],
[ AC_MSG_RESULT(no)
K5LIBS="-lkrb5 -lk5crypto -lcom_err"
-diff -urN openssh-3.6.1p2-orig/configure.ac~ openssh-3.6.1p2/configure.ac~
---- openssh-3.6.1p2-orig/configure.ac~ 1969-12-31 17:00:00.000000000 -0700
-+++ openssh-3.6.1p2/configure.ac~ 2003-07-26 16:57:32.000000000 -0600
-@@ -0,0 +1,2572 @@
-+# $Id$
-+
-+AC_INIT
-+AC_CONFIG_SRCDIR([ssh.c])
-+
-+AC_CONFIG_HEADER(config.h)
-+AC_PROG_CC
-+AC_CANONICAL_HOST
-+AC_C_BIGENDIAN
-+
-+# Checks for programs.
-+AC_PROG_CPP
-+AC_PROG_RANLIB
-+AC_PROG_INSTALL
-+AC_PATH_PROG(AR, ar)
-+AC_PATH_PROGS(PERL, perl5 perl)
-+AC_PATH_PROG(SED, sed)
-+AC_SUBST(PERL)
-+AC_PATH_PROG(ENT, ent)
-+AC_SUBST(ENT)
-+AC_PATH_PROG(TEST_MINUS_S_SH, bash)
-+AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
-+AC_PATH_PROG(TEST_MINUS_S_SH, sh)
-+AC_PATH_PROG(SH, sh)
-+
-+# System features
-+AC_SYS_LARGEFILE
-+
-+if test -z "$AR" ; then
-+ AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
-+fi
-+
-+# Use LOGIN_PROGRAM from environment if possible
-+if test ! -z "$LOGIN_PROGRAM" ; then
-+ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
-+else
-+ # Search for login
-+ AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
-+ if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
-+ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
-+ fi
-+fi
-+
-+if test -z "$LD" ; then
-+ LD=$CC
-+fi
-+AC_SUBST(LD)
-+
-+AC_C_INLINE
-+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
-+ CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
-+fi
-+
-+# Check for some target-specific stuff
-+case "$host" in
-+*-*-aix*)
-+ AFS_LIBS="-lld"
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
-+ if (test -z "$blibpath"); then
-+ blibpath="/usr/lib:/lib:/usr/local/lib"
-+ fi
-+ saved_LDFLAGS="$LDFLAGS"
-+ for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
-+ if (test -z "$blibflags"); then
-+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
-+ AC_TRY_LINK([], [], [blibflags=$tryflags])
-+ fi
-+ done
-+ if (test -z "$blibflags"); then
-+ AC_MSG_RESULT(not found)
-+ AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
-+ else
-+ AC_MSG_RESULT($blibflags)
-+ fi
-+ LDFLAGS="$saved_LDFLAGS"
-+ AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
-+ [AC_CHECK_LIB(s,authenticate,
-+ [ AC_DEFINE(WITH_AIXAUTHENTICATE)
-+ LIBS="$LIBS -ls"
-+ ])
-+ ])
-+ AC_DEFINE(BROKEN_GETADDRINFO)
-+ AC_DEFINE(BROKEN_REALPATH)
-+ dnl AIX handles lastlog as part of its login message
-+ AC_DEFINE(DISABLE_LASTLOG)
-+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
-+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
-+ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
-+ ;;
-+*-*-cygwin*)
-+ check_for_libcrypt_later=1
-+ LIBS="$LIBS /usr/lib/textmode.o"
-+ AC_DEFINE(HAVE_CYGWIN)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(IPV4_DEFAULT)
-+ AC_DEFINE(IP_TOS_IS_BROKEN)
-+ AC_DEFINE(NO_X11_UNIX_SOCKETS)
-+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ AC_DEFINE(SETGROUPS_NOOP)
-+ ;;
-+*-*-dgux*)
-+ AC_DEFINE(IP_TOS_IS_BROKEN)
-+ ;;
-+*-*-darwin*)
-+ AC_MSG_CHECKING(if we have working getaddrinfo)
-+ AC_TRY_RUN([#include <mach-o/dyld.h>
-+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
-+ exit(0);
-+ else
-+ exit(1);
-+}], [AC_MSG_RESULT(working)],
-+ [AC_MSG_RESULT(buggy)
-+ AC_DEFINE(BROKEN_GETADDRINFO)],
-+ [AC_MSG_RESULT(assume it is working)])
-+ ;;
-+*-*-hpux10.26)
-+ if test -z "$GCC"; then
-+ CFLAGS="$CFLAGS -Ae"
-+ fi
-+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
-+ IPADDR_IN_DISPLAY=yes
-+ AC_DEFINE(HAVE_SECUREWARE)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(LOGIN_NO_ENDOPT)
-+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(DISABLE_UTMP)
-+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
-+ LIBS="$LIBS -lsec -lsecpw"
-+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
-+ disable_ptmx_check=yes
-+ ;;
-+*-*-hpux10*)
-+ if test -z "$GCC"; then
-+ CFLAGS="$CFLAGS -Ae"
-+ fi
-+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
-+ IPADDR_IN_DISPLAY=yes
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(LOGIN_NO_ENDOPT)
-+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(DISABLE_UTMP)
-+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
-+ LIBS="$LIBS -lsec"
-+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
-+ ;;
-+*-*-hpux11*)
-+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
-+ IPADDR_IN_DISPLAY=yes
-+ AC_DEFINE(PAM_SUN_CODEBASE)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(LOGIN_NO_ENDOPT)
-+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(DISABLE_UTMP)
-+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
-+ LIBS="$LIBS -lsec"
-+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
-+ ;;
-+*-*-irix5*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS"
-+ PATH="$PATH:/usr/etc"
-+ AC_DEFINE(BROKEN_INET_NTOA)
-+ AC_DEFINE(WITH_ABBREV_NO_TTY)
-+ ;;
-+*-*-irix6*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS"
-+ PATH="$PATH:/usr/etc"
-+ AC_DEFINE(WITH_IRIX_ARRAY)
-+ AC_DEFINE(WITH_IRIX_PROJECT)
-+ AC_DEFINE(WITH_IRIX_AUDIT)
-+ AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
-+ AC_DEFINE(BROKEN_INET_NTOA)
-+ AC_DEFINE(WITH_ABBREV_NO_TTY)
-+ ;;
-+*-*-linux*)
-+ no_dev_ptmx=1
-+ check_for_libcrypt_later=1
-+ AC_DEFINE(PAM_TTY_KLUDGE)
-+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
-+ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
-+ inet6_default_4in6=yes
-+ no_libnsl=1
-+ no_libsocket=1
-+ ;;
-+mips-sony-bsd|mips-sony-newsos4)
-+ AC_DEFINE(HAVE_NEWS4)
-+ SONY=1
-+ ;;
-+*-*-netbsd*)
-+ check_for_libcrypt_before=1
-+ need_dash_r=1
-+ ;;
-+*-*-freebsd*)
-+ check_for_libcrypt_later=1
-+ ;;
-+*-next-*)
-+ conf_lastlog_location="/usr/adm/lastlog"
-+ conf_utmp_location=/etc/utmp
-+ conf_wtmp_location=/usr/adm/wtmp
-+ MAIL=/usr/spool/mail
-+ AC_DEFINE(HAVE_NEXT)
-+ AC_DEFINE(BROKEN_REALPATH)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(BROKEN_SAVED_UIDS)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ CFLAGS="$CFLAGS"
-+ ;;
-+*-*-solaris*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
-+ need_dash_r=1
-+ AC_DEFINE(PAM_SUN_CODEBASE)
-+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
-+ AC_DEFINE(LOGIN_NEEDS_TERM)
-+ AC_DEFINE(PAM_TTY_KLUDGE)
-+ AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
-+ # hardwire lastlog location (can't detect it on some versions)
-+ conf_lastlog_location="/var/adm/lastlog"
-+ AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
-+ sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
-+ if test "$sol2ver" -ge 8; then
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(DISABLE_UTMP)
-+ AC_DEFINE(DISABLE_WTMP)
-+ else
-+ AC_MSG_RESULT(no)
-+ fi
-+ ;;
-+*-*-sunos4*)
-+ CPPFLAGS="$CPPFLAGS -DSUNOS4"
-+ AC_CHECK_FUNCS(getpwanam)
-+ AC_DEFINE(PAM_SUN_CODEBASE)
-+ conf_utmp_location=/etc/utmp
-+ conf_wtmp_location=/var/adm/wtmp
-+ conf_lastlog_location=/var/adm/lastlog
-+ AC_DEFINE(USE_PIPES)
-+ ;;
-+*-ncr-sysv*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ LIBS="$LIBS -lc89"
-+ AC_DEFINE(USE_PIPES)
-+ ;;
-+*-sni-sysv*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ # /usr/ucblib MUST NOT be searched on ReliantUNIX
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ IPADDR_IN_DISPLAY=yes
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(IP_TOS_IS_BROKEN)
-+ # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
-+ # Attention: always take care to bind libsocket and libnsl before libc,
-+ # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
-+ ;;
-+*-*-sysv4.2*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ AC_DEFINE(USE_PIPES)
-+ ;;
-+*-*-sysv5*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ AC_DEFINE(USE_PIPES)
-+ ;;
-+*-*-sysv*)
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ ;;
-+*-*-sco3.2v4*)
-+ CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
-+ RANLIB=true
-+ no_dev_ptmx=1
-+ AC_DEFINE(BROKEN_SYS_TERMIO_H)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(HAVE_SECUREWARE)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(BROKEN_SAVED_UIDS)
-+ AC_CHECK_FUNCS(getluid setluid)
-+ MANTYPE=man
-+ do_sco3_extra_lib_check=yes
-+ ;;
-+*-*-sco3.2v5*)
-+ if test -z "$GCC"; then
-+ CFLAGS="$CFLAGS -belf"
-+ fi
-+ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
-+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
-+ LIBS="$LIBS -lprot -lx -ltinfo -lm"
-+ no_dev_ptmx=1
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(HAVE_SECUREWARE)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ AC_CHECK_FUNCS(getluid setluid)
-+ MANTYPE=man
-+ ;;
-+*-*-unicosmk*)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ LDFLAGS="$LDFLAGS"
-+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
-+ MANTYPE=cat
-+ ;;
-+*-*-unicos*)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ AC_DEFINE(NO_SSH_LASTLOG)
-+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
-+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
-+ MANTYPE=cat
-+ ;;
-+*-dec-osf*)
-+ AC_MSG_CHECKING(for Digital Unix SIA)
-+ no_osfsia=""
-+ AC_ARG_WITH(osfsia,
-+ [ --with-osfsia Enable Digital Unix SIA],
-+ [
-+ if test "x$withval" = "xno" ; then
-+ AC_MSG_RESULT(disabled)
-+ no_osfsia=1
-+ fi
-+ ],
-+ )
-+ if test -z "$no_osfsia" ; then
-+ if test -f /etc/sia/matrix.conf; then
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(HAVE_OSF_SIA)
-+ AC_DEFINE(DISABLE_LOGIN)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ LIBS="$LIBS -lsecurity -ldb -lm -laud"
-+ else
-+ AC_MSG_RESULT(no)
-+ fi
-+ fi
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ ;;
-+
-+*-*-nto-qnx)
-+ AC_DEFINE(USE_PIPES)
-+ AC_DEFINE(NO_X11_UNIX_SOCKETS)
-+ AC_DEFINE(MISSING_NFDBITS)
-+ AC_DEFINE(MISSING_HOWMANY)
-+ AC_DEFINE(MISSING_FD_MASK)
-+ ;;
-+esac
-+
-+# Allow user to specify flags
-+AC_ARG_WITH(cflags,
-+ [ --with-cflags Specify additional flags to pass to compiler],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ CFLAGS="$CFLAGS $withval"
-+ fi
-+ ]
-+)
-+AC_ARG_WITH(cppflags,
-+ [ --with-cppflags Specify additional flags to pass to preprocessor] ,
-+ [
-+ if test "x$withval" != "xno"; then
-+ CPPFLAGS="$CPPFLAGS $withval"
-+ fi
-+ ]
-+)
-+AC_ARG_WITH(ldflags,
-+ [ --with-ldflags Specify additional flags to pass to linker],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ LDFLAGS="$LDFLAGS $withval"
-+ fi
-+ ]
-+)
-+AC_ARG_WITH(libs,
-+ [ --with-libs Specify additional libraries to link with],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ LIBS="$LIBS $withval"
-+ fi
-+ ]
-+)
-+
-+# Checks for header files.
-+AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
-+ getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
-+ login_cap.h maillock.h netdb.h netgroup.h \
-+ netinet/in_systm.h paths.h pty.h readpassphrase.h \
-+ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
-+ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
-+ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
-+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
-+ sys/un.h time.h tmpdir.h ttyent.h usersec.h \
-+ util.h utime.h utmp.h utmpx.h)
-+
-+# Checks for libraries.
-+AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
-+
-+dnl SCO OS3 needs this for libwrap
-+if test "x$with_tcp_wrappers" != "xno" ; then
-+ if test "x$do_sco3_extra_lib_check" = "xyes" ; then
-+ AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
-+ fi
-+fi
-+
-+AC_CHECK_FUNC(getspnam, ,
-+ AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
-+
-+AC_ARG_WITH(rpath,
-+ [ --without-rpath Disable auto-added -R linker paths],
-+ [
-+ if test "x$withval" = "xno" ; then
-+ need_dash_r=""
-+ fi
-+ if test "x$withval" = "xyes" ; then
-+ need_dash_r=1
-+ fi
-+ ]
-+)
-+
-+dnl zlib is required
-+AC_ARG_WITH(zlib,
-+ [ --with-zlib=PATH Use zlib in PATH],
-+ [
-+ if test "x$withval" = "xno" ; then
-+ AC_MSG_ERROR([*** zlib is required ***])
-+ fi
-+ if test -d "$withval/lib"; then
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-+ fi
-+ else
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval} ${LDFLAGS}"
-+ fi
-+ fi
-+ if test -d "$withval/include"; then
-+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-+ else
-+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
-+ fi
-+ ]
-+)
-+
-+AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
-+
-+dnl UnixWare 2.x
-+AC_CHECK_FUNC(strcasecmp,
-+ [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
-+)
-+AC_CHECK_FUNC(utimes,
-+ [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
-+ LIBS="$LIBS -lc89"]) ]
-+)
-+
-+dnl Checks for libutil functions
-+AC_CHECK_HEADERS(libutil.h)
-+AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
-+AC_CHECK_FUNCS(logout updwtmp logwtmp)
-+
-+AC_FUNC_STRFTIME
-+
-+# Check for ALTDIRFUNC glob() extension
-+AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
-+AC_EGREP_CPP(FOUNDIT,
-+ [
-+ #include <glob.h>
-+ #ifdef GLOB_ALTDIRFUNC
-+ FOUNDIT
-+ #endif
-+ ],
-+ [
-+ AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [
-+ AC_MSG_RESULT(no)
-+ ]
-+)
-+
-+# Check for g.gl_matchc glob() extension
-+AC_MSG_CHECKING(for gl_matchc field in glob_t)
-+AC_EGREP_CPP(FOUNDIT,
-+ [
-+ #include <glob.h>
-+ int main(void){glob_t g; g.gl_matchc = 1;}
-+ ],
-+ [
-+ AC_DEFINE(GLOB_HAS_GL_MATCHC)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [
-+ AC_MSG_RESULT(no)
-+ ]
-+)
-+
-+AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
-+AC_TRY_RUN(
-+ [
-+#include <sys/types.h>
-+#include <dirent.h>
-+int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
-+ ],
-+ [AC_MSG_RESULT(yes)],
-+ [
-+ AC_MSG_RESULT(no)
-+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
-+ ]
-+)
-+
-+# Check whether user wants S/Key support
-+SKEY_MSG="no"
-+AC_ARG_WITH(skey,
-+ [ --with-skey[[=PATH]] Enable S/Key support
-+ (optionally in PATH)],
-+ [
-+ if test "x$withval" != "xno" ; then
-+
-+ if test "x$withval" != "xyes" ; then
-+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
-+ LDFLAGS="$LDFLAGS -L${withval}/lib"
-+ fi
-+
-+ AC_DEFINE(SKEY)
-+ LIBS="-lskey $LIBS"
-+ SKEY_MSG="yes"
-+
-+ AC_MSG_CHECKING([for s/key support])
-+ AC_TRY_RUN(
-+ [
-+#include <stdio.h>
-+#include <skey.h>
-+int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
-+ ],
-+ [AC_MSG_RESULT(yes)],
-+ [
-+ AC_MSG_RESULT(no)
-+ AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
-+ ])
-+ fi
-+ ]
-+)
-+
-+# Check whether user wants TCP wrappers support
-+TCPW_MSG="no"
-+AC_ARG_WITH(tcp-wrappers,
-+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
-+ (optionally in PATH)],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ saved_LIBS="$LIBS"
-+ saved_LDFLAGS="$LDFLAGS"
-+ saved_CPPFLAGS="$CPPFLAGS"
-+ if test -n "${withval}" -a "${withval}" != "yes"; then
-+ if test -d "${withval}/lib"; then
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-+ fi
-+ else
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval} ${LDFLAGS}"
-+ fi
-+ fi
-+ if test -d "${withval}/include"; then
-+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-+ else
-+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
-+ fi
-+ fi
-+ LIBWRAP="-lwrap"
-+ LIBS="$LIBWRAP $LIBS"
-+ AC_MSG_CHECKING(for libwrap)
-+ AC_TRY_LINK(
-+ [
-+#include <tcpd.h>
-+ int deny_severity = 0, allow_severity = 0;
-+ ],
-+ [hosts_access(0);],
-+ [
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(LIBWRAP)
-+ AC_SUBST(LIBWRAP)
-+ TCPW_MSG="yes"
-+ ],
-+ [
-+ AC_MSG_ERROR([*** libwrap missing])
-+ ]
-+ )
-+ LIBS="$saved_LIBS"
-+ fi
-+ ]
-+)
-+
-+dnl Checks for library functions. Please keep in alphabetical order
-+AC_CHECK_FUNCS(\
-+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
-+ bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
-+ gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
-+ getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
-+ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
-+ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
-+ readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
-+ setegid setenv seteuid setgroups setlogin setpcred setproctitle \
-+ setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
-+ snprintf socketpair strerror strlcat strlcpy strmode strnvis \
-+ sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
-+)
-+
-+AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
-+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
-+
-+dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
-+AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
-+
-+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-+AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
-+ AC_CHECK_LIB(gen, dirname,[
-+ AC_CACHE_CHECK([for broken dirname],
-+ ac_cv_have_broken_dirname, [
-+ save_LIBS="$LIBS"
-+ LIBS="$LIBS -lgen"
-+ AC_TRY_RUN(
-+ [
-+#include <libgen.h>
-+#include <string.h>
-+
-+int main(int argc, char **argv) {
-+ char *s, buf[32];
-+
-+ strncpy(buf,"/etc", 32);
-+ s = dirname(buf);
-+ if (!s || strncmp(s, "/", 32) != 0) {
-+ exit(1);
-+ } else {
-+ exit(0);
-+ }
-+}
-+ ],
-+ [ ac_cv_have_broken_dirname="no" ],
-+ [ ac_cv_have_broken_dirname="yes" ]
-+ )
-+ LIBS="$save_LIBS"
-+ ])
-+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
-+ LIBS="$LIBS -lgen"
-+ AC_DEFINE(HAVE_DIRNAME)
-+ AC_CHECK_HEADERS(libgen.h)
-+ fi
-+ ])
-+])
-+
-+dnl Checks for time functions
-+AC_CHECK_FUNCS(gettimeofday time)
-+dnl Checks for utmp functions
-+AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
-+AC_CHECK_FUNCS(utmpname)
-+dnl Checks for utmpx functions
-+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
-+AC_CHECK_FUNCS(setutxent utmpxname)
-+
-+AC_CHECK_FUNC(daemon,
-+ [AC_DEFINE(HAVE_DAEMON)],
-+ [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
-+)
-+
-+AC_CHECK_FUNC(getpagesize,
-+ [AC_DEFINE(HAVE_GETPAGESIZE)],
-+ [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
-+)
-+
-+# Check for broken snprintf
-+if test "x$ac_cv_func_snprintf" = "xyes" ; then
-+ AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
-+ AC_TRY_RUN(
-+ [
-+#include <stdio.h>
-+int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
-+ ],
-+ [AC_MSG_RESULT(yes)],
-+ [
-+ AC_MSG_RESULT(no)
-+ AC_DEFINE(BROKEN_SNPRINTF)
-+ AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
-+ ]
-+ )
-+fi
-+
-+dnl see whether mkstemp() requires XXXXXX
-+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
-+AC_MSG_CHECKING([for (overly) strict mkstemp])
-+AC_TRY_RUN(
-+ [
-+#include <stdlib.h>
-+main() { char template[]="conftest.mkstemp-test";
-+if (mkstemp(template) == -1)
-+ exit(1);
-+unlink(template); exit(0);
-+}
-+ ],
-+ [
-+ AC_MSG_RESULT(no)
-+ ],
-+ [
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
-+ ],
-+ [
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
-+ ]
-+)
-+fi
-+
-+AC_FUNC_GETPGRP
-+
-+# Check for PAM libs
-+PAM_MSG="no"
-+AC_ARG_WITH(pam,
-+ [ --with-pam Enable PAM support ],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
-+ AC_MSG_ERROR([PAM headers not found])
-+ fi
-+
-+ AC_CHECK_LIB(dl, dlopen, , )
-+ AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
-+ AC_CHECK_FUNCS(pam_getenvlist)
-+
-+ disable_shadow=yes
-+ PAM_MSG="yes"
-+
-+ AC_DEFINE(USE_PAM)
-+ if test $ac_cv_lib_dl_dlopen = yes; then
-+ LIBPAM="-lpam -lpam_misc -ldl"
-+ else
-+ LIBPAM="-lpam -lpam_misc"
-+ fi
-+ AC_SUBST(LIBPAM)
-+ fi
-+ ]
-+)
-+
-+# Check for older PAM
-+if test "x$PAM_MSG" = "xyes" ; then
-+ # Check PAM strerror arguments (old PAM)
-+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
-+ AC_TRY_COMPILE(
-+ [
-+#include <stdlib.h>
-+#include <security/pam_appl.h>
-+ ],
-+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
-+ [AC_MSG_RESULT(no)],
-+ [
-+ AC_DEFINE(HAVE_OLD_PAM)
-+ AC_MSG_RESULT(yes)
-+ PAM_MSG="yes (old library)"
-+ ]
-+ )
-+fi
-+
-+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
-+# because the system crypt() is more featureful.
-+if test "x$check_for_libcrypt_before" = "x1"; then
-+ AC_CHECK_LIB(crypt, crypt)
-+fi
-+
-+# Search for OpenSSL
-+saved_CPPFLAGS="$CPPFLAGS"
-+saved_LDFLAGS="$LDFLAGS"
-+AC_ARG_WITH(ssl-dir,
-+ [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ if test -d "$withval/lib"; then
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-+ fi
-+ else
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval} ${LDFLAGS}"
-+ fi
-+ fi
-+ if test -d "$withval/include"; then
-+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-+ else
-+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
-+ fi
-+ fi
-+ ]
-+)
-+LIBS="$LIBS -lcrypto"
-+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
-+ [
-+ dnl Check default openssl install dir
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
-+ else
-+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
-+ fi
-+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
-+ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
-+ [
-+ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
-+ ]
-+ )
-+ ]
-+)
-+
-+# Determine OpenSSL header version
-+AC_MSG_CHECKING([OpenSSL header version])
-+AC_TRY_RUN(
-+ [
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/opensslv.h>
-+#define DATA "conftest.sslincver"
-+int main(void) {
-+ FILE *fd;
-+ int rc;
-+
-+ fd = fopen(DATA,"w");
-+ if(fd == NULL)
-+ exit(1);
-+
-+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
-+ exit(1);
-+
-+ exit(0);
-+}
-+ ],
-+ [
-+ ssl_header_ver=`cat conftest.sslincver`
-+ AC_MSG_RESULT($ssl_header_ver)
-+ ],
-+ [
-+ AC_MSG_RESULT(not found)
-+ AC_MSG_ERROR(OpenSSL version header not found.)
-+ ]
-+)
-+
-+# Determine OpenSSL library version
-+AC_MSG_CHECKING([OpenSSL library version])
-+AC_TRY_RUN(
-+ [
-+#include <stdio.h>
-+#include <string.h>
-+#include <openssl/opensslv.h>
-+#include <openssl/crypto.h>
-+#define DATA "conftest.ssllibver"
-+int main(void) {
-+ FILE *fd;
-+ int rc;
-+
-+ fd = fopen(DATA,"w");
-+ if(fd == NULL)
-+ exit(1);
-+
-+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
-+ exit(1);
-+
-+ exit(0);
-+}
-+ ],
-+ [
-+ ssl_library_ver=`cat conftest.ssllibver`
-+ AC_MSG_RESULT($ssl_library_ver)
-+ ],
-+ [
-+ AC_MSG_RESULT(not found)
-+ AC_MSG_ERROR(OpenSSL library not found.)
-+ ]
-+)
-+
-+# Sanity check OpenSSL headers
-+AC_MSG_CHECKING([whether OpenSSL's headers match the library])
-+AC_TRY_RUN(
-+ [
-+#include <string.h>
-+#include <openssl/opensslv.h>
-+int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
-+ ],
-+ [
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [
-+ AC_MSG_RESULT(no)
-+ AC_MSG_ERROR(Your OpenSSL headers do not match your library)
-+ ]
-+)
-+
-+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-+# version in OpenSSL. Skip this for PAM
-+if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
-+ AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
-+fi
-+
-+
-+### Configure cryptographic random number support
-+
-+# Check wheter OpenSSL seeds itself
-+AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
-+AC_TRY_RUN(
-+ [
-+#include <string.h>
-+#include <openssl/rand.h>
-+int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
-+ ],
-+ [
-+ OPENSSL_SEEDS_ITSELF=yes
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [
-+ AC_MSG_RESULT(no)
-+ # Default to use of the rand helper if OpenSSL doesn't
-+ # seed itself
-+ USE_RAND_HELPER=yes
-+ ]
-+)
-+
-+
-+# Do we want to force the use of the rand helper?
-+AC_ARG_WITH(rand-helper,
-+ [ --with-rand-helper Use subprocess to gather strong randomness ],
-+ [
-+ if test "x$withval" = "xno" ; then
-+ # Force use of OpenSSL's internal RNG, even if
-+ # the previous test showed it to be unseeded.
-+ if test -z "$OPENSSL_SEEDS_ITSELF" ; then
-+ AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
-+ OPENSSL_SEEDS_ITSELF=yes
-+ USE_RAND_HELPER=""
-+ fi
-+ else
-+ USE_RAND_HELPER=yes
-+ fi
-+ ],
-+)
-+
-+# Which randomness source do we use?
-+if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
-+ # OpenSSL only
-+ AC_DEFINE(OPENSSL_PRNG_ONLY)
-+ RAND_MSG="OpenSSL internal ONLY"
-+ INSTALL_SSH_RAND_HELPER=""
-+elif test ! -z "$USE_RAND_HELPER" ; then
-+ # install rand helper
-+ RAND_MSG="ssh-rand-helper"
-+ INSTALL_SSH_RAND_HELPER="yes"
-+fi
-+AC_SUBST(INSTALL_SSH_RAND_HELPER)
-+
-+### Configuration of ssh-rand-helper
-+
-+# PRNGD TCP socket
-+AC_ARG_WITH(prngd-port,
-+ [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
-+ [
-+ case "$withval" in
-+ no)
-+ withval=""
-+ ;;
-+ [[0-9]]*)
-+ ;;
-+ *)
-+ AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
-+ ;;
-+ esac
-+ if test ! -z "$withval" ; then
-+ PRNGD_PORT="$withval"
-+ AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
-+ fi
-+ ]
-+)
-+
-+# PRNGD Unix domain socket
-+AC_ARG_WITH(prngd-socket,
-+ [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
-+ [
-+ case "$withval" in
-+ yes)
-+ withval="/var/run/egd-pool"
-+ ;;
-+ no)
-+ withval=""
-+ ;;
-+ /*)
-+ ;;
-+ *)
-+ AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
-+ ;;
-+ esac
-+
-+ if test ! -z "$withval" ; then
-+ if test ! -z "$PRNGD_PORT" ; then
-+ AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
-+ fi
-+ if test ! -r "$withval" ; then
-+ AC_MSG_WARN(Entropy socket is not readable)
-+ fi
-+ PRNGD_SOCKET="$withval"
-+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
-+ fi
-+ ],
-+ [
-+ # Check for existing socket only if we don't have a random device already
-+ if test "$USE_RAND_HELPER" = yes ; then
-+ AC_MSG_CHECKING(for PRNGD/EGD socket)
-+ # Insert other locations here
-+ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
-+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
-+ PRNGD_SOCKET="$sock"
-+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
-+ break;
-+ fi
-+ done
-+ if test ! -z "$PRNGD_SOCKET" ; then
-+ AC_MSG_RESULT($PRNGD_SOCKET)
-+ else
-+ AC_MSG_RESULT(not found)
-+ fi
-+ fi
-+ ]
-+)
-+
-+# Change default command timeout for hashing entropy source
-+entropy_timeout=200
-+AC_ARG_WITH(entropy-timeout,
-+ [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ entropy_timeout=$withval
-+ fi
-+ ]
-+)
-+AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
-+
-+SSH_PRIVSEP_USER=sshd
-+AC_ARG_WITH(privsep-user,
-+ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
-+ [
-+ if test -n "$withval"; then
-+ SSH_PRIVSEP_USER=$withval
-+ fi
-+ ]
-+)
-+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
-+AC_SUBST(SSH_PRIVSEP_USER)
-+
-+# We do this little dance with the search path to insure
-+# that programs that we select for use by installed programs
-+# (which may be run by the super-user) come from trusted
-+# locations before they come from the user's private area.
-+# This should help avoid accidentally configuring some
-+# random version of a program in someone's personal bin.
-+
-+OPATH=$PATH
-+PATH=/bin:/usr/bin
-+test -h /bin 2> /dev/null && PATH=/usr/bin
-+test -d /sbin && PATH=$PATH:/sbin
-+test -d /usr/sbin && PATH=$PATH:/usr/sbin
-+PATH=$PATH:/etc:$OPATH
-+
-+# These programs are used by the command hashing source to gather entropy
-+OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
-+OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
-+OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
-+OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
-+OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
-+OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
-+OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
-+OSSH_PATH_ENTROPY_PROG(PROG_W, w)
-+OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
-+OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
-+OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
-+OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
-+OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
-+OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
-+OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
-+OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
-+# restore PATH
-+PATH=$OPATH
-+
-+# Where does ssh-rand-helper get its randomness from?
-+INSTALL_SSH_PRNG_CMDS=""
-+if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
-+ if test ! -z "$PRNGD_PORT" ; then
-+ RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
-+ elif test ! -z "$PRNGD_SOCKET" ; then
-+ RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
-+ else
-+ RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
-+ RAND_HELPER_CMDHASH=yes
-+ INSTALL_SSH_PRNG_CMDS="yes"
-+ fi
-+fi
-+AC_SUBST(INSTALL_SSH_PRNG_CMDS)
-+
-+
-+# Cheap hack to ensure NEWS-OS libraries are arranged right.
-+if test ! -z "$SONY" ; then
-+ LIBS="$LIBS -liberty";
-+fi
-+
-+# Checks for data types
-+AC_CHECK_SIZEOF(char, 1)
-+AC_CHECK_SIZEOF(short int, 2)
-+AC_CHECK_SIZEOF(int, 4)
-+AC_CHECK_SIZEOF(long int, 4)
-+AC_CHECK_SIZEOF(long long int, 8)
-+
-+# Sanity check long long for some platforms (AIX)
-+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
-+ ac_cv_sizeof_long_long_int=0
-+fi
-+
-+# More checks for data types
-+AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
-+ AC_TRY_COMPILE(
-+ [ #include <sys/types.h> ],
-+ [ u_int a; a = 1;],
-+ [ ac_cv_have_u_int="yes" ],
-+ [ ac_cv_have_u_int="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_u_int" = "xyes" ; then
-+ AC_DEFINE(HAVE_U_INT)
-+ have_u_int=1
-+fi
-+
-+AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
-+ AC_TRY_COMPILE(
-+ [ #include <sys/types.h> ],
-+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
-+ [ ac_cv_have_intxx_t="yes" ],
-+ [ ac_cv_have_intxx_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_intxx_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_INTXX_T)
-+ have_intxx_t=1
-+fi
-+
-+if (test -z "$have_intxx_t" && \
-+ test "x$ac_cv_header_stdint_h" = "xyes")
-+then
-+ AC_MSG_CHECKING([for intXX_t types in stdint.h])
-+ AC_TRY_COMPILE(
-+ [ #include <stdint.h> ],
-+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
-+ [
-+ AC_DEFINE(HAVE_INTXX_T)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [ AC_MSG_RESULT(no) ]
-+ )
-+fi
-+
-+AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#ifdef HAVE_STDINT_H
-+# include <stdint.h>
-+#endif
-+#include <sys/socket.h>
-+#ifdef HAVE_SYS_BITYPES_H
-+# include <sys/bitypes.h>
-+#endif
-+ ],
-+ [ int64_t a; a = 1;],
-+ [ ac_cv_have_int64_t="yes" ],
-+ [ ac_cv_have_int64_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_int64_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_INT64_T)
-+fi
-+
-+AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
-+ AC_TRY_COMPILE(
-+ [ #include <sys/types.h> ],
-+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
-+ [ ac_cv_have_u_intxx_t="yes" ],
-+ [ ac_cv_have_u_intxx_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_U_INTXX_T)
-+ have_u_intxx_t=1
-+fi
-+
-+if test -z "$have_u_intxx_t" ; then
-+ AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
-+ AC_TRY_COMPILE(
-+ [ #include <sys/socket.h> ],
-+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
-+ [
-+ AC_DEFINE(HAVE_U_INTXX_T)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [ AC_MSG_RESULT(no) ]
-+ )
-+fi
-+
-+AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
-+ AC_TRY_COMPILE(
-+ [ #include <sys/types.h> ],
-+ [ u_int64_t a; a = 1;],
-+ [ ac_cv_have_u_int64_t="yes" ],
-+ [ ac_cv_have_u_int64_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_U_INT64_T)
-+ have_u_int64_t=1
-+fi
-+
-+if test -z "$have_u_int64_t" ; then
-+ AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
-+ AC_TRY_COMPILE(
-+ [ #include <sys/bitypes.h> ],
-+ [ u_int64_t a; a = 1],
-+ [
-+ AC_DEFINE(HAVE_U_INT64_T)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [ AC_MSG_RESULT(no) ]
-+ )
-+fi
-+
-+if test -z "$have_u_intxx_t" ; then
-+ AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+ ],
-+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
-+ [ ac_cv_have_uintxx_t="yes" ],
-+ [ ac_cv_have_uintxx_t="no" ]
-+ )
-+ ])
-+ if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_UINTXX_T)
-+ fi
-+fi
-+
-+if test -z "$have_uintxx_t" ; then
-+ AC_MSG_CHECKING([for uintXX_t types in stdint.h])
-+ AC_TRY_COMPILE(
-+ [ #include <stdint.h> ],
-+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
-+ [
-+ AC_DEFINE(HAVE_UINTXX_T)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [ AC_MSG_RESULT(no) ]
-+ )
-+fi
-+
-+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
-+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
-+then
-+ AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/bitypes.h>
-+ ],
-+ [
-+ int8_t a; int16_t b; int32_t c;
-+ u_int8_t e; u_int16_t f; u_int32_t g;
-+ a = b = c = e = f = g = 1;
-+ ],
-+ [
-+ AC_DEFINE(HAVE_U_INTXX_T)
-+ AC_DEFINE(HAVE_INTXX_T)
-+ AC_MSG_RESULT(yes)
-+ ],
-+ [AC_MSG_RESULT(no)]
-+ )
-+fi
-+
-+
-+AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+ ],
-+ [ u_char foo; foo = 125; ],
-+ [ ac_cv_have_u_char="yes" ],
-+ [ ac_cv_have_u_char="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_u_char" = "xyes" ; then
-+ AC_DEFINE(HAVE_U_CHAR)
-+fi
-+
-+TYPE_SOCKLEN_T
-+
-+AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
-+
-+AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+ ],
-+ [ size_t foo; foo = 1235; ],
-+ [ ac_cv_have_size_t="yes" ],
-+ [ ac_cv_have_size_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_size_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_SIZE_T)
-+fi
-+
-+AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+ ],
-+ [ ssize_t foo; foo = 1235; ],
-+ [ ac_cv_have_ssize_t="yes" ],
-+ [ ac_cv_have_ssize_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_ssize_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_SSIZE_T)
-+fi
-+
-+AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <time.h>
-+ ],
-+ [ clock_t foo; foo = 1235; ],
-+ [ ac_cv_have_clock_t="yes" ],
-+ [ ac_cv_have_clock_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_clock_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_CLOCK_T)
-+fi
-+
-+AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+ ],
-+ [ sa_family_t foo; foo = 1235; ],
-+ [ ac_cv_have_sa_family_t="yes" ],
-+ [ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+ ],
-+ [ sa_family_t foo; foo = 1235; ],
-+ [ ac_cv_have_sa_family_t="yes" ],
-+
-+ [ ac_cv_have_sa_family_t="no" ]
-+ )]
-+ )
-+])
-+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_SA_FAMILY_T)
-+fi
-+
-+AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+ ],
-+ [ pid_t foo; foo = 1235; ],
-+ [ ac_cv_have_pid_t="yes" ],
-+ [ ac_cv_have_pid_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_pid_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_PID_T)
-+fi
-+
-+AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+ ],
-+ [ mode_t foo; foo = 1235; ],
-+ [ ac_cv_have_mode_t="yes" ],
-+ [ ac_cv_have_mode_t="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_mode_t" = "xyes" ; then
-+ AC_DEFINE(HAVE_MODE_T)
-+fi
-+
-+
-+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+ ],
-+ [ struct sockaddr_storage s; ],
-+ [ ac_cv_have_struct_sockaddr_storage="yes" ],
-+ [ ac_cv_have_struct_sockaddr_storage="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
-+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
-+fi
-+
-+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <netinet/in.h>
-+ ],
-+ [ struct sockaddr_in6 s; s.sin6_family = 0; ],
-+ [ ac_cv_have_struct_sockaddr_in6="yes" ],
-+ [ ac_cv_have_struct_sockaddr_in6="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
-+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
-+fi
-+
-+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <netinet/in.h>
-+ ],
-+ [ struct in6_addr s; s.s6_addr[0] = 0; ],
-+ [ ac_cv_have_struct_in6_addr="yes" ],
-+ [ ac_cv_have_struct_in6_addr="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
-+ AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
-+fi
-+
-+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netdb.h>
-+ ],
-+ [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
-+ [ ac_cv_have_struct_addrinfo="yes" ],
-+ [ ac_cv_have_struct_addrinfo="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
-+ AC_DEFINE(HAVE_STRUCT_ADDRINFO)
-+fi
-+
-+AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
-+ AC_TRY_COMPILE(
-+ [ #include <sys/time.h> ],
-+ [ struct timeval tv; tv.tv_sec = 1;],
-+ [ ac_cv_have_struct_timeval="yes" ],
-+ [ ac_cv_have_struct_timeval="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
-+ AC_DEFINE(HAVE_STRUCT_TIMEVAL)
-+ have_struct_timeval=1
-+fi
-+
-+AC_CHECK_TYPES(struct timespec)
-+
-+# We need int64_t or else certian parts of the compile will fail.
-+if test "x$ac_cv_have_int64_t" = "xno" -a \
-+ "x$ac_cv_sizeof_long_int" != "x8" -a \
-+ "x$ac_cv_sizeof_long_long_int" = "x0" ; then
-+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
-+ echo "an alternative compiler (I.E., GCC) before continuing."
-+ echo ""
-+ exit 1;
-+else
-+dnl test snprintf (broken on SCO w/gcc)
-+ AC_TRY_RUN(
-+ [
-+#include <stdio.h>
-+#include <string.h>
-+#ifdef HAVE_SNPRINTF
-+main()
-+{
-+ char buf[50];
-+ char expected_out[50];
-+ int mazsize = 50 ;
-+#if (SIZEOF_LONG_INT == 8)
-+ long int num = 0x7fffffffffffffff;
-+#else
-+ long long num = 0x7fffffffffffffffll;
-+#endif
-+ strcpy(expected_out, "9223372036854775807");
-+ snprintf(buf, mazsize, "%lld", num);
-+ if(strcmp(buf, expected_out) != 0)
-+ exit(1);
-+ exit(0);
-+}
-+#else
-+main() { exit(0); }
-+#endif
-+ ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
-+ )
-+fi
-+
-+dnl Checks for structure members
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
-+OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
-+
-+AC_CHECK_MEMBERS([struct stat.st_blksize])
-+
-+AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
-+ ac_cv_have_ss_family_in_struct_ss, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+ ],
-+ [ struct sockaddr_storage s; s.ss_family = 1; ],
-+ [ ac_cv_have_ss_family_in_struct_ss="yes" ],
-+ [ ac_cv_have_ss_family_in_struct_ss="no" ],
-+ )
-+])
-+if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
-+ AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
-+fi
-+
-+AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
-+ ac_cv_have___ss_family_in_struct_ss, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+ ],
-+ [ struct sockaddr_storage s; s.__ss_family = 1; ],
-+ [ ac_cv_have___ss_family_in_struct_ss="yes" ],
-+ [ ac_cv_have___ss_family_in_struct_ss="no" ]
-+ )
-+])
-+if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
-+ AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
-+fi
-+
-+AC_CACHE_CHECK([for pw_class field in struct passwd],
-+ ac_cv_have_pw_class_in_struct_passwd, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <pwd.h>
-+ ],
-+ [ struct passwd p; p.pw_class = 0; ],
-+ [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
-+ [ ac_cv_have_pw_class_in_struct_passwd="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
-+ AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
-+fi
-+
-+AC_CACHE_CHECK([for pw_expire field in struct passwd],
-+ ac_cv_have_pw_expire_in_struct_passwd, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <pwd.h>
-+ ],
-+ [ struct passwd p; p.pw_expire = 0; ],
-+ [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
-+ [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
-+ AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
-+fi
-+
-+AC_CACHE_CHECK([for pw_change field in struct passwd],
-+ ac_cv_have_pw_change_in_struct_passwd, [
-+ AC_TRY_COMPILE(
-+ [
-+#include <pwd.h>
-+ ],
-+ [ struct passwd p; p.pw_change = 0; ],
-+ [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
-+ [ ac_cv_have_pw_change_in_struct_passwd="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
-+ AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
-+fi
-+
-+dnl make sure we're using the real structure members and not defines
-+AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
-+ ac_cv_have_accrights_in_msghdr, [
-+ AC_TRY_RUN(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/uio.h>
-+int main() {
-+#ifdef msg_accrights
-+exit(1);
-+#endif
-+struct msghdr m;
-+m.msg_accrights = 0;
-+exit(0);
-+}
-+ ],
-+ [ ac_cv_have_accrights_in_msghdr="yes" ],
-+ [ ac_cv_have_accrights_in_msghdr="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
-+ AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
-+fi
-+
-+AC_CACHE_CHECK([for msg_control field in struct msghdr],
-+ ac_cv_have_control_in_msghdr, [
-+ AC_TRY_RUN(
-+ [
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/uio.h>
-+int main() {
-+#ifdef msg_control
-+exit(1);
-+#endif
-+struct msghdr m;
-+m.msg_control = 0;
-+exit(0);
-+}
-+ ],
-+ [ ac_cv_have_control_in_msghdr="yes" ],
-+ [ ac_cv_have_control_in_msghdr="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
-+ AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
-+fi
-+
-+AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
-+ AC_TRY_LINK([],
-+ [ extern char *__progname; printf("%s", __progname); ],
-+ [ ac_cv_libc_defines___progname="yes" ],
-+ [ ac_cv_libc_defines___progname="no" ]
-+ )
-+])
-+if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
-+ AC_DEFINE(HAVE___PROGNAME)
-+fi
-+
-+AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
-+ AC_TRY_LINK([
-+#include <stdio.h>
-+],
-+ [ printf("%s", __FUNCTION__); ],
-+ [ ac_cv_cc_implements___FUNCTION__="yes" ],
-+ [ ac_cv_cc_implements___FUNCTION__="no" ]
-+ )
-+])
-+if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
-+ AC_DEFINE(HAVE___FUNCTION__)
-+fi
-+
-+AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
-+ AC_TRY_LINK([
-+#include <stdio.h>
-+],
-+ [ printf("%s", __func__); ],
-+ [ ac_cv_cc_implements___func__="yes" ],
-+ [ ac_cv_cc_implements___func__="no" ]
-+ )
-+])
-+if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
-+ AC_DEFINE(HAVE___func__)
-+fi
-+
-+AC_CACHE_CHECK([whether getopt has optreset support],
-+ ac_cv_have_getopt_optreset, [
-+ AC_TRY_LINK(
-+ [
-+#include <getopt.h>
-+ ],
-+ [ extern int optreset; optreset = 0; ],
-+ [ ac_cv_have_getopt_optreset="yes" ],
-+ [ ac_cv_have_getopt_optreset="no" ]
-+ )
-+])
-+if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
-+ AC_DEFINE(HAVE_GETOPT_OPTRESET)
-+fi
-+
-+AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
-+ AC_TRY_LINK([],
-+ [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
-+ [ ac_cv_libc_defines_sys_errlist="yes" ],
-+ [ ac_cv_libc_defines_sys_errlist="no" ]
-+ )
-+])
-+if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
-+ AC_DEFINE(HAVE_SYS_ERRLIST)
-+fi
-+
-+
-+AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
-+ AC_TRY_LINK([],
-+ [ extern int sys_nerr; printf("%i", sys_nerr);],
-+ [ ac_cv_libc_defines_sys_nerr="yes" ],
-+ [ ac_cv_libc_defines_sys_nerr="no" ]
-+ )
-+])
-+if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
-+ AC_DEFINE(HAVE_SYS_NERR)
-+fi
-+
-+SCARD_MSG="no"
-+
-+# Check whether user wants sectok support
-+AC_ARG_WITH(sectok,
-+ [ --with-sectok Enable smartcard support using libsectok],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ if test "x$withval" != "xyes" ; then
-+ CPPFLAGS="$CPPFLAGS -I${withval}"
-+ LDFLAGS="$LDFLAGS -L${withval}"
-+ if test ! -z "$need_dash_r" ; then
-+ LDFLAGS="$LDFLAGS -R${withval}"
-+ fi
-+ if test ! -z "$blibpath" ; then
-+ blibpath="$blibpath:${withval}"
-+ fi
-+ fi
-+ AC_CHECK_HEADERS(sectok.h)
-+ if test "$ac_cv_header_sectok_h" != yes; then
-+ AC_MSG_ERROR(Can't find sectok.h)
-+ fi
-+ AC_CHECK_LIB(sectok, sectok_open)
-+ if test "$ac_cv_lib_sectok_sectok_open" != yes; then
-+ AC_MSG_ERROR(Can't find libsectok)
-+ fi
-+ AC_DEFINE(SMARTCARD)
-+ AC_DEFINE(USE_SECTOK)
-+ SCARD_MSG="yes, using sectok"
-+ fi
-+ ]
-+)
-+
-+# Check whether user wants OpenSC support
-+AC_ARG_WITH(opensc,
-+ AC_HELP_STRING([--with-opensc=PFX],
-+ [Enable smartcard support using OpenSC]),
-+ opensc_config_prefix="$withval", opensc_config_prefix="")
-+if test x$opensc_config_prefix != x ; then
-+ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
-+ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
-+ if test "$OPENSC_CONFIG" != "no"; then
-+ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
-+ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
-+ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
-+ LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
-+ AC_DEFINE(SMARTCARD)
-+ AC_DEFINE(USE_OPENSC)
-+ SCARD_MSG="yes, using OpenSC"
-+ fi
-+fi
-+
-+# Check whether user wants Kerberos 5 support
-+KRB5_MSG="no"
-+AC_ARG_WITH(kerberos5,
-+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ if test "x$withval" = "xyes" ; then
-+ KRB5ROOT="/usr/local"
-+ else
-+ KRB5ROOT=${withval}
-+ fi
-+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
-+ AC_DEFINE(KRB5)
-+ KRB5_MSG="yes"
-+ AC_MSG_CHECKING(whether we are using Heimdal)
-+ AC_TRY_COMPILE([ #include <krb5.h> ],
-+ [ char *tmp = heimdal_version; ],
-+ [ AC_MSG_RESULT(yes)
-+ AC_DEFINE(HEIMDAL)
-+ K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
-+ ],
-+ [ AC_MSG_RESULT(no)
-+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
-+ ]
-+ )
-+ if test ! -z "$need_dash_r" ; then
-+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
-+ fi
-+ if test ! -z "$blibpath" ; then
-+ blibpath="$blibpath:${KRB5ROOT}/lib"
-+ fi
-+ AC_CHECK_LIB(resolv, dn_expand, , )
-+
-+ KRB5=yes
-+ fi
-+ ]
-+)
-+# Check whether user wants Kerberos 4 support
-+KRB4_MSG="no"
-+AC_ARG_WITH(kerberos4,
-+ [ --with-kerberos4=PATH Enable Kerberos 4 support],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ if test "x$withval" != "xyes" ; then
-+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
-+ LDFLAGS="$LDFLAGS -L${withval}/lib"
-+ if test ! -z "$need_dash_r" ; then
-+ LDFLAGS="$LDFLAGS -R${withval}/lib"
-+ fi
-+ if test ! -z "$blibpath" ; then
-+ blibpath="$blibpath:${withval}/lib"
-+ fi
-+ else
-+ if test -d /usr/include/kerberosIV ; then
-+ CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
-+ fi
-+ fi
-+
-+ AC_CHECK_HEADERS(krb.h)
-+ if test "$ac_cv_header_krb_h" != yes; then
-+ AC_MSG_WARN([Cannot find krb.h, build may fail])
-+ fi
-+ AC_CHECK_LIB(krb, main)
-+ if test "$ac_cv_lib_krb_main" != yes; then
-+ AC_CHECK_LIB(krb4, main)
-+ if test "$ac_cv_lib_krb4_main" != yes; then
-+ AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
-+ else
-+ KLIBS="-lkrb4"
-+ fi
-+ else
-+ KLIBS="-lkrb"
-+ fi
-+ AC_CHECK_LIB(des, des_cbc_encrypt)
-+ if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
-+ AC_CHECK_LIB(des425, des_cbc_encrypt)
-+ if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
-+ AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
-+ else
-+ KLIBS="-ldes425"
-+ fi
-+ else
-+ KLIBS="-ldes"
-+ fi
-+ AC_CHECK_LIB(resolv, dn_expand, , )
-+ KRB4=yes
-+ KRB4_MSG="yes"
-+ AC_DEFINE(KRB4)
-+ fi
-+ ]
-+)
-+
-+# Check whether user wants AFS support
-+AFS_MSG="no"
-+AC_ARG_WITH(afs,
-+ [ --with-afs=PATH Enable AFS support],
-+ [
-+ if test "x$withval" != "xno" ; then
-+
-+ if test "x$withval" != "xyes" ; then
-+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
-+ LDFLAGS="$LDFLAGS -L${withval}/lib"
-+ fi
-+
-+ if test -z "$KRB4" ; then
-+ AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
-+ fi
-+
-+ LIBS="-lkafs $LIBS"
-+ if test ! -z "$AFS_LIBS" ; then
-+ LIBS="$LIBS $AFS_LIBS"
-+ fi
-+ AC_DEFINE(AFS)
-+ AFS_MSG="yes"
-+ fi
-+ ]
-+)
-+LIBS="$LIBS $KLIBS $K5LIBS"
-+
-+# Looking for programs, paths and files
-+
-+PRIVSEP_PATH=/var/empty
-+AC_ARG_WITH(privsep-path,
-+ [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
-+ [
-+ if test "x$withval" != "$no" ; then
-+ PRIVSEP_PATH=$withval
-+ fi
-+ ]
-+)
-+AC_SUBST(PRIVSEP_PATH)
-+
-+AC_ARG_WITH(xauth,
-+ [ --with-xauth=PATH Specify path to xauth program ],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ xauth_path=$withval
-+ fi
-+ ],
-+ [
-+ TestPath="$PATH"
-+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
-+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
-+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
-+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
-+ AC_PATH_PROG(xauth_path, xauth, , $TestPath)
-+ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
-+ xauth_path="/usr/openwin/bin/xauth"
-+ fi
-+ ]
-+)
-+
-+STRIP_OPT=-s
-+AC_ARG_ENABLE(strip,
-+ [ --disable-strip Disable calling strip(1) on install],
-+ [
-+ if test "x$enableval" = "xno" ; then
-+ STRIP_OPT=
-+ fi
-+ ]
-+)
-+AC_SUBST(STRIP_OPT)
-+
-+if test -z "$xauth_path" ; then
-+ XAUTH_PATH="undefined"
-+ AC_SUBST(XAUTH_PATH)
-+else
-+ AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
-+ XAUTH_PATH=$xauth_path
-+ AC_SUBST(XAUTH_PATH)
-+fi
-+
-+# Check for mail directory (last resort if we cannot get it from headers)
-+if test ! -z "$MAIL" ; then
-+ maildir=`dirname $MAIL`
-+ AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
-+fi
-+
-+if test -z "$no_dev_ptmx" ; then
-+ if test "x$disable_ptmx_check" != "xyes" ; then
-+ AC_CHECK_FILE("/dev/ptmx",
-+ [
-+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
-+ have_dev_ptmx=1
-+ ]
-+ )
-+ fi
-+fi
-+AC_CHECK_FILE("/dev/ptc",
-+ [
-+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
-+ have_dev_ptc=1
-+ ]
-+)
-+
-+# Options from here on. Some of these are preset by platform above
-+AC_ARG_WITH(mantype,
-+ [ --with-mantype=man|cat|doc Set man page type],
-+ [
-+ case "$withval" in
-+ man|cat|doc)
-+ MANTYPE=$withval
-+ ;;
-+ *)
-+ AC_MSG_ERROR(invalid man type: $withval)
-+ ;;
-+ esac
-+ ]
-+)
-+if test -z "$MANTYPE"; then
-+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
-+ AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
-+ if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
-+ MANTYPE=doc
-+ elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
-+ MANTYPE=man
-+ else
-+ MANTYPE=cat
-+ fi
-+fi
-+AC_SUBST(MANTYPE)
-+if test "$MANTYPE" = "doc"; then
-+ mansubdir=man;
-+else
-+ mansubdir=$MANTYPE;
-+fi
-+AC_SUBST(mansubdir)
-+
-+# Check whether to enable MD5 passwords
-+MD5_MSG="no"
-+AC_ARG_WITH(md5-passwords,
-+ [ --with-md5-passwords Enable use of MD5 passwords],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_DEFINE(HAVE_MD5_PASSWORDS)
-+ MD5_MSG="yes"
-+ fi
-+ ]
-+)
-+
-+# Whether to disable shadow password support
-+AC_ARG_WITH(shadow,
-+ [ --without-shadow Disable shadow password support],
-+ [
-+ if test "x$withval" = "xno" ; then
-+ AC_DEFINE(DISABLE_SHADOW)
-+ disable_shadow=yes
-+ fi
-+ ]
-+)
-+
-+if test -z "$disable_shadow" ; then
-+ AC_MSG_CHECKING([if the systems has expire shadow information])
-+ AC_TRY_COMPILE(
-+ [
-+#include <sys/types.h>
-+#include <shadow.h>
-+ struct spwd sp;
-+ ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
-+ [ sp_expire_available=yes ], []
-+ )
-+
-+ if test "x$sp_expire_available" = "xyes" ; then
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(HAS_SHADOW_EXPIRE)
-+ else
-+ AC_MSG_RESULT(no)
-+ fi
-+fi
-+
-+# Use ip address instead of hostname in $DISPLAY
-+if test ! -z "$IPADDR_IN_DISPLAY" ; then
-+ DISPLAY_HACK_MSG="yes"
-+ AC_DEFINE(IPADDR_IN_DISPLAY)
-+else
-+ DISPLAY_HACK_MSG="no"
-+ AC_ARG_WITH(ipaddr-display,
-+ [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_DEFINE(IPADDR_IN_DISPLAY)
-+ DISPLAY_HACK_MSG="yes"
-+ fi
-+ ]
-+ )
-+fi
-+
-+dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
-+if test $ac_cv_func_login_getcapbool = "yes" -a \
-+ $ac_cv_header_login_cap_h = "yes" ; then
-+ USES_LOGIN_CONF=yes
-+fi
-+# Whether to mess with the default path
-+SERVER_PATH_MSG="(default)"
-+AC_ARG_WITH(default-path,
-+ [ --with-default-path= Specify default \$PATH environment for server],
-+ [
-+ if test "$USES_LOGIN_CONF" = "yes" ; then
-+ AC_MSG_WARN([
-+--with-default-path=PATH has no effect on this system.
-+Edit /etc/login.conf instead.])
-+ elif test "x$withval" != "xno" ; then
-+ user_path="$withval"
-+ SERVER_PATH_MSG="$withval"
-+ fi
-+ ],
-+ [ if test "$USES_LOGIN_CONF" = "yes" ; then
-+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
-+ else
-+ AC_TRY_RUN(
-+ [
-+/* find out what STDPATH is */
-+#include <stdio.h>
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+#ifndef _PATH_STDPATH
-+# ifdef _PATH_USERPATH /* Irix */
-+# define _PATH_STDPATH _PATH_USERPATH
-+# else
-+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
-+# endif
-+#endif
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#define DATA "conftest.stdpath"
-+
-+main()
-+{
-+ FILE *fd;
-+ int rc;
-+
-+ fd = fopen(DATA,"w");
-+ if(fd == NULL)
-+ exit(1);
-+
-+ if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
-+ exit(1);
-+
-+ exit(0);
-+}
-+ ], [ user_path=`cat conftest.stdpath` ],
-+ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
-+ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
-+ )
-+# make sure $bindir is in USER_PATH so scp will work
-+ t_bindir=`eval echo ${bindir}`
-+ case $t_bindir in
-+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
-+ esac
-+ case $t_bindir in
-+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
-+ esac
-+ echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
-+ if test $? -ne 0 ; then
-+ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
-+ if test $? -ne 0 ; then
-+ user_path=$user_path:$t_bindir
-+ AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
-+ fi
-+ fi
-+ fi ]
-+)
-+if test "$USES_LOGIN_CONF" != "yes" ; then
-+ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
-+ AC_SUBST(user_path)
-+fi
-+
-+# Set superuser path separately to user path
-+AC_ARG_WITH(superuser-path,
-+ [ --with-superuser-path= Specify different path for super-user],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
-+ superuser_path=$withval
-+ fi
-+ ]
-+)
-+
-+
-+# Whether to force IPv4 by default (needed on broken glibc Linux)
-+IPV4_HACK_MSG="no"
-+AC_ARG_WITH(ipv4-default,
-+ [ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_DEFINE(IPV4_DEFAULT)
-+ IPV4_HACK_MSG="yes"
-+ fi
-+ ]
-+)
-+
-+AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
-+IPV4_IN6_HACK_MSG="no"
-+AC_ARG_WITH(4in6,
-+ [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(IPV4_IN_IPV6)
-+ IPV4_IN6_HACK_MSG="yes"
-+ else
-+ AC_MSG_RESULT(no)
-+ fi
-+ ],[
-+ if test "x$inet6_default_4in6" = "xyes"; then
-+ AC_MSG_RESULT([yes (default)])
-+ AC_DEFINE(IPV4_IN_IPV6)
-+ IPV4_IN6_HACK_MSG="yes"
-+ else
-+ AC_MSG_RESULT([no (default)])
-+ fi
-+ ]
-+)
-+
-+# Whether to enable BSD auth support
-+BSD_AUTH_MSG=no
-+AC_ARG_WITH(bsd-auth,
-+ [ --with-bsd-auth Enable BSD auth support],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_DEFINE(BSD_AUTH)
-+ BSD_AUTH_MSG=yes
-+ fi
-+ ]
-+)
-+
-+# Where to place sshd.pid
-+piddir=/var/run
-+# make sure the directory exists
-+if test ! -d $piddir ; then
-+ piddir=`eval echo ${sysconfdir}`
-+ case $piddir in
-+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
-+ esac
-+fi
-+
-+AC_ARG_WITH(pid-dir,
-+ [ --with-pid-dir=PATH Specify location of ssh.pid file],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ piddir=$withval
-+ if test ! -d $piddir ; then
-+ AC_MSG_WARN([** no $piddir directory on this system **])
-+ fi
-+ fi
-+ ]
-+)
-+
-+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
-+AC_SUBST(piddir)
-+
-+dnl allow user to disable some login recording features
-+AC_ARG_ENABLE(lastlog,
-+ [ --disable-lastlog disable use of lastlog even if detected [no]],
-+ [ AC_DEFINE(DISABLE_LASTLOG) ]
-+)
-+AC_ARG_ENABLE(utmp,
-+ [ --disable-utmp disable use of utmp even if detected [no]],
-+ [ AC_DEFINE(DISABLE_UTMP) ]
-+)
-+AC_ARG_ENABLE(utmpx,
-+ [ --disable-utmpx disable use of utmpx even if detected [no]],
-+ [ AC_DEFINE(DISABLE_UTMPX) ]
-+)
-+AC_ARG_ENABLE(wtmp,
-+ [ --disable-wtmp disable use of wtmp even if detected [no]],
-+ [ AC_DEFINE(DISABLE_WTMP) ]
-+)
-+AC_ARG_ENABLE(wtmpx,
-+ [ --disable-wtmpx disable use of wtmpx even if detected [no]],
-+ [ AC_DEFINE(DISABLE_WTMPX) ]
-+)
-+AC_ARG_ENABLE(libutil,
-+ [ --disable-libutil disable use of libutil (login() etc.) [no]],
-+ [ AC_DEFINE(DISABLE_LOGIN) ]
-+)
-+AC_ARG_ENABLE(pututline,
-+ [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
-+ [ AC_DEFINE(DISABLE_PUTUTLINE) ]
-+)
-+AC_ARG_ENABLE(pututxline,
-+ [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
-+ [ AC_DEFINE(DISABLE_PUTUTXLINE) ]
-+)
-+AC_ARG_WITH(lastlog,
-+ [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
-+ [
-+ if test "x$withval" = "xno" ; then
-+ AC_DEFINE(DISABLE_LASTLOG)
-+ else
-+ conf_lastlog_location=$withval
-+ fi
-+ ]
-+)
-+
-+dnl lastlog, [uw]tmpx? detection
-+dnl NOTE: set the paths in the platform section to avoid the
-+dnl need for command-line parameters
-+dnl lastlog and [uw]tmp are subject to a file search if all else fails
-+
-+dnl lastlog detection
-+dnl NOTE: the code itself will detect if lastlog is a directory
-+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
-+AC_TRY_COMPILE([
-+#include <sys/types.h>
-+#include <utmp.h>
-+#ifdef HAVE_LASTLOG_H
-+# include <lastlog.h>
-+#endif
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+#ifdef HAVE_LOGIN_H
-+# include <login.h>
-+#endif
-+ ],
-+ [ char *lastlog = LASTLOG_FILE; ],
-+ [ AC_MSG_RESULT(yes) ],
-+ [
-+ AC_MSG_RESULT(no)
-+ AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
-+ AC_TRY_COMPILE([
-+#include <sys/types.h>
-+#include <utmp.h>
-+#ifdef HAVE_LASTLOG_H
-+# include <lastlog.h>
-+#endif
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+ ],
-+ [ char *lastlog = _PATH_LASTLOG; ],
-+ [ AC_MSG_RESULT(yes) ],
-+ [
-+ AC_MSG_RESULT(no)
-+ system_lastlog_path=no
-+ ])
-+ ]
-+)
-+
-+if test -z "$conf_lastlog_location"; then
-+ if test x"$system_lastlog_path" = x"no" ; then
-+ for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
-+ if (test -d "$f" || test -f "$f") ; then
-+ conf_lastlog_location=$f
-+ fi
-+ done
-+ if test -z "$conf_lastlog_location"; then
-+ AC_MSG_WARN([** Cannot find lastlog **])
-+ dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
-+ fi
-+ fi
-+fi
-+
-+if test -n "$conf_lastlog_location"; then
-+ AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
-+fi
-+
-+dnl utmp detection
-+AC_MSG_CHECKING([if your system defines UTMP_FILE])
-+AC_TRY_COMPILE([
-+#include <sys/types.h>
-+#include <utmp.h>
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+ ],
-+ [ char *utmp = UTMP_FILE; ],
-+ [ AC_MSG_RESULT(yes) ],
-+ [ AC_MSG_RESULT(no)
-+ system_utmp_path=no ]
-+)
-+if test -z "$conf_utmp_location"; then
-+ if test x"$system_utmp_path" = x"no" ; then
-+ for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
-+ if test -f $f ; then
-+ conf_utmp_location=$f
-+ fi
-+ done
-+ if test -z "$conf_utmp_location"; then
-+ AC_DEFINE(DISABLE_UTMP)
-+ fi
-+ fi
-+fi
-+if test -n "$conf_utmp_location"; then
-+ AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
-+fi
-+
-+dnl wtmp detection
-+AC_MSG_CHECKING([if your system defines WTMP_FILE])
-+AC_TRY_COMPILE([
-+#include <sys/types.h>
-+#include <utmp.h>
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+ ],
-+ [ char *wtmp = WTMP_FILE; ],
-+ [ AC_MSG_RESULT(yes) ],
-+ [ AC_MSG_RESULT(no)
-+ system_wtmp_path=no ]
-+)
-+if test -z "$conf_wtmp_location"; then
-+ if test x"$system_wtmp_path" = x"no" ; then
-+ for f in /usr/adm/wtmp /var/log/wtmp; do
-+ if test -f $f ; then
-+ conf_wtmp_location=$f
-+ fi
-+ done
-+ if test -z "$conf_wtmp_location"; then
-+ AC_DEFINE(DISABLE_WTMP)
-+ fi
-+ fi
-+fi
-+if test -n "$conf_wtmp_location"; then
-+ AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
-+fi
-+
-+
-+dnl utmpx detection - I don't know any system so perverse as to require
-+dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
-+dnl there, though.
-+AC_MSG_CHECKING([if your system defines UTMPX_FILE])
-+AC_TRY_COMPILE([
-+#include <sys/types.h>
-+#include <utmp.h>
-+#ifdef HAVE_UTMPX_H
-+#include <utmpx.h>
-+#endif
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+ ],
-+ [ char *utmpx = UTMPX_FILE; ],
-+ [ AC_MSG_RESULT(yes) ],
-+ [ AC_MSG_RESULT(no)
-+ system_utmpx_path=no ]
-+)
-+if test -z "$conf_utmpx_location"; then
-+ if test x"$system_utmpx_path" = x"no" ; then
-+ AC_DEFINE(DISABLE_UTMPX)
-+ fi
-+else
-+ AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
-+fi
-+
-+dnl wtmpx detection
-+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
-+AC_TRY_COMPILE([
-+#include <sys/types.h>
-+#include <utmp.h>
-+#ifdef HAVE_UTMPX_H
-+#include <utmpx.h>
-+#endif
-+#ifdef HAVE_PATHS_H
-+# include <paths.h>
-+#endif
-+ ],
-+ [ char *wtmpx = WTMPX_FILE; ],
-+ [ AC_MSG_RESULT(yes) ],
-+ [ AC_MSG_RESULT(no)
-+ system_wtmpx_path=no ]
-+)
-+if test -z "$conf_wtmpx_location"; then
-+ if test x"$system_wtmpx_path" = x"no" ; then
-+ AC_DEFINE(DISABLE_WTMPX)
-+ fi
-+else
-+ AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
-+fi
-+
-+
-+if test ! -z "$blibpath" ; then
-+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
-+ AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
-+fi
-+
-+dnl remove pam and dl because they are in $LIBPAM
-+if test "$PAM_MSG" = yes ; then
-+ LIBS=`echo $LIBS | sed 's/-lpam //'`
-+fi
-+if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
-+ LIBS=`echo $LIBS | sed 's/-ldl //'`
-+fi
-+
-+AC_EXEEXT
-+AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
-+AC_OUTPUT
-+
-+# Print summary of options
-+
-+# Someone please show me a better way :)
-+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
-+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
-+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
-+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
-+E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
-+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
-+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
-+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
-+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
-+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
-+
-+echo ""
-+echo "OpenSSH has been configured with the following options:"
-+echo " User binaries: $B"
-+echo " System binaries: $C"
-+echo " Configuration files: $D"
-+echo " Askpass program: $E"
-+echo " Manual pages: $F"
-+echo " PID file: $G"
-+echo " Privilege separation chroot path: $H"
-+if test "$USES_LOGIN_CONF" = "yes" ; then
-+echo " At runtime, sshd will use the path defined in /etc/login.conf"
-+else
-+echo " sshd default user PATH: $I"
-+fi
-+if test ! -z "$superuser_path" ; then
-+echo " sshd superuser user PATH: $J"
-+fi
-+echo " Manpage format: $MANTYPE"
-+echo " PAM support: ${PAM_MSG}"
-+echo " KerberosIV support: $KRB4_MSG"
-+echo " KerberosV support: $KRB5_MSG"
-+echo " Smartcard support: $SCARD_MSG"
-+echo " AFS support: $AFS_MSG"
-+echo " S/KEY support: $SKEY_MSG"
-+echo " TCP Wrappers support: $TCPW_MSG"
-+echo " MD5 password support: $MD5_MSG"
-+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-+echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
-+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
-+echo " BSD Auth support: $BSD_AUTH_MSG"
-+echo " Random number source: $RAND_MSG"
-+if test ! -z "$USE_RAND_HELPER" ; then
-+echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
-+fi
-+
-+echo ""
-+
-+echo " Host: ${host}"
-+echo " Compiler: ${CC}"
-+echo " Compiler flags: ${CFLAGS}"
-+echo "Preprocessor flags: ${CPPFLAGS}"
-+echo " Linker flags: ${LDFLAGS}"
-+echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
-+
-+echo ""
-+
-+if test "x$PAM_MSG" = "xyes" ; then
-+ echo "PAM is enabled. You may need to install a PAM control file "
-+ echo "for sshd, otherwise password authentication may fail. "
-+ echo "Example PAM control files can be found in the contrib/ "
-+ echo "subdirectory"
-+ echo ""
-+fi
-+
-+if test ! -z "$RAND_HELPER_CMDHASH" ; then
-+ echo "WARNING: you are using the builtin random number collection "
-+ echo "service. Please read WARNING.RNG and request that your OS "
-+ echo "vendor includes kernel-based random number collection in "
-+ echo "future versions of your OS."
-+ echo ""
-+fi
-+
diff -urN openssh-3.6.1p2-orig/servconf.c openssh-3.6.1p2/servconf.c
--- openssh-3.6.1p2-orig/servconf.c 2003-02-23 18:04:34.000000000 -0700
+++ openssh-3.6.1p2/servconf.c 2003-07-26 16:57:54.000000000 -0600
#else
/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
* keytab */
-diff -urN openssh-3.6.1p2-orig/servconf.c~ openssh-3.6.1p2/servconf.c~
---- openssh-3.6.1p2-orig/servconf.c~ 1969-12-31 17:00:00.000000000 -0700
-+++ openssh-3.6.1p2/servconf.c~ 2003-07-26 16:57:47.000000000 -0600
-@@ -0,0 +1,955 @@
-+/*
-+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-+ * All rights reserved
-+ *
-+ * As far as I am concerned, the code I have written for this software
-+ * can be used freely for any purpose. Any derived versions of this
-+ * software must be clearly marked as such, and if the derived work is
-+ * incompatible with the protocol description in the RFC file, it must be
-+ * called by a name other than "ssh" or "Secure Shell".
-+ */
-+
-+#include "includes.h"
-+RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
-+
-+#if defined(KRB4)
-+#include <krb.h>
-+#endif
-+#if defined(KRB5)
-+#ifdef HEIMDAL
-+#include <krb5.h>
-+#else
-+/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
-+ * keytab */
-+#define KEYFILE "/etc/krb5.keytab"
-+#endif
-+#endif
-+#ifdef AFS
-+#include <kafs.h>
-+#endif
-+
-+#include "ssh.h"
-+#include "log.h"
-+#include "servconf.h"
-+#include "xmalloc.h"
-+#include "compat.h"
-+#include "pathnames.h"
-+#include "tildexpand.h"
-+#include "misc.h"
-+#include "cipher.h"
-+#include "kex.h"
-+#include "mac.h"
-+
-+static void add_listen_addr(ServerOptions *, char *, u_short);
-+static void add_one_listen_addr(ServerOptions *, char *, u_short);
-+
-+/* AF_UNSPEC or AF_INET or AF_INET6 */
-+extern int IPv4or6;
-+/* Use of privilege separation or not */
-+extern int use_privsep;
-+
-+/* Initializes the server options to their default values. */
-+
-+void
-+initialize_server_options(ServerOptions *options)
-+{
-+ memset(options, 0, sizeof(*options));
-+
-+ /* Portable-specific options */
-+ options->pam_authentication_via_kbd_int = -1;
-+
-+ /* Standard Options */
-+ options->num_ports = 0;
-+ options->ports_from_cmdline = 0;
-+ options->listen_addrs = NULL;
-+ options->num_host_key_files = 0;
-+ options->pid_file = NULL;
-+ options->server_key_bits = -1;
-+ options->login_grace_time = -1;
-+ options->key_regeneration_time = -1;
-+ options->permit_root_login = PERMIT_NOT_SET;
-+ options->ignore_rhosts = -1;
-+ options->ignore_user_known_hosts = -1;
-+ options->print_motd = -1;
-+ options->print_lastlog = -1;
-+ options->x11_forwarding = -1;
-+ options->x11_display_offset = -1;
-+ options->x11_use_localhost = -1;
-+ options->xauth_location = NULL;
-+ options->strict_modes = -1;
-+ options->keepalives = -1;
-+ options->log_facility = SYSLOG_FACILITY_NOT_SET;
-+ options->log_level = SYSLOG_LEVEL_NOT_SET;
-+ options->rhosts_authentication = -1;
-+ options->rhosts_rsa_authentication = -1;
-+ options->hostbased_authentication = -1;
-+ options->hostbased_uses_name_from_packet_only = -1;
-+ options->rsa_authentication = -1;
-+ options->pubkey_authentication = -1;
-+#if defined(KRB4) || defined(KRB5)
-+ options->kerberos_authentication = -1;
-+ options->kerberos_or_local_passwd = -1;
-+ options->kerberos_ticket_cleanup = -1;
-+#endif
-+#if defined(AFS) || defined(KRB5)
-+ options->kerberos_tgt_passing = -1;
-+#endif
-+#ifdef AFS
-+ options->afs_token_passing = -1;
-+#endif
-+ options->password_authentication = -1;
-+ options->kbd_interactive_authentication = -1;
-+ options->challenge_response_authentication = -1;
-+ options->permit_empty_passwd = -1;
-+ options->permit_user_env = -1;
-+ options->use_login = -1;
-+ options->compression = -1;
-+ options->allow_tcp_forwarding = -1;
-+ options->num_allow_users = 0;
-+ options->num_deny_users = 0;
-+ options->num_allow_groups = 0;
-+ options->num_deny_groups = 0;
-+ options->ciphers = NULL;
-+ options->macs = NULL;
-+ options->protocol = SSH_PROTO_UNKNOWN;
-+ options->gateway_ports = -1;
-+ options->num_subsystems = 0;
-+ options->max_startups_begin = -1;
-+ options->max_startups_rate = -1;
-+ options->max_startups = -1;
-+ options->banner = NULL;
-+ options->verify_reverse_mapping = -1;
-+ options->client_alive_interval = -1;
-+ options->client_alive_count_max = -1;
-+ options->authorized_keys_file = NULL;
-+ options->authorized_keys_file2 = NULL;
-+
-+ /* Needs to be accessable in many places */
-+ use_privsep = -1;
-+}
-+
-+void
-+fill_default_server_options(ServerOptions *options)
-+{
-+ /* Portable-specific options */
-+ if (options->pam_authentication_via_kbd_int == -1)
-+ options->pam_authentication_via_kbd_int = 0;
-+
-+ /* Standard Options */
-+ if (options->protocol == SSH_PROTO_UNKNOWN)
-+ options->protocol = SSH_PROTO_1|SSH_PROTO_2;
-+ if (options->num_host_key_files == 0) {
-+ /* fill default hostkeys for protocols */
-+ if (options->protocol & SSH_PROTO_1)
-+ options->host_key_files[options->num_host_key_files++] =
-+ _PATH_HOST_KEY_FILE;
-+ if (options->protocol & SSH_PROTO_2) {
-+ options->host_key_files[options->num_host_key_files++] =
-+ _PATH_HOST_RSA_KEY_FILE;
-+ options->host_key_files[options->num_host_key_files++] =
-+ _PATH_HOST_DSA_KEY_FILE;
-+ }
-+ }
-+ if (options->num_ports == 0)
-+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
-+ if (options->listen_addrs == NULL)
-+ add_listen_addr(options, NULL, 0);
-+ if (options->pid_file == NULL)
-+ options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
-+ if (options->server_key_bits == -1)
-+ options->server_key_bits = 768;
-+ if (options->login_grace_time == -1)
-+ options->login_grace_time = 120;
-+ if (options->key_regeneration_time == -1)
-+ options->key_regeneration_time = 3600;
-+ if (options->permit_root_login == PERMIT_NOT_SET)
-+ options->permit_root_login = PERMIT_YES;
-+ if (options->ignore_rhosts == -1)
-+ options->ignore_rhosts = 1;
-+ if (options->ignore_user_known_hosts == -1)
-+ options->ignore_user_known_hosts = 0;
-+ if (options->print_motd == -1)
-+ options->print_motd = 1;
-+ if (options->print_lastlog == -1)
-+ options->print_lastlog = 1;
-+ if (options->x11_forwarding == -1)
-+ options->x11_forwarding = 0;
-+ if (options->x11_display_offset == -1)
-+ options->x11_display_offset = 10;
-+ if (options->x11_use_localhost == -1)
-+ options->x11_use_localhost = 1;
-+ if (options->xauth_location == NULL)
-+ options->xauth_location = _PATH_XAUTH;
-+ if (options->strict_modes == -1)
-+ options->strict_modes = 1;
-+ if (options->keepalives == -1)
-+ options->keepalives = 1;
-+ if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
-+ options->log_facility = SYSLOG_FACILITY_AUTH;
-+ if (options->log_level == SYSLOG_LEVEL_NOT_SET)
-+ options->log_level = SYSLOG_LEVEL_INFO;
-+ if (options->rhosts_authentication == -1)
-+ options->rhosts_authentication = 0;
-+ if (options->rhosts_rsa_authentication == -1)
-+ options->rhosts_rsa_authentication = 0;
-+ if (options->hostbased_authentication == -1)
-+ options->hostbased_authentication = 0;
-+ if (options->hostbased_uses_name_from_packet_only == -1)
-+ options->hostbased_uses_name_from_packet_only = 0;
-+ if (options->rsa_authentication == -1)
-+ options->rsa_authentication = 1;
-+ if (options->pubkey_authentication == -1)
-+ options->pubkey_authentication = 1;
-+#if defined(KRB4) || defined(KRB5)
-+ if (options->kerberos_authentication == -1)
-+ options->kerberos_authentication = 0;
-+ if (options->kerberos_or_local_passwd == -1)
-+ options->kerberos_or_local_passwd = 1;
-+ if (options->kerberos_ticket_cleanup == -1)
-+ options->kerberos_ticket_cleanup = 1;
-+#endif
-+#if defined(AFS) || defined(KRB5)
-+ if (options->kerberos_tgt_passing == -1)
-+ options->kerberos_tgt_passing = 0;
-+#endif
-+#ifdef AFS
-+ if (options->afs_token_passing == -1)
-+ options->afs_token_passing = 0;
-+#endif
-+ if (options->password_authentication == -1)
-+ options->password_authentication = 1;
-+ if (options->kbd_interactive_authentication == -1)
-+ options->kbd_interactive_authentication = 0;
-+ if (options->challenge_response_authentication == -1)
-+ options->challenge_response_authentication = 1;
-+ if (options->permit_empty_passwd == -1)
-+ options->permit_empty_passwd = 0;
-+ if (options->permit_user_env == -1)
-+ options->permit_user_env = 0;
-+ if (options->use_login == -1)
-+ options->use_login = 0;
-+ if (options->compression == -1)
-+ options->compression = 1;
-+ if (options->allow_tcp_forwarding == -1)
-+ options->allow_tcp_forwarding = 1;
-+ if (options->gateway_ports == -1)
-+ options->gateway_ports = 0;
-+ if (options->max_startups == -1)
-+ options->max_startups = 10;
-+ if (options->max_startups_rate == -1)
-+ options->max_startups_rate = 100; /* 100% */
-+ if (options->max_startups_begin == -1)
-+ options->max_startups_begin = options->max_startups;
-+ if (options->verify_reverse_mapping == -1)
-+ options->verify_reverse_mapping = 0;
-+ if (options->client_alive_interval == -1)
-+ options->client_alive_interval = 0;
-+ if (options->client_alive_count_max == -1)
-+ options->client_alive_count_max = 3;
-+ if (options->authorized_keys_file2 == NULL) {
-+ /* authorized_keys_file2 falls back to authorized_keys_file */
-+ if (options->authorized_keys_file != NULL)
-+ options->authorized_keys_file2 = options->authorized_keys_file;
-+ else
-+ options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
-+ }
-+ if (options->authorized_keys_file == NULL)
-+ options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
-+
-+ /* Turn privilege separation on by default */
-+ if (use_privsep == -1)
-+ use_privsep = 1;
-+
-+#ifndef HAVE_MMAP
-+ if (use_privsep && options->compression == 1) {
-+ error("This platform does not support both privilege "
-+ "separation and compression");
-+ error("Compression disabled");
-+ options->compression = 0;
-+ }
-+#endif
-+
-+}
-+
-+/* Keyword tokens. */
-+typedef enum {
-+ sBadOption, /* == unknown option */
-+ /* Portable-specific options */
-+ sPAMAuthenticationViaKbdInt,
-+ /* Standard Options */
-+ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
-+ sPermitRootLogin, sLogFacility, sLogLevel,
-+ sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-+#if defined(KRB4) || defined(KRB5)
-+ sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-+#endif
-+#if defined(AFS) || defined(KRB5)
-+ sKerberosTgtPassing,
-+#endif
-+#ifdef AFS
-+ sAFSTokenPassing,
-+#endif
-+ sChallengeResponseAuthentication,
-+ sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
-+ sPrintMotd, sPrintLastLog, sIgnoreRhosts,
-+ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-+ sStrictModes, sEmptyPasswd, sKeepAlives,
-+ sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
-+ sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-+ sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
-+ sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
-+ sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
-+ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
-+ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-+ sUsePrivilegeSeparation,
-+ sDeprecated
-+} ServerOpCodes;
-+
-+/* Textual representation of the tokens. */
-+static struct {
-+ const char *name;
-+ ServerOpCodes opcode;
-+} keywords[] = {
-+ /* Portable-specific options */
-+ { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
-+ /* Standard Options */
-+ { "port", sPort },
-+ { "hostkey", sHostKeyFile },
-+ { "hostdsakey", sHostKeyFile }, /* alias */
-+ { "pidfile", sPidFile },
-+ { "serverkeybits", sServerKeyBits },
-+ { "logingracetime", sLoginGraceTime },
-+ { "keyregenerationinterval", sKeyRegenerationTime },
-+ { "permitrootlogin", sPermitRootLogin },
-+ { "syslogfacility", sLogFacility },
-+ { "loglevel", sLogLevel },
-+ { "rhostsauthentication", sRhostsAuthentication },
-+ { "rhostsrsaauthentication", sRhostsRSAAuthentication },
-+ { "hostbasedauthentication", sHostbasedAuthentication },
-+ { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
-+ { "rsaauthentication", sRSAAuthentication },
-+ { "pubkeyauthentication", sPubkeyAuthentication },
-+ { "dsaauthentication", sPubkeyAuthentication }, /* alias */
-+#if defined(KRB4) || defined(KRB5)
-+ { "kerberosauthentication", sKerberosAuthentication },
-+ { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
-+ { "kerberosticketcleanup", sKerberosTicketCleanup },
-+#endif
-+#if defined(AFS) || defined(KRB5)
-+ { "kerberostgtpassing", sKerberosTgtPassing },
-+#endif
-+#ifdef AFS
-+ { "afstokenpassing", sAFSTokenPassing },
-+#endif
-+ { "passwordauthentication", sPasswordAuthentication },
-+ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
-+ { "challengeresponseauthentication", sChallengeResponseAuthentication },
-+ { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
-+ { "checkmail", sDeprecated },
-+ { "listenaddress", sListenAddress },
-+ { "printmotd", sPrintMotd },
-+ { "printlastlog", sPrintLastLog },
-+ { "ignorerhosts", sIgnoreRhosts },
-+ { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
-+ { "x11forwarding", sX11Forwarding },
-+ { "x11displayoffset", sX11DisplayOffset },
-+ { "x11uselocalhost", sX11UseLocalhost },
-+ { "xauthlocation", sXAuthLocation },
-+ { "strictmodes", sStrictModes },
-+ { "permitemptypasswords", sEmptyPasswd },
-+ { "permituserenvironment", sPermitUserEnvironment },
-+ { "uselogin", sUseLogin },
-+ { "compression", sCompression },
-+ { "keepalive", sKeepAlives },
-+ { "allowtcpforwarding", sAllowTcpForwarding },
-+ { "allowusers", sAllowUsers },
-+ { "denyusers", sDenyUsers },
-+ { "allowgroups", sAllowGroups },
-+ { "denygroups", sDenyGroups },
-+ { "ciphers", sCiphers },
-+ { "macs", sMacs },
-+ { "protocol", sProtocol },
-+ { "gatewayports", sGatewayPorts },
-+ { "subsystem", sSubsystem },
-+ { "maxstartups", sMaxStartups },
-+ { "banner", sBanner },
-+ { "verifyreversemapping", sVerifyReverseMapping },
-+ { "reversemappingcheck", sVerifyReverseMapping },
-+ { "clientaliveinterval", sClientAliveInterval },
-+ { "clientalivecountmax", sClientAliveCountMax },
-+ { "authorizedkeysfile", sAuthorizedKeysFile },
-+ { "authorizedkeysfile2", sAuthorizedKeysFile2 },
-+ { "useprivilegeseparation", sUsePrivilegeSeparation},
-+ { NULL, sBadOption }
-+};
-+
-+/*
-+ * Returns the number of the token pointed to by cp or sBadOption.
-+ */
-+
-+static ServerOpCodes
-+parse_token(const char *cp, const char *filename,
-+ int linenum)
-+{
-+ u_int i;
-+
-+ for (i = 0; keywords[i].name; i++)
-+ if (strcasecmp(cp, keywords[i].name) == 0)
-+ return keywords[i].opcode;
-+
-+ error("%s: line %d: Bad configuration option: %s",
-+ filename, linenum, cp);
-+ return sBadOption;
-+}
-+
-+static void
-+add_listen_addr(ServerOptions *options, char *addr, u_short port)
-+{
-+ int i;
-+
-+ if (options->num_ports == 0)
-+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
-+ if (port == 0)
-+ for (i = 0; i < options->num_ports; i++)
-+ add_one_listen_addr(options, addr, options->ports[i]);
-+ else
-+ add_one_listen_addr(options, addr, port);
-+}
-+
-+static void
-+add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
-+{
-+ struct addrinfo hints, *ai, *aitop;
-+ char strport[NI_MAXSERV];
-+ int gaierr;
-+
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = IPv4or6;
-+ hints.ai_socktype = SOCK_STREAM;
-+ hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
-+ snprintf(strport, sizeof strport, "%u", port);
-+ if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
-+ fatal("bad addr or host: %s (%s)",
-+ addr ? addr : "<NULL>",
-+ gai_strerror(gaierr));
-+ for (ai = aitop; ai->ai_next; ai = ai->ai_next)
-+ ;
-+ ai->ai_next = options->listen_addrs;
-+ options->listen_addrs = aitop;
-+}
-+
-+int
-+process_server_config_line(ServerOptions *options, char *line,
-+ const char *filename, int linenum)
-+{
-+ char *cp, **charptr, *arg, *p;
-+ int *intptr, value, i, n;
-+ ServerOpCodes opcode;
-+
-+ cp = line;
-+ arg = strdelim(&cp);
-+ /* Ignore leading whitespace */
-+ if (*arg == '\0')
-+ arg = strdelim(&cp);
-+ if (!arg || !*arg || *arg == '#')
-+ return 0;
-+ intptr = NULL;
-+ charptr = NULL;
-+ opcode = parse_token(arg, filename, linenum);
-+ switch (opcode) {
-+ /* Portable-specific options */
-+ case sPAMAuthenticationViaKbdInt:
-+ intptr = &options->pam_authentication_via_kbd_int;
-+ goto parse_flag;
-+
-+ /* Standard Options */
-+ case sBadOption:
-+ return -1;
-+ case sPort:
-+ /* ignore ports from configfile if cmdline specifies ports */
-+ if (options->ports_from_cmdline)
-+ return 0;
-+ if (options->listen_addrs != NULL)
-+ fatal("%s line %d: ports must be specified before "
-+ "ListenAddress.", filename, linenum);
-+ if (options->num_ports >= MAX_PORTS)
-+ fatal("%s line %d: too many ports.",
-+ filename, linenum);
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: missing port number.",
-+ filename, linenum);
-+ options->ports[options->num_ports++] = a2port(arg);
-+ if (options->ports[options->num_ports-1] == 0)
-+ fatal("%s line %d: Badly formatted port number.",
-+ filename, linenum);
-+ break;
-+
-+ case sServerKeyBits:
-+ intptr = &options->server_key_bits;
-+parse_int:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: missing integer value.",
-+ filename, linenum);
-+ value = atoi(arg);
-+ if (*intptr == -1)
-+ *intptr = value;
-+ break;
-+
-+ case sLoginGraceTime:
-+ intptr = &options->login_grace_time;
-+parse_time:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: missing time value.",
-+ filename, linenum);
-+ if ((value = convtime(arg)) == -1)
-+ fatal("%s line %d: invalid time value.",
-+ filename, linenum);
-+ if (*intptr == -1)
-+ *intptr = value;
-+ break;
-+
-+ case sKeyRegenerationTime:
-+ intptr = &options->key_regeneration_time;
-+ goto parse_time;
-+
-+ case sListenAddress:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
-+ fatal("%s line %d: missing inet addr.",
-+ filename, linenum);
-+ if (*arg == '[') {
-+ if ((p = strchr(arg, ']')) == NULL)
-+ fatal("%s line %d: bad ipv6 inet addr usage.",
-+ filename, linenum);
-+ arg++;
-+ memmove(p, p+1, strlen(p+1)+1);
-+ } else if (((p = strchr(arg, ':')) == NULL) ||
-+ (strchr(p+1, ':') != NULL)) {
-+ add_listen_addr(options, arg, 0);
-+ break;
-+ }
-+ if (*p == ':') {
-+ u_short port;
-+
-+ p++;
-+ if (*p == '\0')
-+ fatal("%s line %d: bad inet addr:port usage.",
-+ filename, linenum);
-+ else {
-+ *(p-1) = '\0';
-+ if ((port = a2port(p)) == 0)
-+ fatal("%s line %d: bad port number.",
-+ filename, linenum);
-+ add_listen_addr(options, arg, port);
-+ }
-+ } else if (*p == '\0')
-+ add_listen_addr(options, arg, 0);
-+ else
-+ fatal("%s line %d: bad inet addr usage.",
-+ filename, linenum);
-+ break;
-+
-+ case sHostKeyFile:
-+ intptr = &options->num_host_key_files;
-+ if (*intptr >= MAX_HOSTKEYS)
-+ fatal("%s line %d: too many host keys specified (max %d).",
-+ filename, linenum, MAX_HOSTKEYS);
-+ charptr = &options->host_key_files[*intptr];
-+parse_filename:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: missing file name.",
-+ filename, linenum);
-+ if (*charptr == NULL) {
-+ *charptr = tilde_expand_filename(arg, getuid());
-+ /* increase optional counter */
-+ if (intptr != NULL)
-+ *intptr = *intptr + 1;
-+ }
-+ break;
-+
-+ case sPidFile:
-+ charptr = &options->pid_file;
-+ goto parse_filename;
-+
-+ case sPermitRootLogin:
-+ intptr = &options->permit_root_login;
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: missing yes/"
-+ "without-password/forced-commands-only/no "
-+ "argument.", filename, linenum);
-+ value = 0; /* silence compiler */
-+ if (strcmp(arg, "without-password") == 0)
-+ value = PERMIT_NO_PASSWD;
-+ else if (strcmp(arg, "forced-commands-only") == 0)
-+ value = PERMIT_FORCED_ONLY;
-+ else if (strcmp(arg, "yes") == 0)
-+ value = PERMIT_YES;
-+ else if (strcmp(arg, "no") == 0)
-+ value = PERMIT_NO;
-+ else
-+ fatal("%s line %d: Bad yes/"
-+ "without-password/forced-commands-only/no "
-+ "argument: %s", filename, linenum, arg);
-+ if (*intptr == -1)
-+ *intptr = value;
-+ break;
-+
-+ case sIgnoreRhosts:
-+ intptr = &options->ignore_rhosts;
-+parse_flag:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: missing yes/no argument.",
-+ filename, linenum);
-+ value = 0; /* silence compiler */
-+ if (strcmp(arg, "yes") == 0)
-+ value = 1;
-+ else if (strcmp(arg, "no") == 0)
-+ value = 0;
-+ else
-+ fatal("%s line %d: Bad yes/no argument: %s",
-+ filename, linenum, arg);
-+ if (*intptr == -1)
-+ *intptr = value;
-+ break;
-+
-+ case sIgnoreUserKnownHosts:
-+ intptr = &options->ignore_user_known_hosts;
-+ goto parse_flag;
-+
-+ case sRhostsAuthentication:
-+ intptr = &options->rhosts_authentication;
-+ goto parse_flag;
-+
-+ case sRhostsRSAAuthentication:
-+ intptr = &options->rhosts_rsa_authentication;
-+ goto parse_flag;
-+
-+ case sHostbasedAuthentication:
-+ intptr = &options->hostbased_authentication;
-+ goto parse_flag;
-+
-+ case sHostbasedUsesNameFromPacketOnly:
-+ intptr = &options->hostbased_uses_name_from_packet_only;
-+ goto parse_flag;
-+
-+ case sRSAAuthentication:
-+ intptr = &options->rsa_authentication;
-+ goto parse_flag;
-+
-+ case sPubkeyAuthentication:
-+ intptr = &options->pubkey_authentication;
-+ goto parse_flag;
-+#if defined(KRB4) || defined(KRB5)
-+ case sKerberosAuthentication:
-+ intptr = &options->kerberos_authentication;
-+ goto parse_flag;
-+
-+ case sKerberosOrLocalPasswd:
-+ intptr = &options->kerberos_or_local_passwd;
-+ goto parse_flag;
-+
-+ case sKerberosTicketCleanup:
-+ intptr = &options->kerberos_ticket_cleanup;
-+ goto parse_flag;
-+#endif
-+#if defined(AFS) || defined(KRB5)
-+ case sKerberosTgtPassing:
-+ intptr = &options->kerberos_tgt_passing;
-+ goto parse_flag;
-+#endif
-+#ifdef AFS
-+ case sAFSTokenPassing:
-+ intptr = &options->afs_token_passing;
-+ goto parse_flag;
-+#endif
-+
-+ case sPasswordAuthentication:
-+ intptr = &options->password_authentication;
-+ goto parse_flag;
-+
-+ case sKbdInteractiveAuthentication:
-+ intptr = &options->kbd_interactive_authentication;
-+ goto parse_flag;
-+
-+ case sChallengeResponseAuthentication:
-+ intptr = &options->challenge_response_authentication;
-+ goto parse_flag;
-+
-+ case sPrintMotd:
-+ intptr = &options->print_motd;
-+ goto parse_flag;
-+
-+ case sPrintLastLog:
-+ intptr = &options->print_lastlog;
-+ goto parse_flag;
-+
-+ case sX11Forwarding:
-+ intptr = &options->x11_forwarding;
-+ goto parse_flag;
-+
-+ case sX11DisplayOffset:
-+ intptr = &options->x11_display_offset;
-+ goto parse_int;
-+
-+ case sX11UseLocalhost:
-+ intptr = &options->x11_use_localhost;
-+ goto parse_flag;
-+
-+ case sXAuthLocation:
-+ charptr = &options->xauth_location;
-+ goto parse_filename;
-+
-+ case sStrictModes:
-+ intptr = &options->strict_modes;
-+ goto parse_flag;
-+
-+ case sKeepAlives:
-+ intptr = &options->keepalives;
-+ goto parse_flag;
-+
-+ case sEmptyPasswd:
-+ intptr = &options->permit_empty_passwd;
-+ goto parse_flag;
-+
-+ case sPermitUserEnvironment:
-+ intptr = &options->permit_user_env;
-+ goto parse_flag;
-+
-+ case sUseLogin:
-+ intptr = &options->use_login;
-+ goto parse_flag;
-+
-+ case sCompression:
-+ intptr = &options->compression;
-+ goto parse_flag;
-+
-+ case sGatewayPorts:
-+ intptr = &options->gateway_ports;
-+ goto parse_flag;
-+
-+ case sVerifyReverseMapping:
-+ intptr = &options->verify_reverse_mapping;
-+ goto parse_flag;
-+
-+ case sLogFacility:
-+ intptr = (int *) &options->log_facility;
-+ arg = strdelim(&cp);
-+ value = log_facility_number(arg);
-+ if (value == SYSLOG_FACILITY_NOT_SET)
-+ fatal("%.200s line %d: unsupported log facility '%s'",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == -1)
-+ *intptr = (SyslogFacility) value;
-+ break;
-+
-+ case sLogLevel:
-+ intptr = (int *) &options->log_level;
-+ arg = strdelim(&cp);
-+ value = log_level_number(arg);
-+ if (value == SYSLOG_LEVEL_NOT_SET)
-+ fatal("%.200s line %d: unsupported log level '%s'",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == -1)
-+ *intptr = (LogLevel) value;
-+ break;
-+
-+ case sAllowTcpForwarding:
-+ intptr = &options->allow_tcp_forwarding;
-+ goto parse_flag;
-+
-+ case sUsePrivilegeSeparation:
-+ intptr = &use_privsep;
-+ goto parse_flag;
-+
-+ case sAllowUsers:
-+ while ((arg = strdelim(&cp)) && *arg != '\0') {
-+ if (options->num_allow_users >= MAX_ALLOW_USERS)
-+ fatal("%s line %d: too many allow users.",
-+ filename, linenum);
-+ options->allow_users[options->num_allow_users++] =
-+ xstrdup(arg);
-+ }
-+ break;
-+
-+ case sDenyUsers:
-+ while ((arg = strdelim(&cp)) && *arg != '\0') {
-+ if (options->num_deny_users >= MAX_DENY_USERS)
-+ fatal( "%s line %d: too many deny users.",
-+ filename, linenum);
-+ options->deny_users[options->num_deny_users++] =
-+ xstrdup(arg);
-+ }
-+ break;
-+
-+ case sAllowGroups:
-+ while ((arg = strdelim(&cp)) && *arg != '\0') {
-+ if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
-+ fatal("%s line %d: too many allow groups.",
-+ filename, linenum);
-+ options->allow_groups[options->num_allow_groups++] =
-+ xstrdup(arg);
-+ }
-+ break;
-+
-+ case sDenyGroups:
-+ while ((arg = strdelim(&cp)) && *arg != '\0') {
-+ if (options->num_deny_groups >= MAX_DENY_GROUPS)
-+ fatal("%s line %d: too many deny groups.",
-+ filename, linenum);
-+ options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
-+ }
-+ break;
-+
-+ case sCiphers:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: Missing argument.", filename, linenum);
-+ if (!ciphers_valid(arg))
-+ fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (options->ciphers == NULL)
-+ options->ciphers = xstrdup(arg);
-+ break;
-+
-+ case sMacs:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: Missing argument.", filename, linenum);
-+ if (!mac_valid(arg))
-+ fatal("%s line %d: Bad SSH2 mac spec '%s'.",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (options->macs == NULL)
-+ options->macs = xstrdup(arg);
-+ break;
-+
-+ case sProtocol:
-+ intptr = &options->protocol;
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: Missing argument.", filename, linenum);
-+ value = proto_spec(arg);
-+ if (value == SSH_PROTO_UNKNOWN)
-+ fatal("%s line %d: Bad protocol spec '%s'.",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == SSH_PROTO_UNKNOWN)
-+ *intptr = value;
-+ break;
-+
-+ case sSubsystem:
-+ if (options->num_subsystems >= MAX_SUBSYSTEMS) {
-+ fatal("%s line %d: too many subsystems defined.",
-+ filename, linenum);
-+ }
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: Missing subsystem name.",
-+ filename, linenum);
-+ for (i = 0; i < options->num_subsystems; i++)
-+ if (strcmp(arg, options->subsystem_name[i]) == 0)
-+ fatal("%s line %d: Subsystem '%s' already defined.",
-+ filename, linenum, arg);
-+ options->subsystem_name[options->num_subsystems] = xstrdup(arg);
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: Missing subsystem command.",
-+ filename, linenum);
-+ options->subsystem_command[options->num_subsystems] = xstrdup(arg);
-+ options->num_subsystems++;
-+ break;
-+
-+ case sMaxStartups:
-+ arg = strdelim(&cp);
-+ if (!arg || *arg == '\0')
-+ fatal("%s line %d: Missing MaxStartups spec.",
-+ filename, linenum);
-+ if ((n = sscanf(arg, "%d:%d:%d",
-+ &options->max_startups_begin,
-+ &options->max_startups_rate,
-+ &options->max_startups)) == 3) {
-+ if (options->max_startups_begin >
-+ options->max_startups ||
-+ options->max_startups_rate > 100 ||
-+ options->max_startups_rate < 1)
-+ fatal("%s line %d: Illegal MaxStartups spec.",
-+ filename, linenum);
-+ } else if (n != 1)
-+ fatal("%s line %d: Illegal MaxStartups spec.",
-+ filename, linenum);
-+ else
-+ options->max_startups = options->max_startups_begin;
-+ break;
-+
-+ case sBanner:
-+ charptr = &options->banner;
-+ goto parse_filename;
-+ /*
-+ * These options can contain %X options expanded at
-+ * connect time, so that you can specify paths like:
-+ *
-+ * AuthorizedKeysFile /etc/ssh_keys/%u
-+ */
-+ case sAuthorizedKeysFile:
-+ case sAuthorizedKeysFile2:
-+ charptr = (opcode == sAuthorizedKeysFile ) ?
-+ &options->authorized_keys_file :
-+ &options->authorized_keys_file2;
-+ goto parse_filename;
-+
-+ case sClientAliveInterval:
-+ intptr = &options->client_alive_interval;
-+ goto parse_time;
-+
-+ case sClientAliveCountMax:
-+ intptr = &options->client_alive_count_max;
-+ goto parse_int;
-+
-+ case sDeprecated:
-+ log("%s line %d: Deprecated option %s",
-+ filename, linenum, arg);
-+ while (arg)
-+ arg = strdelim(&cp);
-+ break;
-+
-+ default:
-+ fatal("%s line %d: Missing handler for opcode %s (%d)",
-+ filename, linenum, arg, opcode);
-+ }
-+ if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
-+ fatal("%s line %d: garbage at end of line; \"%.200s\".",
-+ filename, linenum, arg);
-+ return 0;
-+}
-+
-+/* Reads the server configuration file. */
-+
-+void
-+read_server_config(ServerOptions *options, const char *filename)
-+{
-+ int linenum, bad_options = 0;
-+ char line[1024];
-+ FILE *f;
-+
-+ debug2("read_server_config: filename %s", filename);
-+ f = fopen(filename, "r");
-+ if (!f) {
-+ perror(filename);
-+ exit(1);
-+ }
-+ linenum = 0;
-+ while (fgets(line, sizeof(line), f)) {
-+ /* Update line number counter. */
-+ linenum++;
-+ if (process_server_config_line(options, line, filename, linenum) != 0)
-+ bad_options++;
-+ }
-+ fclose(f);
-+ if (bad_options > 0)
-+ fatal("%s: terminating, %d bad configuration options",
-+ filename, bad_options);
-+}