--- /dev/null
+diff -urN openssh-3.6.1p2-orig/configure.ac openssh-3.6.1p2/configure.ac
+--- openssh-3.6.1p2-orig/configure.ac 2003-07-26 16:45:10.000000000 -0600
++++ openssh-3.6.1p2/configure.ac 2003-07-26 16:57:32.000000000 -0600
+@@ -1822,7 +1822,7 @@
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL)
+- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
++ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken"
+ ],
+ [ AC_MSG_RESULT(no)
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+diff -urN openssh-3.6.1p2-orig/configure.ac~ openssh-3.6.1p2/configure.ac~
+--- openssh-3.6.1p2-orig/configure.ac~ 1969-12-31 17:00:00.000000000 -0700
++++ openssh-3.6.1p2/configure.ac~ 2003-07-26 16:57:32.000000000 -0600
+@@ -0,0 +1,2572 @@
++# $Id$
++
++AC_INIT
++AC_CONFIG_SRCDIR([ssh.c])
++
++AC_CONFIG_HEADER(config.h)
++AC_PROG_CC
++AC_CANONICAL_HOST
++AC_C_BIGENDIAN
++
++# Checks for programs.
++AC_PROG_CPP
++AC_PROG_RANLIB
++AC_PROG_INSTALL
++AC_PATH_PROG(AR, ar)
++AC_PATH_PROGS(PERL, perl5 perl)
++AC_PATH_PROG(SED, sed)
++AC_SUBST(PERL)
++AC_PATH_PROG(ENT, ent)
++AC_SUBST(ENT)
++AC_PATH_PROG(TEST_MINUS_S_SH, bash)
++AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
++AC_PATH_PROG(TEST_MINUS_S_SH, sh)
++AC_PATH_PROG(SH, sh)
++
++# System features
++AC_SYS_LARGEFILE
++
++if test -z "$AR" ; then
++ AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
++fi
++
++# Use LOGIN_PROGRAM from environment if possible
++if test ! -z "$LOGIN_PROGRAM" ; then
++ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
++else
++ # Search for login
++ AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
++ if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
++ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
++ fi
++fi
++
++if test -z "$LD" ; then
++ LD=$CC
++fi
++AC_SUBST(LD)
++
++AC_C_INLINE
++if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
++ CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
++fi
++
++# Check for some target-specific stuff
++case "$host" in
++*-*-aix*)
++ AFS_LIBS="-lld"
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
++ if (test -z "$blibpath"); then
++ blibpath="/usr/lib:/lib:/usr/local/lib"
++ fi
++ saved_LDFLAGS="$LDFLAGS"
++ for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
++ if (test -z "$blibflags"); then
++ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
++ AC_TRY_LINK([], [], [blibflags=$tryflags])
++ fi
++ done
++ if (test -z "$blibflags"); then
++ AC_MSG_RESULT(not found)
++ AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
++ else
++ AC_MSG_RESULT($blibflags)
++ fi
++ LDFLAGS="$saved_LDFLAGS"
++ AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
++ [AC_CHECK_LIB(s,authenticate,
++ [ AC_DEFINE(WITH_AIXAUTHENTICATE)
++ LIBS="$LIBS -ls"
++ ])
++ ])
++ AC_DEFINE(BROKEN_GETADDRINFO)
++ AC_DEFINE(BROKEN_REALPATH)
++ dnl AIX handles lastlog as part of its login message
++ AC_DEFINE(DISABLE_LASTLOG)
++ AC_DEFINE(LOGIN_NEEDS_UTMPX)
++ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
++ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
++ ;;
++*-*-cygwin*)
++ check_for_libcrypt_later=1
++ LIBS="$LIBS /usr/lib/textmode.o"
++ AC_DEFINE(HAVE_CYGWIN)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(DISABLE_SHADOW)
++ AC_DEFINE(IPV4_DEFAULT)
++ AC_DEFINE(IP_TOS_IS_BROKEN)
++ AC_DEFINE(NO_X11_UNIX_SOCKETS)
++ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
++ AC_DEFINE(DISABLE_FD_PASSING)
++ AC_DEFINE(SETGROUPS_NOOP)
++ ;;
++*-*-dgux*)
++ AC_DEFINE(IP_TOS_IS_BROKEN)
++ ;;
++*-*-darwin*)
++ AC_MSG_CHECKING(if we have working getaddrinfo)
++ AC_TRY_RUN([#include <mach-o/dyld.h>
++main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
++ exit(0);
++ else
++ exit(1);
++}], [AC_MSG_RESULT(working)],
++ [AC_MSG_RESULT(buggy)
++ AC_DEFINE(BROKEN_GETADDRINFO)],
++ [AC_MSG_RESULT(assume it is working)])
++ ;;
++*-*-hpux10.26)
++ if test -z "$GCC"; then
++ CFLAGS="$CFLAGS -Ae"
++ fi
++ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
++ IPADDR_IN_DISPLAY=yes
++ AC_DEFINE(HAVE_SECUREWARE)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(LOGIN_NO_ENDOPT)
++ AC_DEFINE(LOGIN_NEEDS_UTMPX)
++ AC_DEFINE(DISABLE_SHADOW)
++ AC_DEFINE(DISABLE_UTMP)
++ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
++ LIBS="$LIBS -lsec -lsecpw"
++ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
++ disable_ptmx_check=yes
++ ;;
++*-*-hpux10*)
++ if test -z "$GCC"; then
++ CFLAGS="$CFLAGS -Ae"
++ fi
++ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
++ IPADDR_IN_DISPLAY=yes
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(LOGIN_NO_ENDOPT)
++ AC_DEFINE(LOGIN_NEEDS_UTMPX)
++ AC_DEFINE(DISABLE_SHADOW)
++ AC_DEFINE(DISABLE_UTMP)
++ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
++ LIBS="$LIBS -lsec"
++ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
++ ;;
++*-*-hpux11*)
++ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
++ IPADDR_IN_DISPLAY=yes
++ AC_DEFINE(PAM_SUN_CODEBASE)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(LOGIN_NO_ENDOPT)
++ AC_DEFINE(LOGIN_NEEDS_UTMPX)
++ AC_DEFINE(DISABLE_SHADOW)
++ AC_DEFINE(DISABLE_UTMP)
++ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
++ LIBS="$LIBS -lsec"
++ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
++ ;;
++*-*-irix5*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS"
++ PATH="$PATH:/usr/etc"
++ AC_DEFINE(BROKEN_INET_NTOA)
++ AC_DEFINE(WITH_ABBREV_NO_TTY)
++ ;;
++*-*-irix6*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS"
++ PATH="$PATH:/usr/etc"
++ AC_DEFINE(WITH_IRIX_ARRAY)
++ AC_DEFINE(WITH_IRIX_PROJECT)
++ AC_DEFINE(WITH_IRIX_AUDIT)
++ AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
++ AC_DEFINE(BROKEN_INET_NTOA)
++ AC_DEFINE(WITH_ABBREV_NO_TTY)
++ ;;
++*-*-linux*)
++ no_dev_ptmx=1
++ check_for_libcrypt_later=1
++ AC_DEFINE(PAM_TTY_KLUDGE)
++ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
++ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
++ inet6_default_4in6=yes
++ no_libnsl=1
++ no_libsocket=1
++ ;;
++mips-sony-bsd|mips-sony-newsos4)
++ AC_DEFINE(HAVE_NEWS4)
++ SONY=1
++ ;;
++*-*-netbsd*)
++ check_for_libcrypt_before=1
++ need_dash_r=1
++ ;;
++*-*-freebsd*)
++ check_for_libcrypt_later=1
++ ;;
++*-next-*)
++ conf_lastlog_location="/usr/adm/lastlog"
++ conf_utmp_location=/etc/utmp
++ conf_wtmp_location=/usr/adm/wtmp
++ MAIL=/usr/spool/mail
++ AC_DEFINE(HAVE_NEXT)
++ AC_DEFINE(BROKEN_REALPATH)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(BROKEN_SAVED_UIDS)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ CFLAGS="$CFLAGS"
++ ;;
++*-*-solaris*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
++ need_dash_r=1
++ AC_DEFINE(PAM_SUN_CODEBASE)
++ AC_DEFINE(LOGIN_NEEDS_UTMPX)
++ AC_DEFINE(LOGIN_NEEDS_TERM)
++ AC_DEFINE(PAM_TTY_KLUDGE)
++ AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
++ # hardwire lastlog location (can't detect it on some versions)
++ conf_lastlog_location="/var/adm/lastlog"
++ AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
++ sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
++ if test "$sol2ver" -ge 8; then
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(DISABLE_UTMP)
++ AC_DEFINE(DISABLE_WTMP)
++ else
++ AC_MSG_RESULT(no)
++ fi
++ ;;
++*-*-sunos4*)
++ CPPFLAGS="$CPPFLAGS -DSUNOS4"
++ AC_CHECK_FUNCS(getpwanam)
++ AC_DEFINE(PAM_SUN_CODEBASE)
++ conf_utmp_location=/etc/utmp
++ conf_wtmp_location=/var/adm/wtmp
++ conf_lastlog_location=/var/adm/lastlog
++ AC_DEFINE(USE_PIPES)
++ ;;
++*-ncr-sysv*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ LIBS="$LIBS -lc89"
++ AC_DEFINE(USE_PIPES)
++ ;;
++*-sni-sysv*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ # /usr/ucblib MUST NOT be searched on ReliantUNIX
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ IPADDR_IN_DISPLAY=yes
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(IP_TOS_IS_BROKEN)
++ # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
++ # Attention: always take care to bind libsocket and libnsl before libc,
++ # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
++ ;;
++*-*-sysv4.2*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ AC_DEFINE(USE_PIPES)
++ ;;
++*-*-sysv5*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ AC_DEFINE(USE_PIPES)
++ ;;
++*-*-sysv*)
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ ;;
++*-*-sco3.2v4*)
++ CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
++ RANLIB=true
++ no_dev_ptmx=1
++ AC_DEFINE(BROKEN_SYS_TERMIO_H)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(HAVE_SECUREWARE)
++ AC_DEFINE(DISABLE_SHADOW)
++ AC_DEFINE(BROKEN_SAVED_UIDS)
++ AC_CHECK_FUNCS(getluid setluid)
++ MANTYPE=man
++ do_sco3_extra_lib_check=yes
++ ;;
++*-*-sco3.2v5*)
++ if test -z "$GCC"; then
++ CFLAGS="$CFLAGS -belf"
++ fi
++ CPPFLAGS="$CPPFLAGS -I/usr/local/include"
++ LDFLAGS="$LDFLAGS -L/usr/local/lib"
++ LIBS="$LIBS -lprot -lx -ltinfo -lm"
++ no_dev_ptmx=1
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(HAVE_SECUREWARE)
++ AC_DEFINE(DISABLE_SHADOW)
++ AC_DEFINE(DISABLE_FD_PASSING)
++ AC_CHECK_FUNCS(getluid setluid)
++ MANTYPE=man
++ ;;
++*-*-unicosmk*)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(DISABLE_FD_PASSING)
++ LDFLAGS="$LDFLAGS"
++ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
++ MANTYPE=cat
++ ;;
++*-*-unicos*)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(DISABLE_FD_PASSING)
++ AC_DEFINE(NO_SSH_LASTLOG)
++ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
++ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
++ MANTYPE=cat
++ ;;
++*-dec-osf*)
++ AC_MSG_CHECKING(for Digital Unix SIA)
++ no_osfsia=""
++ AC_ARG_WITH(osfsia,
++ [ --with-osfsia Enable Digital Unix SIA],
++ [
++ if test "x$withval" = "xno" ; then
++ AC_MSG_RESULT(disabled)
++ no_osfsia=1
++ fi
++ ],
++ )
++ if test -z "$no_osfsia" ; then
++ if test -f /etc/sia/matrix.conf; then
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_OSF_SIA)
++ AC_DEFINE(DISABLE_LOGIN)
++ AC_DEFINE(DISABLE_FD_PASSING)
++ LIBS="$LIBS -lsecurity -ldb -lm -laud"
++ else
++ AC_MSG_RESULT(no)
++ fi
++ fi
++ AC_DEFINE(DISABLE_FD_PASSING)
++ ;;
++
++*-*-nto-qnx)
++ AC_DEFINE(USE_PIPES)
++ AC_DEFINE(NO_X11_UNIX_SOCKETS)
++ AC_DEFINE(MISSING_NFDBITS)
++ AC_DEFINE(MISSING_HOWMANY)
++ AC_DEFINE(MISSING_FD_MASK)
++ ;;
++esac
++
++# Allow user to specify flags
++AC_ARG_WITH(cflags,
++ [ --with-cflags Specify additional flags to pass to compiler],
++ [
++ if test "x$withval" != "xno" ; then
++ CFLAGS="$CFLAGS $withval"
++ fi
++ ]
++)
++AC_ARG_WITH(cppflags,
++ [ --with-cppflags Specify additional flags to pass to preprocessor] ,
++ [
++ if test "x$withval" != "xno"; then
++ CPPFLAGS="$CPPFLAGS $withval"
++ fi
++ ]
++)
++AC_ARG_WITH(ldflags,
++ [ --with-ldflags Specify additional flags to pass to linker],
++ [
++ if test "x$withval" != "xno" ; then
++ LDFLAGS="$LDFLAGS $withval"
++ fi
++ ]
++)
++AC_ARG_WITH(libs,
++ [ --with-libs Specify additional libraries to link with],
++ [
++ if test "x$withval" != "xno" ; then
++ LIBS="$LIBS $withval"
++ fi
++ ]
++)
++
++# Checks for header files.
++AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
++ getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
++ login_cap.h maillock.h netdb.h netgroup.h \
++ netinet/in_systm.h paths.h pty.h readpassphrase.h \
++ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
++ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
++ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
++ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
++ sys/un.h time.h tmpdir.h ttyent.h usersec.h \
++ util.h utime.h utmp.h utmpx.h)
++
++# Checks for libraries.
++AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
++
++dnl SCO OS3 needs this for libwrap
++if test "x$with_tcp_wrappers" != "xno" ; then
++ if test "x$do_sco3_extra_lib_check" = "xyes" ; then
++ AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
++ fi
++fi
++
++AC_CHECK_FUNC(getspnam, ,
++ AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
++
++AC_ARG_WITH(rpath,
++ [ --without-rpath Disable auto-added -R linker paths],
++ [
++ if test "x$withval" = "xno" ; then
++ need_dash_r=""
++ fi
++ if test "x$withval" = "xyes" ; then
++ need_dash_r=1
++ fi
++ ]
++)
++
++dnl zlib is required
++AC_ARG_WITH(zlib,
++ [ --with-zlib=PATH Use zlib in PATH],
++ [
++ if test "x$withval" = "xno" ; then
++ AC_MSG_ERROR([*** zlib is required ***])
++ fi
++ if test -d "$withval/lib"; then
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++ fi
++ else
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval} ${LDFLAGS}"
++ fi
++ fi
++ if test -d "$withval/include"; then
++ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
++ else
++ CPPFLAGS="-I${withval} ${CPPFLAGS}"
++ fi
++ ]
++)
++
++AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
++
++dnl UnixWare 2.x
++AC_CHECK_FUNC(strcasecmp,
++ [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
++)
++AC_CHECK_FUNC(utimes,
++ [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
++ LIBS="$LIBS -lc89"]) ]
++)
++
++dnl Checks for libutil functions
++AC_CHECK_HEADERS(libutil.h)
++AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
++AC_CHECK_FUNCS(logout updwtmp logwtmp)
++
++AC_FUNC_STRFTIME
++
++# Check for ALTDIRFUNC glob() extension
++AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
++AC_EGREP_CPP(FOUNDIT,
++ [
++ #include <glob.h>
++ #ifdef GLOB_ALTDIRFUNC
++ FOUNDIT
++ #endif
++ ],
++ [
++ AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
++ AC_MSG_RESULT(yes)
++ ],
++ [
++ AC_MSG_RESULT(no)
++ ]
++)
++
++# Check for g.gl_matchc glob() extension
++AC_MSG_CHECKING(for gl_matchc field in glob_t)
++AC_EGREP_CPP(FOUNDIT,
++ [
++ #include <glob.h>
++ int main(void){glob_t g; g.gl_matchc = 1;}
++ ],
++ [
++ AC_DEFINE(GLOB_HAS_GL_MATCHC)
++ AC_MSG_RESULT(yes)
++ ],
++ [
++ AC_MSG_RESULT(no)
++ ]
++)
++
++AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
++AC_TRY_RUN(
++ [
++#include <sys/types.h>
++#include <dirent.h>
++int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
++ ],
++ [AC_MSG_RESULT(yes)],
++ [
++ AC_MSG_RESULT(no)
++ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
++ ]
++)
++
++# Check whether user wants S/Key support
++SKEY_MSG="no"
++AC_ARG_WITH(skey,
++ [ --with-skey[[=PATH]] Enable S/Key support
++ (optionally in PATH)],
++ [
++ if test "x$withval" != "xno" ; then
++
++ if test "x$withval" != "xyes" ; then
++ CPPFLAGS="$CPPFLAGS -I${withval}/include"
++ LDFLAGS="$LDFLAGS -L${withval}/lib"
++ fi
++
++ AC_DEFINE(SKEY)
++ LIBS="-lskey $LIBS"
++ SKEY_MSG="yes"
++
++ AC_MSG_CHECKING([for s/key support])
++ AC_TRY_RUN(
++ [
++#include <stdio.h>
++#include <skey.h>
++int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
++ ],
++ [AC_MSG_RESULT(yes)],
++ [
++ AC_MSG_RESULT(no)
++ AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
++ ])
++ fi
++ ]
++)
++
++# Check whether user wants TCP wrappers support
++TCPW_MSG="no"
++AC_ARG_WITH(tcp-wrappers,
++ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
++ (optionally in PATH)],
++ [
++ if test "x$withval" != "xno" ; then
++ saved_LIBS="$LIBS"
++ saved_LDFLAGS="$LDFLAGS"
++ saved_CPPFLAGS="$CPPFLAGS"
++ if test -n "${withval}" -a "${withval}" != "yes"; then
++ if test -d "${withval}/lib"; then
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++ fi
++ else
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval} ${LDFLAGS}"
++ fi
++ fi
++ if test -d "${withval}/include"; then
++ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
++ else
++ CPPFLAGS="-I${withval} ${CPPFLAGS}"
++ fi
++ fi
++ LIBWRAP="-lwrap"
++ LIBS="$LIBWRAP $LIBS"
++ AC_MSG_CHECKING(for libwrap)
++ AC_TRY_LINK(
++ [
++#include <tcpd.h>
++ int deny_severity = 0, allow_severity = 0;
++ ],
++ [hosts_access(0);],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(LIBWRAP)
++ AC_SUBST(LIBWRAP)
++ TCPW_MSG="yes"
++ ],
++ [
++ AC_MSG_ERROR([*** libwrap missing])
++ ]
++ )
++ LIBS="$saved_LIBS"
++ fi
++ ]
++)
++
++dnl Checks for library functions. Please keep in alphabetical order
++AC_CHECK_FUNCS(\
++ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
++ bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
++ gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
++ getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
++ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
++ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
++ readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
++ setegid setenv seteuid setgroups setlogin setpcred setproctitle \
++ setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
++ snprintf socketpair strerror strlcat strlcpy strmode strnvis \
++ sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
++)
++
++AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
++AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
++
++dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
++AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
++
++dnl IRIX and Solaris 2.5.1 have dirname() in libgen
++AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
++ AC_CHECK_LIB(gen, dirname,[
++ AC_CACHE_CHECK([for broken dirname],
++ ac_cv_have_broken_dirname, [
++ save_LIBS="$LIBS"
++ LIBS="$LIBS -lgen"
++ AC_TRY_RUN(
++ [
++#include <libgen.h>
++#include <string.h>
++
++int main(int argc, char **argv) {
++ char *s, buf[32];
++
++ strncpy(buf,"/etc", 32);
++ s = dirname(buf);
++ if (!s || strncmp(s, "/", 32) != 0) {
++ exit(1);
++ } else {
++ exit(0);
++ }
++}
++ ],
++ [ ac_cv_have_broken_dirname="no" ],
++ [ ac_cv_have_broken_dirname="yes" ]
++ )
++ LIBS="$save_LIBS"
++ ])
++ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
++ LIBS="$LIBS -lgen"
++ AC_DEFINE(HAVE_DIRNAME)
++ AC_CHECK_HEADERS(libgen.h)
++ fi
++ ])
++])
++
++dnl Checks for time functions
++AC_CHECK_FUNCS(gettimeofday time)
++dnl Checks for utmp functions
++AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
++AC_CHECK_FUNCS(utmpname)
++dnl Checks for utmpx functions
++AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
++AC_CHECK_FUNCS(setutxent utmpxname)
++
++AC_CHECK_FUNC(daemon,
++ [AC_DEFINE(HAVE_DAEMON)],
++ [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
++)
++
++AC_CHECK_FUNC(getpagesize,
++ [AC_DEFINE(HAVE_GETPAGESIZE)],
++ [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
++)
++
++# Check for broken snprintf
++if test "x$ac_cv_func_snprintf" = "xyes" ; then
++ AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
++ AC_TRY_RUN(
++ [
++#include <stdio.h>
++int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
++ ],
++ [AC_MSG_RESULT(yes)],
++ [
++ AC_MSG_RESULT(no)
++ AC_DEFINE(BROKEN_SNPRINTF)
++ AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
++ ]
++ )
++fi
++
++dnl see whether mkstemp() requires XXXXXX
++if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
++AC_MSG_CHECKING([for (overly) strict mkstemp])
++AC_TRY_RUN(
++ [
++#include <stdlib.h>
++main() { char template[]="conftest.mkstemp-test";
++if (mkstemp(template) == -1)
++ exit(1);
++unlink(template); exit(0);
++}
++ ],
++ [
++ AC_MSG_RESULT(no)
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_STRICT_MKSTEMP)
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_STRICT_MKSTEMP)
++ ]
++)
++fi
++
++AC_FUNC_GETPGRP
++
++# Check for PAM libs
++PAM_MSG="no"
++AC_ARG_WITH(pam,
++ [ --with-pam Enable PAM support ],
++ [
++ if test "x$withval" != "xno" ; then
++ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
++ AC_MSG_ERROR([PAM headers not found])
++ fi
++
++ AC_CHECK_LIB(dl, dlopen, , )
++ AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
++ AC_CHECK_FUNCS(pam_getenvlist)
++
++ disable_shadow=yes
++ PAM_MSG="yes"
++
++ AC_DEFINE(USE_PAM)
++ if test $ac_cv_lib_dl_dlopen = yes; then
++ LIBPAM="-lpam -lpam_misc -ldl"
++ else
++ LIBPAM="-lpam -lpam_misc"
++ fi
++ AC_SUBST(LIBPAM)
++ fi
++ ]
++)
++
++# Check for older PAM
++if test "x$PAM_MSG" = "xyes" ; then
++ # Check PAM strerror arguments (old PAM)
++ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
++ AC_TRY_COMPILE(
++ [
++#include <stdlib.h>
++#include <security/pam_appl.h>
++ ],
++ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
++ [AC_MSG_RESULT(no)],
++ [
++ AC_DEFINE(HAVE_OLD_PAM)
++ AC_MSG_RESULT(yes)
++ PAM_MSG="yes (old library)"
++ ]
++ )
++fi
++
++# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
++# because the system crypt() is more featureful.
++if test "x$check_for_libcrypt_before" = "x1"; then
++ AC_CHECK_LIB(crypt, crypt)
++fi
++
++# Search for OpenSSL
++saved_CPPFLAGS="$CPPFLAGS"
++saved_LDFLAGS="$LDFLAGS"
++AC_ARG_WITH(ssl-dir,
++ [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
++ [
++ if test "x$withval" != "xno" ; then
++ if test -d "$withval/lib"; then
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++ fi
++ else
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval} ${LDFLAGS}"
++ fi
++ fi
++ if test -d "$withval/include"; then
++ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
++ else
++ CPPFLAGS="-I${withval} ${CPPFLAGS}"
++ fi
++ fi
++ ]
++)
++LIBS="$LIBS -lcrypto"
++AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
++ [
++ dnl Check default openssl install dir
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
++ else
++ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
++ fi
++ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
++ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
++ [
++ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
++ ]
++ )
++ ]
++)
++
++# Determine OpenSSL header version
++AC_MSG_CHECKING([OpenSSL header version])
++AC_TRY_RUN(
++ [
++#include <stdio.h>
++#include <string.h>
++#include <openssl/opensslv.h>
++#define DATA "conftest.sslincver"
++int main(void) {
++ FILE *fd;
++ int rc;
++
++ fd = fopen(DATA,"w");
++ if(fd == NULL)
++ exit(1);
++
++ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
++ exit(1);
++
++ exit(0);
++}
++ ],
++ [
++ ssl_header_ver=`cat conftest.sslincver`
++ AC_MSG_RESULT($ssl_header_ver)
++ ],
++ [
++ AC_MSG_RESULT(not found)
++ AC_MSG_ERROR(OpenSSL version header not found.)
++ ]
++)
++
++# Determine OpenSSL library version
++AC_MSG_CHECKING([OpenSSL library version])
++AC_TRY_RUN(
++ [
++#include <stdio.h>
++#include <string.h>
++#include <openssl/opensslv.h>
++#include <openssl/crypto.h>
++#define DATA "conftest.ssllibver"
++int main(void) {
++ FILE *fd;
++ int rc;
++
++ fd = fopen(DATA,"w");
++ if(fd == NULL)
++ exit(1);
++
++ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
++ exit(1);
++
++ exit(0);
++}
++ ],
++ [
++ ssl_library_ver=`cat conftest.ssllibver`
++ AC_MSG_RESULT($ssl_library_ver)
++ ],
++ [
++ AC_MSG_RESULT(not found)
++ AC_MSG_ERROR(OpenSSL library not found.)
++ ]
++)
++
++# Sanity check OpenSSL headers
++AC_MSG_CHECKING([whether OpenSSL's headers match the library])
++AC_TRY_RUN(
++ [
++#include <string.h>
++#include <openssl/opensslv.h>
++int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ ],
++ [
++ AC_MSG_RESULT(no)
++ AC_MSG_ERROR(Your OpenSSL headers do not match your library)
++ ]
++)
++
++# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
++# version in OpenSSL. Skip this for PAM
++if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
++ AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
++fi
++
++
++### Configure cryptographic random number support
++
++# Check wheter OpenSSL seeds itself
++AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
++AC_TRY_RUN(
++ [
++#include <string.h>
++#include <openssl/rand.h>
++int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
++ ],
++ [
++ OPENSSL_SEEDS_ITSELF=yes
++ AC_MSG_RESULT(yes)
++ ],
++ [
++ AC_MSG_RESULT(no)
++ # Default to use of the rand helper if OpenSSL doesn't
++ # seed itself
++ USE_RAND_HELPER=yes
++ ]
++)
++
++
++# Do we want to force the use of the rand helper?
++AC_ARG_WITH(rand-helper,
++ [ --with-rand-helper Use subprocess to gather strong randomness ],
++ [
++ if test "x$withval" = "xno" ; then
++ # Force use of OpenSSL's internal RNG, even if
++ # the previous test showed it to be unseeded.
++ if test -z "$OPENSSL_SEEDS_ITSELF" ; then
++ AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
++ OPENSSL_SEEDS_ITSELF=yes
++ USE_RAND_HELPER=""
++ fi
++ else
++ USE_RAND_HELPER=yes
++ fi
++ ],
++)
++
++# Which randomness source do we use?
++if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
++ # OpenSSL only
++ AC_DEFINE(OPENSSL_PRNG_ONLY)
++ RAND_MSG="OpenSSL internal ONLY"
++ INSTALL_SSH_RAND_HELPER=""
++elif test ! -z "$USE_RAND_HELPER" ; then
++ # install rand helper
++ RAND_MSG="ssh-rand-helper"
++ INSTALL_SSH_RAND_HELPER="yes"
++fi
++AC_SUBST(INSTALL_SSH_RAND_HELPER)
++
++### Configuration of ssh-rand-helper
++
++# PRNGD TCP socket
++AC_ARG_WITH(prngd-port,
++ [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
++ [
++ case "$withval" in
++ no)
++ withval=""
++ ;;
++ [[0-9]]*)
++ ;;
++ *)
++ AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
++ ;;
++ esac
++ if test ! -z "$withval" ; then
++ PRNGD_PORT="$withval"
++ AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
++ fi
++ ]
++)
++
++# PRNGD Unix domain socket
++AC_ARG_WITH(prngd-socket,
++ [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
++ [
++ case "$withval" in
++ yes)
++ withval="/var/run/egd-pool"
++ ;;
++ no)
++ withval=""
++ ;;
++ /*)
++ ;;
++ *)
++ AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
++ ;;
++ esac
++
++ if test ! -z "$withval" ; then
++ if test ! -z "$PRNGD_PORT" ; then
++ AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
++ fi
++ if test ! -r "$withval" ; then
++ AC_MSG_WARN(Entropy socket is not readable)
++ fi
++ PRNGD_SOCKET="$withval"
++ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
++ fi
++ ],
++ [
++ # Check for existing socket only if we don't have a random device already
++ if test "$USE_RAND_HELPER" = yes ; then
++ AC_MSG_CHECKING(for PRNGD/EGD socket)
++ # Insert other locations here
++ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
++ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
++ PRNGD_SOCKET="$sock"
++ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
++ break;
++ fi
++ done
++ if test ! -z "$PRNGD_SOCKET" ; then
++ AC_MSG_RESULT($PRNGD_SOCKET)
++ else
++ AC_MSG_RESULT(not found)
++ fi
++ fi
++ ]
++)
++
++# Change default command timeout for hashing entropy source
++entropy_timeout=200
++AC_ARG_WITH(entropy-timeout,
++ [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
++ [
++ if test "x$withval" != "xno" ; then
++ entropy_timeout=$withval
++ fi
++ ]
++)
++AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
++
++SSH_PRIVSEP_USER=sshd
++AC_ARG_WITH(privsep-user,
++ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
++ [
++ if test -n "$withval"; then
++ SSH_PRIVSEP_USER=$withval
++ fi
++ ]
++)
++AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
++AC_SUBST(SSH_PRIVSEP_USER)
++
++# We do this little dance with the search path to insure
++# that programs that we select for use by installed programs
++# (which may be run by the super-user) come from trusted
++# locations before they come from the user's private area.
++# This should help avoid accidentally configuring some
++# random version of a program in someone's personal bin.
++
++OPATH=$PATH
++PATH=/bin:/usr/bin
++test -h /bin 2> /dev/null && PATH=/usr/bin
++test -d /sbin && PATH=$PATH:/sbin
++test -d /usr/sbin && PATH=$PATH:/usr/sbin
++PATH=$PATH:/etc:$OPATH
++
++# These programs are used by the command hashing source to gather entropy
++OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
++OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
++OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
++OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
++OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
++OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
++OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
++OSSH_PATH_ENTROPY_PROG(PROG_W, w)
++OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
++OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
++OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
++OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
++OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
++OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
++OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
++OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
++# restore PATH
++PATH=$OPATH
++
++# Where does ssh-rand-helper get its randomness from?
++INSTALL_SSH_PRNG_CMDS=""
++if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
++ if test ! -z "$PRNGD_PORT" ; then
++ RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
++ elif test ! -z "$PRNGD_SOCKET" ; then
++ RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
++ else
++ RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
++ RAND_HELPER_CMDHASH=yes
++ INSTALL_SSH_PRNG_CMDS="yes"
++ fi
++fi
++AC_SUBST(INSTALL_SSH_PRNG_CMDS)
++
++
++# Cheap hack to ensure NEWS-OS libraries are arranged right.
++if test ! -z "$SONY" ; then
++ LIBS="$LIBS -liberty";
++fi
++
++# Checks for data types
++AC_CHECK_SIZEOF(char, 1)
++AC_CHECK_SIZEOF(short int, 2)
++AC_CHECK_SIZEOF(int, 4)
++AC_CHECK_SIZEOF(long int, 4)
++AC_CHECK_SIZEOF(long long int, 8)
++
++# Sanity check long long for some platforms (AIX)
++if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
++ ac_cv_sizeof_long_long_int=0
++fi
++
++# More checks for data types
++AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
++ AC_TRY_COMPILE(
++ [ #include <sys/types.h> ],
++ [ u_int a; a = 1;],
++ [ ac_cv_have_u_int="yes" ],
++ [ ac_cv_have_u_int="no" ]
++ )
++])
++if test "x$ac_cv_have_u_int" = "xyes" ; then
++ AC_DEFINE(HAVE_U_INT)
++ have_u_int=1
++fi
++
++AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
++ AC_TRY_COMPILE(
++ [ #include <sys/types.h> ],
++ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
++ [ ac_cv_have_intxx_t="yes" ],
++ [ ac_cv_have_intxx_t="no" ]
++ )
++])
++if test "x$ac_cv_have_intxx_t" = "xyes" ; then
++ AC_DEFINE(HAVE_INTXX_T)
++ have_intxx_t=1
++fi
++
++if (test -z "$have_intxx_t" && \
++ test "x$ac_cv_header_stdint_h" = "xyes")
++then
++ AC_MSG_CHECKING([for intXX_t types in stdint.h])
++ AC_TRY_COMPILE(
++ [ #include <stdint.h> ],
++ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
++ [
++ AC_DEFINE(HAVE_INTXX_T)
++ AC_MSG_RESULT(yes)
++ ],
++ [ AC_MSG_RESULT(no) ]
++ )
++fi
++
++AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#ifdef HAVE_STDINT_H
++# include <stdint.h>
++#endif
++#include <sys/socket.h>
++#ifdef HAVE_SYS_BITYPES_H
++# include <sys/bitypes.h>
++#endif
++ ],
++ [ int64_t a; a = 1;],
++ [ ac_cv_have_int64_t="yes" ],
++ [ ac_cv_have_int64_t="no" ]
++ )
++])
++if test "x$ac_cv_have_int64_t" = "xyes" ; then
++ AC_DEFINE(HAVE_INT64_T)
++fi
++
++AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
++ AC_TRY_COMPILE(
++ [ #include <sys/types.h> ],
++ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
++ [ ac_cv_have_u_intxx_t="yes" ],
++ [ ac_cv_have_u_intxx_t="no" ]
++ )
++])
++if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
++ AC_DEFINE(HAVE_U_INTXX_T)
++ have_u_intxx_t=1
++fi
++
++if test -z "$have_u_intxx_t" ; then
++ AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
++ AC_TRY_COMPILE(
++ [ #include <sys/socket.h> ],
++ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
++ [
++ AC_DEFINE(HAVE_U_INTXX_T)
++ AC_MSG_RESULT(yes)
++ ],
++ [ AC_MSG_RESULT(no) ]
++ )
++fi
++
++AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
++ AC_TRY_COMPILE(
++ [ #include <sys/types.h> ],
++ [ u_int64_t a; a = 1;],
++ [ ac_cv_have_u_int64_t="yes" ],
++ [ ac_cv_have_u_int64_t="no" ]
++ )
++])
++if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
++ AC_DEFINE(HAVE_U_INT64_T)
++ have_u_int64_t=1
++fi
++
++if test -z "$have_u_int64_t" ; then
++ AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
++ AC_TRY_COMPILE(
++ [ #include <sys/bitypes.h> ],
++ [ u_int64_t a; a = 1],
++ [
++ AC_DEFINE(HAVE_U_INT64_T)
++ AC_MSG_RESULT(yes)
++ ],
++ [ AC_MSG_RESULT(no) ]
++ )
++fi
++
++if test -z "$have_u_intxx_t" ; then
++ AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++ ],
++ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
++ [ ac_cv_have_uintxx_t="yes" ],
++ [ ac_cv_have_uintxx_t="no" ]
++ )
++ ])
++ if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
++ AC_DEFINE(HAVE_UINTXX_T)
++ fi
++fi
++
++if test -z "$have_uintxx_t" ; then
++ AC_MSG_CHECKING([for uintXX_t types in stdint.h])
++ AC_TRY_COMPILE(
++ [ #include <stdint.h> ],
++ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
++ [
++ AC_DEFINE(HAVE_UINTXX_T)
++ AC_MSG_RESULT(yes)
++ ],
++ [ AC_MSG_RESULT(no) ]
++ )
++fi
++
++if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
++ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
++then
++ AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
++ AC_TRY_COMPILE(
++ [
++#include <sys/bitypes.h>
++ ],
++ [
++ int8_t a; int16_t b; int32_t c;
++ u_int8_t e; u_int16_t f; u_int32_t g;
++ a = b = c = e = f = g = 1;
++ ],
++ [
++ AC_DEFINE(HAVE_U_INTXX_T)
++ AC_DEFINE(HAVE_INTXX_T)
++ AC_MSG_RESULT(yes)
++ ],
++ [AC_MSG_RESULT(no)]
++ )
++fi
++
++
++AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++ ],
++ [ u_char foo; foo = 125; ],
++ [ ac_cv_have_u_char="yes" ],
++ [ ac_cv_have_u_char="no" ]
++ )
++])
++if test "x$ac_cv_have_u_char" = "xyes" ; then
++ AC_DEFINE(HAVE_U_CHAR)
++fi
++
++TYPE_SOCKLEN_T
++
++AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
++
++AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++ ],
++ [ size_t foo; foo = 1235; ],
++ [ ac_cv_have_size_t="yes" ],
++ [ ac_cv_have_size_t="no" ]
++ )
++])
++if test "x$ac_cv_have_size_t" = "xyes" ; then
++ AC_DEFINE(HAVE_SIZE_T)
++fi
++
++AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++ ],
++ [ ssize_t foo; foo = 1235; ],
++ [ ac_cv_have_ssize_t="yes" ],
++ [ ac_cv_have_ssize_t="no" ]
++ )
++])
++if test "x$ac_cv_have_ssize_t" = "xyes" ; then
++ AC_DEFINE(HAVE_SSIZE_T)
++fi
++
++AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
++ AC_TRY_COMPILE(
++ [
++#include <time.h>
++ ],
++ [ clock_t foo; foo = 1235; ],
++ [ ac_cv_have_clock_t="yes" ],
++ [ ac_cv_have_clock_t="no" ]
++ )
++])
++if test "x$ac_cv_have_clock_t" = "xyes" ; then
++ AC_DEFINE(HAVE_CLOCK_T)
++fi
++
++AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++ ],
++ [ sa_family_t foo; foo = 1235; ],
++ [ ac_cv_have_sa_family_t="yes" ],
++ [ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++ ],
++ [ sa_family_t foo; foo = 1235; ],
++ [ ac_cv_have_sa_family_t="yes" ],
++
++ [ ac_cv_have_sa_family_t="no" ]
++ )]
++ )
++])
++if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
++ AC_DEFINE(HAVE_SA_FAMILY_T)
++fi
++
++AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++ ],
++ [ pid_t foo; foo = 1235; ],
++ [ ac_cv_have_pid_t="yes" ],
++ [ ac_cv_have_pid_t="no" ]
++ )
++])
++if test "x$ac_cv_have_pid_t" = "xyes" ; then
++ AC_DEFINE(HAVE_PID_T)
++fi
++
++AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++ ],
++ [ mode_t foo; foo = 1235; ],
++ [ ac_cv_have_mode_t="yes" ],
++ [ ac_cv_have_mode_t="no" ]
++ )
++])
++if test "x$ac_cv_have_mode_t" = "xyes" ; then
++ AC_DEFINE(HAVE_MODE_T)
++fi
++
++
++AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++ ],
++ [ struct sockaddr_storage s; ],
++ [ ac_cv_have_struct_sockaddr_storage="yes" ],
++ [ ac_cv_have_struct_sockaddr_storage="no" ]
++ )
++])
++if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
++ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
++fi
++
++AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <netinet/in.h>
++ ],
++ [ struct sockaddr_in6 s; s.sin6_family = 0; ],
++ [ ac_cv_have_struct_sockaddr_in6="yes" ],
++ [ ac_cv_have_struct_sockaddr_in6="no" ]
++ )
++])
++if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
++ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
++fi
++
++AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <netinet/in.h>
++ ],
++ [ struct in6_addr s; s.s6_addr[0] = 0; ],
++ [ ac_cv_have_struct_in6_addr="yes" ],
++ [ ac_cv_have_struct_in6_addr="no" ]
++ )
++])
++if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
++ AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
++fi
++
++AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netdb.h>
++ ],
++ [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
++ [ ac_cv_have_struct_addrinfo="yes" ],
++ [ ac_cv_have_struct_addrinfo="no" ]
++ )
++])
++if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
++ AC_DEFINE(HAVE_STRUCT_ADDRINFO)
++fi
++
++AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
++ AC_TRY_COMPILE(
++ [ #include <sys/time.h> ],
++ [ struct timeval tv; tv.tv_sec = 1;],
++ [ ac_cv_have_struct_timeval="yes" ],
++ [ ac_cv_have_struct_timeval="no" ]
++ )
++])
++if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
++ AC_DEFINE(HAVE_STRUCT_TIMEVAL)
++ have_struct_timeval=1
++fi
++
++AC_CHECK_TYPES(struct timespec)
++
++# We need int64_t or else certian parts of the compile will fail.
++if test "x$ac_cv_have_int64_t" = "xno" -a \
++ "x$ac_cv_sizeof_long_int" != "x8" -a \
++ "x$ac_cv_sizeof_long_long_int" = "x0" ; then
++ echo "OpenSSH requires int64_t support. Contact your vendor or install"
++ echo "an alternative compiler (I.E., GCC) before continuing."
++ echo ""
++ exit 1;
++else
++dnl test snprintf (broken on SCO w/gcc)
++ AC_TRY_RUN(
++ [
++#include <stdio.h>
++#include <string.h>
++#ifdef HAVE_SNPRINTF
++main()
++{
++ char buf[50];
++ char expected_out[50];
++ int mazsize = 50 ;
++#if (SIZEOF_LONG_INT == 8)
++ long int num = 0x7fffffffffffffff;
++#else
++ long long num = 0x7fffffffffffffffll;
++#endif
++ strcpy(expected_out, "9223372036854775807");
++ snprintf(buf, mazsize, "%lld", num);
++ if(strcmp(buf, expected_out) != 0)
++ exit(1);
++ exit(0);
++}
++#else
++main() { exit(0); }
++#endif
++ ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
++ )
++fi
++
++dnl Checks for structure members
++OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
++
++AC_CHECK_MEMBERS([struct stat.st_blksize])
++
++AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
++ ac_cv_have_ss_family_in_struct_ss, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++ ],
++ [ struct sockaddr_storage s; s.ss_family = 1; ],
++ [ ac_cv_have_ss_family_in_struct_ss="yes" ],
++ [ ac_cv_have_ss_family_in_struct_ss="no" ],
++ )
++])
++if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
++ AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
++fi
++
++AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
++ ac_cv_have___ss_family_in_struct_ss, [
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++ ],
++ [ struct sockaddr_storage s; s.__ss_family = 1; ],
++ [ ac_cv_have___ss_family_in_struct_ss="yes" ],
++ [ ac_cv_have___ss_family_in_struct_ss="no" ]
++ )
++])
++if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
++ AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
++fi
++
++AC_CACHE_CHECK([for pw_class field in struct passwd],
++ ac_cv_have_pw_class_in_struct_passwd, [
++ AC_TRY_COMPILE(
++ [
++#include <pwd.h>
++ ],
++ [ struct passwd p; p.pw_class = 0; ],
++ [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
++ [ ac_cv_have_pw_class_in_struct_passwd="no" ]
++ )
++])
++if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
++ AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
++fi
++
++AC_CACHE_CHECK([for pw_expire field in struct passwd],
++ ac_cv_have_pw_expire_in_struct_passwd, [
++ AC_TRY_COMPILE(
++ [
++#include <pwd.h>
++ ],
++ [ struct passwd p; p.pw_expire = 0; ],
++ [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
++ [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
++ )
++])
++if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
++ AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
++fi
++
++AC_CACHE_CHECK([for pw_change field in struct passwd],
++ ac_cv_have_pw_change_in_struct_passwd, [
++ AC_TRY_COMPILE(
++ [
++#include <pwd.h>
++ ],
++ [ struct passwd p; p.pw_change = 0; ],
++ [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
++ [ ac_cv_have_pw_change_in_struct_passwd="no" ]
++ )
++])
++if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
++ AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
++fi
++
++dnl make sure we're using the real structure members and not defines
++AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
++ ac_cv_have_accrights_in_msghdr, [
++ AC_TRY_RUN(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <sys/uio.h>
++int main() {
++#ifdef msg_accrights
++exit(1);
++#endif
++struct msghdr m;
++m.msg_accrights = 0;
++exit(0);
++}
++ ],
++ [ ac_cv_have_accrights_in_msghdr="yes" ],
++ [ ac_cv_have_accrights_in_msghdr="no" ]
++ )
++])
++if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
++ AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
++fi
++
++AC_CACHE_CHECK([for msg_control field in struct msghdr],
++ ac_cv_have_control_in_msghdr, [
++ AC_TRY_RUN(
++ [
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <sys/uio.h>
++int main() {
++#ifdef msg_control
++exit(1);
++#endif
++struct msghdr m;
++m.msg_control = 0;
++exit(0);
++}
++ ],
++ [ ac_cv_have_control_in_msghdr="yes" ],
++ [ ac_cv_have_control_in_msghdr="no" ]
++ )
++])
++if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
++ AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
++fi
++
++AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
++ AC_TRY_LINK([],
++ [ extern char *__progname; printf("%s", __progname); ],
++ [ ac_cv_libc_defines___progname="yes" ],
++ [ ac_cv_libc_defines___progname="no" ]
++ )
++])
++if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
++ AC_DEFINE(HAVE___PROGNAME)
++fi
++
++AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
++ AC_TRY_LINK([
++#include <stdio.h>
++],
++ [ printf("%s", __FUNCTION__); ],
++ [ ac_cv_cc_implements___FUNCTION__="yes" ],
++ [ ac_cv_cc_implements___FUNCTION__="no" ]
++ )
++])
++if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
++ AC_DEFINE(HAVE___FUNCTION__)
++fi
++
++AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
++ AC_TRY_LINK([
++#include <stdio.h>
++],
++ [ printf("%s", __func__); ],
++ [ ac_cv_cc_implements___func__="yes" ],
++ [ ac_cv_cc_implements___func__="no" ]
++ )
++])
++if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
++ AC_DEFINE(HAVE___func__)
++fi
++
++AC_CACHE_CHECK([whether getopt has optreset support],
++ ac_cv_have_getopt_optreset, [
++ AC_TRY_LINK(
++ [
++#include <getopt.h>
++ ],
++ [ extern int optreset; optreset = 0; ],
++ [ ac_cv_have_getopt_optreset="yes" ],
++ [ ac_cv_have_getopt_optreset="no" ]
++ )
++])
++if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
++ AC_DEFINE(HAVE_GETOPT_OPTRESET)
++fi
++
++AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
++ AC_TRY_LINK([],
++ [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
++ [ ac_cv_libc_defines_sys_errlist="yes" ],
++ [ ac_cv_libc_defines_sys_errlist="no" ]
++ )
++])
++if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
++ AC_DEFINE(HAVE_SYS_ERRLIST)
++fi
++
++
++AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
++ AC_TRY_LINK([],
++ [ extern int sys_nerr; printf("%i", sys_nerr);],
++ [ ac_cv_libc_defines_sys_nerr="yes" ],
++ [ ac_cv_libc_defines_sys_nerr="no" ]
++ )
++])
++if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
++ AC_DEFINE(HAVE_SYS_NERR)
++fi
++
++SCARD_MSG="no"
++
++# Check whether user wants sectok support
++AC_ARG_WITH(sectok,
++ [ --with-sectok Enable smartcard support using libsectok],
++ [
++ if test "x$withval" != "xno" ; then
++ if test "x$withval" != "xyes" ; then
++ CPPFLAGS="$CPPFLAGS -I${withval}"
++ LDFLAGS="$LDFLAGS -L${withval}"
++ if test ! -z "$need_dash_r" ; then
++ LDFLAGS="$LDFLAGS -R${withval}"
++ fi
++ if test ! -z "$blibpath" ; then
++ blibpath="$blibpath:${withval}"
++ fi
++ fi
++ AC_CHECK_HEADERS(sectok.h)
++ if test "$ac_cv_header_sectok_h" != yes; then
++ AC_MSG_ERROR(Can't find sectok.h)
++ fi
++ AC_CHECK_LIB(sectok, sectok_open)
++ if test "$ac_cv_lib_sectok_sectok_open" != yes; then
++ AC_MSG_ERROR(Can't find libsectok)
++ fi
++ AC_DEFINE(SMARTCARD)
++ AC_DEFINE(USE_SECTOK)
++ SCARD_MSG="yes, using sectok"
++ fi
++ ]
++)
++
++# Check whether user wants OpenSC support
++AC_ARG_WITH(opensc,
++ AC_HELP_STRING([--with-opensc=PFX],
++ [Enable smartcard support using OpenSC]),
++ opensc_config_prefix="$withval", opensc_config_prefix="")
++if test x$opensc_config_prefix != x ; then
++ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
++ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
++ if test "$OPENSC_CONFIG" != "no"; then
++ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
++ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
++ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
++ LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
++ AC_DEFINE(SMARTCARD)
++ AC_DEFINE(USE_OPENSC)
++ SCARD_MSG="yes, using OpenSC"
++ fi
++fi
++
++# Check whether user wants Kerberos 5 support
++KRB5_MSG="no"
++AC_ARG_WITH(kerberos5,
++ [ --with-kerberos5=PATH Enable Kerberos 5 support],
++ [
++ if test "x$withval" != "xno" ; then
++ if test "x$withval" = "xyes" ; then
++ KRB5ROOT="/usr/local"
++ else
++ KRB5ROOT=${withval}
++ fi
++ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
++ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
++ AC_DEFINE(KRB5)
++ KRB5_MSG="yes"
++ AC_MSG_CHECKING(whether we are using Heimdal)
++ AC_TRY_COMPILE([ #include <krb5.h> ],
++ [ char *tmp = heimdal_version; ],
++ [ AC_MSG_RESULT(yes)
++ AC_DEFINE(HEIMDAL)
++ K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
++ ],
++ [ AC_MSG_RESULT(no)
++ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
++ ]
++ )
++ if test ! -z "$need_dash_r" ; then
++ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
++ fi
++ if test ! -z "$blibpath" ; then
++ blibpath="$blibpath:${KRB5ROOT}/lib"
++ fi
++ AC_CHECK_LIB(resolv, dn_expand, , )
++
++ KRB5=yes
++ fi
++ ]
++)
++# Check whether user wants Kerberos 4 support
++KRB4_MSG="no"
++AC_ARG_WITH(kerberos4,
++ [ --with-kerberos4=PATH Enable Kerberos 4 support],
++ [
++ if test "x$withval" != "xno" ; then
++ if test "x$withval" != "xyes" ; then
++ CPPFLAGS="$CPPFLAGS -I${withval}/include"
++ LDFLAGS="$LDFLAGS -L${withval}/lib"
++ if test ! -z "$need_dash_r" ; then
++ LDFLAGS="$LDFLAGS -R${withval}/lib"
++ fi
++ if test ! -z "$blibpath" ; then
++ blibpath="$blibpath:${withval}/lib"
++ fi
++ else
++ if test -d /usr/include/kerberosIV ; then
++ CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
++ fi
++ fi
++
++ AC_CHECK_HEADERS(krb.h)
++ if test "$ac_cv_header_krb_h" != yes; then
++ AC_MSG_WARN([Cannot find krb.h, build may fail])
++ fi
++ AC_CHECK_LIB(krb, main)
++ if test "$ac_cv_lib_krb_main" != yes; then
++ AC_CHECK_LIB(krb4, main)
++ if test "$ac_cv_lib_krb4_main" != yes; then
++ AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
++ else
++ KLIBS="-lkrb4"
++ fi
++ else
++ KLIBS="-lkrb"
++ fi
++ AC_CHECK_LIB(des, des_cbc_encrypt)
++ if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
++ AC_CHECK_LIB(des425, des_cbc_encrypt)
++ if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
++ AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
++ else
++ KLIBS="-ldes425"
++ fi
++ else
++ KLIBS="-ldes"
++ fi
++ AC_CHECK_LIB(resolv, dn_expand, , )
++ KRB4=yes
++ KRB4_MSG="yes"
++ AC_DEFINE(KRB4)
++ fi
++ ]
++)
++
++# Check whether user wants AFS support
++AFS_MSG="no"
++AC_ARG_WITH(afs,
++ [ --with-afs=PATH Enable AFS support],
++ [
++ if test "x$withval" != "xno" ; then
++
++ if test "x$withval" != "xyes" ; then
++ CPPFLAGS="$CPPFLAGS -I${withval}/include"
++ LDFLAGS="$LDFLAGS -L${withval}/lib"
++ fi
++
++ if test -z "$KRB4" ; then
++ AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
++ fi
++
++ LIBS="-lkafs $LIBS"
++ if test ! -z "$AFS_LIBS" ; then
++ LIBS="$LIBS $AFS_LIBS"
++ fi
++ AC_DEFINE(AFS)
++ AFS_MSG="yes"
++ fi
++ ]
++)
++LIBS="$LIBS $KLIBS $K5LIBS"
++
++# Looking for programs, paths and files
++
++PRIVSEP_PATH=/var/empty
++AC_ARG_WITH(privsep-path,
++ [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
++ [
++ if test "x$withval" != "$no" ; then
++ PRIVSEP_PATH=$withval
++ fi
++ ]
++)
++AC_SUBST(PRIVSEP_PATH)
++
++AC_ARG_WITH(xauth,
++ [ --with-xauth=PATH Specify path to xauth program ],
++ [
++ if test "x$withval" != "xno" ; then
++ xauth_path=$withval
++ fi
++ ],
++ [
++ TestPath="$PATH"
++ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
++ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
++ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
++ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
++ AC_PATH_PROG(xauth_path, xauth, , $TestPath)
++ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
++ xauth_path="/usr/openwin/bin/xauth"
++ fi
++ ]
++)
++
++STRIP_OPT=-s
++AC_ARG_ENABLE(strip,
++ [ --disable-strip Disable calling strip(1) on install],
++ [
++ if test "x$enableval" = "xno" ; then
++ STRIP_OPT=
++ fi
++ ]
++)
++AC_SUBST(STRIP_OPT)
++
++if test -z "$xauth_path" ; then
++ XAUTH_PATH="undefined"
++ AC_SUBST(XAUTH_PATH)
++else
++ AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
++ XAUTH_PATH=$xauth_path
++ AC_SUBST(XAUTH_PATH)
++fi
++
++# Check for mail directory (last resort if we cannot get it from headers)
++if test ! -z "$MAIL" ; then
++ maildir=`dirname $MAIL`
++ AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
++fi
++
++if test -z "$no_dev_ptmx" ; then
++ if test "x$disable_ptmx_check" != "xyes" ; then
++ AC_CHECK_FILE("/dev/ptmx",
++ [
++ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
++ have_dev_ptmx=1
++ ]
++ )
++ fi
++fi
++AC_CHECK_FILE("/dev/ptc",
++ [
++ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
++ have_dev_ptc=1
++ ]
++)
++
++# Options from here on. Some of these are preset by platform above
++AC_ARG_WITH(mantype,
++ [ --with-mantype=man|cat|doc Set man page type],
++ [
++ case "$withval" in
++ man|cat|doc)
++ MANTYPE=$withval
++ ;;
++ *)
++ AC_MSG_ERROR(invalid man type: $withval)
++ ;;
++ esac
++ ]
++)
++if test -z "$MANTYPE"; then
++ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
++ AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
++ if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
++ MANTYPE=doc
++ elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
++ MANTYPE=man
++ else
++ MANTYPE=cat
++ fi
++fi
++AC_SUBST(MANTYPE)
++if test "$MANTYPE" = "doc"; then
++ mansubdir=man;
++else
++ mansubdir=$MANTYPE;
++fi
++AC_SUBST(mansubdir)
++
++# Check whether to enable MD5 passwords
++MD5_MSG="no"
++AC_ARG_WITH(md5-passwords,
++ [ --with-md5-passwords Enable use of MD5 passwords],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_DEFINE(HAVE_MD5_PASSWORDS)
++ MD5_MSG="yes"
++ fi
++ ]
++)
++
++# Whether to disable shadow password support
++AC_ARG_WITH(shadow,
++ [ --without-shadow Disable shadow password support],
++ [
++ if test "x$withval" = "xno" ; then
++ AC_DEFINE(DISABLE_SHADOW)
++ disable_shadow=yes
++ fi
++ ]
++)
++
++if test -z "$disable_shadow" ; then
++ AC_MSG_CHECKING([if the systems has expire shadow information])
++ AC_TRY_COMPILE(
++ [
++#include <sys/types.h>
++#include <shadow.h>
++ struct spwd sp;
++ ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
++ [ sp_expire_available=yes ], []
++ )
++
++ if test "x$sp_expire_available" = "xyes" ; then
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAS_SHADOW_EXPIRE)
++ else
++ AC_MSG_RESULT(no)
++ fi
++fi
++
++# Use ip address instead of hostname in $DISPLAY
++if test ! -z "$IPADDR_IN_DISPLAY" ; then
++ DISPLAY_HACK_MSG="yes"
++ AC_DEFINE(IPADDR_IN_DISPLAY)
++else
++ DISPLAY_HACK_MSG="no"
++ AC_ARG_WITH(ipaddr-display,
++ [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_DEFINE(IPADDR_IN_DISPLAY)
++ DISPLAY_HACK_MSG="yes"
++ fi
++ ]
++ )
++fi
++
++dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
++if test $ac_cv_func_login_getcapbool = "yes" -a \
++ $ac_cv_header_login_cap_h = "yes" ; then
++ USES_LOGIN_CONF=yes
++fi
++# Whether to mess with the default path
++SERVER_PATH_MSG="(default)"
++AC_ARG_WITH(default-path,
++ [ --with-default-path= Specify default \$PATH environment for server],
++ [
++ if test "$USES_LOGIN_CONF" = "yes" ; then
++ AC_MSG_WARN([
++--with-default-path=PATH has no effect on this system.
++Edit /etc/login.conf instead.])
++ elif test "x$withval" != "xno" ; then
++ user_path="$withval"
++ SERVER_PATH_MSG="$withval"
++ fi
++ ],
++ [ if test "$USES_LOGIN_CONF" = "yes" ; then
++ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
++ else
++ AC_TRY_RUN(
++ [
++/* find out what STDPATH is */
++#include <stdio.h>
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++#ifndef _PATH_STDPATH
++# ifdef _PATH_USERPATH /* Irix */
++# define _PATH_STDPATH _PATH_USERPATH
++# else
++# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
++# endif
++#endif
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
++#define DATA "conftest.stdpath"
++
++main()
++{
++ FILE *fd;
++ int rc;
++
++ fd = fopen(DATA,"w");
++ if(fd == NULL)
++ exit(1);
++
++ if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
++ exit(1);
++
++ exit(0);
++}
++ ], [ user_path=`cat conftest.stdpath` ],
++ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
++ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
++ )
++# make sure $bindir is in USER_PATH so scp will work
++ t_bindir=`eval echo ${bindir}`
++ case $t_bindir in
++ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
++ esac
++ case $t_bindir in
++ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
++ esac
++ echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
++ if test $? -ne 0 ; then
++ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
++ if test $? -ne 0 ; then
++ user_path=$user_path:$t_bindir
++ AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
++ fi
++ fi
++ fi ]
++)
++if test "$USES_LOGIN_CONF" != "yes" ; then
++ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
++ AC_SUBST(user_path)
++fi
++
++# Set superuser path separately to user path
++AC_ARG_WITH(superuser-path,
++ [ --with-superuser-path= Specify different path for super-user],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
++ superuser_path=$withval
++ fi
++ ]
++)
++
++
++# Whether to force IPv4 by default (needed on broken glibc Linux)
++IPV4_HACK_MSG="no"
++AC_ARG_WITH(ipv4-default,
++ [ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_DEFINE(IPV4_DEFAULT)
++ IPV4_HACK_MSG="yes"
++ fi
++ ]
++)
++
++AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
++IPV4_IN6_HACK_MSG="no"
++AC_ARG_WITH(4in6,
++ [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(IPV4_IN_IPV6)
++ IPV4_IN6_HACK_MSG="yes"
++ else
++ AC_MSG_RESULT(no)
++ fi
++ ],[
++ if test "x$inet6_default_4in6" = "xyes"; then
++ AC_MSG_RESULT([yes (default)])
++ AC_DEFINE(IPV4_IN_IPV6)
++ IPV4_IN6_HACK_MSG="yes"
++ else
++ AC_MSG_RESULT([no (default)])
++ fi
++ ]
++)
++
++# Whether to enable BSD auth support
++BSD_AUTH_MSG=no
++AC_ARG_WITH(bsd-auth,
++ [ --with-bsd-auth Enable BSD auth support],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_DEFINE(BSD_AUTH)
++ BSD_AUTH_MSG=yes
++ fi
++ ]
++)
++
++# Where to place sshd.pid
++piddir=/var/run
++# make sure the directory exists
++if test ! -d $piddir ; then
++ piddir=`eval echo ${sysconfdir}`
++ case $piddir in
++ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
++ esac
++fi
++
++AC_ARG_WITH(pid-dir,
++ [ --with-pid-dir=PATH Specify location of ssh.pid file],
++ [
++ if test "x$withval" != "xno" ; then
++ piddir=$withval
++ if test ! -d $piddir ; then
++ AC_MSG_WARN([** no $piddir directory on this system **])
++ fi
++ fi
++ ]
++)
++
++AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
++AC_SUBST(piddir)
++
++dnl allow user to disable some login recording features
++AC_ARG_ENABLE(lastlog,
++ [ --disable-lastlog disable use of lastlog even if detected [no]],
++ [ AC_DEFINE(DISABLE_LASTLOG) ]
++)
++AC_ARG_ENABLE(utmp,
++ [ --disable-utmp disable use of utmp even if detected [no]],
++ [ AC_DEFINE(DISABLE_UTMP) ]
++)
++AC_ARG_ENABLE(utmpx,
++ [ --disable-utmpx disable use of utmpx even if detected [no]],
++ [ AC_DEFINE(DISABLE_UTMPX) ]
++)
++AC_ARG_ENABLE(wtmp,
++ [ --disable-wtmp disable use of wtmp even if detected [no]],
++ [ AC_DEFINE(DISABLE_WTMP) ]
++)
++AC_ARG_ENABLE(wtmpx,
++ [ --disable-wtmpx disable use of wtmpx even if detected [no]],
++ [ AC_DEFINE(DISABLE_WTMPX) ]
++)
++AC_ARG_ENABLE(libutil,
++ [ --disable-libutil disable use of libutil (login() etc.) [no]],
++ [ AC_DEFINE(DISABLE_LOGIN) ]
++)
++AC_ARG_ENABLE(pututline,
++ [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
++ [ AC_DEFINE(DISABLE_PUTUTLINE) ]
++)
++AC_ARG_ENABLE(pututxline,
++ [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
++ [ AC_DEFINE(DISABLE_PUTUTXLINE) ]
++)
++AC_ARG_WITH(lastlog,
++ [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
++ [
++ if test "x$withval" = "xno" ; then
++ AC_DEFINE(DISABLE_LASTLOG)
++ else
++ conf_lastlog_location=$withval
++ fi
++ ]
++)
++
++dnl lastlog, [uw]tmpx? detection
++dnl NOTE: set the paths in the platform section to avoid the
++dnl need for command-line parameters
++dnl lastlog and [uw]tmp are subject to a file search if all else fails
++
++dnl lastlog detection
++dnl NOTE: the code itself will detect if lastlog is a directory
++AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
++AC_TRY_COMPILE([
++#include <sys/types.h>
++#include <utmp.h>
++#ifdef HAVE_LASTLOG_H
++# include <lastlog.h>
++#endif
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++#ifdef HAVE_LOGIN_H
++# include <login.h>
++#endif
++ ],
++ [ char *lastlog = LASTLOG_FILE; ],
++ [ AC_MSG_RESULT(yes) ],
++ [
++ AC_MSG_RESULT(no)
++ AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
++ AC_TRY_COMPILE([
++#include <sys/types.h>
++#include <utmp.h>
++#ifdef HAVE_LASTLOG_H
++# include <lastlog.h>
++#endif
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++ ],
++ [ char *lastlog = _PATH_LASTLOG; ],
++ [ AC_MSG_RESULT(yes) ],
++ [
++ AC_MSG_RESULT(no)
++ system_lastlog_path=no
++ ])
++ ]
++)
++
++if test -z "$conf_lastlog_location"; then
++ if test x"$system_lastlog_path" = x"no" ; then
++ for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
++ if (test -d "$f" || test -f "$f") ; then
++ conf_lastlog_location=$f
++ fi
++ done
++ if test -z "$conf_lastlog_location"; then
++ AC_MSG_WARN([** Cannot find lastlog **])
++ dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
++ fi
++ fi
++fi
++
++if test -n "$conf_lastlog_location"; then
++ AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
++fi
++
++dnl utmp detection
++AC_MSG_CHECKING([if your system defines UTMP_FILE])
++AC_TRY_COMPILE([
++#include <sys/types.h>
++#include <utmp.h>
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++ ],
++ [ char *utmp = UTMP_FILE; ],
++ [ AC_MSG_RESULT(yes) ],
++ [ AC_MSG_RESULT(no)
++ system_utmp_path=no ]
++)
++if test -z "$conf_utmp_location"; then
++ if test x"$system_utmp_path" = x"no" ; then
++ for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
++ if test -f $f ; then
++ conf_utmp_location=$f
++ fi
++ done
++ if test -z "$conf_utmp_location"; then
++ AC_DEFINE(DISABLE_UTMP)
++ fi
++ fi
++fi
++if test -n "$conf_utmp_location"; then
++ AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
++fi
++
++dnl wtmp detection
++AC_MSG_CHECKING([if your system defines WTMP_FILE])
++AC_TRY_COMPILE([
++#include <sys/types.h>
++#include <utmp.h>
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++ ],
++ [ char *wtmp = WTMP_FILE; ],
++ [ AC_MSG_RESULT(yes) ],
++ [ AC_MSG_RESULT(no)
++ system_wtmp_path=no ]
++)
++if test -z "$conf_wtmp_location"; then
++ if test x"$system_wtmp_path" = x"no" ; then
++ for f in /usr/adm/wtmp /var/log/wtmp; do
++ if test -f $f ; then
++ conf_wtmp_location=$f
++ fi
++ done
++ if test -z "$conf_wtmp_location"; then
++ AC_DEFINE(DISABLE_WTMP)
++ fi
++ fi
++fi
++if test -n "$conf_wtmp_location"; then
++ AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
++fi
++
++
++dnl utmpx detection - I don't know any system so perverse as to require
++dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
++dnl there, though.
++AC_MSG_CHECKING([if your system defines UTMPX_FILE])
++AC_TRY_COMPILE([
++#include <sys/types.h>
++#include <utmp.h>
++#ifdef HAVE_UTMPX_H
++#include <utmpx.h>
++#endif
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++ ],
++ [ char *utmpx = UTMPX_FILE; ],
++ [ AC_MSG_RESULT(yes) ],
++ [ AC_MSG_RESULT(no)
++ system_utmpx_path=no ]
++)
++if test -z "$conf_utmpx_location"; then
++ if test x"$system_utmpx_path" = x"no" ; then
++ AC_DEFINE(DISABLE_UTMPX)
++ fi
++else
++ AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
++fi
++
++dnl wtmpx detection
++AC_MSG_CHECKING([if your system defines WTMPX_FILE])
++AC_TRY_COMPILE([
++#include <sys/types.h>
++#include <utmp.h>
++#ifdef HAVE_UTMPX_H
++#include <utmpx.h>
++#endif
++#ifdef HAVE_PATHS_H
++# include <paths.h>
++#endif
++ ],
++ [ char *wtmpx = WTMPX_FILE; ],
++ [ AC_MSG_RESULT(yes) ],
++ [ AC_MSG_RESULT(no)
++ system_wtmpx_path=no ]
++)
++if test -z "$conf_wtmpx_location"; then
++ if test x"$system_wtmpx_path" = x"no" ; then
++ AC_DEFINE(DISABLE_WTMPX)
++ fi
++else
++ AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
++fi
++
++
++if test ! -z "$blibpath" ; then
++ LDFLAGS="$LDFLAGS $blibflags$blibpath"
++ AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
++fi
++
++dnl remove pam and dl because they are in $LIBPAM
++if test "$PAM_MSG" = yes ; then
++ LIBS=`echo $LIBS | sed 's/-lpam //'`
++fi
++if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
++ LIBS=`echo $LIBS | sed 's/-ldl //'`
++fi
++
++AC_EXEEXT
++AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
++AC_OUTPUT
++
++# Print summary of options
++
++# Someone please show me a better way :)
++A=`eval echo ${prefix}` ; A=`eval echo ${A}`
++B=`eval echo ${bindir}` ; B=`eval echo ${B}`
++C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
++D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
++E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
++F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
++G=`eval echo ${piddir}` ; G=`eval echo ${G}`
++H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
++I=`eval echo ${user_path}` ; I=`eval echo ${I}`
++J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
++
++echo ""
++echo "OpenSSH has been configured with the following options:"
++echo " User binaries: $B"
++echo " System binaries: $C"
++echo " Configuration files: $D"
++echo " Askpass program: $E"
++echo " Manual pages: $F"
++echo " PID file: $G"
++echo " Privilege separation chroot path: $H"
++if test "$USES_LOGIN_CONF" = "yes" ; then
++echo " At runtime, sshd will use the path defined in /etc/login.conf"
++else
++echo " sshd default user PATH: $I"
++fi
++if test ! -z "$superuser_path" ; then
++echo " sshd superuser user PATH: $J"
++fi
++echo " Manpage format: $MANTYPE"
++echo " PAM support: ${PAM_MSG}"
++echo " KerberosIV support: $KRB4_MSG"
++echo " KerberosV support: $KRB5_MSG"
++echo " Smartcard support: $SCARD_MSG"
++echo " AFS support: $AFS_MSG"
++echo " S/KEY support: $SKEY_MSG"
++echo " TCP Wrappers support: $TCPW_MSG"
++echo " MD5 password support: $MD5_MSG"
++echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
++echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
++echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
++echo " BSD Auth support: $BSD_AUTH_MSG"
++echo " Random number source: $RAND_MSG"
++if test ! -z "$USE_RAND_HELPER" ; then
++echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
++fi
++
++echo ""
++
++echo " Host: ${host}"
++echo " Compiler: ${CC}"
++echo " Compiler flags: ${CFLAGS}"
++echo "Preprocessor flags: ${CPPFLAGS}"
++echo " Linker flags: ${LDFLAGS}"
++echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
++
++echo ""
++
++if test "x$PAM_MSG" = "xyes" ; then
++ echo "PAM is enabled. You may need to install a PAM control file "
++ echo "for sshd, otherwise password authentication may fail. "
++ echo "Example PAM control files can be found in the contrib/ "
++ echo "subdirectory"
++ echo ""
++fi
++
++if test ! -z "$RAND_HELPER_CMDHASH" ; then
++ echo "WARNING: you are using the builtin random number collection "
++ echo "service. Please read WARNING.RNG and request that your OS "
++ echo "vendor includes kernel-based random number collection in "
++ echo "future versions of your OS."
++ echo ""
++fi
++
+diff -urN openssh-3.6.1p2-orig/servconf.c openssh-3.6.1p2/servconf.c
+--- openssh-3.6.1p2-orig/servconf.c 2003-02-23 18:04:34.000000000 -0700
++++ openssh-3.6.1p2/servconf.c 2003-07-26 16:57:54.000000000 -0600
+@@ -17,7 +17,7 @@
+ #endif
+ #if defined(KRB5)
+ #ifdef HEIMDAL
+-#include <krb.h>
++#include <krb5.h>
+ #else
+ /* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
+ * keytab */
+diff -urN openssh-3.6.1p2-orig/servconf.c~ openssh-3.6.1p2/servconf.c~
+--- openssh-3.6.1p2-orig/servconf.c~ 1969-12-31 17:00:00.000000000 -0700
++++ openssh-3.6.1p2/servconf.c~ 2003-07-26 16:57:47.000000000 -0600
+@@ -0,0 +1,955 @@
++/*
++ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
++ * All rights reserved
++ *
++ * As far as I am concerned, the code I have written for this software
++ * can be used freely for any purpose. Any derived versions of this
++ * software must be clearly marked as such, and if the derived work is
++ * incompatible with the protocol description in the RFC file, it must be
++ * called by a name other than "ssh" or "Secure Shell".
++ */
++
++#include "includes.h"
++RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
++
++#if defined(KRB4)
++#include <krb.h>
++#endif
++#if defined(KRB5)
++#ifdef HEIMDAL
++#include <krb5.h>
++#else
++/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
++ * keytab */
++#define KEYFILE "/etc/krb5.keytab"
++#endif
++#endif
++#ifdef AFS
++#include <kafs.h>
++#endif
++
++#include "ssh.h"
++#include "log.h"
++#include "servconf.h"
++#include "xmalloc.h"
++#include "compat.h"
++#include "pathnames.h"
++#include "tildexpand.h"
++#include "misc.h"
++#include "cipher.h"
++#include "kex.h"
++#include "mac.h"
++
++static void add_listen_addr(ServerOptions *, char *, u_short);
++static void add_one_listen_addr(ServerOptions *, char *, u_short);
++
++/* AF_UNSPEC or AF_INET or AF_INET6 */
++extern int IPv4or6;
++/* Use of privilege separation or not */
++extern int use_privsep;
++
++/* Initializes the server options to their default values. */
++
++void
++initialize_server_options(ServerOptions *options)
++{
++ memset(options, 0, sizeof(*options));
++
++ /* Portable-specific options */
++ options->pam_authentication_via_kbd_int = -1;
++
++ /* Standard Options */
++ options->num_ports = 0;
++ options->ports_from_cmdline = 0;
++ options->listen_addrs = NULL;
++ options->num_host_key_files = 0;
++ options->pid_file = NULL;
++ options->server_key_bits = -1;
++ options->login_grace_time = -1;
++ options->key_regeneration_time = -1;
++ options->permit_root_login = PERMIT_NOT_SET;
++ options->ignore_rhosts = -1;
++ options->ignore_user_known_hosts = -1;
++ options->print_motd = -1;
++ options->print_lastlog = -1;
++ options->x11_forwarding = -1;
++ options->x11_display_offset = -1;
++ options->x11_use_localhost = -1;
++ options->xauth_location = NULL;
++ options->strict_modes = -1;
++ options->keepalives = -1;
++ options->log_facility = SYSLOG_FACILITY_NOT_SET;
++ options->log_level = SYSLOG_LEVEL_NOT_SET;
++ options->rhosts_authentication = -1;
++ options->rhosts_rsa_authentication = -1;
++ options->hostbased_authentication = -1;
++ options->hostbased_uses_name_from_packet_only = -1;
++ options->rsa_authentication = -1;
++ options->pubkey_authentication = -1;
++#if defined(KRB4) || defined(KRB5)
++ options->kerberos_authentication = -1;
++ options->kerberos_or_local_passwd = -1;
++ options->kerberos_ticket_cleanup = -1;
++#endif
++#if defined(AFS) || defined(KRB5)
++ options->kerberos_tgt_passing = -1;
++#endif
++#ifdef AFS
++ options->afs_token_passing = -1;
++#endif
++ options->password_authentication = -1;
++ options->kbd_interactive_authentication = -1;
++ options->challenge_response_authentication = -1;
++ options->permit_empty_passwd = -1;
++ options->permit_user_env = -1;
++ options->use_login = -1;
++ options->compression = -1;
++ options->allow_tcp_forwarding = -1;
++ options->num_allow_users = 0;
++ options->num_deny_users = 0;
++ options->num_allow_groups = 0;
++ options->num_deny_groups = 0;
++ options->ciphers = NULL;
++ options->macs = NULL;
++ options->protocol = SSH_PROTO_UNKNOWN;
++ options->gateway_ports = -1;
++ options->num_subsystems = 0;
++ options->max_startups_begin = -1;
++ options->max_startups_rate = -1;
++ options->max_startups = -1;
++ options->banner = NULL;
++ options->verify_reverse_mapping = -1;
++ options->client_alive_interval = -1;
++ options->client_alive_count_max = -1;
++ options->authorized_keys_file = NULL;
++ options->authorized_keys_file2 = NULL;
++
++ /* Needs to be accessable in many places */
++ use_privsep = -1;
++}
++
++void
++fill_default_server_options(ServerOptions *options)
++{
++ /* Portable-specific options */
++ if (options->pam_authentication_via_kbd_int == -1)
++ options->pam_authentication_via_kbd_int = 0;
++
++ /* Standard Options */
++ if (options->protocol == SSH_PROTO_UNKNOWN)
++ options->protocol = SSH_PROTO_1|SSH_PROTO_2;
++ if (options->num_host_key_files == 0) {
++ /* fill default hostkeys for protocols */
++ if (options->protocol & SSH_PROTO_1)
++ options->host_key_files[options->num_host_key_files++] =
++ _PATH_HOST_KEY_FILE;
++ if (options->protocol & SSH_PROTO_2) {
++ options->host_key_files[options->num_host_key_files++] =
++ _PATH_HOST_RSA_KEY_FILE;
++ options->host_key_files[options->num_host_key_files++] =
++ _PATH_HOST_DSA_KEY_FILE;
++ }
++ }
++ if (options->num_ports == 0)
++ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
++ if (options->listen_addrs == NULL)
++ add_listen_addr(options, NULL, 0);
++ if (options->pid_file == NULL)
++ options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
++ if (options->server_key_bits == -1)
++ options->server_key_bits = 768;
++ if (options->login_grace_time == -1)
++ options->login_grace_time = 120;
++ if (options->key_regeneration_time == -1)
++ options->key_regeneration_time = 3600;
++ if (options->permit_root_login == PERMIT_NOT_SET)
++ options->permit_root_login = PERMIT_YES;
++ if (options->ignore_rhosts == -1)
++ options->ignore_rhosts = 1;
++ if (options->ignore_user_known_hosts == -1)
++ options->ignore_user_known_hosts = 0;
++ if (options->print_motd == -1)
++ options->print_motd = 1;
++ if (options->print_lastlog == -1)
++ options->print_lastlog = 1;
++ if (options->x11_forwarding == -1)
++ options->x11_forwarding = 0;
++ if (options->x11_display_offset == -1)
++ options->x11_display_offset = 10;
++ if (options->x11_use_localhost == -1)
++ options->x11_use_localhost = 1;
++ if (options->xauth_location == NULL)
++ options->xauth_location = _PATH_XAUTH;
++ if (options->strict_modes == -1)
++ options->strict_modes = 1;
++ if (options->keepalives == -1)
++ options->keepalives = 1;
++ if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
++ options->log_facility = SYSLOG_FACILITY_AUTH;
++ if (options->log_level == SYSLOG_LEVEL_NOT_SET)
++ options->log_level = SYSLOG_LEVEL_INFO;
++ if (options->rhosts_authentication == -1)
++ options->rhosts_authentication = 0;
++ if (options->rhosts_rsa_authentication == -1)
++ options->rhosts_rsa_authentication = 0;
++ if (options->hostbased_authentication == -1)
++ options->hostbased_authentication = 0;
++ if (options->hostbased_uses_name_from_packet_only == -1)
++ options->hostbased_uses_name_from_packet_only = 0;
++ if (options->rsa_authentication == -1)
++ options->rsa_authentication = 1;
++ if (options->pubkey_authentication == -1)
++ options->pubkey_authentication = 1;
++#if defined(KRB4) || defined(KRB5)
++ if (options->kerberos_authentication == -1)
++ options->kerberos_authentication = 0;
++ if (options->kerberos_or_local_passwd == -1)
++ options->kerberos_or_local_passwd = 1;
++ if (options->kerberos_ticket_cleanup == -1)
++ options->kerberos_ticket_cleanup = 1;
++#endif
++#if defined(AFS) || defined(KRB5)
++ if (options->kerberos_tgt_passing == -1)
++ options->kerberos_tgt_passing = 0;
++#endif
++#ifdef AFS
++ if (options->afs_token_passing == -1)
++ options->afs_token_passing = 0;
++#endif
++ if (options->password_authentication == -1)
++ options->password_authentication = 1;
++ if (options->kbd_interactive_authentication == -1)
++ options->kbd_interactive_authentication = 0;
++ if (options->challenge_response_authentication == -1)
++ options->challenge_response_authentication = 1;
++ if (options->permit_empty_passwd == -1)
++ options->permit_empty_passwd = 0;
++ if (options->permit_user_env == -1)
++ options->permit_user_env = 0;
++ if (options->use_login == -1)
++ options->use_login = 0;
++ if (options->compression == -1)
++ options->compression = 1;
++ if (options->allow_tcp_forwarding == -1)
++ options->allow_tcp_forwarding = 1;
++ if (options->gateway_ports == -1)
++ options->gateway_ports = 0;
++ if (options->max_startups == -1)
++ options->max_startups = 10;
++ if (options->max_startups_rate == -1)
++ options->max_startups_rate = 100; /* 100% */
++ if (options->max_startups_begin == -1)
++ options->max_startups_begin = options->max_startups;
++ if (options->verify_reverse_mapping == -1)
++ options->verify_reverse_mapping = 0;
++ if (options->client_alive_interval == -1)
++ options->client_alive_interval = 0;
++ if (options->client_alive_count_max == -1)
++ options->client_alive_count_max = 3;
++ if (options->authorized_keys_file2 == NULL) {
++ /* authorized_keys_file2 falls back to authorized_keys_file */
++ if (options->authorized_keys_file != NULL)
++ options->authorized_keys_file2 = options->authorized_keys_file;
++ else
++ options->authorized_keys_file2 = _PATH_SSH_USER_PERMITTED_KEYS2;
++ }
++ if (options->authorized_keys_file == NULL)
++ options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
++
++ /* Turn privilege separation on by default */
++ if (use_privsep == -1)
++ use_privsep = 1;
++
++#ifndef HAVE_MMAP
++ if (use_privsep && options->compression == 1) {
++ error("This platform does not support both privilege "
++ "separation and compression");
++ error("Compression disabled");
++ options->compression = 0;
++ }
++#endif
++
++}
++
++/* Keyword tokens. */
++typedef enum {
++ sBadOption, /* == unknown option */
++ /* Portable-specific options */
++ sPAMAuthenticationViaKbdInt,
++ /* Standard Options */
++ sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
++ sPermitRootLogin, sLogFacility, sLogLevel,
++ sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
++#if defined(KRB4) || defined(KRB5)
++ sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
++#endif
++#if defined(AFS) || defined(KRB5)
++ sKerberosTgtPassing,
++#endif
++#ifdef AFS
++ sAFSTokenPassing,
++#endif
++ sChallengeResponseAuthentication,
++ sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
++ sPrintMotd, sPrintLastLog, sIgnoreRhosts,
++ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
++ sStrictModes, sEmptyPasswd, sKeepAlives,
++ sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
++ sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
++ sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
++ sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
++ sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
++ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
++ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
++ sUsePrivilegeSeparation,
++ sDeprecated
++} ServerOpCodes;
++
++/* Textual representation of the tokens. */
++static struct {
++ const char *name;
++ ServerOpCodes opcode;
++} keywords[] = {
++ /* Portable-specific options */
++ { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
++ /* Standard Options */
++ { "port", sPort },
++ { "hostkey", sHostKeyFile },
++ { "hostdsakey", sHostKeyFile }, /* alias */
++ { "pidfile", sPidFile },
++ { "serverkeybits", sServerKeyBits },
++ { "logingracetime", sLoginGraceTime },
++ { "keyregenerationinterval", sKeyRegenerationTime },
++ { "permitrootlogin", sPermitRootLogin },
++ { "syslogfacility", sLogFacility },
++ { "loglevel", sLogLevel },
++ { "rhostsauthentication", sRhostsAuthentication },
++ { "rhostsrsaauthentication", sRhostsRSAAuthentication },
++ { "hostbasedauthentication", sHostbasedAuthentication },
++ { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
++ { "rsaauthentication", sRSAAuthentication },
++ { "pubkeyauthentication", sPubkeyAuthentication },
++ { "dsaauthentication", sPubkeyAuthentication }, /* alias */
++#if defined(KRB4) || defined(KRB5)
++ { "kerberosauthentication", sKerberosAuthentication },
++ { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
++ { "kerberosticketcleanup", sKerberosTicketCleanup },
++#endif
++#if defined(AFS) || defined(KRB5)
++ { "kerberostgtpassing", sKerberosTgtPassing },
++#endif
++#ifdef AFS
++ { "afstokenpassing", sAFSTokenPassing },
++#endif
++ { "passwordauthentication", sPasswordAuthentication },
++ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
++ { "challengeresponseauthentication", sChallengeResponseAuthentication },
++ { "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
++ { "checkmail", sDeprecated },
++ { "listenaddress", sListenAddress },
++ { "printmotd", sPrintMotd },
++ { "printlastlog", sPrintLastLog },
++ { "ignorerhosts", sIgnoreRhosts },
++ { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
++ { "x11forwarding", sX11Forwarding },
++ { "x11displayoffset", sX11DisplayOffset },
++ { "x11uselocalhost", sX11UseLocalhost },
++ { "xauthlocation", sXAuthLocation },
++ { "strictmodes", sStrictModes },
++ { "permitemptypasswords", sEmptyPasswd },
++ { "permituserenvironment", sPermitUserEnvironment },
++ { "uselogin", sUseLogin },
++ { "compression", sCompression },
++ { "keepalive", sKeepAlives },
++ { "allowtcpforwarding", sAllowTcpForwarding },
++ { "allowusers", sAllowUsers },
++ { "denyusers", sDenyUsers },
++ { "allowgroups", sAllowGroups },
++ { "denygroups", sDenyGroups },
++ { "ciphers", sCiphers },
++ { "macs", sMacs },
++ { "protocol", sProtocol },
++ { "gatewayports", sGatewayPorts },
++ { "subsystem", sSubsystem },
++ { "maxstartups", sMaxStartups },
++ { "banner", sBanner },
++ { "verifyreversemapping", sVerifyReverseMapping },
++ { "reversemappingcheck", sVerifyReverseMapping },
++ { "clientaliveinterval", sClientAliveInterval },
++ { "clientalivecountmax", sClientAliveCountMax },
++ { "authorizedkeysfile", sAuthorizedKeysFile },
++ { "authorizedkeysfile2", sAuthorizedKeysFile2 },
++ { "useprivilegeseparation", sUsePrivilegeSeparation},
++ { NULL, sBadOption }
++};
++
++/*
++ * Returns the number of the token pointed to by cp or sBadOption.
++ */
++
++static ServerOpCodes
++parse_token(const char *cp, const char *filename,
++ int linenum)
++{
++ u_int i;
++
++ for (i = 0; keywords[i].name; i++)
++ if (strcasecmp(cp, keywords[i].name) == 0)
++ return keywords[i].opcode;
++
++ error("%s: line %d: Bad configuration option: %s",
++ filename, linenum, cp);
++ return sBadOption;
++}
++
++static void
++add_listen_addr(ServerOptions *options, char *addr, u_short port)
++{
++ int i;
++
++ if (options->num_ports == 0)
++ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
++ if (port == 0)
++ for (i = 0; i < options->num_ports; i++)
++ add_one_listen_addr(options, addr, options->ports[i]);
++ else
++ add_one_listen_addr(options, addr, port);
++}
++
++static void
++add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
++{
++ struct addrinfo hints, *ai, *aitop;
++ char strport[NI_MAXSERV];
++ int gaierr;
++
++ memset(&hints, 0, sizeof(hints));
++ hints.ai_family = IPv4or6;
++ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
++ snprintf(strport, sizeof strport, "%u", port);
++ if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
++ fatal("bad addr or host: %s (%s)",
++ addr ? addr : "<NULL>",
++ gai_strerror(gaierr));
++ for (ai = aitop; ai->ai_next; ai = ai->ai_next)
++ ;
++ ai->ai_next = options->listen_addrs;
++ options->listen_addrs = aitop;
++}
++
++int
++process_server_config_line(ServerOptions *options, char *line,
++ const char *filename, int linenum)
++{
++ char *cp, **charptr, *arg, *p;
++ int *intptr, value, i, n;
++ ServerOpCodes opcode;
++
++ cp = line;
++ arg = strdelim(&cp);
++ /* Ignore leading whitespace */
++ if (*arg == '\0')
++ arg = strdelim(&cp);
++ if (!arg || !*arg || *arg == '#')
++ return 0;
++ intptr = NULL;
++ charptr = NULL;
++ opcode = parse_token(arg, filename, linenum);
++ switch (opcode) {
++ /* Portable-specific options */
++ case sPAMAuthenticationViaKbdInt:
++ intptr = &options->pam_authentication_via_kbd_int;
++ goto parse_flag;
++
++ /* Standard Options */
++ case sBadOption:
++ return -1;
++ case sPort:
++ /* ignore ports from configfile if cmdline specifies ports */
++ if (options->ports_from_cmdline)
++ return 0;
++ if (options->listen_addrs != NULL)
++ fatal("%s line %d: ports must be specified before "
++ "ListenAddress.", filename, linenum);
++ if (options->num_ports >= MAX_PORTS)
++ fatal("%s line %d: too many ports.",
++ filename, linenum);
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing port number.",
++ filename, linenum);
++ options->ports[options->num_ports++] = a2port(arg);
++ if (options->ports[options->num_ports-1] == 0)
++ fatal("%s line %d: Badly formatted port number.",
++ filename, linenum);
++ break;
++
++ case sServerKeyBits:
++ intptr = &options->server_key_bits;
++parse_int:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing integer value.",
++ filename, linenum);
++ value = atoi(arg);
++ if (*intptr == -1)
++ *intptr = value;
++ break;
++
++ case sLoginGraceTime:
++ intptr = &options->login_grace_time;
++parse_time:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing time value.",
++ filename, linenum);
++ if ((value = convtime(arg)) == -1)
++ fatal("%s line %d: invalid time value.",
++ filename, linenum);
++ if (*intptr == -1)
++ *intptr = value;
++ break;
++
++ case sKeyRegenerationTime:
++ intptr = &options->key_regeneration_time;
++ goto parse_time;
++
++ case sListenAddress:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0' || strncmp(arg, "[]", 2) == 0)
++ fatal("%s line %d: missing inet addr.",
++ filename, linenum);
++ if (*arg == '[') {
++ if ((p = strchr(arg, ']')) == NULL)
++ fatal("%s line %d: bad ipv6 inet addr usage.",
++ filename, linenum);
++ arg++;
++ memmove(p, p+1, strlen(p+1)+1);
++ } else if (((p = strchr(arg, ':')) == NULL) ||
++ (strchr(p+1, ':') != NULL)) {
++ add_listen_addr(options, arg, 0);
++ break;
++ }
++ if (*p == ':') {
++ u_short port;
++
++ p++;
++ if (*p == '\0')
++ fatal("%s line %d: bad inet addr:port usage.",
++ filename, linenum);
++ else {
++ *(p-1) = '\0';
++ if ((port = a2port(p)) == 0)
++ fatal("%s line %d: bad port number.",
++ filename, linenum);
++ add_listen_addr(options, arg, port);
++ }
++ } else if (*p == '\0')
++ add_listen_addr(options, arg, 0);
++ else
++ fatal("%s line %d: bad inet addr usage.",
++ filename, linenum);
++ break;
++
++ case sHostKeyFile:
++ intptr = &options->num_host_key_files;
++ if (*intptr >= MAX_HOSTKEYS)
++ fatal("%s line %d: too many host keys specified (max %d).",
++ filename, linenum, MAX_HOSTKEYS);
++ charptr = &options->host_key_files[*intptr];
++parse_filename:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing file name.",
++ filename, linenum);
++ if (*charptr == NULL) {
++ *charptr = tilde_expand_filename(arg, getuid());
++ /* increase optional counter */
++ if (intptr != NULL)
++ *intptr = *intptr + 1;
++ }
++ break;
++
++ case sPidFile:
++ charptr = &options->pid_file;
++ goto parse_filename;
++
++ case sPermitRootLogin:
++ intptr = &options->permit_root_login;
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing yes/"
++ "without-password/forced-commands-only/no "
++ "argument.", filename, linenum);
++ value = 0; /* silence compiler */
++ if (strcmp(arg, "without-password") == 0)
++ value = PERMIT_NO_PASSWD;
++ else if (strcmp(arg, "forced-commands-only") == 0)
++ value = PERMIT_FORCED_ONLY;
++ else if (strcmp(arg, "yes") == 0)
++ value = PERMIT_YES;
++ else if (strcmp(arg, "no") == 0)
++ value = PERMIT_NO;
++ else
++ fatal("%s line %d: Bad yes/"
++ "without-password/forced-commands-only/no "
++ "argument: %s", filename, linenum, arg);
++ if (*intptr == -1)
++ *intptr = value;
++ break;
++
++ case sIgnoreRhosts:
++ intptr = &options->ignore_rhosts;
++parse_flag:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing yes/no argument.",
++ filename, linenum);
++ value = 0; /* silence compiler */
++ if (strcmp(arg, "yes") == 0)
++ value = 1;
++ else if (strcmp(arg, "no") == 0)
++ value = 0;
++ else
++ fatal("%s line %d: Bad yes/no argument: %s",
++ filename, linenum, arg);
++ if (*intptr == -1)
++ *intptr = value;
++ break;
++
++ case sIgnoreUserKnownHosts:
++ intptr = &options->ignore_user_known_hosts;
++ goto parse_flag;
++
++ case sRhostsAuthentication:
++ intptr = &options->rhosts_authentication;
++ goto parse_flag;
++
++ case sRhostsRSAAuthentication:
++ intptr = &options->rhosts_rsa_authentication;
++ goto parse_flag;
++
++ case sHostbasedAuthentication:
++ intptr = &options->hostbased_authentication;
++ goto parse_flag;
++
++ case sHostbasedUsesNameFromPacketOnly:
++ intptr = &options->hostbased_uses_name_from_packet_only;
++ goto parse_flag;
++
++ case sRSAAuthentication:
++ intptr = &options->rsa_authentication;
++ goto parse_flag;
++
++ case sPubkeyAuthentication:
++ intptr = &options->pubkey_authentication;
++ goto parse_flag;
++#if defined(KRB4) || defined(KRB5)
++ case sKerberosAuthentication:
++ intptr = &options->kerberos_authentication;
++ goto parse_flag;
++
++ case sKerberosOrLocalPasswd:
++ intptr = &options->kerberos_or_local_passwd;
++ goto parse_flag;
++
++ case sKerberosTicketCleanup:
++ intptr = &options->kerberos_ticket_cleanup;
++ goto parse_flag;
++#endif
++#if defined(AFS) || defined(KRB5)
++ case sKerberosTgtPassing:
++ intptr = &options->kerberos_tgt_passing;
++ goto parse_flag;
++#endif
++#ifdef AFS
++ case sAFSTokenPassing:
++ intptr = &options->afs_token_passing;
++ goto parse_flag;
++#endif
++
++ case sPasswordAuthentication:
++ intptr = &options->password_authentication;
++ goto parse_flag;
++
++ case sKbdInteractiveAuthentication:
++ intptr = &options->kbd_interactive_authentication;
++ goto parse_flag;
++
++ case sChallengeResponseAuthentication:
++ intptr = &options->challenge_response_authentication;
++ goto parse_flag;
++
++ case sPrintMotd:
++ intptr = &options->print_motd;
++ goto parse_flag;
++
++ case sPrintLastLog:
++ intptr = &options->print_lastlog;
++ goto parse_flag;
++
++ case sX11Forwarding:
++ intptr = &options->x11_forwarding;
++ goto parse_flag;
++
++ case sX11DisplayOffset:
++ intptr = &options->x11_display_offset;
++ goto parse_int;
++
++ case sX11UseLocalhost:
++ intptr = &options->x11_use_localhost;
++ goto parse_flag;
++
++ case sXAuthLocation:
++ charptr = &options->xauth_location;
++ goto parse_filename;
++
++ case sStrictModes:
++ intptr = &options->strict_modes;
++ goto parse_flag;
++
++ case sKeepAlives:
++ intptr = &options->keepalives;
++ goto parse_flag;
++
++ case sEmptyPasswd:
++ intptr = &options->permit_empty_passwd;
++ goto parse_flag;
++
++ case sPermitUserEnvironment:
++ intptr = &options->permit_user_env;
++ goto parse_flag;
++
++ case sUseLogin:
++ intptr = &options->use_login;
++ goto parse_flag;
++
++ case sCompression:
++ intptr = &options->compression;
++ goto parse_flag;
++
++ case sGatewayPorts:
++ intptr = &options->gateway_ports;
++ goto parse_flag;
++
++ case sVerifyReverseMapping:
++ intptr = &options->verify_reverse_mapping;
++ goto parse_flag;
++
++ case sLogFacility:
++ intptr = (int *) &options->log_facility;
++ arg = strdelim(&cp);
++ value = log_facility_number(arg);
++ if (value == SYSLOG_FACILITY_NOT_SET)
++ fatal("%.200s line %d: unsupported log facility '%s'",
++ filename, linenum, arg ? arg : "<NONE>");
++ if (*intptr == -1)
++ *intptr = (SyslogFacility) value;
++ break;
++
++ case sLogLevel:
++ intptr = (int *) &options->log_level;
++ arg = strdelim(&cp);
++ value = log_level_number(arg);
++ if (value == SYSLOG_LEVEL_NOT_SET)
++ fatal("%.200s line %d: unsupported log level '%s'",
++ filename, linenum, arg ? arg : "<NONE>");
++ if (*intptr == -1)
++ *intptr = (LogLevel) value;
++ break;
++
++ case sAllowTcpForwarding:
++ intptr = &options->allow_tcp_forwarding;
++ goto parse_flag;
++
++ case sUsePrivilegeSeparation:
++ intptr = &use_privsep;
++ goto parse_flag;
++
++ case sAllowUsers:
++ while ((arg = strdelim(&cp)) && *arg != '\0') {
++ if (options->num_allow_users >= MAX_ALLOW_USERS)
++ fatal("%s line %d: too many allow users.",
++ filename, linenum);
++ options->allow_users[options->num_allow_users++] =
++ xstrdup(arg);
++ }
++ break;
++
++ case sDenyUsers:
++ while ((arg = strdelim(&cp)) && *arg != '\0') {
++ if (options->num_deny_users >= MAX_DENY_USERS)
++ fatal( "%s line %d: too many deny users.",
++ filename, linenum);
++ options->deny_users[options->num_deny_users++] =
++ xstrdup(arg);
++ }
++ break;
++
++ case sAllowGroups:
++ while ((arg = strdelim(&cp)) && *arg != '\0') {
++ if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
++ fatal("%s line %d: too many allow groups.",
++ filename, linenum);
++ options->allow_groups[options->num_allow_groups++] =
++ xstrdup(arg);
++ }
++ break;
++
++ case sDenyGroups:
++ while ((arg = strdelim(&cp)) && *arg != '\0') {
++ if (options->num_deny_groups >= MAX_DENY_GROUPS)
++ fatal("%s line %d: too many deny groups.",
++ filename, linenum);
++ options->deny_groups[options->num_deny_groups++] = xstrdup(arg);
++ }
++ break;
++
++ case sCiphers:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: Missing argument.", filename, linenum);
++ if (!ciphers_valid(arg))
++ fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
++ filename, linenum, arg ? arg : "<NONE>");
++ if (options->ciphers == NULL)
++ options->ciphers = xstrdup(arg);
++ break;
++
++ case sMacs:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: Missing argument.", filename, linenum);
++ if (!mac_valid(arg))
++ fatal("%s line %d: Bad SSH2 mac spec '%s'.",
++ filename, linenum, arg ? arg : "<NONE>");
++ if (options->macs == NULL)
++ options->macs = xstrdup(arg);
++ break;
++
++ case sProtocol:
++ intptr = &options->protocol;
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: Missing argument.", filename, linenum);
++ value = proto_spec(arg);
++ if (value == SSH_PROTO_UNKNOWN)
++ fatal("%s line %d: Bad protocol spec '%s'.",
++ filename, linenum, arg ? arg : "<NONE>");
++ if (*intptr == SSH_PROTO_UNKNOWN)
++ *intptr = value;
++ break;
++
++ case sSubsystem:
++ if (options->num_subsystems >= MAX_SUBSYSTEMS) {
++ fatal("%s line %d: too many subsystems defined.",
++ filename, linenum);
++ }
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: Missing subsystem name.",
++ filename, linenum);
++ for (i = 0; i < options->num_subsystems; i++)
++ if (strcmp(arg, options->subsystem_name[i]) == 0)
++ fatal("%s line %d: Subsystem '%s' already defined.",
++ filename, linenum, arg);
++ options->subsystem_name[options->num_subsystems] = xstrdup(arg);
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: Missing subsystem command.",
++ filename, linenum);
++ options->subsystem_command[options->num_subsystems] = xstrdup(arg);
++ options->num_subsystems++;
++ break;
++
++ case sMaxStartups:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: Missing MaxStartups spec.",
++ filename, linenum);
++ if ((n = sscanf(arg, "%d:%d:%d",
++ &options->max_startups_begin,
++ &options->max_startups_rate,
++ &options->max_startups)) == 3) {
++ if (options->max_startups_begin >
++ options->max_startups ||
++ options->max_startups_rate > 100 ||
++ options->max_startups_rate < 1)
++ fatal("%s line %d: Illegal MaxStartups spec.",
++ filename, linenum);
++ } else if (n != 1)
++ fatal("%s line %d: Illegal MaxStartups spec.",
++ filename, linenum);
++ else
++ options->max_startups = options->max_startups_begin;
++ break;
++
++ case sBanner:
++ charptr = &options->banner;
++ goto parse_filename;
++ /*
++ * These options can contain %X options expanded at
++ * connect time, so that you can specify paths like:
++ *
++ * AuthorizedKeysFile /etc/ssh_keys/%u
++ */
++ case sAuthorizedKeysFile:
++ case sAuthorizedKeysFile2:
++ charptr = (opcode == sAuthorizedKeysFile ) ?
++ &options->authorized_keys_file :
++ &options->authorized_keys_file2;
++ goto parse_filename;
++
++ case sClientAliveInterval:
++ intptr = &options->client_alive_interval;
++ goto parse_time;
++
++ case sClientAliveCountMax:
++ intptr = &options->client_alive_count_max;
++ goto parse_int;
++
++ case sDeprecated:
++ log("%s line %d: Deprecated option %s",
++ filename, linenum, arg);
++ while (arg)
++ arg = strdelim(&cp);
++ break;
++
++ default:
++ fatal("%s line %d: Missing handler for opcode %s (%d)",
++ filename, linenum, arg, opcode);
++ }
++ if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
++ fatal("%s line %d: garbage at end of line; \"%.200s\".",
++ filename, linenum, arg);
++ return 0;
++}
++
++/* Reads the server configuration file. */
++
++void
++read_server_config(ServerOptions *options, const char *filename)
++{
++ int linenum, bad_options = 0;
++ char line[1024];
++ FILE *f;
++
++ debug2("read_server_config: filename %s", filename);
++ f = fopen(filename, "r");
++ if (!f) {
++ perror(filename);
++ exit(1);
++ }
++ linenum = 0;
++ while (fgets(line, sizeof(line), f)) {
++ /* Update line number counter. */
++ linenum++;
++ if (process_server_config_line(options, line, filename, linenum) != 0)
++ bad_options++;
++ }
++ fclose(f);
++ if (bad_options > 0)
++ fatal("%s: terminating, %d bad configuration options",
++ filename, bad_options);
++}
projects / packages / openssh.git / commitdiff