard in reader.
 
+     -v      Verbose mode.  Causes ssh-keygen to print debugging messages
+             about its progress.  This is helpful for debugging moduli genera-
+             tion.  Multiple -v options increase the verbosity.  The maximum
+             is 3.
+
      -r hostname
              Print DNS resource record with the specified hostname.
 
 MODULI GENERATION
      ssh-keygen may be used to generate groups for the Diffie-Hellman Group
      Exchange (DH-GEX) protocol.  Generating these groups is a two-step pro-
-     cess: first, candidate primes are generated using a fast, but memory
-     intensive process.  These candidate primes are then tested for suitabil-
-     ity (a CPU-intensive process).
+     cess: first, candidate primes are generated using a fast, but memory in-
+     tensive process.  These candidate primes are then tested for suitability
+     (a CPU-intensive process).
 
      Generation of primes is performed using the -G option.  The desired
      length of the primes may be specified by the -b option.  For example:
@@ -188,8 +194,8 @@ MODULI GENERATION
 FILES
      $HOME/.ssh/identity
              Contains the protocol version 1 RSA authentication identity of
-             the user.  This file should not be readable by anyone but the
-             user.  It is possible to specify a passphrase when generating the
+             the user.  This file should not be readable by anyone but the us-
+             er.  It is possible to specify a passphrase when generating the
              key; that passphrase will be used to encrypt the private part of
              this file using 3DES.  This file is not automatically accessed by
              ssh-keygen but it is offered as the default file for the private
@@ -204,8 +210,8 @@ FILES
 
      $HOME/.ssh/id_dsa
              Contains the protocol version 2 DSA authentication identity of
-             the user.  This file should not be readable by anyone but the
-             user.  It is possible to specify a passphrase when generating the
+             the user.  This file should not be readable by anyone but the us-
+             er.  It is possible to specify a passphrase when generating the
              key; that passphrase will be used to encrypt the private part of
              this file using 3DES.  This file is not automatically accessed by
              ssh-keygen but it is offered as the default file for the private
@@ -220,8 +226,8 @@ FILES
 
      $HOME/.ssh/id_rsa
              Contains the protocol version 2 RSA authentication identity of
-             the user.  This file should not be readable by anyone but the
-             user.  It is possible to specify a passphrase when generating the
+             the user.  This file should not be readable by anyone but the us-
+             er.  It is possible to specify a passphrase when generating the
              key; that passphrase will be used to encrypt the private part of
              this file using 3DES.  This file is not automatically accessed by
              ssh-keygen but it is offered as the default file for the private
@@ -241,14 +247,14 @@ FILES
 SEE ALSO
      ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
 
-     J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf-
+     J. Galbraith, and R. Thayer, SECSH Public Key File Format, draft-ietf-
      secsh-publickeyfile-01.txt, March 2001, work in progress material.
 
 AUTHORS
      OpenSSH is a derivative of the original and free ssh 1.2.12 release by
      Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
-     de Raadt and Dug Song removed many bugs, re-added newer features and cre-
-     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
+     de Raadt and Dug Song removed many bugs, re-added newer features and
+     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                             4
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index dc4bcacd0..6dd615428 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -89,12 +89,14 @@
 .Op Fl g
 .Nm ssh-keygen
 .Fl G Ar output_file
+.Op Fl v
 .Op Fl b Ar bits
 .Op Fl M Ar memory
 .Op Fl S Ar start_point
 .Nm ssh-keygen
 .Fl T Ar output_file
 .Fl f Ar input_file
+.Op Fl v
 .Op Fl a Ar num_trials
 .Op Fl W Ar generator
 .Sh DESCRIPTION
@@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX.
 .It Fl U Ar reader
 Upload an existing RSA private key into the smartcard in
 .Ar reader .
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful for debugging moduli generation.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
 .It Fl r Ar hostname
 Print DNS resource record with the specified
 .Ar hostname .
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e74d3cd37..1156a010a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $");
 #ifdef SMARTCARD
 #include "scard.h"
 #endif
-#ifdef DNS
 #include "dns.h"
-#endif
 
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
 int bits = 1024;
@@ -191,8 +189,8 @@ do_convert_to_ssh2(struct passwd *pw)
 static void
 buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
 {
-        int bits = buffer_get_int(b);
-        int bytes = (bits + 7) / 8;
+        u_int bits = buffer_get_int(b);
+        u_int bytes = (bits + 7) / 8;
 
         if (buffer_len(b) < bytes)
                 fatal("buffer_get_bignum_bits: input buffer too small: "
@@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw)
         exit(0);
 }
 
-#ifdef DNS
 /*
  * Print the SSHFP RR.
  */
@@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname)
         printf("failed to read v2 public key from %s.\n", identity_file);
         exit(1);
 }
-#endif /* DNS */
 
 /*
  * Change the comment of a private key file.
@@ -774,9 +770,7 @@ usage(void)
         fprintf(stderr, "  -C comment  Provide new comment.\n");
         fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
         fprintf(stderr, "  -P phrase   Provide old passphrase.\n");
-#ifdef DNS
         fprintf(stderr, "  -r hostname Print DNS resource record.\n");
-#endif /* DNS */
 #ifdef SMARTCARD
         fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
         fprintf(stderr, "  -U reader   Upload private key to smartcard.\n");
@@ -803,6 +797,7 @@ main(int ac, char **av)
         int opt, type, fd, download = 0, memory = 0;
         int generator_wanted = 0, trials = 100;
         int do_gen_candidates = 0, do_screen_candidates = 0;
+        int log_level = SYSLOG_LEVEL_INFO;
         BIGNUM *start = NULL;
         FILE *f;
 
@@ -829,7 +824,7 @@ main(int ac, char **av)
         }
 
         while ((opt = getopt(ac, av,
-            "degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
+            "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
                 switch (opt) {
                 case 'b':
                         bits = atoi(optarg);
@@ -897,6 +892,15 @@ main(int ac, char **av)
                 case 'U':
                         reader_id = optarg;
                         break;
+                case 'v':
+                        if (log_level == SYSLOG_LEVEL_INFO)
+                                log_level = SYSLOG_LEVEL_DEBUG1;
+                        else {
+                                if (log_level >= SYSLOG_LEVEL_DEBUG1 && 
+                                    log_level < SYSLOG_LEVEL_DEBUG3)
+                                        log_level++;
+                        }
+                        break;
                 case 'r':
                         resource_record_hostname = optarg;
                         break;
@@ -908,13 +912,13 @@ main(int ac, char **av)
                 case 'a':
                         trials = atoi(optarg);
                         if (trials < TRIAL_MINIMUM) {
-                                fatal("Minimum primality trials is %d", 
+                                fatal("Minimum primality trials is %d",
                                     TRIAL_MINIMUM);
                         }
                         break;
                 case 'M':
                         memory = atoi(optarg);
-                        if (memory != 0 && 
+                        if (memory != 0 &&
                            (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
                                 fatal("Invalid memory amount (min %ld, max %ld)",
                                     LARGE_MINIMUM, LARGE_MAXIMUM);
@@ -938,6 +942,10 @@ main(int ac, char **av)
                         usage();
                 }
         }
+
+        /* reinit */
+        log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+
         if (optind < ac) {
                 printf("Too many arguments.\n");
                 usage();
@@ -959,11 +967,7 @@ main(int ac, char **av)
         if (print_public)
                 do_print_public(pw);
         if (resource_record_hostname != NULL) {
-#ifdef DNS
                 do_print_resource_record(pw, resource_record_hostname);
-#else /* DNS */
-                fatal("no DNS support.");
-#endif /* DNS */
         }
         if (reader_id != NULL) {
 #ifdef SMARTCARD
@@ -978,7 +982,7 @@ main(int ac, char **av)
 
         if (do_gen_candidates) {
                 FILE *out = fopen(out_file, "w");
-                
+
                 if (out == NULL) {
                         error("Couldn't open modulus candidate file \"%s\": %s",
                             out_file, strerror(errno));
@@ -997,7 +1001,7 @@ main(int ac, char **av)
                 if (have_identity && strcmp(identity_file, "-") != 0) {
                         if ((in = fopen(identity_file, "r")) == NULL) {
                                 fatal("Couldn't open modulus candidate "
-                                    "file \"%s\": %s", identity_file, 
+                                    "file \"%s\": %s", identity_file,
                                     strerror(errno));
                         }
                 } else
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index e541b4709..6fc624c63 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.46 2003/11/23 23:17:34 djm Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -214,13 +214,11 @@ fdlim_get(int hard)
         if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
                 return (-1);
         if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
-                return 10000;
+                return SSH_SYSFDMAX;
         else
                 return hard ? rlfd.rlim_max : rlfd.rlim_cur;
-#elif defined (HAVE_SYSCONF)
-        return sysconf (_SC_OPEN_MAX);
 #else
-        return 10000;
+        return SSH_SYSFDMAX;
 #endif
 }
 
@@ -675,7 +673,7 @@ fatal(const char *fmt,...)
         if (nonfatal_fatal)
                 longjmp(kexjmp, -1);
         else
-                fatal_cleanup();
+                exit(255);
 }
 
 static void
diff --git a/ssh-keysign.c b/ssh-keysign.c
index c7ca5c4e4..9e9ebe2f1 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.13 2003/07/03 08:09:06 djm Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -126,6 +126,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data,
         /* end of message */
         if (buffer_len(&b) != 0)
                 fail++;
+        buffer_free(&b);
 
         debug3("valid_request: fail %d", fail);
 
@@ -233,7 +234,8 @@ main(int argc, char **argv)
         /* send reply */
         buffer_clear(&b);
         buffer_put_string(&b, signature, slen);
-        ssh_msg_send(STDOUT_FILENO, version, &b);
+        if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1)
+                fatal("ssh_msg_send failed");
 
         return (0);
 }
diff --git a/ssh-rand-helper.8 b/ssh-rand-helper.8
index a89185c0a..df559d332 100644
--- a/ssh-rand-helper.8
+++ b/ssh-rand-helper.8
@@ -1,4 +1,4 @@
-.\" $Id: ssh-rand-helper.8,v 1.1 2002/04/14 09:27:13 djm Exp $
+.\" $Id: ssh-rand-helper.8,v 1.2 2003/11/21 12:48:56 djm Exp $
 .\"
 .\" Copyright (c) 2002 Damien Miller.  All rights reserved.
 .\"
@@ -34,22 +34,22 @@
 .Op Fl b Ar bytes
 .Sh DESCRIPTION
 .Nm
-is a small helper program used by 
+is a small helper program used by
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
-.Xr ssh-keyscan 1 
+.Xr ssh-keyscan 1
 and
 .Xr sshd 8
-to gather random numbers of cryptographic quality if the 
+to gather random numbers of cryptographic quality if the
 .Xr openssl 4
 library has not been configured to provide them itself.
 .Pp
-Normally 
+Normally
 .Nm
 will generate a strong random seed and provide it to the calling
-program via standard output. If standard output is a tty, 
+program via standard output. If standard output is a tty,
 .Nm
 will instead print the seed in hexidecimal format unless told otherwise.
 .Pp
@@ -57,19 +57,19 @@ will instead print the seed in hexidecimal format unless told otherwise.
 will by default gather random numbers from the system commands listed
 in
 .Pa /etc/ssh/ssh_prng_cmds .
-The output of each of the commands listed will be hashed and used to 
-generate a random seed for the calling program. 
+The output of each of the commands listed will be hashed and used to
+generate a random seed for the calling program.
 .Nm
-will also store seed files in 
+will also store seed files in
 .Pa ~/.ssh/prng_seed
 between executions.
 .Pp
-Alternately, 
+Alternately,
 .Nm
-may be configured at build time to collect random numbers from a 
+may be configured at build time to collect random numbers from a
 EGD/PRNGd server via a unix domain or localhost tcp socket.
 .Pp
-This program is not intended to be run by the end-user, so the few 
+This program is not intended to be run by the end-user, so the few
 commandline options are for debugging purposes only.
 .Bl -tag -width Ds
 .It Fl b Ar bytes
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 7e65e4569..8a320a71e 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
 #include "pathnames.h"
 #include "log.h"
 
-RCSID("$Id: ssh-rand-helper.c,v 1.13 2003/08/21 23:34:41 djm Exp $");
+RCSID("$Id: ssh-rand-helper.c,v 1.16 2003/11/21 12:56:47 djm Exp $");
 
 /* Number of bytes we write out */
 #define OUTPUT_SEED_SIZE        48
@@ -115,19 +115,19 @@ double stir_gettimeofday(double entropy_estimate);
 double stir_clock(double entropy_estimate);
 double stir_rusage(int who, double entropy_estimate);
 double hash_command_output(entropy_cmd_t *src, unsigned char *hash);
-int get_random_bytes_prngd(unsigned char *buf, int len, 
+int get_random_bytes_prngd(unsigned char *buf, int len,
     unsigned short tcp_port, char *socket_path);
 
 /*
  * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
  * listening either on 'tcp_port', or via Unix domain socket at *
  * 'socket_path'.
- * Either a non-zero tcp_port or a non-null socket_path must be 
+ * Either a non-zero tcp_port or a non-null socket_path must be
  * supplied.
  * Returns 0 on success, -1 on error
  */
 int
-get_random_bytes_prngd(unsigned char *buf, int len, 
+get_random_bytes_prngd(unsigned char *buf, int len,
     unsigned short tcp_port, char *socket_path)
 {
         int fd, addr_len, rval, errors;
@@ -289,7 +289,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
         if (devnull == -1) {
                 devnull = open("/dev/null", O_RDWR);
                 if (devnull == -1)
-                        fatal("Couldn't open /dev/null: %s", 
+                        fatal("Couldn't open /dev/null: %s",
                             strerror(errno));
         }
 
@@ -314,7 +314,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
 
                         execv(src->path, (char**)(src->args));
 
-                        debug("(child) Couldn't exec '%s': %s", 
+                        debug("(child) Couldn't exec '%s': %s",
                             src->cmdstring, strerror(errno));
                         _exit(-1);
                 default: /* Parent */
@@ -376,7 +376,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
                 case -1:
                 default:
                         /* error */
-                        debug("Command '%s': select() failed: %s", 
+                        debug("Command '%s': select() failed: %s",
                             src->cmdstring, strerror(errno));
                         error_abort = 1;
                         break;
@@ -400,8 +400,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
         if (error_abort) {
                 /*
                  * Closing p[0] on timeout causes the entropy command to
-                 * SIGPIPE. Take whatever output we got, and mark this 
-                 * command as slow 
+                 * SIGPIPE. Take whatever output we got, and mark this
+                 * command as slow
                  */
                 debug2("Command '%s' timed out", src->cmdstring);
                 src->sticky_badness *= 2;
@@ -479,7 +479,7 @@ stir_from_programs(void)
                         /* Stir it in */
                         RAND_add(hash, sizeof(hash), entropy);
 
-                        debug3("Got %0.2f bytes of entropy from '%s'", 
+                        debug3("Got %0.2f bytes of entropy from '%s'",
                             entropy, entropy_cmds[c].cmdstring);
 
                         total_entropy += entropy;
@@ -491,7 +491,7 @@ stir_from_programs(void)
                         total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1);
                 } else {
                         debug2("Command '%s' disabled (badness %d)",
-                            entropy_cmds[c].cmdstring, 
+                            entropy_cmds[c].cmdstring,
                             entropy_cmds[c].badness);
 
                         if (entropy_cmds[c].badness > 0)
@@ -511,8 +511,8 @@ prng_check_seedfile(char *filename)
         struct stat st;
 
         /*
-         * XXX raceable: eg replace seed between this stat and subsequent 
-         * open. Not such a problem because we don't really trust the 
+         * XXX raceable: eg replace seed between this stat and subsequent
+         * open. Not such a problem because we don't really trust the
          * seed file anyway.
          * XXX: use secure path checking as elsewhere in OpenSSH
          */
@@ -563,7 +563,7 @@ prng_write_seedfile(void)
         debug("writing PRNG seed to file %.100s", filename);
 
         if (RAND_bytes(seed, sizeof(seed)) <= 0)
-                fatal("PRNG seed extration failed");
+                fatal("PRNG seed extraction failed");
 
         /* Don't care if the seed doesn't exist */
         prng_check_seedfile(filename);
@@ -651,7 +651,7 @@ prng_read_commands(char *cmdfilename)
                         continue; /* done with this line */
 
                 /*
-                 * The first non-whitespace char should be a double quote 
+                 * The first non-whitespace char should be a double quote
                  * delimiting the commandline
                  */
                 if (*cp != '"') {
@@ -726,7 +726,7 @@ prng_read_commands(char *cmdfilename)
 
                 /*
                  * If we've filled the array, reallocate it twice the size
-                 * Do this now because even if this we're on the last 
+                 * Do this now because even if this we're on the last
                  * command we need another slot to mark the last entry
                  */
                 if (cur_cmd == num_cmds) {
@@ -761,7 +761,7 @@ usage(void)
             OUTPUT_SEED_SIZE);
 }
 
-int 
+int
 main(int argc, char **argv)
 {
         unsigned char *buf;
@@ -779,7 +779,7 @@ main(int argc, char **argv)
         /* Don't write binary data to a tty, unless we are forced to */
         if (isatty(STDOUT_FILENO))
                 output_hex = 1;
-        
+
         while ((ch = getopt(argc, argv, "vxXhb:")) != -1) {
                 switch (ch) {
                 case 'v':
@@ -806,7 +806,7 @@ main(int argc, char **argv)
         }
 
         log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1);
-        
+
 #ifdef USE_SEED_FILES
         prng_read_seedfile();
 #endif
@@ -816,11 +816,11 @@ main(int argc, char **argv)
         /*
          * Seed the RNG from wherever we can
          */
-         
+
         /* Take whatever is on the stack, but don't credit it */
         RAND_add(buf, bytes, 0);
 
-        debug("Seeded RNG with %i bytes from system calls", 
+        debug("Seeded RNG with %i bytes from system calls",
             (int)stir_from_system());
 
 #ifdef PRNGD_PORT
@@ -835,7 +835,7 @@ main(int argc, char **argv)
         /* Read in collection commands */
         if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
                 fatal("PRNG initialisation failed -- exiting.");
-        debug("Seeded RNG with %i bytes from programs", 
+        debug("Seeded RNG with %i bytes from programs",
             (int)stir_from_programs());
 #endif
 
@@ -859,9 +859,9 @@ main(int argc, char **argv)
                 printf("\n");
         } else
                 ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes);
-                
+
         memset(buf, '\0', bytes);
         xfree(buf);
-        
+
         return ret == bytes ? 0 : 1;
 }
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 53e5023f7..6e3be0a7e 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.30 2003/06/18 11:28:11 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -31,8 +31,8 @@ static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
 
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
-ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
         const EVP_MD *evp_md;
         EVP_MD_CTX md;
@@ -96,8 +96,8 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
 }
 
 int
-ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
         Buffer b;
         const EVP_MD *evp_md;
diff --git a/ssh.0 b/ssh.0
index 972ac45c7..4f5a282f8 100644
--- a/ssh.0
+++ b/ssh.0
@@ -1,32 +1,33 @@
-SSH(1)                    BSD General Commands Manual                   SSH(1)
+SSH(1)                     OpenBSD Reference Manual                     SSH(1)
 
 NAME
      ssh - OpenSSH SSH client (remote login program)
 
 SYNOPSIS
-     ssh [-l login_name] hostname | user@hostname [command]
-
-     ssh [-afgknqstvxACNTVX1246] [-b bind_address] [-c cipher_spec]
-         [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec]
-         [-o option] [-p port] [-F configfile] [-L port:host:hostport]
-         [-R port:host:hostport] [-D port] hostname | user@hostname [command]
+     ssh [-1246AaCfgkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port]
+         [-e escape_char] [-F configfile] [-i identity_file]
+         [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]
+         [-p port] [-R port:host:hostport] [user@]hostname [command]
 
 DESCRIPTION
      ssh (SSH client) is a program for logging into a remote machine and for
      executing commands on a remote machine.  It is intended to replace rlogin
-     and rsh, and provide secure encrypted communications between two
-     untrusted hosts over an insecure network.  X11 connections and arbitrary
-     TCP/IP ports can also be forwarded over the secure channel.
+     and rsh, and provide secure encrypted communications between two untrust-
+     ed hosts over an insecure network.  X11 connections and arbitrary TCP/IP
+     ports can also be forwarded over the secure channel.
+
+     ssh connects and logs into the specified hostname (with optional user
+     name).  The user must prove his/her identity to the remote machine using
+     one of several methods depending on the protocol version used.
 
-     ssh connects and logs into the specified hostname.  The user must prove
-     his/her identity to the remote machine using one of several methods
-     depending on the protocol version used:
+     If command is specified, command is executed on the remote host instead
+     of a login shell.
 
    SSH protocol version 1
      First, if the machine the user logs in from is listed in /etc/hosts.equiv
      or /etc/shosts.equiv on the remote machine, and the user names are the
      same on both sides, the user is immediately permitted to log in.  Second,
-     if .rhosts or .shosts exists in the userM-bM-^@M-^Ys home directory on the remote
+     if .rhosts or .shosts exists in the user's home directory on the remote
      machine and contains a line containing the name of the client machine and
      the name of the user on that machine, the user is permitted to log in.
      This form of authentication alone is normally not allowed by the server
@@ -35,9 +36,9 @@ DESCRIPTION
      The second authentication method is the rhosts or hosts.equiv method com-
      bined with RSA-based host authentication.  It means that if the login
      would be permitted by $HOME/.rhosts, $HOME/.shosts, /etc/hosts.equiv, or
-     /etc/shosts.equiv, and if additionally the server can verify the clientM-bM-^@M-^Ys
+     /etc/shosts.equiv, and if additionally the server can verify the client's
      host key (see /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts in the
-     FILES section), only then login is permitted.  This authentication method
+     FILES section), only then is login permitted.  This authentication method
      closes security holes due to IP spoofing, DNS spoofing and routing spoof-
      ing.  [Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and
      the rlogin/rsh protocol in general, are inherently insecure and should be
@@ -49,21 +50,22 @@ DESCRIPTION
      not possible to derive the decryption key from the encryption key.  RSA
      is one such system.  The idea is that each user creates a public/private
      key pair for authentication purposes.  The server knows the public key,
-     and only the user knows the private key.  The file
-     $HOME/.ssh/authorized_keys lists the public keys that are permitted for
-     logging in.  When the user logs in, the ssh program tells the server
-     which key pair it would like to use for authentication.  The server
-     checks if this key is permitted, and if so, sends the user (actually the
-     ssh program running on behalf of the user) a challenge, a random number,
-     encrypted by the userM-bM-^@M-^Ys public key.  The challenge can only be decrypted
-     using the proper private key.  The userM-bM-^@M-^Ys client then decrypts the chal-
-     lenge using the private key, proving that he/she knows the private key
-     but without disclosing it to the server.
+     and only the user knows the private key.
+
+     The file $HOME/.ssh/authorized_keys lists the public keys that are per-
+     mitted for logging in.  When the user logs in, the ssh program tells the
+     server which key pair it would like to use for authentication.  The serv-
+     er checks if this key is permitted, and if so, sends the user (actually
+     the ssh program running on behalf of the user) a challenge, a random num-
+     ber, encrypted by the user's public key.  The challenge can only be de-
+     crypted using the proper private key.  The user's client then decrypts
+     the challenge using the private key, proving that he/she knows the pri-
+     vate key but without disclosing it to the server.
 
      ssh implements the RSA authentication protocol automatically.  The user
      creates his/her RSA key pair by running ssh-keygen(1).  This stores the
-     private key in $HOME/.ssh/identity and the public key in
-     $HOME/.ssh/identity.pub in the userM-bM-^@M-^Ys home directory.  The user should
+     private key in $HOME/.ssh/identity and stores the public key in
+     $HOME/.ssh/identity.pub in the user's home directory.  The user should
      then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home
      directory on the remote machine (the authorized_keys file corresponds to
      the conventional $HOME/.rhosts file, and has one key per line, though the
@@ -80,11 +82,11 @@ DESCRIPTION
      someone listening on the network.
 
    SSH protocol version 2
-     When a user connects using protocol version 2 similar authentication
+     When a user connects using protocol version 2, similar authentication
      methods are available.  Using the default values for
      PreferredAuthentications, the client will try to authenticate first using
-     the hostbased method; if this method fails public key authentication is
-     attempted, and finally if this method fails keyboard-interactive and
+     the hostbased method; if this method fails, public key authentication is
+     attempted, and finally if this method fails, keyboard-interactive and
      password authentication are tried.
 
      The public key method is similar to RSA authentication described in the
@@ -94,11 +96,11 @@ DESCRIPTION
      server checks whether the matching public key is listed in
      $HOME/.ssh/authorized_keys and grants access if both the key is found and
      the signature is correct.  The session identifier is derived from a
-     shared Diffie-Hellman value and is only known to the client and the
-     server.
+     shared Diffie-Hellman value and is only known to the client and the serv-
+     er.
 
-     If public key authentication fails or is not available a password can be
-     sent encrypted to the remote host for proving the userM-bM-^@M-^Ys identity.
+     If public key authentication fails or is not available, a password can be
+     sent encrypted to the remote host to prove the user's identity.
 
      Additionally, ssh supports hostbased or challenge response authentica-
      tion.
@@ -109,25 +111,25 @@ DESCRIPTION
      ensuring the integrity of the connection.
 
    Login session and remote execution
-     When the userM-bM-^@M-^Ys identity has been accepted by the server, the server
-     either executes the given command, or logs into the machine and gives the
+     When the user's identity has been accepted by the server, the server ei-
+     ther executes the given command, or logs into the machine and gives the
      user a normal shell on the remote machine.  All communication with the
      remote command or shell will be automatically encrypted.
 
      If a pseudo-terminal has been allocated (normal login session), the user
      may use the escape characters noted below.
 
-     If no pseudo tty has been allocated, the session is transparent and can
+     If no pseudo-tty has been allocated, the session is transparent and can
      be used to reliably transfer binary data.  On most systems, setting the
-     escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent even if
-     a tty is used.
+     escape character to ``none'' will also make the session transparent even
+     if a tty is used.
 
      The session terminates when the command or shell on the remote machine
      exits and all X11 and TCP/IP connections have been closed.  The exit sta-
      tus of the remote program is returned as the exit status of ssh.
 
    Escape Characters
-     When a pseudo terminal has been requested, ssh supports a number of func-
+     When a pseudo-terminal has been requested, ssh supports a number of func-
      tions through the use of an escape character.
 
      A single tilde character can be sent as ~~ or by following the tilde by a
@@ -136,42 +138,42 @@ DESCRIPTION
      ter can be changed in configuration files using the EscapeChar configura-
      tion directive or on the command line by the -e option.
 
-     The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are:
+     The supported escapes (assuming the default `~') are:
 
-     ~.      Disconnect
+     ~.      Disconnect.
 
-     ~^Z     Background ssh
+     ~^Z     Background ssh.
 
-     ~#      List forwarded connections
+     ~#      List forwarded connections.
 
      ~&      Background ssh at logout when waiting for forwarded connection /
-             X11 sessions to terminate
+             X11 sessions to terminate.
 
-     ~?      Display a list of escape characters
+     ~?      Display a list of escape characters.
 
      ~B      Send a BREAK to the remote system (only useful for SSH protocol
-             version 2 and if the peer supports it)
+             version 2 and if the peer supports it).
 
      ~C      Open command line (only useful for adding port forwardings using
-             the -L and -R options)
+             the -L and -R options).
 
      ~R      Request rekeying of the connection (only useful for SSH protocol
-             version 2 and if the peer supports it)
+             version 2 and if the peer supports it).
 
    X11 and TCP forwarding
-     If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or, see the description of
+     If the ForwardX11 variable is set to ``yes'' (or see the description of
      the -X and -x options described later) and the user is using X11 (the
      DISPLAY environment variable is set), the connection to the X11 display
      is automatically forwarded to the remote side in such a way that any X11
-     programs started from the shell (or command) will go through the
-     encrypted channel, and the connection to the real X server will be made
-     from the local machine.  The user should not manually set DISPLAY.  For-
-     warding of X11 connections can be configured on the command line or in
-     configuration files.
+     programs started from the shell (or command) will go through the encrypt-
+     ed channel, and the connection to the real X server will be made from the
+     local machine.  The user should not manually set DISPLAY.  Forwarding of
+     X11 connections can be configured on the command line or in configuration
+     files.
 
      The DISPLAY value set by ssh will point to the server machine, but with a
      display number greater than zero.  This is normal, and happens because
-     ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the
+     ssh creates a ``proxy'' X server on the server machine for forwarding the
      connections over the encrypted channel.
 
      ssh will also automatically set up Xauthority data on the server machine.
@@ -181,7 +183,7 @@ DESCRIPTION
      is opened.  The real authentication cookie is never sent to the server
      machine (and no cookies are sent in the plain).
 
-     If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or, see the description of
+     If the ForwardAgent variable is set to ``yes'' (or see the description of
      the -A and -a options described later) and the user is using an authenti-
      cation agent, the connection to the agent is automatically forwarded to
      the remote side.
@@ -194,11 +196,11 @@ DESCRIPTION
    Server authentication
      ssh automatically maintains and checks a database containing identifica-
      tions for all hosts it has ever been used with.  Host keys are stored in
-     $HOME/.ssh/known_hosts in the userM-bM-^@M-^Ys home directory.  Additionally, the
+     $HOME/.ssh/known_hosts in the user's home directory.  Additionally, the
      file /etc/ssh/ssh_known_hosts is automatically checked for known hosts.
-     Any new hosts are automatically added to the userM-bM-^@M-^Ys file.  If a hostM-bM-^@M-^Ys
+     Any new hosts are automatically added to the user's file.  If a host's
      identification ever changes, ssh warns about this and disables password
-     authentication to prevent a trojan horse from getting the userM-bM-^@M-^Ys pass-
+     authentication to prevent a trojan horse from getting the user's pass-
      word.  Another purpose of this mechanism is to prevent man-in-the-middle
      attacks which could otherwise be used to circumvent the encryption.  The
      StrictHostKeyChecking option can be used to prevent logins to machines
@@ -206,7 +208,13 @@ DESCRIPTION
 
      The options are as follows:
 
-     -a      Disables forwarding of the authentication agent connection.
+     -1      Forces ssh to try protocol version 1 only.
+
+     -2      Forces ssh to try protocol version 2 only.
+
+     -4      Forces ssh to use IPv4 addresses only.
+
+     -6      Forces ssh to use IPv6 addresses only.
 
      -A      Enables forwarding of the authentication agent connection.  This
              can also be specified on a per-host basis in a configuration
@@ -214,21 +222,32 @@ DESCRIPTION
 
              Agent forwarding should be enabled with caution.  Users with the
              ability to bypass file permissions on the remote host (for the
-             agentM-bM-^@M-^Ys Unix-domain socket) can access the local agent through
+             agent's Unix-domain socket) can access the local agent through
              the forwarded connection.  An attacker cannot obtain key material
              from the agent, however they can perform operations on the keys
              that enable them to authenticate using the identities loaded into
              the agent.
 
+     -a      Disables forwarding of the authentication agent connection.
+
      -b bind_address
              Specify the interface to transmit from on machines with multiple
              interfaces or aliased addresses.
 
-     -c blowfish|3des|des
+     -C      Requests compression of all data (including stdin, stdout,
+             stderr, and data for forwarded X11 and TCP/IP connections).  The
+             compression algorithm is the same used by gzip(1), and the
+             ``level'' can be controlled by the CompressionLevel option for
+             protocol version 1.  Compression is desirable on modem lines and
+             other slow connections, but will only slow down things on fast
+             networks.  The default value can be set on a host-by-host basis
+             in the configuration files; see the Compression option.
+
+     -c blowfish | 3des | des
              Selects the cipher to use for encrypting the session.  3des is
              used by default.  It is believed to be secure.  3des (triple-des)
              is an encrypt-decrypt-encrypt triple with three different keys.
-             blowfish is a fast block cipher, it appears very secure and is
+             blowfish is a fast block cipher; it appears very secure and is
              much faster than 3des.  des is only supported in the ssh client
              for interoperability with legacy protocol 1 implementations that
              do not support the 3des cipher.  Its use is strongly discouraged
@@ -239,39 +258,67 @@ DESCRIPTION
              ciphers can be specified in order of preference.  See Ciphers for
              more information.
 
-     -e ch|^ch|none
-             Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y).
+     -D port
+             Specifies a local ``dynamic'' application-level port forwarding.
+             This works by allocating a socket to listen to port on the local
+             side, and whenever a connection is made to this port, the connec-
+             tion is forwarded over the secure channel, and the application
+             protocol is then used to determine where to connect to from the
+             remote machine.  Currently the SOCKS4 and SOCKS5 protocols are
+             supported, and ssh will act as a SOCKS server.  Only root can
+             forward privileged ports.  Dynamic port forwardings can also be
+             specified in the configuration file.
+
+     -e ch | ^ch | none
+             Sets the escape character for sessions with a pty (default: `~').
              The escape character is only recognized at the beginning of a
-             line.  The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the
-             connection, followed by control-Z suspends the connection, and
+             line.  The escape character followed by a dot (`.') closes the
+             connection; followed by control-Z suspends the connection; and
              followed by itself sends the escape character once.  Setting the
-             character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session
+             character to ``none'' disables any escapes and makes the session
              fully transparent.
 
+     -F configfile
+             Specifies an alternative per-user configuration file.  If a con-
+             figuration file is given on the command line, the system-wide
+             configuration file (/etc/ssh/ssh_config) will be ignored.  The
+             default for the per-user configuration file is $HOME/.ssh/config.
+
      -f      Requests ssh to go to background just before command execution.
-             This is useful if ssh is going to ask for passwords or
-             passphrases, but the user wants it in the background.  This
-             implies -n.  The recommended way to start X11 programs at a
-             remote site is with something like ssh -f host xterm.
+             This is useful if ssh is going to ask for passwords or passphras-
+             es, but the user wants it in the background.  This implies -n.
+             The recommended way to start X11 programs at a remote site is
+             with something like ssh -f host xterm.
 
      -g      Allows remote hosts to connect to local forwarded ports.
 
+     -I smartcard_device
+             Specifies which smartcard device to use.  The argument is the de-
+             vice ssh should use to communicate with a smartcard used for
+             storing the user's private RSA key.
+
      -i identity_file
              Selects a file from which the identity (private key) for RSA or
              DSA authentication is read.  The default is $HOME/.ssh/identity
              for protocol version 1, and $HOME/.ssh/id_rsa and
-             $HOME/.ssh/id_dsa for protocol version 2.  Identity files may
-             also be specified on a per-host basis in the configuration file.
+             $HOME/.ssh/id_dsa for protocol version 2.  Identity files may al-
+             so be specified on a per-host basis in the configuration file.
              It is possible to have multiple -i options (and multiple identi-
              ties specified in configuration files).
 
-     -I smartcard_device
-             Specifies which smartcard device to use.  The argument is the
-             device ssh should use to communicate with a smartcard used for
-             storing the userM-bM-^@M-^Ys private RSA key.
+     -k      Disables forwarding (delegation) of GSSAPI credentials to the
+             server.
 
-     -k      Disables forwarding of Kerberos tickets.  This may also be speci-
-             fied on a per-host basis in the configuration file.
+     -L port:host:hostport
+             Specifies that the given port on the local (client) host is to be
+             forwarded to the given host and port on the remote side.  This
+             works by allocating a socket to listen to port on the local side,
+             and whenever a connection is made to this port, the connection is
+             forwarded over the secure channel, and a connection is made to
+             host port hostport from the remote machine.  Port forwardings can
+             also be specified in the configuration file.  Only root can for-
+             ward privileged ports.  IPv6 addresses can be specified with an
+             alternative syntax: port/host/hostport.
 
      -l login_name
              Specifies the user to log in as on the remote machine.  This also
@@ -282,23 +329,75 @@ DESCRIPTION
              MAC (message authentication code) algorithms can be specified in
              order of preference.  See the MACs keyword for more information.
 
-     -n      Redirects stdin from /dev/null (actually, prevents reading from
-             stdin).  This must be used when ssh is run in the background.  A
-             common trick is to use this to run X11 programs on a remote
-             machine.  For example, ssh -n shadows.cs.hut.fi emacs & will
-             start an emacs on shadows.cs.hut.fi, and the X11 connection will
-             be automatically forwarded over an encrypted channel.  The ssh
-             program will be put in the background.  (This does not work if
-             ssh needs to ask for a password or passphrase; see also the -f
-             option.)
-
      -N      Do not execute a remote command.  This is useful for just for-
              warding ports (protocol version 2 only).
 
+     -n      Redirects stdin from /dev/null (actually, prevents reading from
+             stdin).  This must be used when ssh is run in the background.  A
+             common trick is to use this to run X11 programs on a remote ma-
+             chine.  For example, ssh -n shadows.cs.hut.fi emacs & will start
+             an emacs on shadows.cs.hut.fi, and the X11 connection will be au-
+             tomatically forwarded over an encrypted channel.  The ssh program
+             will be put in the background.  (This does not work if ssh needs
+             to ask for a password or passphrase; see also the -f option.)
+
      -o option
              Can be used to give options in the format used in the configura-
              tion file.  This is useful for specifying options for which there
-             is no separate command-line flag.
+             is no separate command-line flag.  For full details of the op-
+             tions listed below, and their possible values, see ssh_config(5).
+
+                   AddressFamily
+                   BatchMode
+                   BindAddress
+                   ChallengeResponseAuthentication
+                   CheckHostIP
+                   Cipher
+                   Ciphers
+                   ClearAllForwardings
+                   Compression
+                   CompressionLevel
+                   ConnectionAttempts
+                   ConnectionTimeout
+                   DynamicForward
+                   EscapeChar
+                   ForwardAgent
+                   ForwardX11
+                   ForwardX11Trusted
+                   GatewayPorts
+                   GlobalKnownHostsFile
+                   GSSAPIAuthentication
+                   GSSAPIDelegateCredentials
+                   Host
+                   HostbasedAuthentication
+                   HostKeyAlgorithms
+                   HostKeyAlias
+                   HostName
+                   IdentityFile
+                   LocalForward
+                   LogLevel
+                   MACs
+                   NoHostAuthenticationForLocalhost
+                   NumberOfPasswordPrompts
+                   PasswordAuthentication
+                   Port
+                   PreferredAuthentications
+                   Protocol
+                   ProxyCommand
+                   PubkeyAuthentication
+                   RemoteForward
+                   RhostsRSAAuthentication
+                   RSAAuthentication
+                   ServerAliveInterval
+                   ServerAliveCountMax
+                   SmartcardDevice
+                   StrictHostKeyChecking
+                   TCPKeepAlive
+                   UsePrivilegedPort
+                   User
+                   UserKnownHostsFile
+                   VerifyHostKeyDNS
+                   XAuthLocation
 
      -p port
              Port to connect to on the remote host.  This can be specified on
@@ -307,93 +406,50 @@ DESCRIPTION
      -q      Quiet mode.  Causes all warning and diagnostic messages to be
              suppressed.
 
+     -R port:host:hostport
+             Specifies that the given port on the remote (server) host is to
+             be forwarded to the given host and port on the local side.  This
+             works by allocating a socket to listen to port on the remote
+             side, and whenever a connection is made to this port, the connec-
+             tion is forwarded over the secure channel, and a connection is
+             made to host port hostport from the local machine.  Port forward-
+             ings can also be specified in the configuration file.  Privileged
+             ports can be forwarded only when logging in as root on the remote
+             machine.  IPv6 addresses can be specified with an alternative
+             syntax: port/host/hostport.
+
      -s      May be used to request invocation of a subsystem on the remote
-             system.  Subsystems are a feature of the SSH2 protocol which
-             facilitate the use of SSH as a secure transport for other appli-
-             cations (eg. sftp).  The subsystem is specified as the remote
+             system.  Subsystems are a feature of the SSH2 protocol which fa-
+             cilitate the use of SSH as a secure transport for other applica-
+             tions (eg. sftp(1)).  The subsystem is specified as the remote
              command.
 
+     -T      Disable pseudo-tty allocation.
+
      -t      Force pseudo-tty allocation.  This can be used to execute arbi-
              trary screen-based programs on a remote machine, which can be
              very useful, e.g., when implementing menu services.  Multiple -t
              options force tty allocation, even if ssh has no local tty.
 
-     -T      Disable pseudo-tty allocation.
+     -V      Display the version number and exit.
 
      -v      Verbose mode.  Causes ssh to print debugging messages about its
              progress.  This is helpful in debugging connection, authentica-
              tion, and configuration problems.  Multiple -v options increase
              the verbosity.  The maximum is 3.
 
-     -V      Display the version number and exit.
-
-     -x      Disables X11 forwarding.
-
      -X      Enables X11 forwarding.  This can also be specified on a per-host
              basis in a configuration file.
 
              X11 forwarding should be enabled with caution.  Users with the
              ability to bypass file permissions on the remote host (for the
-             userM-bM-^@M-^Ys X authorization database) can access the local X11 display
+             user's X authorization database) can access the local X11 display
              through the forwarded connection.  An attacker may then be able
              to perform activities such as keystroke monitoring.
 
-     -C      Requests compression of all data (including stdin, stdout,
-             stderr, and data for forwarded X11 and TCP/IP connections).  The
-             compression algorithm is the same used by gzip(1), and the
-             M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the CompressionLevel option for pro-
-             tocol version 1.  Compression is desirable on modem lines and
-             other slow connections, but will only slow down things on fast
-             networks.  The default value can be set on a host-by-host basis
-             in the configuration files; see the Compression option.
-
-     -F configfile
-             Specifies an alternative per-user configuration file.  If a con-
-             figuration file is given on the command line, the system-wide
-             configuration file (/etc/ssh/ssh_config) will be ignored.  The
-             default for the per-user configuration file is $HOME/.ssh/config.
-
-     -L port:host:hostport
-             Specifies that the given port on the local (client) host is to be
-             forwarded to the given host and port on the remote side.  This
-             works by allocating a socket to listen to port on the local side,
-             and whenever a connection is made to this port, the connection is
-             forwarded over the secure channel, and a connection is made to
-             host port hostport from the remote machine.  Port forwardings can
-             also be specified in the configuration file.  Only root can for-
-             ward privileged ports.  IPv6 addresses can be specified with an
-             alternative syntax: port/host/hostport
-
-     -R port:host:hostport
-             Specifies that the given port on the remote (server) host is to
-             be forwarded to the given host and port on the local side.  This
-             works by allocating a socket to listen to port on the remote
-             side, and whenever a connection is made to this port, the connec-
-             tion is forwarded over the secure channel, and a connection is
-             made to host port hostport from the local machine.  Port forward-
-             ings can also be specified in the configuration file.  Privileged
-             ports can be forwarded only when logging in as root on the remote
-             machine.  IPv6 addresses can be specified with an alternative
-             syntax: port/host/hostport
-
-     -D port
-             Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.
-             This works by allocating a socket to listen to port on the local
-             side, and whenever a connection is made to this port, the connec-
-             tion is forwarded over the secure channel, and the application
-             protocol is then used to determine where to connect to from the
-             remote machine.  Currently the SOCKS4 and SOCKS5 protocols are
-             supported, and ssh will act as a SOCKS server.  Only root can
-             forward privileged ports.  Dynamic port forwardings can also be
-             specified in the configuration file.
-
-     -1      Forces ssh to try protocol version 1 only.
-
-     -2      Forces ssh to try protocol version 2 only.
-
-     -4      Forces ssh to use IPv4 addresses only.
+     -x      Disables X11 forwarding.
 
-     -6      Forces ssh to use IPv6 addresses only.
+     -Y      Enables trusted X11 forwarding.
 
 CONFIGURATION FILES
      ssh may additionally obtain configuration data from a per-user configura-
@@ -403,65 +459,63 @@ CONFIGURATION FILES
 ENVIRONMENT
      ssh will normally set the following environment variables:
 
-     DISPLAY
-             The DISPLAY variable indicates the location of the X11 server.
-             It is automatically set by ssh to point to a value of the form
-             M-bM-^@M-^\hostname:nM-bM-^@M-^] where hostname indicates the host where the shell
-             runs, and n is an integer >= 1.  ssh uses this special value to
-             forward X11 connections over the secure channel.  The user should
-             normally not set DISPLAY explicitly, as that will render the X11
-             connection insecure (and will require the user to manually copy
-             any required authorization cookies).
+     DISPLAY  The DISPLAY variable indicates the location of the X11 server.
+              It is automatically set by ssh to point to a value of the form
+              ``hostname:n'' where hostname indicates the host where the shell
+              runs, and n is an integer >= 1.  ssh uses this special value to
+              forward X11 connections over the secure channel.  The user
+              should normally not set DISPLAY explicitly, as that will render
+              the X11 connection insecure (and will require the user to manu-
+              ally copy any required authorization cookies).
 
-     HOME    Set to the path of the userM-bM-^@M-^Ys home directory.
+     HOME     Set to the path of the user's home directory.
 
-     LOGNAME
-             Synonym for USER; set for compatibility with systems that use
-             this variable.
+     LOGNAME  Synonym for USER; set for compatibility with systems that use
+              this variable.
 
-     MAIL    Set to the path of the userM-bM-^@M-^Ys mailbox.
+     MAIL     Set to the path of the user's mailbox.
 
-     PATH    Set to the default PATH, as specified when compiling ssh.
+     PATH     Set to the default PATH, as specified when compiling ssh.
 
      SSH_ASKPASS
-             If ssh needs a passphrase, it will read the passphrase from the
-             current terminal if it was run from a terminal.  If ssh does not
-             have a terminal associated with it but DISPLAY and SSH_ASKPASS
-             are set, it will execute the program specified by SSH_ASKPASS and
-             open an X11 window to read the passphrase.  This is particularly
-             useful when calling ssh from a .Xsession or related script.
-             (Note that on some machines it may be necessary to redirect the
-             input from /dev/null to make this work.)
+              If ssh needs a passphrase, it will read the passphrase from the
+              current terminal if it was run from a terminal.  If ssh does not
+              have a terminal associated with it but DISPLAY and SSH_ASKPASS
+              are set, it will execute the program specified by SSH_ASKPASS
+              and open an X11 window to read the passphrase.  This is particu-
+              larly useful when calling ssh from a .Xsession or related
+              script.  (Note that on some machines it may be necessary to
+              redirect the input from /dev/null to make this work.)
 
      SSH_AUTH_SOCK
-             Identifies the path of a unix-domain socket used to communicate
-             with the agent.
+              Identifies the path of a unix-domain socket used to communicate
+              with the agent.
 
      SSH_CONNECTION
-             Identifies the client and server ends of the connection.  The
-             variable contains four space-separated values: client ip-address,
-             client port number, server ip-address and server port number.
+              Identifies the client and server ends of the connection.  The
+              variable contains four space-separated values: client ip-ad-
+              dress, client port number, server ip-address and server port
+              number.
 
      SSH_ORIGINAL_COMMAND
-             The variable contains the original command line if a forced com-
-             mand is executed.  It can be used to extract the original argu-
-             ments.
+              The variable contains the original command line if a forced com-
+              mand is executed.  It can be used to extract the original argu-
+              ments.
 
-     SSH_TTY
-             This is set to the name of the tty (path to the device) associ-
-             ated with the current shell or command.  If the current session
-             has no tty, this variable is not set.
+     SSH_TTY  This is set to the name of the tty (path to the device) associ-
+              ated with the current shell or command.  If the current session
+              has no tty, this variable is not set.
 
-     TZ      The timezone variable is set to indicate the present timezone if
-             it was set when the daemon was started (i.e., the daemon passes
-             the value on to new connections).
+     TZ       The timezone variable is set to indicate the present timezone if
+              it was set when the daemon was started (i.e., the daemon passes
+              the value on to new connections).
 
-     USER    Set to the name of the user logging in.
+     USER     Set to the name of the user logging in.
 
      Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the
-     format M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and if users
-     are allowed to change their environment.  See the PermitUserEnvironment
-     option in sshd_config(5).
+     format ``VARNAME=value'' to the environment if the file exists and if
+     users are allowed to change their environment.  For more information, see
+     the PermitUserEnvironment option in sshd_config(5).
 
 FILES
      $HOME/.ssh/known_hosts
@@ -481,7 +535,7 @@ FILES
      $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
              Contains the public key for authentication (public part of the
              identity file in human-readable form).  The contents of the
-             $HOME/.ssh/identity.pub file should be added to
+             $HOME/.ssh/identity.pub file should be added to the file
              $HOME/.ssh/authorized_keys on all machines where the user wishes
              to log in using protocol version 1 RSA authentication.  The con-
              tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file
@@ -512,15 +566,15 @@ FILES
              following format (fields separated by spaces): system name, pub-
              lic key and optional comment field.  When different names are
              used for the same machine, all such names should be listed, sepa-
-             rated by commas.  The format is described on the sshd(8) manual
+             rated by commas.  The format is described in the sshd(8) manual
              page.
 
              The canonical system name (as returned by name servers) is used
              by sshd(8) to verify the client host when logging in; other names
              are needed because ssh does not convert the user-supplied name to
              a canonical name before checking the key, because someone with
-             access to the name servers would then be able to fool host
-             authentication.
+             access to the name servers would then be able to fool host au-
+             thentication.
 
      /etc/ssh/ssh_config
              Systemwide configuration file.  The file format and configuration
@@ -538,22 +592,22 @@ FILES
              method is used.  By default ssh is not setuid root.
 
      $HOME/.rhosts
-             This file is used in .rhosts authentication to list the host/user
+             This file is used in rhosts authentication to list the host/user
              pairs that are permitted to log in.  (Note that this file is also
              used by rlogin and rsh, which makes using this file insecure.)
              Each line of the file contains a host name (in the canonical form
              returned by name servers), and then a user name on that host,
              separated by a space.  On some machines this file may need to be
-             world-readable if the userM-bM-^@M-^Ys home directory is on a NFS parti-
+             world-readable if the user's home directory is on a NFS parti-
              tion, because sshd(8) reads it as root.  Additionally, this file
              must be owned by the user, and must not have write permissions
              for anyone else.  The recommended permission for most machines is
              read/write for the user, and not accessible by others.
 
-             Note that by default sshd(8) will be installed so that it
-             requires successful RSA host authentication before permitting
-             .rhosts authentication.  If the server machine does not have the
-             clientM-bM-^@M-^Ys host key in /etc/ssh/ssh_known_hosts, it can be stored
+             Note that by default sshd(8) will be installed so that it re-
+             quires successful RSA host authentication before permitting
+             rhosts authentication.  If the server machine does not have the
+             client's host key in /etc/ssh/ssh_known_hosts, it can be stored
              in $HOME/.ssh/known_hosts.  The easiest way to do this is to con-
              nect back to the client from the server machine using ssh; this
              will automatically add the host key to $HOME/.ssh/known_hosts.
@@ -564,12 +618,12 @@ FILES
              with ssh without permitting login with rlogin or rsh(1).
 
      /etc/hosts.equiv
-             This file is used during .rhosts authentication.  It contains
+             This file is used during rhosts authentication.  It contains
              canonical hosts names, one per line (the full format is described
-             on the sshd(8) manual page).  If the client host is found in this
+             in the sshd(8) manual page).  If the client host is found in this
              file, login is automatically permitted provided client and server
-             user names are the same.  Additionally, successful RSA host
-             authentication is normally required.  This file should only be
+             user names are the same.  Additionally, successful RSA host au-
+             thentication is normally required.  This file should only be
              writable by root.
 
      /etc/shosts.equiv
@@ -579,12 +633,12 @@ FILES
 
      /etc/ssh/sshrc
              Commands in this file are executed by ssh when the user logs in
-             just before the userM-bM-^@M-^Ys shell (or command) is started.  See the
+             just before the user's shell (or command) is started.  See the
              sshd(8) manual page for more information.
 
      $HOME/.ssh/rc
              Commands in this file are executed by ssh when the user logs in
-             just before the userM-bM-^@M-^Ys shell (or command) is started.  See the
+             just before the user's shell (or command) is started.  See the
              sshd(8) manual page for more information.
 
      $HOME/.ssh/environment
@@ -596,8 +650,9 @@ DIAGNOSTICS
      error occurred.
 
 SEE ALSO
-     rsh(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
-     telnet(1), ssh_config(5), ssh-keysign(8), sshd(8)
+     gzip(1), rsh(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1),
+     ssh-keygen(1), telnet(1), hosts.equiv(5), ssh_config(5), ssh-keysign(8),
+     sshd(8)
 
      T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH
      Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January
@@ -606,8 +661,8 @@ SEE ALSO
 AUTHORS
      OpenSSH is a derivative of the original and free ssh 1.2.12 release by
      Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
-     de Raadt and Dug Song removed many bugs, re-added newer features and cre-
-     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
+     de Raadt and Dug Song removed many bugs, re-added newer features and
+     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                            11
diff --git a/ssh.1 b/ssh.1
index 3fbd954e8..6c9ac5909 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.175 2003/07/22 13:35:22 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -43,22 +43,14 @@
 .Nd OpenSSH SSH client (remote login program)
 .Sh SYNOPSIS
 .Nm ssh
-.Op Fl l Ar login_name
-.Ar hostname | user@hostname
-.Op Ar command
-.Pp
-.Nm ssh
-.Bk -words
-.Op Fl afgknqstvxACNTVX1246
+.Op Fl 1246AaCfgkNnqsTtVvXxY
 .Op Fl b Ar bind_address
 .Op Fl c Ar cipher_spec
+.Op Fl D Ar port
 .Op Fl e Ar escape_char
-.Op Fl i Ar identity_file
-.Op Fl l Ar login_name
-.Op Fl m Ar mac_spec
-.Op Fl o Ar option
-.Op Fl p Ar port
 .Op Fl F Ar configfile
+.Op Fl i Ar identity_file
+.Bk -words
 .Oo Fl L Xo
 .Sm off
 .Ar port :
@@ -68,7 +60,12 @@
 .Xc
 .Oc
 .Ek
+.Op Fl l Ar login_name
+.Op Fl m Ar mac_spec
+.Op Fl o Ar option
 .Bk -words
+.Op Fl p Ar port
+.Ek
 .Oo Fl R Xo
 .Sm off
 .Ar port :
@@ -77,29 +74,34 @@
 .Sm on
 .Xc
 .Oc
-.Op Fl D Ar port
-.Ar hostname | user@hostname
+.Oo Ar user Ns @ Oc Ns Ar hostname
 .Op Ar command
-.Ek
 .Sh DESCRIPTION
 .Nm
 (SSH client) is a program for logging into a remote machine and for
 executing commands on a remote machine.
-It is intended to replace
-rlogin and rsh, and provide secure encrypted communications between
+It is intended to replace rlogin and rsh,
+and provide secure encrypted communications between
 two untrusted hosts over an insecure network.
-X11 connections and
-arbitrary TCP/IP ports can also be forwarded over the secure channel.
+X11 connections and arbitrary TCP/IP ports
+can also be forwarded over the secure channel.
 .Pp
 .Nm
 connects and logs into the specified
-.Ar hostname .
+.Ar hostname
+(with optional
+.Ar user
+name).
 The user must prove
 his/her identity to the remote machine using one of several methods
-depending on the protocol version used:
+depending on the protocol version used.
 .Pp
+If
+.Ar command
+is specified,
+.Ar command
+is executed on the remote host instead of a login shell.
 .Ss SSH protocol version 1
-.Pp
 First, if the machine the user logs in from is listed in
 .Pa /etc/hosts.equiv
 or
@@ -107,9 +109,9 @@ or
 on the remote machine, and the user names are
 the same on both sides, the user is immediately permitted to log in.
 Second, if
-.Pa \&.rhosts
+.Pa .rhosts
 or
-.Pa \&.shosts
+.Pa .shosts
 exists in the user's home directory on the
 remote machine and contains a line containing the name of the client
 machine and the name of the user on that machine, the user is
@@ -118,9 +120,9 @@ This form of authentication alone is normally not
 allowed by the server because it is not secure.
 .Pp
 The second authentication method is the
-.Pa rhosts
+.Em rhosts
 or
-.Pa hosts.equiv
+.Em hosts.equiv
 method combined with RSA-based host authentication.
 It means that if the login would be permitted by
 .Pa $HOME/.rhosts ,
@@ -135,7 +137,7 @@ and
 .Pa $HOME/.ssh/known_hosts
 in the
 .Sx FILES
-section), only then login is permitted.
+section), only then is login permitted.
 This authentication method closes security holes due to IP
 spoofing, DNS spoofing and routing spoofing.
 [Note to the administrator:
@@ -154,24 +156,23 @@ RSA is one such system.
 The idea is that each user creates a public/private
 key pair for authentication purposes.
 The server knows the public key, and only the user knows the private key.
+.Pp
 The file
 .Pa $HOME/.ssh/authorized_keys
-lists the public keys that are permitted for logging
-in.
+lists the public keys that are permitted for logging in.
 When the user logs in, the
 .Nm
 program tells the server which key pair it would like to use for
 authentication.
-The server checks if this key is permitted, and if
-so, sends the user (actually the
+The server checks if this key is permitted, and if so,
+sends the user (actually the
 .Nm
 program running on behalf of the user) a challenge, a random number,
 encrypted by the user's public key.
-The challenge can only be
-decrypted using the proper private key.
-The user's client then decrypts the
-challenge using the private key, proving that he/she knows the private
-key but without disclosing it to the server.
+The challenge can only be decrypted using the proper private key.
+The user's client then decrypts the challenge using the private key,
+proving that he/she knows the private key
+but without disclosing it to the server.
 .Pp
 .Nm
 implements the RSA authentication protocol automatically.
@@ -179,7 +180,7 @@ The user creates his/her RSA key pair by running
 .Xr ssh-keygen 1 .
 This stores the private key in
 .Pa $HOME/.ssh/identity
-and the public key in
+and stores the public key in
 .Pa $HOME/.ssh/identity.pub
 in the user's home directory.
 The user should then copy the
@@ -193,8 +194,9 @@ file corresponds to the conventional
 file, and has one key
 per line, though the lines can be very long).
 After this, the user can log in without giving the password.
-RSA authentication is much
-more secure than rhosts authentication.
+RSA authentication is much more secure than
+.Em rhosts
+authentication.
 .Pp
 The most convenient way to use RSA authentication may be with an
 authentication agent.
@@ -208,16 +210,14 @@ prompts the user for a password.
 The password is sent to the remote
 host for checking; however, since all communications are encrypted,
 the password cannot be seen by someone listening on the network.
-.Pp
 .Ss SSH protocol version 2
-.Pp
-When a user connects using protocol version 2
+When a user connects using protocol version 2,
 similar authentication methods are available.
 Using the default values for
 .Cm PreferredAuthentications ,
 the client will try to authenticate first using the hostbased method;
-if this method fails public key authentication is attempted,
-and finally if this method fails keyboard-interactive and
+if this method fails, public key authentication is attempted,
+and finally if this method fails, keyboard-interactive and
 password authentication are tried.
 .Pp
 The public key method is similar to RSA authentication described
@@ -233,8 +233,8 @@ and grants access if both the key is found and the signature is correct.
 The session identifier is derived from a shared Diffie-Hellman value
 and is only known to the client and the server.
 .Pp
-If public key authentication fails or is not available a password
-can be sent encrypted to the remote host for proving the user's identity.
+If public key authentication fails or is not available, a password
+can be sent encrypted to the remote host to prove the user's identity.
 .Pp
 Additionally,
 .Nm
@@ -245,9 +245,7 @@ Protocol 2 provides additional mechanisms for confidentiality
 and integrity (hmac-md5, hmac-sha1).
 Note that protocol 1 lacks a strong mechanism for ensuring the
 integrity of the connection.
-.Pp
 .Ss Login session and remote execution
-.Pp
 When the user's identity has been accepted by the server, the server
 either executes the given command, or logs into the machine and gives
 the user a normal shell on the remote machine.
@@ -257,23 +255,20 @@ the remote command or shell will be automatically encrypted.
 If a pseudo-terminal has been allocated (normal login session), the
 user may use the escape characters noted below.
 .Pp
-If no pseudo tty has been allocated, the
-session is transparent and can be used to reliably transfer binary
-data.
+If no pseudo-tty has been allocated,
+the session is transparent and can be used to reliably transfer binary data.
 On most systems, setting the escape character to
 .Dq none
 will also make the session transparent even if a tty is used.
 .Pp
 The session terminates when the command or shell on the remote
 machine exits and all X11 and TCP/IP connections have been closed.
-The exit status of the remote program is returned as the exit status
-of
+The exit status of the remote program is returned as the exit status of
 .Nm ssh .
-.Pp
 .Ss Escape Characters
-.Pp
-When a pseudo terminal has been requested, ssh supports a number of functions
-through the use of an escape character.
+When a pseudo-terminal has been requested,
+.Nm
+supports a number of functions through the use of an escape character.
 .Pp
 A single tilde character can be sent as
 .Ic ~~
@@ -291,37 +286,37 @@ The supported escapes (assuming the default
 are:
 .Bl -tag -width Ds
 .It Cm ~.
-Disconnect
+Disconnect.
 .It Cm ~^Z
-Background ssh
+Background
+.Nm ssh .
 .It Cm ~#
-List forwarded connections
+List forwarded connections.
 .It Cm ~&
-Background ssh at logout when waiting for forwarded connection / X11 sessions
-to terminate
+Background
+.Nm
+at logout when waiting for forwarded connection / X11 sessions to terminate.
 .It Cm ~?
-Display a list of escape characters
+Display a list of escape characters.
 .It Cm ~B
-Send a BREAK to the remote system (only useful for SSH protocol version 2
-and if the peer supports it)
+Send a BREAK to the remote system
+(only useful for SSH protocol version 2 and if the peer supports it).
 .It Cm ~C
 Open command line (only useful for adding port forwardings using the
 .Fl L
 and
 .Fl R
-options)
+options).
 .It Cm ~R
-Request rekeying of the connection (only useful for SSH protocol version 2
-and if the peer supports it)
+Request rekeying of the connection
+(only useful for SSH protocol version 2 and if the peer supports it).
 .El
-.Pp
 .Ss X11 and TCP forwarding
-.Pp
 If the
 .Cm ForwardX11
 variable is set to
 .Dq yes
-(or, see the description of the
+(or see the description of the
 .Fl X
 and
 .Fl x
@@ -342,8 +337,7 @@ The
 .Ev DISPLAY
 value set by
 .Nm
-will point to the server machine, but with a display number greater
-than zero.
+will point to the server machine, but with a display number greater than zero.
 This is normal, and happens because
 .Nm
 creates a
@@ -364,7 +358,7 @@ If the
 .Cm ForwardAgent
 variable is set to
 .Dq yes
-(or, see the description of the
+(or see the description of the
 .Fl A
 and
 .Fl a
@@ -376,9 +370,7 @@ Forwarding of arbitrary TCP/IP connections over the secure channel can
 be specified either on the command line or in a configuration file.
 One possible application of TCP/IP forwarding is a secure connection to an
 electronic purse; another is going through firewalls.
-.Pp
 .Ss Server authentication
-.Pp
 .Nm
 automatically maintains and checks a database containing
 identifications for all hosts it has ever been used with.
@@ -389,14 +381,12 @@ Additionally, the file
 .Pa /etc/ssh/ssh_known_hosts
 is automatically checked for known hosts.
 Any new hosts are automatically added to the user's file.
-If a host's identification
-ever changes,
+If a host's identification ever changes,
 .Nm
 warns about this and disables password authentication to prevent a
 trojan horse from getting the user's password.
-Another purpose of
-this mechanism is to prevent man-in-the-middle attacks which could
-otherwise be used to circumvent the encryption.
+Another purpose of this mechanism is to prevent man-in-the-middle attacks
+which could otherwise be used to circumvent the encryption.
 The
 .Cm StrictHostKeyChecking
 option can be used to prevent logins to machines whose
@@ -404,8 +394,22 @@ host key is not known or has changed.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl a
-Disables forwarding of the authentication agent connection.
+.It Fl 1
+Forces
+.Nm
+to try protocol version 1 only.
+.It Fl 2
+Forces
+.Nm
+to try protocol version 2 only.
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .It Fl A
 Enables forwarding of the authentication agent connection.
 This can also be specified on a per-host basis in a configuration file.
@@ -417,10 +421,28 @@ can access the local agent through the forwarded connection.
 An attacker cannot obtain key material from the agent,
 however they can perform operations on the keys that enable them to
 authenticate using the identities loaded into the agent.
+.It Fl a
+Disables forwarding of the authentication agent connection.
 .It Fl b Ar bind_address
 Specify the interface to transmit from on machines with multiple
 interfaces or aliased addresses.
-.It Fl c Ar blowfish|3des|des
+.It Fl C
+Requests compression of all data (including stdin, stdout, stderr, and
+data for forwarded X11 and TCP/IP connections).
+The compression algorithm is the same used by
+.Xr gzip 1 ,
+and the
+.Dq level
+can be controlled by the
+.Cm CompressionLevel
+option for protocol version 1.
+Compression is desirable on modem lines and other
+slow connections, but will only slow down things on fast networks.
+The default value can be set on a host-by-host basis in the
+configuration files; see the
+.Cm Compression
+option.
+.It Fl c Ar blowfish | 3des | des
 Selects the cipher to use for encrypting the session.
 .Ar 3des
 is used by default.
@@ -428,7 +450,7 @@ It is believed to be secure.
 .Ar 3des
 (triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
 .Ar blowfish
-is a fast block cipher, it appears very secure and is much faster than
+is a fast block cipher; it appears very secure and is much faster than
 .Ar 3des .
 .Ar des
 is only supported in the
@@ -444,18 +466,41 @@ be specified in order of preference.
 See
 .Cm Ciphers
 for more information.
-.It Fl e Ar ch|^ch|none
+.It Fl D Ar port
+Specifies a local
+.Dq dynamic
+application-level port forwarding.
+This works by allocating a socket to listen to
+.Ar port
+on the local side, and whenever a connection is made to this port, the
+connection is forwarded over the secure channel, and the application
+protocol is then used to determine where to connect to from the
+remote machine.
+Currently the SOCKS4 and SOCKS5 protocols are supported, and
+.Nm
+will act as a SOCKS server.
+Only root can forward privileged ports.
+Dynamic port forwardings can also be specified in the configuration file.
+.It Fl e Ar ch | ^ch | none
 Sets the escape character for sessions with a pty (default:
 .Ql ~ ) .
 The escape character is only recognized at the beginning of a line.
 The escape character followed by a dot
 .Pq Ql \&.
-closes the connection, followed
-by control-Z suspends the connection, and followed by itself sends the
-escape character once.
+closes the connection;
+followed by control-Z suspends the connection;
+and followed by itself sends the escape character once.
 Setting the character to
 .Dq none
 disables any escapes and makes the session fully transparent.
+.It Fl F Ar configfile
+Specifies an alternative per-user configuration file.
+If a configuration file is given on the command line,
+the system-wide configuration file
+.Pq Pa /etc/ssh/ssh_config
+will be ignored.
+The default for the per-user configuration file is
+.Pa $HOME/.ssh/config .
 .It Fl f
 Requests
 .Nm
@@ -471,6 +516,12 @@ something like
 .Ic ssh -f host xterm .
 .It Fl g
 Allows remote hosts to connect to local forwarded ports.
+.It Fl I Ar smartcard_device
+Specifies which smartcard device to use.
+The argument is the device
+.Nm
+should use to communicate with a smartcard used for storing the user's
+private RSA key.
 .It Fl i Ar identity_file
 Selects a file from which the identity (private key) for
 RSA or DSA authentication is read.
@@ -487,15 +538,33 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
-.It Fl I Ar smartcard_device
-Specifies which smartcard device to use.
-The argument is the device
-.Nm
-should use to communicate with a smartcard used for storing the user's
-private RSA key.
 .It Fl k
-Disables forwarding of Kerberos tickets.
-This may also be specified on a per-host basis in the configuration file.
+Disables forwarding (delegation) of GSSAPI credentials to the server.
+.It Fl L Xo
+.Sm off
+.Ar port : host : hostport
+.Sm on
+.Xc
+Specifies that the given port on the local (client) host is to be
+forwarded to the given host and port on the remote side.
+This works by allocating a socket to listen to
+.Ar port
+on the local side, and whenever a connection is made to this port, the
+connection is forwarded over the secure channel, and a connection is
+made to
+.Ar host
+port
+.Ar hostport
+from the remote machine.
+Port forwardings can also be specified in the configuration file.
+Only root can forward privileged ports.
+IPv6 addresses can be specified with an alternative syntax:
+.Sm off
+.Xo
+.Ar port No / Ar host No /
+.Ar hostport .
+.Xc
+.Sm on
 .It Fl l Ar login_name
 Specifies the user to log in as on the remote machine.
 This also may be specified on a per-host basis in the configuration file.
@@ -506,6 +575,10 @@ be specified in order of preference.
 See the
 .Cm MACs
 keyword for more information.
+.It Fl N
+Do not execute a remote command.
+This is useful for just forwarding ports
+(protocol version 2 only).
 .It Fl n
 Redirects stdin from
 .Pa /dev/null
@@ -526,14 +599,66 @@ program will be put in the background.
 needs to ask for a password or passphrase; see also the
 .Fl f
 option.)
-.It Fl N
-Do not execute a remote command.
-This is useful for just forwarding ports
-(protocol version 2 only).
 .It Fl o Ar option
 Can be used to give options in the format used in the configuration file.
 This is useful for specifying options for which there is no separate
 command-line flag.
+For full details of the options listed below, and their possible values, see
+.Xr ssh_config 5 .
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It AddressFamily
+.It BatchMode
+.It BindAddress
+.It ChallengeResponseAuthentication
+.It CheckHostIP
+.It Cipher
+.It Ciphers
+.It ClearAllForwardings
+.It Compression
+.It CompressionLevel
+.It ConnectionAttempts
+.It ConnectionTimeout
+.It DynamicForward
+.It EscapeChar
+.It ForwardAgent
+.It ForwardX11
+.It ForwardX11Trusted
+.It GatewayPorts
+.It GlobalKnownHostsFile
+.It GSSAPIAuthentication
+.It GSSAPIDelegateCredentials
+.It Host
+.It HostbasedAuthentication
+.It HostKeyAlgorithms
+.It HostKeyAlias
+.It HostName
+.It IdentityFile
+.It LocalForward
+.It LogLevel
+.It MACs
+.It NoHostAuthenticationForLocalhost
+.It NumberOfPasswordPrompts
+.It PasswordAuthentication
+.It Port
+.It PreferredAuthentications
+.It Protocol
+.It ProxyCommand
+.It PubkeyAuthentication
+.It RemoteForward
+.It RhostsRSAAuthentication
+.It RSAAuthentication
+.It ServerAliveInterval
+.It ServerAliveCountMax
+.It SmartcardDevice
+.It StrictHostKeyChecking
+.It TCPKeepAlive
+.It UsePrivilegedPort
+.It User
+.It UserKnownHostsFile
+.It VerifyHostKeyDNS
+.It XAuthLocation
+.El
 .It Fl p Ar port
 Port to connect to on the remote host.
 This can be specified on a
@@ -545,11 +670,40 @@ Only fatal errors are displayed.
 If a second
 .Fl q
 is given then even fatal errors are suppressed.
+.It Fl R Xo
+.Sm off
+.Ar port : host : hostport
+.Sm on
+.Xc
+Specifies that the given port on the remote (server) host is to be
+forwarded to the given host and port on the local side.
+This works by allocating a socket to listen to
+.Ar port
+on the remote side, and whenever a connection is made to this port, the
+connection is forwarded over the secure channel, and a connection is
+made to
+.Ar host
+port
+.Ar hostport
+from the local machine.
+Port forwardings can also be specified in the configuration file.
+Privileged ports can be forwarded only when
+logging in as root on the remote machine.
+IPv6 addresses can be specified with an alternative syntax:
+.Sm off
+.Xo
+.Ar port No / Ar host No /
+.Ar hostport .
+.Xc
+.Sm on
 .It Fl s
 May be used to request invocation of a subsystem on the remote system.
 Subsystems are a feature of the SSH2 protocol which facilitate the use
-of SSH as a secure transport for other applications (eg. sftp).
+of SSH as a secure transport for other applications (eg.\&
+.Xr sftp 1 ) .
 The subsystem is specified as the remote command.
+.It Fl T
+Disable pseudo-tty allocation.
 .It Fl t
 Force pseudo-tty allocation.
 This can be used to execute arbitrary
@@ -560,8 +714,8 @@ Multiple
 options force tty allocation, even if
 .Nm
 has no local tty.
-.It Fl T
-Disable pseudo-tty allocation.
+.It Fl V
+Display the version number and exit.
 .It Fl v
 Verbose mode.
 Causes
@@ -573,10 +727,6 @@ Multiple
 .Fl v
 options increase the verbosity.
 The maximum is 3.
-.It Fl V
-Display the version number and exit.
-.It Fl x
-Disables X11 forwarding.
 .It Fl X
 Enables X11 forwarding.
 This can also be specified on a per-host basis in a configuration file.
@@ -586,94 +736,10 @@ Users with the ability to bypass file permissions on the remote host
 (for the user's X authorization database)
 can access the local X11 display through the forwarded connection.
 An attacker may then be able to perform activities such as keystroke monitoring.
-.It Fl C
-Requests compression of all data (including stdin, stdout, stderr, and
-data for forwarded X11 and TCP/IP connections).
-The compression algorithm is the same used by
-.Xr gzip 1 ,
-and the
-.Dq level
-can be controlled by the
-.Cm CompressionLevel
-option for protocol version 1.
-Compression is desirable on modem lines and other
-slow connections, but will only slow down things on fast networks.
-The default value can be set on a host-by-host basis in the
-configuration files; see the
-.Cm Compression
-option.
-.It Fl F Ar configfile
-Specifies an alternative per-user configuration file.
-If a configuration file is given on the command line,
-the system-wide configuration file
-.Pq Pa /etc/ssh/ssh_config
-will be ignored.
-The default for the per-user configuration file is
-.Pa $HOME/.ssh/config .
-.It Fl L Ar port:host:hostport
-Specifies that the given port on the local (client) host is to be
-forwarded to the given host and port on the remote side.
-This works by allocating a socket to listen to
-.Ar port
-on the local side, and whenever a connection is made to this port, the
-connection is forwarded over the secure channel, and a connection is
-made to
-.Ar host
-port
-.Ar hostport
-from the remote machine.
-Port forwardings can also be specified in the configuration file.
-Only root can forward privileged ports.
-IPv6 addresses can be specified with an alternative syntax:
-.Ar port/host/hostport
-.It Fl R Ar port:host:hostport
-Specifies that the given port on the remote (server) host is to be
-forwarded to the given host and port on the local side.
-This works by allocating a socket to listen to
-.Ar port
-on the remote side, and whenever a connection is made to this port, the
-connection is forwarded over the secure channel, and a connection is
-made to
-.Ar host
-port
-.Ar hostport
-from the local machine.
-Port forwardings can also be specified in the configuration file.
-Privileged ports can be forwarded only when
-logging in as root on the remote machine.
-IPv6 addresses can be specified with an alternative syntax:
-.Ar port/host/hostport
-.It Fl D Ar port
-Specifies a local
-.Dq dynamic
-application-level port forwarding.
-This works by allocating a socket to listen to
-.Ar port
-on the local side, and whenever a connection is made to this port, the
-connection is forwarded over the secure channel, and the application
-protocol is then used to determine where to connect to from the
-remote machine.
-Currently the SOCKS4 and SOCKS5 protocols are supported, and
-.Nm
-will act as a SOCKS server.
-Only root can forward privileged ports.
-Dynamic port forwardings can also be specified in the configuration file.
-.It Fl 1
-Forces
-.Nm
-to try protocol version 1 only.
-.It Fl 2
-Forces
-.Nm
-to try protocol version 2 only.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
+.It Fl x
+Disables X11 forwarding.
+.It Fl Y
+Enables trusted X11 forwarding.
 .El
 .Sh CONFIGURATION FILES
 .Nm
@@ -684,7 +750,7 @@ The file format and configuration options are described in
 .Sh ENVIRONMENT
 .Nm
 will normally set the following environment variables:
-.Bl -tag -width Ds
+.Bl -tag -width LOGNAME
 .It Ev DISPLAY
 The
 .Ev DISPLAY
@@ -694,7 +760,7 @@ It is automatically set by
 to point to a value of the form
 .Dq hostname:n
 where hostname indicates
-the host where the shell runs, and n is an integer >= 1.
+the host where the shell runs, and n is an integer \*(Ge 1.
 .Nm
 uses this special value to forward X11 connections over the secure
 channel.
@@ -772,7 +838,7 @@ and adds lines of the format
 .Dq VARNAME=value
 to the environment if the file exists and if users are allowed to
 change their environment.
-See the
+For more information, see the
 .Cm PermitUserEnvironment
 option in
 .Xr sshd_config 5 .
@@ -801,7 +867,7 @@ Contains the public key for authentication (public part of the
 identity file in human-readable form).
 The contents of the
 .Pa $HOME/.ssh/identity.pub
-file should be added to
+file should be added to the file
 .Pa $HOME/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using protocol version 1 RSA authentication.
@@ -827,7 +893,8 @@ Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described in the
 .Xr sshd 8
 manual page.
-In the simplest form the format is the same as the .pub
+In the simplest form the format is the same as the
+.Pa .pub
 identity files.
 This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
@@ -843,7 +910,7 @@ by spaces): system name, public key and optional comment field.
 When different names are used
 for the same machine, all such names should be listed, separated by
 commas.
-The format is described on the
+The format is described in the
 .Xr sshd 8
 manual page.
 .Pp
@@ -883,7 +950,7 @@ By default
 is not setuid root.
 .It Pa $HOME/.rhosts
 This file is used in
-.Pa \&.rhosts
+.Em rhosts
 authentication to list the
 host/user pairs that are permitted to log in.
 (Note that this file is
@@ -905,7 +972,9 @@ accessible by others.
 Note that by default
 .Xr sshd 8
 will be installed so that it requires successful RSA host
-authentication before permitting \s+2.\s0rhosts authentication.
+authentication before permitting
+.Em rhosts
+authentication.
 If the server machine does not have the client's host key in
 .Pa /etc/ssh/ssh_known_hosts ,
 it can be stored in
@@ -916,21 +985,20 @@ will automatically add the host key to
 .Pa $HOME/.ssh/known_hosts .
 .It Pa $HOME/.shosts
 This file is used exactly the same way as
-.Pa \&.rhosts .
+.Pa .rhosts .
 The purpose for
 having this file is to be able to use rhosts authentication with
 .Nm
 without permitting login with
-.Nm rlogin
+.Xr rlogin
 or
 .Xr rsh 1 .
 .It Pa /etc/hosts.equiv
 This file is used during
-.Pa \&.rhosts
+.Em rhosts
 authentication.
 It contains
-canonical hosts names, one per line (the full format is described on
-the
+canonical hosts names, one per line (the full format is described in the
 .Xr sshd 8
 manual page).
 If the client host is found in this file, login is
@@ -970,6 +1038,7 @@ above.
 exits with the exit status of the remote command or with 255
 if an error occurred.
 .Sh SEE ALSO
+.Xr gzip 1 ,
 .Xr rsh 1 ,
 .Xr scp 1 ,
 .Xr sftp 1 ,
@@ -978,6 +1047,7 @@ if an error occurred.
 .Xr ssh-argv0 1 ,
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
+.Xr hosts.equiv 5 ,
 .Xr ssh_config 5 ,
 .Xr ssh-keysign 8 ,
 .Xr sshd 8
diff --git a/ssh.c b/ssh.c
index ca279fbb8..05960af98 100644
--- a/ssh.c
+++ b/ssh.c
@@ -13,7 +13,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  *
  * Copyright (c) 1999 Niels Provos.  All rights reserved.
- * Copyright (c) 2000, 2001, 2002 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl.  All rights reserved.
  *
  * Modified to work with SSL by Niels Provos <provos@citi.umich.edu>
  * in Canada (German citizen).
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.206 2003/12/16 15:49:51 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -155,6 +155,7 @@ usage(void)
         fprintf(stderr, "  -A          Enable authentication agent forwarding.\n");
         fprintf(stderr, "  -a          Disable authentication agent forwarding (default).\n");
         fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
+        fprintf(stderr, "  -Y          Enable trusted X11 connection forwarding.\n");
         fprintf(stderr, "  -x          Disable X11 connection forwarding (default).\n");
         fprintf(stderr, "  -i file     Identity for public key authentication "
             "(default: ~/.ssh/identity)\n");
@@ -204,7 +205,7 @@ main(int ac, char **av)
         int i, opt, exit_status;
         u_short fwd_port, fwd_host_port;
         char sfwd_port[6], sfwd_host_port[6];
-        char *p, *cp, buf[256];
+        char *p, *cp, *line, buf[256];
         struct stat st;
         struct passwd *pw;
         int dummy;
@@ -220,7 +221,7 @@ main(int ac, char **av)
          */
         original_real_uid = getuid();
         original_effective_uid = geteuid();
- 
+
         /*
          * Use uid-swapping to give up root privileges for the duration of
          * option processing.  We will re-instantiate the rights when we are
@@ -264,7 +265,7 @@ main(int ac, char **av)
 
 again:
         while ((opt = getopt(ac, av,
-            "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVX")) != -1) {
+            "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVXY")) != -1) {
                 switch (opt) {
                 case '1':
                         options.protocol = SSH_PROTO_1;
@@ -291,6 +292,10 @@ again:
                 case 'X':
                         options.forward_x11 = 1;
                         break;
+                case 'Y':
+                        options.forward_x11 = 1;
+                        options.forward_x11_trusted = 1;
+                        break;
                 case 'g':
                         options.gateway_ports = 1;
                         break;
@@ -304,7 +309,7 @@ again:
                         options.forward_agent = 1;
                         break;
                 case 'k':
-                        /* ignored for backward compatibility */
+                        options.gss_deleg_creds = 0;
                         break;
                 case 'i':
                         if (stat(optarg, &st) < 0) {
@@ -464,9 +469,11 @@ again:
                         break;
                 case 'o':
                         dummy = 1;
+                        line = xstrdup(optarg);
                         if (process_config_line(&options, host ? host : "",
-                            optarg, "command-line", 0, &dummy) != 0)
+                            line, "command-line", 0, &dummy) != 0)
                                 exit(1);
+                        xfree(line);
                         break;
                 case 's':
                         subsystem_flag = 1;
@@ -717,7 +724,7 @@ again:
         packet_close();
 
         /*
-         * Send SIGHUP to proxy command if used. We don't wait() in 
+         * Send SIGHUP to proxy command if used. We don't wait() in
          * case it hangs and instead rely on init to reap the child
          */
         if (proxy_command_pid > 1)
@@ -726,19 +733,25 @@ again:
         return exit_status;
 }
 
+#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
+
 static void
 x11_get_proto(char **_proto, char **_data)
 {
+        char cmd[1024];
         char line[512];
+        char xdisplay[512];
         static char proto[512], data[512];
         FILE *f;
-        int got_data = 0, i;
-        char *display;
+        int got_data = 0, generated = 0, do_unlink = 0, i;
+        char *display, *xauthdir, *xauthfile;
         struct stat st;
 
+        xauthdir = xauthfile = NULL;
         *_proto = proto;
         *_data = data;
         proto[0] = data[0] = '\0';
+
         if (!options.xauth_location ||
             (stat(options.xauth_location, &st) == -1)) {
                 debug("No xauth program.");
@@ -747,28 +760,59 @@ x11_get_proto(char **_proto, char **_data)
                         debug("x11_get_proto: DISPLAY not set");
                         return;
                 }
-                /* Try to get Xauthority information for the display. */
-                if (strncmp(display, "localhost:", 10) == 0)
-                        /*
-                         * Handle FamilyLocal case where $DISPLAY does
-                         * not match an authorization entry.  For this we
-                         * just try "xauth list unix:displaynum.screennum".
-                         * XXX: "localhost" match to determine FamilyLocal
-                         *      is not perfect.
-                         */
-                        snprintf(line, sizeof line, "%s list unix:%s 2>"
-                            _PATH_DEVNULL, options.xauth_location, display+10);
-                else
-                        snprintf(line, sizeof line, "%s list %.200s 2>"
-                            _PATH_DEVNULL, options.xauth_location, display);
-                debug2("x11_get_proto: %s", line);
-                f = popen(line, "r");
+                /*
+                 * Handle FamilyLocal case where $DISPLAY does
+                 * not match an authorization entry.  For this we
+                 * just try "xauth list unix:displaynum.screennum".
+                 * XXX: "localhost" match to determine FamilyLocal
+                 *      is not perfect.
+                 */
+                if (strncmp(display, "localhost:", 10) == 0) {
+                        snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
+                            display + 10);
+                        display = xdisplay;
+                }
+                if (options.forward_x11_trusted == 0) {
+                        xauthdir = xmalloc(MAXPATHLEN);
+                        xauthfile = xmalloc(MAXPATHLEN);
+                        strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
+                        if (mkdtemp(xauthdir) != NULL) {
+                                do_unlink = 1;
+                                snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
+                                    xauthdir);
+                                snprintf(cmd, sizeof(cmd),
+                                    "%s -f %s generate %s " SSH_X11_PROTO
+                                    " untrusted timeout 120 2>" _PATH_DEVNULL,
+                                    options.xauth_location, xauthfile, display);
+                                debug2("x11_get_proto: %s", cmd);
+                                if (system(cmd) == 0)
+                                        generated = 1;
+                        }
+                }
+                snprintf(cmd, sizeof(cmd),
+                    "%s %s%s list %s . 2>" _PATH_DEVNULL,
+                    options.xauth_location,
+                    generated ? "-f " : "" ,
+                    generated ? xauthfile : "",
+                    display);
+                debug2("x11_get_proto: %s", cmd);
+                f = popen(cmd, "r");
                 if (f && fgets(line, sizeof(line), f) &&
                     sscanf(line, "%*s %511s %511s", proto, data) == 2)
                         got_data = 1;
                 if (f)
                         pclose(f);
         }
+
+        if (do_unlink) {
+                unlink(xauthfile);
+                rmdir(xauthdir);
+        }
+        if (xauthdir)
+                xfree(xauthdir);
+        if (xauthfile)
+                xfree(xauthfile);
+
         /*
          * If we didn't get authentication data, just make up some
          * data.  The forwarding code will check the validity of the
@@ -780,12 +824,14 @@ x11_get_proto(char **_proto, char **_data)
         if (!got_data) {
                 u_int32_t rand = 0;
 
-                logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
-                strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
+                logit("Warning: No xauth data; "
+                    "using fake authentication data for X11 forwarding.");
+                strlcpy(proto, SSH_X11_PROTO, sizeof proto);
                 for (i = 0; i < 16; i++) {
                         if (i % 4 == 0)
                                 rand = arc4random();
-                        snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff);
+                        snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
+                            rand & 0xff);
                         rand >>= 8;
                 }
         }
@@ -988,16 +1034,13 @@ client_subsystem_reply(int type, u_int32_t seq, void *ctxt)
 }
 
 void
-client_global_request_reply(int type, u_int32_t seq, void *ctxt)
+client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt)
 {
         int i;
 
         i = client_global_request_id++;
-        if (i >= options.num_remote_forwards) {
-                debug("client_global_request_reply: too many replies %d > %d",
-                    i, options.num_remote_forwards);
+        if (i >= options.num_remote_forwards)
                 return;
-        }
         debug("remote forward %s for: listen %d, connect %s:%d",
             type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
             options.remote_forwards[i].port,
diff --git a/ssh.h b/ssh.h
index e88b9b83e..a3b2ebbb5 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh.h,v 1.74 2003/09/01 13:52:18 markus Exp $ */
+/*      $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -103,4 +103,7 @@
 /* Minimum modulus size (n) for RSA keys. */
 #define SSH_RSA_MINIMUM_MODULUS_SIZE    768
 
+/* Listen backlog for sshd, ssh-agent and forwarding sockets */
+#define SSH_LISTEN_BACKLOG              128
+
 #endif                          /* SSH_H */
diff --git a/ssh_config.0 b/ssh_config.0
index a8687ffc2..40e9d3001 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -1,4 +1,4 @@
-SSH_CONFIG(5)               BSD File Formats Manual              SSH_CONFIG(5)
+SSH_CONFIG(5)             OpenBSD Programmer's Manual            SSH_CONFIG(5)
 
 NAME
      ssh_config - OpenSSH SSH client configuration files
@@ -11,11 +11,11 @@ DESCRIPTION
      ssh obtains configuration data from the following sources in the follow-
      ing order:
            1.   command-line options
-           2.   userM-bM-^@M-^Ys configuration file ($HOME/.ssh/config)
+           2.   user's configuration file ($HOME/.ssh/config)
            3.   system-wide configuration file (/etc/ssh/ssh_config)
 
      For each parameter, the first obtained value will be used.  The configu-
-     ration files contain sections bracketed by M-bM-^@M-^\HostM-bM-^@M-^] specifications, and
+     ration files contain sections bracketed by ``Host'' specifications, and
      that section is only applied for hosts that match one of the patterns
      given in the specification.  The matched host name is the one given on
      the command line.
@@ -26,11 +26,11 @@ DESCRIPTION
 
      The configuration file has the following format:
 
-     Empty lines and lines starting with M-bM-^@M-^X#M-bM-^@M-^Y are comments.
+     Empty lines and lines starting with `#' are comments.
 
-     Otherwise a line is of the format M-bM-^@M-^\keyword argumentsM-bM-^@M-^].  Configuration
+     Otherwise a line is of the format ``keyword arguments''.  Configuration
      options may be separated by whitespace or optional whitespace and exactly
-     one M-bM-^@M-^X=M-bM-^@M-^Y; the latter format is useful to avoid the need to quote whites-
+     one `='; the latter format is useful to avoid the need to quote whites-
      pace when specifying configuration options using the ssh, scp and sftp -o
      option.
 
@@ -39,54 +39,54 @@ DESCRIPTION
 
      Host    Restricts the following declarations (up to the next Host key-
              word) to be only for those hosts that match one of the patterns
-             given after the keyword.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards in
-             the patterns.  A single M-bM-^@M-^X*M-bM-^@M-^Y as a pattern can be used to provide
+             given after the keyword.  `*' and `?' can be used as wildcards in
+             the patterns.  A single `*' as a pattern can be used to provide
              global defaults for all hosts.  The host is the hostname argument
              given on the command line (i.e., the name is not converted to a
              canonicalized host name before matching).
 
      AddressFamily
-             Specifies which address family to use when connecting.  Valid
-             arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (Use IPv4 only) or M-bM-^@M-^\inet6M-bM-^@M-^] (Use IPv6
-             only.)
+             Specifies which address family to use when connecting.  Valid ar-
+             guments are ``any'', ``inet'' (Use IPv4 only) or ``inet6'' (Use
+             IPv6 only.)
 
      BatchMode
-             If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled.
+             If set to ``yes'', passphrase/password querying will be disabled.
              This option is useful in scripts and other batch jobs where no
              user is present to supply the password.  The argument must be
-             M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             ``yes'' or ``no''.  The default is ``no''.
 
      BindAddress
              Specify the interface to transmit from on machines with multiple
              interfaces or aliased addresses.  Note that this option does not
-             work if UsePrivilegedPort is set to M-bM-^@M-^\yesM-bM-^@M-^].
+             work if UsePrivilegedPort is set to ``yes''.
 
      ChallengeResponseAuthentication
              Specifies whether to use challenge response authentication.  The
-             argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is
-             M-bM-^@M-^\yesM-bM-^@M-^].
+             argument to this keyword must be ``yes'' or ``no''.  The default
+             is ``yes''.
 
      CheckHostIP
-             If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh will additionally check the
-             host IP address in the known_hosts file.  This allows ssh to
-             detect if a host key changed due to DNS spoofing.  If the option
-             is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed.  The default is
-             M-bM-^@M-^\yesM-bM-^@M-^].
+             If this flag is set to ``yes'', ssh will additionally check the
+             host IP address in the known_hosts file.  This allows ssh to de-
+             tect if a host key changed due to DNS spoofing.  If the option is
+             set to ``no'', the check will not be executed.  The default is
+             ``yes''.
 
      Cipher  Specifies the cipher to use for encrypting the session in proto-
-             col version 1.  Currently, M-bM-^@M-^\blowfishM-bM-^@M-^], M-bM-^@M-^\3desM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^] are sup-
-             ported.  des is only supported in the ssh client for interoper-
-             ability with legacy protocol 1 implementations that do not sup-
-             port the 3des cipher.  Its use is strongly discouraged due to
-             cryptographic weaknesses.  The default is M-bM-^@M-^\3desM-bM-^@M-^].
+             col version 1.  Currently, ``blowfish'', ``3des'', and ``des''
+             are supported.  des is only supported in the ssh client for in-
+             teroperability with legacy protocol 1 implementations that do not
+             support the 3des cipher.  Its use is strongly discouraged due to
+             cryptographic weaknesses.  The default is ``3des''.
 
      Ciphers
              Specifies the ciphers allowed for protocol version 2 in order of
-             preference.  Multiple ciphers must be comma-separated.  The
-             default is
+             preference.  Multiple ciphers must be comma-separated.  The de-
+             fault is
 
-               M-bM-^@M-^XM-bM-^@M-^Xaes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
-                 aes192-cbc,aes256-cbcM-bM-^@M-^YM-bM-^@M-^Y
+               ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+                 aes192-cbc,aes256-cbc''
 
      ClearAllForwardings
              Specifies that all local, remote and dynamic port forwardings
@@ -94,11 +94,11 @@ DESCRIPTION
              cleared.  This option is primarily useful when used from the ssh
              command line to clear port forwardings set in configuration
              files, and is automatically set by scp(1) and sftp(1).  The argu-
-             ment must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             ment must be ``yes'' or ``no''.  The default is ``no''.
 
      Compression
-             Specifies whether to use compression.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^]
-             or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             Specifies whether to use compression.  The argument must be
+             ``yes'' or ``no''.  The default is ``no''.
 
      CompressionLevel
              Specifies the compression level to use if compression is enabled.
@@ -108,97 +108,111 @@ DESCRIPTION
              option applies to protocol version 1 only.
 
      ConnectionAttempts
-             Specifies the number of tries (one per second) to make before
-             exiting.  The argument must be an integer.  This may be useful in
+             Specifies the number of tries (one per second) to make before ex-
+             iting.  The argument must be an integer.  This may be useful in
              scripts if the connection sometimes fails.  The default is 1.
 
      ConnectTimeout
              Specifies the timeout (in seconds) used when connecting to the
              ssh server, instead of using the default system TCP timeout.
-             This value is used only when the target is down or really
-             unreachable, not when it refuses the connection.
+             This value is used only when the target is down or really un-
+             reachable, not when it refuses the connection.
 
      DynamicForward
              Specifies that a TCP/IP port on the local machine be forwarded
              over the secure channel, and the application protocol is then
              used to determine where to connect to from the remote machine.
              The argument must be a port number.  Currently the SOCKS4 and
-             SOCKS5 protocols are supported, and ssh will act as a SOCKS
-             server.  Multiple forwardings may be specified, and additional
-             forwardings can be given on the command line.  Only the superuser
+             SOCKS5 protocols are supported, and ssh will act as a SOCKS serv-
+             er.  Multiple forwardings may be specified, and additional for-
+             wardings can be given on the command line.  Only the superuser
              can forward privileged ports.
 
      EnableSSHKeysign
-             Setting this option to M-bM-^@M-^\yesM-bM-^@M-^] in the global client configuration
+             Setting this option to ``yes'' in the global client configuration
              file /etc/ssh/ssh_config enables the use of the helper program
              ssh-keysign(8) during HostbasedAuthentication.  The argument must
-             be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].  See ssh-keysign(8) for
-             more information.
+             be ``yes'' or ``no''.  The default is ``no''.  This option should
+             be placed in the non-hostspecific section.  See ssh-keysign(8)
+             for more information.
 
      EscapeChar
-             Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y).  The escape character
+             Sets the escape character (default: `~').  The escape character
              can also be set on the command line.  The argument should be a
-             single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or M-bM-^@M-^\noneM-bM-^@M-^] to disable
-             the escape character entirely (making the connection transparent
-             for binary data).
+             single character, `^' followed by a letter, or ``none'' to dis-
+             able the escape character entirely (making the connection trans-
+             parent for binary data).
 
      ForwardAgent
              Specifies whether the connection to the authentication agent (if
              any) will be forwarded to the remote machine.  The argument must
-             be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             be ``yes'' or ``no''.  The default is ``no''.
 
              Agent forwarding should be enabled with caution.  Users with the
              ability to bypass file permissions on the remote host (for the
-             agentM-bM-^@M-^Ys Unix-domain socket) can access the local agent through
+             agent's Unix-domain socket) can access the local agent through
              the forwarded connection.  An attacker cannot obtain key material
              from the agent, however they can perform operations on the keys
              that enable them to authenticate using the identities loaded into
              the agent.
 
      ForwardX11
-             Specifies whether X11 connections will be automatically redi-
-             rected over the secure channel and DISPLAY set.  The argument
-             must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             Specifies whether X11 connections will be automatically redirect-
+             ed over the secure channel and DISPLAY set.  The argument must be
+             ``yes'' or ``no''.  The default is ``no''.
 
              X11 forwarding should be enabled with caution.  Users with the
              ability to bypass file permissions on the remote host (for the
-             userM-bM-^@M-^Ys X authorization database) can access the local X11 display
-             through the forwarded connection.  An attacker may then be able
-             to perform activities such as keystroke monitoring.
+             user's X11 authorization database) can access the local X11 dis-
+             play through the forwarded connection.  An attacker may then be
+             able to perform activities such as keystroke monitoring if the
+             ForwardX11Trusted option is also enabled.
+
+     ForwardX11Trusted
+             If the this option is set to ``yes'' then remote X11 clients will
+             have full access to the original X11 display.  If this option is
+             set to ``no'' then remote X11 clients will be considered untrust-
+             ed and prevented from stealing or tampering with data belonging
+             to trusted X11 clients.
+
+             The default is ``no''.
+
+             See the X11 SECURITY extension specification for full details on
+             the restrictions imposed on untrusted clients.
 
      GatewayPorts
              Specifies whether remote hosts are allowed to connect to local
              forwarded ports.  By default, ssh binds local port forwardings to
              the loopback address.  This prevents other remote hosts from con-
              necting to forwarded ports.  GatewayPorts can be used to specify
-             that ssh should bind local port forwardings to the wildcard
-             address, thus allowing remote hosts to connect to forwarded
-             ports.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             that ssh should bind local port forwardings to the wildcard ad-
+             dress, thus allowing remote hosts to connect to forwarded ports.
+             The argument must be ``yes'' or ``no''.  The default is ``no''.
 
      GlobalKnownHostsFile
              Specifies a file to use for the global host key database instead
              of /etc/ssh/ssh_known_hosts.
 
      GSSAPIAuthentication
-             Specifies whether authentication based on GSSAPI may be used,
-             either using the result of a successful key exchange, or using
-             GSSAPI user authentication.  The default is M-bM-^@M-^\yesM-bM-^@M-^].  Note that
-             this option applies to protocol version 2 only.
+             Specifies whether user authentication based on GSSAPI is allowed.
+             The default is ``no''.  Note that this option applies to protocol
+             version 2 only.
 
      GSSAPIDelegateCredentials
              Forward (delegate) credentials to the server.  The default is
-             M-bM-^@M-^\noM-bM-^@M-^].  Note that this option applies to protocol version 2 only.
+             ``no''.  Note that this option applies to protocol version 2 on-
+             ly.
 
      HostbasedAuthentication
              Specifies whether to try rhosts based authentication with public
-             key authentication.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
-             default is M-bM-^@M-^\noM-bM-^@M-^].  This option applies to protocol version 2 only
-             and is similar to RhostsRSAAuthentication.
+             key authentication.  The argument must be ``yes'' or ``no''.  The
+             default is ``no''.  This option applies to protocol version 2 on-
+             ly and is similar to RhostsRSAAuthentication.
 
      HostKeyAlgorithms
              Specifies the protocol version 2 host key algorithms that the
              client wants to use in order of preference.  The default for this
-             option is: M-bM-^@M-^\ssh-rsa,ssh-dssM-bM-^@M-^].
+             option is: ``ssh-rsa,ssh-dss''.
 
      HostKeyAlias
              Specifies an alias that should be used instead of the real host
@@ -214,29 +228,16 @@ DESCRIPTION
              tions).
 
      IdentityFile
-             Specifies a file from which the userM-bM-^@M-^Ys RSA or DSA authentication
+             Specifies a file from which the user's RSA or DSA authentication
              identity is read.  The default is $HOME/.ssh/identity for proto-
              col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for
              protocol version 2.  Additionally, any identities represented by
              the authentication agent will be used for authentication.  The
-             file name may use the tilde syntax to refer to a userM-bM-^@M-^Ys home
-             directory.  It is possible to have multiple identity files speci-
+             file name may use the tilde syntax to refer to a user's home di-
+             rectory.  It is possible to have multiple identity files speci-
              fied in configuration files; all these identities will be tried
              in sequence.
 
-     KeepAlive
-             Specifies whether the system should send TCP keepalive messages
-             to the other side.  If they are sent, death of the connection or
-             crash of one of the machines will be properly noticed.  However,
-             this means that connections will die if the route is down tem-
-             porarily, and some people find it annoying.
-
-             The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the client will
-             notice if the network goes down or the remote host dies.  This is
-             important in scripts, and many users want it too.
-
-             To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^].
-
      LocalForward
              Specifies that a TCP/IP port on the local machine be forwarded
              over the secure channel to the specified host and port from the
@@ -253,20 +254,20 @@ DESCRIPTION
              DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify
              higher levels of verbose output.
 
-     MACs    Specifies the MAC (message authentication code) algorithms in
-             order of preference.  The MAC algorithm is used in protocol ver-
-             sion 2 for data integrity protection.  Multiple algorithms must
-             be comma-separated.  The default is
-             M-bM-^@M-^\hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96M-bM-^@M-^].
+     MACs    Specifies the MAC (message authentication code) algorithms in or-
+             der of preference.  The MAC algorithm is used in protocol version
+             2 for data integrity protection.  Multiple algorithms must be
+             comma-separated.  The default is ``hmac-md5,hmac-sha1,hmac-
+             ripemd160,hmac-sha1-96,hmac-md5-96''.
 
      NoHostAuthenticationForLocalhost
              This option can be used if the home directory is shared across
-             machines.  In this case localhost will refer to a different
-             machine on each of the machines and the user will get many warn-
-             ings about changed host keys.  However, this option disables host
-             authentication for localhost.  The argument to this keyword must
-             be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is to check the host key for
-             localhost.
+             machines.  In this case localhost will refer to a different ma-
+             chine on each of the machines and the user will get many warnings
+             about changed host keys.  However, this option disables host au-
+             thentication for localhost.  The argument to this keyword must be
+             ``yes'' or ``no''.  The default is to check the host key for lo-
+             calhost.
 
      NumberOfPasswordPrompts
              Specifies the number of password prompts before giving up.  The
@@ -274,43 +275,44 @@ DESCRIPTION
 
      PasswordAuthentication
              Specifies whether to use password authentication.  The argument
-             to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\yesM-bM-^@M-^].
+             to this keyword must be ``yes'' or ``no''.  The default is
+             ``yes''.
 
      Port    Specifies the port number to connect on the remote host.  Default
              is 22.
 
      PreferredAuthentications
-             Specifies the order in which the client should try protocol 2
-             authentication methods.  This allows a client to prefer one
-             method (e.g.  keyboard-interactive) over another method (e.g.
-             password) The default for this option is:
-             M-bM-^@M-^\hostbased,publickey,keyboard-interactive,passwordM-bM-^@M-^].
+             Specifies the order in which the client should try protocol 2 au-
+             thentication methods.  This allows a client to prefer one method
+             (e.g.  keyboard-interactive) over another method (e.g.  password)
+             The default for this option is: ``hostbased,publickey,keyboard-
+             interactive,password''.
 
      Protocol
              Specifies the protocol versions ssh should support in order of
-             preference.  The possible values are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^].  Multiple ver-
-             sions must be comma-separated.  The default is M-bM-^@M-^\2,1M-bM-^@M-^].  This means
-             that ssh tries version 2 and falls back to version 1 if version 2
-             is not available.
+             preference.  The possible values are ``1'' and ``2''.  Multiple
+             versions must be comma-separated.  The default is ``2,1''.  This
+             means that ssh tries version 2 and falls back to version 1 if
+             version 2 is not available.
 
      ProxyCommand
              Specifies the command to use to connect to the server.  The com-
              mand string extends to the end of the line, and is executed with
-             /bin/sh.  In the command string, M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the
-             host name to connect and M-bM-^@M-^X%pM-bM-^@M-^Y by the port.  The command can be
+             /bin/sh.  In the command string, `%h' will be substituted by the
+             host name to connect and `%p' by the port.  The command can be
              basically anything, and should read from its standard input and
              write to its standard output.  It should eventually connect an
              sshd(8) server running on some machine, or execute sshd -i some-
              where.  Host key management will be done using the HostName of
-             the host being connected (defaulting to the name typed by the
-             user).  Setting the command to M-bM-^@M-^\noneM-bM-^@M-^] disables this option
-             entirely.  Note that CheckHostIP is not available for connects
-             with a proxy command.
+             the host being connected (defaulting to the name typed by the us-
+             er).  Setting the command to ``none'' disables this option en-
+             tirely.  Note that CheckHostIP is not available for connects with
+             a proxy command.
 
      PubkeyAuthentication
              Specifies whether to try public key authentication.  The argument
-             to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\yesM-bM-^@M-^].
-             This option applies to protocol version 2 only.
+             to this keyword must be ``yes'' or ``no''.  The default is
+             ``yes''.  This option applies to protocol version 2 only.
 
      RemoteForward
              Specifies that a TCP/IP port on the remote machine be forwarded
@@ -323,45 +325,85 @@ DESCRIPTION
 
      RhostsRSAAuthentication
              Specifies whether to try rhosts based authentication with RSA
-             host authentication.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
-             default is M-bM-^@M-^\noM-bM-^@M-^].  This option applies to protocol version 1 only
-             and requires ssh to be setuid root.
+             host authentication.  The argument must be ``yes'' or ``no''.
+             The default is ``no''.  This option applies to protocol version 1
+             only and requires ssh to be setuid root.
 
      RSAAuthentication
              Specifies whether to try RSA authentication.  The argument to
-             this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  RSA authentication will only
-             be attempted if the identity file exists, or an authentication
-             agent is running.  The default is M-bM-^@M-^\yesM-bM-^@M-^].  Note that this option
-             applies to protocol version 1 only.
+             this keyword must be ``yes'' or ``no''.  RSA authentication will
+             only be attempted if the identity file exists, or an authentica-
+             tion agent is running.  The default is ``yes''.  Note that this
+             option applies to protocol version 1 only.
+
+     ServerAliveInterval
+             Sets a timeout interval in seconds after which if no data has
+             been received from the server, ssh will send a message through
+             the encrypted channel to request a response from the server.  The
+             default is 0, indicating that these messages will not be sent to
+             the server.  This option applies to protocol version 2 only.
+
+     ServerAliveCountMax
+             Sets the number of server alive messages (see above) which may be
+             sent without ssh receiving any messages back from the server.  If
+             this threshold is reached while server alive messages are being
+             sent, ssh will disconnect from the server, terminating the ses-
+             sion.  It is important to note that the use of server alive mes-
+             sages is very different from TCPKeepAlive (below).  The server
+             alive messages are sent through the encrypted channel and there-
+             fore will not be spoofable.  The TCP keepalive option enabled by
+             TCPKeepAlive is spoofable.  The server alive mechanism is valu-
+             able when the client or server depend on knowing when a connec-
+             tion has become inactive.
+
+             The default value is 3.  If, for example, ServerAliveInterval
+             (above) is set to 15, and ServerAliveCountMax is left at the de-
+             fault, if the server becomes unresponsive ssh will disconnect af-
+             ter approximately 45 seconds.
 
      SmartcardDevice
              Specifies which smartcard device to use.  The argument to this
              keyword is the device ssh should use to communicate with a smart-
-             card used for storing the userM-bM-^@M-^Ys private RSA key.  By default, no
+             card used for storing the user's private RSA key.  By default, no
              device is specified and smartcard support is not activated.
 
      StrictHostKeyChecking
-             If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh will never automatically add
+             If this flag is set to ``yes'', ssh will never automatically add
              host keys to the $HOME/.ssh/known_hosts file, and refuses to con-
              nect to hosts whose host key has changed.  This provides maximum
              protection against trojan horse attacks, however, can be annoying
              when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
              connections to new hosts are frequently made.  This option forces
              the user to manually add all new hosts.  If this flag is set to
-             M-bM-^@M-^\noM-bM-^@M-^], ssh will automatically add new host keys to the user known
-             hosts files.  If this flag is set to M-bM-^@M-^\askM-bM-^@M-^], new host keys will be
-             added to the user known host files only after the user has con-
-             firmed that is what they really want to do, and ssh will refuse
-             to connect to hosts whose host key has changed.  The host keys of
-             known hosts will be verified automatically in all cases.  The
-             argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^] or M-bM-^@M-^\askM-bM-^@M-^].  The default is M-bM-^@M-^\askM-bM-^@M-^].
+             ``no'', ssh will automatically add new host keys to the user
+             known hosts files.  If this flag is set to ``ask'', new host keys
+             will be added to the user known host files only after the user
+             has confirmed that is what they really want to do, and ssh will
+             refuse to connect to hosts whose host key has changed.  The host
+             keys of known hosts will be verified automatically in all cases.
+             The argument must be ``yes'', ``no'' or ``ask''.  The default is
+             ``ask''.
+
+     TCPKeepAlive
+             Specifies whether the system should send TCP keepalive messages
+             to the other side.  If they are sent, death of the connection or
+             crash of one of the machines will be properly noticed.  However,
+             this means that connections will die if the route is down tem-
+             porarily, and some people find it annoying.
+
+             The default is ``yes'' (to send TCP keepalive messages), and the
+             client will notice if the network goes down or the remote host
+             dies.  This is important in scripts, and many users want it too.
+
+             To disable TCP keepalive messages, the value should be set to
+             ``no''.
 
      UsePrivilegedPort
              Specifies whether to use a privileged port for outgoing connec-
-             tions.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
-             If set to M-bM-^@M-^\yesM-bM-^@M-^] ssh must be setuid root.  Note that this option
-             must be set to M-bM-^@M-^\yesM-bM-^@M-^] for RhostsRSAAuthentication with older
-             servers.
+             tions.  The argument must be ``yes'' or ``no''.  The default is
+             ``no''.  If set to ``yes'' ssh must be setuid root.  Note that
+             this option must be set to ``yes'' for RhostsRSAAuthentication
+             with older servers.
 
      User    Specifies the user to log in as.  This can be useful when a dif-
              ferent user name is used on different machines.  This saves the
@@ -374,8 +416,15 @@ DESCRIPTION
 
      VerifyHostKeyDNS
              Specifies whether to verify the remote key using DNS and SSHFP
-             resource records.  The default is M-bM-^@M-^\noM-bM-^@M-^].  Note that this option
-             applies to protocol version 2 only.
+             resource records.  If this option is set to ``yes'', the client
+             will implicitly trust keys that match a secure fingerprint from
+             DNS.  Insecure fingerprints will be handled as if this option was
+             set to ``ask''.  If this option is set to ``ask'', information on
+             fingerprint match will be displayed, but the user will still need
+             to confirm new host keys according to the StrictHostKeyChecking
+             option.  The argument must be ``yes'', ``no'' or ``ask''.  The
+             default is ``no''.  Note that this option applies to protocol
+             version 2 only.
 
      XAuthLocation
              Specifies the full pathname of the xauth(1) program.  The default
@@ -386,12 +435,12 @@ FILES
              This is the per-user configuration file.  The format of this file
              is described above.  This file is used by the ssh client.  This
              file does not usually contain any sensitive information, but the
-             recommended permissions are read/write for the user, and not
-             accessible by others.
+             recommended permissions are read/write for the user, and not ac-
+             cessible by others.
 
      /etc/ssh/ssh_config
              Systemwide configuration file.  This file provides defaults for
-             those values that are not specified in the userM-bM-^@M-^Ys configuration
+             those values that are not specified in the user's configuration
              file, and for those users who do not have a configuration file.
              This file must be world-readable.
 
@@ -405,4 +454,4 @@ AUTHORS
      ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                             7
diff --git a/ssh_config.5 b/ssh_config.5
index 2ca7ce02f..25485f3da 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.20 2003/09/02 18:50:06 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -128,7 +128,7 @@ If set to
 .Dq yes ,
 passphrase/password querying will be disabled.
 In addition, the 
-.Cm ProtocolKeepAlives 
+.Cm ServerAliveInterval 
 and
 .Cm SetupTimeOut
 options will both be set to 300 seconds by default.
@@ -193,7 +193,6 @@ Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
 The default is
-.Pp
 .Bd -literal
   ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
     aes192-cbc,aes256-cbc''
@@ -267,6 +266,7 @@ or
 .Dq no .
 The default is
 .Dq no .
+This option should be placed in the non-hostspecific section.
 See
 .Xr ssh-keysign 8
 for more information.
@@ -313,9 +313,27 @@ The default is
 .Pp
 X11 forwarding should be enabled with caution.
 Users with the ability to bypass file permissions on the remote host
-(for the user's X authorization database)
+(for the user's X11 authorization database)
 can access the local X11 display through the forwarded connection.
-An attacker may then be able to perform activities such as keystroke monitoring.
+An attacker may then be able to perform activities such as keystroke monitoring
+if the
+.Cm ForwardX11Trusted
+option is also enabled.
+.It Cm ForwardX11Trusted
+If the this option is set to
+.Dq yes
+then remote X11 clients will have full access to the original X11 display.
+If this option is set to
+.Dq no
+then remote X11 clients will be considered untrusted and prevented
+from stealing or tampering with data belonging to trusted X11
+clients.
+.Pp
+The default is
+.Dq no .
+.Pp
+See the X11 SECURITY extension specification for full details on
+the restrictions imposed on untrusted clients.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to local
 forwarded ports.
@@ -339,11 +357,9 @@ Specifies a file to use for the global
 host key database instead of
 .Pa /etc/ssh/ssh_known_hosts .
 .It Cm GSSAPIAuthentication
-Specifies whether authentication based on GSSAPI may be used, either using
-the result of a successful key exchange, or using GSSAPI user
-authentication.
+Specifies whether user authentication based on GSSAPI is allowed.
 The default is
-.Dq yes .
+.Dq no .
 Note that this option applies to protocol version 2 only.
 .It Cm GSSAPIDelegateCredentials
 Forward (delegate) credentials to the server.
@@ -397,29 +413,6 @@ syntax to refer to a user's home directory.
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-This option only uses TCP keepalives (as opposed to using ssh level
-keepalives), so takes a long time to notice when the connection dies.
-As such, you probably want
-the
-.Cm ProtocolKeepAlives
-option as well.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the client will notice
-if the network goes down or the remote host dies.
-This is important in scripts, and many users want it too.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
@@ -495,14 +488,6 @@ This means that
 .Nm ssh
 tries version 2 and falls back to version 1
 if version 2 is not available.
-.It Cm ProtocolKeepAlives
-Specifies the interval in seconds at which IGNORE packets will be sent to
-the server during idle periods.
-Use this option in scripts to detect when the network fails.
-The argument must be an integer.
-The default is 0 (disabled), or 300 if the 
-.Cm BatchMode
-option is set.
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
@@ -574,6 +559,45 @@ running.
 The default is
 .Dq yes .
 Note that this option applies to protocol version 1 only.
+.It Cm ServerAliveInterval
+Sets a timeout interval in seconds after which if no data has been received
+from the server,
+.Nm ssh
+will send a message through the encrypted
+channel to request a response from the server.
+The default
+is 0, indicating that these messages will not be sent to the server,
+or 300 if the
+.Cm BatchMode
+option is set.
+This option applies to protocol version 2 only.
+.It Cm ServerAliveCountMax
+Sets the number of server alive messages (see above) which may be
+sent without
+.Nm ssh
+receiving any messages back from the server.
+If this threshold is reached while server alive messages are being sent,
+.Nm ssh
+will disconnect from the server, terminating the session.
+It is important to note that the use of server alive messages is very
+different from
+.Cm TCPKeepAlive
+(below).
+The server alive messages are sent through the encrypted channel
+and therefore will not be spoofable.
+The TCP keepalive option enabled by
+.Cm TCPKeepAlive
+is spoofable.
+The server alive mechanism is valuable when the client or
+server depend on knowing when a connection has become inactive.
+.Pp
+The default value is 3.
+If, for example,
+.Cm ServerAliveInterval
+(above) is set to 15, and
+.Cm ServerAliveCountMax
+is left at the default, if the server becomes unresponsive ssh
+will disconnect after approximately 45 seconds.
 .It Cm SetupTimeOut
 Normally,
 .Nm ssh
@@ -632,6 +656,29 @@ or
 .Dq ask .
 The default is
 .Dq ask .
+.It Cm TCPKeepAlive
+Specifies whether the system should send TCP keepalive messages to the
+other side.
+If they are sent, death of the connection or crash of one
+of the machines will be properly noticed.
+This option only uses TCP keepalives (as opposed to using ssh level
+keepalives), so takes a long time to notice when the connection dies.
+As such, you probably want
+the
+.Cm ServerAliveInterval
+option as well.
+However, this means that
+connections will die if the route is down temporarily, and some people
+find it annoying.
+.Pp
+The default is
+.Dq yes
+(to send TCP keepalive messages), and the client will notice
+if the network goes down or the remote host dies.
+This is important in scripts, and many users want it too.
+.Pp
+To disable TCP keepalive messages, the value should be set to
+.Dq no .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
@@ -661,6 +708,23 @@ host key database instead of
 .It Cm VerifyHostKeyDNS
 Specifies whether to verify the remote key using DNS and SSHFP resource
 records.
+If this option is set to
+.Dq yes ,
+the client will implicitly trust keys that match a secure fingerprint
+from DNS.
+Insecure fingerprints will be handled as if this option was set to
+.Dq ask .
+If this option is set to
+.Dq ask ,
+information on fingerprint match will be displayed, but the user will still
+need to confirm new host keys according to the
+.Cm StrictHostKeyChecking
+option.
+The argument must be
+.Dq yes ,
+.Dq no
+or
+.Dq ask .
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in
index 50e7771f9..0d29d49f1 100644
--- a/ssh_prng_cmds.in
+++ b/ssh_prng_cmds.in
@@ -2,10 +2,10 @@
 
 # Format is: "program-name args" path rate
 
-# The "rate" represents the number of bits of usuable entropy per 
+# The "rate" represents the number of bits of usuable entropy per
 # byte of command output. Be conservative.
 #
-# $Id: ssh_prng_cmds.in,v 1.8 2002/07/14 21:43:58 tim Exp $
+# $Id: ssh_prng_cmds.in,v 1.9 2003/11/21 12:48:56 djm Exp $
 
 "ls -alni /var/log"                     @PROG_LS@       0.02
 "ls -alni /var/adm"                     @PROG_LS@       0.02
diff --git a/sshconnect.c b/sshconnect.c
index 5c56f3178..e0d1a8c7e 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.156 2004/01/25 03:49:09 djm Exp $");
 
 #include <openssl/bn.h>
 
@@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
 #include "misc.h"
 #include "readpass.h"
 
-#ifdef DNS
 #include "dns.h"
-#endif
 
 char *client_version_string = NULL;
 char *server_version_string = NULL;
 
-#ifdef DNS
-int verified_host_key_dns = 0;
-#endif
+int matching_host_key_dns = 0;
 
 /* import */
 extern Options options;
@@ -63,6 +59,7 @@ static void banner_alarm_catch (int signum)
 }
 
 static int show_other_keys(const char *, Key *);
+static void warn_changed_key(Key *);
 
 /*
  * Connect to the given ssh server using a proxy command.
@@ -84,7 +81,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
          * Build the final command string in the buffer by making the
          * appropriate substitutions to the given proxy command.
          *
-         * Use "exec" to avoid "sh -c" processes on some platforms 
+         * Use "exec" to avoid "sh -c" processes on some platforms
          * (e.g. Solaris)
          */
         buffer_init(&command);
@@ -241,12 +238,12 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
         if (timeout <= 0)
                 return (connect(sockfd, serv_addr, addrlen));
 
-        if (fcntl(sockfd, F_SETFL, O_NONBLOCK) < 0)
-                return (-1);
-
+        set_nonblock(sockfd);
         rc = connect(sockfd, serv_addr, addrlen);
-        if (rc == 0)
+        if (rc == 0) {
+                unset_nonblock(sockfd);
                 return (0);
+        }
         if (errno != EINPROGRESS)
                 return (-1);
 
@@ -271,15 +268,15 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
                 break;
         case -1:
                 /* Select error */
-                debug("select: %s", strerror(errno));
+                debug("select: %s", strerror(errno));
                 break;
         case 1:
                 /* Completed or failed */
                 optval = 0;
                 optlen = sizeof(optval);
-                if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, 
+                if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval,
                     &optlen) == -1) {
-                        debug("getsockopt: %s", strerror(errno));
+                        debug("getsockopt: %s", strerror(errno));
                         break;
                 }
                 if (optval != 0) {
@@ -287,6 +284,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
                         break;
                 }
                 result = 0;
+                unset_nonblock(sockfd);
                 break;
         default:
                 /* Should not occur */
@@ -425,8 +423,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 
         debug("Connection established.");
 
-        /* Set keepalives if requested. */
-        if (options.keepalives &&
+        /* Set SO_KEEPALIVE if requested. */
+        if (options.tcp_keep_alive &&
             setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
             sizeof(on)) < 0)
                 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
@@ -598,7 +596,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
     int readonly, const char *user_hostfile, const char *system_hostfile)
 {
         Key *file_key;
-        char *type = key_type(host_key);
+        const char *type = key_type(host_key);
         char *ip = NULL;
         char hostline[1000], *hostp, *fp;
         HostStatus host_status;
@@ -762,9 +760,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                         /* The default */
                         fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
                         msg2[0] = '\0';
-#ifdef DNS
                         if (options.verify_host_key_dns) {
-                                if (verified_host_key_dns)
+                                if (matching_host_key_dns)
                                         snprintf(msg2, sizeof(msg2),
                                             "Matching host key fingerprint"
                                             " found in DNS.\n");
@@ -773,7 +770,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                                             "No matching host key fingerprint"
                                             " found in DNS.\n");
                         }
-#endif
                         snprintf(msg, sizeof(msg),
                             "The authenticity of host '%.200s (%s)' can't be "
                             "established%s\n"
@@ -823,20 +819,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                                 error("Offending key for IP in %s:%d", ip_file, ip_line);
                 }
                 /* The host key has changed. */
-                fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
-                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-                error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
-                error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-                error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
-                error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
-                error("It is also possible that the %s host key has just been changed.", type);
-                error("The fingerprint for the %s key sent by the remote host is\n%s.",
-                    type, fp);
-                error("Please contact your system administrator.");
+                warn_changed_key(host_key);
                 error("Add correct host key in %.100s to get rid of this message.",
                     user_hostfile);
                 error("Offending key in %s:%d", host_file, host_line);
-                xfree(fp);
 
                 /*
                  * If strict host key checking is in use, the user will have
@@ -939,27 +925,27 @@ int
 verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 {
         struct stat st;
+        int flags = 0;
 
-#ifdef DNS
-        if (options.verify_host_key_dns) {
-                switch(verify_host_key_dns(host, hostaddr, host_key)) {
-                case DNS_VERIFY_OK:
-#ifdef DNSSEC
-                        return 0;
-#else
-                        verified_host_key_dns = 1;
-                        break;
-#endif
-                case DNS_VERIFY_FAILED:
-                        return -1;
-                case DNS_VERIFY_ERROR:
-                        break;
-                default:
-                        debug3("bad return value from verify_host_key_dns");
-                        break;
+        if (options.verify_host_key_dns &&
+            verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
+
+                if (flags & DNS_VERIFY_FOUND) {
+
+                        if (options.verify_host_key_dns == 1 &&
+                            flags & DNS_VERIFY_MATCH &&
+                            flags & DNS_VERIFY_SECURE)
+                                return 0;
+
+                        if (flags & DNS_VERIFY_MATCH) {
+                                matching_host_key_dns = 1;
+                        } else {
+                                warn_changed_key(host_key);
+                                error("Update the SSHFP RR in DNS with the new "
+                                    "host key to get rid of this message.");
+                        }
                 }
         }
-#endif /* DNS */
 
         /* return ok if the key can be found in an old keyfile */
         if (stat(options.system_hostfile2, &st) == 0 ||
@@ -1085,3 +1071,24 @@ show_other_keys(const char *host, Key *key)
         }
         return (found);
 }
+
+static void
+warn_changed_key(Key *host_key)
+{
+        char *fp;
+        const char *type = key_type(host_key);
+
+        fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+
+        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+        error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
+        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+        error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
+        error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
+        error("It is also possible that the %s host key has just been changed.", type);
+        error("The fingerprint for the %s key sent by the remote host is\n%s.",
+            type, fp);
+        error("Please contact your system administrator.");
+
+        xfree(fp);
+}
diff --git a/sshconnect2.c b/sshconnect2.c
index 933c223ec..3a218113c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.124 2003/08/25 10:33:33 djm Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -222,7 +222,7 @@ static char *authmethods_get(void);
 
 Authmethod authmethods[] = {
 #ifdef GSSAPI
-        {"gssapi",
+        {"gssapi-with-mic",
                 userauth_gssapi,
                 &options.gss_authentication,
                 NULL},
@@ -358,10 +358,12 @@ void
 input_userauth_banner(int type, u_int32_t seq, void *ctxt)
 {
         char *msg, *lang;
+
         debug3("input_userauth_banner");
         msg = packet_get_string(NULL);
         lang = packet_get_string(NULL);
-        logit("%s", msg);
+        if (options.log_level > SYSLOG_LEVEL_QUIET)
+                fprintf(stderr, "%s", msg);
         xfree(msg);
         xfree(lang);
 }
@@ -372,10 +374,14 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
         Authctxt *authctxt = ctxt;
         if (authctxt == NULL)
                 fatal("input_userauth_success: no authentication context");
-        if (authctxt->authlist)
+        if (authctxt->authlist) {
                 xfree(authctxt->authlist);
-        if (authctxt->methoddata)
+                authctxt->authlist = NULL;
+        }
+        if (authctxt->methoddata) {
                 xfree(authctxt->methoddata);
+                authctxt->methoddata = NULL;
+        }
         authctxt->success = 1;                  /* break out */
 }
 
@@ -447,7 +453,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
         debug2("input_userauth_pk_ok: fp %s", fp);
         xfree(fp);
 
-        TAILQ_FOREACH(id, &authctxt->keys, next) {
+        /*
+         * search keys in the reverse order, because last candidate has been
+         * moved to the end of the queue.  this also avoids confusion by
+         * duplicate keys
+         */
+        TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) {
                 if (key_equal(key, id->key)) {
                         sent = sign_and_send_pubkey(authctxt, id);
                         break;
@@ -465,11 +476,11 @@ done:
 }
 
 #ifdef GSSAPI
-int 
+int
 userauth_gssapi(Authctxt *authctxt)
 {
         Gssctxt *gssctxt = NULL;
-        static gss_OID_set supported = NULL;
+        static gss_OID_set gss_supported = NULL;
         static int mech = 0;
         OM_uint32 min;
         int ok = 0;
@@ -477,18 +488,18 @@ userauth_gssapi(Authctxt *authctxt)
         /* Try one GSSAPI method at a time, rather than sending them all at
          * once. */
 
-        if (supported == NULL)
-                gss_indicate_mechs(&min, &supported);
+        if (gss_supported == NULL)
+                gss_indicate_mechs(&min, &gss_supported);
 
         /* Check to see if the mechanism is usable before we offer it */
-        while (mech<supported->count && !ok) {
+        while (mech < gss_supported->count && !ok) {
                 if (gssctxt)
                         ssh_gssapi_delete_ctx(&gssctxt);
                 ssh_gssapi_build_ctx(&gssctxt);
-                ssh_gssapi_set_oid(gssctxt, &supported->elements[mech]);
+                ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]);
 
                 /* My DER encoding requires length<128 */
-                if (supported->elements[mech].length < 128 &&
+                if (gss_supported->elements[mech].length < 128 &&
                     !GSS_ERROR(ssh_gssapi_import_name(gssctxt,
                     authctxt->host))) {
                         ok = 1; /* Mechanism works */
@@ -508,17 +519,11 @@ userauth_gssapi(Authctxt *authctxt)
 
         packet_put_int(1);
 
-        /* Some servers encode the OID incorrectly (as we used to) */
-        if (datafellows & SSH_BUG_GSSAPI_BER) {
-                packet_put_string(supported->elements[mech].elements,
-                    supported->elements[mech].length);
-        } else {
-                packet_put_int((supported->elements[mech].length)+2);
-                packet_put_char(SSH_GSS_OIDTYPE);
-                packet_put_char(supported->elements[mech].length);
-                packet_put_raw(supported->elements[mech].elements,
-                    supported->elements[mech].length);
-        }
+        packet_put_int((gss_supported->elements[mech].length) + 2);
+        packet_put_char(SSH_GSS_OIDTYPE);
+        packet_put_char(gss_supported->elements[mech].length);
+        packet_put_raw(gss_supported->elements[mech].elements,
+            gss_supported->elements[mech].length);
 
         packet_send();
 
@@ -532,15 +537,66 @@ userauth_gssapi(Authctxt *authctxt)
         return 1;
 }
 
+static OM_uint32
+process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
+{
+        Authctxt *authctxt = ctxt;
+        Gssctxt *gssctxt = authctxt->methoddata;
+        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+        gss_buffer_desc gssbuf, mic;
+        OM_uint32 status, ms, flags;
+        Buffer b;
+
+        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
+            recv_tok, &send_tok, &flags);
+
+        if (send_tok.length > 0) {
+                if (GSS_ERROR(status))
+                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+                else
+                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
+
+                packet_put_string(send_tok.value, send_tok.length);
+                packet_send();
+                gss_release_buffer(&ms, &send_tok);
+        }
+
+        if (status == GSS_S_COMPLETE) {
+                /* send either complete or MIC, depending on mechanism */
+                if (!(flags & GSS_C_INTEG_FLAG)) {
+                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
+                        packet_send();
+                } else {
+                        ssh_gssapi_buildmic(&b, authctxt->server_user,
+                            authctxt->service, "gssapi-with-mic");
+
+                        gssbuf.value = buffer_ptr(&b);
+                        gssbuf.length = buffer_len(&b);
+
+                        status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
+
+                        if (!GSS_ERROR(status)) {
+                                packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC);
+                                packet_put_string(mic.value, mic.length);
+
+                                packet_send();
+                        }
+
+                        buffer_free(&b);
+                        gss_release_buffer(&ms, &mic);
+                }
+        }
+
+        return status;
+}
+
 void
 input_gssapi_response(int type, u_int32_t plen, void *ctxt)
 {
         Authctxt *authctxt = ctxt;
         Gssctxt *gssctxt;
-        OM_uint32 status, ms;
         int oidlen;
         char *oidv;
-        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
@@ -549,94 +605,55 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
         /* Setup our OID */
         oidv = packet_get_string(&oidlen);
 
-        if (datafellows & SSH_BUG_GSSAPI_BER) {
-                if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen))
-                        fatal("Server returned different OID than expected");
-        } else {
-                if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) {
-                        debug("Badly encoded mechanism OID received");
-                        userauth(authctxt, NULL);
-                        xfree(oidv);
-                        return;
-                }
-                if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2))
-                        fatal("Server returned different OID than expected");
+        if (oidlen <= 2 ||
+            oidv[0] != SSH_GSS_OIDTYPE ||
+            oidv[1] != oidlen - 2) {
+                xfree(oidv);
+                debug("Badly encoded mechanism OID received");
+                userauth(authctxt, NULL);
+                return;
         }
 
+        if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2))
+                fatal("Server returned different OID than expected");
+
         packet_check_eom();
 
         xfree(oidv);
 
-        status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-            GSS_C_NO_BUFFER, &send_tok, NULL);
-        if (GSS_ERROR(status)) {
-                if (send_tok.length > 0) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
-                        packet_put_string(send_tok.value, send_tok.length);
-                        packet_send();
-                        gss_release_buffer(&ms, &send_tok);
-                }
+        if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) {
                 /* Start again with next method on list */
                 debug("Trying to start again");
                 userauth(authctxt, NULL);
                 return;
         }
-
-        /* We must have data to send */
-        packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
-        packet_put_string(send_tok.value, send_tok.length);
-        packet_send();
-        gss_release_buffer(&ms, &send_tok);
 }
 
 void
 input_gssapi_token(int type, u_int32_t plen, void *ctxt)
 {
         Authctxt *authctxt = ctxt;
-        Gssctxt *gssctxt;
-        gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
         gss_buffer_desc recv_tok;
-        OM_uint32 status, ms;
+        OM_uint32 status;
         u_int slen;
 
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
-        gssctxt = authctxt->methoddata;
 
         recv_tok.value = packet_get_string(&slen);
         recv_tok.length = slen; /* safe typecast */
 
         packet_check_eom();
 
-        status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
-            &recv_tok, &send_tok, NULL);
+        status = process_gssapi_token(ctxt, &recv_tok);
 
         xfree(recv_tok.value);
 
         if (GSS_ERROR(status)) {
-                if (send_tok.length > 0) {
-                        packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
-                        packet_put_string(send_tok.value, send_tok.length);
-                        packet_send();
-                        gss_release_buffer(&ms, &send_tok);
-                }
                 /* Start again with the next method in the list */
                 userauth(authctxt, NULL);
                 return;
         }
-
-        if (send_tok.length > 0) {
-                packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
-                packet_put_string(send_tok.value, send_tok.length);
-                packet_send();
-                gss_release_buffer(&ms, &send_tok);
-        }
-
-        if (status == GSS_S_COMPLETE) {
-                /* If that succeeded, send a exchange complete message */
-                packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
-                packet_send();
-        }
 }
 
 void
@@ -1016,7 +1033,7 @@ pubkey_prepare(Authctxt *authctxt)
                     key = ssh_get_next_identity(ac, &comment, 2)) {
                         found = 0;
                         TAILQ_FOREACH(id, &files, next) {
-                                /* agent keys from the config file are preferred */ 
+                                /* agent keys from the config file are preferred */
                                 if (key_equal(key, id->key)) {
                                         key_free(key);
                                         xfree(comment);
@@ -1080,6 +1097,7 @@ userauth_pubkey(Authctxt *authctxt)
         while ((id = TAILQ_FIRST(&authctxt->keys))) {
                 if (id->tried++)
                         return (0);
+                /* move key to the end of the queue */
                 TAILQ_REMOVE(&authctxt->keys, id, next);
                 TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
                 /*
@@ -1244,11 +1262,12 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
         buffer_init(&b);
         buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
         buffer_put_string(&b, data, datalen);
-        ssh_msg_send(to[1], version, &b);
+        if (ssh_msg_send(to[1], version, &b) == -1)
+                fatal("ssh_keysign: couldn't send request");
 
         if (ssh_msg_recv(from[0], &b) < 0) {
                 error("ssh_keysign: no reply");
-                buffer_clear(&b);
+                buffer_free(&b);
                 return -1;
         }
         close(from[0]);
@@ -1260,11 +1279,11 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
 
         if (buffer_get_char(&b) != version) {
                 error("ssh_keysign: bad version");
-                buffer_clear(&b);
+                buffer_free(&b);
                 return -1;
         }
         *sigp = buffer_get_string(&b, lenp);
-        buffer_clear(&b);
+        buffer_free(&b);
 
         return 0;
 }
diff --git a/sshd.0 b/sshd.0
index 937e35906..339d872b9 100644
--- a/sshd.0
+++ b/sshd.0
@@ -1,10 +1,10 @@
-SSHD(8)                   BSD System ManagerM-bM-^@M-^Ys Manual                  SSHD(8)
+SSHD(8)                 OpenBSD System Manager's Manual                SSHD(8)
 
 NAME
      sshd - OpenSSH SSH daemon
 
 SYNOPSIS
-     sshd [-deiqtD46] [-b bits] [-f config_file] [-g login_grace_time]
+     sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]
           [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
 
 DESCRIPTION
@@ -14,8 +14,8 @@ DESCRIPTION
      intended to be as easy to install and use as possible.
 
      sshd is the daemon that listens for connections from clients.  It is nor-
-     mally started at boot from /etc/rc.  It forks a new daemon for each
-     incoming connection.  The forked daemons handle key exchange, encryption,
+     mally started at boot from /etc/rc.  It forks a new daemon for each in-
+     coming connection.  The forked daemons handle key exchange, encryption,
      authentication, command execution, and data exchange.  This implementa-
      tion of sshd supports both SSH protocol version 1 and 2 simultaneously.
      sshd works as follows:
@@ -23,15 +23,15 @@ DESCRIPTION
    SSH protocol version 1
      Each host has a host-specific RSA key (normally 1024 bits) used to iden-
      tify the host.  Additionally, when the daemon starts, it generates a
-     server RSA key (normally 768 bits).  This key is normally regenerated
-     every hour if it has been used, and is never stored on disk.
+     server RSA key (normally 768 bits).  This key is normally regenerated ev-
+     ery hour if it has been used, and is never stored on disk.
 
      Whenever a client connects, the daemon responds with its public host and
      server keys.  The client compares the RSA host key against its own
      database to verify that it has not changed.  The client then generates a
-     256 bit random number.  It encrypts this random number using both the
-     host key and the server key, and sends the encrypted number to the
-     server.  Both sides then use this random number as a session key which is
+     256-bit random number.  It encrypts this random number using both the
+     host key and the server key, and sends the encrypted number to the serv-
+     er.  Both sides then use this random number as a session key which is
      used to encrypt all further communications in the session.  The rest of
      the session is encrypted using a conventional cipher, currently Blowfish
      or 3DES, with 3DES being used by default.  The client selects the encryp-
@@ -39,21 +39,21 @@ DESCRIPTION
 
      Next, the server and the client enter an authentication dialog.  The
      client tries to authenticate itself using .rhosts authentication, .rhosts
-     authentication combined with RSA host authentication, RSA challenge-
-     response authentication, or password based authentication.
+     authentication combined with RSA host authentication, RSA challenge-re-
+     sponse authentication, or password based authentication.
 
      Regardless of the authentication type, the account is checked to ensure
      that it is accessible.  An account is not accessible if it is locked,
      listed in DenyUsers or its group is listed in DenyGroups .  The defini-
      tion of a locked account is system dependant. Some platforms have their
-     own account database (eg AIX) and some modify the passwd field ( M-bM-^@M-^X*LK*M-bM-^@M-^Y
-     on Solaris, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on Tru64 and a leading
-     M-bM-^@M-^X!!M-bM-^@M-^Y on Linux).  If there is a requirement to disable password authenti-
+     own account database (eg AIX) and some modify the passwd field ( `*LK*'
+     on Solaris, `*' on HP-UX, containing `Nologin' on Tru64 and a leading
+     `!!' on Linux).  If there is a requirement to disable password authenti-
      cation for the account while allowing still public-key, then the passwd
-     field should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or
-     M-bM-^@M-^X*NP*M-bM-^@M-^Y ).
+     field should be set to something other than these values (eg `NP' or
+     `*NP*' ).
 
-     Rhosts authentication is normally disabled because it is fundamentally
+     rhosts authentication is normally disabled because it is fundamentally
      insecure, but can be enabled in the server configuration file if desired.
      System security is not improved unless rshd, rlogind, and rexecd are dis-
      abled (thus completely disabling rlogin and rsh into the machine).
@@ -66,11 +66,10 @@ DESCRIPTION
      key.
 
      The rest of the session is encrypted using a symmetric cipher, currently
-     128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit
-     AES.  The client selects the encryption algorithm to use from those
-     offered by the server.  Additionally, session integrity is provided
-     through a cryptographic message authentication code (hmac-sha1 or hmac-
-     md5).
+     128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit
+     AES.  The client selects the encryption algorithm to use from those of-
+     fered by the server.  Additionally, session integrity is provided through
+     a cryptographic message authentication code (hmac-sha1 or hmac-md5).
 
      Protocol version 2 provides a public key based user (PubkeyAuthentica-
      tion) or client host (HostbasedAuthentication) authentication method,
@@ -93,9 +92,9 @@ DESCRIPTION
      tions have been closed, the server sends command exit status to the
      client, and both sides exit.
 
-     sshd can be configured using command-line options or a configuration
-     file.  Command-line options override values specified in the configura-
-     tion file.
+     sshd can be configured using command-line options or a configuration file
+     (by default sshd_config(5)).  Command-line options override values speci-
+     fied in the configuration file.
 
      sshd rereads its configuration file when it receives a hangup signal,
      SIGHUP, by executing itself with the name it was started as, i.e.,
@@ -103,15 +102,22 @@ DESCRIPTION
 
      The options are as follows:
 
+     -4      Forces sshd to use IPv4 addresses only.
+
+     -6      Forces sshd to use IPv6 addresses only.
+
      -b bits
              Specifies the number of bits in the ephemeral protocol version 1
              server key (default 768).
 
+     -D      When this option is specified, sshd will not detach and does not
+             become a daemon.  This allows easy monitoring of sshd.
+
      -d      Debug mode.  The server sends verbose debug output to the system
              log, and does not put itself in the background.  The server also
              will not fork and will only process one connection.  This option
-             is only intended for debugging for the server.  Multiple -d
-             options increase the debugging level.  Maximum is 3.
+             is only intended for debugging for the server.  Multiple -d op-
+             tions increase the debugging level.  Maximum is 3.
 
      -e      When this option is specified, sshd will send the output to the
              standard error instead of the system log.
@@ -122,10 +128,10 @@ DESCRIPTION
              figuration file.
 
      -g login_grace_time
-             Gives the grace time for clients to authenticate themselves
-             (default 120 seconds).  If the client fails to authenticate the
-             user within this many seconds, the server disconnects and exits.
-             A value of zero indicates no limit.
+             Gives the grace time for clients to authenticate themselves (de-
+             fault 120 seconds).  If the client fails to authenticate the user
+             within this many seconds, the server disconnects and exits.  A
+             value of zero indicates no limit.
 
      -h host_key_file
              Specifies a file from which a host key is read.  This option must
@@ -139,23 +145,24 @@ DESCRIPTION
      -i      Specifies that sshd is being run from inetd(8).  sshd is normally
              not run from inetd because it needs to generate the server key
              before it can respond to the client, and this may take tens of
-             seconds.  Clients would have to wait too long if the key was
-             regenerated every time.  However, with small key sizes (e.g.,
-             512) using sshd from inetd may be feasible.
+             seconds.  Clients would have to wait too long if the key was re-
+             generated every time.  However, with small key sizes (e.g., 512)
+             using sshd from inetd may be feasible.
 
      -k key_gen_time
              Specifies how often the ephemeral protocol version 1 server key
              is regenerated (default 3600 seconds, or one hour).  The motiva-
              tion for regenerating the key fairly often is that the key is not
-             stored anywhere, and after about an hour, it becomes impossible
-             to recover the key for decrypting intercepted communications even
-             if the machine is cracked into or physically seized.  A value of
-             zero indicates that the key will never be regenerated.
+             stored anywhere, and after about an hour it becomes impossible to
+             recover the key for decrypting intercepted communications even if
+             the machine is cracked into or physically seized.  A value of ze-
+             ro indicates that the key will never be regenerated.
 
      -o option
              Can be used to give options in the format used in the configura-
              tion file.  This is useful for specifying options for which there
-             is no separate command-line flag.
+             is no separate command-line flag.  For full details of the op-
+             tions, and their values, see sshd_config(5).
 
      -p port
              Specifies the port on which the server listens for connections
@@ -163,8 +170,8 @@ DESCRIPTION
              fied in the configuration file are ignored when a command-line
              port is specified.
 
-     -q      Quiet mode.  Nothing is sent to the system log.  Normally the
-             beginning, authentication, and termination of each connection is
+     -q      Quiet mode.  Nothing is sent to the system log.  Normally the be-
+             ginning, authentication, and termination of each connection is
              logged.
 
      -t      Test mode.  Only check the validity of the configuration file and
@@ -179,19 +186,12 @@ DESCRIPTION
              indicates that only dotted decimal addresses should be put into
              the utmp file.  -u0 may also be used to prevent sshd from making
              DNS requests unless the authentication mechanism or configuration
-             requires it.  Authentication mechanisms that may require DNS
-             include RhostsRSAAuthentication, HostbasedAuthentication and
-             using a from="pattern-list" option in a key file.  Configuration
-             options that require DNS include using a USER@HOST pattern in
+             requires it.  Authentication mechanisms that may require DNS in-
+             clude RhostsRSAAuthentication, HostbasedAuthentication and using
+             a from="pattern-list" option in a key file.  Configuration op-
+             tions that require DNS include using a USER@HOST pattern in
              AllowUsers or DenyUsers.
 
-     -D      When this option is specified sshd will not detach and does not
-             become a daemon.  This allows easy monitoring of sshd.
-
-     -4      Forces sshd to use IPv4 addresses only.
-
-     -6      Forces sshd to use IPv6 addresses only.
-
 CONFIGURATION FILE
      sshd reads configuration data from /etc/ssh/sshd_config (or the file
      specified with -f on the command line).  The file format and configura-
@@ -214,18 +214,18 @@ LOGIN PROCESS
 
            5.   Sets up basic environment.
 
-           6.   Reads $HOME/.ssh/environment if it exists and users are
-                allowed to change their environment.  See the
+           6.   Reads the file $HOME/.ssh/environment, if it exists, and users
+                are allowed to change their environment.  See the
                 PermitUserEnvironment option in sshd_config(5).
 
-           7.   Changes to userM-bM-^@M-^Ys home directory.
+           7.   Changes to user's home directory.
 
-           8.   If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc
-                exists, runs it; otherwise runs xauth.  The M-bM-^@M-^\rcM-bM-^@M-^] files are
+           8.   If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc ex-
+                ists, runs it; otherwise runs xauth.  The ``rc'' files are
                 given the X11 authentication protocol and cookie in standard
                 input.
 
-           9.   Runs userM-bM-^@M-^Ys shell or command.
+           9.   Runs user's shell or command.
 
 AUTHORIZED_KEYS FILE FORMAT
      $HOME/.ssh/authorized_keys is the default file that lists the public keys
@@ -234,7 +234,7 @@ AUTHORIZED_KEYS FILE FORMAT
      AuthorizedKeysFile may be used to specify an alternative file.
 
      Each line of the file contains one key (empty lines and lines starting
-     with a M-bM-^@M-^X#M-bM-^@M-^Y are ignored as comments).  Each RSA public key consists of the
+     with a `#' are ignored as comments).  Each RSA public key consists of the
      following fields, separated by spaces: options, bits, exponent, modulus,
      comment.  Each protocol version 2 public key consists of: options, key-
      type, base64 encoded key, comment.  The options field is optional; its
@@ -242,11 +242,11 @@ AUTHORIZED_KEYS FILE FORMAT
      (the options field never starts with a number).  The bits, exponent, mod-
      ulus and comment fields give the RSA key for protocol version 1; the com-
      ment field is not used for anything (but may be convenient for the user
-     to identify the key).  For protocol version 2 the keytype is M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
-     M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
+     to identify the key).  For protocol version 2 the keytype is ``ssh-dss''
+     or ``ssh-rsa''.
 
-     Note that lines in this file are usually several hundred bytes long
-     (because of the size of the public key encoding).  You donM-bM-^@M-^Yt want to type
+     Note that lines in this file are usually several hundred bytes long (be-
+     cause of the size of the public key encoding).  You don't want to type
      them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub
      file and edit it.
 
@@ -261,31 +261,31 @@ AUTHORIZED_KEYS FILE FORMAT
      from="pattern-list"
              Specifies that in addition to public key authentication, the
              canonical name of the remote host must be present in the comma-
-             separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y serve as wildcards).  The
+             separated list of patterns (`*' and `?' serve as wildcards).  The
              list may also contain patterns negated by prefixing them with
-             M-bM-^@M-^X!M-bM-^@M-^Y; if the canonical host name matches a negated pattern, the
+             `!'; if the canonical host name matches a negated pattern, the
              key is not accepted.  The purpose of this option is to optionally
              increase security: public key authentication by itself does not
              trust the network or name servers or anything (but the key); how-
-             ever, if somebody somehow steals the key, the key permits an
-             intruder to log in from anywhere in the world.  This additional
-             option makes using a stolen key more difficult (name servers
-             and/or routers would have to be compromised in addition to just
-             the key).
+             ever, if somebody somehow steals the key, the key permits an in-
+             truder to log in from anywhere in the world.  This additional op-
+             tion makes using a stolen key more difficult (name servers and/or
+             routers would have to be compromised in addition to just the
+             key).
 
      command="command"
              Specifies that the command is executed whenever this key is used
              for authentication.  The command supplied by the user (if any) is
              ignored.  The command is run on a pty if the client requests a
              pty; otherwise it is run without a tty.  If an 8-bit clean chan-
-             nel is required, one must not request a pty or should specify
-             no-pty.  A quote may be included in the command by quoting it
-             with a backslash.  This option might be useful to restrict cer-
-             tain public keys to perform just a specific operation.  An exam-
-             ple might be a key that permits remote backups but nothing else.
-             Note that the client may specify TCP/IP and/or X11 forwarding
-             unless they are explicitly prohibited.  Note that this option
-             applies to shell, command or subsystem execution.
+             nel is required, one must not request a pty or should specify no-
+             pty.  A quote may be included in the command by quoting it with a
+             backslash.  This option might be useful to restrict certain pub-
+             lic keys to perform just a specific operation.  An example might
+             be a key that permits remote backups but nothing else.  Note that
+             the client may specify TCP/IP and/or X11 forwarding unless they
+             are explicitly prohibited.  Note that this option applies to
+             shell, command or subsystem execution.
 
      environment="NAME=value"
              Specifies that the string is to be added to the environment when
@@ -297,8 +297,8 @@ AUTHORIZED_KEYS FILE FORMAT
 
      no-port-forwarding
              Forbids TCP/IP forwarding when this key is used for authentica-
-             tion.  Any port forward requests by the client will return an
-             error.  This might be used, e.g., in connection with the command
+             tion.  Any port forward requests by the client will return an er-
+             ror.  This might be used, e.g., in connection with the command
              option.
 
      no-X11-forwarding
@@ -312,45 +312,45 @@ AUTHORIZED_KEYS FILE FORMAT
      no-pty  Prevents tty allocation (a request to allocate a pty will fail).
 
      permitopen="host:port"
-             Limit local M-bM-^@M-^XM-bM-^@M-^Xssh -LM-bM-^@M-^YM-bM-^@M-^Y port forwarding such that it may only con-
+             Limit local ``ssh -L'' port forwarding such that it may only con-
              nect to the specified host and port.  IPv6 addresses can be spec-
              ified with an alternative syntax: host/port.  Multiple permitopen
              options may be applied separated by commas.  No pattern matching
-             is performed on the specified hostnames, they must be literal
-             domains or addresses.
+             is performed on the specified hostnames, they must be literal do-
+             mains or addresses.
 
    Examples
      1024 33 12121...312314325 ylo@foo.bar
 
      from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
 
-     command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323
-     backup.hut.fi
+     command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 back-
+     up.hut.fi
 
      permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
 
 SSH_KNOWN_HOSTS FILE FORMAT
      The /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts files contain
      host public keys for all known hosts.  The global file should be prepared
-     by the administrator (optional), and the per-user file is maintained
-     automatically: whenever the user connects from an unknown host its key is
+     by the administrator (optional), and the per-user file is maintained au-
+     tomatically: whenever the user connects from an unknown host its key is
      added to the per-user file.
 
      Each line in these files contains the following fields: hostnames, bits,
      exponent, modulus, comment.  The fields are separated by spaces.
 
-     Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as wild-
+     Hostnames is a comma-separated list of patterns (`*' and `?' act as wild-
      cards); each pattern in turn is matched against the canonical host name
      (when authenticating a client) or against the user-supplied name (when
-     authenticating a server).  A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to indi-
-     cate negation: if the host name matches a negated pattern, it is not
-     accepted (by that line) even if it matched another pattern on the line.
+     authenticating a server).  A pattern may also be preceded by `!' to indi-
+     cate negation: if the host name matches a negated pattern, it is not ac-
+     cepted (by that line) even if it matched another pattern on the line.
 
      Bits, exponent, and modulus are taken directly from the RSA host key;
      they can be obtained, e.g., from /etc/ssh/ssh_host_key.pub.  The optional
      comment field continues to the end of the line, and is not used.
 
-     Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments.
+     Lines starting with `#' and empty lines are ignored as comments.
 
      When performing host authentication, authentication is accepted if any
      matching line has the proper key.  It is thus permissible (but not recom-
@@ -361,11 +361,12 @@ SSH_KNOWN_HOSTS FILE FORMAT
      be found from either file.
 
      Note that the lines in these files are typically hundreds of characters
-     long, and you definitely donM-bM-^@M-^Yt want to type in the host keys by hand.
+     long, and you definitely don't want to type in the host keys by hand.
      Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub
      and adding the host names at the front.
 
    Examples
+
      closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
      cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 
@@ -409,15 +410,15 @@ FILES
 
      $HOME/.ssh/authorized_keys
              Lists the public keys (RSA or DSA) that can be used to log into
-             the userM-bM-^@M-^Ys account.  This file must be readable by root (which
-             may on some machines imply it being world-readable if the userM-bM-^@M-^Ys
+             the user's account.  This file must be readable by root (which
+             may on some machines imply it being world-readable if the user's
              home directory resides on an NFS volume).  It is recommended that
-             it not be accessible by others.  The format of this file is
-             described above.  Users will place the contents of their
+             it not be accessible by others.  The format of this file is de-
+             scribed above.  Users will place the contents of their
              identity.pub, id_dsa.pub and/or id_rsa.pub files into this file,
              as described in ssh-keygen(1).
 
-     /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts
+     /etc/ssh/ssh_known_hosts, $HOME/.ssh/known_hosts
              These files are consulted when using rhosts with RSA host authen-
              tication or protocol version 2 hostbased authentication to check
              the public key of the host.  The key must be listed in one of
@@ -434,8 +435,8 @@ FILES
              world-readable.
 
      /etc/hosts.allow, /etc/hosts.deny
-             Access controls that should be enforced by tcp-wrappers are
-             defined here.  Further details are described in hosts_access(5).
+             Access controls that should be enforced by tcp-wrappers are de-
+             fined here.  Further details are described in hosts_access(5).
 
      $HOME/.rhosts
              This file contains host-username pairs, separated by a space, one
@@ -444,7 +445,7 @@ FILES
              and rshd.  The file must be writable only by the user; it is rec-
              ommended that it not be accessible by others.
 
-             If is also possible to use netgroups in the file.  Either host or
+             It is also possible to use netgroups in the file.  Either host or
              user name may be of the form +@groupname to specify all hosts or
              all users in the group.
 
@@ -454,28 +455,27 @@ FILES
              access using SSH only.
 
      /etc/hosts.equiv
-             This file is used during .rhosts authentication.  In the simplest
+             This file is used during rhosts authentication.  In the simplest
              form, this file contains host names, one per line.  Users on
              those hosts are permitted to log in without a password, provided
              they have the same user name on both machines.  The host name may
              also be followed by a user name; such users are permitted to log
              in as any user on this machine (except root).  Additionally, the
-             syntax M-bM-^@M-^\+@groupM-bM-^@M-^] can be used to specify netgroups.  Negated
-             entries start with M-bM-^@M-^X-M-bM-^@M-^Y.
+             syntax ``+@group'' can be used to specify netgroups.  Negated en-
+             tries start with `-'.
 
-             If the client host/user is successfully matched in this file,
-             login is automatically permitted provided the client and server
-             user names are the same.  Additionally, successful RSA host
-             authentication is normally required.  This file must be writable
-             only by root; it is recommended that it be world-readable.
+             If the client host/user is successfully matched in this file, lo-
+             gin is automatically permitted provided the client and server us-
+             er names are the same.  Additionally, successful RSA host authen-
+             tication is normally required.  This file must be writable only
+             by root; it is recommended that it be world-readable.
 
              Warning: It is almost never a good idea to use user names in
              hosts.equiv.  Beware that it really means that the named user(s)
              can log in as anybody, which includes bin, daemon, adm, and other
-             accounts that own critical binaries and directories.  Using a
-             user name practically grants the user root access.  The only
-             valid use for user names that I can think of is in negative
-             entries.
+             accounts that own critical binaries and directories.  Using a us-
+             er name practically grants the user root access.  The only valid
+             use for user names that I can think of is in negative entries.
 
              Note that this warning also applies to rsh/rlogin.
 
@@ -487,33 +487,33 @@ FILES
      $HOME/.ssh/environment
              This file is read into the environment at login (if it exists).
              It can only contain empty lines, comment lines (that start with
-             M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value.  The file
+             `#'), and assignment lines of the form name=value.  The file
              should be writable only by the user; it need not be readable by
              anyone else.  Environment processing is disabled by default and
              is controlled via the PermitUserEnvironment option.
 
      $HOME/.ssh/rc
-             If this file exists, it is run with /bin/sh after reading the
-             environment files but before starting the userM-bM-^@M-^Ys shell or com-
-             mand.  It must not produce any output on stdout; stderr must be
-             used instead.  If X11 forwarding is in use, it will receive the
-             "proto cookie" pair in its standard input (and DISPLAY in its
-             environment).  The script must call xauth(1) because sshd will
-             not run xauth automatically to add X11 cookies.
+             If this file exists, it is run with /bin/sh after reading the en-
+             vironment files but before starting the user's shell or command.
+             It must not produce any output on stdout; stderr must be used in-
+             stead.  If X11 forwarding is in use, it will receive the "proto
+             cookie" pair in its standard input (and DISPLAY in its environ-
+             ment).  The script must call xauth(1) because sshd will not run
+             xauth automatically to add X11 cookies.
 
              The primary purpose of this file is to run any initialization
-             routines which may be needed before the userM-bM-^@M-^Ys home directory
-             becomes accessible; AFS is a particular example of such an envi-
-             ronment.
+             routines which may be needed before the user's home directory be-
+             comes accessible; AFS is a particular example of such an environ-
+             ment.
 
              This file will probably contain some initialization code followed
              by something similar to:
 
              if read proto cookie && [ -n "$DISPLAY" ]; then
-                     if [ M-bM-^@M-^Xecho $DISPLAY | cut -c1-10M-bM-^@M-^X = M-bM-^@M-^Ylocalhost:M-bM-^@M-^Y ]; then
+                     if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
                              # X11UseLocalhost=yes
-                             echo add unix:M-bM-^@M-^Xecho $DISPLAY |
-                                 cut -c11-M-bM-^@M-^X $proto $cookie
+                             echo add unix:`echo $DISPLAY |
+                                 cut -c11-` $proto $cookie
                      else
                              # X11UseLocalhost=no
                              echo add $DISPLAY $proto $cookie
@@ -533,7 +533,8 @@ FILES
 
 SEE ALSO
      scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
-     login.conf(5), moduli(5), sshd_config(5), sftp-server(8)
+     chroot(2), hosts_access(5), login.conf(5), moduli(5), sshd_config(5),
+     inetd(8), sftp-server(8)
 
      T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH
      Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January
@@ -546,9 +547,9 @@ SEE ALSO
 AUTHORS
      OpenSSH is a derivative of the original and free ssh 1.2.12 release by
      Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
-     de Raadt and Dug Song removed many bugs, re-added newer features and cre-
-     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
+     de Raadt and Dug Song removed many bugs, re-added newer features and
+     created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                             9
diff --git a/sshd.8 b/sshd.8
index 27b1a3cf6..460263e92 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -44,7 +44,7 @@
 .Sh SYNOPSIS
 .Nm sshd
 .Bk -words
-.Op Fl deiqtD46
+.Op Fl 46Ddeiqt
 .Op Fl b Ar bits
 .Op Fl f Ar config_file
 .Op Fl g Ar login_grace_time
@@ -78,9 +78,7 @@ This implementation of
 supports both SSH protocol version 1 and 2 simultaneously.
 .Nm
 works as follows:
-.Pp
 .Ss SSH protocol version 1
-.Pp
 Each host has a host-specific RSA key
 (normally 1024 bits) used to identify the host.
 Additionally, when
@@ -92,7 +90,7 @@ Whenever a client connects, the daemon responds with its public
 host and server keys.
 The client compares the
 RSA host key against its own database to verify that it has not changed.
-The client then generates a 256 bit random number.
+The client then generates a 256-bit random number.
 It encrypts this
 random number using both the host key and the server key, and sends
 the encrypted number to the server.
@@ -107,9 +105,9 @@ to use from those offered by the server.
 .Pp
 Next, the server and the client enter an authentication dialog.
 The client tries to authenticate itself using
-.Pa .rhosts
+.Em .rhosts
 authentication,
-.Pa .rhosts
+.Em .rhosts
 authentication combined with RSA host
 authentication, RSA challenge-response authentication, or password
 based authentication.
@@ -137,7 +135,8 @@ or
 .Ql \&*NP\&*
 ).
 .Pp
-Rhosts authentication is normally disabled
+.Em rhosts
+authentication is normally disabled
 because it is fundamentally insecure, but can be enabled in the server
 configuration file if desired.
 System security is not improved unless
@@ -150,9 +149,7 @@ are disabled (thus completely disabling
 and
 .Xr rsh
 into the machine).
-.Pp
 .Ss SSH protocol version 2
-.Pp
 Version 2 works similarly:
 Each host has a host-specific key (RSA or DSA) used to identify the host.
 However, when the daemon starts, it does not generate a server key.
@@ -160,7 +157,7 @@ Forward security is provided through a Diffie-Hellman key agreement.
 This key agreement results in a shared session key.
 .Pp
 The rest of the session is encrypted using a symmetric cipher, currently
-128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.
+128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
 The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
@@ -171,9 +168,7 @@ Protocol version 2 provides a public key based
 user (PubkeyAuthentication) or
 client host (HostbasedAuthentication) authentication method,
 conventional password authentication and challenge response based methods.
-.Pp
 .Ss Command execution and data forwarding
-.Pp
 If the client successfully authenticates itself, a dialog for
 preparing the session is entered.
 At this time the client may request
@@ -192,8 +187,9 @@ connections have been closed, the server sends command exit status to
 the client, and both sides exit.
 .Pp
 .Nm
-can be configured using command-line options or a configuration
-file.
+can be configured using command-line options or a configuration file
+(by default
+.Xr sshd_config 5 ) .
 Command-line options override values specified in the
 configuration file.
 .Pp
@@ -205,9 +201,23 @@ by executing itself with the name it was started as, i.e.,
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
 server key (default 768).
+.It Fl D
+When this option is specified,
+.Nm
+will not detach and does not become a daemon.
+This allows easy monitoring of
+.Nm sshd .
 .It Fl d
 Debug mode.
 The server sends verbose debug output to the system
@@ -267,7 +277,7 @@ be feasible.
 Specifies how often the ephemeral protocol version 1 server key is
 regenerated (default 3600 seconds, or one hour).
 The motivation for regenerating the key fairly
-often is that the key is not stored anywhere, and after about an hour,
+often is that the key is not stored anywhere, and after about an hour
 it becomes impossible to recover the key for decrypting intercepted
 communications even if the machine is cracked into or physically
 seized.
@@ -276,6 +286,8 @@ A value of zero indicates that the key will never be regenerated.
 Can be used to give options in the format used in the configuration file.
 This is useful for specifying options for which there is no separate
 command-line flag.
+For full details of the options, and their values, see
+.Xr sshd_config 5 .
 .It Fl p Ar port
 Specifies the port on which the server listens for connections
 (default 22).
@@ -328,20 +340,6 @@ USER@HOST pattern in
 .Cm AllowUsers
 or
 .Cm DenyUsers .
-.It Fl D
-When this option is specified
-.Nm
-will not detach and does not become a daemon.
-This allows easy monitoring of
-.Nm sshd .
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
 .El
 .Sh CONFIGURATION FILE
 .Nm
@@ -378,9 +376,9 @@ Changes to run with normal user privileges.
 .It
 Sets up basic environment.
 .It
-Reads
-.Pa $HOME/.ssh/environment
-if it exists and users are allowed to change their environment.
+Reads the file
+.Pa $HOME/.ssh/environment ,
+if it exists, and users are allowed to change their environment.
 See the
 .Cm PermitUserEnvironment
 option in
@@ -519,7 +517,7 @@ Limit local
 port forwarding such that it may only connect to the specified host and
 port.
 IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
+.Ar host Ns / Ns Ar port .
 Multiple
 .Cm permitopen
 options may be applied separated by commas.
@@ -527,13 +525,13 @@ No pattern matching is performed on the specified hostnames,
 they must be literal domains or addresses.
 .El
 .Ss Examples
-1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
+1024 33 12121...312314325 ylo@foo.bar
 .Pp
-from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
+from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
 .Pp
-command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
+command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
 .Pp
-permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
+permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The
 .Pa /etc/ssh/ssh_known_hosts
@@ -591,7 +589,7 @@ or by taking
 and adding the host names at the front.
 .Ss Examples
 .Bd -literal
-closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
+closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .Ed
 .Sh FILES
@@ -650,7 +648,7 @@ and/or
 .Pa id_rsa.pub
 files into this file, as described in
 .Xr ssh-keygen 1 .
-.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
+.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts"
 These files are consulted when using rhosts with RSA host
 authentication or protocol version 2 hostbased authentication
 to check the public key of the host.
@@ -684,7 +682,7 @@ The file must
 be writable only by the user; it is recommended that it not be
 accessible by others.
 .Pp
-If is also possible to use netgroups in the file.
+It is also possible to use netgroups in the file.
 Either host or user
 name may be of the form +@groupname to specify all hosts or all users
 in the group.
@@ -696,7 +694,7 @@ However, this file is
 not used by rlogin and rshd, so using this permits access using SSH only.
 .It Pa /etc/hosts.equiv
 This file is used during
-.Pa .rhosts
+.Em rhosts
 authentication.
 In the simplest form, this file contains host names, one per line.
 Users on
@@ -803,9 +801,12 @@ This file should be writable only by root, and should be world-readable.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
+.Xr chroot 2 ,
+.Xr hosts_access 5 ,
 .Xr login.conf 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
+.Xr inetd 8 ,
 .Xr sftp-server 8
 .Rs
 .%A T. Ylonen
diff --git a/sshd.c b/sshd.c
index 92fab6ccd..1f0d7747a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.286 2004/02/23 12:02:33 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -101,6 +101,7 @@ extern char *__progname;
 #else
 char *__progname;
 #endif
+extern char **environ;
 
 /* Server configuration options. */
 ServerOptions options;
@@ -199,11 +200,14 @@ int startup_pipe;		/* in child */
 
 /* variables used for privilege separation */
 int use_privsep;
-struct monitor *pmonitor;
+struct monitor *pmonitor = NULL;
 
 /* message to be displayed after login */
 Buffer loginmsg;
 
+/* global authentication context */
+Authctxt *the_authctxt = NULL;
+
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
@@ -302,6 +306,9 @@ grace_alarm_handler(int sig)
 {
         /* XXX no idea how fix this signal handler */
 
+        if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
+                kill(pmonitor->m_pid, SIGALRM);
+
         /* Log error and exit. */
         fatal("Timeout before authentication for %s", get_remote_ipaddr());
 }
@@ -375,7 +382,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
             strlen(server_version_string))
             != strlen(server_version_string)) {
                 logit("Could not write ident string to %s", get_remote_ipaddr());
-                fatal_cleanup();
+                cleanup_exit(255);
         }
 
         /* Read other sides version identification. */
@@ -384,7 +391,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                 if (atomicio(read, sock_in, &buf[i], 1) != 1) {
                         logit("Did not receive identification string from %s",
                             get_remote_ipaddr());
-                        fatal_cleanup();
+                        cleanup_exit(255);
                 }
                 if (buf[i] == '\r') {
                         buf[i] = 0;
@@ -414,7 +421,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                 close(sock_out);
                 logit("Bad protocol version identification '%.100s' from %s",
                     client_version_string, get_remote_ipaddr());
-                fatal_cleanup();
+                cleanup_exit(255);
         }
         debug("Client protocol version %d.%d; client software version %.100s",
             remote_major, remote_minor, remote_version);
@@ -424,13 +431,13 @@ sshd_exchange_identification(int sock_in, int sock_out)
         if (datafellows & SSH_BUG_PROBE) {
                 logit("probed from %s with %s.  Don't panic.",
                     get_remote_ipaddr(), client_version_string);
-                fatal_cleanup();
+                cleanup_exit(255);
         }
 
         if (datafellows & SSH_BUG_SCANNER) {
                 logit("scanned from %s with %s.  Don't panic.",
                     get_remote_ipaddr(), client_version_string);
-                fatal_cleanup();
+                cleanup_exit(255);
         }
 
         mismatch = 0;
@@ -476,7 +483,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                 logit("Protocol major versions differ for %s: %.200s vs. %.200s",
                     get_remote_ipaddr(),
                     server_version_string, client_version_string);
-                fatal_cleanup();
+                cleanup_exit(255);
         }
 }
 
@@ -571,10 +578,9 @@ privsep_preauth_child(void)
 #endif
 }
 
-static Authctxt *
-privsep_preauth(void)
+static int
+privsep_preauth(Authctxt *authctxt)
 {
-        Authctxt *authctxt = NULL;
         int status;
         pid_t pid;
 
@@ -587,12 +593,11 @@ privsep_preauth(void)
         if (pid == -1) {
                 fatal("fork of unprivileged child failed");
         } else if (pid != 0) {
-                fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
-
                 debug2("Network child is on pid %ld", (long)pid);
 
                 close(pmonitor->m_recvfd);
-                authctxt = monitor_child_preauth(pmonitor);
+                pmonitor->m_pid = pid;
+                monitor_child_preauth(authctxt, pmonitor);
                 close(pmonitor->m_sendfd);
 
                 /* Sync memory */
@@ -602,11 +607,7 @@ privsep_preauth(void)
                 while (waitpid(pid, &status, 0) < 0)
                         if (errno != EINTR)
                                 break;
-
-                /* Reinstall, since the child has finished */
-                fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
-
-                return (authctxt);
+                return (1);
         } else {
                 /* child */
 
@@ -617,17 +618,12 @@ privsep_preauth(void)
                         privsep_preauth_child();
                 setproctitle("%s", "[net]");
         }
-        return (NULL);
+        return (0);
 }
 
 static void
 privsep_postauth(Authctxt *authctxt)
 {
-        extern Authctxt *x_authctxt;
-
-        /* XXX - Remote port forwarding */
-        x_authctxt = authctxt;
-
 #ifdef DISABLE_FD_PASSING
         if (1) {
 #else
@@ -653,8 +649,6 @@ privsep_postauth(Authctxt *authctxt)
         if (pmonitor->m_pid == -1)
                 fatal("fork of unprivileged child failed");
         else if (pmonitor->m_pid != 0) {
-                fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
-
                 debug2("User child is on pid %ld", (long)pmonitor->m_pid);
                 close(pmonitor->m_recvfd);
                 monitor_child_postauth(pmonitor);
@@ -679,7 +673,8 @@ static char *
 list_hostkey_types(void)
 {
         Buffer b;
-        char *p;
+        const char *p;
+        char *ret;
         int i;
 
         buffer_init(&b);
@@ -698,10 +693,10 @@ list_hostkey_types(void)
                 }
         }
         buffer_append(&b, "\0", 1);
-        p = xstrdup(buffer_ptr(&b));
+        ret = xstrdup(buffer_ptr(&b));
         buffer_free(&b);
-        debug("list_hostkey_types: %s", p);
-        return p;
+        debug("list_hostkey_types: %s", ret);
+        return ret;
 }
 
 Key *
@@ -769,7 +764,8 @@ drop_connection(int startups)
 static void
 usage(void)
 {
-        fprintf(stderr, "sshd version %s\n", SSH_VERSION);
+        fprintf(stderr, "sshd version %s, %s\n",
+            SSH_VERSION, SSLeay_version(SSLEAY_VERSION));
         fprintf(stderr, "Usage: %s [options]\n", __progname);
         fprintf(stderr, "Options:\n");
         fprintf(stderr, "  -f file    Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
@@ -809,11 +805,12 @@ main(int ac, char **av)
         FILE *f;
         struct addrinfo *ai;
         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+        char *line;
         int listen_sock, maxfd;
         int startup_p[2];
         int startups = 0;
-        Authctxt *authctxt;
         Key *key;
+        Authctxt *authctxt;
         int ret, key_used = 0;
 
 #ifdef HAVE_SECUREWARE
@@ -922,9 +919,11 @@ main(int ac, char **av)
                         }
                         break;
                 case 'o':
-                        if (process_server_config_line(&options, optarg,
+                        line = xstrdup(optarg);
+                        if (process_server_config_line(&options, line,
                             "command-line", 0) != 0)
                                 exit(1);
+                        xfree(line);
                         break;
                 case '?':
                 default:
@@ -1069,8 +1068,8 @@ main(int ac, char **av)
         /*
          * Clear out any supplemental groups we may have inherited.  This
          * prevents inadvertent creation of files with bad modes (in the
-         * portable version at least, it's certainly possible for PAM 
-         * to create a file, and we can't control the code in every 
+         * portable version at least, it's certainly possible for PAM
+         * to create a file, and we can't control the code in every
          * module which might be used).
          */
         if (setgroups(0, NULL) < 0)
@@ -1112,6 +1111,11 @@ main(int ac, char **av)
            unmounted if desired. */
         chdir("/");
 
+#ifndef HAVE_CYGWIN
+        /* Clear environment */
+        environ[0] = NULL;
+#endif
+
         /* ignore SIGPIPE */
         signal(SIGPIPE, SIG_IGN);
 
@@ -1180,7 +1184,7 @@ main(int ac, char **av)
 
                         /* Start listening on the port. */
                         logit("Server listening on %s port %s.", ntop, strport);
-                        if (listen(listen_sock, 5) < 0)
+                        if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
                                 fatal("listen: %.100s", strerror(errno));
 
                 }
@@ -1419,8 +1423,8 @@ main(int ac, char **av)
         signal(SIGCHLD, SIG_DFL);
         signal(SIGINT, SIG_DFL);
 
-        /* Set keepalives if requested. */
-        if (options.keepalives &&
+        /* Set SO_KEEPALIVE if requested. */
+        if (options.tcp_keep_alive &&
             setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
             sizeof(on)) < 0)
                 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
@@ -1470,21 +1474,28 @@ main(int ac, char **av)
 
         packet_set_nonblocking();
 
-        /* prepare buffers to collect authentication messages */
+        /* prepare buffers to collect authentication messages */
         buffer_init(&loginmsg);
 
+        /* allocate authentication context */
+        authctxt = xmalloc(sizeof(*authctxt));
+        memset(authctxt, 0, sizeof(*authctxt));
+
+        /* XXX global for cleanup, access from other modules */
+        the_authctxt = authctxt;
+
         if (use_privsep)
-                if ((authctxt = privsep_preauth()) != NULL)
+                if (privsep_preauth(authctxt) == 1)
                         goto authenticated;
 
         /* perform the key exchange */
         /* authenticate user and start session */
         if (compat20) {
                 do_ssh2_kex();
-                authctxt = do_authentication2();
+                do_authentication2(authctxt);
         } else {
                 do_ssh1_kex();
-                authctxt = do_authentication();
+                do_authentication(authctxt);
         }
         /*
          * If we use privilege separation, the unprivileged child transfers
@@ -1507,7 +1518,7 @@ main(int ac, char **av)
                         destroy_sensitive_data();
         }
 
-        /* Perform session preparation. */
+        /* Start session. */
         do_authenticated(authctxt);
 
         /* The connection has been terminated. */
@@ -1800,3 +1811,12 @@ do_ssh2_kex(void)
 #endif
         debug("KEX done");
 }
+
+/* server specific fatal cleanup */
+void
+cleanup_exit(int i)
+{
+        if (the_authctxt)
+                do_cleanup(the_authctxt);
+        _exit(i);
+}
diff --git a/sshd_config b/sshd_config
index dd53f1057..b45c8c561 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
+#       $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -61,15 +61,16 @@
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
+#KerberosGetAFSToken no
 
 # GSSAPI options
 #GSSAPIAuthentication no
-#GSSAPICleanupCreds yes
+#GSSAPICleanupCredentials yes
 
 # Set this to 'yes' to enable PAM authentication (via challenge-response)
 # and session processing. Depending on your PAM configuration, this may
-# bypass the setting of 'PasswordAuthentication'
-#UsePAM yes
+# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'
+#UsePAM no
 
 #AllowTcpForwarding yes
 #GatewayPorts no
@@ -78,7 +79,7 @@
 #X11UseLocalhost yes
 #PrintMotd yes
 #PrintLastLog yes
-#KeepAlive yes
+#TCPKeepAlive yes
 #UseLogin no
 #UsePrivilegeSeparation yes
 #PermitUserEnvironment no
diff --git a/sshd_config.0 b/sshd_config.0
index bc266317f..981e91042 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -1,4 +1,4 @@
-SSHD_CONFIG(5)              BSD File Formats Manual             SSHD_CONFIG(5)
+SSHD_CONFIG(5)            OpenBSD Programmer's Manual           SSHD_CONFIG(5)
 
 NAME
      sshd_config - OpenSSH SSH daemon configuration file
@@ -9,7 +9,7 @@ SYNOPSIS
 DESCRIPTION
      sshd reads configuration data from /etc/ssh/sshd_config (or the file
      specified with -f on the command line).  The file contains keyword-argu-
-     ment pairs, one per line.  Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are
+     ment pairs, one per line.  Lines starting with `#' and empty lines are
      interpreted as comments.
 
      The possible keywords and their meanings are as follows (note that key-
@@ -19,36 +19,36 @@ DESCRIPTION
              This keyword can be followed by a list of group name patterns,
              separated by spaces.  If specified, login is allowed only for
              users whose primary group or supplementary group list matches one
-             of the patterns.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards in the
+             of the patterns.  `*' and `?' can be used as wildcards in the
              patterns.  Only group names are valid; a numerical group ID is
              not recognized.  By default, login is allowed for all groups.
 
      AllowTcpForwarding
              Specifies whether TCP forwarding is permitted.  The default is
-             M-bM-^@M-^\yesM-bM-^@M-^].  Note that disabling TCP forwarding does not improve secu-
-             rity unless users are also denied shell access, as they can
-             always install their own forwarders.
+             ``yes''.  Note that disabling TCP forwarding does not improve se-
+             curity unless users are also denied shell access, as they can al-
+             ways install their own forwarders.
 
      AllowUsers
              This keyword can be followed by a list of user name patterns,
-             separated by spaces.  If specified, login is allowed only for
-             user names that match one of the patterns.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be
-             used as wildcards in the patterns.  Only user names are valid; a
-             numerical user ID is not recognized.  By default, login is
-             allowed for all users.  If the pattern takes the form USER@HOST
-             then USER and HOST are separately checked, restricting logins to
-             particular users from particular hosts.
+             separated by spaces.  If specified, login is allowed only for us-
+             er names that match one of the patterns.  `*' and `?' can be used
+             as wildcards in the patterns.  Only user names are valid; a nu-
+             merical user ID is not recognized.  By default, login is allowed
+             for all users.  If the pattern takes the form USER@HOST then USER
+             and HOST are separately checked, restricting logins to particular
+             users from particular hosts.
 
      AuthorizedKeysFile
              Specifies the file that contains the public keys that can be used
              for user authentication.  AuthorizedKeysFile may contain tokens
              of the form %T which are substituted during connection set-up.
              The following tokens are defined: %% is replaced by a literal
-             M-bM-^@M-^Y%M-bM-^@M-^Y, %h is replaced by the home directory of the user being
-             authenticated and %u is replaced by the username of that user.
-             After expansion, AuthorizedKeysFile is taken to be an absolute
-             path or one relative to the userM-bM-^@M-^Ys home directory.  The default
-             is M-bM-^@M-^\.ssh/authorized_keysM-bM-^@M-^].
+             '%', %h is replaced by the home directory of the user being au-
+             thenticated and %u is replaced by the username of that user.  Af-
+             ter expansion, AuthorizedKeysFile is taken to be an absolute path
+             or one relative to the user's home directory.  The default is
+             ``.ssh/authorized_keys''.
 
      Banner  In some jurisdictions, sending a warning message before authenti-
              cation may be relevant for getting legal protection.  The con-
@@ -59,14 +59,14 @@ DESCRIPTION
      ChallengeResponseAuthentication
              Specifies whether challenge response authentication is allowed.
              All authentication styles from login.conf(5) are supported.  The
-             default is M-bM-^@M-^\yesM-bM-^@M-^].
+             default is ``yes''.
 
      Ciphers
              Specifies the ciphers allowed for protocol version 2.  Multiple
              ciphers must be comma-separated.  The default is
 
-               M-bM-^@M-^XM-bM-^@M-^Xaes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
-                 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctrM-bM-^@M-^YM-bM-^@M-^Y
+               ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+                 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr''
 
      ClientAliveInterval
              Sets a timeout interval in seconds after which if no data has
@@ -78,15 +78,15 @@ DESCRIPTION
      ClientAliveCountMax
              Sets the number of client alive messages (see above) which may be
              sent without sshd receiving any messages back from the client.
-             If this threshold is reached while client alive messages are
-             being sent, sshd will disconnect the client, terminating the ses-
+             If this threshold is reached while client alive messages are be-
+             ing sent, sshd will disconnect the client, terminating the ses-
              sion.  It is important to note that the use of client alive mes-
-             sages is very different from KeepAlive (below).  The client alive
-             messages are sent through the encrypted channel and therefore
-             will not be spoofable.  The TCP keepalive option enabled by
-             KeepAlive is spoofable.  The client alive mechanism is valuable
-             when the client or server depend on knowing when a connection has
-             become inactive.
+             sages is very different from TCPKeepAlive (below).  The client
+             alive messages are sent through the encrypted channel and there-
+             fore will not be spoofable.  The TCP keepalive option enabled by
+             TCPKeepAlive is spoofable.  The client alive mechanism is valu-
+             able when the client or server depend on knowing when a connec-
+             tion has become inactive.
 
              The default value is 3.  If ClientAliveInterval (above) is set to
              15, and ClientAliveCountMax is left at the default, unresponsive
@@ -94,20 +94,20 @@ DESCRIPTION
 
      Compression
              Specifies whether compression is allowed.  The argument must be
-             M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\yesM-bM-^@M-^].
+             ``yes'' or ``no''.  The default is ``yes''.
 
      DenyGroups
              This keyword can be followed by a list of group name patterns,
              separated by spaces.  Login is disallowed for users whose primary
              group or supplementary group list matches one of the patterns.
-             M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards in the patterns.  Only group
-             names are valid; a numerical group ID is not recognized.  By
-             default, login is allowed for all groups.
+             `*' and `?' can be used as wildcards in the patterns.  Only group
+             names are valid; a numerical group ID is not recognized.  By de-
+             fault, login is allowed for all groups.
 
      DenyUsers
              This keyword can be followed by a list of user name patterns,
              separated by spaces.  Login is disallowed for user names that
-             match one of the patterns.  M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y can be used as wildcards
+             match one of the patterns.  `*' and `?' can be used as wildcards
              in the patterns.  Only user names are valid; a numerical user ID
              is not recognized.  By default, login is allowed for all users.
              If the pattern takes the form USER@HOST then USER and HOST are
@@ -121,25 +121,25 @@ DESCRIPTION
              hosts from connecting to forwarded ports.  GatewayPorts can be
              used to specify that sshd should bind remote port forwardings to
              the wildcard address, thus allowing remote hosts to connect to
-             forwarded ports.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The
-             default is M-bM-^@M-^\noM-bM-^@M-^].
+             forwarded ports.  The argument must be ``yes'' or ``no''.  The
+             default is ``no''.
 
      GSSAPIAuthentication
              Specifies whether user authentication based on GSSAPI is allowed.
-             The default is M-bM-^@M-^\noM-bM-^@M-^].  Note that this option applies to protocol
+             The default is ``no''.  Note that this option applies to protocol
              version 2 only.
 
      GSSAPICleanupCredentials
-             Specifies whether to automatically destroy the userM-bM-^@M-^Ys credentials
-             cache on logout.  The default is M-bM-^@M-^\yesM-bM-^@M-^].  Note that this option
+             Specifies whether to automatically destroy the user's credentials
+             cache on logout.  The default is ``yes''.  Note that this option
              applies to protocol version 2 only.
 
      HostbasedAuthentication
-             Specifies whether rhosts or /etc/hosts.equiv authentication
-             together with successful public key client host authentication is
+             Specifies whether rhosts or /etc/hosts.equiv authentication to-
+             gether with successful public key client host authentication is
              allowed (hostbased authentication).  This option is similar to
              RhostsRSAAuthentication and applies to protocol version 2 only.
-             The default is M-bM-^@M-^\noM-bM-^@M-^].
+             The default is ``no''.
 
      HostKey
              Specifies a file containing a private host key used by SSH.  The
@@ -147,51 +147,36 @@ DESCRIPTION
              /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro-
              tocol version 2.  Note that sshd will refuse to use a file if it
              is group/world-accessible.  It is possible to have multiple host
-             key files.  M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^]
-             are used for version 2 of the SSH protocol.
+             key files.  ``rsa1'' keys are used for version 1 and ``dsa'' or
+             ``rsa'' are used for version 2 of the SSH protocol.
 
      IgnoreRhosts
              Specifies that .rhosts and .shosts files will not be used in
              RhostsRSAAuthentication or HostbasedAuthentication.
 
-             /etc/hosts.equiv and /etc/shosts.equiv are still used.  The
-             default is M-bM-^@M-^\yesM-bM-^@M-^].
+             /etc/hosts.equiv and /etc/shosts.equiv are still used.  The de-
+             fault is ``yes''.
 
      IgnoreUserKnownHosts
-             Specifies whether sshd should ignore the userM-bM-^@M-^Ys
+             Specifies whether sshd should ignore the user's
              $HOME/.ssh/known_hosts during RhostsRSAAuthentication or
-             HostbasedAuthentication.  The default is M-bM-^@M-^\noM-bM-^@M-^].
-
-     KeepAlive
-             Specifies whether the system should send TCP keepalive messages
-             to the other side.  If they are sent, death of the connection or
-             crash of one of the machines will be properly noticed.  However,
-             this means that connections will die if the route is down tem-
-             porarily, and some people find it annoying.  On the other hand,
-             if keepalives are not sent, sessions may hang indefinitely on the
-             server, leaving M-bM-^@M-^\ghostM-bM-^@M-^] users and consuming server resources.
-
-             The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send keepalives), and the server will
-             notice if the network goes down or the client host crashes.  This
-             avoids infinitely hanging sessions.
-
-             To disable keepalives, the value should be set to M-bM-^@M-^\noM-bM-^@M-^].
+             HostbasedAuthentication.  The default is ``no''.
 
      KerberosAuthentication
              Specifies whether the password provided by the user for
              PasswordAuthentication will be validated through the Kerberos
              KDC.  To use this option, the server needs a Kerberos servtab
-             which allows the verification of the KDCM-bM-^@M-^Ys identity.  Default is
-             M-bM-^@M-^\noM-bM-^@M-^].
+             which allows the verification of the KDC's identity.  Default is
+             ``no''.
 
      KerberosOrLocalPasswd
              If set then if password authentication through Kerberos fails
              then the password will be validated via any additional local
-             mechanism such as /etc/passwd.  Default is M-bM-^@M-^\yesM-bM-^@M-^].
+             mechanism such as /etc/passwd.  Default is ``yes''.
 
      KerberosTicketCleanup
-             Specifies whether to automatically destroy the userM-bM-^@M-^Ys ticket
-             cache file on logout.  Default is M-bM-^@M-^\yesM-bM-^@M-^].
+             Specifies whether to automatically destroy the user's ticket
+             cache file on logout.  Default is ``yes''.
 
      KeyRegenerationInterval
              In protocol version 1, the ephemeral server key is automatically
@@ -230,55 +215,55 @@ DESCRIPTION
 
      MACs    Specifies the available MAC (message authentication code) algo-
              rithms.  The MAC algorithm is used in protocol version 2 for data
-             integrity protection.  Multiple algorithms must be comma-sepa-
-             rated.  The default is
-             M-bM-^@M-^\hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96M-bM-^@M-^].
+             integrity protection.  Multiple algorithms must be comma-separat-
+             ed.  The default is ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
+             sha1-96,hmac-md5-96''.
 
      MaxStartups
              Specifies the maximum number of concurrent unauthenticated con-
              nections to the sshd daemon.  Additional connections will be
-             dropped until authentication succeeds or the LoginGraceTime
-             expires for a connection.  The default is 10.
+             dropped until authentication succeeds or the LoginGraceTime ex-
+             pires for a connection.  The default is 10.
 
              Alternatively, random early drop can be enabled by specifying the
-             three colon separated values M-bM-^@M-^\start:rate:fullM-bM-^@M-^] (e.g.,
+             three colon separated values ``start:rate:full'' (e.g.,
              "10:30:60").  sshd will refuse connection attempts with a proba-
-             bility of M-bM-^@M-^\rate/100M-bM-^@M-^] (30%) if there are currently M-bM-^@M-^\startM-bM-^@M-^] (10)
-             unauthenticated connections.  The probability increases linearly
-             and all connection attempts are refused if the number of unau-
-             thenticated connections reaches M-bM-^@M-^\fullM-bM-^@M-^] (60).
+             bility of ``rate/100'' (30%) if there are currently ``start''
+             (10) unauthenticated connections.  The probability increases lin-
+             early and all connection attempts are refused if the number of
+             unauthenticated connections reaches ``full'' (60).
 
      PasswordAuthentication
-             Specifies whether password authentication is allowed.  The
-             default is M-bM-^@M-^\yesM-bM-^@M-^].
+             Specifies whether password authentication is allowed.  The de-
+             fault is ``yes''.
 
      PermitEmptyPasswords
              When password authentication is allowed, it specifies whether the
              server allows login to accounts with empty password strings.  The
-             default is M-bM-^@M-^\noM-bM-^@M-^].
+             default is ``no''.
 
      PermitRootLogin
              Specifies whether root can login using ssh(1).  The argument must
-             be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\without-passwordM-bM-^@M-^], M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].
-             The default is M-bM-^@M-^\yesM-bM-^@M-^].
+             be ``yes'', ``without-password'', ``forced-commands-only'' or
+             ``no''.  The default is ``yes''.
 
-             If this option is set to M-bM-^@M-^\without-passwordM-bM-^@M-^] password authentica-
-             tion is disabled for root.
+             If this option is set to ``without-password'' password authenti-
+             cation is disabled for root.
 
-             If this option is set to M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^] root login with
+             If this option is set to ``forced-commands-only'' root login with
              public key authentication will be allowed, but only if the
              command option has been specified (which may be useful for taking
              remote backups even if root login is normally not allowed).  All
              other authentication methods are disabled for root.
 
-             If this option is set to M-bM-^@M-^\noM-bM-^@M-^] root is not allowed to login.
+             If this option is set to ``no'' root is not allowed to login.
 
      PermitUserEnvironment
              Specifies whether ~/.ssh/environment and environment= options in
              ~/.ssh/authorized_keys are processed by sshd.  The default is
-             M-bM-^@M-^\noM-bM-^@M-^].  Enabling environment processing may enable users to bypass
-             access restrictions in some configurations using mechanisms such
-             as LD_PRELOAD.
+             ``no''.  Enabling environment processing may enable users to by-
+             pass access restrictions in some configurations using mechanisms
+             such as LD_PRELOAD.
 
      PidFile
              Specifies the file that contains the process ID of the sshd dae-
@@ -290,38 +275,36 @@ DESCRIPTION
 
      PrintLastLog
              Specifies whether sshd should print the date and time when the
-             user last logged in.  The default is M-bM-^@M-^\yesM-bM-^@M-^].
+             user last logged in.  The default is ``yes''.
 
      PrintMotd
              Specifies whether sshd should print /etc/motd when a user logs in
              interactively.  (On some systems it is also printed by the shell,
-             /etc/profile, or equivalent.)  The default is M-bM-^@M-^\yesM-bM-^@M-^].
+             /etc/profile, or equivalent.)  The default is ``yes''.
 
      Protocol
              Specifies the protocol versions sshd supports.  The possible val-
-             ues are M-bM-^@M-^\1M-bM-^@M-^] and M-bM-^@M-^\2M-bM-^@M-^].  Multiple versions must be comma-separated.
-             The default is M-bM-^@M-^\2,1M-bM-^@M-^].  Note that the order of the protocol list
-             does not indicate preference, because the client selects among
-             multiple protocol versions offered by the server.  Specifying
-             M-bM-^@M-^\2,1M-bM-^@M-^] is identical to M-bM-^@M-^\1,2M-bM-^@M-^].
+             ues are ``1'' and ``2''.  Multiple versions must be comma-sepa-
+             rated.  The default is ``2,1''.  Note that the order of the pro-
+             tocol list does not indicate preference, because the client se-
+             lects among multiple protocol versions offered by the server.
+             Specifying ``2,1'' is identical to ``1,2''.
 
      PubkeyAuthentication
-             Specifies whether public key authentication is allowed.  The
-             default is M-bM-^@M-^\yesM-bM-^@M-^].  Note that this option applies to protocol ver-
-             sion 2 only.  RhostsRSAAuthentication should be used instead,
-             because it performs RSA-based host authentication in addition to
-             normal rhosts or /etc/hosts.equiv authentication.  The default is
-             M-bM-^@M-^\noM-bM-^@M-^].  This option applies to protocol version 1 only.
+             Specifies whether public key authentication is allowed.  The de-
+             fault is ``yes''.  Note that this option applies to protocol ver-
+             sion 2 only.
 
      RhostsRSAAuthentication
-             Specifies whether rhosts or /etc/hosts.equiv authentication
-             together with successful RSA host authentication is allowed.  The
-             default is M-bM-^@M-^\noM-bM-^@M-^].  This option applies to protocol version 1 only.
+             Specifies whether rhosts or /etc/hosts.equiv authentication to-
+             gether with successful RSA host authentication is allowed.  The
+             default is ``no''.  This option applies to protocol version 1 on-
+             ly.
 
      RSAAuthentication
-             Specifies whether pure RSA authentication is allowed.  The
-             default is M-bM-^@M-^\yesM-bM-^@M-^].  This option applies to protocol version 1
-             only.
+             Specifies whether pure RSA authentication is allowed.  The de-
+             fault is ``yes''.  This option applies to protocol version 1 on-
+             ly.
 
      ServerKeyBits
              Defines the number of bits in the ephemeral protocol version 1
@@ -329,72 +312,89 @@ DESCRIPTION
 
      StrictModes
              Specifies whether sshd should check file modes and ownership of
-             the userM-bM-^@M-^Ys files and home directory before accepting login.  This
+             the user's files and home directory before accepting login.  This
              is normally desirable because novices sometimes accidentally
              leave their directory or files world-writable.  The default is
-             M-bM-^@M-^\yesM-bM-^@M-^].
+             ``yes''.
 
      Subsystem
              Configures an external subsystem (e.g., file transfer daemon).
-             Arguments should be a subsystem name and a command to execute
-             upon subsystem request.  The command sftp-server(8) implements
-             the M-bM-^@M-^\sftpM-bM-^@M-^] file transfer subsystem.  By default no subsystems are
-             defined.  Note that this option applies to protocol version 2
-             only.
+             Arguments should be a subsystem name and a command to execute up-
+             on subsystem request.  The command sftp-server(8) implements the
+             ``sftp'' file transfer subsystem.  By default no subsystems are
+             defined.  Note that this option applies to protocol version 2 on-
+             ly.
 
      SyslogFacility
              Gives the facility code that is used when logging messages from
-             sshd.  The possible values are: DAEMON, USER, AUTH, LOCAL0,
-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
-             default is AUTH.
+             sshd.  The possible values are: DAEMON, USER, AUTH, LOCAL0, LO-
+             CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The de-
+             fault is AUTH.
+
+     TCPKeepAlive
+             Specifies whether the system should send TCP keepalive messages
+             to the other side.  If they are sent, death of the connection or
+             crash of one of the machines will be properly noticed.  However,
+             this means that connections will die if the route is down tem-
+             porarily, and some people find it annoying.  On the other hand,
+             if TCP keepalives are not sent, sessions may hang indefinitely on
+             the server, leaving ``ghost'' users and consuming server re-
+             sources.
+
+             The default is ``yes'' (to send TCP keepalive messages), and the
+             server will notice if the network goes down or the client host
+             crashes.  This avoids infinitely hanging sessions.
+
+             To disable TCP keepalive messages, the value should be set to
+             ``no''.
 
      UseDNS  Specifies whether sshd should lookup the remote host name and
              check that the resolved host name for the remote IP address maps
-             back to the very same IP address.  The default is M-bM-^@M-^\yesM-bM-^@M-^].
+             back to the very same IP address.  The default is ``yes''.
 
      UseLogin
              Specifies whether login(1) is used for interactive login ses-
-             sions.  The default is M-bM-^@M-^\noM-bM-^@M-^].  Note that login(1) is never used
-             for remote command execution.  Note also, that if this is
-             enabled, X11Forwarding will be disabled because login(1) does not
+             sions.  The default is ``no''.  Note that login(1) is never used
+             for remote command execution.  Note also, that if this is en-
+             abled, X11Forwarding will be disabled because login(1) does not
              know how to handle xauth(1) cookies.  If UsePrivilegeSeparation
              is specified, it will be disabled after authentication.
 
      UsePAM  Enables PAM authentication (via challenge-response) and session
              set up.  If you enable this, you should probably disable
              PasswordAuthentication.  If you enable then you will not be able
-             to run sshd as a non-root user.
+             to run sshd as a non-root user.  The default is ``no''.
 
      UsePrivilegeSeparation
-             Specifies whether sshd separates privileges by creating an
-             unprivileged child process to deal with incoming network traffic.
+             Specifies whether sshd separates privileges by creating an un-
+             privileged child process to deal with incoming network traffic.
              After successful authentication, another process will be created
              that has the privilege of the authenticated user.  The goal of
              privilege separation is to prevent privilege escalation by con-
              taining any corruption within the unprivileged processes.  The
-             default is M-bM-^@M-^\yesM-bM-^@M-^].
+             default is ``yes''.
 
      X11DisplayOffset
-             Specifies the first display number available for sshdM-bM-^@M-^Ys X11 for-
+             Specifies the first display number available for sshd's X11 for-
              warding.  This prevents sshd from interfering with real X11
              servers.  The default is 10.
 
      X11Forwarding
              Specifies whether X11 forwarding is permitted.  The argument must
-             be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default is M-bM-^@M-^\noM-bM-^@M-^].
+             be ``yes'' or ``no''.  The default is ``no''.
 
              When X11 forwarding is enabled, there may be additional exposure
              to the server and to client displays if the sshd proxy display is
              configured to listen on the wildcard address (see X11UseLocalhost
-             below), however this is not the default.  Additionally, the
-             authentication spoofing and authentication data verification and
-             substitution occur on the client side.  The security risk of
-             using X11 forwarding is that the clientM-bM-^@M-^Ys X11 display server may
-             be exposed to attack when the ssh client requests forwarding (see
+             below), however this is not the default.  Additionally, the au-
+             thentication spoofing and authentication data verification and
+             substitution occur on the client side.  The security risk of us-
+             ing X11 forwarding is that the client's X11 display server may be
+             exposed to attack when the ssh client requests forwarding (see
              the warnings for ForwardX11 in ssh_config(5)).  A system adminis-
              trator may have a stance in which they want to protect clients
              that may expose themselves to attack by unwittingly requesting
-             X11 forwarding, which can warrant a M-bM-^@M-^\noM-bM-^@M-^] setting.
+             X11 forwarding, which can warrant a ``no'' setting.
 
              Note that disabling X11 forwarding does not prevent users from
              forwarding X11 traffic, as users can always install their own
@@ -406,12 +406,12 @@ DESCRIPTION
              the loopback address or to the wildcard address.  By default,
              sshd binds the forwarding server to the loopback address and sets
              the hostname part of the DISPLAY environment variable to
-             M-bM-^@M-^\localhostM-bM-^@M-^].  This prevents remote hosts from connecting to the
+             ``localhost''.  This prevents remote hosts from connecting to the
              proxy display.  However, some older X11 clients may not function
-             with this configuration.  X11UseLocalhost may be set to M-bM-^@M-^\noM-bM-^@M-^] to
+             with this configuration.  X11UseLocalhost may be set to ``no'' to
              specify that the forwarding server should be bound to the wild-
-             card address.  The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^].  The default
-             is M-bM-^@M-^\yesM-bM-^@M-^].
+             card address.  The argument must be ``yes'' or ``no''.  The de-
+             fault is ``yes''.
 
      XAuthLocation
              Specifies the full pathname of the xauth(1) program.  The default
@@ -456,4 +456,4 @@ AUTHORS
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-BSD                           September 25, 1999                           BSD
+OpenBSD 3.4                   September 25, 1999                             7
diff --git a/sshd_config.5 b/sshd_config.5
index 727fdb12a..41228248c 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.25 2003/09/01 09:50:04 markus Exp $
+.\" $OpenBSD: sshd_config.5,v 1.28 2004/02/17 19:35:21 jmc Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent,
 will disconnect the client, terminating the session.
 It is important to note that the use of client alive messages is very
 different from
-.Cm KeepAlive
+.Cm TCPKeepAlive
 (below).
 The client alive messages are sent through the encrypted channel
 and therefore will not be spoofable.
 The TCP keepalive option enabled by
-.Cm KeepAlive
+.Cm TCPKeepAlive
 is spoofable.
 The client alive mechanism is valuable when the client or
 server depend on knowing when a connection has become inactive.
@@ -227,7 +227,7 @@ The default is
 .Dq no .
 .It Cm GSSAPIAuthentication
 Specifies whether user authentication based on GSSAPI is allowed.
-The default is 
+The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
 .It Cm GSSAPICleanupCredentials
@@ -292,27 +292,6 @@ or
 .Cm HostbasedAuthentication .
 The default is
 .Dq no .
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-On the other hand, if keepalives are not sent,
-sessions may hang indefinitely on the server, leaving
-.Dq ghost
-users and consuming server resources.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the server will notice
-if the network goes down or the client host crashes.
-This avoids infinitely hanging sessions.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication
@@ -533,13 +512,6 @@ Specifies whether public key authentication is allowed.
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
-.Cm RhostsRSAAuthentication
-should be used
-instead, because it performs RSA-based host authentication in addition
-to normal rhosts or /etc/hosts.equiv authentication.
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
 .It Cm RhostsRSAAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful RSA host authentication is allowed.
@@ -580,6 +552,27 @@ Gives the facility code that is used when logging messages from
 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
+.It Cm TCPKeepAlive
+Specifies whether the system should send TCP keepalive messages to the
+other side.
+If they are sent, death of the connection or crash of one
+of the machines will be properly noticed.
+However, this means that
+connections will die if the route is down temporarily, and some people
+find it annoying.
+On the other hand, if TCP keepalives are not sent,
+sessions may hang indefinitely on the server, leaving
+.Dq ghost
+users and consuming server resources.
+.Pp
+The default is
+.Dq yes
+(to send TCP keepalive messages), and the server will notice
+if the network goes down or the client host crashes.
+This avoids infinitely hanging sessions.
+.Pp
+To disable TCP keepalive messages, the value should be set to
+.Dq no .
 .It Cm UseDNS
 Specifies whether
 .Nm sshd
@@ -608,12 +601,13 @@ If
 .Cm UsePrivilegeSeparation
 is specified, it will be disabled after authentication.
 .It Cm UsePAM
-Enables PAM authentication (via challenge-response) and session set up. 
-If you enable this, you should probably disable 
+Enables PAM authentication (via challenge-response) and session set up.
+If you enable this, you should probably disable
 .Cm PasswordAuthentication .
-If you enable 
+If you enable
 .CM UsePAM
-then you will not be able to run sshd as a non-root user.
+then you will not be able to run sshd as a non-root user.  The default is
+.Dq no .
 .It Cm UsePrivilegeSeparation
 Specifies whether
 .Nm sshd
diff --git a/sshpty.c b/sshpty.c
index 4747ceaf4..0fe3891b6 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshpty.c,v 1.10 2003/06/12 07:57:38 markus Exp $");
+RCSID("$OpenBSD: sshpty.c,v 1.11 2004/01/11 21:55:06 deraadt Exp $");
 
 #ifdef HAVE_UTIL_H
 # include <util.h>
@@ -22,17 +22,9 @@ RCSID("$OpenBSD: sshpty.c,v 1.10 2003/06/12 07:57:38 markus Exp $");
 #include "log.h"
 #include "misc.h"
 
-/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
-#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
-#undef HAVE_DEV_PTMX
-#endif
-
 #ifdef HAVE_PTY_H
 # include <pty.h>
 #endif
-#if defined(HAVE_DEV_PTMX) && defined(HAVE_SYS_STROPTS_H)
-# include <sys/stropts.h>
-#endif
 
 #ifndef O_NOCTTY
 #define O_NOCTTY 0
@@ -48,7 +40,6 @@ RCSID("$OpenBSD: sshpty.c,v 1.10 2003/06/12 07:57:38 markus Exp $");
 int
 pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 {
-#if defined(HAVE_OPENPTY) || defined(BSD4_4)
         /* openpty(3) exists in OSF/1 and some other os'es */
         char *name;
         int i;
@@ -64,187 +55,6 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 
         strlcpy(namebuf, name, namebuflen);     /* possible truncation */
         return 1;
-#else /* HAVE_OPENPTY */
-#ifdef HAVE__GETPTY
-        /*
-         * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more
-         * pty's automagically when needed
-         */
-        char *slave;
-
-        slave = _getpty(ptyfd, O_RDWR, 0622, 0);
-        if (slave == NULL) {
-                error("_getpty: %.100s", strerror(errno));
-                return 0;
-        }
-        strlcpy(namebuf, slave, namebuflen);
-        /* Open the slave side. */
-        *ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
-        if (*ttyfd < 0) {
-                error("%.200s: %.100s", namebuf, strerror(errno));
-                close(*ptyfd);
-                return 0;
-        }
-        return 1;
-#else /* HAVE__GETPTY */
-#if defined(HAVE_DEV_PTMX)
-        /*
-         * This code is used e.g. on Solaris 2.x.  (Note that Solaris 2.3
-         * also has bsd-style ptys, but they simply do not work.)
-         */
-        int ptm;
-        char *pts;
-        mysig_t old_signal;
-
-        ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY);
-        if (ptm < 0) {
-                error("/dev/ptmx: %.100s", strerror(errno));
-                return 0;
-        }
-        old_signal = signal(SIGCHLD, SIG_DFL);
-        if (grantpt(ptm) < 0) {
-                error("grantpt: %.100s", strerror(errno));
-                return 0;
-        }
-        signal(SIGCHLD, old_signal);
-        if (unlockpt(ptm) < 0) {
-                error("unlockpt: %.100s", strerror(errno));
-                return 0;
-        }
-        pts = ptsname(ptm);
-        if (pts == NULL)
-                error("Slave pty side name could not be obtained.");
-        strlcpy(namebuf, pts, namebuflen);
-        *ptyfd = ptm;
-
-        /* Open the slave side. */
-        *ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
-        if (*ttyfd < 0) {
-                error("%.100s: %.100s", namebuf, strerror(errno));
-                close(*ptyfd);
-                return 0;
-        }
-#ifndef HAVE_CYGWIN
-        /*
-         * Push the appropriate streams modules, as described in Solaris pts(7).
-         * HP-UX pts(7) doesn't have ttcompat module.
-         */
-        if (ioctl(*ttyfd, I_PUSH, "ptem") < 0)
-                error("ioctl I_PUSH ptem: %.100s", strerror(errno));
-        if (ioctl(*ttyfd, I_PUSH, "ldterm") < 0)
-                error("ioctl I_PUSH ldterm: %.100s", strerror(errno));
-#ifndef __hpux
-        if (ioctl(*ttyfd, I_PUSH, "ttcompat") < 0)
-                error("ioctl I_PUSH ttcompat: %.100s", strerror(errno));
-#endif
-#endif
-        return 1;
-#else /* HAVE_DEV_PTMX */
-#ifdef HAVE_DEV_PTS_AND_PTC
-        /* AIX-style pty code. */
-        const char *name;
-
-        *ptyfd = open("/dev/ptc", O_RDWR | O_NOCTTY);
-        if (*ptyfd < 0) {
-                error("Could not open /dev/ptc: %.100s", strerror(errno));
-                return 0;
-        }
-        name = ttyname(*ptyfd);
-        if (!name)
-                fatal("Open of /dev/ptc returns device for which ttyname fails.");
-        strlcpy(namebuf, name, namebuflen);
-        *ttyfd = open(name, O_RDWR | O_NOCTTY);
-        if (*ttyfd < 0) {
-                error("Could not open pty slave side %.100s: %.100s",
-                    name, strerror(errno));
-                close(*ptyfd);
-                return 0;
-        }
-        return 1;
-#else /* HAVE_DEV_PTS_AND_PTC */
-#ifdef _UNICOS
-        char buf[64];
-        int i;
-        int highpty;
-
-#ifdef _SC_CRAY_NPTY
-        highpty = sysconf(_SC_CRAY_NPTY);
-        if (highpty == -1)
-                highpty = 128;
-#else
-        highpty = 128;
-#endif
-
-        for (i = 0; i < highpty; i++) {
-                snprintf(buf, sizeof(buf), "/dev/pty/%03d", i);
-                *ptyfd = open(buf, O_RDWR|O_NOCTTY);
-                if (*ptyfd < 0)
-                        continue;
-                snprintf(namebuf, namebuflen, "/dev/ttyp%03d", i);
-                /* Open the slave side. */
-                *ttyfd = open(namebuf, O_RDWR|O_NOCTTY);
-                if (*ttyfd < 0) {
-                        error("%.100s: %.100s", namebuf, strerror(errno));
-                        close(*ptyfd);
-                        return 0;
-                }
-                return 1;
-        }
-        return 0;
-#else
-        /* BSD-style pty code. */
-        char buf[64];
-        int i;
-        const char *ptymajors = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ";
-        const char *ptyminors = "0123456789abcdef";
-        int num_minors = strlen(ptyminors);
-        int num_ptys = strlen(ptymajors) * num_minors;
-        struct termios tio;
-
-        for (i = 0; i < num_ptys; i++) {
-                snprintf(buf, sizeof buf, "/dev/pty%c%c", ptymajors[i / num_minors],
-                         ptyminors[i % num_minors]);
-                snprintf(namebuf, namebuflen, "/dev/tty%c%c",
-                    ptymajors[i / num_minors], ptyminors[i % num_minors]);
-
-                *ptyfd = open(buf, O_RDWR | O_NOCTTY);
-                if (*ptyfd < 0) {
-                        /* Try SCO style naming */
-                        snprintf(buf, sizeof buf, "/dev/ptyp%d", i);
-                        snprintf(namebuf, namebuflen, "/dev/ttyp%d", i);
-                        *ptyfd = open(buf, O_RDWR | O_NOCTTY);
-                        if (*ptyfd < 0)
-                                continue;
-                }
-
-                /* Open the slave side. */
-                *ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
-                if (*ttyfd < 0) {
-                        error("%.100s: %.100s", namebuf, strerror(errno));
-                        close(*ptyfd);
-                        return 0;
-                }
-                /* set tty modes to a sane state for broken clients */
-                if (tcgetattr(*ptyfd, &tio) < 0)
-                        logit("Getting tty modes for pty failed: %.100s", strerror(errno));
-                else {
-                        tio.c_lflag |= (ECHO | ISIG | ICANON);
-                        tio.c_oflag |= (OPOST | ONLCR);
-                        tio.c_iflag |= ICRNL;
-
-                        /* Set the new modes for the terminal. */
-                        if (tcsetattr(*ptyfd, TCSANOW, &tio) < 0)
-                                logit("Setting tty modes for pty failed: %.100s", strerror(errno));
-                }
-
-                return 1;
-        }
-        return 0;
-#endif /* CRAY */
-#endif /* HAVE_DEV_PTS_AND_PTC */
-#endif /* HAVE_DEV_PTMX */
-#endif /* HAVE__GETPTY */
-#endif /* HAVE_OPENPTY */
 }
 
 /* Releases the tty.  Its ownership is returned to root, and permissions to 0666. */
@@ -343,7 +153,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
         if (fd < 0)
                 error("open /dev/tty failed - could not set controlling tty: %.100s",
                     strerror(errno));
-        else 
+        else
                 close(fd);
 #endif /* _UNICOS */
 }
diff --git a/sshtty.c b/sshtty.c
index 2f47b06d1..4fb2d3dae 100644
--- a/sshtty.c
+++ b/sshtty.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshtty.c,v 1.4 2003/07/16 10:36:28 markus Exp $");
+RCSID("$OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp $");
 
 #include "sshtty.h"
 #include "log.h"
@@ -43,12 +43,6 @@ RCSID("$OpenBSD: sshtty.c,v 1.4 2003/07/16 10:36:28 markus Exp $");
 static struct termios _saved_tio;
 static int _in_raw_mode = 0;
 
-int
-in_raw_mode(void)
-{
-        return _in_raw_mode;
-}
-
 struct termios
 get_saved_tio(void)
 {
@@ -64,8 +58,6 @@ leave_raw_mode(void)
                 perror("tcsetattr");
         else
                 _in_raw_mode = 0;
-
-        fatal_remove_cleanup((void (*) (void *)) leave_raw_mode, NULL);
 }
 
 void
@@ -94,6 +86,4 @@ enter_raw_mode(void)
                 perror("tcsetattr");
         else
                 _in_raw_mode = 1;
-
-        fatal_add_cleanup((void (*) (void *)) leave_raw_mode, NULL);
 }
diff --git a/sshtty.h b/sshtty.h
index 7ba4a2627..723b27846 100644
--- a/sshtty.h
+++ b/sshtty.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshtty.h,v 1.2 2001/06/26 17:27:25 markus Exp $ */
+/* $OpenBSD: sshtty.h,v 1.3 2003/09/19 17:43:35 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -40,7 +40,6 @@
 
 #include <termios.h>
 
-int      in_raw_mode(void);
 struct termios get_saved_tio(void);
 void     leave_raw_mode(void);
 void     enter_raw_mode(void);
diff --git a/stamp-h.in b/stamp-h.in
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/stamp-h.in
diff --git a/uidswap.c b/uidswap.c
index 3f13f9bf4..44c4cb626 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -16,6 +16,7 @@ RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $");
 
 #include "log.h"
 #include "uidswap.h"
+#include "xmalloc.h"
 
 /*
  * Note: all these functions must work in all of the following cases:
@@ -38,7 +39,7 @@ static gid_t	saved_egid = 0;
 /* Saved effective uid. */
 static int      privileged = 0;
 static int      temporarily_use_uid_effective = 0;
-static gid_t    saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
+static gid_t    *saved_egroups = NULL, *user_groups = NULL;
 static int      saved_egroupslen = -1, user_groupslen = -1;
 
 /*
@@ -68,18 +69,38 @@ temporarily_use_uid(struct passwd *pw)
 
         privileged = 1;
         temporarily_use_uid_effective = 1;
-        saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
+
+        saved_egroupslen = getgroups(0, NULL);
         if (saved_egroupslen < 0)
                 fatal("getgroups: %.100s", strerror(errno));
+        if (saved_egroupslen > 0) {
+                saved_egroups = xrealloc(saved_egroups,
+                    saved_egroupslen * sizeof(gid_t));
+                if (getgroups(saved_egroupslen, saved_egroups) < 0)
+                        fatal("getgroups: %.100s", strerror(errno));
+        } else { /* saved_egroupslen == 0 */
+                if (saved_egroups != NULL)
+                        xfree(saved_egroups);
+        }
 
         /* set and save the user's groups */
         if (user_groupslen == -1) {
                 if (initgroups(pw->pw_name, pw->pw_gid) < 0)
                         fatal("initgroups: %s: %.100s", pw->pw_name,
                             strerror(errno));
-                user_groupslen = getgroups(NGROUPS_MAX, user_groups);
+
+                user_groupslen = getgroups(0, NULL);
                 if (user_groupslen < 0)
                         fatal("getgroups: %.100s", strerror(errno));
+                if (user_groupslen > 0) {
+                        user_groups = xrealloc(user_groups,
+                            user_groupslen * sizeof(gid_t));
+                        if (getgroups(user_groupslen, user_groups) < 0)
+                                fatal("getgroups: %.100s", strerror(errno));
+                } else { /* user_groupslen == 0 */
+                        if (user_groups)
+                                xfree(user_groups);
+                }
         }
         /* Set the effective uid to the given (unprivileged) uid. */
         if (setgroups(user_groupslen, user_groups) < 0)
@@ -151,7 +172,7 @@ permanently_set_uid(struct passwd *pw)
         debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
             (u_int)pw->pw_gid);
 
-#if defined(HAVE_SETRESGID)
+#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
         if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
                 fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 #elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
@@ -164,7 +185,7 @@ permanently_set_uid(struct passwd *pw)
                 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 #endif
 
-#if defined(HAVE_SETRESUID)
+#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
         if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
                 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 #elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
@@ -180,26 +201,28 @@ permanently_set_uid(struct passwd *pw)
 #endif
 
         /* Try restoration of GID if changed (test clearing of saved gid) */
-        if (old_gid != pw->pw_gid && 
+        if (old_gid != pw->pw_gid &&
             (setgid(old_gid) != -1 || setegid(old_gid) != -1))
                 fatal("%s: was able to restore old [e]gid", __func__);
 
         /* Verify GID drop was successful */
         if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) {
-                fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", 
-                    __func__, (u_int)getgid(), (u_int)getegid(), 
+                fatal("%s: egid incorrect gid:%u egid:%u (should be %u)",
+                    __func__, (u_int)getgid(), (u_int)getegid(),
                     (u_int)pw->pw_gid);
         }
 
+#ifndef HAVE_CYGWIN
         /* Try restoration of UID if changed (test clearing of saved uid) */
-        if (old_uid != pw->pw_uid && 
+        if (old_uid != pw->pw_uid &&
             (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
                 fatal("%s: was able to restore old [e]uid", __func__);
+#endif
 
         /* Verify UID drop was successful */
         if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
-                fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", 
-                    __func__, (u_int)getuid(), (u_int)geteuid(), 
+                fatal("%s: euid incorrect uid:%u euid:%u (should be %u)",
+                    __func__, (u_int)getuid(), (u_int)geteuid(),
                     (u_int)pw->pw_uid);
         }
 }
diff --git a/uuencode.c b/uuencode.c
index 21eaf4d3f..0a7c8d16a 100644
--- a/uuencode.c
+++ b/uuencode.c
@@ -23,13 +23,13 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $");
+RCSID("$OpenBSD: uuencode.c,v 1.17 2003/11/10 16:23:41 jakob Exp $");
 
 #include "xmalloc.h"
 #include "uuencode.h"
 
 int
-uuencode(u_char *src, u_int srclength,
+uuencode(const u_char *src, u_int srclength,
     char *target, size_t targsize)
 {
         return __b64_ntop(src, srclength, target, targsize);
diff --git a/uuencode.h b/uuencode.h
index 682b623ac..08e87c4bc 100644
--- a/uuencode.h
+++ b/uuencode.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: uuencode.h,v 1.9 2002/02/25 16:33:27 markus Exp $     */
+/*      $OpenBSD: uuencode.h,v 1.10 2003/11/10 16:23:41 jakob Exp $     */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
 
 #ifndef UUENCODE_H
 #define UUENCODE_H
-int      uuencode(u_char *, u_int, char *, size_t);
+int      uuencode(const u_char *, u_int, char *, size_t);
 int      uudecode(const char *, u_char *, size_t);
 void     dump_base64(FILE *, u_char *, u_int);
 #endif
diff --git a/version.h b/version.h
index 93e6a0b7c..082a69b57 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
-/* $OpenBSD: version.h,v 1.39 2003/09/16 21:02:40 markus Exp $ */
+/* $OpenBSD: version.h,v 1.40 2004/02/23 15:16:46 markus Exp $ */
 
 #ifndef SSH_VERSION
-#define SSH_VERSION     "OpenSSH_3.7.1p2"
+#define SSH_VERSION     "OpenSSH_3.8p1"
 #endif /* SSH_VERSION */