]> git.pld-linux.org Git - packages/openssh.git/blame - openssh-heimdal.patch
projects / packages / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- new
[packages/openssh.git] / openssh-heimdal.patch
CommitLineData
65d8b84b 1diff -urN openssh-3.6.1p2-orig/configure.ac openssh-3.6.1p2/configure.ac
2--- openssh-3.6.1p2-orig/configure.ac 2003-07-26 16:45:10.000000000 -0600
3+++ openssh-3.6.1p2/configure.ac 2003-07-26 16:57:32.000000000 -0600
4@@ -1822,7 +1822,7 @@
5 [ char *tmp = heimdal_version; ],
6 [ AC_MSG_RESULT(yes)
7 AC_DEFINE(HEIMDAL)
8- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
9+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken"
10 ],
11 [ AC_MSG_RESULT(no)
12 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
13diff -urN openssh-3.6.1p2-orig/configure.ac~ openssh-3.6.1p2/configure.ac~
14--- openssh-3.6.1p2-orig/configure.ac~ 1969-12-31 17:00:00.000000000 -0700
15+++ openssh-3.6.1p2/configure.ac~ 2003-07-26 16:57:32.000000000 -0600
16@@ -0,0 +1,2572 @@
17+# $Id$
18+
19+AC_INIT
20+AC_CONFIG_SRCDIR([ssh.c])
21+
22+AC_CONFIG_HEADER(config.h)
23+AC_PROG_CC
24+AC_CANONICAL_HOST
25+AC_C_BIGENDIAN
26+
27+# Checks for programs.
28+AC_PROG_CPP
29+AC_PROG_RANLIB
30+AC_PROG_INSTALL
31+AC_PATH_PROG(AR, ar)
32+AC_PATH_PROGS(PERL, perl5 perl)
33+AC_PATH_PROG(SED, sed)
34+AC_SUBST(PERL)
35+AC_PATH_PROG(ENT, ent)
36+AC_SUBST(ENT)
37+AC_PATH_PROG(TEST_MINUS_S_SH, bash)
38+AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
39+AC_PATH_PROG(TEST_MINUS_S_SH, sh)
40+AC_PATH_PROG(SH, sh)
41+
42+# System features
43+AC_SYS_LARGEFILE
44+
45+if test -z "$AR" ; then
46+ AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
47+fi
48+
49+# Use LOGIN_PROGRAM from environment if possible
50+if test ! -z "$LOGIN_PROGRAM" ; then
51+ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
52+else
53+ # Search for login
54+ AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
55+ if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
56+ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
57+ fi
58+fi
59+
60+if test -z "$LD" ; then
61+ LD=$CC
62+fi
63+AC_SUBST(LD)
64+
65+AC_C_INLINE
66+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
67+ CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
68+fi
69+
70+# Check for some target-specific stuff
71+case "$host" in
72+*-*-aix*)
73+ AFS_LIBS="-lld"
74+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
75+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
76+ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
77+ if (test -z "$blibpath"); then
78+ blibpath="/usr/lib:/lib:/usr/local/lib"
79+ fi
80+ saved_LDFLAGS="$LDFLAGS"
81+ for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
82+ if (test -z "$blibflags"); then
83+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
84+ AC_TRY_LINK([], [], [blibflags=$tryflags])
85+ fi
86+ done
87+ if (test -z "$blibflags"); then
88+ AC_MSG_RESULT(not found)
89+ AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
90+ else
91+ AC_MSG_RESULT($blibflags)
92+ fi
93+ LDFLAGS="$saved_LDFLAGS"
94+ AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
95+ [AC_CHECK_LIB(s,authenticate,
96+ [ AC_DEFINE(WITH_AIXAUTHENTICATE)
97+ LIBS="$LIBS -ls"
98+ ])
99+ ])
100+ AC_DEFINE(BROKEN_GETADDRINFO)
101+ AC_DEFINE(BROKEN_REALPATH)
102+ dnl AIX handles lastlog as part of its login message
103+ AC_DEFINE(DISABLE_LASTLOG)
104+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
105+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
106+ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
107+ ;;
108+*-*-cygwin*)
109+ check_for_libcrypt_later=1
110+ LIBS="$LIBS /usr/lib/textmode.o"
111+ AC_DEFINE(HAVE_CYGWIN)
112+ AC_DEFINE(USE_PIPES)
113+ AC_DEFINE(DISABLE_SHADOW)
114+ AC_DEFINE(IPV4_DEFAULT)
115+ AC_DEFINE(IP_TOS_IS_BROKEN)
116+ AC_DEFINE(NO_X11_UNIX_SOCKETS)
117+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
118+ AC_DEFINE(DISABLE_FD_PASSING)
119+ AC_DEFINE(SETGROUPS_NOOP)
120+ ;;
121+*-*-dgux*)
122+ AC_DEFINE(IP_TOS_IS_BROKEN)
123+ ;;
124+*-*-darwin*)
125+ AC_MSG_CHECKING(if we have working getaddrinfo)
126+ AC_TRY_RUN([#include <mach-o/dyld.h>
127+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
128+ exit(0);
129+ else
130+ exit(1);
131+}], [AC_MSG_RESULT(working)],
132+ [AC_MSG_RESULT(buggy)
133+ AC_DEFINE(BROKEN_GETADDRINFO)],
134+ [AC_MSG_RESULT(assume it is working)])
135+ ;;
136+*-*-hpux10.26)
137+ if test -z "$GCC"; then
138+ CFLAGS="$CFLAGS -Ae"
139+ fi
140+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
141+ IPADDR_IN_DISPLAY=yes
142+ AC_DEFINE(HAVE_SECUREWARE)
143+ AC_DEFINE(USE_PIPES)
144+ AC_DEFINE(LOGIN_NO_ENDOPT)
145+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
146+ AC_DEFINE(DISABLE_SHADOW)
147+ AC_DEFINE(DISABLE_UTMP)
148+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
149+ LIBS="$LIBS -lsec -lsecpw"
150+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
151+ disable_ptmx_check=yes
152+ ;;
153+*-*-hpux10*)
154+ if test -z "$GCC"; then
155+ CFLAGS="$CFLAGS -Ae"
156+ fi
157+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
158+ IPADDR_IN_DISPLAY=yes
159+ AC_DEFINE(USE_PIPES)
160+ AC_DEFINE(LOGIN_NO_ENDOPT)
161+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
162+ AC_DEFINE(DISABLE_SHADOW)
163+ AC_DEFINE(DISABLE_UTMP)
164+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
165+ LIBS="$LIBS -lsec"
166+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
167+ ;;
168+*-*-hpux11*)
169+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
170+ IPADDR_IN_DISPLAY=yes
171+ AC_DEFINE(PAM_SUN_CODEBASE)
172+ AC_DEFINE(USE_PIPES)
173+ AC_DEFINE(LOGIN_NO_ENDOPT)
174+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
175+ AC_DEFINE(DISABLE_SHADOW)
176+ AC_DEFINE(DISABLE_UTMP)
177+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
178+ LIBS="$LIBS -lsec"
179+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
180+ ;;
181+*-*-irix5*)
182+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
183+ LDFLAGS="$LDFLAGS"
184+ PATH="$PATH:/usr/etc"
185+ AC_DEFINE(BROKEN_INET_NTOA)
186+ AC_DEFINE(WITH_ABBREV_NO_TTY)
187+ ;;
188+*-*-irix6*)
189+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
190+ LDFLAGS="$LDFLAGS"
191+ PATH="$PATH:/usr/etc"
192+ AC_DEFINE(WITH_IRIX_ARRAY)
193+ AC_DEFINE(WITH_IRIX_PROJECT)
194+ AC_DEFINE(WITH_IRIX_AUDIT)
195+ AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
196+ AC_DEFINE(BROKEN_INET_NTOA)
197+ AC_DEFINE(WITH_ABBREV_NO_TTY)
198+ ;;
199+*-*-linux*)
200+ no_dev_ptmx=1
201+ check_for_libcrypt_later=1
202+ AC_DEFINE(PAM_TTY_KLUDGE)
203+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
204+ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
205+ inet6_default_4in6=yes
206+ no_libnsl=1
207+ no_libsocket=1
208+ ;;
209+mips-sony-bsd|mips-sony-newsos4)
210+ AC_DEFINE(HAVE_NEWS4)
211+ SONY=1
212+ ;;
213+*-*-netbsd*)
214+ check_for_libcrypt_before=1
215+ need_dash_r=1
216+ ;;
217+*-*-freebsd*)
218+ check_for_libcrypt_later=1
219+ ;;
220+*-next-*)
221+ conf_lastlog_location="/usr/adm/lastlog"
222+ conf_utmp_location=/etc/utmp
223+ conf_wtmp_location=/usr/adm/wtmp
224+ MAIL=/usr/spool/mail
225+ AC_DEFINE(HAVE_NEXT)
226+ AC_DEFINE(BROKEN_REALPATH)
227+ AC_DEFINE(USE_PIPES)
228+ AC_DEFINE(BROKEN_SAVED_UIDS)
229+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
230+ CFLAGS="$CFLAGS"
231+ ;;
232+*-*-solaris*)
233+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
234+ LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
235+ need_dash_r=1
236+ AC_DEFINE(PAM_SUN_CODEBASE)
237+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
238+ AC_DEFINE(LOGIN_NEEDS_TERM)
239+ AC_DEFINE(PAM_TTY_KLUDGE)
240+ AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
241+ # hardwire lastlog location (can't detect it on some versions)
242+ conf_lastlog_location="/var/adm/lastlog"
243+ AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
244+ sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
245+ if test "$sol2ver" -ge 8; then
246+ AC_MSG_RESULT(yes)
247+ AC_DEFINE(DISABLE_UTMP)
248+ AC_DEFINE(DISABLE_WTMP)
249+ else
250+ AC_MSG_RESULT(no)
251+ fi
252+ ;;
253+*-*-sunos4*)
254+ CPPFLAGS="$CPPFLAGS -DSUNOS4"
255+ AC_CHECK_FUNCS(getpwanam)
256+ AC_DEFINE(PAM_SUN_CODEBASE)
257+ conf_utmp_location=/etc/utmp
258+ conf_wtmp_location=/var/adm/wtmp
259+ conf_lastlog_location=/var/adm/lastlog
260+ AC_DEFINE(USE_PIPES)
261+ ;;
262+*-ncr-sysv*)
263+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
264+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
265+ LIBS="$LIBS -lc89"
266+ AC_DEFINE(USE_PIPES)
267+ ;;
268+*-sni-sysv*)
269+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
270+ # /usr/ucblib MUST NOT be searched on ReliantUNIX
271+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
272+ IPADDR_IN_DISPLAY=yes
273+ AC_DEFINE(USE_PIPES)
274+ AC_DEFINE(IP_TOS_IS_BROKEN)
275+ # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
276+ # Attention: always take care to bind libsocket and libnsl before libc,
277+ # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
278+ ;;
279+*-*-sysv4.2*)
280+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
281+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
282+ AC_DEFINE(USE_PIPES)
283+ ;;
284+*-*-sysv5*)
285+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
286+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
287+ AC_DEFINE(USE_PIPES)
288+ ;;
289+*-*-sysv*)
290+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
291+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
292+ ;;
293+*-*-sco3.2v4*)
294+ CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
295+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
296+ LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
297+ RANLIB=true
298+ no_dev_ptmx=1
299+ AC_DEFINE(BROKEN_SYS_TERMIO_H)
300+ AC_DEFINE(USE_PIPES)
301+ AC_DEFINE(HAVE_SECUREWARE)
302+ AC_DEFINE(DISABLE_SHADOW)
303+ AC_DEFINE(BROKEN_SAVED_UIDS)
304+ AC_CHECK_FUNCS(getluid setluid)
305+ MANTYPE=man
306+ do_sco3_extra_lib_check=yes
307+ ;;
308+*-*-sco3.2v5*)
309+ if test -z "$GCC"; then
310+ CFLAGS="$CFLAGS -belf"
311+ fi
312+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
313+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
314+ LIBS="$LIBS -lprot -lx -ltinfo -lm"
315+ no_dev_ptmx=1
316+ AC_DEFINE(USE_PIPES)
317+ AC_DEFINE(HAVE_SECUREWARE)
318+ AC_DEFINE(DISABLE_SHADOW)
319+ AC_DEFINE(DISABLE_FD_PASSING)
320+ AC_CHECK_FUNCS(getluid setluid)
321+ MANTYPE=man
322+ ;;
323+*-*-unicosmk*)
324+ AC_DEFINE(USE_PIPES)
325+ AC_DEFINE(DISABLE_FD_PASSING)
326+ LDFLAGS="$LDFLAGS"
327+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
328+ MANTYPE=cat
329+ ;;
330+*-*-unicos*)
331+ AC_DEFINE(USE_PIPES)
332+ AC_DEFINE(DISABLE_FD_PASSING)
333+ AC_DEFINE(NO_SSH_LASTLOG)
334+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
335+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
336+ MANTYPE=cat
337+ ;;
338+*-dec-osf*)
339+ AC_MSG_CHECKING(for Digital Unix SIA)
340+ no_osfsia=""
341+ AC_ARG_WITH(osfsia,
342+ [ --with-osfsia Enable Digital Unix SIA],
343+ [
344+ if test "x$withval" = "xno" ; then
345+ AC_MSG_RESULT(disabled)
346+ no_osfsia=1
347+ fi
348+ ],
349+ )
350+ if test -z "$no_osfsia" ; then
351+ if test -f /etc/sia/matrix.conf; then
352+ AC_MSG_RESULT(yes)
353+ AC_DEFINE(HAVE_OSF_SIA)
354+ AC_DEFINE(DISABLE_LOGIN)
355+ AC_DEFINE(DISABLE_FD_PASSING)
356+ LIBS="$LIBS -lsecurity -ldb -lm -laud"
357+ else
358+ AC_MSG_RESULT(no)
359+ fi
360+ fi
361+ AC_DEFINE(DISABLE_FD_PASSING)
362+ ;;
363+
364+*-*-nto-qnx)
365+ AC_DEFINE(USE_PIPES)
366+ AC_DEFINE(NO_X11_UNIX_SOCKETS)
367+ AC_DEFINE(MISSING_NFDBITS)
368+ AC_DEFINE(MISSING_HOWMANY)
369+ AC_DEFINE(MISSING_FD_MASK)
370+ ;;
371+esac
372+
373+# Allow user to specify flags
374+AC_ARG_WITH(cflags,
375+ [ --with-cflags Specify additional flags to pass to compiler],
376+ [
377+ if test "x$withval" != "xno" ; then
378+ CFLAGS="$CFLAGS $withval"
379+ fi
380+ ]
381+)
382+AC_ARG_WITH(cppflags,
383+ [ --with-cppflags Specify additional flags to pass to preprocessor] ,
384+ [
385+ if test "x$withval" != "xno"; then
386+ CPPFLAGS="$CPPFLAGS $withval"
387+ fi
388+ ]
389+)
390+AC_ARG_WITH(ldflags,
391+ [ --with-ldflags Specify additional flags to pass to linker],
392+ [
393+ if test "x$withval" != "xno" ; then
394+ LDFLAGS="$LDFLAGS $withval"
395+ fi
396+ ]
397+)
398+AC_ARG_WITH(libs,
399+ [ --with-libs Specify additional libraries to link with],
400+ [
401+ if test "x$withval" != "xno" ; then
402+ LIBS="$LIBS $withval"
403+ fi
404+ ]
405+)
406+
407+# Checks for header files.
408+AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
409+ getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
410+ login_cap.h maillock.h netdb.h netgroup.h \
411+ netinet/in_systm.h paths.h pty.h readpassphrase.h \
412+ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
413+ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
414+ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
415+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
416+ sys/un.h time.h tmpdir.h ttyent.h usersec.h \
417+ util.h utime.h utmp.h utmpx.h)
418+
419+# Checks for libraries.
420+AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
421+
422+dnl SCO OS3 needs this for libwrap
423+if test "x$with_tcp_wrappers" != "xno" ; then
424+ if test "x$do_sco3_extra_lib_check" = "xyes" ; then
425+ AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
426+ fi
427+fi
428+
429+AC_CHECK_FUNC(getspnam, ,
430+ AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
431+
432+AC_ARG_WITH(rpath,
433+ [ --without-rpath Disable auto-added -R linker paths],
434+ [
435+ if test "x$withval" = "xno" ; then
436+ need_dash_r=""
437+ fi
438+ if test "x$withval" = "xyes" ; then
439+ need_dash_r=1
440+ fi
441+ ]
442+)
443+
444+dnl zlib is required
445+AC_ARG_WITH(zlib,
446+ [ --with-zlib=PATH Use zlib in PATH],
447+ [
448+ if test "x$withval" = "xno" ; then
449+ AC_MSG_ERROR([*** zlib is required ***])
450+ fi
451+ if test -d "$withval/lib"; then
452+ if test -n "${need_dash_r}"; then
453+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
454+ else
455+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
456+ fi
457+ else
458+ if test -n "${need_dash_r}"; then
459+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
460+ else
461+ LDFLAGS="-L${withval} ${LDFLAGS}"
462+ fi
463+ fi
464+ if test -d "$withval/include"; then
465+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
466+ else
467+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
468+ fi
469+ ]
470+)
471+
472+AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
473+
474+dnl UnixWare 2.x
475+AC_CHECK_FUNC(strcasecmp,
476+ [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
477+)
478+AC_CHECK_FUNC(utimes,
479+ [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
480+ LIBS="$LIBS -lc89"]) ]
481+)
482+
483+dnl Checks for libutil functions
484+AC_CHECK_HEADERS(libutil.h)
485+AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
486+AC_CHECK_FUNCS(logout updwtmp logwtmp)
487+
488+AC_FUNC_STRFTIME
489+
490+# Check for ALTDIRFUNC glob() extension
491+AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
492+AC_EGREP_CPP(FOUNDIT,
493+ [
494+ #include <glob.h>
495+ #ifdef GLOB_ALTDIRFUNC
496+ FOUNDIT
497+ #endif
498+ ],
499+ [
500+ AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
501+ AC_MSG_RESULT(yes)
502+ ],
503+ [
504+ AC_MSG_RESULT(no)
505+ ]
506+)
507+
508+# Check for g.gl_matchc glob() extension
509+AC_MSG_CHECKING(for gl_matchc field in glob_t)
510+AC_EGREP_CPP(FOUNDIT,
511+ [
512+ #include <glob.h>
513+ int main(void){glob_t g; g.gl_matchc = 1;}
514+ ],
515+ [
516+ AC_DEFINE(GLOB_HAS_GL_MATCHC)
517+ AC_MSG_RESULT(yes)
518+ ],
519+ [
520+ AC_MSG_RESULT(no)
521+ ]
522+)
523+
524+AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
525+AC_TRY_RUN(
526+ [
527+#include <sys/types.h>
528+#include <dirent.h>
529+int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
530+ ],
531+ [AC_MSG_RESULT(yes)],
532+ [
533+ AC_MSG_RESULT(no)
534+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
535+ ]
536+)
537+
538+# Check whether user wants S/Key support
539+SKEY_MSG="no"
540+AC_ARG_WITH(skey,
541+ [ --with-skey[[=PATH]] Enable S/Key support
542+ (optionally in PATH)],
543+ [
544+ if test "x$withval" != "xno" ; then
545+
546+ if test "x$withval" != "xyes" ; then
547+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
548+ LDFLAGS="$LDFLAGS -L${withval}/lib"
549+ fi
550+
551+ AC_DEFINE(SKEY)
552+ LIBS="-lskey $LIBS"
553+ SKEY_MSG="yes"
554+
555+ AC_MSG_CHECKING([for s/key support])
556+ AC_TRY_RUN(
557+ [
558+#include <stdio.h>
559+#include <skey.h>
560+int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
561+ ],
562+ [AC_MSG_RESULT(yes)],
563+ [
564+ AC_MSG_RESULT(no)
565+ AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
566+ ])
567+ fi
568+ ]
569+)
570+
571+# Check whether user wants TCP wrappers support
572+TCPW_MSG="no"
573+AC_ARG_WITH(tcp-wrappers,
574+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
575+ (optionally in PATH)],
576+ [
577+ if test "x$withval" != "xno" ; then
578+ saved_LIBS="$LIBS"
579+ saved_LDFLAGS="$LDFLAGS"
580+ saved_CPPFLAGS="$CPPFLAGS"
581+ if test -n "${withval}" -a "${withval}" != "yes"; then
582+ if test -d "${withval}/lib"; then
583+ if test -n "${need_dash_r}"; then
584+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
585+ else
586+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
587+ fi
588+ else
589+ if test -n "${need_dash_r}"; then
590+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
591+ else
592+ LDFLAGS="-L${withval} ${LDFLAGS}"
593+ fi
594+ fi
595+ if test -d "${withval}/include"; then
596+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
597+ else
598+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
599+ fi
600+ fi
601+ LIBWRAP="-lwrap"
602+ LIBS="$LIBWRAP $LIBS"
603+ AC_MSG_CHECKING(for libwrap)
604+ AC_TRY_LINK(
605+ [
606+#include <tcpd.h>
607+ int deny_severity = 0, allow_severity = 0;
608+ ],
609+ [hosts_access(0);],
610+ [
611+ AC_MSG_RESULT(yes)
612+ AC_DEFINE(LIBWRAP)
613+ AC_SUBST(LIBWRAP)
614+ TCPW_MSG="yes"
615+ ],
616+ [
617+ AC_MSG_ERROR([*** libwrap missing])
618+ ]
619+ )
620+ LIBS="$saved_LIBS"
621+ fi
622+ ]
623+)
624+
625+dnl Checks for library functions. Please keep in alphabetical order
626+AC_CHECK_FUNCS(\
627+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
628+ bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
629+ gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
630+ getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
631+ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
632+ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
633+ readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
634+ setegid setenv seteuid setgroups setlogin setpcred setproctitle \
635+ setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
636+ snprintf socketpair strerror strlcat strlcpy strmode strnvis \
637+ sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
638+)
639+
640+AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
641+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
642+
643+dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
644+AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
645+
646+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
647+AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
648+ AC_CHECK_LIB(gen, dirname,[
649+ AC_CACHE_CHECK([for broken dirname],
650+ ac_cv_have_broken_dirname, [
651+ save_LIBS="$LIBS"
652+ LIBS="$LIBS -lgen"
653+ AC_TRY_RUN(
654+ [
655+#include <libgen.h>
656+#include <string.h>
657+
658+int main(int argc, char **argv) {
659+ char *s, buf[32];
660+
661+ strncpy(buf,"/etc", 32);
662+ s = dirname(buf);
663+ if (!s || strncmp(s, "/", 32) != 0) {
664+ exit(1);
665+ } else {
666+ exit(0);
667+ }
668+}
669+ ],
670+ [ ac_cv_have_broken_dirname="no" ],
671+ [ ac_cv_have_broken_dirname="yes" ]
672+ )
673+ LIBS="$save_LIBS"
674+ ])
675+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
676+ LIBS="$LIBS -lgen"
677+ AC_DEFINE(HAVE_DIRNAME)
678+ AC_CHECK_HEADERS(libgen.h)
679+ fi
680+ ])
681+])
682+
683+dnl Checks for time functions
684+AC_CHECK_FUNCS(gettimeofday time)
685+dnl Checks for utmp functions
686+AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
687+AC_CHECK_FUNCS(utmpname)
688+dnl Checks for utmpx functions
689+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
690+AC_CHECK_FUNCS(setutxent utmpxname)
691+
692+AC_CHECK_FUNC(daemon,
693+ [AC_DEFINE(HAVE_DAEMON)],
694+ [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
695+)
696+
697+AC_CHECK_FUNC(getpagesize,
698+ [AC_DEFINE(HAVE_GETPAGESIZE)],
699+ [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
700+)
701+
702+# Check for broken snprintf
703+if test "x$ac_cv_func_snprintf" = "xyes" ; then
704+ AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
705+ AC_TRY_RUN(
706+ [
707+#include <stdio.h>
708+int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
709+ ],
710+ [AC_MSG_RESULT(yes)],
711+ [
712+ AC_MSG_RESULT(no)
713+ AC_DEFINE(BROKEN_SNPRINTF)
714+ AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
715+ ]
716+ )
717+fi
718+
719+dnl see whether mkstemp() requires XXXXXX
720+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
721+AC_MSG_CHECKING([for (overly) strict mkstemp])
722+AC_TRY_RUN(
723+ [
724+#include <stdlib.h>
725+main() { char template[]="conftest.mkstemp-test";
726+if (mkstemp(template) == -1)
727+ exit(1);
728+unlink(template); exit(0);
729+}
730+ ],
731+ [
732+ AC_MSG_RESULT(no)
733+ ],
734+ [
735+ AC_MSG_RESULT(yes)
736+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
737+ ],
738+ [
739+ AC_MSG_RESULT(yes)
740+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
741+ ]
742+)
743+fi
744+
745+AC_FUNC_GETPGRP
746+
747+# Check for PAM libs
748+PAM_MSG="no"
749+AC_ARG_WITH(pam,
750+ [ --with-pam Enable PAM support ],
751+ [
752+ if test "x$withval" != "xno" ; then
753+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
754+ AC_MSG_ERROR([PAM headers not found])
755+ fi
756+
757+ AC_CHECK_LIB(dl, dlopen, , )
758+ AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
759+ AC_CHECK_FUNCS(pam_getenvlist)
760+
761+ disable_shadow=yes
762+ PAM_MSG="yes"
763+
764+ AC_DEFINE(USE_PAM)
765+ if test $ac_cv_lib_dl_dlopen = yes; then
766+ LIBPAM="-lpam -lpam_misc -ldl"
767+ else
768+ LIBPAM="-lpam -lpam_misc"
769+ fi
770+ AC_SUBST(LIBPAM)
771+ fi
772+ ]
773+)
774+
775+# Check for older PAM
776+if test "x$PAM_MSG" = "xyes" ; then
777+ # Check PAM strerror arguments (old PAM)
778+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
779+ AC_TRY_COMPILE(
780+ [
781+#include <stdlib.h>
782+#include <security/pam_appl.h>
783+ ],
784+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
785+ [AC_MSG_RESULT(no)],
786+ [
787+ AC_DEFINE(HAVE_OLD_PAM)
788+ AC_MSG_RESULT(yes)
789+ PAM_MSG="yes (old library)"
790+ ]
791+ )
792+fi
793+
794+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
795+# because the system crypt() is more featureful.
796+if test "x$check_for_libcrypt_before" = "x1"; then
797+ AC_CHECK_LIB(crypt, crypt)
798+fi
799+
800+# Search for OpenSSL
801+saved_CPPFLAGS="$CPPFLAGS"
802+saved_LDFLAGS="$LDFLAGS"
803+AC_ARG_WITH(ssl-dir,
804+ [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
805+ [
806+ if test "x$withval" != "xno" ; then
807+ if test -d "$withval/lib"; then
808+ if test -n "${need_dash_r}"; then
809+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
810+ else
811+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
812+ fi
813+ else
814+ if test -n "${need_dash_r}"; then
815+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
816+ else
817+ LDFLAGS="-L${withval} ${LDFLAGS}"
818+ fi
819+ fi
820+ if test -d "$withval/include"; then
821+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
822+ else
823+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
824+ fi
825+ fi
826+ ]
827+)
828+LIBS="$LIBS -lcrypto"
829+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
830+ [
831+ dnl Check default openssl install dir
832+ if test -n "${need_dash_r}"; then
833+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
834+ else
835+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
836+ fi
837+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
838+ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
839+ [
840+ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
841+ ]
842+ )
843+ ]
844+)
845+
846+# Determine OpenSSL header version
847+AC_MSG_CHECKING([OpenSSL header version])
848+AC_TRY_RUN(
849+ [
850+#include <stdio.h>
851+#include <string.h>
852+#include <openssl/opensslv.h>
853+#define DATA "conftest.sslincver"
854+int main(void) {
855+ FILE *fd;
856+ int rc;
857+
858+ fd = fopen(DATA,"w");
859+ if(fd == NULL)
860+ exit(1);
861+
862+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
863+ exit(1);
864+
865+ exit(0);
866+}
867+ ],
868+ [
869+ ssl_header_ver=`cat conftest.sslincver`
870+ AC_MSG_RESULT($ssl_header_ver)
871+ ],
872+ [
873+ AC_MSG_RESULT(not found)
874+ AC_MSG_ERROR(OpenSSL version header not found.)
875+ ]
876+)
877+
878+# Determine OpenSSL library version
879+AC_MSG_CHECKING([OpenSSL library version])
880+AC_TRY_RUN(
881+ [
882+#include <stdio.h>
883+#include <string.h>
884+#include <openssl/opensslv.h>
885+#include <openssl/crypto.h>
886+#define DATA "conftest.ssllibver"
887+int main(void) {
888+ FILE *fd;
889+ int rc;
890+
891+ fd = fopen(DATA,"w");
892+ if(fd == NULL)
893+ exit(1);
894+
895+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
896+ exit(1);
897+
898+ exit(0);
899+}
900+ ],
901+ [
902+ ssl_library_ver=`cat conftest.ssllibver`
903+ AC_MSG_RESULT($ssl_library_ver)
904+ ],
905+ [
906+ AC_MSG_RESULT(not found)
907+ AC_MSG_ERROR(OpenSSL library not found.)
908+ ]
909+)
910+
911+# Sanity check OpenSSL headers
912+AC_MSG_CHECKING([whether OpenSSL's headers match the library])
913+AC_TRY_RUN(
914+ [
915+#include <string.h>
916+#include <openssl/opensslv.h>
917+int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
918+ ],
919+ [
920+ AC_MSG_RESULT(yes)
921+ ],
922+ [
923+ AC_MSG_RESULT(no)
924+ AC_MSG_ERROR(Your OpenSSL headers do not match your library)
925+ ]
926+)
927+
928+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
929+# version in OpenSSL. Skip this for PAM
930+if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
931+ AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
932+fi
933+
934+
935+### Configure cryptographic random number support
936+
937+# Check wheter OpenSSL seeds itself
938+AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
939+AC_TRY_RUN(
940+ [
941+#include <string.h>
942+#include <openssl/rand.h>
943+int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
944+ ],
945+ [
946+ OPENSSL_SEEDS_ITSELF=yes
947+ AC_MSG_RESULT(yes)
948+ ],
949+ [
950+ AC_MSG_RESULT(no)
951+ # Default to use of the rand helper if OpenSSL doesn't
952+ # seed itself
953+ USE_RAND_HELPER=yes
954+ ]
955+)
956+
957+
958+# Do we want to force the use of the rand helper?
959+AC_ARG_WITH(rand-helper,
960+ [ --with-rand-helper Use subprocess to gather strong randomness ],
961+ [
962+ if test "x$withval" = "xno" ; then
963+ # Force use of OpenSSL's internal RNG, even if
964+ # the previous test showed it to be unseeded.
965+ if test -z "$OPENSSL_SEEDS_ITSELF" ; then
966+ AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
967+ OPENSSL_SEEDS_ITSELF=yes
968+ USE_RAND_HELPER=""
969+ fi
970+ else
971+ USE_RAND_HELPER=yes
972+ fi
973+ ],
974+)
975+
976+# Which randomness source do we use?
977+if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
978+ # OpenSSL only
979+ AC_DEFINE(OPENSSL_PRNG_ONLY)
980+ RAND_MSG="OpenSSL internal ONLY"
981+ INSTALL_SSH_RAND_HELPER=""
982+elif test ! -z "$USE_RAND_HELPER" ; then
983+ # install rand helper
984+ RAND_MSG="ssh-rand-helper"
985+ INSTALL_SSH_RAND_HELPER="yes"
986+fi
987+AC_SUBST(INSTALL_SSH_RAND_HELPER)
988+
989+### Configuration of ssh-rand-helper
990+
991+# PRNGD TCP socket
992+AC_ARG_WITH(prngd-port,
993+ [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
994+ [
995+ case "$withval" in
996+ no)
997+ withval=""
998+ ;;
999+ [[0-9]]*)
1000+ ;;
1001+ *)
1002+ AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1003+ ;;
1004+ esac
1005+ if test ! -z "$withval" ; then
1006+ PRNGD_PORT="$withval"
1007+ AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1008+ fi
1009+ ]
1010+)
1011+
1012+# PRNGD Unix domain socket
1013+AC_ARG_WITH(prngd-socket,
1014+ [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1015+ [
1016+ case "$withval" in
1017+ yes)
1018+ withval="/var/run/egd-pool"
1019+ ;;
1020+ no)
1021+ withval=""
1022+ ;;
1023+ /*)
1024+ ;;
1025+ *)
1026+ AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1027+ ;;
1028+ esac
1029+
1030+ if test ! -z "$withval" ; then
1031+ if test ! -z "$PRNGD_PORT" ; then
1032+ AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1033+ fi
1034+ if test ! -r "$withval" ; then
1035+ AC_MSG_WARN(Entropy socket is not readable)
1036+ fi
1037+ PRNGD_SOCKET="$withval"
1038+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1039+ fi
1040+ ],
1041+ [
1042+ # Check for existing socket only if we don't have a random device already
1043+ if test "$USE_RAND_HELPER" = yes ; then
1044+ AC_MSG_CHECKING(for PRNGD/EGD socket)
1045+ # Insert other locations here
1046+ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1047+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1048+ PRNGD_SOCKET="$sock"
1049+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1050+ break;
1051+ fi
1052+ done
1053+ if test ! -z "$PRNGD_SOCKET" ; then
1054+ AC_MSG_RESULT($PRNGD_SOCKET)
1055+ else
1056+ AC_MSG_RESULT(not found)
1057+ fi
1058+ fi
1059+ ]
1060+)
1061+
1062+# Change default command timeout for hashing entropy source
1063+entropy_timeout=200
1064+AC_ARG_WITH(entropy-timeout,
1065+ [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1066+ [
1067+ if test "x$withval" != "xno" ; then
1068+ entropy_timeout=$withval
1069+ fi
1070+ ]
1071+)
1072+AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1073+
1074+SSH_PRIVSEP_USER=sshd
1075+AC_ARG_WITH(privsep-user,
1076+ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1077+ [
1078+ if test -n "$withval"; then
1079+ SSH_PRIVSEP_USER=$withval
1080+ fi
1081+ ]
1082+)
1083+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1084+AC_SUBST(SSH_PRIVSEP_USER)
1085+
1086+# We do this little dance with the search path to insure
1087+# that programs that we select for use by installed programs
1088+# (which may be run by the super-user) come from trusted
1089+# locations before they come from the user's private area.
1090+# This should help avoid accidentally configuring some
1091+# random version of a program in someone's personal bin.
1092+
1093+OPATH=$PATH
1094+PATH=/bin:/usr/bin
1095+test -h /bin 2> /dev/null && PATH=/usr/bin
1096+test -d /sbin && PATH=$PATH:/sbin
1097+test -d /usr/sbin && PATH=$PATH:/usr/sbin
1098+PATH=$PATH:/etc:$OPATH
1099+
1100+# These programs are used by the command hashing source to gather entropy
1101+OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1102+OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1103+OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1104+OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1105+OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1106+OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1107+OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1108+OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1109+OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1110+OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1111+OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1112+OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1113+OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1114+OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1115+OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1116+OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1117+# restore PATH
1118+PATH=$OPATH
1119+
1120+# Where does ssh-rand-helper get its randomness from?
1121+INSTALL_SSH_PRNG_CMDS=""
1122+if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1123+ if test ! -z "$PRNGD_PORT" ; then
1124+ RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1125+ elif test ! -z "$PRNGD_SOCKET" ; then
1126+ RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1127+ else
1128+ RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1129+ RAND_HELPER_CMDHASH=yes
1130+ INSTALL_SSH_PRNG_CMDS="yes"
1131+ fi
1132+fi
1133+AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1134+
1135+
1136+# Cheap hack to ensure NEWS-OS libraries are arranged right.
1137+if test ! -z "$SONY" ; then
1138+ LIBS="$LIBS -liberty";
1139+fi
1140+
1141+# Checks for data types
1142+AC_CHECK_SIZEOF(char, 1)
1143+AC_CHECK_SIZEOF(short int, 2)
1144+AC_CHECK_SIZEOF(int, 4)
1145+AC_CHECK_SIZEOF(long int, 4)
1146+AC_CHECK_SIZEOF(long long int, 8)
1147+
1148+# Sanity check long long for some platforms (AIX)
1149+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1150+ ac_cv_sizeof_long_long_int=0
1151+fi
1152+
1153+# More checks for data types
1154+AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1155+ AC_TRY_COMPILE(
1156+ [ #include <sys/types.h> ],
1157+ [ u_int a; a = 1;],
1158+ [ ac_cv_have_u_int="yes" ],
1159+ [ ac_cv_have_u_int="no" ]
1160+ )
1161+])
1162+if test "x$ac_cv_have_u_int" = "xyes" ; then
1163+ AC_DEFINE(HAVE_U_INT)
1164+ have_u_int=1
1165+fi
1166+
1167+AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1168+ AC_TRY_COMPILE(
1169+ [ #include <sys/types.h> ],
1170+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1171+ [ ac_cv_have_intxx_t="yes" ],
1172+ [ ac_cv_have_intxx_t="no" ]
1173+ )
1174+])
1175+if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1176+ AC_DEFINE(HAVE_INTXX_T)
1177+ have_intxx_t=1
1178+fi
1179+
1180+if (test -z "$have_intxx_t" && \
1181+ test "x$ac_cv_header_stdint_h" = "xyes")
1182+then
1183+ AC_MSG_CHECKING([for intXX_t types in stdint.h])
1184+ AC_TRY_COMPILE(
1185+ [ #include <stdint.h> ],
1186+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1187+ [
1188+ AC_DEFINE(HAVE_INTXX_T)
1189+ AC_MSG_RESULT(yes)
1190+ ],
1191+ [ AC_MSG_RESULT(no) ]
1192+ )
1193+fi
1194+
1195+AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1196+ AC_TRY_COMPILE(
1197+ [
1198+#include <sys/types.h>
1199+#ifdef HAVE_STDINT_H
1200+# include <stdint.h>
1201+#endif
1202+#include <sys/socket.h>
1203+#ifdef HAVE_SYS_BITYPES_H
1204+# include <sys/bitypes.h>
1205+#endif
1206+ ],
1207+ [ int64_t a; a = 1;],
1208+ [ ac_cv_have_int64_t="yes" ],
1209+ [ ac_cv_have_int64_t="no" ]
1210+ )
1211+])
1212+if test "x$ac_cv_have_int64_t" = "xyes" ; then
1213+ AC_DEFINE(HAVE_INT64_T)
1214+fi
1215+
1216+AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1217+ AC_TRY_COMPILE(
1218+ [ #include <sys/types.h> ],
1219+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1220+ [ ac_cv_have_u_intxx_t="yes" ],
1221+ [ ac_cv_have_u_intxx_t="no" ]
1222+ )
1223+])
1224+if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1225+ AC_DEFINE(HAVE_U_INTXX_T)
1226+ have_u_intxx_t=1
1227+fi
1228+
1229+if test -z "$have_u_intxx_t" ; then
1230+ AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1231+ AC_TRY_COMPILE(
1232+ [ #include <sys/socket.h> ],
1233+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1234+ [
1235+ AC_DEFINE(HAVE_U_INTXX_T)
1236+ AC_MSG_RESULT(yes)
1237+ ],
1238+ [ AC_MSG_RESULT(no) ]
1239+ )
1240+fi
1241+
1242+AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1243+ AC_TRY_COMPILE(
1244+ [ #include <sys/types.h> ],
1245+ [ u_int64_t a; a = 1;],
1246+ [ ac_cv_have_u_int64_t="yes" ],
1247+ [ ac_cv_have_u_int64_t="no" ]
1248+ )
1249+])
1250+if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1251+ AC_DEFINE(HAVE_U_INT64_T)
1252+ have_u_int64_t=1
1253+fi
1254+
1255+if test -z "$have_u_int64_t" ; then
1256+ AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1257+ AC_TRY_COMPILE(
1258+ [ #include <sys/bitypes.h> ],
1259+ [ u_int64_t a; a = 1],
1260+ [
1261+ AC_DEFINE(HAVE_U_INT64_T)
1262+ AC_MSG_RESULT(yes)
1263+ ],
1264+ [ AC_MSG_RESULT(no) ]
1265+ )
1266+fi
1267+
1268+if test -z "$have_u_intxx_t" ; then
1269+ AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1270+ AC_TRY_COMPILE(
1271+ [
1272+#include <sys/types.h>
1273+ ],
1274+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1275+ [ ac_cv_have_uintxx_t="yes" ],
1276+ [ ac_cv_have_uintxx_t="no" ]
1277+ )
1278+ ])
1279+ if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1280+ AC_DEFINE(HAVE_UINTXX_T)
1281+ fi
1282+fi
1283+
1284+if test -z "$have_uintxx_t" ; then
1285+ AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1286+ AC_TRY_COMPILE(
1287+ [ #include <stdint.h> ],
1288+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1289+ [
1290+ AC_DEFINE(HAVE_UINTXX_T)
1291+ AC_MSG_RESULT(yes)
1292+ ],
1293+ [ AC_MSG_RESULT(no) ]
1294+ )
1295+fi
1296+
1297+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1298+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1299+then
1300+ AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1301+ AC_TRY_COMPILE(
1302+ [
1303+#include <sys/bitypes.h>
1304+ ],
1305+ [
1306+ int8_t a; int16_t b; int32_t c;
1307+ u_int8_t e; u_int16_t f; u_int32_t g;
1308+ a = b = c = e = f = g = 1;
1309+ ],
1310+ [
1311+ AC_DEFINE(HAVE_U_INTXX_T)
1312+ AC_DEFINE(HAVE_INTXX_T)
1313+ AC_MSG_RESULT(yes)
1314+ ],
1315+ [AC_MSG_RESULT(no)]
1316+ )
1317+fi
1318+
1319+
1320+AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1321+ AC_TRY_COMPILE(
1322+ [
1323+#include <sys/types.h>
1324+ ],
1325+ [ u_char foo; foo = 125; ],
1326+ [ ac_cv_have_u_char="yes" ],
1327+ [ ac_cv_have_u_char="no" ]
1328+ )
1329+])
1330+if test "x$ac_cv_have_u_char" = "xyes" ; then
1331+ AC_DEFINE(HAVE_U_CHAR)
1332+fi
1333+
1334+TYPE_SOCKLEN_T
1335+
1336+AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1337+
1338+AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1339+ AC_TRY_COMPILE(
1340+ [
1341+#include <sys/types.h>
1342+ ],
1343+ [ size_t foo; foo = 1235; ],
1344+ [ ac_cv_have_size_t="yes" ],
1345+ [ ac_cv_have_size_t="no" ]
1346+ )
1347+])
1348+if test "x$ac_cv_have_size_t" = "xyes" ; then
1349+ AC_DEFINE(HAVE_SIZE_T)
1350+fi
1351+
1352+AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1353+ AC_TRY_COMPILE(
1354+ [
1355+#include <sys/types.h>
1356+ ],
1357+ [ ssize_t foo; foo = 1235; ],
1358+ [ ac_cv_have_ssize_t="yes" ],
1359+ [ ac_cv_have_ssize_t="no" ]
1360+ )
1361+])
1362+if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1363+ AC_DEFINE(HAVE_SSIZE_T)
1364+fi
1365+
1366+AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1367+ AC_TRY_COMPILE(
1368+ [
1369+#include <time.h>
1370+ ],
1371+ [ clock_t foo; foo = 1235; ],
1372+ [ ac_cv_have_clock_t="yes" ],
1373+ [ ac_cv_have_clock_t="no" ]
1374+ )
1375+])
1376+if test "x$ac_cv_have_clock_t" = "xyes" ; then
1377+ AC_DEFINE(HAVE_CLOCK_T)
1378+fi
1379+
1380+AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1381+ AC_TRY_COMPILE(
1382+ [
1383+#include <sys/types.h>
1384+#include <sys/socket.h>
1385+ ],
1386+ [ sa_family_t foo; foo = 1235; ],
1387+ [ ac_cv_have_sa_family_t="yes" ],
1388+ [ AC_TRY_COMPILE(
1389+ [
1390+#include <sys/types.h>
1391+#include <sys/socket.h>
1392+#include <netinet/in.h>
1393+ ],
1394+ [ sa_family_t foo; foo = 1235; ],
1395+ [ ac_cv_have_sa_family_t="yes" ],
1396+
1397+ [ ac_cv_have_sa_family_t="no" ]
1398+ )]
1399+ )
1400+])
1401+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1402+ AC_DEFINE(HAVE_SA_FAMILY_T)
1403+fi
1404+
1405+AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1406+ AC_TRY_COMPILE(
1407+ [
1408+#include <sys/types.h>
1409+ ],
1410+ [ pid_t foo; foo = 1235; ],
1411+ [ ac_cv_have_pid_t="yes" ],
1412+ [ ac_cv_have_pid_t="no" ]
1413+ )
1414+])
1415+if test "x$ac_cv_have_pid_t" = "xyes" ; then
1416+ AC_DEFINE(HAVE_PID_T)
1417+fi
1418+
1419+AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1420+ AC_TRY_COMPILE(
1421+ [
1422+#include <sys/types.h>
1423+ ],
1424+ [ mode_t foo; foo = 1235; ],
1425+ [ ac_cv_have_mode_t="yes" ],
1426+ [ ac_cv_have_mode_t="no" ]
1427+ )
1428+])
1429+if test "x$ac_cv_have_mode_t" = "xyes" ; then
1430+ AC_DEFINE(HAVE_MODE_T)
1431+fi
1432+
1433+
1434+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1435+ AC_TRY_COMPILE(
1436+ [
1437+#include <sys/types.h>
1438+#include <sys/socket.h>
1439+ ],
1440+ [ struct sockaddr_storage s; ],
1441+ [ ac_cv_have_struct_sockaddr_storage="yes" ],
1442+ [ ac_cv_have_struct_sockaddr_storage="no" ]
1443+ )
1444+])
1445+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1446+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1447+fi
1448+
1449+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1450+ AC_TRY_COMPILE(
1451+ [
1452+#include <sys/types.h>
1453+#include <netinet/in.h>
1454+ ],
1455+ [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1456+ [ ac_cv_have_struct_sockaddr_in6="yes" ],
1457+ [ ac_cv_have_struct_sockaddr_in6="no" ]
1458+ )
1459+])
1460+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1461+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1462+fi
1463+
1464+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1465+ AC_TRY_COMPILE(
1466+ [
1467+#include <sys/types.h>
1468+#include <netinet/in.h>
1469+ ],
1470+ [ struct in6_addr s; s.s6_addr[0] = 0; ],
1471+ [ ac_cv_have_struct_in6_addr="yes" ],
1472+ [ ac_cv_have_struct_in6_addr="no" ]
1473+ )
1474+])
1475+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
1476+ AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
1477+fi
1478+
1479+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
1480+ AC_TRY_COMPILE(
1481+ [
1482+#include <sys/types.h>
1483+#include <sys/socket.h>
1484+#include <netdb.h>
1485+ ],
1486+ [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
1487+ [ ac_cv_have_struct_addrinfo="yes" ],
1488+ [ ac_cv_have_struct_addrinfo="no" ]
1489+ )
1490+])
1491+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
1492+ AC_DEFINE(HAVE_STRUCT_ADDRINFO)
1493+fi
1494+
1495+AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
1496+ AC_TRY_COMPILE(
1497+ [ #include <sys/time.h> ],
1498+ [ struct timeval tv; tv.tv_sec = 1;],
1499+ [ ac_cv_have_struct_timeval="yes" ],
1500+ [ ac_cv_have_struct_timeval="no" ]
1501+ )
1502+])
1503+if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
1504+ AC_DEFINE(HAVE_STRUCT_TIMEVAL)
1505+ have_struct_timeval=1
1506+fi
1507+
1508+AC_CHECK_TYPES(struct timespec)
1509+
1510+# We need int64_t or else certian parts of the compile will fail.
1511+if test "x$ac_cv_have_int64_t" = "xno" -a \
1512+ "x$ac_cv_sizeof_long_int" != "x8" -a \
1513+ "x$ac_cv_sizeof_long_long_int" = "x0" ; then
1514+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
1515+ echo "an alternative compiler (I.E., GCC) before continuing."
1516+ echo ""
1517+ exit 1;
1518+else
1519+dnl test snprintf (broken on SCO w/gcc)
1520+ AC_TRY_RUN(
1521+ [
1522+#include <stdio.h>
1523+#include <string.h>
1524+#ifdef HAVE_SNPRINTF
1525+main()
1526+{
1527+ char buf[50];
1528+ char expected_out[50];
1529+ int mazsize = 50 ;
1530+#if (SIZEOF_LONG_INT == 8)
1531+ long int num = 0x7fffffffffffffff;
1532+#else
1533+ long long num = 0x7fffffffffffffffll;
1534+#endif
1535+ strcpy(expected_out, "9223372036854775807");
1536+ snprintf(buf, mazsize, "%lld", num);
1537+ if(strcmp(buf, expected_out) != 0)
1538+ exit(1);
1539+ exit(0);
1540+}
1541+#else
1542+main() { exit(0); }
1543+#endif
1544+ ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
1545+ )
1546+fi
1547+
1548+dnl Checks for structure members
1549+OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
1550+OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
1551+OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
1552+OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
1553+OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
1554+OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
1555+OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
1556+OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
1557+OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
1558+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
1559+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
1560+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
1561+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1562+OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
1563+OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
1564+OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
1565+OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
1566+
1567+AC_CHECK_MEMBERS([struct stat.st_blksize])
1568+
1569+AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
1570+ ac_cv_have_ss_family_in_struct_ss, [
1571+ AC_TRY_COMPILE(
1572+ [
1573+#include <sys/types.h>
1574+#include <sys/socket.h>
1575+ ],
1576+ [ struct sockaddr_storage s; s.ss_family = 1; ],
1577+ [ ac_cv_have_ss_family_in_struct_ss="yes" ],
1578+ [ ac_cv_have_ss_family_in_struct_ss="no" ],
1579+ )
1580+])
1581+if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
1582+ AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
1583+fi
1584+
1585+AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
1586+ ac_cv_have___ss_family_in_struct_ss, [
1587+ AC_TRY_COMPILE(
1588+ [
1589+#include <sys/types.h>
1590+#include <sys/socket.h>
1591+ ],
1592+ [ struct sockaddr_storage s; s.__ss_family = 1; ],
1593+ [ ac_cv_have___ss_family_in_struct_ss="yes" ],
1594+ [ ac_cv_have___ss_family_in_struct_ss="no" ]
1595+ )
1596+])
1597+if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
1598+ AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
1599+fi
1600+
1601+AC_CACHE_CHECK([for pw_class field in struct passwd],
1602+ ac_cv_have_pw_class_in_struct_passwd, [
1603+ AC_TRY_COMPILE(
1604+ [
1605+#include <pwd.h>
1606+ ],
1607+ [ struct passwd p; p.pw_class = 0; ],
1608+ [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
1609+ [ ac_cv_have_pw_class_in_struct_passwd="no" ]
1610+ )
1611+])
1612+if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
1613+ AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
1614+fi
1615+
1616+AC_CACHE_CHECK([for pw_expire field in struct passwd],
1617+ ac_cv_have_pw_expire_in_struct_passwd, [
1618+ AC_TRY_COMPILE(
1619+ [
1620+#include <pwd.h>
1621+ ],
1622+ [ struct passwd p; p.pw_expire = 0; ],
1623+ [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
1624+ [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
1625+ )
1626+])
1627+if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
1628+ AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
1629+fi
1630+
1631+AC_CACHE_CHECK([for pw_change field in struct passwd],
1632+ ac_cv_have_pw_change_in_struct_passwd, [
1633+ AC_TRY_COMPILE(
1634+ [
1635+#include <pwd.h>
1636+ ],
1637+ [ struct passwd p; p.pw_change = 0; ],
1638+ [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
1639+ [ ac_cv_have_pw_change_in_struct_passwd="no" ]
1640+ )
1641+])
1642+if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
1643+ AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
1644+fi
1645+
1646+dnl make sure we're using the real structure members and not defines
1647+AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
1648+ ac_cv_have_accrights_in_msghdr, [
1649+ AC_TRY_RUN(
1650+ [
1651+#include <sys/types.h>
1652+#include <sys/socket.h>
1653+#include <sys/uio.h>
1654+int main() {
1655+#ifdef msg_accrights
1656+exit(1);
1657+#endif
1658+struct msghdr m;
1659+m.msg_accrights = 0;
1660+exit(0);
1661+}
1662+ ],
1663+ [ ac_cv_have_accrights_in_msghdr="yes" ],
1664+ [ ac_cv_have_accrights_in_msghdr="no" ]
1665+ )
1666+])
1667+if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
1668+ AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
1669+fi
1670+
1671+AC_CACHE_CHECK([for msg_control field in struct msghdr],
1672+ ac_cv_have_control_in_msghdr, [
1673+ AC_TRY_RUN(
1674+ [
1675+#include <sys/types.h>
1676+#include <sys/socket.h>
1677+#include <sys/uio.h>
1678+int main() {
1679+#ifdef msg_control
1680+exit(1);
1681+#endif
1682+struct msghdr m;
1683+m.msg_control = 0;
1684+exit(0);
1685+}
1686+ ],
1687+ [ ac_cv_have_control_in_msghdr="yes" ],
1688+ [ ac_cv_have_control_in_msghdr="no" ]
1689+ )
1690+])
1691+if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
1692+ AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
1693+fi
1694+
1695+AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
1696+ AC_TRY_LINK([],
1697+ [ extern char *__progname; printf("%s", __progname); ],
1698+ [ ac_cv_libc_defines___progname="yes" ],
1699+ [ ac_cv_libc_defines___progname="no" ]
1700+ )
1701+])
1702+if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
1703+ AC_DEFINE(HAVE___PROGNAME)
1704+fi
1705+
1706+AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
1707+ AC_TRY_LINK([
1708+#include <stdio.h>
1709+],
1710+ [ printf("%s", __FUNCTION__); ],
1711+ [ ac_cv_cc_implements___FUNCTION__="yes" ],
1712+ [ ac_cv_cc_implements___FUNCTION__="no" ]
1713+ )
1714+])
1715+if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
1716+ AC_DEFINE(HAVE___FUNCTION__)
1717+fi
1718+
1719+AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
1720+ AC_TRY_LINK([
1721+#include <stdio.h>
1722+],
1723+ [ printf("%s", __func__); ],
1724+ [ ac_cv_cc_implements___func__="yes" ],
1725+ [ ac_cv_cc_implements___func__="no" ]
1726+ )
1727+])
1728+if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
1729+ AC_DEFINE(HAVE___func__)
1730+fi
1731+
1732+AC_CACHE_CHECK([whether getopt has optreset support],
1733+ ac_cv_have_getopt_optreset, [
1734+ AC_TRY_LINK(
1735+ [
1736+#include <getopt.h>
1737+ ],
1738+ [ extern int optreset; optreset = 0; ],
1739+ [ ac_cv_have_getopt_optreset="yes" ],
1740+ [ ac_cv_have_getopt_optreset="no" ]
1741+ )
1742+])
1743+if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
1744+ AC_DEFINE(HAVE_GETOPT_OPTRESET)
1745+fi
1746+
1747+AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
1748+ AC_TRY_LINK([],
1749+ [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
1750+ [ ac_cv_libc_defines_sys_errlist="yes" ],
1751+ [ ac_cv_libc_defines_sys_errlist="no" ]
1752+ )
1753+])
1754+if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
1755+ AC_DEFINE(HAVE_SYS_ERRLIST)
1756+fi
1757+
1758+
1759+AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
1760+ AC_TRY_LINK([],
1761+ [ extern int sys_nerr; printf("%i", sys_nerr);],
1762+ [ ac_cv_libc_defines_sys_nerr="yes" ],
1763+ [ ac_cv_libc_defines_sys_nerr="no" ]
1764+ )
1765+])
1766+if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
1767+ AC_DEFINE(HAVE_SYS_NERR)
1768+fi
1769+
1770+SCARD_MSG="no"
1771+
1772+# Check whether user wants sectok support
1773+AC_ARG_WITH(sectok,
1774+ [ --with-sectok Enable smartcard support using libsectok],
1775+ [
1776+ if test "x$withval" != "xno" ; then
1777+ if test "x$withval" != "xyes" ; then
1778+ CPPFLAGS="$CPPFLAGS -I${withval}"
1779+ LDFLAGS="$LDFLAGS -L${withval}"
1780+ if test ! -z "$need_dash_r" ; then
1781+ LDFLAGS="$LDFLAGS -R${withval}"
1782+ fi
1783+ if test ! -z "$blibpath" ; then
1784+ blibpath="$blibpath:${withval}"
1785+ fi
1786+ fi
1787+ AC_CHECK_HEADERS(sectok.h)
1788+ if test "$ac_cv_header_sectok_h" != yes; then
1789+ AC_MSG_ERROR(Can't find sectok.h)
1790+ fi
1791+ AC_CHECK_LIB(sectok, sectok_open)
1792+ if test "$ac_cv_lib_sectok_sectok_open" != yes; then
1793+ AC_MSG_ERROR(Can't find libsectok)
1794+ fi
1795+ AC_DEFINE(SMARTCARD)
1796+ AC_DEFINE(USE_SECTOK)
1797+ SCARD_MSG="yes, using sectok"
1798+ fi
1799+ ]
1800+)
1801+
1802+# Check whether user wants OpenSC support
1803+AC_ARG_WITH(opensc,
1804+ AC_HELP_STRING([--with-opensc=PFX],
1805+ [Enable smartcard support using OpenSC]),
1806+ opensc_config_prefix="$withval", opensc_config_prefix="")
1807+if test x$opensc_config_prefix != x ; then
1808+ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
1809+ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
1810+ if test "$OPENSC_CONFIG" != "no"; then
1811+ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
1812+ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
1813+ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
1814+ LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
1815+ AC_DEFINE(SMARTCARD)
1816+ AC_DEFINE(USE_OPENSC)
1817+ SCARD_MSG="yes, using OpenSC"
1818+ fi
1819+fi
1820+
1821+# Check whether user wants Kerberos 5 support
1822+KRB5_MSG="no"
1823+AC_ARG_WITH(kerberos5,
1824+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
1825+ [
1826+ if test "x$withval" != "xno" ; then
1827+ if test "x$withval" = "xyes" ; then
1828+ KRB5ROOT="/usr/local"
1829+ else
1830+ KRB5ROOT=${withval}
1831+ fi
1832+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
1833+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
1834+ AC_DEFINE(KRB5)
1835+ KRB5_MSG="yes"
1836+ AC_MSG_CHECKING(whether we are using Heimdal)
1837+ AC_TRY_COMPILE([ #include <krb5.h> ],
1838+ [ char *tmp = heimdal_version; ],
1839+ [ AC_MSG_RESULT(yes)
1840+ AC_DEFINE(HEIMDAL)
1841+ K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
1842+ ],
1843+ [ AC_MSG_RESULT(no)
1844+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
1845+ ]
1846+ )
1847+ if test ! -z "$need_dash_r" ; then
1848+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
1849+ fi
1850+ if test ! -z "$blibpath" ; then
1851+ blibpath="$blibpath:${KRB5ROOT}/lib"
1852+ fi
1853+ AC_CHECK_LIB(resolv, dn_expand, , )
1854+
1855+ KRB5=yes
1856+ fi
1857+ ]
1858+)
1859+# Check whether user wants Kerberos 4 support
1860+KRB4_MSG="no"
1861+AC_ARG_WITH(kerberos4,
1862+ [ --with-kerberos4=PATH Enable Kerberos 4 support],
1863+ [
1864+ if test "x$withval" != "xno" ; then
1865+ if test "x$withval" != "xyes" ; then
1866+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
1867+ LDFLAGS="$LDFLAGS -L${withval}/lib"
1868+ if test ! -z "$need_dash_r" ; then
1869+ LDFLAGS="$LDFLAGS -R${withval}/lib"
1870+ fi
1871+ if test ! -z "$blibpath" ; then
1872+ blibpath="$blibpath:${withval}/lib"
1873+ fi
1874+ else
1875+ if test -d /usr/include/kerberosIV ; then
1876+ CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
1877+ fi
1878+ fi
1879+
1880+ AC_CHECK_HEADERS(krb.h)
1881+ if test "$ac_cv_header_krb_h" != yes; then
1882+ AC_MSG_WARN([Cannot find krb.h, build may fail])
1883+ fi
1884+ AC_CHECK_LIB(krb, main)
1885+ if test "$ac_cv_lib_krb_main" != yes; then
1886+ AC_CHECK_LIB(krb4, main)
1887+ if test "$ac_cv_lib_krb4_main" != yes; then
1888+ AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
1889+ else
1890+ KLIBS="-lkrb4"
1891+ fi
1892+ else
1893+ KLIBS="-lkrb"
1894+ fi
1895+ AC_CHECK_LIB(des, des_cbc_encrypt)
1896+ if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
1897+ AC_CHECK_LIB(des425, des_cbc_encrypt)
1898+ if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
1899+ AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
1900+ else
1901+ KLIBS="-ldes425"
1902+ fi
1903+ else
1904+ KLIBS="-ldes"
1905+ fi
1906+ AC_CHECK_LIB(resolv, dn_expand, , )
1907+ KRB4=yes
1908+ KRB4_MSG="yes"
1909+ AC_DEFINE(KRB4)
1910+ fi
1911+ ]
1912+)
1913+
1914+# Check whether user wants AFS support
1915+AFS_MSG="no"
1916+AC_ARG_WITH(afs,
1917+ [ --with-afs=PATH Enable AFS support],
1918+ [
1919+ if test "x$withval" != "xno" ; then
1920+
1921+ if test "x$withval" != "xyes" ; then
1922+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
1923+ LDFLAGS="$LDFLAGS -L${withval}/lib"
1924+ fi
1925+
1926+ if test -z "$KRB4" ; then
1927+ AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
1928+ fi
1929+
1930+ LIBS="-lkafs $LIBS"
1931+ if test ! -z "$AFS_LIBS" ; then
1932+ LIBS="$LIBS $AFS_LIBS"
1933+ fi
1934+ AC_DEFINE(AFS)
1935+ AFS_MSG="yes"
1936+ fi
1937+ ]
1938+)
1939+LIBS="$LIBS $KLIBS $K5LIBS"
1940+
1941+# Looking for programs, paths and files
1942+
1943+PRIVSEP_PATH=/var/empty
1944+AC_ARG_WITH(privsep-path,
1945+ [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
1946+ [
1947+ if test "x$withval" != "$no" ; then
1948+ PRIVSEP_PATH=$withval
1949+ fi
1950+ ]
1951+)
1952+AC_SUBST(PRIVSEP_PATH)
1953+
1954+AC_ARG_WITH(xauth,
1955+ [ --with-xauth=PATH Specify path to xauth program ],
1956+ [
1957+ if test "x$withval" != "xno" ; then
1958+ xauth_path=$withval
1959+ fi
1960+ ],
1961+ [
1962+ TestPath="$PATH"
1963+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
1964+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
1965+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
1966+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
1967+ AC_PATH_PROG(xauth_path, xauth, , $TestPath)
1968+ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
1969+ xauth_path="/usr/openwin/bin/xauth"
1970+ fi
1971+ ]
1972+)
1973+
1974+STRIP_OPT=-s
1975+AC_ARG_ENABLE(strip,
1976+ [ --disable-strip Disable calling strip(1) on install],
1977+ [
1978+ if test "x$enableval" = "xno" ; then
1979+ STRIP_OPT=
1980+ fi
1981+ ]
1982+)
1983+AC_SUBST(STRIP_OPT)
1984+
1985+if test -z "$xauth_path" ; then
1986+ XAUTH_PATH="undefined"
1987+ AC_SUBST(XAUTH_PATH)
1988+else
1989+ AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
1990+ XAUTH_PATH=$xauth_path
1991+ AC_SUBST(XAUTH_PATH)
1992+fi
1993+
1994+# Check for mail directory (last resort if we cannot get it from headers)
1995+if test ! -z "$MAIL" ; then
1996+ maildir=`dirname $MAIL`
1997+ AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
1998+fi
1999+
2000+if test -z "$no_dev_ptmx" ; then
2001+ if test "x$disable_ptmx_check" != "xyes" ; then
2002+ AC_CHECK_FILE("/dev/ptmx",
2003+ [
2004+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2005+ have_dev_ptmx=1
2006+ ]
2007+ )
2008+ fi
2009+fi
2010+AC_CHECK_FILE("/dev/ptc",
2011+ [
2012+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2013+ have_dev_ptc=1
2014+ ]
2015+)
2016+
2017+# Options from here on. Some of these are preset by platform above
2018+AC_ARG_WITH(mantype,
2019+ [ --with-mantype=man|cat|doc Set man page type],
2020+ [
2021+ case "$withval" in
2022+ man|cat|doc)
2023+ MANTYPE=$withval
2024+ ;;
2025+ *)
2026+ AC_MSG_ERROR(invalid man type: $withval)
2027+ ;;
2028+ esac
2029+ ]
2030+)
2031+if test -z "$MANTYPE"; then
2032+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2033+ AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2034+ if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2035+ MANTYPE=doc
2036+ elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2037+ MANTYPE=man
2038+ else
2039+ MANTYPE=cat
2040+ fi
2041+fi
2042+AC_SUBST(MANTYPE)
2043+if test "$MANTYPE" = "doc"; then
2044+ mansubdir=man;
2045+else
2046+ mansubdir=$MANTYPE;
2047+fi
2048+AC_SUBST(mansubdir)
2049+
2050+# Check whether to enable MD5 passwords
2051+MD5_MSG="no"
2052+AC_ARG_WITH(md5-passwords,
2053+ [ --with-md5-passwords Enable use of MD5 passwords],
2054+ [
2055+ if test "x$withval" != "xno" ; then
2056+ AC_DEFINE(HAVE_MD5_PASSWORDS)
2057+ MD5_MSG="yes"
2058+ fi
2059+ ]
2060+)
2061+
2062+# Whether to disable shadow password support
2063+AC_ARG_WITH(shadow,
2064+ [ --without-shadow Disable shadow password support],
2065+ [
2066+ if test "x$withval" = "xno" ; then
2067+ AC_DEFINE(DISABLE_SHADOW)
2068+ disable_shadow=yes
2069+ fi
2070+ ]
2071+)
2072+
2073+if test -z "$disable_shadow" ; then
2074+ AC_MSG_CHECKING([if the systems has expire shadow information])
2075+ AC_TRY_COMPILE(
2076+ [
2077+#include <sys/types.h>
2078+#include <shadow.h>
2079+ struct spwd sp;
2080+ ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2081+ [ sp_expire_available=yes ], []
2082+ )
2083+
2084+ if test "x$sp_expire_available" = "xyes" ; then
2085+ AC_MSG_RESULT(yes)
2086+ AC_DEFINE(HAS_SHADOW_EXPIRE)
2087+ else
2088+ AC_MSG_RESULT(no)
2089+ fi
2090+fi
2091+
2092+# Use ip address instead of hostname in $DISPLAY
2093+if test ! -z "$IPADDR_IN_DISPLAY" ; then
2094+ DISPLAY_HACK_MSG="yes"
2095+ AC_DEFINE(IPADDR_IN_DISPLAY)
2096+else
2097+ DISPLAY_HACK_MSG="no"
2098+ AC_ARG_WITH(ipaddr-display,
2099+ [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2100+ [
2101+ if test "x$withval" != "xno" ; then
2102+ AC_DEFINE(IPADDR_IN_DISPLAY)
2103+ DISPLAY_HACK_MSG="yes"
2104+ fi
2105+ ]
2106+ )
2107+fi
2108+
2109+dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2110+if test $ac_cv_func_login_getcapbool = "yes" -a \
2111+ $ac_cv_header_login_cap_h = "yes" ; then
2112+ USES_LOGIN_CONF=yes
2113+fi
2114+# Whether to mess with the default path
2115+SERVER_PATH_MSG="(default)"
2116+AC_ARG_WITH(default-path,
2117+ [ --with-default-path= Specify default \$PATH environment for server],
2118+ [
2119+ if test "$USES_LOGIN_CONF" = "yes" ; then
2120+ AC_MSG_WARN([
2121+--with-default-path=PATH has no effect on this system.
2122+Edit /etc/login.conf instead.])
2123+ elif test "x$withval" != "xno" ; then
2124+ user_path="$withval"
2125+ SERVER_PATH_MSG="$withval"
2126+ fi
2127+ ],
2128+ [ if test "$USES_LOGIN_CONF" = "yes" ; then
2129+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2130+ else
2131+ AC_TRY_RUN(
2132+ [
2133+/* find out what STDPATH is */
2134+#include <stdio.h>
2135+#ifdef HAVE_PATHS_H
2136+# include <paths.h>
2137+#endif
2138+#ifndef _PATH_STDPATH
2139+# ifdef _PATH_USERPATH /* Irix */
2140+# define _PATH_STDPATH _PATH_USERPATH
2141+# else
2142+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2143+# endif
2144+#endif
2145+#include <sys/types.h>
2146+#include <sys/stat.h>
2147+#include <fcntl.h>
2148+#define DATA "conftest.stdpath"
2149+
2150+main()
2151+{
2152+ FILE *fd;
2153+ int rc;
2154+
2155+ fd = fopen(DATA,"w");
2156+ if(fd == NULL)
2157+ exit(1);
2158+
2159+ if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2160+ exit(1);
2161+
2162+ exit(0);
2163+}
2164+ ], [ user_path=`cat conftest.stdpath` ],
2165+ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2166+ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2167+ )
2168+# make sure $bindir is in USER_PATH so scp will work
2169+ t_bindir=`eval echo ${bindir}`
2170+ case $t_bindir in
2171+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2172+ esac
2173+ case $t_bindir in
2174+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2175+ esac
2176+ echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
2177+ if test $? -ne 0 ; then
2178+ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
2179+ if test $? -ne 0 ; then
2180+ user_path=$user_path:$t_bindir
2181+ AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2182+ fi
2183+ fi
2184+ fi ]
2185+)
2186+if test "$USES_LOGIN_CONF" != "yes" ; then
2187+ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2188+ AC_SUBST(user_path)
2189+fi
2190+
2191+# Set superuser path separately to user path
2192+AC_ARG_WITH(superuser-path,
2193+ [ --with-superuser-path= Specify different path for super-user],
2194+ [
2195+ if test "x$withval" != "xno" ; then
2196+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2197+ superuser_path=$withval
2198+ fi
2199+ ]
2200+)
2201+
2202+
2203+# Whether to force IPv4 by default (needed on broken glibc Linux)
2204+IPV4_HACK_MSG="no"
2205+AC_ARG_WITH(ipv4-default,
2206+ [ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
2207+ [
2208+ if test "x$withval" != "xno" ; then
2209+ AC_DEFINE(IPV4_DEFAULT)
2210+ IPV4_HACK_MSG="yes"
2211+ fi
2212+ ]
2213+)
2214+
2215+AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2216+IPV4_IN6_HACK_MSG="no"
2217+AC_ARG_WITH(4in6,
2218+ [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
2219+ [
2220+ if test "x$withval" != "xno" ; then
2221+ AC_MSG_RESULT(yes)
2222+ AC_DEFINE(IPV4_IN_IPV6)
2223+ IPV4_IN6_HACK_MSG="yes"
2224+ else
2225+ AC_MSG_RESULT(no)
2226+ fi
2227+ ],[
2228+ if test "x$inet6_default_4in6" = "xyes"; then
2229+ AC_MSG_RESULT([yes (default)])
2230+ AC_DEFINE(IPV4_IN_IPV6)
2231+ IPV4_IN6_HACK_MSG="yes"
2232+ else
2233+ AC_MSG_RESULT([no (default)])
2234+ fi
2235+ ]
2236+)
2237+
2238+# Whether to enable BSD auth support
2239+BSD_AUTH_MSG=no
2240+AC_ARG_WITH(bsd-auth,
2241+ [ --with-bsd-auth Enable BSD auth support],
2242+ [
2243+ if test "x$withval" != "xno" ; then
2244+ AC_DEFINE(BSD_AUTH)
2245+ BSD_AUTH_MSG=yes
2246+ fi
2247+ ]
2248+)
2249+
2250+# Where to place sshd.pid
2251+piddir=/var/run
2252+# make sure the directory exists
2253+if test ! -d $piddir ; then
2254+ piddir=`eval echo ${sysconfdir}`
2255+ case $piddir in
2256+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2257+ esac
2258+fi
2259+
2260+AC_ARG_WITH(pid-dir,
2261+ [ --with-pid-dir=PATH Specify location of ssh.pid file],
2262+ [
2263+ if test "x$withval" != "xno" ; then
2264+ piddir=$withval
2265+ if test ! -d $piddir ; then
2266+ AC_MSG_WARN([** no $piddir directory on this system **])
2267+ fi
2268+ fi
2269+ ]
2270+)
2271+
2272+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2273+AC_SUBST(piddir)
2274+
2275+dnl allow user to disable some login recording features
2276+AC_ARG_ENABLE(lastlog,
2277+ [ --disable-lastlog disable use of lastlog even if detected [no]],
2278+ [ AC_DEFINE(DISABLE_LASTLOG) ]
2279+)
2280+AC_ARG_ENABLE(utmp,
2281+ [ --disable-utmp disable use of utmp even if detected [no]],
2282+ [ AC_DEFINE(DISABLE_UTMP) ]
2283+)
2284+AC_ARG_ENABLE(utmpx,
2285+ [ --disable-utmpx disable use of utmpx even if detected [no]],
2286+ [ AC_DEFINE(DISABLE_UTMPX) ]
2287+)
2288+AC_ARG_ENABLE(wtmp,
2289+ [ --disable-wtmp disable use of wtmp even if detected [no]],
2290+ [ AC_DEFINE(DISABLE_WTMP) ]
2291+)
2292+AC_ARG_ENABLE(wtmpx,
2293+ [ --disable-wtmpx disable use of wtmpx even if detected [no]],
2294+ [ AC_DEFINE(DISABLE_WTMPX) ]
2295+)
2296+AC_ARG_ENABLE(libutil,
2297+ [ --disable-libutil disable use of libutil (login() etc.) [no]],
2298+ [ AC_DEFINE(DISABLE_LOGIN) ]
2299+)
2300+AC_ARG_ENABLE(pututline,
2301+ [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
2302+ [ AC_DEFINE(DISABLE_PUTUTLINE) ]
2303+)
2304+AC_ARG_ENABLE(pututxline,
2305+ [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
2306+ [ AC_DEFINE(DISABLE_PUTUTXLINE) ]
2307+)
2308+AC_ARG_WITH(lastlog,
2309+ [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2310+ [
2311+ if test "x$withval" = "xno" ; then
2312+ AC_DEFINE(DISABLE_LASTLOG)
2313+ else
2314+ conf_lastlog_location=$withval
2315+ fi
2316+ ]
2317+)
2318+
2319+dnl lastlog, [uw]tmpx? detection
2320+dnl NOTE: set the paths in the platform section to avoid the
2321+dnl need for command-line parameters
2322+dnl lastlog and [uw]tmp are subject to a file search if all else fails
2323+
2324+dnl lastlog detection
2325+dnl NOTE: the code itself will detect if lastlog is a directory
2326+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2327+AC_TRY_COMPILE([
2328+#include <sys/types.h>
2329+#include <utmp.h>
2330+#ifdef HAVE_LASTLOG_H
2331+# include <lastlog.h>
2332+#endif
2333+#ifdef HAVE_PATHS_H
2334+# include <paths.h>
2335+#endif
2336+#ifdef HAVE_LOGIN_H
2337+# include <login.h>
2338+#endif
2339+ ],
2340+ [ char *lastlog = LASTLOG_FILE; ],
2341+ [ AC_MSG_RESULT(yes) ],
2342+ [
2343+ AC_MSG_RESULT(no)
2344+ AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2345+ AC_TRY_COMPILE([
2346+#include <sys/types.h>
2347+#include <utmp.h>
2348+#ifdef HAVE_LASTLOG_H
2349+# include <lastlog.h>
2350+#endif
2351+#ifdef HAVE_PATHS_H
2352+# include <paths.h>
2353+#endif
2354+ ],
2355+ [ char *lastlog = _PATH_LASTLOG; ],
2356+ [ AC_MSG_RESULT(yes) ],
2357+ [
2358+ AC_MSG_RESULT(no)
2359+ system_lastlog_path=no
2360+ ])
2361+ ]
2362+)
2363+
2364+if test -z "$conf_lastlog_location"; then
2365+ if test x"$system_lastlog_path" = x"no" ; then
2366+ for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2367+ if (test -d "$f" || test -f "$f") ; then
2368+ conf_lastlog_location=$f
2369+ fi
2370+ done
2371+ if test -z "$conf_lastlog_location"; then
2372+ AC_MSG_WARN([** Cannot find lastlog **])
2373+ dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2374+ fi
2375+ fi
2376+fi
2377+
2378+if test -n "$conf_lastlog_location"; then
2379+ AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2380+fi
2381+
2382+dnl utmp detection
2383+AC_MSG_CHECKING([if your system defines UTMP_FILE])
2384+AC_TRY_COMPILE([
2385+#include <sys/types.h>
2386+#include <utmp.h>
2387+#ifdef HAVE_PATHS_H
2388+# include <paths.h>
2389+#endif
2390+ ],
2391+ [ char *utmp = UTMP_FILE; ],
2392+ [ AC_MSG_RESULT(yes) ],
2393+ [ AC_MSG_RESULT(no)
2394+ system_utmp_path=no ]
2395+)
2396+if test -z "$conf_utmp_location"; then
2397+ if test x"$system_utmp_path" = x"no" ; then
2398+ for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
2399+ if test -f $f ; then
2400+ conf_utmp_location=$f
2401+ fi
2402+ done
2403+ if test -z "$conf_utmp_location"; then
2404+ AC_DEFINE(DISABLE_UTMP)
2405+ fi
2406+ fi
2407+fi
2408+if test -n "$conf_utmp_location"; then
2409+ AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
2410+fi
2411+
2412+dnl wtmp detection
2413+AC_MSG_CHECKING([if your system defines WTMP_FILE])
2414+AC_TRY_COMPILE([
2415+#include <sys/types.h>
2416+#include <utmp.h>
2417+#ifdef HAVE_PATHS_H
2418+# include <paths.h>
2419+#endif
2420+ ],
2421+ [ char *wtmp = WTMP_FILE; ],
2422+ [ AC_MSG_RESULT(yes) ],
2423+ [ AC_MSG_RESULT(no)
2424+ system_wtmp_path=no ]
2425+)
2426+if test -z "$conf_wtmp_location"; then
2427+ if test x"$system_wtmp_path" = x"no" ; then
2428+ for f in /usr/adm/wtmp /var/log/wtmp; do
2429+ if test -f $f ; then
2430+ conf_wtmp_location=$f
2431+ fi
2432+ done
2433+ if test -z "$conf_wtmp_location"; then
2434+ AC_DEFINE(DISABLE_WTMP)
2435+ fi
2436+ fi
2437+fi
2438+if test -n "$conf_wtmp_location"; then
2439+ AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
2440+fi
2441+
2442+
2443+dnl utmpx detection - I don't know any system so perverse as to require
2444+dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
2445+dnl there, though.
2446+AC_MSG_CHECKING([if your system defines UTMPX_FILE])
2447+AC_TRY_COMPILE([
2448+#include <sys/types.h>
2449+#include <utmp.h>
2450+#ifdef HAVE_UTMPX_H
2451+#include <utmpx.h>
2452+#endif
2453+#ifdef HAVE_PATHS_H
2454+# include <paths.h>
2455+#endif
2456+ ],
2457+ [ char *utmpx = UTMPX_FILE; ],
2458+ [ AC_MSG_RESULT(yes) ],
2459+ [ AC_MSG_RESULT(no)
2460+ system_utmpx_path=no ]
2461+)
2462+if test -z "$conf_utmpx_location"; then
2463+ if test x"$system_utmpx_path" = x"no" ; then
2464+ AC_DEFINE(DISABLE_UTMPX)
2465+ fi
2466+else
2467+ AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
2468+fi
2469+
2470+dnl wtmpx detection
2471+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
2472+AC_TRY_COMPILE([
2473+#include <sys/types.h>
2474+#include <utmp.h>
2475+#ifdef HAVE_UTMPX_H
2476+#include <utmpx.h>
2477+#endif
2478+#ifdef HAVE_PATHS_H
2479+# include <paths.h>
2480+#endif
2481+ ],
2482+ [ char *wtmpx = WTMPX_FILE; ],
2483+ [ AC_MSG_RESULT(yes) ],
2484+ [ AC_MSG_RESULT(no)
2485+ system_wtmpx_path=no ]
2486+)
2487+if test -z "$conf_wtmpx_location"; then
2488+ if test x"$system_wtmpx_path" = x"no" ; then
2489+ AC_DEFINE(DISABLE_WTMPX)
2490+ fi
2491+else
2492+ AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
2493+fi
2494+
2495+
2496+if test ! -z "$blibpath" ; then
2497+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
2498+ AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
2499+fi
2500+
2501+dnl remove pam and dl because they are in $LIBPAM
2502+if test "$PAM_MSG" = yes ; then
2503+ LIBS=`echo $LIBS | sed 's/-lpam //'`
2504+fi
2505+if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
2506+ LIBS=`echo $LIBS | sed 's/-ldl //'`
2507+fi
2508+
2509+AC_EXEEXT
2510+AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
2511+AC_OUTPUT
2512+
2513+# Print summary of options
2514+
2515+# Someone please show me a better way :)
2516+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
2517+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
2518+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
2519+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
2520+E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
2521+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
2522+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
2523+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
2524+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
2525+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
2526+
2527+echo ""
2528+echo "OpenSSH has been configured with the following options:"
2529+echo " User binaries: $B"
2530+echo " System binaries: $C"
2531+echo " Configuration files: $D"
2532+echo " Askpass program: $E"
2533+echo " Manual pages: $F"
2534+echo " PID file: $G"
2535+echo " Privilege separation chroot path: $H"
2536+if test "$USES_LOGIN_CONF" = "yes" ; then
2537+echo " At runtime, sshd will use the path defined in /etc/login.conf"
2538+else
2539+echo " sshd default user PATH: $I"
2540+fi
2541+if test ! -z "$superuser_path" ; then
2542+echo " sshd superuser user PATH: $J"
2543+fi
2544+echo " Manpage format: $MANTYPE"
2545+echo " PAM support: ${PAM_MSG}"
2546+echo " KerberosIV support: $KRB4_MSG"
2547+echo " KerberosV support: $KRB5_MSG"
2548+echo " Smartcard support: $SCARD_MSG"
2549+echo " AFS support: $AFS_MSG"
2550+echo " S/KEY support: $SKEY_MSG"
2551+echo " TCP Wrappers support: $TCPW_MSG"
2552+echo " MD5 password support: $MD5_MSG"
2553+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
2554+echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
2555+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
2556+echo " BSD Auth support: $BSD_AUTH_MSG"
2557+echo " Random number source: $RAND_MSG"
2558+if test ! -z "$USE_RAND_HELPER" ; then
2559+echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
2560+fi
2561+
2562+echo ""
2563+
2564+echo " Host: ${host}"
2565+echo " Compiler: ${CC}"
2566+echo " Compiler flags: ${CFLAGS}"
2567+echo "Preprocessor flags: ${CPPFLAGS}"
2568+echo " Linker flags: ${LDFLAGS}"
2569+echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
2570+
2571+echo ""
2572+
2573+if test "x$PAM_MSG" = "xyes" ; then
2574+ echo "PAM is enabled. You may need to install a PAM control file "
2575+ echo "for sshd, otherwise password authentication may fail. "
2576+ echo "Example PAM control files can be found in the contrib/ "
2577+ echo "subdirectory"
2578+ echo ""
2579+fi
2580+
2581+if test ! -z "$RAND_HELPER_CMDHASH" ; then
2582+ echo "WARNING: you are using the builtin random number collection "
2583+ echo "service. Please read WARNING.RNG and request that your OS "
2584+ echo "vendor includes kernel-based random number collection in "
2585+ echo "future versions of your OS."
2586+ echo ""
2587+fi
2588+
2589diff -urN openssh-3.6.1p2-orig/servconf.c openssh-3.6.1p2/servconf.c
2590--- openssh-3.6.1p2-orig/servconf.c 2003-02-23 18:04:34.000000000 -0700
2591+++ openssh-3.6.1p2/servconf.c 2003-07-26 16:57:54.000000000 -0600
2592@@ -17,7 +17,7 @@
2593 #endif
2594 #if defined(KRB5)
2595 #ifdef HEIMDAL
2596-#include <krb.h>
2597+#include <krb5.h>
2598 #else
2599 /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
2600 * keytab */
2601diff -urN openssh-3.6.1p2-orig/servconf.c~ openssh-3.6.1p2/servconf.c~
2602--- openssh-3.6.1p2-orig/servconf.c~ 1969-12-31 17:00:00.000000000 -0700
2603+++ openssh-3.6.1p2/servconf.c~ 2003-07-26 16:57:47.000000000 -0600
2604@@ -0,0 +1,955 @@
2605+/*
2606+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
2607+ * All rights reserved
2608+ *
2609+ * As far as I am concerned, the code I have written for this software
2610+ * can be used freely for any purpose. Any derived versions of this
2611+ * software must be clearly marked as such, and if the derived work is
2612+ * incompatible with the protocol description in the RFC file, it must be
2613+ * called by a name other than "ssh" or "Secure Shell".
2614+ */
2615+
2616+#include "includes.h"
2617+RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
2618+
2619+#if defined(KRB4)
2620+#include <krb.h>
2621+#endif
2622+#if defined(KRB5)
2623+#ifdef HEIMDAL
2624+#include <krb5.h>
2625+#else
2626+/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
2627+ * keytab */
2628+#define KEYFILE "/etc/krb5.keytab"
2629+#endif
2630+#endif
2631+#ifdef AFS
2632+#include <kafs.h>
2633+#endif
2634+
2635+#include "ssh.h"
2636+#include "log.h"
2637+#include "servconf.h"
2638+#include "xmalloc.h"
2639+#include "compat.h"
2640+#include "pathnames.h"
2641+#include "tildexpand.h"
2642+#include "misc.h"
2643+#include "cipher.h"
2644+#include "kex.h"
2645+#include "mac.h"
2646+
2647+static void add_listen_addr(ServerOptions *, char *, u_short);
2648+static void add_one_listen_addr(ServerOptions *, char *, u_short);
2649+
2650+/* AF_UNSPEC or AF_INET or AF_INET6 */
2651+extern int IPv4or6;
2652+/* Use of privilege separation or not */
2653+extern int use_privsep;
2654+
2655+/* Initializes the server options to their default values. */
2656+
2657+void
2658+initialize_server_options(ServerOptions *options)
2659+{
2660+ memset(options, 0, sizeof(*options));
2661+
2662+ /* Portable-specific options */
2663+ options->pam_authentication_via_kbd_int = -1;
2664+
2665+ /* Standard Options */
2666+ options->num_ports = 0;
2667+ options->ports_from_cmdline = 0;
2668+ options->listen_addrs = NULL;
2669+ options->num_host_key_files = 0;
2670+ options->pid_file = NULL;
2671+ options->server_key_bits = -1;
2672+ options->login_grace_time = -1;
2673+ options->key_regeneration_time = -1;
2674+ options->permit_root_login = PERMIT_NOT_SET;
2675+ options->ignore_rhosts = -1;
2676+ options->ignore_user_known_hosts = -1;
2677+ options->print_motd = -1;
2678+ options->print_lastlog = -1;
2679+ options->x11_forwarding = -1;
2680+ options->x11_display_offset = -1;
2681+ options->x11_use_localhost = -1;
2682+ options->xauth_location = NULL;
2683+ options->strict_modes = -1;
2684+ options->keepalives = -1;
2685+ options->log_facility = SYSLOG_FACILITY_NOT_SET;
2686+ options->log_level = SYSLOG_LEVEL_NOT_SET;
2687+ options->rhosts_authentication = -1;
2688+ options->rhosts_rsa_authentication = -1;
2689+ options->hostbased_authentication = -1;
2690+ options->hostbased_uses_name_from_packet_only = -1;
2691+ options->rsa_authentication = -1;
2692+ options->pubkey_authentication = -1;
2693+#if defined(KRB4) || defined(KRB5)
2694+ options->kerberos_authentication = -1;
2695+ options->kerberos_or_local_passwd = -1;
2696+ options->kerberos_ticket_cleanup = -1;
2697+#endif
2698+#if defined(AFS) || defined(KRB5)
2699+ options->kerberos_tgt_passing = -1;
2700+#endif
2701+#ifdef AFS
2702+ options->afs_token_passing = -1;
2703+#endif
2704+ options->password_authentication = -1;
2705+ options->kbd_interactive_authentication = -1;
2706+ options->challenge_response_authentication = -1;
2707+ options->permit_empty_passwd = -1;
2708+ options->permit_user_env = -1;
2709+ options->use_login = -1;
2710+ options->compression = -1;
2711+ options->allow_tcp_forwarding = -1;
2712+ options->num_allow_users = 0;
2713+ options->num_deny_users = 0;
2714+ options->num_allow_groups = 0;
2715+ options->num_deny_groups = 0;
2716+ options->ciphers = NULL;
2717+ options->macs = NULL;
2718+ options->protocol = SSH_PROTO_UNKNOWN;
2719+ options->gateway_ports = -1;
2720+ options->num_subsystems = 0;
2721+ options->max_startups_begin = -1;
2722+ options->max_startups_rate = -1;
2723+ options->max_startups = -1;
2724+ options->banner = NULL;
2725+ options->verify_reverse_mapping = -1;
2726+ options->client_alive_interval = -1;
2727+ options->client_alive_count_max = -1;
2728+ options->authorized_keys_file = NULL;
2729+ options->authorized_keys_file2 = NULL;
2730+
2731+ /* Needs to be accessable in many places */
2732+ use_privsep = -1;
2733+}
2734+
2735+void
2736+fill_default_server_options(ServerOptions *options)
2737+{
2738+ /* Portable-specific options */
2739+ if (options->pam_authentication_via_kbd_int == -1)
2740+ options->pam_authentication_via_kbd_int = 0;
2741+
2742+ /* Standard Options */
2743+ if (options->protocol == SSH_PROTO_UNKNOWN)
2744+ options->protocol = SSH_PROTO_1|SSH_PROTO_2;
2745+ if (options->num_host_key_files == 0) {
2746+ /* fill default hostkeys for protocols */
2747+ if (options->protocol & SSH_PROTO_1)
2748+ options->host_key_files[options->num_host_key_files++] =
2749+ _PATH_HOST_KEY_FILE;
2750+ if (options->protocol & SSH_PROTO_2) {
2751+ options->host_key_files[options->num_host_key_files++] =
2752+ _PATH_HOST_RSA_KEY_FILE;
2753+ options->host_key_files[options->num_host_key_files++] =
2754+ _PATH_HOST_DSA_KEY_FILE;
2755+ }
2756+ }
2757+ if (options->num_ports == 0)
2758+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
2759+ if (options->listen_addrs == NULL)
2760+ add_listen_addr(options, NULL, 0);
2761+ if (options->pid_file == NULL)
2762+ options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
2763+ if (options->server_key_bits == -1)
2764+ options->server_key_bits = 768;
2765+ if (options->login_grace_time == -1)
2766+ options->login_grace_time = 120;
2767+ if (options->key_regeneration_time == -1)
2768+ options->key_regeneration_time = 3600;
2769+ if (options->permit_root_login == PERMIT_NOT_SET)
2770+ options->permit_root_login = PERMIT_YES;
2771+ if (options->ignore_rhosts == -1)
2772+ options->ignore_rhosts = 1;
2773+ if (options->ignore_user_known_hosts == -1)
2774+ options->ignore_user_known_hosts = 0;
2775+ if (options->print_motd == -1)
2776+ options->print_motd = 1;
2777+ if (options->print_lastlog == -1)
2778+ options->print_lastlog = 1;
2779+ if (options->x11_forwarding == -1)
2780+ options->x11_forwarding = 0;
2781+ if (options->x11_display_offset == -1)
2782+ options->x11_display_offset = 10;
2783+ if (options->x11_use_localhost == -1)
2784+ options->x11_use_localhost = 1;
2785+ if (options->xauth_location == NULL)
2786+ options->xauth_location = _PATH_XAUTH;
2787+ if (options->strict_modes == -1)
2788+ options->strict_modes = 1;
2789+ if (options->keepalives == -1)
2790+ options->keepalives = 1;
2791+ if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
2792+ options->log_facility = SYSLOG_FACILITY_AUTH;
2793+ if (options->log_level == SYSLOG_LEVEL_NOT_SET)
2794+ options->log_level = SYSLOG_LEVEL_INFO;
2795+ if (options->rhosts_authentication == -1)
2796+ options->rhosts_authentication = 0;
2797+ if (options->rhosts_rsa_authentication == -1)
2798+ options->rhosts_rsa_authentication = 0;
2799+ if (options->hostbased_authentication == -1)
2800+ options->hostbased_authentication = 0;
2801+ if (options->hostbased_uses_name_from_packet_only == -1)
2802+ options->hostbased_uses_name_from_packet_only = 0;
2803+ if (options->rsa_authentication == -1)
2804+ options->rsa_authentication = 1;
2805+ if (options->pubkey_authentication == -1)
2806+ options->pubkey_authentication = 1;
2807+#if defined(KRB4) || defined(KRB5)
2808+ if (options->kerberos_authentication == -1)
2809+ options->kerberos_authentication = 0;
2810+ if (options->kerberos_or_local_passwd == -1)
2811+ options->kerberos_or_local_passwd = 1;
2812+ if (options->kerberos_ticket_cleanup == -1)
2813+ options->kerberos_ticket_cleanup = 1;
2814+#endif
2815+#if defined(AFS) || defined(KRB5)
2816+ if (options->kerberos_tgt_passing == -1)
2817+ options->kerberos_tgt_passing = 0;
2818+#endif
2819+#ifdef AFS
2820+ if (options->afs_token_passing == -1)
2821+ options->afs_token_passing = 0;
2822+#endif
2823+ if (options->password_authentication == -1)
2824+ options->password_authentication = 1;
2825+ if (options->kbd_interactive_authentication == -1)
2826+ options->kbd_interactive_authentication = 0;
2827+ if (options->challenge_response_authentication == -1)
2828+ options->challenge_response_authentication = 1;
2829+ if (options->permit_empty_passwd == -1)
2830+ options->permit_empty_passwd = 0;
2831+ if (options->permit_user_env == -1)
2832+ options->permit_user_env = 0;
2833+ if (options->use_login == -1)
2834+ options->use_login = 0;
2835+ if (options->compression == -1)
2836+ options->compression = 1;
2837+ if (options->allow_tcp_forwarding == -1)
2838+ options->allow_tcp_forwarding = 1;
2839+ if (options->gateway_ports == -1)
2840+ options->gateway_ports = 0;
2841+ if (options->max_startups == -1)
2842+ options->max_startups = 10;
2843+ if (options->max_startups_rate == -1)
2844+ options->max_startups_rate = 100; /* 100% */
2845+ if (options->max_startups_begin == -1)
2846+ options->max_startups_begin = options->max_startups;
2847+ if (options->verify_reverse_mapping == -1)
2848+ options->verify_reverse_mapping = 0;
2849+ if (options->client_alive_interval == -1)
2850+ options->client_alive_interval = 0;
2851+ if (options->client_alive_count_max == -1)
2852+ options->client_alive_count_max = 3;
2853+ if (options->authorized_keys_file2 == NULL) {
2854+ /* authorized_keys_file2 falls back to authorized_keys_file */
2855+ if (options->authorized_keys_file != NULL)
2856+ options->authorized_keys_file2 = options->authorized_keys_file;
2857+ else
2858+ options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
2859+ }
2860+ if (options->authorized_keys_file == NULL)
2861+ options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
2862+
2863+ /* Turn privilege separation on by default */
2864+ if (use_privsep == -1)
2865+ use_privsep = 1;
2866+
2867+#ifndef HAVE_MMAP
2868+ if (use_privsep && options->compression == 1) {
2869+ error("This platform does not support both privilege "
2870+ "separation and compression");
2871+ error("Compression disabled");
2872+ options->compression = 0;
2873+ }
2874+#endif
2875+
2876+}
2877+
2878+/* Keyword tokens. */
2879+typedef enum {
2880+ sBadOption, /* == unknown option */
2881+ /* Portable-specific options */
2882+ sPAMAuthenticationViaKbdInt,
2883+ /* Standard Options */
2884+ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
2885+ sPermitRootLogin, sLogFacility, sLogLevel,
2886+ sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
2887+#if defined(KRB4) || defined(KRB5)
2888+ sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
2889+#endif
2890+#if defined(AFS) || defined(KRB5)
2891+ sKerberosTgtPassing,
2892+#endif
2893+#ifdef AFS
2894+ sAFSTokenPassing,
2895+#endif
2896+ sChallengeResponseAuthentication,
2897+ sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
2898+ sPrintMotd, sPrintLastLog, sIgnoreRhosts,
2899+ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
2900+ sStrictModes, sEmptyPasswd, sKeepAlives,
2901+ sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
2902+ sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
2903+ sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
2904+ sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
2905+ sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
2906+ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
2907+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
2908+ sUsePrivilegeSeparation,
2909+ sDeprecated
2910+} ServerOpCodes;
2911+
2912+/* Textual representation of the tokens. */
2913+static struct {
2914+ const char *name;
2915+ ServerOpCodes opcode;
2916+} keywords[] = {
2917+ /* Portable-specific options */
2918+ { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
2919+ /* Standard Options */
2920+ { "port", sPort },
2921+ { "hostkey", sHostKeyFile },
2922+ { "hostdsakey", sHostKeyFile }, /* alias */
2923+ { "pidfile", sPidFile },
2924+ { "serverkeybits", sServerKeyBits },
2925+ { "logingracetime", sLoginGraceTime },
2926+ { "keyregenerationinterval", sKeyRegenerationTime },
2927+ { "permitrootlogin", sPermitRootLogin },
2928+ { "syslogfacility", sLogFacility },
2929+ { "loglevel", sLogLevel },
2930+ { "rhostsauthentication", sRhostsAuthentication },
2931+ { "rhostsrsaauthentication", sRhostsRSAAuthentication },
2932+ { "hostbasedauthentication", sHostbasedAuthentication },
2933+ { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
2934+ { "rsaauthentication", sRSAAuthentication },
2935+ { "pubkeyauthentication", sPubkeyAuthentication },
2936+ { "dsaauthentication", sPubkeyAuthentication }, /* alias */
2937+#if defined(KRB4) || defined(KRB5)
2938+ { "kerberosauthentication", sKerberosAuthentication },
2939+ { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
2940+ { "kerberosticketcleanup", sKerberosTicketCleanup },
2941+#endif
2942+#if defined(AFS) || defined(KRB5)
2943+ { "kerberostgtpassing", sKerberosTgtPassing },
2944+#endif
2945+#ifdef AFS
2946+ { "afstokenpassing", sAFSTokenPassing },
2947+#endif
2948+ { "passwordauthentication", sPasswordAuthentication },
2949+ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
2950+ { "challengeresponseauthentication", sChallengeResponseAuthentication },
2951+ { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
2952+ { "checkmail", sDeprecated },
2953+ { "listenaddress", sListenAddress },
2954+ { "printmotd", sPrintMotd },
2955+ { "printlastlog", sPrintLastLog },
2956+ { "ignorerhosts", sIgnoreRhosts },
2957+ { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
2958+ { "x11forwarding", sX11Forwarding },
2959+ { "x11displayoffset", sX11DisplayOffset },
2960+ { "x11uselocalhost", sX11UseLocalhost },
2961+ { "xauthlocation", sXAuthLocation },
2962+ { "strictmodes", sStrictModes },
2963+ { "permitemptypasswords", sEmptyPasswd },
2964+ { "permituserenvironment", sPermitUserEnvironment },
2965+ { "uselogin", sUseLogin },
2966+ { "compression", sCompression },
2967+ { "keepalive", sKeepAlives },
2968+ { "allowtcpforwarding", sAllowTcpForwarding },
2969+ { "allowusers", sAllowUsers },
2970+ { "denyusers", sDenyUsers },
2971+ { "allowgroups", sAllowGroups },
2972+ { "denygroups", sDenyGroups },
2973+ { "ciphers", sCiphers },
2974+ { "macs", sMacs },
2975+ { "protocol", sProtocol },
2976+ { "gatewayports", sGatewayPorts },
2977+ { "subsystem", sSubsystem },
2978+ { "maxstartups", sMaxStartups },
2979+ { "banner", sBanner },
2980+ { "verifyreversemapping", sVerifyReverseMapping },
2981+ { "reversemappingcheck", sVerifyReverseMapping },
2982+ { "clientaliveinterval", sClientAliveInterval },
2983+ { "clientalivecountmax", sClientAliveCountMax },
2984+ { "authorizedkeysfile", sAuthorizedKeysFile },
2985+ { "authorizedkeysfile2", sAuthorizedKeysFile2 },
2986+ { "useprivilegeseparation", sUsePrivilegeSeparation},
2987+ { NULL, sBadOption }
2988+};
2989+
2990+/*
2991+ * Returns the number of the token pointed to by cp or sBadOption.
2992+ */
2993+
2994+static ServerOpCodes
2995+parse_token(const char *cp, const char *filename,
2996+ int linenum)
2997+{
2998+ u_int i;
2999+
3000+ for (i = 0; keywords[i].name; i++)
3001+ if (strcasecmp(cp, keywords[i].name) == 0)
3002+ return keywords[i].opcode;
3003+
3004+ error("%s: line %d: Bad configuration option: %s",
3005+ filename, linenum, cp);
3006+ return sBadOption;
3007+}
3008+
3009+static void
3010+add_listen_addr(ServerOptions *options, char *addr, u_short port)
3011+{
3012+ int i;
3013+
3014+ if (options->num_ports == 0)
3015+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
3016+ if (port == 0)
3017+ for (i = 0; i < options->num_ports; i++)
3018+ add_one_listen_addr(options, addr, options->ports[i]);
3019+ else
3020+ add_one_listen_addr(options, addr, port);
3021+}
3022+
3023+static void
3024+add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
3025+{
3026+ struct addrinfo hints, *ai, *aitop;
3027+ char strport[NI_MAXSERV];
3028+ int gaierr;
3029+
3030+ memset(&hints, 0, sizeof(hints));
3031+ hints.ai_family = IPv4or6;
3032+ hints.ai_socktype = SOCK_STREAM;
3033+ hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
3034+ snprintf(strport, sizeof strport, "%u", port);
3035+ if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
3036+ fatal("bad addr or host: %s (%s)",
3037+ addr ? addr : "<NULL>",
3038+ gai_strerror(gaierr));
3039+ for (ai = aitop; ai->ai_next; ai = ai->ai_next)
3040+ ;
3041+ ai->ai_next = options->listen_addrs;
3042+ options->listen_addrs = aitop;
3043+}
3044+
3045+int
3046+process_server_config_line(ServerOptions *options, char *line,
3047+ const char *filename, int linenum)
3048+{
3049+ char *cp, **charptr, *arg, *p;
3050+ int *intptr, value, i, n;
3051+ ServerOpCodes opcode;
3052+
3053+ cp = line;
3054+ arg = strdelim(&cp);
3055+ /* Ignore leading whitespace */
3056+ if (*arg == '\0')
3057+ arg = strdelim(&cp);
3058+ if (!arg || !*arg || *arg == '#')
3059+ return 0;
3060+ intptr = NULL;
3061+ charptr = NULL;
3062+ opcode = parse_token(arg, filename, linenum);
3063+ switch (opcode) {
3064+ /* Portable-specific options */
3065+ case sPAMAuthenticationViaKbdInt:
3066+ intptr = &options->pam_authentication_via_kbd_int;
3067+ goto parse_flag;
3068+
3069+ /* Standard Options */
3070+ case sBadOption:
3071+ return -1;
3072+ case sPort:
3073+ /* ignore ports from configfile if cmdline specifies ports */
3074+ if (options->ports_from_cmdline)
3075+ return 0;
3076+ if (options->listen_addrs != NULL)
3077+ fatal("%s line %d: ports must be specified before "
3078+ "ListenAddress.", filename, linenum);
3079+ if (options->num_ports >= MAX_PORTS)
3080+ fatal("%s line %d: too many ports.",
3081+ filename, linenum);
3082+ arg = strdelim(&cp);
3083+ if (!arg || *arg == '\0')
3084+ fatal("%s line %d: missing port number.",
3085+ filename, linenum);
3086+ options->ports[options->num_ports++] = a2port(arg);
3087+ if (options->ports[options->num_ports-1] == 0)
3088+ fatal("%s line %d: Badly formatted port number.",
3089+ filename, linenum);
3090+ break;
3091+
3092+ case sServerKeyBits:
3093+ intptr = &options->server_key_bits;
3094+parse_int:
3095+ arg = strdelim(&cp);
3096+ if (!arg || *arg == '\0')
3097+ fatal("%s line %d: missing integer value.",
3098+ filename, linenum);
3099+ value = atoi(arg);
3100+ if (*intptr == -1)
3101+ *intptr = value;
3102+ break;
3103+
3104+ case sLoginGraceTime:
3105+ intptr = &options->login_grace_time;
3106+parse_time:
3107+ arg = strdelim(&cp);
3108+ if (!arg || *arg == '\0')
3109+ fatal("%s line %d: missing time value.",
3110+ filename, linenum);
3111+ if ((value = convtime(arg)) == -1)
3112+ fatal("%s line %d: invalid time value.",
3113+ filename, linenum);
3114+ if (*intptr == -1)
3115+ *intptr = value;
3116+ break;
3117+
3118+ case sKeyRegenerationTime:
3119+ intptr = &options->key_regeneration_time;
3120+ goto parse_time;
3121+
3122+ case sListenAddress:
3123+ arg = strdelim(&cp);
3124+ if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
3125+ fatal("%s line %d: missing inet addr.",
3126+ filename, linenum);
3127+ if (*arg == '[') {
3128+ if ((p = strchr(arg, ']')) == NULL)
3129+ fatal("%s line %d: bad ipv6 inet addr usage.",
3130+ filename, linenum);
3131+ arg++;
3132+ memmove(p, p+1, strlen(p+1)+1);
3133+ } else if (((p = strchr(arg, ':')) == NULL) ||
3134+ (strchr(p+1, ':') != NULL)) {
3135+ add_listen_addr(options, arg, 0);
3136+ break;
3137+ }
3138+ if (*p == ':') {
3139+ u_short port;
3140+
3141+ p++;
3142+ if (*p == '\0')
3143+ fatal("%s line %d: bad inet addr:port usage.",
3144+ filename, linenum);
3145+ else {
3146+ *(p-1) = '\0';
3147+ if ((port = a2port(p)) == 0)
3148+ fatal("%s line %d: bad port number.",
3149+ filename, linenum);
3150+ add_listen_addr(options, arg, port);
3151+ }
3152+ } else if (*p == '\0')
3153+ add_listen_addr(options, arg, 0);
3154+ else
3155+ fatal("%s line %d: bad inet addr usage.",
3156+ filename, linenum);
3157+ break;
3158+
3159+ case sHostKeyFile:
3160+ intptr = &options->num_host_key_files;
3161+ if (*intptr >= MAX_HOSTKEYS)
3162+ fatal("%s line %d: too many host keys specified (max %d).",
3163+ filename, linenum, MAX_HOSTKEYS);
3164+ charptr = &options->host_key_files[*intptr];
3165+parse_filename:
3166+ arg = strdelim(&cp);
3167+ if (!arg || *arg == '\0')
3168+ fatal("%s line %d: missing file name.",
3169+ filename, linenum);
3170+ if (*charptr == NULL) {
3171+ *charptr = tilde_expand_filename(arg, getuid());
3172+ /* increase optional counter */
3173+ if (intptr != NULL)
3174+ *intptr = *intptr + 1;
3175+ }
3176+ break;
3177+
3178+ case sPidFile:
3179+ charptr = &options->pid_file;
3180+ goto parse_filename;
3181+
3182+ case sPermitRootLogin:
3183+ intptr = &options->permit_root_login;
3184+ arg = strdelim(&cp);
3185+ if (!arg || *arg == '\0')
3186+ fatal("%s line %d: missing yes/"
3187+ "without-password/forced-commands-only/no "
3188+ "argument.", filename, linenum);
3189+ value = 0; /* silence compiler */
3190+ if (strcmp(arg, "without-password") == 0)
3191+ value = PERMIT_NO_PASSWD;
3192+ else if (strcmp(arg, "forced-commands-only") == 0)
3193+ value = PERMIT_FORCED_ONLY;
3194+ else if (strcmp(arg, "yes") == 0)
3195+ value = PERMIT_YES;
3196+ else if (strcmp(arg, "no") == 0)
3197+ value = PERMIT_NO;
3198+ else
3199+ fatal("%s line %d: Bad yes/"
3200+ "without-password/forced-commands-only/no "
3201+ "argument: %s", filename, linenum, arg);
3202+ if (*intptr == -1)
3203+ *intptr = value;
3204+ break;
3205+
3206+ case sIgnoreRhosts:
3207+ intptr = &options->ignore_rhosts;
3208+parse_flag:
3209+ arg = strdelim(&cp);
3210+ if (!arg || *arg == '\0')
3211+ fatal("%s line %d: missing yes/no argument.",
3212+ filename, linenum);
3213+ value = 0; /* silence compiler */
3214+ if (strcmp(arg, "yes") == 0)
3215+ value = 1;
3216+ else if (strcmp(arg, "no") == 0)
3217+ value = 0;
3218+ else
3219+ fatal("%s line %d: Bad yes/no argument: %s",
3220+ filename, linenum, arg);
3221+ if (*intptr == -1)
3222+ *intptr = value;
3223+ break;
3224+
3225+ case sIgnoreUserKnownHosts:
3226+ intptr = &options->ignore_user_known_hosts;
3227+ goto parse_flag;
3228+
3229+ case sRhostsAuthentication:
3230+ intptr = &options->rhosts_authentication;
3231+ goto parse_flag;
3232+
3233+ case sRhostsRSAAuthentication:
3234+ intptr = &options->rhosts_rsa_authentication;
3235+ goto parse_flag;
3236+
3237+ case sHostbasedAuthentication:
3238+ intptr = &options->hostbased_authentication;
3239+ goto parse_flag;
3240+
3241+ case sHostbasedUsesNameFromPacketOnly:
3242+ intptr = &options->hostbased_uses_name_from_packet_only;
3243+ goto parse_flag;
3244+
3245+ case sRSAAuthentication:
3246+ intptr = &options->rsa_authentication;
3247+ goto parse_flag;
3248+
3249+ case sPubkeyAuthentication:
3250+ intptr = &options->pubkey_authentication;
3251+ goto parse_flag;
3252+#if defined(KRB4) || defined(KRB5)
3253+ case sKerberosAuthentication:
3254+ intptr = &options->kerberos_authentication;
3255+ goto parse_flag;
3256+
3257+ case sKerberosOrLocalPasswd:
3258+ intptr = &options->kerberos_or_local_passwd;
3259+ goto parse_flag;
3260+
3261+ case sKerberosTicketCleanup:
3262+ intptr = &options->kerberos_ticket_cleanup;
3263+ goto parse_flag;
3264+#endif
3265+#if defined(AFS) || defined(KRB5)
3266+ case sKerberosTgtPassing:
3267+ intptr = &options->kerberos_tgt_passing;
3268+ goto parse_flag;
3269+#endif
3270+#ifdef AFS
3271+ case sAFSTokenPassing:
3272+ intptr = &options->afs_token_passing;
3273+ goto parse_flag;
3274+#endif
3275+
3276+ case sPasswordAuthentication:
3277+ intptr = &options->password_authentication;
3278+ goto parse_flag;
3279+
3280+ case sKbdInteractiveAuthentication:
3281+ intptr = &options->kbd_interactive_authentication;
3282+ goto parse_flag;
3283+
3284+ case sChallengeResponseAuthentication:
3285+ intptr = &options->challenge_response_authentication;
3286+ goto parse_flag;
3287+
3288+ case sPrintMotd:
3289+ intptr = &options->print_motd;
3290+ goto parse_flag;
3291+
3292+ case sPrintLastLog:
3293+ intptr = &options->print_lastlog;
3294+ goto parse_flag;
3295+
3296+ case sX11Forwarding:
3297+ intptr = &options->x11_forwarding;
3298+ goto parse_flag;
3299+
3300+ case sX11DisplayOffset:
3301+ intptr = &options->x11_display_offset;
3302+ goto parse_int;
3303+
3304+ case sX11UseLocalhost:
3305+ intptr = &options->x11_use_localhost;
3306+ goto parse_flag;
3307+
3308+ case sXAuthLocation:
3309+ charptr = &options->xauth_location;
3310+ goto parse_filename;
3311+
3312+ case sStrictModes:
3313+ intptr = &options->strict_modes;
3314+ goto parse_flag;
3315+
3316+ case sKeepAlives:
3317+ intptr = &options->keepalives;
3318+ goto parse_flag;
3319+
3320+ case sEmptyPasswd:
3321+ intptr = &options->permit_empty_passwd;
3322+ goto parse_flag;
3323+
3324+ case sPermitUserEnvironment:
3325+ intptr = &options->permit_user_env;
3326+ goto parse_flag;
3327+
3328+ case sUseLogin:
3329+ intptr = &options->use_login;
3330+ goto parse_flag;
3331+
3332+ case sCompression:
3333+ intptr = &options->compression;
3334+ goto parse_flag;
3335+
3336+ case sGatewayPorts:
3337+ intptr = &options->gateway_ports;
3338+ goto parse_flag;
3339+
3340+ case sVerifyReverseMapping:
3341+ intptr = &options->verify_reverse_mapping;
3342+ goto parse_flag;
3343+
3344+ case sLogFacility:
3345+ intptr = (int *) &options->log_facility;
3346+ arg = strdelim(&cp);
3347+ value = log_facility_number(arg);
3348+ if (value == SYSLOG_FACILITY_NOT_SET)
3349+ fatal("%.200s line %d: unsupported log facility '%s'",
3350+ filename, linenum, arg ? arg : "<NONE>");
3351+ if (*intptr == -1)
3352+ *intptr = (SyslogFacility) value;
3353+ break;
3354+
3355+ case sLogLevel:
3356+ intptr = (int *) &options->log_level;
3357+ arg = strdelim(&cp);
3358+ value = log_level_number(arg);
3359+ if (value == SYSLOG_LEVEL_NOT_SET)
3360+ fatal("%.200s line %d: unsupported log level '%s'",
3361+ filename, linenum, arg ? arg : "<NONE>");
3362+ if (*intptr == -1)
3363+ *intptr = (LogLevel) value;
3364+ break;
3365+
3366+ case sAllowTcpForwarding:
3367+ intptr = &options->allow_tcp_forwarding;
3368+ goto parse_flag;
3369+
3370+ case sUsePrivilegeSeparation:
3371+ intptr = &use_privsep;
3372+ goto parse_flag;
3373+
3374+ case sAllowUsers:
3375+ while ((arg = strdelim(&cp)) && *arg != '\0') {
3376+ if (options->num_allow_users >= MAX_ALLOW_USERS)
3377+ fatal("%s line %d: too many allow users.",
3378+ filename, linenum);
3379+ options->allow_users[options->num_allow_users++] =
3380+ xstrdup(arg);
3381+ }
3382+ break;
3383+
3384+ case sDenyUsers:
3385+ while ((arg = strdelim(&cp)) && *arg != '\0') {
3386+ if (options->num_deny_users >= MAX_DENY_USERS)
3387+ fatal( "%s line %d: too many deny users.",
3388+ filename, linenum);
3389+ options->deny_users[options->num_deny_users++] =
3390+ xstrdup(arg);
3391+ }
3392+ break;
3393+
3394+ case sAllowGroups:
3395+ while ((arg = strdelim(&cp)) && *arg != '\0') {
3396+ if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
3397+ fatal("%s line %d: too many allow groups.",
3398+ filename, linenum);
3399+ options->allow_groups[options->num_allow_groups++] =
3400+ xstrdup(arg);
3401+ }
3402+ break;
3403+
3404+ case sDenyGroups:
3405+ while ((arg = strdelim(&cp)) && *arg != '\0') {
3406+ if (options->num_deny_groups >= MAX_DENY_GROUPS)
3407+ fatal("%s line %d: too many deny groups.",
3408+ filename, linenum);
3409+ options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
3410+ }
3411+ break;
3412+
3413+ case sCiphers:
3414+ arg = strdelim(&cp);
3415+ if (!arg || *arg == '\0')
3416+ fatal("%s line %d: Missing argument.", filename, linenum);
3417+ if (!ciphers_valid(arg))
3418+ fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
3419+ filename, linenum, arg ? arg : "<NONE>");
3420+ if (options->ciphers == NULL)
3421+ options->ciphers = xstrdup(arg);
3422+ break;
3423+
3424+ case sMacs:
3425+ arg = strdelim(&cp);
3426+ if (!arg || *arg == '\0')
3427+ fatal("%s line %d: Missing argument.", filename, linenum);
3428+ if (!mac_valid(arg))
3429+ fatal("%s line %d: Bad SSH2 mac spec '%s'.",
3430+ filename, linenum, arg ? arg : "<NONE>");
3431+ if (options->macs == NULL)
3432+ options->macs = xstrdup(arg);
3433+ break;
3434+
3435+ case sProtocol:
3436+ intptr = &options->protocol;
3437+ arg = strdelim(&cp);
3438+ if (!arg || *arg == '\0')
3439+ fatal("%s line %d: Missing argument.", filename, linenum);
3440+ value = proto_spec(arg);
3441+ if (value == SSH_PROTO_UNKNOWN)
3442+ fatal("%s line %d: Bad protocol spec '%s'.",
3443+ filename, linenum, arg ? arg : "<NONE>");
3444+ if (*intptr == SSH_PROTO_UNKNOWN)
3445+ *intptr = value;
3446+ break;
3447+
3448+ case sSubsystem:
3449+ if (options->num_subsystems >= MAX_SUBSYSTEMS) {
3450+ fatal("%s line %d: too many subsystems defined.",
3451+ filename, linenum);
3452+ }
3453+ arg = strdelim(&cp);
3454+ if (!arg || *arg == '\0')
3455+ fatal("%s line %d: Missing subsystem name.",
3456+ filename, linenum);
3457+ for (i = 0; i < options->num_subsystems; i++)
3458+ if (strcmp(arg, options->subsystem_name[i]) == 0)
3459+ fatal("%s line %d: Subsystem '%s' already defined.",
3460+ filename, linenum, arg);
3461+ options->subsystem_name[options->num_subsystems] = xstrdup(arg);
3462+ arg = strdelim(&cp);
3463+ if (!arg || *arg == '\0')
3464+ fatal("%s line %d: Missing subsystem command.",
3465+ filename, linenum);
3466+ options->subsystem_command[options->num_subsystems] = xstrdup(arg);
3467+ options->num_subsystems++;
3468+ break;
3469+
3470+ case sMaxStartups:
3471+ arg = strdelim(&cp);
3472+ if (!arg || *arg == '\0')
3473+ fatal("%s line %d: Missing MaxStartups spec.",
3474+ filename, linenum);
3475+ if ((n = sscanf(arg, "%d:%d:%d",
3476+ &options->max_startups_begin,
3477+ &options->max_startups_rate,
3478+ &options->max_startups)) == 3) {
3479+ if (options->max_startups_begin >
3480+ options->max_startups ||
3481+ options->max_startups_rate > 100 ||
3482+ options->max_startups_rate < 1)
3483+ fatal("%s line %d: Illegal MaxStartups spec.",
3484+ filename, linenum);
3485+ } else if (n != 1)
3486+ fatal("%s line %d: Illegal MaxStartups spec.",
3487+ filename, linenum);
3488+ else
3489+ options->max_startups = options->max_startups_begin;
3490+ break;
3491+
3492+ case sBanner:
3493+ charptr = &options->banner;
3494+ goto parse_filename;
3495+ /*
3496+ * These options can contain %X options expanded at
3497+ * connect time, so that you can specify paths like:
3498+ *
3499+ * AuthorizedKeysFile /etc/ssh_keys/%u
3500+ */
3501+ case sAuthorizedKeysFile:
3502+ case sAuthorizedKeysFile2:
3503+ charptr = (opcode == sAuthorizedKeysFile ) ?
3504+ &options->authorized_keys_file :
3505+ &options->authorized_keys_file2;
3506+ goto parse_filename;
3507+
3508+ case sClientAliveInterval:
3509+ intptr = &options->client_alive_interval;
3510+ goto parse_time;
3511+
3512+ case sClientAliveCountMax:
3513+ intptr = &options->client_alive_count_max;
3514+ goto parse_int;
3515+
3516+ case sDeprecated:
3517+ log("%s line %d: Deprecated option %s",
3518+ filename, linenum, arg);
3519+ while (arg)
3520+ arg = strdelim(&cp);
3521+ break;
3522+
3523+ default:
3524+ fatal("%s line %d: Missing handler for opcode %s (%d)",
3525+ filename, linenum, arg, opcode);
3526+ }
3527+ if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
3528+ fatal("%s line %d: garbage at end of line; \"%.200s\".",
3529+ filename, linenum, arg);
3530+ return 0;
3531+}
3532+
3533+/* Reads the server configuration file. */
3534+
3535+void
3536+read_server_config(ServerOptions *options, const char *filename)
3537+{
3538+ int linenum, bad_options = 0;
3539+ char line[1024];
3540+ FILE *f;
3541+
3542+ debug2("read_server_config: filename %s", filename);
3543+ f = fopen(filename, "r");
3544+ if (!f) {
3545+ perror(filename);
3546+ exit(1);
3547+ }
3548+ linenum = 0;
3549+ while (fgets(line, sizeof(line), f)) {
3550+ /* Update line number counter. */
3551+ linenum++;
3552+ if (process_server_config_line(options, line, filename, linenum) != 0)
3553+ bad_options++;
3554+ }
3555+ fclose(f);
3556+ if (bad_options > 0)
3557+ fatal("%s: terminating, %d bad configuration options",
3558+ filename, bad_options);
3559+}
OpenSSH free Secure Shell (SSH) implementation
This page took 0.53754 seconds and 4 git commands to generate.