diff options
65 files changed, 722 insertions, 341 deletions
@@ -1,3 +1,178 @@ | |||
1 | 20050524 | ||
2 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
3 | [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 | ||
4 | - (dtucker) [auth-pam.c] Since people don't seem to be getting the message | ||
5 | that USE_POSIX_THREADS is unsupported, not recommended and generally a bad | ||
6 | idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use | ||
7 | USE_POSIX_THREADS will now generate an error so we don't silently change | ||
8 | behaviour. ok djm@ | ||
9 | - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory | ||
10 | allocation when retrieving core Windows environment. Add CYGWIN variable | ||
11 | to propagated variables. Patch from vinschen at redhat.com, ok djm@ | ||
12 | - (djm) Release 4.1p1 | ||
13 | |||
14 | 20050524 | ||
15 | - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure | ||
16 | terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz; | ||
17 | "looks ok" dtucker@ | ||
18 | |||
19 | 20050512 | ||
20 | - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script | ||
21 | hard link section. Bug 1038. | ||
22 | |||
23 | 20050509 | ||
24 | - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a | ||
25 | user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com. | ||
26 | |||
27 | 20050504 | ||
28 | - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used | ||
29 | unix domain socket, so catch that too; from jakob@ ok dtucker@ | ||
30 | |||
31 | 20050503 | ||
32 | - (dtucker) [canohost.c] normalise socket addresses returned by | ||
33 | get_remote_hostname(). This means that IPv4 addresses in log messages | ||
34 | on IPv6 enabled machines will no longer be prefixed by "::ffff:" and | ||
35 | AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style | ||
36 | addresses only for 4-in-6 mapped connections, regardless of whether | ||
37 | or not the machine is IPv6 enabled. ok djm@ | ||
38 | |||
39 | 20050425 | ||
40 | - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the | ||
41 | existence of a process since it's more portable. Found by jbasney at | ||
42 | ncsa.uiuc.edu; ok tim@ | ||
43 | - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh | ||
44 | will clean up anyway. From tim@ | ||
45 | - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running | ||
46 | "make tests" works even if you're building on a filesystem that doesn't | ||
47 | support sockets. From deengert at anl.gov, ok djm@ | ||
48 | |||
49 | 20050424 | ||
50 | - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or | ||
51 | 1.2.1.2 or higher. With tim@, ok djm@ | ||
52 | |||
53 | 20050423 | ||
54 | - (tim) [config.guess] Add support for OpenServer 6. | ||
55 | |||
56 | 20050421 | ||
57 | - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if | ||
58 | UseLogin is set as PAM is not used to establish credentials in that | ||
59 | case. Found by Michael Selvesteen, ok djm@ | ||
60 | |||
61 | 20050419 | ||
62 | - (dtucker) [INSTALL] Reference README.privsep for the privilege separation | ||
63 | requirements. Pointed out by Bengt Svensson. | ||
64 | - (dtucker) [INSTALL] Put the s/key text and URL back together. | ||
65 | - (dtucker) [INSTALL] Fix s/key text too. | ||
66 | |||
67 | 20050411 | ||
68 | - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME | ||
69 | |||
70 | 20050405 | ||
71 | - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@ | ||
72 | - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on | ||
73 | Tru64. Patch from cmadams at hiwaay.net. | ||
74 | - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of | ||
75 | sys_auth_passwd, pointed out by cmadams at hiwaay.net. | ||
76 | |||
77 | 20050403 | ||
78 | - (djm) OpenBSD CVS Sync | ||
79 | - deraadt@cvs.openbsd.org 2005/03/31 18:39:21 | ||
80 | [scp.c] | ||
81 | copy argv[] element instead of smashing the one that ps will see; ok otto | ||
82 | - djm@cvs.openbsd.org 2005/04/02 12:41:16 | ||
83 | [scp.c] | ||
84 | since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror | ||
85 | build | ||
86 | - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read | ||
87 | will free as needed. ok tim@ djm@ | ||
88 | |||
89 | 20050331 | ||
90 | - (dtucker) OpenBSD CVS Sync | ||
91 | - jmc@cvs.openbsd.org 2005/03/16 11:10:38 | ||
92 | [ssh_config.5] | ||
93 | get the syntax right for {Local,Remote}Forward; | ||
94 | based on a diff from markus; | ||
95 | problem report from ponraj; | ||
96 | ok dtucker@ markus@ deraadt@ | ||
97 | - markus@cvs.openbsd.org 2005/03/16 21:17:39 | ||
98 | [version.h] | ||
99 | 4.1 | ||
100 | - jmc@cvs.openbsd.org 2005/03/18 17:05:00 | ||
101 | [sshd_config.5] | ||
102 | typo; | ||
103 | - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in | ||
104 | handling of password expiry messages returned by AIX's authentication | ||
105 | routines, originally reported by robvdwal at sara.nl. | ||
106 | - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug | ||
107 | message on some platforms. Patch from pete at seebeyond.com via djm. | ||
108 | - (dtucker) [monitor.c] Remaining part of fix for bug #1006. | ||
109 | |||
110 | 20050329 | ||
111 | - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're | ||
112 | interested in which is much faster in large (eg LDAP or NIS) environments. | ||
113 | Patch from dleonard at vintela.com. | ||
114 | |||
115 | 20050321 | ||
116 | - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes | ||
117 | and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net, | ||
118 | with & ok tim@ | ||
119 | - (dtucker) [configure.ac] Make configure error out if the user specifies | ||
120 | --with-libedit but the required libs can't be found, rather than silently | ||
121 | ignoring and continuing. ok tim@ | ||
122 | - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions | ||
123 | of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se. | ||
124 | |||
125 | 20050317 | ||
126 | - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional. | ||
127 | Make --without-opensc work. | ||
128 | - (tim) [configure.ac] portability changes on test statements. Some shells | ||
129 | have problems with -a operator. | ||
130 | - (tim) [configure.ac] make some configure options a little more error proof. | ||
131 | - (tim) [configure.ac] remove trailing white space. | ||
132 | |||
133 | 20050314 | ||
134 | - (dtucker) OpenBSD CVS Sync | ||
135 | - dtucker@cvs.openbsd.org 2005/03/10 10:15:02 | ||
136 | [readconf.c] | ||
137 | Check listen addresses for null, prevents xfree from dying during | ||
138 | ClearAllForwardings (bz #996). From Craig Leres, ok markus@ | ||
139 | - deraadt@cvs.openbsd.org 2005/03/10 22:01:05 | ||
140 | [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c | ||
141 | monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c | ||
142 | readconf.c bufaux.c sftp.c] | ||
143 | spacing | ||
144 | - deraadt@cvs.openbsd.org 2005/03/10 22:40:38 | ||
145 | [auth-options.c] | ||
146 | spacing | ||
147 | - markus@cvs.openbsd.org 2005/03/11 14:59:06 | ||
148 | [ssh-keygen.c] | ||
149 | typo, missing \n; mpech | ||
150 | - jmc@cvs.openbsd.org 2005/03/12 11:55:03 | ||
151 | [ssh_config.5] | ||
152 | escape `.' at eol to avoid double spacing issues; | ||
153 | - dtucker@cvs.openbsd.org 2005/03/14 10:09:03 | ||
154 | [ssh-keygen.1] | ||
155 | Correct description of -H (bz #997); ok markus@, punctuation jmc@ | ||
156 | - dtucker@cvs.openbsd.org 2005/03/14 11:44:42 | ||
157 | [auth.c] | ||
158 | Populate host for log message for logins denied by AllowUsers and | ||
159 | DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com) | ||
160 | - markus@cvs.openbsd.org 2005/03/14 11:46:56 | ||
161 | [buffer.c buffer.h channels.c] | ||
162 | limit input buffer size for channels; bugzilla #896; with and ok dtucker@ | ||
163 | - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed | ||
164 | with a rpm -F | ||
165 | |||
166 | 20050313 | ||
167 | - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the | ||
168 | localized name of the local administrators group more reliable. From | ||
169 | vinschen at redhat.com. | ||
170 | |||
171 | 20050312 | ||
172 | - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug | ||
173 | output ends up in the client's output, causing regress failures. Found | ||
174 | by Corinna Vinschen. | ||
175 | |||
1 | 20050309 | 176 | 20050309 |
2 | - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 | 177 | - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 |
3 | so that regress tests behave. From Chris Adams. | 178 | so that regress tests behave. From Chris Adams. |
@@ -2321,4 +2496,4 @@ | |||
2321 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2496 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2322 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2497 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2323 | 2498 | ||
2324 | $Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ | 2499 | $Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $ |
@@ -3,7 +3,7 @@ | |||
3 | 3 | ||
4 | You will need working installations of Zlib and OpenSSL. | 4 | You will need working installations of Zlib and OpenSSL. |
5 | 5 | ||
6 | Zlib 1.1.4 or greater: | 6 | Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): |
7 | http://www.gzip.org/zlib/ | 7 | http://www.gzip.org/zlib/ |
8 | 8 | ||
9 | OpenSSL 0.9.6 or greater: | 9 | OpenSSL 0.9.6 or greater: |
@@ -50,20 +50,20 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection. | |||
50 | http://www.lothar.com/tech/crypto/ | 50 | http://www.lothar.com/tech/crypto/ |
51 | 51 | ||
52 | S/Key Libraries: | 52 | S/Key Libraries: |
53 | |||
54 | If you wish to use --with-skey then you will need the library below | ||
55 | installed. No other S/Key library is currently known to be supported. | ||
56 | |||
53 | http://www.sparc.spb.su/solaris/skey/ | 57 | http://www.sparc.spb.su/solaris/skey/ |
54 | 58 | ||
55 | LibEdit: | 59 | LibEdit: |
56 | |||
57 | sftp now supports command-line editing via NetBSD's libedit. If your | 60 | sftp now supports command-line editing via NetBSD's libedit. If your |
58 | platform has it available natively you can use that, alternatively | 61 | platform has it available natively you can use that, alternatively |
59 | you might try these multi-platform ports: | 62 | you might try these multi-platform ports: |
63 | |||
60 | http://www.thrysoee.dk/editline/ | 64 | http://www.thrysoee.dk/editline/ |
61 | http://sourceforge.net/projects/libedit/ | 65 | http://sourceforge.net/projects/libedit/ |
62 | 66 | ||
63 | If you wish to use --with-skey then you will need the above library | ||
64 | installed. No other current S/Key library is currently known to be | ||
65 | supported. | ||
66 | |||
67 | 2. Building / Installation | 67 | 2. Building / Installation |
68 | -------------------------- | 68 | -------------------------- |
69 | 69 | ||
@@ -91,6 +91,10 @@ make install | |||
91 | This will install the binaries in /opt/{bin,lib,sbin}, but will place the | 91 | This will install the binaries in /opt/{bin,lib,sbin}, but will place the |
92 | configuration files in /etc/ssh. | 92 | configuration files in /etc/ssh. |
93 | 93 | ||
94 | If you are using Privilege Separation (which is enabled by default) | ||
95 | then you will also need to create the user, group and directory used by | ||
96 | sshd for privilege separation. See README.privsep for details. | ||
97 | |||
94 | If you are using PAM, you may need to manually install a PAM control | 98 | If you are using PAM, you may need to manually install a PAM control |
95 | file as "/etc/pam.d/sshd" (or wherever your system prefers to keep | 99 | file as "/etc/pam.d/sshd" (or wherever your system prefers to keep |
96 | them). Note that the service name used to start PAM is __progname, | 100 | them). Note that the service name used to start PAM is __progname, |
@@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at | |||
221 | http://www.openssh.com/ | 225 | http://www.openssh.com/ |
222 | 226 | ||
223 | 227 | ||
224 | $Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ | 228 | $Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $ |
@@ -61,4 +61,4 @@ References - | |||
61 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 | 61 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
62 | [7] http://www.openssh.com/faq.html | 62 | [7] http://www.openssh.com/faq.html |
63 | 63 | ||
64 | $Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $ | 64 | $Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $ |
diff --git a/auth-options.c b/auth-options.c index 04d12d66e..a85e40835 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "match.h" | 16 | #include "match.h" |
@@ -247,7 +247,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
247 | host = hpdelim(&p); | 247 | host = hpdelim(&p); |
248 | if (host == NULL || strlen(host) >= NI_MAXHOST) { | 248 | if (host == NULL || strlen(host) >= NI_MAXHOST) { |
249 | debug("%.100s, line %lu: Bad permitopen " | 249 | debug("%.100s, line %lu: Bad permitopen " |
250 | "specification <%.100s>", file, linenum, | 250 | "specification <%.100s>", file, linenum, |
251 | patterns); | 251 | patterns); |
252 | auth_debug_add("%.100s, line %lu: " | 252 | auth_debug_add("%.100s, line %lu: " |
253 | "Bad permitopen specification", file, | 253 | "Bad permitopen specification", file, |
@@ -255,8 +255,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
255 | xfree(patterns); | 255 | xfree(patterns); |
256 | goto bad_option; | 256 | goto bad_option; |
257 | } | 257 | } |
258 | host = cleanhostname(host); | 258 | host = cleanhostname(host); |
259 | if (p == NULL || (port = a2port(p)) == 0) { | 259 | if (p == NULL || (port = a2port(p)) == 0) { |
260 | debug("%.100s, line %lu: Bad permitopen port " | 260 | debug("%.100s, line %lu: Bad permitopen port " |
261 | "<%.100s>", file, linenum, p ? p : ""); | 261 | "<%.100s>", file, linenum, p ? p : ""); |
262 | auth_debug_add("%.100s, line %lu: " | 262 | auth_debug_add("%.100s, line %lu: " |
diff --git a/auth-pam.c b/auth-pam.c index 6ce8c429b..a8d372aac 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -47,7 +47,7 @@ | |||
47 | 47 | ||
48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
49 | #include "includes.h" | 49 | #include "includes.h" |
50 | RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $"); |
51 | 51 | ||
52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
@@ -76,7 +76,17 @@ extern Buffer loginmsg; | |||
76 | extern int compat20; | 76 | extern int compat20; |
77 | extern u_int utmp_len; | 77 | extern u_int utmp_len; |
78 | 78 | ||
79 | /* so we don't silently change behaviour */ | ||
79 | #ifdef USE_POSIX_THREADS | 80 | #ifdef USE_POSIX_THREADS |
81 | # error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK" | ||
82 | #endif | ||
83 | |||
84 | /* | ||
85 | * Formerly known as USE_POSIX_THREADS, using this is completely unsupported | ||
86 | * and generally a bad idea. Use at own risk and do not expect support if | ||
87 | * this breaks. | ||
88 | */ | ||
89 | #ifdef UNSUPPORTED_POSIX_THREADS_HACK | ||
80 | #include <pthread.h> | 90 | #include <pthread.h> |
81 | /* | 91 | /* |
82 | * Avoid namespace clash when *not* using pthreads for systems *with* | 92 | * Avoid namespace clash when *not* using pthreads for systems *with* |
@@ -98,7 +108,7 @@ struct pam_ctxt { | |||
98 | static void sshpam_free_ctx(void *); | 108 | static void sshpam_free_ctx(void *); |
99 | static struct pam_ctxt *cleanup_ctxt; | 109 | static struct pam_ctxt *cleanup_ctxt; |
100 | 110 | ||
101 | #ifndef USE_POSIX_THREADS | 111 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
102 | /* | 112 | /* |
103 | * Simulate threads with processes. | 113 | * Simulate threads with processes. |
104 | */ | 114 | */ |
@@ -255,7 +265,7 @@ import_environments(Buffer *b) | |||
255 | 265 | ||
256 | debug3("PAM: %s entering", __func__); | 266 | debug3("PAM: %s entering", __func__); |
257 | 267 | ||
258 | #ifndef USE_POSIX_THREADS | 268 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
259 | /* Import variables set by do_pam_account */ | 269 | /* Import variables set by do_pam_account */ |
260 | sshpam_account_status = buffer_get_int(b); | 270 | sshpam_account_status = buffer_get_int(b); |
261 | sshpam_password_change_required(buffer_get_int(b)); | 271 | sshpam_password_change_required(buffer_get_int(b)); |
@@ -384,7 +394,7 @@ sshpam_thread(void *ctxtp) | |||
384 | struct pam_conv sshpam_conv; | 394 | struct pam_conv sshpam_conv; |
385 | int flags = (options.permit_empty_passwd == 0 ? | 395 | int flags = (options.permit_empty_passwd == 0 ? |
386 | PAM_DISALLOW_NULL_AUTHTOK : 0); | 396 | PAM_DISALLOW_NULL_AUTHTOK : 0); |
387 | #ifndef USE_POSIX_THREADS | 397 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
388 | extern char **environ; | 398 | extern char **environ; |
389 | char **env_from_pam; | 399 | char **env_from_pam; |
390 | u_int i; | 400 | u_int i; |
@@ -428,7 +438,7 @@ sshpam_thread(void *ctxtp) | |||
428 | 438 | ||
429 | buffer_put_cstring(&buffer, "OK"); | 439 | buffer_put_cstring(&buffer, "OK"); |
430 | 440 | ||
431 | #ifndef USE_POSIX_THREADS | 441 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
432 | /* Export variables set by do_pam_account */ | 442 | /* Export variables set by do_pam_account */ |
433 | buffer_put_int(&buffer, sshpam_account_status); | 443 | buffer_put_int(&buffer, sshpam_account_status); |
434 | buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); | 444 | buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); |
@@ -447,7 +457,7 @@ sshpam_thread(void *ctxtp) | |||
447 | buffer_put_int(&buffer, i); | 457 | buffer_put_int(&buffer, i); |
448 | for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) | 458 | for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) |
449 | buffer_put_cstring(&buffer, env_from_pam[i]); | 459 | buffer_put_cstring(&buffer, env_from_pam[i]); |
450 | #endif /* USE_POSIX_THREADS */ | 460 | #endif /* UNSUPPORTED_POSIX_THREADS_HACK */ |
451 | 461 | ||
452 | /* XXX - can't do much about an error here */ | 462 | /* XXX - can't do much about an error here */ |
453 | ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); | 463 | ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); |
diff --git a/auth-passwd.c b/auth-passwd.c index 27ece3f72..654e0b821 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -47,7 +47,6 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $"); | |||
47 | 47 | ||
48 | extern Buffer loginmsg; | 48 | extern Buffer loginmsg; |
49 | extern ServerOptions options; | 49 | extern ServerOptions options; |
50 | int sys_auth_passwd(Authctxt *, const char *); | ||
51 | 50 | ||
52 | #ifdef HAVE_LOGIN_CAP | 51 | #ifdef HAVE_LOGIN_CAP |
53 | extern login_cap_t *lc; | 52 | extern login_cap_t *lc; |
diff --git a/auth-sia.c b/auth-sia.c index 63f55d07f..af7182b48 100644 --- a/auth-sia.c +++ b/auth-sia.c | |||
@@ -47,7 +47,7 @@ extern int saved_argc; | |||
47 | extern char **saved_argv; | 47 | extern char **saved_argv; |
48 | 48 | ||
49 | int | 49 | int |
50 | sys_auth_passwd(Authctxt *authctxt, char *pass) | 50 | sys_auth_passwd(Authctxt *authctxt, const char *pass) |
51 | { | 51 | { |
52 | int ret; | 52 | int ret; |
53 | SIAENTITY *ent = NULL; | 53 | SIAENTITY *ent = NULL; |
diff --git a/auth-sia.h b/auth-sia.h index ca55e913e..27cbb93f1 100644 --- a/auth-sia.h +++ b/auth-sia.h | |||
@@ -26,7 +26,6 @@ | |||
26 | 26 | ||
27 | #ifdef HAVE_OSF_SIA | 27 | #ifdef HAVE_OSF_SIA |
28 | 28 | ||
29 | int sys_auth_passwd(Authctxt *, char *); | ||
30 | void session_setup_sia(struct passwd *, char *); | 29 | void session_setup_sia(struct passwd *, char *); |
31 | 30 | ||
32 | #endif /* HAVE_OSF_SIA */ | 31 | #endif /* HAVE_OSF_SIA */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -145,7 +145,8 @@ allowed_user(struct passwd * pw) | |||
145 | return 0; | 145 | return 0; |
146 | } | 146 | } |
147 | 147 | ||
148 | if (options.num_deny_users > 0 || options.num_allow_users > 0) { | 148 | if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
149 | options.num_deny_groups > 0 || options.num_allow_groups > 0) { | ||
149 | hostname = get_canonical_hostname(options.use_dns); | 150 | hostname = get_canonical_hostname(options.use_dns); |
150 | ipaddr = get_remote_ipaddr(); | 151 | ipaddr = get_remote_ipaddr(); |
151 | } | 152 | } |
@@ -30,6 +30,7 @@ | |||
30 | 30 | ||
31 | #include "key.h" | 31 | #include "key.h" |
32 | #include "hostfile.h" | 32 | #include "hostfile.h" |
33 | #include "buffer.h" | ||
33 | #include <openssl/rsa.h> | 34 | #include <openssl/rsa.h> |
34 | 35 | ||
35 | #ifdef HAVE_LOGIN_CAP | 36 | #ifdef HAVE_LOGIN_CAP |
@@ -68,6 +69,7 @@ struct Authctxt { | |||
68 | char *krb5_ticket_file; | 69 | char *krb5_ticket_file; |
69 | char *krb5_ccname; | 70 | char *krb5_ccname; |
70 | #endif | 71 | #endif |
72 | Buffer *loginmsg; | ||
71 | void *methoddata; | 73 | void *methoddata; |
72 | }; | 74 | }; |
73 | /* | 75 | /* |
@@ -185,6 +187,8 @@ void auth_debug_reset(void); | |||
185 | 187 | ||
186 | struct passwd *fakepw(void); | 188 | struct passwd *fakepw(void); |
187 | 189 | ||
190 | int sys_auth_passwd(Authctxt *, const char *); | ||
191 | |||
188 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" | 192 | #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" |
189 | 193 | ||
190 | #define SKEY_PROMPT "\nS/Key Password: " | 194 | #define SKEY_PROMPT "\nS/Key Password: " |
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $"); | 40 | RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $"); |
41 | 41 | ||
42 | #include <openssl/bn.h> | 42 | #include <openssl/bn.h> |
43 | #include "bufaux.h" | 43 | #include "bufaux.h" |
@@ -179,7 +179,7 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |||
179 | { | 179 | { |
180 | u_int len; | 180 | u_int len; |
181 | u_char *bin; | 181 | u_char *bin; |
182 | 182 | ||
183 | if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { | 183 | if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { |
184 | error("buffer_get_bignum2_ret: invalid bignum"); | 184 | error("buffer_get_bignum2_ret: invalid bignum"); |
185 | return (-1); | 185 | return (-1); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */ | 1 | /* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -40,7 +40,7 @@ void buffer_put_string(Buffer *, const void *, u_int); | |||
40 | void buffer_put_cstring(Buffer *, const char *); | 40 | void buffer_put_cstring(Buffer *, const char *); |
41 | 41 | ||
42 | #define buffer_skip_string(b) \ | 42 | #define buffer_skip_string(b) \ |
43 | do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0) | 43 | do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0) |
44 | 44 | ||
45 | int buffer_put_bignum_ret(Buffer *, const BIGNUM *); | 45 | int buffer_put_bignum_ret(Buffer *, const BIGNUM *); |
46 | int buffer_get_bignum_ret(Buffer *, BIGNUM *); | 46 | int buffer_get_bignum_ret(Buffer *, BIGNUM *); |
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $"); | 15 | RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $"); |
16 | 16 | ||
17 | #include "xmalloc.h" | 17 | #include "xmalloc.h" |
18 | #include "buffer.h" | 18 | #include "buffer.h" |
@@ -78,7 +78,7 @@ buffer_append_space(Buffer *buffer, u_int len) | |||
78 | u_int newlen; | 78 | u_int newlen; |
79 | void *p; | 79 | void *p; |
80 | 80 | ||
81 | if (len > 0x100000) | 81 | if (len > BUFFER_MAX_CHUNK) |
82 | fatal("buffer_append_space: len %u not supported", len); | 82 | fatal("buffer_append_space: len %u not supported", len); |
83 | 83 | ||
84 | /* If the buffer is empty, start using it from the beginning. */ | 84 | /* If the buffer is empty, start using it from the beginning. */ |
@@ -97,7 +97,7 @@ restart: | |||
97 | * If the buffer is quite empty, but all data is at the end, move the | 97 | * If the buffer is quite empty, but all data is at the end, move the |
98 | * data to the beginning and retry. | 98 | * data to the beginning and retry. |
99 | */ | 99 | */ |
100 | if (buffer->offset > buffer->alloc / 2) { | 100 | if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) { |
101 | memmove(buffer->buf, buffer->buf + buffer->offset, | 101 | memmove(buffer->buf, buffer->buf + buffer->offset, |
102 | buffer->end - buffer->offset); | 102 | buffer->end - buffer->offset); |
103 | buffer->end -= buffer->offset; | 103 | buffer->end -= buffer->offset; |
@@ -107,7 +107,7 @@ restart: | |||
107 | /* Increase the size of the buffer and retry. */ | 107 | /* Increase the size of the buffer and retry. */ |
108 | 108 | ||
109 | newlen = buffer->alloc + len + 32768; | 109 | newlen = buffer->alloc + len + 32768; |
110 | if (newlen > 0xa00000) | 110 | if (newlen > BUFFER_MAX_LEN) |
111 | fatal("buffer_append_space: alloc %u not supported", | 111 | fatal("buffer_append_space: alloc %u not supported", |
112 | newlen); | 112 | newlen); |
113 | buffer->buf = xrealloc(buffer->buf, newlen); | 113 | buffer->buf = xrealloc(buffer->buf, newlen); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */ | 1 | /* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -23,6 +23,9 @@ typedef struct { | |||
23 | u_int end; /* Offset of last byte containing data. */ | 23 | u_int end; /* Offset of last byte containing data. */ |
24 | } Buffer; | 24 | } Buffer; |
25 | 25 | ||
26 | #define BUFFER_MAX_CHUNK 0x100000 | ||
27 | #define BUFFER_MAX_LEN 0xa00000 | ||
28 | |||
26 | void buffer_init(Buffer *); | 29 | void buffer_init(Buffer *); |
27 | void buffer_clear(Buffer *); | 30 | void buffer_clear(Buffer *); |
28 | void buffer_free(Buffer *); | 31 | void buffer_free(Buffer *); |
diff --git a/buildpkg.sh.in b/buildpkg.sh.in index f243e90bf..f90ae6e81 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in | |||
@@ -282,11 +282,11 @@ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SY | |||
282 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 282 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
283 | else | 283 | else |
284 | [ "$RCS_D" = yes ] && \ | 284 | [ "$RCS_D" = yes ] && \ |
285 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 285 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
286 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 286 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
287 | [ "$RC1_D" = no ] || \ | 287 | [ "$RC1_D" = no ] || \ |
288 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 288 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
289 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 289 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
290 | fi | 290 | fi |
291 | 291 | ||
292 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | 292 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) |
diff --git a/canohost.c b/canohost.c index 1c22d4770..94d666432 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -251,6 +251,8 @@ get_socket_address(int sock, int remote, int flags) | |||
251 | if (addr.ss_family == AF_INET6) | 251 | if (addr.ss_family == AF_INET6) |
252 | addrlen = sizeof(struct sockaddr_in6); | 252 | addrlen = sizeof(struct sockaddr_in6); |
253 | 253 | ||
254 | ipv64_normalise_mapped(&addr, &addrlen); | ||
255 | |||
254 | /* Get the address in ascii. */ | 256 | /* Get the address in ascii. */ |
255 | if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, | 257 | if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, |
256 | sizeof(ntop), NULL, 0, flags)) != 0) { | 258 | sizeof(ntop), NULL, 0, flags)) != 0) { |
diff --git a/channels.c b/channels.c index 2dea5dfd0..b8507ca13 100644 --- a/channels.c +++ b/channels.c | |||
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $"); | 42 | RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $"); |
43 | 43 | ||
44 | #include "ssh.h" | 44 | #include "ssh.h" |
45 | #include "ssh1.h" | 45 | #include "ssh1.h" |
@@ -58,6 +58,8 @@ RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $"); | |||
58 | 58 | ||
59 | /* -- channel core */ | 59 | /* -- channel core */ |
60 | 60 | ||
61 | #define CHAN_RBUF 16*1024 | ||
62 | |||
61 | /* | 63 | /* |
62 | * Pointer to an array containing all allocated channels. The array is | 64 | * Pointer to an array containing all allocated channels. The array is |
63 | * dynamically extended as needed. | 65 | * dynamically extended as needed. |
@@ -712,6 +714,9 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) | |||
712 | { | 714 | { |
713 | u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); | 715 | u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); |
714 | 716 | ||
717 | /* check buffer limits */ | ||
718 | limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF)); | ||
719 | |||
715 | if (c->istate == CHAN_INPUT_OPEN && | 720 | if (c->istate == CHAN_INPUT_OPEN && |
716 | limit > 0 && | 721 | limit > 0 && |
717 | buffer_len(&c->input) < limit) | 722 | buffer_len(&c->input) < limit) |
@@ -1018,7 +1023,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) | |||
1018 | debug2("channel %d: only socks5 connect supported", c->self); | 1023 | debug2("channel %d: only socks5 connect supported", c->self); |
1019 | return -1; | 1024 | return -1; |
1020 | } | 1025 | } |
1021 | switch(s5_req.atyp){ | 1026 | switch (s5_req.atyp){ |
1022 | case SSH_SOCKS5_IPV4: | 1027 | case SSH_SOCKS5_IPV4: |
1023 | addrlen = 4; | 1028 | addrlen = 4; |
1024 | af = AF_INET; | 1029 | af = AF_INET; |
@@ -1360,7 +1365,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset) | |||
1360 | static int | 1365 | static int |
1361 | channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) | 1366 | channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) |
1362 | { | 1367 | { |
1363 | char buf[16*1024]; | 1368 | char buf[CHAN_RBUF]; |
1364 | int len; | 1369 | int len; |
1365 | 1370 | ||
1366 | if (c->rfd != -1 && | 1371 | if (c->rfd != -1 && |
@@ -1454,7 +1459,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) | |||
1454 | static int | 1459 | static int |
1455 | channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) | 1460 | channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) |
1456 | { | 1461 | { |
1457 | char buf[16*1024]; | 1462 | char buf[CHAN_RBUF]; |
1458 | int len; | 1463 | int len; |
1459 | 1464 | ||
1460 | /** XXX handle drain efd, too */ | 1465 | /** XXX handle drain efd, too */ |
@@ -2199,11 +2204,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por | |||
2199 | 2204 | ||
2200 | /* | 2205 | /* |
2201 | * Determine whether or not a port forward listens to loopback, | 2206 | * Determine whether or not a port forward listens to loopback, |
2202 | * specified address or wildcard. On the client, a specified bind | 2207 | * specified address or wildcard. On the client, a specified bind |
2203 | * address will always override gateway_ports. On the server, a | 2208 | * address will always override gateway_ports. On the server, a |
2204 | * gateway_ports of 1 (``yes'') will override the client's | 2209 | * gateway_ports of 1 (``yes'') will override the client's |
2205 | * specification and force a wildcard bind, whereas a value of 2 | 2210 | * specification and force a wildcard bind, whereas a value of 2 |
2206 | * (``clientspecified'') will bind to whatever address the client | 2211 | * (``clientspecified'') will bind to whatever address the client |
2207 | * asked for. | 2212 | * asked for. |
2208 | * | 2213 | * |
2209 | * Special-case listen_addrs are: | 2214 | * Special-case listen_addrs are: |
@@ -2317,7 +2322,7 @@ channel_cancel_rport_listener(const char *host, u_short port) | |||
2317 | u_int i; | 2322 | u_int i; |
2318 | int found = 0; | 2323 | int found = 0; |
2319 | 2324 | ||
2320 | for(i = 0; i < channels_alloc; i++) { | 2325 | for (i = 0; i < channels_alloc; i++) { |
2321 | Channel *c = channels[i]; | 2326 | Channel *c = channels[i]; |
2322 | 2327 | ||
2323 | if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && | 2328 | if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && |
@@ -2629,7 +2634,7 @@ channel_send_window_changes(void) | |||
2629 | struct winsize ws; | 2634 | struct winsize ws; |
2630 | 2635 | ||
2631 | for (i = 0; i < channels_alloc; i++) { | 2636 | for (i = 0; i < channels_alloc; i++) { |
2632 | if (channels[i] == NULL || !channels[i]->client_tty || | 2637 | if (channels[i] == NULL || !channels[i]->client_tty || |
2633 | channels[i]->type != SSH_CHANNEL_OPEN) | 2638 | channels[i]->type != SSH_CHANNEL_OPEN) |
2634 | continue; | 2639 | continue; |
2635 | if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) | 2640 | if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) |
diff --git a/clientloop.c b/clientloop.c index 90bdcbc39..d36d816de 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -59,7 +59,7 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $"); |
63 | 63 | ||
64 | #include "ssh.h" | 64 | #include "ssh.h" |
65 | #include "ssh1.h" | 65 | #include "ssh1.h" |
@@ -632,7 +632,7 @@ client_process_control(fd_set * readset) | |||
632 | "to %s? ", host); | 632 | "to %s? ", host); |
633 | if (allowed) | 633 | if (allowed) |
634 | quit_pending = 1; | 634 | quit_pending = 1; |
635 | /* FALLTHROUGH */ | 635 | /* FALLTHROUGH */ |
636 | case SSHMUX_COMMAND_ALIVE_CHECK: | 636 | case SSHMUX_COMMAND_ALIVE_CHECK: |
637 | /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ | 637 | /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ |
638 | buffer_clear(&m); | 638 | buffer_clear(&m); |
diff --git a/config.guess b/config.guess index e8c6fc0c3..bb9d7aee4 100755 --- a/config.guess +++ b/config.guess | |||
@@ -1014,7 +1014,8 @@ EOF | |||
1014 | echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} | 1014 | echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} |
1015 | fi | 1015 | fi |
1016 | exit 0 ;; | 1016 | exit 0 ;; |
1017 | i*86:*:5:[78]*) | 1017 | i*86:*:5:[678]*) |
1018 | # Unixware 7.x, OpenUNIX 8, & OpenServer 6 | ||
1018 | case `/bin/uname -X | grep "^Machine"` in | 1019 | case `/bin/uname -X | grep "^Machine"` in |
1019 | *486*) UNAME_MACHINE=i486 ;; | 1020 | *486*) UNAME_MACHINE=i486 ;; |
1020 | *Pentium) UNAME_MACHINE=i586 ;; | 1021 | *Pentium) UNAME_MACHINE=i586 ;; |
diff --git a/config.h.in b/config.h.in index 70f997323..400561d6a 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -525,6 +525,10 @@ | |||
525 | don't. */ | 525 | don't. */ |
526 | #undef HAVE_DECL_PASSWDEXPIRED | 526 | #undef HAVE_DECL_PASSWDEXPIRED |
527 | 527 | ||
528 | /* Define to 1 if you have the declaration of `setauthdb', and to 0 if you | ||
529 | don't. */ | ||
530 | #undef HAVE_DECL_SETAUTHDB | ||
531 | |||
528 | /* Define to 1 if you have the <dirent.h> header file. */ | 532 | /* Define to 1 if you have the <dirent.h> header file. */ |
529 | #undef HAVE_DIRENT_H | 533 | #undef HAVE_DIRENT_H |
530 | 534 | ||
@@ -903,6 +907,9 @@ | |||
903 | /* Define to 1 if you have the `socketpair' function. */ | 907 | /* Define to 1 if you have the `socketpair' function. */ |
904 | #undef HAVE_SOCKETPAIR | 908 | #undef HAVE_SOCKETPAIR |
905 | 909 | ||
910 | /* Have PEERCRED socket option */ | ||
911 | #undef HAVE_SO_PEERCRED | ||
912 | |||
906 | /* Define to 1 if you have the <stddef.h> header file. */ | 913 | /* Define to 1 if you have the <stddef.h> header file. */ |
907 | #undef HAVE_STDDEF_H | 914 | #undef HAVE_STDDEF_H |
908 | 915 | ||
@@ -881,7 +881,7 @@ Optional Packages: | |||
881 | --with-entropy-timeout Specify entropy gathering command timeout (msec) | 881 | --with-entropy-timeout Specify entropy gathering command timeout (msec) |
882 | --with-privsep-user=user Specify non-privileged user for privilege separation | 882 | --with-privsep-user=user Specify non-privileged user for privilege separation |
883 | --with-sectok Enable smartcard support using libsectok | 883 | --with-sectok Enable smartcard support using libsectok |
884 | --with-opensc=PFX Enable smartcard support using OpenSC | 884 | --with-opensc[=PFX] Enable smartcard support using OpenSC (optionally in PATH) |
885 | --with-kerberos5=PATH Enable Kerberos 5 support | 885 | --with-kerberos5=PATH Enable Kerberos 5 support |
886 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | 886 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
887 | --with-xauth=PATH Specify path to xauth program | 887 | --with-xauth=PATH Specify path to xauth program |
@@ -4643,6 +4643,77 @@ _ACEOF | |||
4643 | 4643 | ||
4644 | 4644 | ||
4645 | fi | 4645 | fi |
4646 | echo "$as_me:$LINENO: checking whether setauthdb is declared" >&5 | ||
4647 | echo $ECHO_N "checking whether setauthdb is declared... $ECHO_C" >&6 | ||
4648 | if test "${ac_cv_have_decl_setauthdb+set}" = set; then | ||
4649 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
4650 | else | ||
4651 | cat >conftest.$ac_ext <<_ACEOF | ||
4652 | /* confdefs.h. */ | ||
4653 | _ACEOF | ||
4654 | cat confdefs.h >>conftest.$ac_ext | ||
4655 | cat >>conftest.$ac_ext <<_ACEOF | ||
4656 | /* end confdefs.h. */ | ||
4657 | #include <usersec.h> | ||
4658 | |||
4659 | int | ||
4660 | main () | ||
4661 | { | ||
4662 | #ifndef setauthdb | ||
4663 | char *p = (char *) setauthdb; | ||
4664 | #endif | ||
4665 | |||
4666 | ; | ||
4667 | return 0; | ||
4668 | } | ||
4669 | _ACEOF | ||
4670 | rm -f conftest.$ac_objext | ||
4671 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
4672 | (eval $ac_compile) 2>conftest.er1 | ||
4673 | ac_status=$? | ||
4674 | grep -v '^ *+' conftest.er1 >conftest.err | ||
4675 | rm -f conftest.er1 | ||
4676 | cat conftest.err >&5 | ||
4677 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4678 | (exit $ac_status); } && | ||
4679 | { ac_try='test -z "$ac_c_werror_flag" | ||
4680 | || test ! -s conftest.err' | ||
4681 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
4682 | (eval $ac_try) 2>&5 | ||
4683 | ac_status=$? | ||
4684 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4685 | (exit $ac_status); }; } && | ||
4686 | { ac_try='test -s conftest.$ac_objext' | ||
4687 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
4688 | (eval $ac_try) 2>&5 | ||
4689 | ac_status=$? | ||
4690 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4691 | (exit $ac_status); }; }; then | ||
4692 | ac_cv_have_decl_setauthdb=yes | ||
4693 | else | ||
4694 | echo "$as_me: failed program was:" >&5 | ||
4695 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
4696 | |||
4697 | ac_cv_have_decl_setauthdb=no | ||
4698 | fi | ||
4699 | rm -f conftest.err conftest.$ac_objext conftest.$ac_ext | ||
4700 | fi | ||
4701 | echo "$as_me:$LINENO: result: $ac_cv_have_decl_setauthdb" >&5 | ||
4702 | echo "${ECHO_T}$ac_cv_have_decl_setauthdb" >&6 | ||
4703 | if test $ac_cv_have_decl_setauthdb = yes; then | ||
4704 | |||
4705 | cat >>confdefs.h <<_ACEOF | ||
4706 | #define HAVE_DECL_SETAUTHDB 1 | ||
4707 | _ACEOF | ||
4708 | |||
4709 | |||
4710 | else | ||
4711 | cat >>confdefs.h <<_ACEOF | ||
4712 | #define HAVE_DECL_SETAUTHDB 0 | ||
4713 | _ACEOF | ||
4714 | |||
4715 | |||
4716 | fi | ||
4646 | 4717 | ||
4647 | 4718 | ||
4648 | echo "$as_me:$LINENO: checking whether loginfailed is declared" >&5 | 4719 | echo "$as_me:$LINENO: checking whether loginfailed is declared" >&5 |
@@ -6004,6 +6075,11 @@ _ACEOF | |||
6004 | #define BROKEN_SETREGID 1 | 6075 | #define BROKEN_SETREGID 1 |
6005 | _ACEOF | 6076 | _ACEOF |
6006 | 6077 | ||
6078 | |||
6079 | cat >>confdefs.h <<\_ACEOF | ||
6080 | #define PASSWD_NEEDS_USERNAME 1 | ||
6081 | _ACEOF | ||
6082 | |||
6007 | ;; | 6083 | ;; |
6008 | # UnixWare 7.x, OpenUNIX 8 | 6084 | # UnixWare 7.x, OpenUNIX 8 |
6009 | *-*-sysv5*) | 6085 | *-*-sysv5*) |
@@ -6023,6 +6099,11 @@ _ACEOF | |||
6023 | #define BROKEN_SETREGID 1 | 6099 | #define BROKEN_SETREGID 1 |
6024 | _ACEOF | 6100 | _ACEOF |
6025 | 6101 | ||
6102 | |||
6103 | cat >>confdefs.h <<\_ACEOF | ||
6104 | #define PASSWD_NEEDS_USERNAME 1 | ||
6105 | _ACEOF | ||
6106 | |||
6026 | ;; | 6107 | ;; |
6027 | *-*-sysv*) | 6108 | *-*-sysv*) |
6028 | ;; | 6109 | ;; |
@@ -6363,7 +6444,8 @@ esac | |||
6363 | if test "${with_cflags+set}" = set; then | 6444 | if test "${with_cflags+set}" = set; then |
6364 | withval="$with_cflags" | 6445 | withval="$with_cflags" |
6365 | 6446 | ||
6366 | if test "x$withval" != "xno" ; then | 6447 | if test -n "$withval" && test "x$withval" != "xno" && \ |
6448 | test "x${withval}" != "xyes"; then | ||
6367 | CFLAGS="$CFLAGS $withval" | 6449 | CFLAGS="$CFLAGS $withval" |
6368 | fi | 6450 | fi |
6369 | 6451 | ||
@@ -6374,7 +6456,8 @@ fi; | |||
6374 | if test "${with_cppflags+set}" = set; then | 6456 | if test "${with_cppflags+set}" = set; then |
6375 | withval="$with_cppflags" | 6457 | withval="$with_cppflags" |
6376 | 6458 | ||
6377 | if test "x$withval" != "xno"; then | 6459 | if test -n "$withval" && test "x$withval" != "xno" && \ |
6460 | test "x${withval}" != "xyes"; then | ||
6378 | CPPFLAGS="$CPPFLAGS $withval" | 6461 | CPPFLAGS="$CPPFLAGS $withval" |
6379 | fi | 6462 | fi |
6380 | 6463 | ||
@@ -6385,7 +6468,8 @@ fi; | |||
6385 | if test "${with_ldflags+set}" = set; then | 6468 | if test "${with_ldflags+set}" = set; then |
6386 | withval="$with_ldflags" | 6469 | withval="$with_ldflags" |
6387 | 6470 | ||
6388 | if test "x$withval" != "xno" ; then | 6471 | if test -n "$withval" && test "x$withval" != "xno" && \ |
6472 | test "x${withval}" != "xyes"; then | ||
6389 | LDFLAGS="$LDFLAGS $withval" | 6473 | LDFLAGS="$LDFLAGS $withval" |
6390 | fi | 6474 | fi |
6391 | 6475 | ||
@@ -6396,7 +6480,8 @@ fi; | |||
6396 | if test "${with_libs+set}" = set; then | 6480 | if test "${with_libs+set}" = set; then |
6397 | withval="$with_libs" | 6481 | withval="$with_libs" |
6398 | 6482 | ||
6399 | if test "x$withval" != "xno" ; then | 6483 | if test -n "$withval" && test "x$withval" != "xno" && \ |
6484 | test "x${withval}" != "xyes"; then | ||
6400 | LIBS="$LIBS $withval" | 6485 | LIBS="$LIBS $withval" |
6401 | fi | 6486 | fi |
6402 | 6487 | ||
@@ -8171,12 +8256,11 @@ fi | |||
8171 | # Check whether --with-zlib or --without-zlib was given. | 8256 | # Check whether --with-zlib or --without-zlib was given. |
8172 | if test "${with_zlib+set}" = set; then | 8257 | if test "${with_zlib+set}" = set; then |
8173 | withval="$with_zlib" | 8258 | withval="$with_zlib" |
8174 | 8259 | if test "x$withval" = "xno" ; then | |
8175 | if test "x$withval" = "xno" ; then | 8260 | { { echo "$as_me:$LINENO: error: *** zlib is required ***" >&5 |
8176 | { { echo "$as_me:$LINENO: error: *** zlib is required ***" >&5 | ||
8177 | echo "$as_me: error: *** zlib is required ***" >&2;} | 8261 | echo "$as_me: error: *** zlib is required ***" >&2;} |
8178 | { (exit 1); exit 1; }; } | 8262 | { (exit 1); exit 1; }; } |
8179 | fi | 8263 | elif test "x$withval" != "xyes"; then |
8180 | if test -d "$withval/lib"; then | 8264 | if test -d "$withval/lib"; then |
8181 | if test -n "${need_dash_r}"; then | 8265 | if test -n "${need_dash_r}"; then |
8182 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | 8266 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" |
@@ -8195,7 +8279,7 @@ echo "$as_me: error: *** zlib is required ***" >&2;} | |||
8195 | else | 8279 | else |
8196 | CPPFLAGS="-I${withval} ${CPPFLAGS}" | 8280 | CPPFLAGS="-I${withval} ${CPPFLAGS}" |
8197 | fi | 8281 | fi |
8198 | 8282 | fi | |
8199 | 8283 | ||
8200 | fi; | 8284 | fi; |
8201 | 8285 | ||
@@ -8506,8 +8590,8 @@ if test "${with_zlib_version_check+set}" = set; then | |||
8506 | 8590 | ||
8507 | fi; | 8591 | fi; |
8508 | 8592 | ||
8509 | echo "$as_me:$LINENO: checking for zlib 1.1.4 or greater" >&5 | 8593 | echo "$as_me:$LINENO: checking for possibly buggy zlib" >&5 |
8510 | echo $ECHO_N "checking for zlib 1.1.4 or greater... $ECHO_C" >&6 | 8594 | echo $ECHO_N "checking for possibly buggy zlib... $ECHO_C" >&6 |
8511 | if test "$cross_compiling" = yes; then | 8595 | if test "$cross_compiling" = yes; then |
8512 | { echo "$as_me:$LINENO: WARNING: cross compiling: not checking zlib version" >&5 | 8596 | { echo "$as_me:$LINENO: WARNING: cross compiling: not checking zlib version" >&5 |
8513 | echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} | 8597 | echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} |
@@ -8520,15 +8604,25 @@ cat confdefs.h >>conftest.$ac_ext | |||
8520 | cat >>conftest.$ac_ext <<_ACEOF | 8604 | cat >>conftest.$ac_ext <<_ACEOF |
8521 | /* end confdefs.h. */ | 8605 | /* end confdefs.h. */ |
8522 | 8606 | ||
8607 | #include <stdio.h> | ||
8523 | #include <zlib.h> | 8608 | #include <zlib.h> |
8524 | int main() | 8609 | int main() |
8525 | { | 8610 | { |
8526 | int a, b, c, v; | 8611 | int a=0, b=0, c=0, d=0, n, v; |
8527 | if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3) | 8612 | n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); |
8613 | if (n != 3 && n != 4) | ||
8528 | exit(1); | 8614 | exit(1); |
8529 | v = a*1000000 + b*1000 + c; | 8615 | v = a*1000000 + b*10000 + c*100 + d; |
8530 | if (v >= 1001004) | 8616 | fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); |
8617 | |||
8618 | /* 1.1.4 is OK */ | ||
8619 | if (a == 1 && b == 1 && c >= 4) | ||
8620 | exit(0); | ||
8621 | |||
8622 | /* 1.2.1.2 and up are OK */ | ||
8623 | if (v >= 1020102) | ||
8531 | exit(0); | 8624 | exit(0); |
8625 | |||
8532 | exit(2); | 8626 | exit(2); |
8533 | } | 8627 | } |
8534 | 8628 | ||
@@ -8544,29 +8638,31 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | |||
8544 | ac_status=$? | 8638 | ac_status=$? |
8545 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | 8639 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
8546 | (exit $ac_status); }; }; then | 8640 | (exit $ac_status); }; }; then |
8547 | echo "$as_me:$LINENO: result: yes" >&5 | 8641 | echo "$as_me:$LINENO: result: no" >&5 |
8548 | echo "${ECHO_T}yes" >&6 | 8642 | echo "${ECHO_T}no" >&6 |
8549 | else | 8643 | else |
8550 | echo "$as_me: program exited with status $ac_status" >&5 | 8644 | echo "$as_me: program exited with status $ac_status" >&5 |
8551 | echo "$as_me: failed program was:" >&5 | 8645 | echo "$as_me: failed program was:" >&5 |
8552 | sed 's/^/| /' conftest.$ac_ext >&5 | 8646 | sed 's/^/| /' conftest.$ac_ext >&5 |
8553 | 8647 | ||
8554 | ( exit $ac_status ) | 8648 | ( exit $ac_status ) |
8555 | echo "$as_me:$LINENO: result: no" >&5 | 8649 | echo "$as_me:$LINENO: result: yes" >&5 |
8556 | echo "${ECHO_T}no" >&6 | 8650 | echo "${ECHO_T}yes" >&6 |
8557 | if test -z "$zlib_check_nonfatal" ; then | 8651 | if test -z "$zlib_check_nonfatal" ; then |
8558 | { { echo "$as_me:$LINENO: error: *** zlib too old - check config.log *** | 8652 | { { echo "$as_me:$LINENO: error: *** zlib too old - check config.log *** |
8559 | Your reported zlib version has known security problems. It's possible your | 8653 | Your reported zlib version has known security problems. It's possible your |
8560 | vendor has fixed these problems without changing the version number. If you | 8654 | vendor has fixed these problems without changing the version number. If you |
8561 | are sure this is the case, you can disable the check by running | 8655 | are sure this is the case, you can disable the check by running |
8562 | \"./configure --without-zlib-version-check\". | 8656 | \"./configure --without-zlib-version-check\". |
8563 | If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&5 | 8657 | If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. |
8658 | See http://www.gzip.org/zlib/ for details." >&5 | ||
8564 | echo "$as_me: error: *** zlib too old - check config.log *** | 8659 | echo "$as_me: error: *** zlib too old - check config.log *** |
8565 | Your reported zlib version has known security problems. It's possible your | 8660 | Your reported zlib version has known security problems. It's possible your |
8566 | vendor has fixed these problems without changing the version number. If you | 8661 | vendor has fixed these problems without changing the version number. If you |
8567 | are sure this is the case, you can disable the check by running | 8662 | are sure this is the case, you can disable the check by running |
8568 | \"./configure --without-zlib-version-check\". | 8663 | \"./configure --without-zlib-version-check\". |
8569 | If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&2;} | 8664 | If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. |
8665 | See http://www.gzip.org/zlib/ for details." >&2;} | ||
8570 | { (exit 1); exit 1; }; } | 8666 | { (exit 1); exit 1; }; } |
8571 | else | 8667 | else |
8572 | { echo "$as_me:$LINENO: WARNING: zlib version may have security problems" >&5 | 8668 | { echo "$as_me:$LINENO: WARNING: zlib version may have security problems" >&5 |
@@ -9753,7 +9849,8 @@ if test "${with_tcp_wrappers+set}" = set; then | |||
9753 | saved_LIBS="$LIBS" | 9849 | saved_LIBS="$LIBS" |
9754 | saved_LDFLAGS="$LDFLAGS" | 9850 | saved_LDFLAGS="$LDFLAGS" |
9755 | saved_CPPFLAGS="$CPPFLAGS" | 9851 | saved_CPPFLAGS="$CPPFLAGS" |
9756 | if test -n "${withval}" -a "${withval}" != "yes"; then | 9852 | if test -n "${withval}" && \ |
9853 | test "x${withval}" != "xyes"; then | ||
9757 | if test -d "${withval}/lib"; then | 9854 | if test -d "${withval}/lib"; then |
9758 | if test -n "${need_dash_r}"; then | 9855 | if test -n "${need_dash_r}"; then |
9759 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | 9856 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" |
@@ -9856,13 +9953,17 @@ LIBEDIT_MSG="no" | |||
9856 | if test "${with_libedit+set}" = set; then | 9953 | if test "${with_libedit+set}" = set; then |
9857 | withval="$with_libedit" | 9954 | withval="$with_libedit" |
9858 | if test "x$withval" != "xno" ; then | 9955 | if test "x$withval" != "xno" ; then |
9956 | if test "x$withval" != "xyes"; then | ||
9957 | CPPFLAGS="$CPPFLAGS -I$withval/include" | ||
9958 | LDFLAGS="$LDFLAGS -L$withval/lib" | ||
9959 | fi | ||
9859 | echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 | 9960 | echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 |
9860 | echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6 | 9961 | echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6 |
9861 | if test "${ac_cv_lib_edit_el_init+set}" = set; then | 9962 | if test "${ac_cv_lib_edit_el_init+set}" = set; then |
9862 | echo $ECHO_N "(cached) $ECHO_C" >&6 | 9963 | echo $ECHO_N "(cached) $ECHO_C" >&6 |
9863 | else | 9964 | else |
9864 | ac_check_lib_save_LIBS=$LIBS | 9965 | ac_check_lib_save_LIBS=$LIBS |
9865 | LIBS="-ledit -lcurses | 9966 | LIBS="-ledit -lcurses |
9866 | $LIBS" | 9967 | $LIBS" |
9867 | cat >conftest.$ac_ext <<_ACEOF | 9968 | cat >conftest.$ac_ext <<_ACEOF |
9868 | /* confdefs.h. */ | 9969 | /* confdefs.h. */ |
@@ -9931,6 +10032,10 @@ _ACEOF | |||
9931 | LIBEDIT_MSG="yes" | 10032 | LIBEDIT_MSG="yes" |
9932 | 10033 | ||
9933 | 10034 | ||
10035 | else | ||
10036 | { { echo "$as_me:$LINENO: error: libedit not found" >&5 | ||
10037 | echo "$as_me: error: libedit not found" >&2;} | ||
10038 | { (exit 1); exit 1; }; } | ||
9934 | fi | 10039 | fi |
9935 | 10040 | ||
9936 | fi | 10041 | fi |
@@ -12733,8 +12838,14 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | |||
12733 | ac_status=$? | 12838 | ac_status=$? |
12734 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | 12839 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
12735 | (exit $ac_status); }; }; then | 12840 | (exit $ac_status); }; }; then |
12736 | echo "$as_me:$LINENO: result: yes" >&5 | 12841 | echo "$as_me:$LINENO: result: yes" >&5 |
12737 | echo "${ECHO_T}yes" >&6 | 12842 | echo "${ECHO_T}yes" >&6 |
12843 | |||
12844 | cat >>confdefs.h <<\_ACEOF | ||
12845 | #define HAVE_SO_PEERCRED | ||
12846 | _ACEOF | ||
12847 | |||
12848 | |||
12738 | else | 12849 | else |
12739 | echo "$as_me: failed program was:" >&5 | 12850 | echo "$as_me: failed program was:" >&5 |
12740 | sed 's/^/| /' conftest.$ac_ext >&5 | 12851 | sed 's/^/| /' conftest.$ac_ext >&5 |
@@ -12895,7 +13006,8 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes | |||
12895 | fi | 13006 | fi |
12896 | fi | 13007 | fi |
12897 | 13008 | ||
12898 | if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then | 13009 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ |
13010 | test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then | ||
12899 | echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 | 13011 | echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 |
12900 | echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 | 13012 | echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 |
12901 | if test "$cross_compiling" = yes; then | 13013 | if test "$cross_compiling" = yes; then |
@@ -13002,7 +13114,8 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes | |||
13002 | fi | 13114 | fi |
13003 | fi | 13115 | fi |
13004 | 13116 | ||
13005 | if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then | 13117 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ |
13118 | test "x$check_for_aix_broken_getaddrinfo" = "x1"; then | ||
13006 | echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 | 13119 | echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 |
13007 | echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 | 13120 | echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 |
13008 | if test "$cross_compiling" = yes; then | 13121 | if test "$cross_compiling" = yes; then |
@@ -14272,7 +14385,7 @@ echo "$as_me: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&2;} | |||
14272 | fi; | 14385 | fi; |
14273 | 14386 | ||
14274 | # Which randomness source do we use? | 14387 | # Which randomness source do we use? |
14275 | if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then | 14388 | if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then |
14276 | # OpenSSL only | 14389 | # OpenSSL only |
14277 | cat >>confdefs.h <<\_ACEOF | 14390 | cat >>confdefs.h <<\_ACEOF |
14278 | #define OPENSSL_PRNG_ONLY 1 | 14391 | #define OPENSSL_PRNG_ONLY 1 |
@@ -14393,7 +14506,8 @@ entropy_timeout=200 | |||
14393 | if test "${with_entropy_timeout+set}" = set; then | 14506 | if test "${with_entropy_timeout+set}" = set; then |
14394 | withval="$with_entropy_timeout" | 14507 | withval="$with_entropy_timeout" |
14395 | 14508 | ||
14396 | if test "x$withval" != "xno" ; then | 14509 | if test -n "$withval" && test "x$withval" != "xno" && \ |
14510 | test "x${withval}" != "xyes"; then | ||
14397 | entropy_timeout=$withval | 14511 | entropy_timeout=$withval |
14398 | fi | 14512 | fi |
14399 | 14513 | ||
@@ -14410,7 +14524,8 @@ SSH_PRIVSEP_USER=sshd | |||
14410 | if test "${with_privsep_user+set}" = set; then | 14524 | if test "${with_privsep_user+set}" = set; then |
14411 | withval="$with_privsep_user" | 14525 | withval="$with_privsep_user" |
14412 | 14526 | ||
14413 | if test -n "$withval"; then | 14527 | if test -n "$withval" && test "x$withval" != "xno" && \ |
14528 | test "x${withval}" != "xyes"; then | ||
14414 | SSH_PRIVSEP_USER=$withval | 14529 | SSH_PRIVSEP_USER=$withval |
14415 | fi | 14530 | fi |
14416 | 14531 | ||
@@ -19152,9 +19267,9 @@ fi | |||
19152 | 19267 | ||
19153 | 19268 | ||
19154 | # We need int64_t or else certian parts of the compile will fail. | 19269 | # We need int64_t or else certian parts of the compile will fail. |
19155 | if test "x$ac_cv_have_int64_t" = "xno" -a \ | 19270 | if test "x$ac_cv_have_int64_t" = "xno" && \ |
19156 | "x$ac_cv_sizeof_long_int" != "x8" -a \ | 19271 | test "x$ac_cv_sizeof_long_int" != "x8" && \ |
19157 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then | 19272 | test "x$ac_cv_sizeof_long_long_int" = "x0" ; then |
19158 | echo "OpenSSH requires int64_t support. Contact your vendor or install" | 19273 | echo "OpenSSH requires int64_t support. Contact your vendor or install" |
19159 | echo "an alternative compiler (I.E., GCC) before continuing." | 19274 | echo "an alternative compiler (I.E., GCC) before continuing." |
19160 | echo "" | 19275 | echo "" |
@@ -21195,17 +21310,17 @@ _ACEOF | |||
21195 | fi; | 21310 | fi; |
21196 | 21311 | ||
21197 | # Check whether user wants OpenSC support | 21312 | # Check whether user wants OpenSC support |
21313 | OPENSC_CONFIG="no" | ||
21198 | 21314 | ||
21199 | # Check whether --with-opensc or --without-opensc was given. | 21315 | # Check whether --with-opensc or --without-opensc was given. |
21200 | if test "${with_opensc+set}" = set; then | 21316 | if test "${with_opensc+set}" = set; then |
21201 | withval="$with_opensc" | 21317 | withval="$with_opensc" |
21202 | opensc_config_prefix="$withval" | 21318 | |
21203 | else | 21319 | if test "x$withval" != "xno" ; then |
21204 | opensc_config_prefix="" | 21320 | if test "x$withval" != "xyes" ; then |
21205 | fi; | 21321 | OPENSC_CONFIG=$withval/bin/opensc-config |
21206 | if test x$opensc_config_prefix != x ; then | 21322 | else |
21207 | OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config | 21323 | # Extract the first word of "opensc-config", so it can be a program name with args. |
21208 | # Extract the first word of "opensc-config", so it can be a program name with args. | ||
21209 | set dummy opensc-config; ac_word=$2 | 21324 | set dummy opensc-config; ac_word=$2 |
21210 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | 21325 | echo "$as_me:$LINENO: checking for $ac_word" >&5 |
21211 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 | 21326 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 |
@@ -21245,22 +21360,26 @@ else | |||
21245 | echo "${ECHO_T}no" >&6 | 21360 | echo "${ECHO_T}no" >&6 |
21246 | fi | 21361 | fi |
21247 | 21362 | ||
21248 | if test "$OPENSC_CONFIG" != "no"; then | 21363 | fi |
21249 | LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` | 21364 | if test "$OPENSC_CONFIG" != "no"; then |
21250 | LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` | 21365 | LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` |
21251 | CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" | 21366 | LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` |
21252 | LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" | 21367 | CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" |
21253 | cat >>confdefs.h <<\_ACEOF | 21368 | LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" |
21369 | cat >>confdefs.h <<\_ACEOF | ||
21254 | #define SMARTCARD 1 | 21370 | #define SMARTCARD 1 |
21255 | _ACEOF | 21371 | _ACEOF |
21256 | 21372 | ||
21257 | cat >>confdefs.h <<\_ACEOF | 21373 | cat >>confdefs.h <<\_ACEOF |
21258 | #define USE_OPENSC 1 | 21374 | #define USE_OPENSC 1 |
21259 | _ACEOF | 21375 | _ACEOF |
21260 | 21376 | ||
21261 | SCARD_MSG="yes, using OpenSC" | 21377 | SCARD_MSG="yes, using OpenSC" |
21262 | fi | 21378 | fi |
21263 | fi | 21379 | fi |
21380 | |||
21381 | |||
21382 | fi; | ||
21264 | 21383 | ||
21265 | # Check libraries needed by DNS fingerprint support | 21384 | # Check libraries needed by DNS fingerprint support |
21266 | echo "$as_me:$LINENO: checking for library containing getrrsetbyname" >&5 | 21385 | echo "$as_me:$LINENO: checking for library containing getrrsetbyname" >&5 |
@@ -23659,7 +23778,8 @@ PRIVSEP_PATH=/var/empty | |||
23659 | if test "${with_privsep_path+set}" = set; then | 23778 | if test "${with_privsep_path+set}" = set; then |
23660 | withval="$with_privsep_path" | 23779 | withval="$with_privsep_path" |
23661 | 23780 | ||
23662 | if test "x$withval" != "$no" ; then | 23781 | if test -n "$withval" && test "x$withval" != "xno" && \ |
23782 | test "x${withval}" != "xyes"; then | ||
23663 | PRIVSEP_PATH=$withval | 23783 | PRIVSEP_PATH=$withval |
23664 | fi | 23784 | fi |
23665 | 23785 | ||
@@ -23672,7 +23792,8 @@ fi; | |||
23672 | if test "${with_xauth+set}" = set; then | 23792 | if test "${with_xauth+set}" = set; then |
23673 | withval="$with_xauth" | 23793 | withval="$with_xauth" |
23674 | 23794 | ||
23675 | if test "x$withval" != "xno" ; then | 23795 | if test -n "$withval" && test "x$withval" != "xno" && \ |
23796 | test "x${withval}" != "xyes"; then | ||
23676 | xauth_path=$withval | 23797 | xauth_path=$withval |
23677 | fi | 23798 | fi |
23678 | 23799 | ||
@@ -24095,8 +24216,8 @@ _ACEOF | |||
24095 | fi | 24216 | fi |
24096 | fi | 24217 | fi |
24097 | 24218 | ||
24098 | if test $ac_cv_func_login_getcapbool = "yes" -a \ | 24219 | if test $ac_cv_func_login_getcapbool = "yes" && \ |
24099 | $ac_cv_header_login_cap_h = "yes" ; then | 24220 | test $ac_cv_header_login_cap_h = "yes" ; then |
24100 | external_path_file=/etc/login.conf | 24221 | external_path_file=/etc/login.conf |
24101 | fi | 24222 | fi |
24102 | 24223 | ||
@@ -24240,7 +24361,8 @@ fi | |||
24240 | if test "${with_superuser_path+set}" = set; then | 24361 | if test "${with_superuser_path+set}" = set; then |
24241 | withval="$with_superuser_path" | 24362 | withval="$with_superuser_path" |
24242 | 24363 | ||
24243 | if test "x$withval" != "xno" ; then | 24364 | if test -n "$withval" && test "x$withval" != "xno" && \ |
24365 | test "x${withval}" != "xyes"; then | ||
24244 | cat >>confdefs.h <<_ACEOF | 24366 | cat >>confdefs.h <<_ACEOF |
24245 | #define SUPERUSER_PATH "$withval" | 24367 | #define SUPERUSER_PATH "$withval" |
24246 | _ACEOF | 24368 | _ACEOF |
@@ -24324,7 +24446,8 @@ fi | |||
24324 | if test "${with_pid_dir+set}" = set; then | 24446 | if test "${with_pid_dir+set}" = set; then |
24325 | withval="$with_pid_dir" | 24447 | withval="$with_pid_dir" |
24326 | 24448 | ||
24327 | if test "x$withval" != "xno" ; then | 24449 | if test -n "$withval" && test "x$withval" != "xno" && \ |
24450 | test "x${withval}" != "xyes"; then | ||
24328 | piddir=$withval | 24451 | piddir=$withval |
24329 | if test ! -d $piddir ; then | 24452 | if test ! -d $piddir ; then |
24330 | { echo "$as_me:$LINENO: WARNING: ** no $piddir directory on this system **" >&5 | 24453 | { echo "$as_me:$LINENO: WARNING: ** no $piddir directory on this system **" >&5 |
@@ -24455,7 +24578,7 @@ if test "${with_lastlog+set}" = set; then | |||
24455 | #define DISABLE_LASTLOG 1 | 24578 | #define DISABLE_LASTLOG 1 |
24456 | _ACEOF | 24579 | _ACEOF |
24457 | 24580 | ||
24458 | else | 24581 | elif test -n "$withval" && test "x${withval}" != "xyes"; then |
24459 | conf_lastlog_location=$withval | 24582 | conf_lastlog_location=$withval |
24460 | fi | 24583 | fi |
24461 | 24584 | ||
@@ -25290,9 +25413,9 @@ exec 6>&1 | |||
25290 | exec 5>>config.log | 25413 | exec 5>>config.log |
25291 | { | 25414 | { |
25292 | echo | 25415 | echo |
25293 | sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<BOXI_EOF | 25416 | sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX |
25294 | ## Running $as_me. ## | 25417 | ## Running $as_me. ## |
25295 | BOXI_EOF | 25418 | _ASBOX |
25296 | } >&5 | 25419 | } >&5 |
25297 | cat >&5 <<_CSEOF | 25420 | cat >&5 <<_CSEOF |
25298 | 25421 | ||
diff --git a/configure.ac b/configure.ac index e48028b7b..20c8f1587 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $ | 1 | # $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -75,7 +75,7 @@ if test -z "$LD" ; then | |||
75 | LD=$CC | 75 | LD=$CC |
76 | fi | 76 | fi |
77 | AC_SUBST(LD) | 77 | AC_SUBST(LD) |
78 | 78 | ||
79 | AC_C_INLINE | 79 | AC_C_INLINE |
80 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | 80 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then |
81 | CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" | 81 | CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" |
@@ -84,7 +84,7 @@ fi | |||
84 | AC_ARG_WITH(rpath, | 84 | AC_ARG_WITH(rpath, |
85 | [ --without-rpath Disable auto-added -R linker paths], | 85 | [ --without-rpath Disable auto-added -R linker paths], |
86 | [ | 86 | [ |
87 | if test "x$withval" = "xno" ; then | 87 | if test "x$withval" = "xno" ; then |
88 | need_dash_r="" | 88 | need_dash_r="" |
89 | fi | 89 | fi |
90 | if test "x$withval" = "xyes" ; then | 90 | if test "x$withval" = "xyes" ; then |
@@ -123,7 +123,7 @@ case "$host" in | |||
123 | ]) | 123 | ]) |
124 | dnl Check for various auth function declarations in headers. | 124 | dnl Check for various auth function declarations in headers. |
125 | AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, | 125 | AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, |
126 | passwdexpired], , , [#include <usersec.h>]) | 126 | passwdexpired, setauthdb], , , [#include <usersec.h>]) |
127 | dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) | 127 | dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) |
128 | AC_CHECK_DECLS(loginfailed, | 128 | AC_CHECK_DECLS(loginfailed, |
129 | [AC_MSG_CHECKING(if loginfailed takes 4 arguments) | 129 | [AC_MSG_CHECKING(if loginfailed takes 4 arguments) |
@@ -274,7 +274,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
274 | ;; | 274 | ;; |
275 | *-*-netbsd*) | 275 | *-*-netbsd*) |
276 | check_for_libcrypt_before=1 | 276 | check_for_libcrypt_before=1 |
277 | if test "x$withval" != "xno" ; then | 277 | if test "x$withval" != "xno" ; then |
278 | need_dash_r=1 | 278 | need_dash_r=1 |
279 | fi | 279 | fi |
280 | ;; | 280 | ;; |
@@ -297,7 +297,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
297 | AC_DEFINE(BROKEN_SAVED_UIDS) | 297 | AC_DEFINE(BROKEN_SAVED_UIDS) |
298 | ;; | 298 | ;; |
299 | *-*-solaris*) | 299 | *-*-solaris*) |
300 | if test "x$withval" != "xno" ; then | 300 | if test "x$withval" != "xno" ; then |
301 | need_dash_r=1 | 301 | need_dash_r=1 |
302 | fi | 302 | fi |
303 | AC_DEFINE(PAM_SUN_CODEBASE) | 303 | AC_DEFINE(PAM_SUN_CODEBASE) |
@@ -361,6 +361,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
361 | AC_DEFINE(SETEUID_BREAKS_SETUID) | 361 | AC_DEFINE(SETEUID_BREAKS_SETUID) |
362 | AC_DEFINE(BROKEN_SETREUID) | 362 | AC_DEFINE(BROKEN_SETREUID) |
363 | AC_DEFINE(BROKEN_SETREGID) | 363 | AC_DEFINE(BROKEN_SETREGID) |
364 | AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) | ||
364 | ;; | 365 | ;; |
365 | # UnixWare 7.x, OpenUNIX 8 | 366 | # UnixWare 7.x, OpenUNIX 8 |
366 | *-*-sysv5*) | 367 | *-*-sysv5*) |
@@ -368,6 +369,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
368 | AC_DEFINE(SETEUID_BREAKS_SETUID) | 369 | AC_DEFINE(SETEUID_BREAKS_SETUID) |
369 | AC_DEFINE(BROKEN_SETREUID) | 370 | AC_DEFINE(BROKEN_SETREUID) |
370 | AC_DEFINE(BROKEN_SETREGID) | 371 | AC_DEFINE(BROKEN_SETREGID) |
372 | AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) | ||
371 | ;; | 373 | ;; |
372 | *-*-sysv*) | 374 | *-*-sysv*) |
373 | ;; | 375 | ;; |
@@ -472,15 +474,17 @@ esac | |||
472 | AC_ARG_WITH(cflags, | 474 | AC_ARG_WITH(cflags, |
473 | [ --with-cflags Specify additional flags to pass to compiler], | 475 | [ --with-cflags Specify additional flags to pass to compiler], |
474 | [ | 476 | [ |
475 | if test "x$withval" != "xno" ; then | 477 | if test -n "$withval" && test "x$withval" != "xno" && \ |
478 | test "x${withval}" != "xyes"; then | ||
476 | CFLAGS="$CFLAGS $withval" | 479 | CFLAGS="$CFLAGS $withval" |
477 | fi | 480 | fi |
478 | ] | 481 | ] |
479 | ) | 482 | ) |
480 | AC_ARG_WITH(cppflags, | 483 | AC_ARG_WITH(cppflags, |
481 | [ --with-cppflags Specify additional flags to pass to preprocessor] , | 484 | [ --with-cppflags Specify additional flags to pass to preprocessor] , |
482 | [ | 485 | [ |
483 | if test "x$withval" != "xno"; then | 486 | if test -n "$withval" && test "x$withval" != "xno" && \ |
487 | test "x${withval}" != "xyes"; then | ||
484 | CPPFLAGS="$CPPFLAGS $withval" | 488 | CPPFLAGS="$CPPFLAGS $withval" |
485 | fi | 489 | fi |
486 | ] | 490 | ] |
@@ -488,18 +492,20 @@ AC_ARG_WITH(cppflags, | |||
488 | AC_ARG_WITH(ldflags, | 492 | AC_ARG_WITH(ldflags, |
489 | [ --with-ldflags Specify additional flags to pass to linker], | 493 | [ --with-ldflags Specify additional flags to pass to linker], |
490 | [ | 494 | [ |
491 | if test "x$withval" != "xno" ; then | 495 | if test -n "$withval" && test "x$withval" != "xno" && \ |
496 | test "x${withval}" != "xyes"; then | ||
492 | LDFLAGS="$LDFLAGS $withval" | 497 | LDFLAGS="$LDFLAGS $withval" |
493 | fi | 498 | fi |
494 | ] | 499 | ] |
495 | ) | 500 | ) |
496 | AC_ARG_WITH(libs, | 501 | AC_ARG_WITH(libs, |
497 | [ --with-libs Specify additional libraries to link with], | 502 | [ --with-libs Specify additional libraries to link with], |
498 | [ | 503 | [ |
499 | if test "x$withval" != "xno" ; then | 504 | if test -n "$withval" && test "x$withval" != "xno" && \ |
505 | test "x${withval}" != "xyes"; then | ||
500 | LIBS="$LIBS $withval" | 506 | LIBS="$LIBS $withval" |
501 | fi | 507 | fi |
502 | ] | 508 | ] |
503 | ) | 509 | ) |
504 | 510 | ||
505 | AC_MSG_CHECKING(compiler and flags for sanity) | 511 | AC_MSG_CHECKING(compiler and flags for sanity) |
@@ -583,10 +589,9 @@ AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) | |||
583 | dnl zlib is required | 589 | dnl zlib is required |
584 | AC_ARG_WITH(zlib, | 590 | AC_ARG_WITH(zlib, |
585 | [ --with-zlib=PATH Use zlib in PATH], | 591 | [ --with-zlib=PATH Use zlib in PATH], |
586 | [ | 592 | [ if test "x$withval" = "xno" ; then |
587 | if test "x$withval" = "xno" ; then | 593 | AC_MSG_ERROR([*** zlib is required ***]) |
588 | AC_MSG_ERROR([*** zlib is required ***]) | 594 | elif test "x$withval" != "xyes"; then |
589 | fi | ||
590 | if test -d "$withval/lib"; then | 595 | if test -d "$withval/lib"; then |
591 | if test -n "${need_dash_r}"; then | 596 | if test -n "${need_dash_r}"; then |
592 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | 597 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" |
@@ -605,7 +610,7 @@ AC_ARG_WITH(zlib, | |||
605 | else | 610 | else |
606 | CPPFLAGS="-I${withval} ${CPPFLAGS}" | 611 | CPPFLAGS="-I${withval} ${CPPFLAGS}" |
607 | fi | 612 | fi |
608 | ] | 613 | fi ] |
609 | ) | 614 | ) |
610 | 615 | ||
611 | AC_CHECK_LIB(z, deflate, , | 616 | AC_CHECK_LIB(z, deflate, , |
@@ -638,29 +643,40 @@ AC_ARG_WITH(zlib-version-check, | |||
638 | ] | 643 | ] |
639 | ) | 644 | ) |
640 | 645 | ||
641 | AC_MSG_CHECKING(for zlib 1.1.4 or greater) | 646 | AC_MSG_CHECKING(for possibly buggy zlib) |
642 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ | 647 | AC_RUN_IFELSE([AC_LANG_SOURCE([[ |
648 | #include <stdio.h> | ||
643 | #include <zlib.h> | 649 | #include <zlib.h> |
644 | int main() | 650 | int main() |
645 | { | 651 | { |
646 | int a, b, c, v; | 652 | int a=0, b=0, c=0, d=0, n, v; |
647 | if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3) | 653 | n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); |
654 | if (n != 3 && n != 4) | ||
648 | exit(1); | 655 | exit(1); |
649 | v = a*1000000 + b*1000 + c; | 656 | v = a*1000000 + b*10000 + c*100 + d; |
650 | if (v >= 1001004) | 657 | fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); |
658 | |||
659 | /* 1.1.4 is OK */ | ||
660 | if (a == 1 && b == 1 && c >= 4) | ||
651 | exit(0); | 661 | exit(0); |
662 | |||
663 | /* 1.2.1.2 and up are OK */ | ||
664 | if (v >= 1020102) | ||
665 | exit(0); | ||
666 | |||
652 | exit(2); | 667 | exit(2); |
653 | } | 668 | } |
654 | ]])], | 669 | ]])], |
655 | AC_MSG_RESULT(yes), | 670 | AC_MSG_RESULT(no), |
656 | [ AC_MSG_RESULT(no) | 671 | [ AC_MSG_RESULT(yes) |
657 | if test -z "$zlib_check_nonfatal" ; then | 672 | if test -z "$zlib_check_nonfatal" ; then |
658 | AC_MSG_ERROR([*** zlib too old - check config.log *** | 673 | AC_MSG_ERROR([*** zlib too old - check config.log *** |
659 | Your reported zlib version has known security problems. It's possible your | 674 | Your reported zlib version has known security problems. It's possible your |
660 | vendor has fixed these problems without changing the version number. If you | 675 | vendor has fixed these problems without changing the version number. If you |
661 | are sure this is the case, you can disable the check by running | 676 | are sure this is the case, you can disable the check by running |
662 | "./configure --without-zlib-version-check". | 677 | "./configure --without-zlib-version-check". |
663 | If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) | 678 | If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. |
679 | See http://www.gzip.org/zlib/ for details.]) | ||
664 | else | 680 | else |
665 | AC_MSG_WARN([zlib version may have security problems]) | 681 | AC_MSG_WARN([zlib version may have security problems]) |
666 | fi | 682 | fi |
@@ -730,7 +746,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} | |||
730 | AC_MSG_RESULT(no) | 746 | AC_MSG_RESULT(no) |
731 | AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) | 747 | AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) |
732 | ], | 748 | ], |
733 | [ | 749 | [ |
734 | AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) | 750 | AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) |
735 | AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) | 751 | AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) |
736 | ] | 752 | ] |
@@ -759,7 +775,7 @@ AC_ARG_WITH(skey, | |||
759 | AC_DEFINE(SKEY) | 775 | AC_DEFINE(SKEY) |
760 | LIBS="-lskey $LIBS" | 776 | LIBS="-lskey $LIBS" |
761 | SKEY_MSG="yes" | 777 | SKEY_MSG="yes" |
762 | 778 | ||
763 | AC_MSG_CHECKING([for s/key support]) | 779 | AC_MSG_CHECKING([for s/key support]) |
764 | AC_TRY_RUN( | 780 | AC_TRY_RUN( |
765 | [ | 781 | [ |
@@ -794,7 +810,8 @@ AC_ARG_WITH(tcp-wrappers, | |||
794 | saved_LIBS="$LIBS" | 810 | saved_LIBS="$LIBS" |
795 | saved_LDFLAGS="$LDFLAGS" | 811 | saved_LDFLAGS="$LDFLAGS" |
796 | saved_CPPFLAGS="$CPPFLAGS" | 812 | saved_CPPFLAGS="$CPPFLAGS" |
797 | if test -n "${withval}" -a "${withval}" != "yes"; then | 813 | if test -n "${withval}" && \ |
814 | test "x${withval}" != "xyes"; then | ||
798 | if test -d "${withval}/lib"; then | 815 | if test -d "${withval}/lib"; then |
799 | if test -n "${need_dash_r}"; then | 816 | if test -n "${need_dash_r}"; then |
800 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | 817 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" |
@@ -846,13 +863,18 @@ LIBEDIT_MSG="no" | |||
846 | AC_ARG_WITH(libedit, | 863 | AC_ARG_WITH(libedit, |
847 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], | 864 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], |
848 | [ if test "x$withval" != "xno" ; then | 865 | [ if test "x$withval" != "xno" ; then |
866 | if test "x$withval" != "xyes"; then | ||
867 | CPPFLAGS="$CPPFLAGS -I$withval/include" | ||
868 | LDFLAGS="$LDFLAGS -L$withval/lib" | ||
869 | fi | ||
849 | AC_CHECK_LIB(edit, el_init, | 870 | AC_CHECK_LIB(edit, el_init, |
850 | [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) | 871 | [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) |
851 | LIBEDIT="-ledit -lcurses" | 872 | LIBEDIT="-ledit -lcurses" |
852 | LIBEDIT_MSG="yes" | 873 | LIBEDIT_MSG="yes" |
853 | AC_SUBST(LIBEDIT) | 874 | AC_SUBST(LIBEDIT) |
854 | ], | 875 | ], |
855 | [], [-lcurses] | 876 | [ AC_MSG_ERROR(libedit not found) ], |
877 | [ -lcurses ] | ||
856 | ) | 878 | ) |
857 | fi ] | 879 | fi ] |
858 | ) | 880 | ) |
@@ -1011,7 +1033,9 @@ if test "x$ac_cv_func_getpeereid" != "xyes" ; then | |||
1011 | [#include <sys/types.h> | 1033 | [#include <sys/types.h> |
1012 | #include <sys/socket.h>], | 1034 | #include <sys/socket.h>], |
1013 | [int i = SO_PEERCRED;], | 1035 | [int i = SO_PEERCRED;], |
1014 | [AC_MSG_RESULT(yes)], | 1036 | [ AC_MSG_RESULT(yes) |
1037 | AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option]) | ||
1038 | ], | ||
1015 | [AC_MSG_RESULT(no) | 1039 | [AC_MSG_RESULT(no) |
1016 | NO_PEERCHECK=1] | 1040 | NO_PEERCHECK=1] |
1017 | ) | 1041 | ) |
@@ -1090,7 +1114,8 @@ main() | |||
1090 | ) | 1114 | ) |
1091 | fi | 1115 | fi |
1092 | 1116 | ||
1093 | if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then | 1117 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ |
1118 | test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then | ||
1094 | AC_MSG_CHECKING(if getaddrinfo seems to work) | 1119 | AC_MSG_CHECKING(if getaddrinfo seems to work) |
1095 | AC_TRY_RUN( | 1120 | AC_TRY_RUN( |
1096 | [ | 1121 | [ |
@@ -1158,7 +1183,8 @@ main(void) | |||
1158 | ) | 1183 | ) |
1159 | fi | 1184 | fi |
1160 | 1185 | ||
1161 | if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then | 1186 | if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ |
1187 | test "x$check_for_aix_broken_getaddrinfo" = "x1"; then | ||
1162 | AC_MSG_CHECKING(if getaddrinfo seems to work) | 1188 | AC_MSG_CHECKING(if getaddrinfo seems to work) |
1163 | AC_TRY_RUN( | 1189 | AC_TRY_RUN( |
1164 | [ | 1190 | [ |
@@ -1467,7 +1493,7 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } | |||
1467 | [ | 1493 | [ |
1468 | AC_MSG_WARN([cross compiling: assuming yes]) | 1494 | AC_MSG_WARN([cross compiling: assuming yes]) |
1469 | # This is safe, since all recent OpenSSL versions will | 1495 | # This is safe, since all recent OpenSSL versions will |
1470 | # complain at runtime if not seeded correctly. | 1496 | # complain at runtime if not seeded correctly. |
1471 | OPENSSL_SEEDS_ITSELF=yes | 1497 | OPENSSL_SEEDS_ITSELF=yes |
1472 | ] | 1498 | ] |
1473 | ) | 1499 | ) |
@@ -1489,10 +1515,10 @@ AC_ARG_WITH(rand-helper, | |||
1489 | USE_RAND_HELPER=yes | 1515 | USE_RAND_HELPER=yes |
1490 | fi | 1516 | fi |
1491 | ], | 1517 | ], |
1492 | ) | 1518 | ) |
1493 | 1519 | ||
1494 | # Which randomness source do we use? | 1520 | # Which randomness source do we use? |
1495 | if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then | 1521 | if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then |
1496 | # OpenSSL only | 1522 | # OpenSSL only |
1497 | AC_DEFINE(OPENSSL_PRNG_ONLY) | 1523 | AC_DEFINE(OPENSSL_PRNG_ONLY) |
1498 | RAND_MSG="OpenSSL internal ONLY" | 1524 | RAND_MSG="OpenSSL internal ONLY" |
@@ -1582,10 +1608,11 @@ entropy_timeout=200 | |||
1582 | AC_ARG_WITH(entropy-timeout, | 1608 | AC_ARG_WITH(entropy-timeout, |
1583 | [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], | 1609 | [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], |
1584 | [ | 1610 | [ |
1585 | if test "x$withval" != "xno" ; then | 1611 | if test -n "$withval" && test "x$withval" != "xno" && \ |
1612 | test "x${withval}" != "xyes"; then | ||
1586 | entropy_timeout=$withval | 1613 | entropy_timeout=$withval |
1587 | fi | 1614 | fi |
1588 | ] | 1615 | ] |
1589 | ) | 1616 | ) |
1590 | AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) | 1617 | AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) |
1591 | 1618 | ||
@@ -1593,10 +1620,11 @@ SSH_PRIVSEP_USER=sshd | |||
1593 | AC_ARG_WITH(privsep-user, | 1620 | AC_ARG_WITH(privsep-user, |
1594 | [ --with-privsep-user=user Specify non-privileged user for privilege separation], | 1621 | [ --with-privsep-user=user Specify non-privileged user for privilege separation], |
1595 | [ | 1622 | [ |
1596 | if test -n "$withval"; then | 1623 | if test -n "$withval" && test "x$withval" != "xno" && \ |
1624 | test "x${withval}" != "xyes"; then | ||
1597 | SSH_PRIVSEP_USER=$withval | 1625 | SSH_PRIVSEP_USER=$withval |
1598 | fi | 1626 | fi |
1599 | ] | 1627 | ] |
1600 | ) | 1628 | ) |
1601 | AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") | 1629 | AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") |
1602 | AC_SUBST(SSH_PRIVSEP_USER) | 1630 | AC_SUBST(SSH_PRIVSEP_USER) |
@@ -2030,9 +2058,9 @@ fi | |||
2030 | AC_CHECK_TYPES(struct timespec) | 2058 | AC_CHECK_TYPES(struct timespec) |
2031 | 2059 | ||
2032 | # We need int64_t or else certian parts of the compile will fail. | 2060 | # We need int64_t or else certian parts of the compile will fail. |
2033 | if test "x$ac_cv_have_int64_t" = "xno" -a \ | 2061 | if test "x$ac_cv_have_int64_t" = "xno" && \ |
2034 | "x$ac_cv_sizeof_long_int" != "x8" -a \ | 2062 | test "x$ac_cv_sizeof_long_int" != "x8" && \ |
2035 | "x$ac_cv_sizeof_long_long_int" = "x0" ; then | 2063 | test "x$ac_cv_sizeof_long_long_int" = "x0" ; then |
2036 | echo "OpenSSH requires int64_t support. Contact your vendor or install" | 2064 | echo "OpenSSH requires int64_t support. Contact your vendor or install" |
2037 | echo "an alternative compiler (I.E., GCC) before continuing." | 2065 | echo "an alternative compiler (I.E., GCC) before continuing." |
2038 | echo "" | 2066 | echo "" |
@@ -2324,23 +2352,28 @@ AC_ARG_WITH(sectok, | |||
2324 | ) | 2352 | ) |
2325 | 2353 | ||
2326 | # Check whether user wants OpenSC support | 2354 | # Check whether user wants OpenSC support |
2355 | OPENSC_CONFIG="no" | ||
2327 | AC_ARG_WITH(opensc, | 2356 | AC_ARG_WITH(opensc, |
2328 | AC_HELP_STRING([--with-opensc=PFX], | 2357 | [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], |
2329 | [Enable smartcard support using OpenSC]), | 2358 | [ |
2330 | opensc_config_prefix="$withval", opensc_config_prefix="") | 2359 | if test "x$withval" != "xno" ; then |
2331 | if test x$opensc_config_prefix != x ; then | 2360 | if test "x$withval" != "xyes" ; then |
2332 | OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config | 2361 | OPENSC_CONFIG=$withval/bin/opensc-config |
2333 | AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) | 2362 | else |
2334 | if test "$OPENSC_CONFIG" != "no"; then | 2363 | AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) |
2335 | LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` | 2364 | fi |
2336 | LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` | 2365 | if test "$OPENSC_CONFIG" != "no"; then |
2337 | CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" | 2366 | LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` |
2338 | LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" | 2367 | LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` |
2339 | AC_DEFINE(SMARTCARD) | 2368 | CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" |
2340 | AC_DEFINE(USE_OPENSC) | 2369 | LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" |
2341 | SCARD_MSG="yes, using OpenSC" | 2370 | AC_DEFINE(SMARTCARD) |
2342 | fi | 2371 | AC_DEFINE(USE_OPENSC) |
2343 | fi | 2372 | SCARD_MSG="yes, using OpenSC" |
2373 | fi | ||
2374 | fi | ||
2375 | ] | ||
2376 | ) | ||
2344 | 2377 | ||
2345 | # Check libraries needed by DNS fingerprint support | 2378 | # Check libraries needed by DNS fingerprint support |
2346 | AC_SEARCH_LIBS(getrrsetbyname, resolv, | 2379 | AC_SEARCH_LIBS(getrrsetbyname, resolv, |
@@ -2423,7 +2456,7 @@ AC_ARG_WITH(kerberos5, | |||
2423 | AC_DEFINE(HEIMDAL) | 2456 | AC_DEFINE(HEIMDAL) |
2424 | K5LIBS="-lkrb5 -ldes" | 2457 | K5LIBS="-lkrb5 -ldes" |
2425 | K5LIBS="$K5LIBS -lcom_err -lasn1" | 2458 | K5LIBS="$K5LIBS -lcom_err -lasn1" |
2426 | AC_CHECK_LIB(roken, net_write, | 2459 | AC_CHECK_LIB(roken, net_write, |
2427 | [K5LIBS="$K5LIBS -lroken"]) | 2460 | [K5LIBS="$K5LIBS -lroken"]) |
2428 | ], | 2461 | ], |
2429 | [ AC_MSG_RESULT(no) | 2462 | [ AC_MSG_RESULT(no) |
@@ -2442,7 +2475,7 @@ AC_ARG_WITH(kerberos5, | |||
2442 | $K5LIBS) | 2475 | $K5LIBS) |
2443 | ], | 2476 | ], |
2444 | $K5LIBS) | 2477 | $K5LIBS) |
2445 | 2478 | ||
2446 | AC_CHECK_HEADER(gssapi.h, , | 2479 | AC_CHECK_HEADER(gssapi.h, , |
2447 | [ unset ac_cv_header_gssapi_h | 2480 | [ unset ac_cv_header_gssapi_h |
2448 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" | 2481 | CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" |
@@ -2482,7 +2515,8 @@ PRIVSEP_PATH=/var/empty | |||
2482 | AC_ARG_WITH(privsep-path, | 2515 | AC_ARG_WITH(privsep-path, |
2483 | [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], | 2516 | [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], |
2484 | [ | 2517 | [ |
2485 | if test "x$withval" != "$no" ; then | 2518 | if test -n "$withval" && test "x$withval" != "xno" && \ |
2519 | test "x${withval}" != "xyes"; then | ||
2486 | PRIVSEP_PATH=$withval | 2520 | PRIVSEP_PATH=$withval |
2487 | fi | 2521 | fi |
2488 | ] | 2522 | ] |
@@ -2492,7 +2526,8 @@ AC_SUBST(PRIVSEP_PATH) | |||
2492 | AC_ARG_WITH(xauth, | 2526 | AC_ARG_WITH(xauth, |
2493 | [ --with-xauth=PATH Specify path to xauth program ], | 2527 | [ --with-xauth=PATH Specify path to xauth program ], |
2494 | [ | 2528 | [ |
2495 | if test "x$withval" != "xno" ; then | 2529 | if test -n "$withval" && test "x$withval" != "xno" && \ |
2530 | test "x${withval}" != "xyes"; then | ||
2496 | xauth_path=$withval | 2531 | xauth_path=$withval |
2497 | fi | 2532 | fi |
2498 | ], | 2533 | ], |
@@ -2610,7 +2645,7 @@ AC_ARG_WITH(md5-passwords, | |||
2610 | AC_ARG_WITH(shadow, | 2645 | AC_ARG_WITH(shadow, |
2611 | [ --without-shadow Disable shadow password support], | 2646 | [ --without-shadow Disable shadow password support], |
2612 | [ | 2647 | [ |
2613 | if test "x$withval" = "xno" ; then | 2648 | if test "x$withval" = "xno" ; then |
2614 | AC_DEFINE(DISABLE_SHADOW) | 2649 | AC_DEFINE(DISABLE_SHADOW) |
2615 | disable_shadow=yes | 2650 | disable_shadow=yes |
2616 | fi | 2651 | fi |
@@ -2645,7 +2680,7 @@ else | |||
2645 | AC_ARG_WITH(ipaddr-display, | 2680 | AC_ARG_WITH(ipaddr-display, |
2646 | [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], | 2681 | [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], |
2647 | [ | 2682 | [ |
2648 | if test "x$withval" != "xno" ; then | 2683 | if test "x$withval" != "xno" ; then |
2649 | AC_DEFINE(IPADDR_IN_DISPLAY) | 2684 | AC_DEFINE(IPADDR_IN_DISPLAY) |
2650 | DISPLAY_HACK_MSG="yes" | 2685 | DISPLAY_HACK_MSG="yes" |
2651 | fi | 2686 | fi |
@@ -2677,8 +2712,8 @@ if test "x$etc_default_login" != "xno"; then | |||
2677 | fi | 2712 | fi |
2678 | 2713 | ||
2679 | dnl BSD systems use /etc/login.conf so --with-default-path= has no effect | 2714 | dnl BSD systems use /etc/login.conf so --with-default-path= has no effect |
2680 | if test $ac_cv_func_login_getcapbool = "yes" -a \ | 2715 | if test $ac_cv_func_login_getcapbool = "yes" && \ |
2681 | $ac_cv_header_login_cap_h = "yes" ; then | 2716 | test $ac_cv_header_login_cap_h = "yes" ; then |
2682 | external_path_file=/etc/login.conf | 2717 | external_path_file=/etc/login.conf |
2683 | fi | 2718 | fi |
2684 | 2719 | ||
@@ -2691,7 +2726,7 @@ AC_ARG_WITH(default-path, | |||
2691 | AC_MSG_WARN([ | 2726 | AC_MSG_WARN([ |
2692 | --with-default-path=PATH has no effect on this system. | 2727 | --with-default-path=PATH has no effect on this system. |
2693 | Edit /etc/login.conf instead.]) | 2728 | Edit /etc/login.conf instead.]) |
2694 | elif test "x$withval" != "xno" ; then | 2729 | elif test "x$withval" != "xno" ; then |
2695 | if test ! -z "$external_path_file" ; then | 2730 | if test ! -z "$external_path_file" ; then |
2696 | AC_MSG_WARN([ | 2731 | AC_MSG_WARN([ |
2697 | --with-default-path=PATH will only be used if PATH is not defined in | 2732 | --with-default-path=PATH will only be used if PATH is not defined in |
@@ -2732,11 +2767,11 @@ main() | |||
2732 | { | 2767 | { |
2733 | FILE *fd; | 2768 | FILE *fd; |
2734 | int rc; | 2769 | int rc; |
2735 | 2770 | ||
2736 | fd = fopen(DATA,"w"); | 2771 | fd = fopen(DATA,"w"); |
2737 | if(fd == NULL) | 2772 | if(fd == NULL) |
2738 | exit(1); | 2773 | exit(1); |
2739 | 2774 | ||
2740 | if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) | 2775 | if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) |
2741 | exit(1); | 2776 | exit(1); |
2742 | 2777 | ||
@@ -2773,7 +2808,8 @@ fi | |||
2773 | AC_ARG_WITH(superuser-path, | 2808 | AC_ARG_WITH(superuser-path, |
2774 | [ --with-superuser-path= Specify different path for super-user], | 2809 | [ --with-superuser-path= Specify different path for super-user], |
2775 | [ | 2810 | [ |
2776 | if test "x$withval" != "xno" ; then | 2811 | if test -n "$withval" && test "x$withval" != "xno" && \ |
2812 | test "x${withval}" != "xyes"; then | ||
2777 | AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") | 2813 | AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") |
2778 | superuser_path=$withval | 2814 | superuser_path=$withval |
2779 | fi | 2815 | fi |
@@ -2809,7 +2845,7 @@ BSD_AUTH_MSG=no | |||
2809 | AC_ARG_WITH(bsd-auth, | 2845 | AC_ARG_WITH(bsd-auth, |
2810 | [ --with-bsd-auth Enable BSD auth support], | 2846 | [ --with-bsd-auth Enable BSD auth support], |
2811 | [ | 2847 | [ |
2812 | if test "x$withval" != "xno" ; then | 2848 | if test "x$withval" != "xno" ; then |
2813 | AC_DEFINE(BSD_AUTH) | 2849 | AC_DEFINE(BSD_AUTH) |
2814 | BSD_AUTH_MSG=yes | 2850 | BSD_AUTH_MSG=yes |
2815 | fi | 2851 | fi |
@@ -2819,7 +2855,7 @@ AC_ARG_WITH(bsd-auth, | |||
2819 | # Where to place sshd.pid | 2855 | # Where to place sshd.pid |
2820 | piddir=/var/run | 2856 | piddir=/var/run |
2821 | # make sure the directory exists | 2857 | # make sure the directory exists |
2822 | if test ! -d $piddir ; then | 2858 | if test ! -d $piddir ; then |
2823 | piddir=`eval echo ${sysconfdir}` | 2859 | piddir=`eval echo ${sysconfdir}` |
2824 | case $piddir in | 2860 | case $piddir in |
2825 | NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; | 2861 | NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; |
@@ -2829,9 +2865,10 @@ fi | |||
2829 | AC_ARG_WITH(pid-dir, | 2865 | AC_ARG_WITH(pid-dir, |
2830 | [ --with-pid-dir=PATH Specify location of ssh.pid file], | 2866 | [ --with-pid-dir=PATH Specify location of ssh.pid file], |
2831 | [ | 2867 | [ |
2832 | if test "x$withval" != "xno" ; then | 2868 | if test -n "$withval" && test "x$withval" != "xno" && \ |
2869 | test "x${withval}" != "xyes"; then | ||
2833 | piddir=$withval | 2870 | piddir=$withval |
2834 | if test ! -d $piddir ; then | 2871 | if test ! -d $piddir ; then |
2835 | AC_MSG_WARN([** no $piddir directory on this system **]) | 2872 | AC_MSG_WARN([** no $piddir directory on this system **]) |
2836 | fi | 2873 | fi |
2837 | fi | 2874 | fi |
@@ -2909,9 +2946,9 @@ AC_ARG_ENABLE(pututxline, | |||
2909 | AC_ARG_WITH(lastlog, | 2946 | AC_ARG_WITH(lastlog, |
2910 | [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], | 2947 | [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], |
2911 | [ | 2948 | [ |
2912 | if test "x$withval" = "xno" ; then | 2949 | if test "x$withval" = "xno" ; then |
2913 | AC_DEFINE(DISABLE_LASTLOG) | 2950 | AC_DEFINE(DISABLE_LASTLOG) |
2914 | else | 2951 | elif test -n "$withval" && test "x${withval}" != "xyes"; then |
2915 | conf_lastlog_location=$withval | 2952 | conf_lastlog_location=$withval |
2916 | fi | 2953 | fi |
2917 | ] | 2954 | ] |
@@ -2978,7 +3015,7 @@ fi | |||
2978 | 3015 | ||
2979 | if test -n "$conf_lastlog_location"; then | 3016 | if test -n "$conf_lastlog_location"; then |
2980 | AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location") | 3017 | AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location") |
2981 | fi | 3018 | fi |
2982 | 3019 | ||
2983 | dnl utmp detection | 3020 | dnl utmp detection |
2984 | AC_MSG_CHECKING([if your system defines UTMP_FILE]) | 3021 | AC_MSG_CHECKING([if your system defines UTMP_FILE]) |
@@ -3008,7 +3045,7 @@ if test -z "$conf_utmp_location"; then | |||
3008 | fi | 3045 | fi |
3009 | if test -n "$conf_utmp_location"; then | 3046 | if test -n "$conf_utmp_location"; then |
3010 | AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location") | 3047 | AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location") |
3011 | fi | 3048 | fi |
3012 | 3049 | ||
3013 | dnl wtmp detection | 3050 | dnl wtmp detection |
3014 | AC_MSG_CHECKING([if your system defines WTMP_FILE]) | 3051 | AC_MSG_CHECKING([if your system defines WTMP_FILE]) |
@@ -3038,7 +3075,7 @@ if test -z "$conf_wtmp_location"; then | |||
3038 | fi | 3075 | fi |
3039 | if test -n "$conf_wtmp_location"; then | 3076 | if test -n "$conf_wtmp_location"; then |
3040 | AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location") | 3077 | AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location") |
3041 | fi | 3078 | fi |
3042 | 3079 | ||
3043 | 3080 | ||
3044 | dnl utmpx detection - I don't know any system so perverse as to require | 3081 | dnl utmpx detection - I don't know any system so perverse as to require |
@@ -3066,7 +3103,7 @@ if test -z "$conf_utmpx_location"; then | |||
3066 | fi | 3103 | fi |
3067 | else | 3104 | else |
3068 | AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") | 3105 | AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") |
3069 | fi | 3106 | fi |
3070 | 3107 | ||
3071 | dnl wtmpx detection | 3108 | dnl wtmpx detection |
3072 | AC_MSG_CHECKING([if your system defines WTMPX_FILE]) | 3109 | AC_MSG_CHECKING([if your system defines WTMPX_FILE]) |
@@ -3091,7 +3128,7 @@ if test -z "$conf_wtmpx_location"; then | |||
3091 | fi | 3128 | fi |
3092 | else | 3129 | else |
3093 | AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") | 3130 | AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") |
3094 | fi | 3131 | fi |
3095 | 3132 | ||
3096 | 3133 | ||
3097 | if test ! -z "$blibpath" ; then | 3134 | if test ! -z "$blibpath" ; then |
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 4a5c32b0e..09b9c118c 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh | |||
@@ -1,7 +1,7 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # | 2 | # |
3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages | 3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages |
4 | # $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $ | 4 | # $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ |
5 | # | 5 | # |
6 | # Author: Darren Tucker (dtucker at zip dot com dot au) | 6 | # Author: Darren Tucker (dtucker at zip dot com dot au) |
7 | # This file is placed in the public domain and comes with absolutely | 7 | # This file is placed in the public domain and comes with absolutely |
@@ -219,7 +219,7 @@ else | |||
219 | fi | 219 | fi |
220 | 220 | ||
221 | # Create user if required | 221 | # Create user if required |
222 | if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 222 | if lsuser "$SSH_PRIVSEP_USER" >/dev/null |
223 | then | 223 | then |
224 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | 224 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." |
225 | else | 225 | else |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 67d8e6ff4..355663ed4 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -17,12 +17,12 @@ | |||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %if %{use_stable} | 19 | %if %{use_stable} |
20 | %define version 4.0p1 | 20 | %define version 4.1p1 |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 1 | 22 | %define release 1 |
23 | %else | 23 | %else |
24 | %define version 3.9p1 | 24 | %define version 4.1p1 |
25 | %define cvs cvs20011009 | 25 | %define cvs cvs20050315 |
26 | %define release 0r1 | 26 | %define release 0r1 |
27 | %endif | 27 | %endif |
28 | %define xsa x11-ssh-askpass | 28 | %define xsa x11-ssh-askpass |
@@ -297,12 +297,7 @@ fi | |||
297 | 297 | ||
298 | %PreUn server | 298 | %PreUn server |
299 | [ "$1" = 0 ] || exit 0 | 299 | [ "$1" = 0 ] || exit 0 |
300 | |||
301 | ! %{SVIdir}/sshd status || %{SVIdir}/sshd stop | 300 | ! %{SVIdir}/sshd status || %{SVIdir}/sshd stop |
302 | : # to protect the rpm database | ||
303 | |||
304 | |||
305 | %PostUn server | ||
306 | if [ -x %{LSBinit}-remove ]; then | 301 | if [ -x %{LSBinit}-remove ]; then |
307 | %{LSBinit}-remove sshd | 302 | %{LSBinit}-remove sshd |
308 | else | 303 | else |
@@ -310,7 +305,6 @@ else | |||
310 | fi | 305 | fi |
311 | : # to protect the rpm database | 306 | : # to protect the rpm database |
312 | 307 | ||
313 | |||
314 | %Files | 308 | %Files |
315 | %defattr(-,root,root) | 309 | %defattr(-,root,root) |
316 | %dir %{_sysconfdir} | 310 | %dir %{_sysconfdir} |
@@ -363,4 +357,4 @@ fi | |||
363 | * Mon Jan 01 1998 ... | 357 | * Mon Jan 01 1998 ... |
364 | Template Version: 1.31 | 358 | Template Version: 1.31 |
365 | 359 | ||
366 | $Id: openssh.spec,v 1.52 2005/03/09 00:02:42 djm Exp $ | 360 | $Id: openssh.spec,v 1.54 2005/05/25 04:43:48 djm Exp $ |
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index c7164f610..fbfb5c195 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -449,12 +449,10 @@ then | |||
449 | echo "Should this script create a new local account 'sshd_server' which has" | 449 | echo "Should this script create a new local account 'sshd_server' which has" |
450 | if request "the required privileges?" | 450 | if request "the required privileges?" |
451 | then | 451 | then |
452 | _admingroup=`awk -F: '{if ( $1 != "root" && $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` | 452 | _admingroup=`mkgroup -l | awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ` |
453 | if [ -z "${_admingroup}" ] | 453 | if [ -z "${_admingroup}" ] |
454 | then | 454 | then |
455 | echo "There's no group with SID S-1-5-32-544 (Local administrators group) in" | 455 | echo "mkgroup -l produces no group with SID S-1-5-32-544 (Local administrators group)." |
456 | echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'" | ||
457 | echo "and restart this script." | ||
458 | exit 1 | 456 | exit 1 |
459 | fi | 457 | fi |
460 | dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` | 458 | dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` |
@@ -585,6 +583,16 @@ then | |||
585 | chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log | 583 | chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log |
586 | fi | 584 | fi |
587 | fi | 585 | fi |
586 | if ! ( mount | egrep -q 'on /(|usr/(bin|lib)) type system' ) | ||
587 | then | ||
588 | echo | ||
589 | echo "Warning: It appears that you have user mode mounts (\"Just me\"" | ||
590 | echo "chosen during install.) Any daemons installed as services will" | ||
591 | echo "fail to function unless system mounts are used. To change this," | ||
592 | echo "re-run setup.exe and choose \"All users\"." | ||
593 | echo | ||
594 | echo "For more information, see http://cygwin.com/faq/faq0.html#TOC33" | ||
595 | fi | ||
588 | fi | 596 | fi |
589 | fi | 597 | fi |
590 | 598 | ||
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 8fbc4c02a..430c4d323 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 4.0p1 | 1 | %define ver 4.1p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 449613db6..a574d3f2f 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 4.0p1 | 3 | Version: 4.1p1 |
4 | URL: http://www.openssh.com/ | 4 | URL: http://www.openssh.com/ |
5 | Release: 1 | 5 | Release: 1 |
6 | Source0: openssh-%{version}.tar.gz | 6 | Source0: openssh-%{version}.tar.gz |
diff --git a/hostfile.c b/hostfile.c index 2e1c8bcd0..bf2a31c9b 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $"); | 39 | RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $"); |
40 | 40 | ||
41 | #include <resolv.h> | 41 | #include <resolv.h> |
42 | #include <openssl/hmac.h> | 42 | #include <openssl/hmac.h> |
@@ -92,7 +92,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len) | |||
92 | salt_len, ret); | 92 | salt_len, ret); |
93 | return (-1); | 93 | return (-1); |
94 | } | 94 | } |
95 | 95 | ||
96 | return (0); | 96 | return (0); |
97 | } | 97 | } |
98 | 98 | ||
@@ -123,7 +123,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
123 | HMAC_Final(&mac_ctx, result, NULL); | 123 | HMAC_Final(&mac_ctx, result, NULL); |
124 | HMAC_cleanup(&mac_ctx); | 124 | HMAC_cleanup(&mac_ctx); |
125 | 125 | ||
126 | if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || | 126 | if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || |
127 | __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) | 127 | __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) |
128 | fatal("host_hash: __b64_ntop failed"); | 128 | fatal("host_hash: __b64_ntop failed"); |
129 | 129 | ||
@@ -310,7 +310,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host, | |||
310 | */ | 310 | */ |
311 | 311 | ||
312 | int | 312 | int |
313 | add_host_to_hostfile(const char *filename, const char *host, const Key *key, | 313 | add_host_to_hostfile(const char *filename, const char *host, const Key *key, |
314 | int store_hash) | 314 | int store_hash) |
315 | { | 315 | { |
316 | FILE *f; | 316 | FILE *f; |
@@ -197,6 +197,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr) | |||
197 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) | 197 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) |
198 | struct syslog_data sdata = SYSLOG_DATA_INIT; | 198 | struct syslog_data sdata = SYSLOG_DATA_INIT; |
199 | #endif | 199 | #endif |
200 | |||
200 | argv0 = av0; | 201 | argv0 = av0; |
201 | 202 | ||
202 | switch (level) { | 203 | switch (level) { |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $"); | 26 | RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $"); |
27 | 27 | ||
28 | #include "misc.h" | 28 | #include "misc.h" |
29 | #include "log.h" | 29 | #include "log.h" |
@@ -303,13 +303,13 @@ hpdelim(char **cp) | |||
303 | case '\0': | 303 | case '\0': |
304 | *cp = NULL; /* no more fields*/ | 304 | *cp = NULL; /* no more fields*/ |
305 | break; | 305 | break; |
306 | 306 | ||
307 | case ':': | 307 | case ':': |
308 | case '/': | 308 | case '/': |
309 | *s = '\0'; /* terminate */ | 309 | *s = '\0'; /* terminate */ |
310 | *cp = s + 1; | 310 | *cp = s + 1; |
311 | break; | 311 | break; |
312 | 312 | ||
313 | default: | 313 | default: |
314 | return NULL; | 314 | return NULL; |
315 | } | 315 | } |
@@ -391,7 +391,7 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, | |||
391 | debug("%s: %s line %lu exceeds size limit", __func__, | 391 | debug("%s: %s line %lu exceeds size limit", __func__, |
392 | filename, *lineno); | 392 | filename, *lineno); |
393 | /* discard remainder of line */ | 393 | /* discard remainder of line */ |
394 | while(fgetc(f) != '\n' && !feof(f)) | 394 | while (fgetc(f) != '\n' && !feof(f)) |
395 | ; /* nothing */ | 395 | ; /* nothing */ |
396 | } | 396 | } |
397 | } | 397 | } |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -310,6 +310,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
310 | authctxt = _authctxt; | 310 | authctxt = _authctxt; |
311 | memset(authctxt, 0, sizeof(*authctxt)); | 311 | memset(authctxt, 0, sizeof(*authctxt)); |
312 | 312 | ||
313 | authctxt->loginmsg = &loginmsg; | ||
314 | |||
313 | if (compat20) { | 315 | if (compat20) { |
314 | mon_dispatch = mon_dispatch_proto20; | 316 | mon_dispatch = mon_dispatch_proto20; |
315 | 317 | ||
@@ -976,7 +978,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
976 | debug3("%s: key_from_blob: %p", __func__, key); | 978 | debug3("%s: key_from_blob: %p", __func__, key); |
977 | 979 | ||
978 | if (key != NULL && authctxt->valid) { | 980 | if (key != NULL && authctxt->valid) { |
979 | switch(type) { | 981 | switch (type) { |
980 | case MM_USERKEY: | 982 | case MM_USERKEY: |
981 | allowed = options.pubkey_authentication && | 983 | allowed = options.pubkey_authentication && |
982 | user_key_allowed(authctxt->pw, key); | 984 | user_key_allowed(authctxt->pw, key); |
@@ -1523,7 +1525,6 @@ mm_answer_audit_event(int socket, Buffer *m) | |||
1523 | debug3("%s entering", __func__); | 1525 | debug3("%s entering", __func__); |
1524 | 1526 | ||
1525 | event = buffer_get_int(m); | 1527 | event = buffer_get_int(m); |
1526 | buffer_free(m); | ||
1527 | switch(event) { | 1528 | switch(event) { |
1528 | case SSH_AUTH_FAIL_PUBKEY: | 1529 | case SSH_AUTH_FAIL_PUBKEY: |
1529 | case SSH_AUTH_FAIL_HOSTBASED: | 1530 | case SSH_AUTH_FAIL_HOSTBASED: |
@@ -1552,7 +1553,6 @@ mm_answer_audit_command(int socket, Buffer *m) | |||
1552 | /* sanity check command, if so how? */ | 1553 | /* sanity check command, if so how? */ |
1553 | audit_run_command(cmd); | 1554 | audit_run_command(cmd); |
1554 | xfree(cmd); | 1555 | xfree(cmd); |
1555 | buffer_free(m); | ||
1556 | return (0); | 1556 | return (0); |
1557 | } | 1557 | } |
1558 | #endif /* SSH_AUDIT_EVENTS */ | 1558 | #endif /* SSH_AUDIT_EVENTS */ |
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index f53abb6e2..ff394ec17 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -29,7 +29,7 @@ | |||
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | 31 | ||
32 | RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); | 32 | RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $"); |
33 | 33 | ||
34 | #ifdef HAVE_CYGWIN | 34 | #ifdef HAVE_CYGWIN |
35 | 35 | ||
@@ -247,6 +247,7 @@ static struct wenv { | |||
247 | { NL("COMMONPROGRAMFILES=") }, | 247 | { NL("COMMONPROGRAMFILES=") }, |
248 | { NL("COMPUTERNAME=") }, | 248 | { NL("COMPUTERNAME=") }, |
249 | { NL("COMSPEC=") }, | 249 | { NL("COMSPEC=") }, |
250 | { NL("CYGWIN=") }, | ||
250 | { NL("NUMBER_OF_PROCESSORS=") }, | 251 | { NL("NUMBER_OF_PROCESSORS=") }, |
251 | { NL("OS=") }, | 252 | { NL("OS=") }, |
252 | { NL("PATH=") }, | 253 | { NL("PATH=") }, |
@@ -260,7 +261,7 @@ static struct wenv { | |||
260 | { NL("SYSTEMROOT=") }, | 261 | { NL("SYSTEMROOT=") }, |
261 | { NL("TMP=") }, | 262 | { NL("TMP=") }, |
262 | { NL("TEMP=") }, | 263 | { NL("TEMP=") }, |
263 | { NL("WINDIR=") }, | 264 | { NL("WINDIR=") } |
264 | }; | 265 | }; |
265 | 266 | ||
266 | char ** | 267 | char ** |
@@ -269,7 +270,7 @@ fetch_windows_environment(void) | |||
269 | char **e, **p; | 270 | char **e, **p; |
270 | int i, idx = 0; | 271 | int i, idx = 0; |
271 | 272 | ||
272 | p = xmalloc(WENV_SIZ * sizeof(char *)); | 273 | p = xmalloc((WENV_SIZ + 1) * sizeof(char *)); |
273 | for (e = environ; *e != NULL; ++e) { | 274 | for (e = environ; *e != NULL; ++e) { |
274 | for (i = 0; i < WENV_SIZ; ++i) { | 275 | for (i = 0; i < WENV_SIZ; ++i) { |
275 | if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) | 276 | if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index fa6a4ff7b..cf5d4b9a3 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -151,7 +151,7 @@ aix_valid_authentications(const char *user) | |||
151 | * returns 0. | 151 | * returns 0. |
152 | */ | 152 | */ |
153 | int | 153 | int |
154 | sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) | 154 | sys_auth_passwd(Authctxt *ctxt, const char *password) |
155 | { | 155 | { |
156 | char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; | 156 | char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; |
157 | int authsuccess = 0, expired, reenter, result; | 157 | int authsuccess = 0, expired, reenter, result; |
@@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) | |||
181 | */ | 181 | */ |
182 | expired = passwdexpired(name, &msg); | 182 | expired = passwdexpired(name, &msg); |
183 | if (msg && *msg) { | 183 | if (msg && *msg) { |
184 | buffer_append(loginmsg, msg, strlen(msg)); | 184 | buffer_append(ctxt->loginmsg, msg, strlen(msg)); |
185 | aix_remove_embedded_newlines(msg); | 185 | aix_remove_embedded_newlines(msg); |
186 | } | 186 | } |
187 | debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); | 187 | debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); |
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index a05ce9703..9e3dce4dd 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ | 1 | /* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * | 4 | * |
@@ -47,7 +47,9 @@ | |||
47 | 47 | ||
48 | /* These should be in the system headers but are not. */ | 48 | /* These should be in the system headers but are not. */ |
49 | int usrinfo(int, char *, int); | 49 | int usrinfo(int, char *, int); |
50 | #if (HAVE_DECL_SETAUTHDB == 0) | ||
50 | int setauthdb(const char *, char *); | 51 | int setauthdb(const char *, char *); |
52 | #endif | ||
51 | /* these may or may not be in the headers depending on the version */ | 53 | /* these may or may not be in the headers depending on the version */ |
52 | #if (HAVE_DECL_AUTHENTICATE == 0) | 54 | #if (HAVE_DECL_AUTHENTICATE == 0) |
53 | int authenticate(char *, char *, int *, char **); | 55 | int authenticate(char *, char *, int *, char **); |
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 4ee1be5de..eb060bdbf 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c | |||
@@ -137,8 +137,11 @@ restart: | |||
137 | (void)write(output, "\n", 1); | 137 | (void)write(output, "\n", 1); |
138 | 138 | ||
139 | /* Restore old terminal settings and signals. */ | 139 | /* Restore old terminal settings and signals. */ |
140 | if (memcmp(&term, &oterm, sizeof(term)) != 0) | 140 | if (memcmp(&term, &oterm, sizeof(term)) != 0) { |
141 | (void)tcsetattr(input, _T_FLUSH, &oterm); | 141 | while (tcsetattr(input, _T_FLUSH, &oterm) == -1 && |
142 | errno == EINTR) | ||
143 | continue; | ||
144 | } | ||
142 | (void)sigaction(SIGALRM, &savealrm, NULL); | 145 | (void)sigaction(SIGALRM, &savealrm, NULL); |
143 | (void)sigaction(SIGHUP, &savehup, NULL); | 146 | (void)sigaction(SIGHUP, &savehup, NULL); |
144 | (void)sigaction(SIGINT, &saveint, NULL); | 147 | (void)sigaction(SIGINT, &saveint, NULL); |
diff --git a/readconf.c b/readconf.c index 963b706aa..6c0511519 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.139 2005/03/10 22:01:05 deraadt Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -256,12 +256,14 @@ clear_forwardings(Options *options) | |||
256 | int i; | 256 | int i; |
257 | 257 | ||
258 | for (i = 0; i < options->num_local_forwards; i++) { | 258 | for (i = 0; i < options->num_local_forwards; i++) { |
259 | xfree(options->local_forwards[i].listen_host); | 259 | if (options->local_forwards[i].listen_host != NULL) |
260 | xfree(options->local_forwards[i].listen_host); | ||
260 | xfree(options->local_forwards[i].connect_host); | 261 | xfree(options->local_forwards[i].connect_host); |
261 | } | 262 | } |
262 | options->num_local_forwards = 0; | 263 | options->num_local_forwards = 0; |
263 | for (i = 0; i < options->num_remote_forwards; i++) { | 264 | for (i = 0; i < options->num_remote_forwards; i++) { |
264 | xfree(options->remote_forwards[i].listen_host); | 265 | if (options->remote_forwards[i].listen_host != NULL) |
266 | xfree(options->remote_forwards[i].listen_host); | ||
265 | xfree(options->remote_forwards[i].connect_host); | 267 | xfree(options->remote_forwards[i].connect_host); |
266 | } | 268 | } |
267 | options->num_remote_forwards = 0; | 269 | options->num_remote_forwards = 0; |
@@ -302,7 +304,7 @@ process_config_line(Options *options, const char *host, | |||
302 | Forward fwd; | 304 | Forward fwd; |
303 | 305 | ||
304 | /* Strip trailing whitespace */ | 306 | /* Strip trailing whitespace */ |
305 | for(len = strlen(line) - 1; len > 0; len--) { | 307 | for (len = strlen(line) - 1; len > 0; len--) { |
306 | if (strchr(WHITESPACE, line[len]) == NULL) | 308 | if (strchr(WHITESPACE, line[len]) == NULL) |
307 | break; | 309 | break; |
308 | line[len] = '\0'; | 310 | line[len] = '\0'; |
diff --git a/regress/multiplex.sh b/regress/multiplex.sh index e8cc1ac53..a172e5790 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh | |||
@@ -1,7 +1,7 @@ | |||
1 | # $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ | 1 | # $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | CTL=$OBJ/ctl-sock | 4 | CTL=/tmp/openssh.regress.ctl-sock.$$ |
5 | 5 | ||
6 | tid="connection multiplexing" | 6 | tid="connection multiplexing" |
7 | 7 | ||
@@ -89,6 +89,4 @@ ${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed" | |||
89 | # Wait for master to exit | 89 | # Wait for master to exit |
90 | sleep 2 | 90 | sleep 2 |
91 | 91 | ||
92 | ps -p $MASTER_PID >/dev/null && fail "exit command failed" | 92 | kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" |
93 | |||
94 | cleanup | ||
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 4e53449be..bd0c025ba 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -197,7 +197,7 @@ cat << EOF > $OBJ/sshd_config | |||
197 | #ListenAddress ::1 | 197 | #ListenAddress ::1 |
198 | PidFile $PIDFILE | 198 | PidFile $PIDFILE |
199 | AuthorizedKeysFile $OBJ/authorized_keys_%u | 199 | AuthorizedKeysFile $OBJ/authorized_keys_%u |
200 | LogLevel DEBUG | 200 | LogLevel VERBOSE |
201 | AcceptEnv _XXX_TEST_* | 201 | AcceptEnv _XXX_TEST_* |
202 | AcceptEnv _XXX_TEST | 202 | AcceptEnv _XXX_TEST |
203 | Subsystem sftp $SFTPSERVER | 203 | Subsystem sftp $SFTPSERVER |
@@ -141,4 +141,4 @@ AUTHORS | |||
141 | Timo Rinne <tri@iki.fi> | 141 | Timo Rinne <tri@iki.fi> |
142 | Tatu Ylonen <ylo@cs.hut.fi> | 142 | Tatu Ylonen <ylo@cs.hut.fi> |
143 | 143 | ||
144 | OpenBSD 3.6 September 25, 1999 3 | 144 | OpenBSD 3.7 September 25, 1999 3 |
@@ -71,7 +71,7 @@ | |||
71 | */ | 71 | */ |
72 | 72 | ||
73 | #include "includes.h" | 73 | #include "includes.h" |
74 | RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $"); | 74 | RCSID("$OpenBSD: scp.c,v 1.121 2005/04/02 12:41:16 djm Exp $"); |
75 | 75 | ||
76 | #include "xmalloc.h" | 76 | #include "xmalloc.h" |
77 | #include "atomicio.h" | 77 | #include "atomicio.h" |
@@ -361,20 +361,21 @@ void | |||
361 | toremote(char *targ, int argc, char **argv) | 361 | toremote(char *targ, int argc, char **argv) |
362 | { | 362 | { |
363 | int i, len; | 363 | int i, len; |
364 | char *bp, *host, *src, *suser, *thost, *tuser; | 364 | char *bp, *host, *src, *suser, *thost, *tuser, *arg; |
365 | 365 | ||
366 | *targ++ = 0; | 366 | *targ++ = 0; |
367 | if (*targ == 0) | 367 | if (*targ == 0) |
368 | targ = "."; | 368 | targ = "."; |
369 | 369 | ||
370 | if ((thost = strrchr(argv[argc - 1], '@'))) { | 370 | arg = xstrdup(argv[argc - 1]); |
371 | if ((thost = strrchr(arg, '@'))) { | ||
371 | /* user@host */ | 372 | /* user@host */ |
372 | *thost++ = 0; | 373 | *thost++ = 0; |
373 | tuser = argv[argc - 1]; | 374 | tuser = arg; |
374 | if (*tuser == '\0') | 375 | if (*tuser == '\0') |
375 | tuser = NULL; | 376 | tuser = NULL; |
376 | } else { | 377 | } else { |
377 | thost = argv[argc - 1]; | 378 | thost = arg; |
378 | tuser = NULL; | 379 | tuser = NULL; |
379 | } | 380 | } |
380 | 381 | ||
diff --git a/servconf.c b/servconf.c index 2d1a0c362..96ad18084 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.140 2005/03/10 22:01:05 deraadt Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | 15 | #include "ssh.h" |
16 | #include "log.h" | 16 | #include "log.h" |
@@ -1001,7 +1001,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf) | |||
1001 | 1001 | ||
1002 | obuf = cbuf = xstrdup(buffer_ptr(conf)); | 1002 | obuf = cbuf = xstrdup(buffer_ptr(conf)); |
1003 | linenum = 1; | 1003 | linenum = 1; |
1004 | while((cp = strsep(&cbuf, "\n")) != NULL) { | 1004 | while ((cp = strsep(&cbuf, "\n")) != NULL) { |
1005 | if (process_server_config_line(options, cp, filename, | 1005 | if (process_server_config_line(options, cp, filename, |
1006 | linenum++) != 0) | 1006 | linenum++) != 0) |
1007 | bad_options++; | 1007 | bad_options++; |
@@ -1477,7 +1477,8 @@ do_child(Session *s, const char *command) | |||
1477 | } | 1477 | } |
1478 | 1478 | ||
1479 | #ifdef USE_PAM | 1479 | #ifdef USE_PAM |
1480 | if (options.use_pam && !is_pam_session_open()) { | 1480 | if (options.use_pam && !options.use_login && !is_pam_session_open()) { |
1481 | debug3("PAM session not opened, exiting"); | ||
1481 | display_loginmsg(); | 1482 | display_loginmsg(); |
1482 | exit(254); | 1483 | exit(254); |
1483 | } | 1484 | } |
diff --git a/sftp-client.c b/sftp-client.c index d894a11f2..92df42751 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -20,7 +20,7 @@ | |||
20 | /* XXX: copy between two remote sites */ | 20 | /* XXX: copy between two remote sites */ |
21 | 21 | ||
22 | #include "includes.h" | 22 | #include "includes.h" |
23 | RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $"); | 23 | RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $"); |
24 | 24 | ||
25 | #include "openbsd-compat/sys-queue.h" | 25 | #include "openbsd-compat/sys-queue.h" |
26 | 26 | ||
@@ -856,7 +856,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
856 | debug3("Received reply T:%u I:%u R:%d", type, id, max_req); | 856 | debug3("Received reply T:%u I:%u R:%d", type, id, max_req); |
857 | 857 | ||
858 | /* Find the request in our queue */ | 858 | /* Find the request in our queue */ |
859 | for(req = TAILQ_FIRST(&requests); | 859 | for (req = TAILQ_FIRST(&requests); |
860 | req != NULL && req->id != id; | 860 | req != NULL && req->id != id; |
861 | req = TAILQ_NEXT(req, tq)) | 861 | req = TAILQ_NEXT(req, tq)) |
862 | ; | 862 | ; |
@@ -1109,7 +1109,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1109 | debug3("SSH2_FXP_STATUS %d", status); | 1109 | debug3("SSH2_FXP_STATUS %d", status); |
1110 | 1110 | ||
1111 | /* Find the request in our queue */ | 1111 | /* Find the request in our queue */ |
1112 | for(ack = TAILQ_FIRST(&acks); | 1112 | for (ack = TAILQ_FIRST(&acks); |
1113 | ack != NULL && ack->id != r_id; | 1113 | ack != NULL && ack->id != r_id; |
1114 | ack = TAILQ_NEXT(ack, tq)) | 1114 | ack = TAILQ_NEXT(ack, tq)) |
1115 | ; | 1115 | ; |
diff --git a/sftp-server.0 b/sftp-server.0 index 995e48ecd..b1c89c702 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -24,4 +24,4 @@ AUTHORS | |||
24 | HISTORY | 24 | HISTORY |
25 | sftp-server first appeared in OpenBSD 2.8 . | 25 | sftp-server first appeared in OpenBSD 2.8 . |
26 | 26 | ||
27 | OpenBSD 3.6 August 30, 2000 1 | 27 | OpenBSD 3.7 August 30, 2000 1 |
@@ -262,4 +262,4 @@ SEE ALSO | |||
262 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 262 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- |
263 | filexfer-00.txt, January 2001, work in progress material. | 263 | filexfer-00.txt, January 2001, work in progress material. |
264 | 264 | ||
265 | OpenBSD 3.6 February 4, 2001 4 | 265 | OpenBSD 3.7 February 4, 2001 4 |
@@ -16,7 +16,7 @@ | |||
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | 18 | ||
19 | RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $"); | 19 | RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); |
20 | 20 | ||
21 | #ifdef USE_LIBEDIT | 21 | #ifdef USE_LIBEDIT |
22 | #include <histedit.h> | 22 | #include <histedit.h> |
@@ -357,7 +357,7 @@ parse_ls_flags(const char **cpp, int *lflag) | |||
357 | 357 | ||
358 | /* Check for flags */ | 358 | /* Check for flags */ |
359 | if (cp++[0] == '-') { | 359 | if (cp++[0] == '-') { |
360 | for(; strchr(WHITESPACE, *cp) == NULL; cp++) { | 360 | for (; strchr(WHITESPACE, *cp) == NULL; cp++) { |
361 | switch (*cp) { | 361 | switch (*cp) { |
362 | case 'l': | 362 | case 'l': |
363 | *lflag &= ~VIEW_FLAGS; | 363 | *lflag &= ~VIEW_FLAGS; |
@@ -99,4 +99,4 @@ AUTHORS | |||
99 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 99 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
100 | versions 1.5 and 2.0. | 100 | versions 1.5 and 2.0. |
101 | 101 | ||
102 | OpenBSD 3.6 September 25, 1999 2 | 102 | OpenBSD 3.7 September 25, 1999 2 |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -389,7 +389,7 @@ main(int argc, char **argv) | |||
389 | goto done; | 389 | goto done; |
390 | } | 390 | } |
391 | 391 | ||
392 | for(i = 0; default_files[i]; i++) { | 392 | for (i = 0; default_files[i]; i++) { |
393 | snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, | 393 | snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, |
394 | default_files[i]); | 394 | default_files[i]); |
395 | if (stat(buf, &st) < 0) | 395 | if (stat(buf, &st) < 0) |
@@ -402,7 +402,7 @@ main(int argc, char **argv) | |||
402 | if (count == 0) | 402 | if (count == 0) |
403 | ret = 1; | 403 | ret = 1; |
404 | } else { | 404 | } else { |
405 | for(i = 0; i < argc; i++) { | 405 | for (i = 0; i < argc; i++) { |
406 | if (do_file(ac, deleting, argv[i]) == -1) | 406 | if (do_file(ac, deleting, argv[i]) == -1) |
407 | ret = 1; | 407 | ret = 1; |
408 | } | 408 | } |
diff --git a/ssh-agent.0 b/ssh-agent.0 index c2d7efa57..34da0a941 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -115,4 +115,4 @@ AUTHORS | |||
115 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 115 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
116 | versions 1.5 and 2.0. | 116 | versions 1.5 and 2.0. |
117 | 117 | ||
118 | OpenBSD 3.6 September 25, 1999 2 | 118 | OpenBSD 3.7 September 25, 1999 2 |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 998b6f1e0..dd251e4bc 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -110,13 +110,14 @@ DESCRIPTION | |||
110 | -g Use generic DNS format when printing fingerprint resource records | 110 | -g Use generic DNS format when printing fingerprint resource records |
111 | using the -r command. | 111 | using the -r command. |
112 | 112 | ||
113 | -H Hash a known_hosts file, printing the result to standard output. | 113 | -H Hash a known_hosts file. This replaces all hostnames and ad- |
114 | This replaces all hostnames and addresses with hashed representa- | 114 | dresses with hashed representations within the specified file; |
115 | tions. These hashes may be used normally by ssh and sshd, but | 115 | the original content is moved to a file with a .old suffix. |
116 | they do not reveal identifying information should the file's con- | 116 | These hashes may be used normally by ssh and sshd, but they do |
117 | tents be disclosed. This option will not modify existing hashed | 117 | not reveal identifying information should the file's contents be |
118 | hostnames and is therefore safe to use on files that mix hashed | 118 | disclosed. This option will not modify existing hashed hostnames |
119 | and non-hashed names. | 119 | and is therefore safe to use on files that mix hashed and non- |
120 | hashed names. | ||
120 | 121 | ||
121 | -i This option will read an unencrypted private (or public) key file | 122 | -i This option will read an unencrypted private (or public) key file |
122 | in SSH2-compatible format and print an OpenSSH compatible private | 123 | in SSH2-compatible format and print an OpenSSH compatible private |
@@ -281,4 +282,4 @@ AUTHORS | |||
281 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 282 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
282 | versions 1.5 and 2.0. | 283 | versions 1.5 and 2.0. |
283 | 284 | ||
284 | OpenBSD 3.6 September 25, 1999 5 | 285 | OpenBSD 3.7 September 25, 1999 5 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 3987b1e66..c14eed14e 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -232,8 +232,10 @@ command. | |||
232 | .It Fl H | 232 | .It Fl H |
233 | Hash a | 233 | Hash a |
234 | .Pa known_hosts | 234 | .Pa known_hosts |
235 | file, printing the result to standard output. | 235 | file. |
236 | This replaces all hostnames and addresses with hashed representations. | 236 | This replaces all hostnames and addresses with hashed representations |
237 | within the specified file; the original content is moved to a file with | ||
238 | a .old suffix. | ||
237 | These hashes may be used normally by | 239 | These hashes may be used normally by |
238 | .Nm ssh | 240 | .Nm ssh |
239 | and | 241 | and |
diff --git a/ssh-keygen.c b/ssh-keygen.c index a9931d4d8..92885506a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
684 | if (delete_host && !c) | 684 | if (delete_host && !c) |
685 | print_host(out, cp, public, 0); | 685 | print_host(out, cp, public, 0); |
686 | } else if (hash_hosts) { | 686 | } else if (hash_hosts) { |
687 | for(cp2 = strsep(&cp, ","); | 687 | for (cp2 = strsep(&cp, ","); |
688 | cp2 != NULL && *cp2 != '\0'; | 688 | cp2 != NULL && *cp2 != '\0'; |
689 | cp2 = strsep(&cp, ",")) { | 689 | cp2 = strsep(&cp, ",")) { |
690 | if (strcspn(cp2, "*?!") != strlen(cp2)) | 690 | if (strcspn(cp2, "*?!") != strlen(cp2)) |
@@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
707 | identity_file); | 707 | identity_file); |
708 | if (inplace) { | 708 | if (inplace) { |
709 | fprintf(stderr, "Not replacing existing known_hosts " | 709 | fprintf(stderr, "Not replacing existing known_hosts " |
710 | "file beacuse of errors"); | 710 | "file because of errors\n"); |
711 | fclose(out); | 711 | fclose(out); |
712 | unlink(tmp); | 712 | unlink(tmp); |
713 | } | 713 | } |
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 4bbfd1483..eb55a017c 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -104,4 +104,4 @@ BUGS | |||
104 | This is because it opens a connection to the ssh port, reads the public | 104 | This is because it opens a connection to the ssh port, reads the public |
105 | key, and drops the connection as soon as it gets the key. | 105 | key, and drops the connection as soon as it gets the key. |
106 | 106 | ||
107 | OpenBSD 3.6 January 1, 1996 2 | 107 | OpenBSD 3.7 January 1, 1996 2 |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index e10b8ac45..e35b1c7f7 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -39,4 +39,4 @@ HISTORY | |||
39 | AUTHORS | 39 | AUTHORS |
40 | Markus Friedl <markus@openbsd.org> | 40 | Markus Friedl <markus@openbsd.org> |
41 | 41 | ||
42 | OpenBSD 3.6 May 24, 2002 1 | 42 | OpenBSD 3.7 May 24, 2002 1 |
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0 index 9af5fdd8f..d33bbbd51 100644 --- a/ssh-rand-helper.0 +++ b/ssh-rand-helper.0 | |||
@@ -46,4 +46,4 @@ AUTHORS | |||
46 | SEE ALSO | 46 | SEE ALSO |
47 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | 47 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) |
48 | 48 | ||
49 | OpenBSD 3.6 April 14, 2002 1 | 49 | OpenBSD 3.7 April 14, 2002 1 |
@@ -725,4 +725,4 @@ AUTHORS | |||
725 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 725 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
726 | versions 1.5 and 2.0. | 726 | versions 1.5 and 2.0. |
727 | 727 | ||
728 | OpenBSD 3.6 September 25, 1999 11 | 728 | OpenBSD 3.7 September 25, 1999 11 |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.234 2005/03/10 22:01:06 deraadt Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -861,8 +861,8 @@ ssh_init_forwarding(void) | |||
861 | for (i = 0; i < options.num_local_forwards; i++) { | 861 | for (i = 0; i < options.num_local_forwards; i++) { |
862 | debug("Local connections to %.200s:%d forwarded to remote " | 862 | debug("Local connections to %.200s:%d forwarded to remote " |
863 | "address %.200s:%d", | 863 | "address %.200s:%d", |
864 | (options.local_forwards[i].listen_host == NULL) ? | 864 | (options.local_forwards[i].listen_host == NULL) ? |
865 | (options.gateway_ports ? "*" : "LOCALHOST") : | 865 | (options.gateway_ports ? "*" : "LOCALHOST") : |
866 | options.local_forwards[i].listen_host, | 866 | options.local_forwards[i].listen_host, |
867 | options.local_forwards[i].listen_port, | 867 | options.local_forwards[i].listen_port, |
868 | options.local_forwards[i].connect_host, | 868 | options.local_forwards[i].connect_host, |
@@ -881,6 +881,8 @@ ssh_init_forwarding(void) | |||
881 | for (i = 0; i < options.num_remote_forwards; i++) { | 881 | for (i = 0; i < options.num_remote_forwards; i++) { |
882 | debug("Remote connections from %.200s:%d forwarded to " | 882 | debug("Remote connections from %.200s:%d forwarded to " |
883 | "local address %.200s:%d", | 883 | "local address %.200s:%d", |
884 | (options.remote_forwards[i].listen_host == NULL) ? | ||
885 | (options.gateway_ports ? "*" : "LOCALHOST") : | ||
884 | options.remote_forwards[i].listen_host, | 886 | options.remote_forwards[i].listen_host, |
885 | options.remote_forwards[i].listen_port, | 887 | options.remote_forwards[i].listen_port, |
886 | options.remote_forwards[i].connect_host, | 888 | options.remote_forwards[i].connect_host, |
@@ -1098,7 +1100,7 @@ ssh_control_listener(void) | |||
1098 | old_umask = umask(0177); | 1100 | old_umask = umask(0177); |
1099 | if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { | 1101 | if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { |
1100 | control_fd = -1; | 1102 | control_fd = -1; |
1101 | if (errno == EINVAL) | 1103 | if (errno == EINVAL || errno == EADDRINUSE) |
1102 | fatal("ControlSocket %s already exists", | 1104 | fatal("ControlSocket %s already exists", |
1103 | options.control_path); | 1105 | options.control_path); |
1104 | else | 1106 | else |
@@ -1348,7 +1350,7 @@ control_client(const char *path) | |||
1348 | 1350 | ||
1349 | switch (mux_command) { | 1351 | switch (mux_command) { |
1350 | case SSHMUX_COMMAND_ALIVE_CHECK: | 1352 | case SSHMUX_COMMAND_ALIVE_CHECK: |
1351 | fprintf(stderr, "Master running (pid=%d)\r\n", | 1353 | fprintf(stderr, "Master running (pid=%d)\r\n", |
1352 | control_server_pid); | 1354 | control_server_pid); |
1353 | exit(0); | 1355 | exit(0); |
1354 | case SSHMUX_COMMAND_TERMINATE: | 1356 | case SSHMUX_COMMAND_TERMINATE: |
diff --git a/ssh_config.0 b/ssh_config.0 index 9577abc48..92be76b6d 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -286,18 +286,19 @@ DESCRIPTION | |||
286 | LocalForward | 286 | LocalForward |
287 | Specifies that a TCP/IP port on the local machine be forwarded | 287 | Specifies that a TCP/IP port on the local machine be forwarded |
288 | over the secure channel to the specified host and port from the | 288 | over the secure channel to the specified host and port from the |
289 | remote machine. The first argument must be a port number, and | 289 | remote machine. The first argument must be [bind_address:]port |
290 | the second must be [bind_address:]host:port. IPv6 addresses can | 290 | and the second argument must be host:hostport. IPv6 addresses |
291 | be specified by enclosing addresses in square brackets or by us- | 291 | can be specified by enclosing addresses in square brackets or by |
292 | ing an alternative syntax: [bind_address/]host/port. Multiple | 292 | using an alternative syntax: [bind_address/]port and |
293 | forwardings may be specified, and additional forwardings can be | 293 | host/hostport. Multiple forwardings may be specified, and addi- |
294 | given on the command line. Only the superuser can forward privi- | 294 | tional forwardings can be given on the command line. Only the |
295 | leged ports. By default, the local port is bound in accordance | 295 | superuser can forward privileged ports. By default, the local |
296 | with the GatewayPorts setting. However, an explicit bind_address | 296 | port is bound in accordance with the GatewayPorts setting. How- |
297 | may be used to bind the connection to a specific address. The | 297 | ever, an explicit bind_address may be used to bind the connection |
298 | bind_address of ``localhost'' indicates that the listening port | 298 | to a specific address. The bind_address of ``localhost'' indi- |
299 | be bound for local use only, while an empty address or `*' indi- | 299 | cates that the listening port be bound for local use only, while |
300 | cates that the port should be available from all interfaces. | 300 | an empty address or `*' indicates that the port should be avail- |
301 | able from all interfaces. | ||
301 | 302 | ||
302 | LogLevel | 303 | LogLevel |
303 | Gives the verbosity level that is used when logging messages from | 304 | Gives the verbosity level that is used when logging messages from |
@@ -336,7 +337,7 @@ DESCRIPTION | |||
336 | PreferredAuthentications | 337 | PreferredAuthentications |
337 | Specifies the order in which the client should try protocol 2 au- | 338 | Specifies the order in which the client should try protocol 2 au- |
338 | thentication methods. This allows a client to prefer one method | 339 | thentication methods. This allows a client to prefer one method |
339 | (e.g. keyboard-interactive) over another method (e.g. password) | 340 | (e.g. keyboard-interactive) over another method (e.g. password) |
340 | The default for this option is: ``hostbased,publickey,keyboard- | 341 | The default for this option is: ``hostbased,publickey,keyboard- |
341 | interactive,password''. | 342 | interactive,password''. |
342 | 343 | ||
@@ -369,13 +370,13 @@ DESCRIPTION | |||
369 | RemoteForward | 370 | RemoteForward |
370 | Specifies that a TCP/IP port on the remote machine be forwarded | 371 | Specifies that a TCP/IP port on the remote machine be forwarded |
371 | over the secure channel to the specified host and port from the | 372 | over the secure channel to the specified host and port from the |
372 | local machine. The first argument must be a port number, and the | 373 | local machine. The first argument must be [bind_address:]port |
373 | second must be [bind_address:]host:port. IPv6 addresses can be | 374 | and the second argument must be host:hostport. IPv6 addresses |
374 | specified by enclosing any addresses in square brackets or by us- | 375 | can be specified by enclosing addresses in square brackets or by |
375 | ing the alternative syntax: [bind_address/]host/port. Multiple | 376 | using an alternative syntax: [bind_address/]port and |
376 | forwardings may be specified, and additional forwardings can be | 377 | host/hostport. Multiple forwardings may be specified, and addi- |
377 | given on the command line. Only the superuser can forward privi- | 378 | tional forwardings can be given on the command line. Only the |
378 | leged ports. | 379 | superuser can forward privileged ports. |
379 | 380 | ||
380 | If the bind_address is not specified, the default is to only bind | 381 | If the bind_address is not specified, the default is to only bind |
381 | to loopback addresses. If the bind_address is `*' or an empty | 382 | to loopback addresses. If the bind_address is `*' or an empty |
@@ -524,4 +525,4 @@ AUTHORS | |||
524 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 525 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
525 | versions 1.5 and 2.0. | 526 | versions 1.5 and 2.0. |
526 | 527 | ||
527 | OpenBSD 3.6 September 25, 1999 8 | 528 | OpenBSD 3.7 September 25, 1999 8 |
diff --git a/ssh_config.5 b/ssh_config.5 index cf3dfd138..9c277a66f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.49 2005/03/16 11:10:38 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -503,21 +503,17 @@ The default is to use the server specified list. | |||
503 | .It Cm LocalForward | 503 | .It Cm LocalForward |
504 | Specifies that a TCP/IP port on the local machine be forwarded over | 504 | Specifies that a TCP/IP port on the local machine be forwarded over |
505 | the secure channel to the specified host and port from the remote machine. | 505 | the secure channel to the specified host and port from the remote machine. |
506 | The first argument must be a port number, and the second must be | 506 | The first argument must be |
507 | .Xo | ||
508 | .Sm off | 507 | .Sm off |
509 | .Oo Ar bind_address : Oc | 508 | .Oo Ar bind_address : Oc Ar port |
510 | .Ar host : port | ||
511 | .Sm on | 509 | .Sm on |
512 | .Xc . | 510 | and the second argument must be |
511 | .Ar host : Ns Ar hostport . | ||
513 | IPv6 addresses can be specified by enclosing addresses in square brackets or | 512 | IPv6 addresses can be specified by enclosing addresses in square brackets or |
514 | by using an alternative syntax: | 513 | by using an alternative syntax: |
515 | .Sm off | 514 | .Oo Ar bind_address Ns / Oc Ns Ar port |
516 | .Xo | 515 | and |
517 | .Op Ar bind_address No / | 516 | .Ar host Ns / Ns Ar hostport . |
518 | .Ar host No / Ar port | ||
519 | .Xc . | ||
520 | .Sm on | ||
521 | Multiple forwardings may be specified, and additional forwardings can be | 517 | Multiple forwardings may be specified, and additional forwardings can be |
522 | given on the command line. | 518 | given on the command line. |
523 | Only the superuser can forward privileged ports. | 519 | Only the superuser can forward privileged ports. |
@@ -579,9 +575,9 @@ Default is 22. | |||
579 | .It Cm PreferredAuthentications | 575 | .It Cm PreferredAuthentications |
580 | Specifies the order in which the client should try protocol 2 | 576 | Specifies the order in which the client should try protocol 2 |
581 | authentication methods. | 577 | authentication methods. |
582 | This allows a client to prefer one method (e.g. | 578 | This allows a client to prefer one method (e.g.\& |
583 | .Cm keyboard-interactive ) | 579 | .Cm keyboard-interactive ) |
584 | over another method (e.g. | 580 | over another method (e.g.\& |
585 | .Cm password ) | 581 | .Cm password ) |
586 | The default for this option is: | 582 | The default for this option is: |
587 | .Dq hostbased,publickey,keyboard-interactive,password . | 583 | .Dq hostbased,publickey,keyboard-interactive,password . |
@@ -640,21 +636,17 @@ This option applies to protocol version 2 only. | |||
640 | .It Cm RemoteForward | 636 | .It Cm RemoteForward |
641 | Specifies that a TCP/IP port on the remote machine be forwarded over | 637 | Specifies that a TCP/IP port on the remote machine be forwarded over |
642 | the secure channel to the specified host and port from the local machine. | 638 | the secure channel to the specified host and port from the local machine. |
643 | The first argument must be a port number, and the second must be | 639 | The first argument must be |
644 | .Xo | ||
645 | .Sm off | 640 | .Sm off |
646 | .Oo Ar bind_address : Oc | 641 | .Oo Ar bind_address : Oc Ar port |
647 | .Ar host : port | ||
648 | .Sm on | ||
649 | .Xc . | ||
650 | IPv6 addresses can be specified by enclosing any addresses in square brackets | ||
651 | or by using the alternative syntax: | ||
652 | .Sm off | ||
653 | .Xo | ||
654 | .Op Ar bind_address No / | ||
655 | .Ar host No / Ar port | ||
656 | .Xc . | ||
657 | .Sm on | 642 | .Sm on |
643 | and the second argument must be | ||
644 | .Ar host : Ns Ar hostport . | ||
645 | IPv6 addresses can be specified by enclosing addresses in square brackets | ||
646 | or by using an alternative syntax: | ||
647 | .Oo Ar bind_address Ns / Oc Ns Ar port | ||
648 | and | ||
649 | .Ar host Ns / Ns Ar hostport . | ||
658 | Multiple forwardings may be specified, and additional | 650 | Multiple forwardings may be specified, and additional |
659 | forwardings can be given on the command line. | 651 | forwardings can be given on the command line. |
660 | Only the superuser can forward privileged ports. | 652 | Only the superuser can forward privileged ports. |
diff --git a/sshconnect.c b/sshconnect.c index 180da43cd..10a614127 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.162 2005/03/10 22:01:06 deraadt Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -254,13 +254,13 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
254 | tv.tv_sec = timeout; | 254 | tv.tv_sec = timeout; |
255 | tv.tv_usec = 0; | 255 | tv.tv_usec = 0; |
256 | 256 | ||
257 | for(;;) { | 257 | for (;;) { |
258 | rc = select(sockfd + 1, NULL, fdset, NULL, &tv); | 258 | rc = select(sockfd + 1, NULL, fdset, NULL, &tv); |
259 | if (rc != -1 || errno != EINTR) | 259 | if (rc != -1 || errno != EINTR) |
260 | break; | 260 | break; |
261 | } | 261 | } |
262 | 262 | ||
263 | switch(rc) { | 263 | switch (rc) { |
264 | case 0: | 264 | case 0: |
265 | /* Timed out */ | 265 | /* Timed out */ |
266 | errno = ETIMEDOUT; | 266 | errno = ETIMEDOUT; |
@@ -573,4 +573,4 @@ AUTHORS | |||
573 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 573 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
574 | for privilege separation. | 574 | for privilege separation. |
575 | 575 | ||
576 | OpenBSD 3.6 September 25, 1999 9 | 576 | OpenBSD 3.7 September 25, 1999 9 |
@@ -1678,6 +1678,8 @@ main(int ac, char **av) | |||
1678 | authctxt = xmalloc(sizeof(*authctxt)); | 1678 | authctxt = xmalloc(sizeof(*authctxt)); |
1679 | memset(authctxt, 0, sizeof(*authctxt)); | 1679 | memset(authctxt, 0, sizeof(*authctxt)); |
1680 | 1680 | ||
1681 | authctxt->loginmsg = &loginmsg; | ||
1682 | |||
1681 | /* XXX global for cleanup, access from other modules */ | 1683 | /* XXX global for cleanup, access from other modules */ |
1682 | the_authctxt = authctxt; | 1684 | the_authctxt = authctxt; |
1683 | 1685 | ||
diff --git a/sshd_config.0 b/sshd_config.0 index 1f8763faf..036c85946 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -383,7 +383,7 @@ DESCRIPTION | |||
383 | To disable TCP keepalive messages, the value should be set to | 383 | To disable TCP keepalive messages, the value should be set to |
384 | ``no''. | 384 | ``no''. |
385 | 385 | ||
386 | UseDNS Specifies whether sshd should lookup the remote host name and | 386 | UseDNS Specifies whether sshd should look up the remote host name and |
387 | check that the resolved host name for the remote IP address maps | 387 | check that the resolved host name for the remote IP address maps |
388 | back to the very same IP address. The default is ``yes''. | 388 | back to the very same IP address. The default is ``yes''. |
389 | 389 | ||
@@ -498,4 +498,4 @@ AUTHORS | |||
498 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 498 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
499 | for privilege separation. | 499 | for privilege separation. |
500 | 500 | ||
501 | OpenBSD 3.6 September 25, 1999 8 | 501 | OpenBSD 3.7 September 25, 1999 8 |
diff --git a/sshd_config.5 b/sshd_config.5 index 8d291e61d..ea79a54bf 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -630,7 +630,7 @@ To disable TCP keepalive messages, the value should be set to | |||
630 | .It Cm UseDNS | 630 | .It Cm UseDNS |
631 | Specifies whether | 631 | Specifies whether |
632 | .Nm sshd | 632 | .Nm sshd |
633 | should lookup the remote host name and check that | 633 | should look up the remote host name and check that |
634 | the resolved host name for the remote IP address maps back to the | 634 | the resolved host name for the remote IP address maps back to the |
635 | very same IP address. | 635 | very same IP address. |
636 | The default is | 636 | The default is |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.44 2005/03/16 21:17:39 markus Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_4.0" | 3 | #define SSH_VERSION "OpenSSH_4.1" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p1" | 5 | #define SSH_PORTABLE "p1" |
6 | #ifndef SSH_EXTRAVERSION | 6 | #ifndef SSH_EXTRAVERSION |