diff options
| author | itojun <itojun> | 2001-08-02 12:55:20 +0000 |
|---|---|---|
| committer | itojun <itojun> | 2001-08-02 12:55:20 +0000 |
| commit | 3e8f2b7807cd3c5e488ea54cf6dd760b6c1adb9b (patch) | |
| tree | a84380ff06bb72ec0b87545f0040c61e6e68f0bc /security | |
| parent | 5a8b5a2b8da1df5801155d600512174ab5c2c6a0 (diff) | |
| download | pkgsrc-3e8f2b7807cd3c5e488ea54cf6dd760b6c1adb9b.tar.gz | |
say goodbye to security/ssh6. per comments on packages@netbsd.
Diffstat (limited to 'security')
53 files changed, 1 insertions, 11418 deletions
diff --git a/security/Makefile b/security/Makefile index 2ea0a6d67d5..c141a27d30d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.83 2001/07/17 15:01:38 nra Exp $ +# $NetBSD: Makefile,v 1.84 2001/08/02 12:55:20 itojun Exp $ # COMMENT= Security tools @@ -76,7 +76,6 @@ SUBDIR+= srp_client SUBDIR+= ssh SUBDIR+= ssh-askpass SUBDIR+= ssh-ip-tunnel -SUBDIR+= ssh6 SUBDIR+= ssldump SUBDIR+= sslwrap SUBDIR+= stunnel diff --git a/security/ssh6/Makefile b/security/ssh6/Makefile deleted file mode 100644 index d6c9fe836bd..00000000000 --- a/security/ssh6/Makefile +++ /dev/null @@ -1,210 +0,0 @@ -# $NetBSD: Makefile,v 1.18 2001/08/02 12:32:33 itojun Exp $ -# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp -# - -# We do not upgrade to 1.2.28 and beyond, intentionally. There was license -# change between 1.2.27 and 1.2.28, and the new license prohibits us from -# modifying/redistributing it. -# -DISTNAME= ssh-1.2.27 -PKGNAME= ssh6-1.2.27nb1 -CATEGORIES= security net -MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/old/ \ - ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \ - ftp://ftp.cert.dfn.de/pub/tools/net/ssh/ -DISTFILES= ${DISTNAME}${EXTRACT_SUFX} - -MAINTAINER= packages@netbsd.org -HOMEPAGE= http://www.cs.hut.fi/ssh/ -COMMENT= IPv6 version of secure shell client and server (remote login program) - -CONFLICTS= openssh-[0-9]* ssh-[0-9]* - -IGNORE= has security holes, not maintained any more. use openssh - -CRYPTO= YES -LICENSE= no-commercial-use -USE_RSAREF2= NO - -EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} -# the next line is needed if you have the gmp package installed -LDFLAGS+= -Lgmp-2.0.2-ssh-2 -GNU_CONFIGURE= YES - -.include "../../mk/bsd.prefs.mk" - -# Use SSH_CONF_DIR from /etc/mk.conf, if defined; otherwise default to /etc -SSH_CONF_DIR?= /etc - -CONFIGURE_ARGS+= --with-etcdir=${SSH_CONF_DIR} --with-libwrap - -#Uncomment if all your users are in their own group and their homedir -#is writeable by that group. Beware the security implications! -#CONFIGURE_ARGS+= --enable-group-writeability - -#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection -#over a secure medium. This is normally dangerous since it can lead to the -#disclosure keys and passwords. -#CONFIGURE_ARGS+= --with-none - -.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES -DEPENDS+= rsaref-2.0p3:../../security/rsaref -CONFIGURE_ARGS+= --with-rsaref="${LOCALBASE}/lib" -CONFIGURE_ENV+= LDFLAGS="-Wl,-R${LOCALBASE}/lib" -CFLAGS+= -I${LOCALBASE}/include -.endif - -# Include support for the SecureID card -# Warning: untested ! -.if defined(USE_SECUREID) && ${USE_SECUREID} == YES -CONFIGURE_ARGS+= --with-secureid -.endif - -# If rsh is elsewhere to /usr/bin/rsh -.if defined(SSH_RSHPATH) -CONFIGURE_ARGS+= --with-rsh=${SSH_RSHPATH} -.endif - -# By default, use IDEA. IDEA can be freely used for non-commercial use. -# However, commercial use may require a license in a number of countries. -# -USE_IDEA?= YES - -# Handle deprecated option SSH_DONT_USE_IDEA. -# -.if defined(SSH_DONT_USE_IDEA) && ${SSH_DONT_USE_IDEA} == YES -USE_IDEA= NO -.endif - -.if ${USE_IDEA} != "YES" -CONFIGURE_ARGS+= --without-idea -.endif - -# Include SOCKS firewall support -.if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5) -BROKEN= SOCKS support currently unavailable -CONFIGURE_ARGS+= --with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}" -CFLAGS+= -I${LOCALBASE}/include -.if ${USE_SOCKS} == 4 -DEPENDS+= socks4-2.2:../../net/socks4 -.else -DEPENDS+= socks5-1.0.2:../../net/socks5 -.endif -.endif - -# The original Kerberos v4 patches were fetched from -# http://www.monkey.org/~dugsong/ssh-afs/ -# PATCH_SITES+= ftp://ftp.monkey.org/pub/users/dugsong/ -# PATCHFILES+= ssh-1.2.27-afs-kerberos.patch-1 -# MD5 (ssh-1.2.27-afs-kerberos.patch-1) = d440f74958d9c3805b76dbc13e97e87d - -.if defined(KERBEROS) -USE_KERBEROS= yes -CONFIGURE_ARGS+= --with-krb4=/usr -.endif - -# XXX KERBEROS 5 SUPPORT BROKEN WITH HEIMDAL -#.if defined(KERBEROS) && ${KERBEROS} == 5 -#USE_KERBEROS= yes -#CONFIGURE_ARGS+=--with-krb5=/usr -#.else -#CONFIGURE_ARGS+=--without-krb5 -#.endif - -# Find X11 libraries with xpkgwedge -.if defined(USE_LOCALBASE_FOR_X11) -CONFIGURE_ARGS+= --x-libraries=${X11BASE}/lib --x-includes=${X11BASE}/include -.endif - -# Enable support for TIS authentication server -.if defined(USE_TIS) && ${USE_TIS} == YES -CONFIGURE_ARGS+= --with-tis=${LOCALBASE} -.endif - -# Don't install "ssh" setuid -.if !defined(SSH_SUID) || ${SSH_SUID} != YES -CONFIGURE_ARGS+= --disable-suid-ssh -.endif - -# Make libwrap also compare against forwards (off by default) -.if defined(LIBWRAP_FWD) && ${LIBWRAP_FWD} == YES -CFLAGS+= -DLIBWRAP_FWD -.endif - -# The original IPv6 patches were fetched from -# PATCH_SITES+= ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ -# PATCHFILES+= ssh-1.2.27-IPv6-1.5-patch.gz -# MD5 (ssh-1.2.27-IPv6-1.5-patch.gz) = b854131fe8aa025abeef32cecfe1b037 - -.if defined(USE_INET6) && ${USE_INET6} == YES -CONFIGURE_ARGS+= --enable-ipv6 -.else -CONFIGURE_ARGS+= --disable-ipv6 -.endif - -# be more effective on M68060 machines -.if defined(M68060) -CONFIGURE_ARGS+= --disable-asm -CFLAGS+= -m68060 -.endif - -DEINSTALL_FILE= ${WRKDIR}/DEINSTALL -PLIST_SRC= ${WRKDIR}/PLIST -MESSAGE_SUBST+= SSH_CONF_DIR=${SSH_CONF_DIR} - -pre-patch: - @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ - ${WRKSRC}/make-ssh-known-hosts.pl.in - @# SSH DES and AFS/Kerberos DES conflict. - @${MV} -f ${WRKSRC}/des.h ${WRKSRC}/ssh-des.h - -fetch-depends: -.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO - @${ECHO} - @${ECHO} The variable USE_RSAREF2 must be set to either YES or NO - @${ECHO} in order to build this package. USA residents that are - @${ECHO} not licensees of the RSA algorithm MUST set this variable - @${ECHO} to YES. Users outside the USA MUST set this variable to - @${ECHO} NO. Licensees may choose -- NO is faster. - @${ECHO} - @${ECHO} You may also want to set USE_IDEA to NO if this program - @${ECHO} will be used for a commercial purpose. There are other - @${ECHO} configure options\; look at the pkg Makefile for more info. - @${FALSE} -.endif - -post-patch: - @# Make sure that "automake" is never run. - @${FIND} ${WRKSRC} -name Makefile.in -print | ${XARGS} ${TOUCH} ${TOUCH_FLAGS} - -post-build: - @cd ${PKGDIR}; \ - for FILE in DEINSTALL PLIST ${FILESDIR}/sshd.sh; do \ - ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \ - -e 's#@PREFIX@#${PREFIX}#g' \ - <$${FILE} >${WRKDIR}/`basename $${FILE}`; \ - done - @if [ -x ${WRKSRC}/ssh-askpass ]; then \ - ${ECHO} bin/ssh-askpass >>${PLIST_SRC}; \ - ${ECHO} bin/ssh-askpass1 >>${PLIST_SRC}; \ - fi - -post-install: - @${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ssh - @${MKDIR} ${WRKDIR}${SSH_CONF_DIR} - (cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \ - -f ${MAKEFILE} install_prefix=${WRKDIR} install-configs) - ${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \ - ${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh - @${RM} -rf ${WRKDIR}${SSH_CONF_DIR} - @if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \ - ${ECHO} "Generating a secret host key..."; \ - ${PREFIX}/bin/ssh-keygen \ - -f ${SSH_CONF_DIR}/ssh_host_key -N ""; \ - fi - ${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd - -BUILD_DEFS+= USE_IDEA SSH_CONF_DIR SSH_SUID USE_RSAREF2 -BUILD_DEFS+= LIBWRAP_FWD M68060 USE_SOCKS USE_INET6 - -.include "../../mk/bsd.pkg.mk" diff --git a/security/ssh6/distinfo b/security/ssh6/distinfo deleted file mode 100644 index 47ef3fd4cc0..00000000000 --- a/security/ssh6/distinfo +++ /dev/null @@ -1,49 +0,0 @@ -$NetBSD: distinfo,v 1.2 2001/04/19 15:40:40 agc Exp $ - -SHA1 (ssh-1.2.27.tar.gz) = 0e7d59c6a62b094bd51818599ae24f7de3462d14 -Size (ssh-1.2.27.tar.gz) = 1022546 bytes -SHA1 (patch-aa) = 6cf6e5043e1cd230064b73620ce7c86bf5673649 -SHA1 (patch-ab) = 1f2f35b6cf3df997650b1547000d3262735d04e8 -SHA1 (patch-ac) = ded15b71cbf241146fe40265c657ca4e22af697a -SHA1 (patch-ad) = 0fac0e4586db5257ea10dfba2e14f7f35c6bed49 -SHA1 (patch-ae) = 559327d78036cd956443a739f3f0f52430dd9b2f -SHA1 (patch-af) = 13a92134bce0c6d919ad53832b9071dc2a8871ed -SHA1 (patch-ag) = e3f0bdb841e0d8e1216bc7761704888dcef0c17c -SHA1 (patch-ah) = e71f71b606e057eb646941719416a7be74849a1b -SHA1 (patch-ai) = e1703f0bbd16aee2137f71ed2f73ae16a16280c7 -SHA1 (patch-aj) = e345e4c8b509be1dd1a6b3fb88bcecb51c9f6fd6 -SHA1 (patch-al) = 1d7dca318e09185d80df6ebc9cc89909c5cf9afe -SHA1 (patch-am) = 46d4ee33fdb74874733c4efef45b5da89c5a0993 -SHA1 (patch-an) = d286e3ee625bcd5947a4d7ab54b20340142d0f0c -SHA1 (patch-ao) = 50fbfb324a6cae9636d649e30613092e1f5e5999 -SHA1 (patch-ap) = 88365b53d5bc7ae0b49c36b06f16e0f7a28f6acb -SHA1 (patch-aq) = 5f7dcd9f13c089f0ec1265a21b5123a448938722 -SHA1 (patch-ar) = 3a4e8d21c231d613c39d186c66b488202c7b1d38 -SHA1 (patch-as) = 724fad32e30fb896c016e7c5175ecbf277b2a8e6 -SHA1 (patch-at) = b2c65fdf1be1f94f2a1bb94e18ae2a70770b343d -SHA1 (patch-au) = 332bf200d3f395ec72ceb5831eda926d617cb1c8 -SHA1 (patch-av) = 87fe313300b2fd799ada92f4065acf0eafe3cbec -SHA1 (patch-aw) = 9b568bf3ab28f3ae7a501dde8bc38026831fc4c5 -SHA1 (patch-ax) = 64b8460f961f7c874b8959480591abbc3e1ff3d2 -SHA1 (patch-ay) = 6d4a63c65773d505b1cf94260f723a1378e748a2 -SHA1 (patch-az) = 12403dcada3d5a273a8cc2184c9bca1a8088dbd0 -SHA1 (patch-ba) = c7d24bc11bf16124b9da4c7f49318d83784a2d68 -SHA1 (patch-bb) = 699259dfd73469ea39ccd2f48f54b8252bf0bd4b -SHA1 (patch-bc) = 9948c426979817eaa7a1b326d0e60382afd956ae -SHA1 (patch-bd) = e63625c4352d513dd76b36ea805cf6304a3f1800 -SHA1 (patch-be) = eac6712f1d5e2f3a4a7775d35971d39bb01649c2 -SHA1 (patch-bf) = 4299df9c21b671cd1f489d75229a678588c1f616 -SHA1 (patch-bg) = ca8de83df822ab184240e77bb8047090b5ecc418 -SHA1 (patch-bh) = 62752346e5af79d52895f2cb0a5eab3d61c037d9 -SHA1 (patch-bi) = 515b67a21c11c1dde30da74d40e5a7732cdb361b -SHA1 (patch-bj) = 7159c929696e9a6cd9203b50affe59c19ae3a73e -SHA1 (patch-bk) = 44ae1661569d55bd82b5469fe0ea1895e983d5b5 -SHA1 (patch-bl) = 216bb56a3afd7b4bd3341642e4cb3ef9bfeb9fbf -SHA1 (patch-bm) = f0043e244aa2e785c81a21c50e1db8ddb6b3be8d -SHA1 (patch-bn) = b7a1110d4d3088f5e815fec91e3faa157d3dd864 -SHA1 (patch-bo) = e1bf9869613720c535feb3cb46408466b07db53c -SHA1 (patch-bp) = 1193861230f8d4be3a352752bdd005e5d1cf4db0 -SHA1 (patch-bq) = bf14f5d8dd7e2f6e95b034322041bf7e7d7d1809 -SHA1 (patch-br) = d2e6cc8275f7f3d608de0dc81ef4ae6ae1a15722 -SHA1 (patch-ca) = 38ff05ea00587d73fb4a10d5832cec345b1d0b2f -SHA1 (patch-la) = a27b200ce29505f4cdc3d235e8ca3b1de3c734b9 diff --git a/security/ssh6/files/sshd.sh b/security/ssh6/files/sshd.sh deleted file mode 100644 index 96fd93cf133..00000000000 --- a/security/ssh6/files/sshd.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# -# $NetBSD: sshd.sh,v 1.3 2000/09/20 04:49:20 jlam Exp $ -# -# PROVIDE: sshd -# REQUIRE: DAEMON LOGIN - -name="sshd" -pidfile="/var/run/${name}.pid" - -command=${1:-start} - -case ${command} in -start) - if [ ! -f @SSH_CONF_DIR@/ssh_host_key ] - then - @PREFIX@/bin/ssh-keygen -b 1024 -N "" -f /etc/ssh_host_key - fi - if [ ! -f @SSH_CONF_DIR@/ssh_host_dsa_key ] - then - /usr/pkg/bin/ssh-keygen -d -N "" -f /etc/ssh_host_dsa_key - fi - if [ -x @PREFIX@/sbin/sshd -a -f @SSH_CONF_DIR@/sshd_config ] - then - echo "Starting ${name}." - @PREFIX@/sbin/sshd - fi - ;; -stop) - if [ -f ${pidfile} ]; then - pid=`head -1 ${pidfile}` - echo "Stopping ${name}." - kill -TERM ${pid} - else - echo "${name} not running?" - fi - ;; -restart) - ( $0 stop ) - sleep 1 - $0 start - ;; -status) - if [ -f ${pidfile} ]; then - pid=`head -1 ${pidfile}` - echo "${name} is running as pid ${pid}." - else - echo "${name} is not running." - fi - ;; -esac -exit 0 diff --git a/security/ssh6/patches/patch-aa b/security/ssh6/patches/patch-aa deleted file mode 100644 index ce78efc7efb..00000000000 --- a/security/ssh6/patches/patch-aa +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-aa,v 1.1 2000/03/20 02:25:32 itojun Exp $ - ---- rsaglue.c.orig Wed May 12 07:19:28 1999 -+++ rsaglue.c Fri Nov 12 08:40:02 1999 -@@ -71,8 +71,7 @@ - interface without modifying RSAREF. */ - - #define _MD5_H_ /* Kludge to prevent inclusion of rsaref md5.h. */ --#include "rsaref2/source/global.h" --#include "rsaref2/source/rsaref.h" -+#include <rsaref/rsaref.h> - - /* Convert an integer from gmp to rsaref representation. */ - -@@ -139,6 +138,10 @@ - - input_bits = mpz_sizeinbase(input, 2); - input_len = (input_bits + 7) / 8; -+ if (input_len > MAX_RSA_MODULUS_LEN) -+ fatal("Input data has too many bits for RSAREF to handle (max %d).", -+ MAX_RSA_MODULUS_BITS); -+ - gmp_to_rsaref(input_data, input_len, input); - - rsaref_public_key(&public_key, key); -@@ -172,6 +175,10 @@ - - input_bits = mpz_sizeinbase(input, 2); - input_len = (input_bits + 7) / 8; -+ if (input_len > MAX_RSA_MODULUS_LEN) -+ fatal("Input data has too many bits for RSAREF to handle (max %d).", -+ MAX_RSA_MODULUS_BITS); -+ - gmp_to_rsaref(input_data, input_len, input); - - rsaref_private_key(&private_key, key); diff --git a/security/ssh6/patches/patch-ab b/security/ssh6/patches/patch-ab deleted file mode 100644 index 008abcfada0..00000000000 --- a/security/ssh6/patches/patch-ab +++ /dev/null @@ -1,551 +0,0 @@ -$NetBSD: patch-ab,v 1.1 2000/03/20 02:25:33 itojun Exp $ - ---- configure.in.orig Wed May 12 20:20:02 1999 -+++ configure.in Sat Mar 18 13:21:59 2000 -@@ -30,8 +30,132 @@ - fi - - AC_PROG_CC -+AC_PROG_CPP - AC_ISC_POSIX - -+AC_MSG_CHECKING([whether to enable ipv6]) -+AC_ARG_ENABLE(ipv6, -+[ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ipv6=no -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes -+ ;; -+ esac ], -+ -+ AC_TRY_RUN([ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes, -+ AC_MSG_RESULT(no) -+ ipv6=no, -+ AC_MSG_RESULT(no) -+ ipv6=no -+)) -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ AC_MSG_CHECKING([ipv6 stack type]) -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ kame) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ linux) -+ dnl http://www.v6.linux.or.jp/ -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ v6d) -+ AC_EGREP_CPP(yes, [dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"]) -+ ;; -+ zeta) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ AC_MSG_RESULT($ipv6type) -+fi -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ - AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") - - case "$host" in -@@ -42,11 +166,12 @@ - ;; - *-*-solaris*) - # solaris stuff. appro@fy.chalmers.se -- AC_DEFINE(SECURE_RPC) -- AC_DEFINE(SECURE_NFS) -+# this stuff breaks AFS/Kerberos. YUCK. -+# AC_DEFINE(SECURE_RPC) -+# AC_DEFINE(SECURE_NFS) - # NIS+ is forced so that we don't have to recompile - # if we move to NIS+. appro@fy.chalmers.se -- AC_DEFINE(NIS_PLUS) -+# AC_DEFINE(NIS_PLUS) - ;; - *-*-sunos*) - os_sunos=yes -@@ -311,9 +436,9 @@ - - export CFLAGS CC - --# Socket pairs appear to be broken on several systems. I don't know exactly --# where, so I'll use pipes everywhere for now. --AC_DEFINE(USE_PIPES) -+dnl # Socket pairs appear to be broken on several systems. I don't know exactly -+dnl # where, so I'll use pipes everywhere for now. -+dnl AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -@@ -370,7 +495,7 @@ - AC_HEADER_STDC - AC_HEADER_SYS_WAIT - AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) --AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) -+AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h) - AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) - AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) - AC_CHECK_HEADERS(sys/resource.h login_cap.h sys/stream.h sys/conf.h) -@@ -399,6 +524,16 @@ - [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) - AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) - -+AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage]) -+AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have __ss_family]) -+AC_EGREP_HEADER(__ss_family, sys/socket.h, -+ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have sa_len]) -+AC_EGREP_HEADER(sa_len, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+ - AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) - AC_CHECK_LIB(sec, getspnam) - AC_CHECK_LIB(seq, get_process_stats) -@@ -436,6 +571,107 @@ - - AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) - -+AC_MSG_CHECKING(getaddrinfo bug) -+AC_TRY_RUN([ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (inet4 != 0 && inet4 != 2) -+ goto bad; -+ if (inet6 != 0 && inet6 != 2) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+], -+AC_MSG_RESULT(good) -+buggygetaddrinfo=no, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes) -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ AC_REPLACE_FUNCS(getaddrinfo getnameinfo) -+ fi -+fi -+ - AC_PROG_LN_S - AC_PROG_INSTALL - AC_CHECK_PROG(AR, ar, ar, echo) -@@ -903,8 +1139,8 @@ - fi - AC_MSG_RESULT(Assuming TIS headers and libraries are in $withval.) - AC_DEFINE(HAVE_TIS) -- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" -- LIBS="-L$withval -lauth -lfwall $LIBS" -+ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS" -+ LIBS="-L$withval/lib -lauth -lfwall $LIBS" - AC_MSG_WARN(Remember to read README.TIS. The connection between sshd and TIS authentication - server is clear text!) - ;; -@@ -912,55 +1148,117 @@ - AC_MSG_RESULT(no) - ) - --AC_MSG_CHECKING(whether to use Kerberos) --AC_ARG_WITH(kerberos5, --[ --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support.], -+AC_MSG_CHECKING(whether to use Kerberos v4) -+AC_ARG_WITH(krb4, -+[ --with-krb4[=PATH] Compile in Kerberos v4 support.], - [ case "$withval" in - yes) -- with_kerberos5=/usr/local -+ with_krb4=/usr/kerberos - ;; - esac ], --[ with_kerberos5=no ] -+[ with_krb4=no ] - ) --case "$with_kerberos5" in -+case "$with_krb4" in - no) - AC_MSG_RESULT(no) - ;; - *) - AC_MSG_RESULT(yes) -- AC_DEFINE(KERBEROS) -- AC_DEFINE(KRB5) -- KERBEROS_ROOT="$with_kerberos5" -- KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -- AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") -+ AC_DEFINE(KRB4) -+ KERBEROS_ROOT="$with_krb4" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" - KERBEROS_OBJS="auth-kerberos.o" -+ AC_CHECK_LIB(resolv, dn_expand, KERBEROS_LIBS="$KERBEROS_LIBS -lresolv") -+ dnl Check whether or not the AFS lifetime conversion routines exist. -+ AC_MSG_CHECKING(whether AFS lifetime conversion routines are present) -+ keeplibs="$LIBS" -+ keepcflags="$CFLAGS" -+ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" -+ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" -+ AC_TRY_LINK([#include <krb.h>], [ krb_life_to_time(10, 10);], -+ [AC_MSG_RESULT(yes) -+ AC_DEFINE(HAVE_KRB_LIFE_TO_TIME)], -+ [AC_MSG_RESULT(no)]) -+ LIBS="$keeplibs" -+ CFLAGS="$keepcflags" - ;; - esac --AC_SUBST(KERBEROS_ROOT) --AC_SUBST(KERBEROS_INCS) --AC_SUBST(KERBEROS_LIBS) --AC_SUBST(KERBEROS_OBJS) -- --AC_MSG_CHECKING(whether to enable passing the Kerberos TGT) --AC_ARG_ENABLE(kerberos-tgt-passing, --[ --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket.], --[ case "$enableval" in -+ -+AC_MSG_CHECKING(whether to use Kerberos v5) -+AC_ARG_WITH(krb5, -+[ --with-krb5[=PATH] Compile in Kerberos v5 support.], -+[ case "$withval" in -+ yes) -+ with_krb5=/usr/local -+ ;; -+ esac ], -+[ with_krb5=no ] -+) -+case "$with_krb5" in - no) - AC_MSG_RESULT(no) - ;; - *) -- if test "$with_kerberos5" = no ; then -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(KRB5) -+ KERBEROS_ROOT="$with_krb5" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" -+ AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") -+ KERBEROS_OBJS="auth-kerberos.o" -+ ;; -+esac -+ -+AC_MSG_CHECKING(whether to use AFS) -+AC_ARG_WITH(afs, -+[ --with-afs Compile in AFS support (requires KTH krb4).], -+if test "$with_afs" = no; then - AC_MSG_RESULT(no) -- AC_MSG_WARN("Passing Kerberos TGT requires Kerberos5 support.") - else - AC_MSG_RESULT(yes) -- AC_DEFINE(KERBEROS_TGT_PASSING) -+ AC_DEFINE(AFS) -+ if test "$with_krb4" = no; then -+ AC_MSG_RESULT(no) -+ AC_MSG_WARN("AFS requires Kerberos v4 support.") -+ else -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" -+ if test -n "$os_aix"; then -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lld" - fi -+ fi -+fi -+) -+AC_SUBST(KERBEROS_ROOT)dnl -+AC_SUBST(KERBEROS_INCS)dnl -+AC_SUBST(KERBEROS_LIBS)dnl -+AC_SUBST(KERBEROS_OBJS)dnl -+ -+AC_MSG_CHECKING(whether to use Hesiod) -+AC_ARG_WITH(hesiod, -+[ --with-hesiod[=PATH] Compile in Hesiod support.], -+[ case "$withval" in -+ yes) -+ with_hesiod=/usr/local/athena - ;; - esac ], -- AC_MSG_RESULT(no) -+[ with_hesiod=no ] - ) -+case "$with_hesiod" in -+no) -+ AC_MSG_RESULT(no) -+ ;; -+*) -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(HESIOD) -+ HESIOD_ROOT="$with_hesiod" -+ HESIOD_INCS="-I${HESIOD_ROOT}/include" -+ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod" -+ ;; -+esac -+AC_SUBST(HESIOD_ROOT)dnl -+AC_SUBST(HESIOD_INCS)dnl -+AC_SUBST(HESIOD_LIBS)dnl - - AC_MSG_CHECKING(whether to use libwrap) - AC_ARG_WITH(libwrap, -@@ -970,11 +1268,19 @@ - AC_MSG_RESULT(no) - ;; - yes) -- AC_MSG_RESULT(yes) -- AC_CHECK_LIB(wrap, request_init, [ -- AC_DEFINE(LIBWRAP) -- WRAPLIBS="-lwrap" -- AC_DEFINE(HAVE_LIBWRAP) ]) -+ WRAPLIBS="-lwrap" -+ OLDLIBS="$LIBS" -+ LIBS="$WRAPLIBS $LIBS" -+ AC_TRY_LINK([ int allow_severity; int deny_severity; ], -+ [ request_init(); ], [ -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(LIBWRAP) -+ AC_DEFINE(HAVE_LIBWRAP) -+ ], [ -+ AC_MSG_RESULT(no) -+ WRAPLIBS="" -+ ]) -+ LIBS="$OLDLIBS" - ;; - *) - AC_MSG_RESULT(yes) -@@ -1227,14 +1533,14 @@ - [ case "$enableval" in - no) - AC_MSG_RESULT(no) -- SSHINSTALLMODE=0711 -+ SSHINSTALLMODE=0511 - ;; - *) AC_MSG_RESULT(yes) -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - ;; - esac ], - AC_MSG_RESULT(yes) -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - ) - - AC_MSG_CHECKING(whether to enable TCP_NODELAY) -@@ -1252,6 +1558,38 @@ - AC_DEFINE(ENABLE_TCP_NODELAY) - ) - -+AC_MSG_CHECKING(whether to enable another port try support) -+AC_ARG_ENABLE(another-port-try, -+[ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+) -+ -+AC_MSG_CHECKING(whether to enable logging auth info support) -+AC_ARG_ENABLE(log-auth, -+[ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+) -+ - AC_MSG_CHECKING(whether to enable SO_LINGER) - AC_ARG_ENABLE(so-linger, - [ --enable-so-linger Enable setting SO_LINGER socket option], -@@ -1311,6 +1649,8 @@ - AC_DEFINE(SCP_ALL_STATISTICS_ENABLED) - ) - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - AC_ARG_ENABLE(asm, -@@ -1336,4 +1676,4 @@ - AC_SUBST(SSHDCONFOBJS) - AC_SUBST(SSHINSTALLMODE) - --AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) -+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile) diff --git a/security/ssh6/patches/patch-ac b/security/ssh6/patches/patch-ac deleted file mode 100644 index fdb68c7f0fb..00000000000 --- a/security/ssh6/patches/patch-ac +++ /dev/null @@ -1,202 +0,0 @@ -$NetBSD: patch-ac,v 1.1 2000/03/20 02:25:33 itojun Exp $ - ---- Makefile.in.orig Wed May 12 13:19:31 1999 -+++ Makefile.in Sun Jan 23 00:22:03 2000 -@@ -264,7 +264,7 @@ - CFLAGS = @CFLAGS@ - LDFLAGS = @LDFLAGS@ - DEFS = @DEFS@ $(COMMERCIAL) --LIBS = @LIBS@ -+LIBS = @LIBS@ @HESIOD_LIBS@ - LIBOBJS = @LIBOBJS@ - CONFOBJS = @CONFOBJS@ - SSHCONFOBJS = @SSHCONFOBJS@ -@@ -285,6 +285,9 @@ - KERBEROS_LIBS = @KERBEROS_LIBS@ - KERBEROS_OBJS = @KERBEROS_OBJS@ - -+HESIOD_ROOT = @HESIOD_ROOT@ -+HESIOD_INCS = @HESIOD_INCS@ -+ - RSAREFDEP = @RSAREFDEP@ - - WRAPLIBS = @WRAPLIBS@ -@@ -304,7 +307,8 @@ - GMPLIBS = -L$(GMPDIR) -lgmp - GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a - --ZLIBDIR = zlib-1.0.4 -+#ZLIBDIR = zlib-1.0.4 -+ZLIBDIR = /usr/lib - ZLIBDEP = $(ZLIBDIR)/libz.a - ZLIBLIBS = -L$(ZLIBDIR) -lz - -@@ -314,7 +318,7 @@ - X_CFLAGS = @X_CFLAGS@ - X_LIBS = @X_LIBS@ - X_PRE_LIBS = @X_PRE_LIBS@ --X_EXTRA_LIBS = @X_EXTRA_LIBS@ -+X_EXTRA_LIBS = @X_EXTRA_LIBS@ -R$(X11BASE)/lib - - XLIBS = $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS) - -@@ -322,7 +326,7 @@ - rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o \ - xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o \ - crc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o \ -- userfile.o signals.o blowfish.o deattack.o -+ userfile.o signals.o blowfish.o deattack.o radix.o - SSHD_OBJS = sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o \ - log-server.o login.o hostfile.o canohost.o servconf.o tildexpand.o \ - serverloop.o $(COMMON_OBJS) $(KERBEROS_OBJS) $(SSHDCONFOBJS) -@@ -411,7 +415,7 @@ - $(CC) -o rfc-pg rfc-pg.o - - .c.o: -- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< -+ $(CC) -c -I. $(KERBEROS_INCS) $(HESIOD_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< - - sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f sshd -@@ -459,14 +463,14 @@ - $(GMPDIR)/libgmp.a: - cd $(GMPDIR); $(MAKE) - --$(ZLIBDEP): -- -if test '!' -d $(ZLIBDIR); then \ -- mkdir $(ZLIBDIR); \ -- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -- fi -- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a -+#$(ZLIBDEP): -+# -if test '!' -d $(ZLIBDIR); then \ -+# mkdir $(ZLIBDIR); \ -+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -+# fi -+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a - - $(RSAREFSRCDIR)/librsaref.a: - -if test '!' -d $(RSAREFDIR); then \ -@@ -523,10 +527,10 @@ - # (otherwise it can only log in as the user it runs as, and must be - # bound to a non-privileged port). Also, password authentication may - # not be available if non-root and using shadow passwords. --install: $(PROGRAMS) make-dirs generate-host-key install-configs -+install: $(PROGRAMS) make-dirs install-configs - -rm -f $(install_prefix)$(bindir)/ssh1.old -- -chmod 755 $(install_prefix)$(bindir)/ssh1 -- -chmod 755 $(install_prefix)$(bindir)/ssh -+ -chmod 555 $(install_prefix)$(bindir)/ssh1 -+ -chmod 555 $(install_prefix)$(bindir)/ssh - -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old - $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh1 - -if test -f $(install_prefix)$(bindir)/ssh2; then \ -@@ -549,7 +553,7 @@ - -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \ - rm -f $(install_prefix)$(bindir)/$${p}1.old ; \ - mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \ -- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(bindir)/$${p}1; \ -+ $(INSTALL_PROGRAM) $$p $(install_prefix)$(bindir)/$${p}1; \ - if test -f $(install_prefix)$(bindir)/$${p}2; then \ - echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ - else \ -@@ -566,7 +570,7 @@ - rm -f $(install_prefix)$(bindir)/$${p}1.old ; \ - mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \ - $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$${p}1; \ -- chmod 755 $(install_prefix)$(bindir)/$${p}1; \ -+ chmod 555 $(install_prefix)$(bindir)/$${p}1; \ - if test -f $(install_prefix)$(bindir)/$${p}2; then \ - echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ - else \ -@@ -582,7 +586,7 @@ - -for p in $(SBIN_PROGRAMS); do \ - rm -f $(install_prefix)$(sbindir)/$${p}1.old ; \ - mv $(install_prefix)$(sbindir)/$${p}1 $(install_prefix)$(sbindir)/$${p}1.old; \ -- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(sbindir)/$${p}1; \ -+ $(INSTALL_PROGRAM) $$p $(install_prefix)$(sbindir)/$${p}1; \ - if test -f $(install_prefix)$(sbindir)/$${p}2; then \ - echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ - else \ -@@ -596,7 +600,7 @@ - $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\ - done - -for p in $(MAN1PAGES); do \ -- $(INSTALL_DATA) -m 0644 $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ -+ $(INSTALL_DATA) $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ - rm -f $(install_prefix)$(man1dir)/$$p.1 ;\ - $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ;\ - if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ -@@ -615,7 +619,7 @@ - $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \ - fi - -for p in $(MAN1GENERATED); do \ -- $(INSTALL_DATA) -m 0644 $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ -+ $(INSTALL_DATA) $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ - rm -f $(install_prefix)$(man1dir)/$$p.1 ; \ - $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ; \ - if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ -@@ -625,7 +629,7 @@ - fi; \ - done - -for p in $(MAN8GENERATED); do \ -- $(INSTALL_DATA) -m 0644 $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \ -+ $(INSTALL_DATA) $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \ - rm -f $(install_prefix)$(man8dir)/$$p.8 ; \ - $(LN_S) $${p}1.8 $(install_prefix)$(man8dir)/$$p.8 ; \ - if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ -@@ -636,12 +640,12 @@ - - install-configs: - -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \ -- $(INSTALL_DATA) -m 0644 $(srcdir)/host_config.sample \ -+ $(INSTALL_DATA) $(srcdir)/host_config.sample \ - $(install_prefix)$(HOST_CONFIG_FILE); fi - -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \ - cat $(srcdir)/server_config.sample | \ - sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \ -- $(INSTALL_DATA) -m 0644 /tmp/ssh_inst.$$$$ \ -+ $(INSTALL_DATA) /tmp/ssh_inst.$$$$ \ - $(install_prefix)$(SERVER_CONFIG_FILE); \ - rm -f /tmp/ssh_inst.$$$$; fi - -@@ -681,13 +685,13 @@ - -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg - cd $(GMPDIR); $(MAKE) clean - # cd $(RSAREFSRCDIR); rm -f *.o *.a -- cd $(ZLIBDIR); $(MAKE) clean -+# cd $(ZLIBDIR); $(MAKE) clean - - distclean: clean - -rm -f Makefile config.status config.cache config.log config.h - -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 - cd $(GMPDIR); $(MAKE) distclean -- cd $(ZLIBDIR); $(MAKE) distclean -+# cd $(ZLIBDIR); $(MAKE) distclean - - dist: dist-free - -@@ -720,8 +724,8 @@ - gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) - # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) - # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS -+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS - - #ifdef F_SECURE_COMMERCIAL - # -@@ -749,7 +753,7 @@ - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null - - depend: -- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) -+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) - - tags: - -rm -f TAGS diff --git a/security/ssh6/patches/patch-ad b/security/ssh6/patches/patch-ad deleted file mode 100644 index ac6458a2d38..00000000000 --- a/security/ssh6/patches/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ad,v 1.1 2000/03/20 02:25:33 itojun Exp $ - ---- make-ssh-known-hosts.pl.in.orig Tue Mar 17 21:37:38 1998 -+++ make-ssh-known-hosts.pl.in Tue Mar 17 21:44:18 1998 -@@ -1,5 +1,7 @@ --#! &PERL& -w -+: - # -*- perl -*- -+eval 'exec perl -S "$0" ${1+"$@"}' -+ if $running_under_some_shell; - ###################################################################### - # make-ssh-known-hosts.pl -- Make ssh-known-hosts file - # Copyright (c) 1995 Tero Kivinen diff --git a/security/ssh6/patches/patch-ae b/security/ssh6/patches/patch-ae deleted file mode 100644 index d39deee0653..00000000000 --- a/security/ssh6/patches/patch-ae +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-ae,v 1.1 2000/03/20 02:25:34 itojun Exp $ - ---- server_config.sample.orig Wed May 12 07:18:51 1999 -+++ server_config.sample Fri Dec 24 22:38:35 1999 -@@ -1,7 +1,6 @@ - # This is ssh server systemwide configuration file. - - Port 22 --ListenAddress 0.0.0.0 - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 -@@ -16,7 +15,7 @@ - FascistLogging no - PrintMotd yes - KeepAlive yes --SyslogFacility DAEMON -+SyslogFacility AUTH - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes diff --git a/security/ssh6/patches/patch-af b/security/ssh6/patches/patch-af deleted file mode 100644 index e810b0e51e0..00000000000 --- a/security/ssh6/patches/patch-af +++ /dev/null @@ -1,1141 +0,0 @@ -$NetBSD: patch-af,v 1.1 2000/03/20 02:25:34 itojun Exp $ - ---- sshd.c.orig Wed May 12 13:19:29 1999 -+++ sshd.c Mon Mar 6 15:19:36 2000 -@@ -511,7 +511,7 @@ - #include "firewall.h" /* TIS authsrv authentication */ - #endif - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - #include <login_cap.h> - #endif - -@@ -537,15 +537,26 @@ - #define O_NOCTTY 0 - #endif - --#ifdef KERBEROS - #ifdef KRB5 - #include <krb5.h> - /* Global the contexts */ - krb5_context ssh_context = 0; - krb5_auth_context auth_context = 0; - #endif /* KRB5 */ --char *ticket = "none\0"; --#endif /* KERBEROS */ -+ -+#ifdef KRB4 -+#include <sys/param.h> -+#include <krb.h> -+#ifdef AFS -+#include <kafs.h> -+/* Local Xauthority file. */ -+char *xauthfile = NULL; -+#endif /* AFS */ -+#endif /* KRB4 */ -+ -+#if defined(KRB5) || defined(KRB4) -+char *ticket = NULL; -+#endif /* KRB5 || KRB4 */ - - /* Server configuration options. */ - ServerOptions options; -@@ -553,6 +564,19 @@ - /* Name of the server configuration file. */ - char *config_file_name = SERVER_CONFIG_FILE; - -+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ -+#ifdef ENABLE_LOG_AUTH -+char *unauthenticated_user = NULL; -+int log_auth_flag = 0; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Debug mode flag. This can be set on the command line. If debug - mode is enabled, extra debugging output will be sent to the system - log, the daemon will not go to background, and will exit after processing -@@ -576,7 +600,17 @@ - - /* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ --int listen_sock; -+#define MAX_LISTEN_SOCKS 16 -+int listen_socks[MAX_LISTEN_SOCKS]; -+int num_listen_socks = 0; -+void close_listen_socks() -+{ -+ int i; -+ -+ for (i = 0; i < num_listen_socks; i++) -+ close(listen_socks[i]); -+ num_listen_socks = -1; -+} - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ -@@ -649,7 +683,6 @@ - const char *display, const char *auth_proto, - const char *auth_data, const char *ttyname); - -- - /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; - the effect is to reread the configuration file (and to regenerate - the server key). */ -@@ -666,7 +699,7 @@ - void sighup_restart(void) - { - log_msg("Received SIGHUP; restarting."); -- close(listen_sock); -+ close_listen_socks(); - execvp(saved_argv[0], saved_argv); - log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", - saved_argv[0], strerror(errno)); -@@ -680,7 +713,7 @@ - RETSIGTYPE sigterm_handler(int sig) - { - log_msg("Received signal %d; terminating.", sig); -- close(listen_sock); -+ close_listen_socks(); - exit(255); - } - -@@ -759,7 +792,7 @@ - int perm_denied = 0; - int ret; - fd_set fdset; -- struct sockaddr_in sin; -+ struct sockaddr_storage from; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ - char *comment; -@@ -769,6 +802,9 @@ - struct linger linger; - #endif /* SO_LINGER */ - int done; -+ struct addrinfo *ai; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int listen_sock, maxfd; - - /* Save argv[0]. */ - saved_argv = av; -@@ -787,10 +823,26 @@ - initialize_server_options(&options); - - /* Parse command-line arguments. */ -- while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF) -+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4" -+#ifdef ENABLE_IPV6 -+ "6" -+#endif -+ )) != EOF) - { - switch (opt) - { -+ case '4': -+#ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+#else -+ IPv4or6 = AF_INET; -+#endif -+ break; -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+#endif - case 'f': - config_file_name = optarg; - break; -@@ -807,7 +859,7 @@ - options.server_key_bits = atoi(optarg); - break; - case 'p': -- options.port = atoi(optarg); -+ options.ports[options.num_ports++] = atoi(optarg); - break; - case 'g': - options.login_grace_time = atoi(optarg); -@@ -829,6 +881,10 @@ - fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); - fprintf(stderr, "Usage: %s [options]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only\n"); -+#ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only\n"); -+#endif - fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); - fprintf(stderr, " -d Debugging mode\n"); - fprintf(stderr, " -i Started from inetd\n"); -@@ -857,16 +913,15 @@ - fprintf(stderr, "fatal: Bad server key size.\n"); - exit(1); - } -- if (options.port < 1 || options.port > 65535) -- { -- fprintf(stderr, "fatal: Bad port number.\n"); -- exit(1); -- } - if (options.umask != -1) - { - umask(options.umask); - } - -+#ifdef ENABLE_LOG_AUTH -+ log_auth_flag = options.log_auth; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Check that there are no remaining arguments. */ - if (optind < ac) - { -@@ -1034,10 +1089,13 @@ - } - else - { -+ for (ai = options.listen_addrs; ai; ai = ai->ai_next) -+ { - /* Create socket for listening. */ -- listen_sock = socket(AF_INET, SOCK_STREAM, 0); -+ listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (listen_sock < 0) - fatal("socket: %.100s", strerror(errno)); -+ listen_socks[num_listen_socks] = listen_sock; - - /* Set socket options. We try to make the port reusable and have it - close as fast as possible without waiting in unnecessary wait states -@@ -1051,21 +1109,30 @@ - sizeof(linger)); - #endif /* SO_LINGER */ - -- /* Initialize the socket address. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr = options.listen_addr; -- sin.sin_port = htons(options.port); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); - - /* Bind the socket to the desired port. */ -- if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("bind: %.100s", strerror(errno)); -- shutdown(listen_sock, 2); -+ error("Bind to port %s on %s failed: %.200s.", -+ strport, ntop, strerror(errno)); - close(listen_sock); -- fatal("Bind to port %d failed: %.200s.", options.port, -- strerror(errno)); -+ continue; - } -+ num_listen_socks++; -+ -+ /* Start listening on the port. */ -+ log_msg("Server listening on %s port %s.", ntop, strport); -+ if (listen(listen_sock, 5) < 0) -+ fatal("listen: %.100s", strerror(errno)); -+ -+ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */ -+ freeaddrinfo(options.listen_addrs); -+ -+ if (!num_listen_socks) -+ fatal("Cannot bind all addresses."); - - if (!debug_flag) - { -@@ -1081,11 +1148,6 @@ - } - } - -- /* Start listening on the port. */ -- log_msg("Server listening on port %d.", options.port); -- if (listen(listen_sock, 5) < 0) -- fatal("listen: %.100s", strerror(errno)); -- - /* Generate an rsa key. */ - log_msg("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(&sensitive_data.private_key, &public_key, -@@ -1115,7 +1177,6 @@ - /* Arrange SIGCHLD to be caught. */ - signal(SIGCHLD, main_sigchld_handler); - --#ifdef KERBEROS - #ifdef KRB5 - /* Initialize contexts and setup replay cache */ - if (!ssh_context) -@@ -1128,7 +1189,6 @@ - krb5_init_ets(ssh_context); - } - #endif --#endif - - /* Stay listening for connections until the system crashes or the - daemon is killed with a signal. */ -@@ -1139,9 +1199,15 @@ - - /* Wait in select until there is a connection. */ - FD_ZERO(&fdset); -- FD_SET(listen_sock, &fdset); -- ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); -- if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) -+ maxfd = 0; -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ FD_SET(listen_socks[i], &fdset); -+ if (listen_socks[i] > maxfd) -+ maxfd = listen_socks[i]; -+ } -+ ret = select(maxfd + 1, &fdset, NULL, NULL, NULL); -+ if (ret < 0) - { - if (errno == EINTR) - continue; -@@ -1149,8 +1215,12 @@ - continue; - } - -- aux = sizeof(sin); -- newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux); -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ if (!FD_ISSET(listen_socks[i], &fdset)) -+ continue; -+ aux = sizeof(from); -+ newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux); - if (newsock < 0) - { - if (errno == EINTR) -@@ -1166,7 +1236,7 @@ - /* In debugging mode. Close the listening socket, and start - processing the connection without forking. */ - debug("Server will not fork when running in debugging mode."); -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - pid = getpid(); -@@ -1195,7 +1265,7 @@ - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - #ifdef LIBWRAP -@@ -1233,6 +1303,10 @@ - - /* Close the new socket (the child is now taking care of it). */ - close(newsock); -+ } /* for (i = 0; i < num_host_socks; i++) */ -+ /* child process check (or debug mode) */ -+ if (num_listen_socks < 0) -+ break; - } - } - -@@ -1407,6 +1481,16 @@ - /* Try to remove authentication socket and directory */ - auth_delete_socket(NULL); - -+#ifdef KRB4 -+ /* Cleanup user's ticket cache file. */ -+ if (options.kerberos_ticket_cleanup) -+ (void) dest_tkt(); -+#ifdef AFS -+ /* Cleanup user's local Xauthority file. */ -+ if (xauthfile) unlink(xauthfile); -+#endif /* AFS */ -+#endif /* KRB4 */ -+ - /* The connection has been terminated. */ - log_msg("Closing connection to %.100s", get_remote_ipaddr()); - packet_close(); -@@ -1470,17 +1554,17 @@ - if (options.tis_authentication) - auth_mask |= 1 << SSH_AUTH_TIS; - #endif --#ifdef KERBEROS --#ifdef KRB5 -+#if defined(KRB4) || defined(KRB5) - if (options.kerberos_authentication) - auth_mask |= 1 << SSH_AUTH_KERBEROS; - #endif --#endif --#ifdef KERBEROS_TGT_PASSING --#ifdef KRB5 -+#if defined(AFS) || defined(KRB5) - if (options.kerberos_tgt_passing) - auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; - #endif -+#ifdef AFS -+ if (options.afs_token_passing) -+ auth_mask |= 1 << SSH_PASS_AFS_TOKEN; - #endif - if (options.password_authentication) - auth_mask |= 1 << SSH_AUTH_PASSWORD; -@@ -1677,7 +1761,7 @@ - /* XXX No days_before_password_expires calculation here */ - } - #endif /* HAVE_USERSEC_H */ --#ifdef HAVE_ETC_SHADOW -+#if defined(HAVE_ETC_SHADOW) && !defined(KRB4) && !defined(KRB5) - { - struct spwd *sp; - -@@ -1783,56 +1867,62 @@ - endspent(); - } - #endif /* HAVE_ETC_SHADOW */ --#ifdef __FreeBSD__ -- { -+/* Net2,BSD4.4,BSD/OS,NetBSD,FreeBSD and OpenBSD all define BSD4_4 -+ man passwd(5) says that format has changed since BSD4.3 -+ */ -+#ifdef BSD4_4 -+ if(pwd->pw_change || pwd->pw_expire) { - time_t currtime; - -- if (pwd->pw_change || pwd->pw_expire) - currtime = time(NULL); - - /* - * Check for an expired password - */ -- if (pwd->pw_change && pwd->pw_change <= currtime) -+ -+ if (pwd->pw_change) - { -- debug("Account %.100s's password is too old - forced to change.", -- user); -- if (options.forced_passwd_change) -+ /* PASSWD_CHGNOW seems to be -1 for now but... */ -+ if ( -+#if defined(PASSWD_CHGNOW) && PASSWD_CHGNOW > 0 -+ pwd->pw_change == PASSWD_CHGNOW || -+#endif -+ pwd->pw_change <= currtime) - { -- forced_command = xmalloc(sizeof(PASSWD_PATH) + strlen(user) + 2); -- snprintf(forced_command, sizeof(PASSWD_PATH) + strlen(user) + 2, -- "%.100s %.100s", PASSWD_PATH, user); -+ packet_send_debug("Password has expired"); -+ if(options.forced_passwd_change) -+ { -+ debug("Account %.99s's password is too old - change forced.", -+ user); -+ forced_command = xmalloc(sizeof(PASSWD_PATH) + -+ strlen(user) + 1); -+ sprintf(forced_command, "%s %s", PASSWD_PATH, user); - } - else - { - return 0; - } - } -- else -- { -- if (pwd->pw_change) -- { -+#ifdef PASSWD_CHGNOW -+ if(pwd->pw_change != PASSWD_CHGNOW) - days_before_password_expires = (pwd->pw_change - currtime) / 86400; -- } -+#endif - } - - /* - * Check for expired account - */ -- if (pwd->pw_expire && pwd->pw_expire <= currtime) -+ if (pwd->pw_expire) - { -- debug("Account %.100s has expired - access denied.", user); -+ if (pwd->pw_expire <= currtime) -+ { -+ packet_send_debug("Account has expired"); - return 0; - } -- else -- { -- if (pwd->pw_expire) -- { - days_before_account_expires = (pwd->pw_expire - currtime) / 86400; - } - } -- } --#endif /* !FreeBSD */ -+#endif /* !BSD4_4 */ - - #ifdef HAVE_HPUX_TCB_AUTH - { -@@ -2039,7 +2129,7 @@ - } - } - -- /* Check whether logins are deneid for this group. */ -+ /* Check whether logins are denied for this group. */ - grp = getgrgid(pwd->pw_gid); - if (grp) - group = grp->gr_name; -@@ -2151,12 +2241,12 @@ - unsigned int client_host_key_bits; - MP_INT client_host_key_e, client_host_key_n; - int password_attempts = 0; --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - char kuser[256]; - krb5_principal client = 0, tkt_client = 0; - krb5_data krb5data; --#endif /* defined(KERBEROS) && defined(KRB5) */ --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#endif /* KRB5 */ -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - const char *hostname; - const char *ipaddr; -@@ -2167,10 +2257,18 @@ - ipaddr = get_remote_ipaddr(); - #endif /* HAVE_LOGIN_CAP_H */ - -+#ifdef AFS -+ /* If machine has AFS, set process authentication group. */ -+ if (k_hasafs()) { -+ k_setpag(); -+ k_unlog(); -+ } -+#endif /* AFS */ -+ - if (strlen(user) > 255) - do_authentication_fail_loop(); - --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - /* For KRB5 allow the user to input fully qualified name i.e. - "username@realm" as the local user name. Then use this name to call - out to krb5_aname_to_localname to find if there is a localname -@@ -2203,8 +2301,11 @@ - } - else - krb5_parse_name(ssh_context, user, &client); --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = user; -+#endif /* ENABLE_LOG_AUTH */ - /* Verify that the user is a valid user. We disallow usernames starting - with any characters that are commonly used to start NIS entries. */ - pw = getpwnam(user); -@@ -2218,11 +2319,11 @@ - pwcopy.pw_passwd = xstrdup(pw->pw_passwd); - pwcopy.pw_uid = pw->pw_uid; - pwcopy.pw_gid = pw->pw_gid; --#if (defined (__bsdi__) && _BSDI_VERSION >= 199510) || (defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) -+#ifdef BSD4_4 - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ -+#endif /* BSD4_4 */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; -@@ -2241,11 +2342,11 @@ - - debug("Attempting authentication for %.100s.", user); - --#if defined (KERBEROS) && defined (KRB5) -+ /* If the user has no password, accept authentication immediately. */ -+#ifdef KRB5 - if (!options.kerberos_authentication && options.password_authentication && - auth_password(user, "", 0)) --#else /* defined(KERBEROS) && defined(KRB5) */ -- /* If the user has no password, accept authentication immediately. */ -+#else /* KRB5 */ - #if defined (HAVE_SIA) - /* For SIA, only call auth_password() here if the user really - has no password. Otherwise, the call would generate misleading -@@ -2254,12 +2355,21 @@ - if (options.password_authentication && sia_no_password(user) && - auth_password(user, "")) - #else /* defined(HAVE_SIA) */ -- if (options.password_authentication && auth_password(user, "")) -+ if (options.password_authentication && -+#ifdef KRB4 -+ options.kerberos_or_local_passwd && -+#endif /* KRB4 */ -+ auth_password(user, "")) - #endif /* defined(HAVE_SIA) */ --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - { - /* Authentication with empty password succeeded. */ - debug("Login for user %.100s accepted without authentication.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "empty password accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - /* Success packet will be sent after loop below. */ -@@ -2281,34 +2391,61 @@ - /* Process the packet. */ - switch (type) - { --#ifdef KERBEROS_TGT_PASSING --#ifdef KRB5 -+#if defined(KRB5) || defined(AFS) - case SSH_CMSG_HAVE_KERBEROS_TGT: -+#ifdef KRB5 - if (!options.kerberos_tgt_passing || - (!(options.kerberos_authentication || - options.password_authentication || - options.rsa_authentication))) -+#else /* KRB5 */ -+ if (!options.kerberos_tgt_passing) -+#endif /* KRB5 */ - { - packet_get_all(); - log_msg("Kerberos tgt passing disabled."); - break; - } -- -+#ifdef KRB5 - /* Accept Kerberos tgt. */ - krb5data.data = packet_get_string((unsigned int *) &krb5data.length); - -- if (!auth_kerberos_tgt(user, &krb5data, client) || -+ if (!auth_krb5_tgt(user, &krb5data, client) || - !krb5_kuserok(ssh_context, client, user)){ - log_msg("Kerberos tgt REFUSED for %.100s", user); - debug("Kerberos tgt REFUSED for %.100s", user); - } - free(krb5data.data); --#endif -+#else /* KRB5 */ -+ { -+ /* Accept Kerberos tgt. */ -+ char *tgt = packet_get_string(NULL); -+ if (!auth_kerberos_tgt(pw, tgt)) -+ debug("Kerberos tgt REFUSED for %s", user); -+ xfree(tgt); -+ } -+#endif /* KRB5 */ - continue; --#endif /* KERBEROS_TGT_PASSING */ -+#endif /* KRB5 || AFS */ - --#ifdef KERBEROS --#ifdef KRB5 -+#ifdef AFS -+ case SSH_CMSG_HAVE_AFS_TOKEN: -+ if (!k_hasafs() || !options.afs_token_passing) { -+ packet_get_all(); -+ log_msg("AFS token passing disabled."); -+ break; -+ } -+ else { -+ /* Accept AFS token. */ -+ char *token_string = packet_get_string(NULL); -+ if (!auth_afs_token(user, pw->pw_uid, token_string)) -+ debug("AFS token REFUSED for %s", user); -+ xfree(token_string); -+ continue; -+ } -+#endif /* AFS */ -+ -+#if defined(KRB4) || defined(KRB5) - case SSH_CMSG_AUTH_KERBEROS: - if (!options.kerberos_authentication) - { -@@ -2316,9 +2453,10 @@ - log_msg("Kerberos authentication disabled."); - break; - } -+#ifdef KRB5 - /* Try Kerberos authentication. */ - krb5data.data = packet_get_string((unsigned int *) &krb5data.length); -- if (auth_kerberos(user, &krb5data, &tkt_client)) -+ if (auth_krb5(user, &krb5data, &tkt_client)) - { - char *tkt_user; - -@@ -2334,6 +2472,11 @@ - /* Client has successfully authenticated to us. */ - log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s", - tkt_user, user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "kerberos authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_KERBEROS; - authenticated = 1; - break; -@@ -2347,11 +2490,31 @@ - } - free(tkt_user); - } --#endif /* KRB5 */ -- debug("Kerberos authentication failed for %.100s from %.200s", -- user, get_canonical_hostname()); -+#else /* !KRB5 XXX - how to make these coexist? */ -+ else { -+ /* Try Kerberos v4 authentication. */ -+ KTEXT_ST auth; -+ char *tkt_user = NULL; -+ char *kdata = packet_get_string((unsigned int *)&auth.length); -+ -+ memcpy(auth.dat, kdata, auth.length); -+ xfree(kdata); -+ -+ if (auth_krb4(user, &auth, &tkt_user)) { -+ /* Client has successfully authenticated to us. */ -+ log_msg("Kerberos authentication accepted %s for account " -+ "%.100s from %.200s", tkt_user, user, -+ get_canonical_hostname()); -+ authentication_type = SSH_AUTH_KERBEROS; -+ authenticated = 1; -+ xfree(tkt_user); - break; --#endif /* KERBEROS */ -+ } -+ log_msg("Kerberos authentication failed for account " -+ "%.100s from %.200s", user, get_canonical_hostname()); -+ } -+#endif /* KRB5 */ -+#endif /* KRB5 || KRB4 */ - - case SSH_CMSG_AUTH_RHOSTS: - if (!options.rhosts_authentication) -@@ -2382,6 +2545,11 @@ - /* Authentication accepted. */ - log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", - user, client_user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS; - authenticated = 1; - remote_user_name = client_user; -@@ -2441,6 +2609,11 @@ - options.strict_modes)) - { - /* Authentication accepted. */ -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts with RSA host authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS_RSA; - authenticated = 1; - remote_user_name = client_user; -@@ -2474,6 +2647,11 @@ - /* Successful authentication. */ - mpz_clear(&n); - log_msg("RSA authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "RSA user authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RSA; - authenticated = 1; - break; -@@ -2568,7 +2746,7 @@ - if (!strncmp(buf, "challenge ", 10) || - !strncmp(buf, "chalnecho ", 10)) { - snprintf(prompt, sizeof(prompt), -- "Challenge \"%.100s\": ",&buf[10]); -+ "%.100s",&buf[10]); - debug("TIS challenge %.500s", buf); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_string(prompt, strlen(prompt)); -@@ -2608,6 +2786,11 @@ - auth_close(); - memset(password, 0, strlen(password)); - xfree(password); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from @%.700s (%s)", -+ user, get_canonical_hostname(), -+ "TIS authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_TIS; - authenticated = 1; - break; -@@ -2657,17 +2840,22 @@ - password_attempts++; - - /* Try authentication with the password. */ --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - if (auth_password(user, password, client)) --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else /* KRB5 */ - if (auth_password(user, password)) --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - { - /* Successful authentication. */ - /* Clear the password from memory. */ - memset(password, 0, strlen(password)); - xfree(password); - log_msg("Password authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "password authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - break; -@@ -2688,7 +2876,7 @@ - if (authenticated) - break; - --#ifdef KERBEROS -+#if defined(KRB5) - /* If you forwarded a ticket you get one shot for proper - authentication. */ - /* If tgt was passed unlink file */ -@@ -2699,7 +2887,7 @@ - else - ticket = NULL; - } --#endif /* KERBEROS */ -+#endif /* KRB5 */ - - /* Send a message indicating that the authentication attempt failed. */ - packet_start(SSH_SMSG_FAILURE); -@@ -2708,6 +2896,11 @@ - } - - /* Check if the user is logging in as root and root logins are disallowed. */ -+#ifdef ENABLE_LOG_AUTH -+ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) || -+ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command)) -+ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) - { - if (authentication_type == SSH_AUTH_PASSWORD) -@@ -2724,7 +2917,7 @@ - get_canonical_hostname()); - } - --#if defined (__FreeBSD__) && defined (HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined (HAVE_LOGIN_CAP_H) - - lc = login_getclass(pw->pw_class); - -@@ -2775,6 +2968,9 @@ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = NULL; -+#endif /* ENABLE_LOG_AUTH */ - - /* Perform session preparation. */ - do_authenticated(pw); -@@ -2965,6 +3161,21 @@ - display = x11_create_display_inet(screen); - if (!display) - goto fail; -+#ifdef AFS -+ /* Setup to have a local .Xauthority, if homedir is in AFS. */ -+ { -+ struct stat st; -+ char cell[64], *xauthdir = "/ticket"; -+ -+ if (k_hasafs() && k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) { -+ xauthfile = xmalloc(MAXPATHLEN); -+ if (stat(xauthdir, &st) < 0) -+ xauthdir = "/tmp"; -+ snprintf(xauthfile, MAXPATHLEN, "%s/Xauth%d_%d", xauthdir, -+ pw->pw_uid, getpid()); -+ } -+ } -+#endif /* AFS */ - break; - #else /* XAUTH_PATH */ - /* No xauth program; we won't accept forwarding with spoofing. */ -@@ -3280,15 +3491,12 @@ - char line[256]; - struct stat st; - int quiet_login; -- struct sockaddr_in from; -+ struct sockaddr_storage from; - int fromlen; - struct pty_cleanup_context cleanup_context; --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - #endif --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -- struct timeval tp; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - - /* We no longer need the child running on user's privileges. */ - userfile_uninit(); -@@ -3387,9 +3595,9 @@ - - /* Record that there was a login on that terminal. */ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, -- &from); -+ (struct sockaddr *)&from); - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - lc = login_getclass(pw->pw_class); - #endif - -@@ -3398,7 +3606,7 @@ - snprintf(line, sizeof(line), "%.200s/.hushlogin", pw->pw_dir); - quiet_login = stat(line, &st) >= 0; - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); - #endif - -@@ -3425,7 +3633,7 @@ - } - #endif /* HAVE_SIA */ - --#ifdef __FreeBSD__ -+#if defined(__FreeBSD__) || defined(__NetBSD__) - if (command == NULL && !quiet_login) - { - #ifdef HAVE_LOGIN_CAP_H -@@ -3457,7 +3665,7 @@ - FILE *f; - - /* Print /etc/motd if it exists. */ --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), - "r"); - #else -@@ -3469,33 +3677,9 @@ - fputs(line, stdout); - fclose(f); - } --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -- if (pw->pw_change || pw->pw_expire) -- (void)gettimeofday(&tp, (struct timezone *)NULL); -- if (pw->pw_change) -- { -- if (tp.tv_sec >= pw->pw_change) -- { -- fprintf(stderr,"Sorry -- your password has expired.\n"); -- exit(254); -- } -- days_before_password_expires = (pw->pw_change - tp.tv_sec) / -- 86400; -- } -- if (pw->pw_expire) -- { -- if (tp.tv_sec >= pw->pw_expire) -- { -- fprintf(stderr,"Sorry -- your account has expired.\n"); -- exit(254); -- } -- days_before_account_expires = (pw->pw_expire - tp.tv_sec) / -- 86400; -- } --#endif /* __bsdi__ & _BSDI_VERSION >= 199510 */ - } - --#if defined (__FreeBSD__) && defined HAVE_LOGIN_CAP_H -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined HAVE_LOGIN_CAP_H - login_close(lc); - #endif - -@@ -3876,6 +4060,7 @@ - char *user_shell; - char *remote_ip; - int remote_port; -+ int local_port; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - char *real_shell; -@@ -3883,8 +4068,11 @@ - lc = login_getclass(pw->pw_class); - auth_checknologin(lc); - #else /* !HAVE_LOGIN_CAP_H */ --#if defined (__bsdi__) && _BSDI_VERSION > 199510 -+#if ( defined (__bsdi__) && _BSDI_VERSION > 199510 ) || (defined(HAVE_LOGIN_CAP_H) && defined(__NetBSD__)) - login_cap_t *lc = 0; -+#if defined(__NetBSD__) -+ char *real_shell; -+#endif - - if ((lc = login_getclass(pw->pw_class)) == NULL) - { -@@ -3981,6 +4169,7 @@ - user_shell = xstrdup(pw->pw_shell); - remote_ip = xstrdup(get_remote_ipaddr()); - remote_port = get_remote_port(); -+ local_port = get_local_port(); - - /* Close the connection descriptors; note that this is the child, and the - server will still have the socket open, and it is important that we -@@ -4000,7 +4189,6 @@ - /* Close any extra file descriptors. Note that there may still be - descriptors left by system functions. They will be closed later. */ - endpwent(); -- endhostent(); - - /* Set dummy encryption key to clear information about the key from - memory. This key will never be used. */ -@@ -4019,7 +4207,7 @@ - if (command != NULL || !options.use_login) - #endif /* USELOGIN */ - { --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - char *p, *s, **tmpenv; - - /* Initialize the new environment. -@@ -4180,10 +4368,23 @@ - and means /bin/sh. */ - shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); - login_close(lc); - #endif /* HAVE_LOGIN_CAP_H */ -+ -+#ifdef AFS -+ /* Try to get AFS tokens for the local cell. */ -+ if (k_hasafs()) { -+ char cell[64]; -+ -+ if (k_afs_cell_of_file(user_dir, cell, sizeof(cell)) == 0) -+ krb_afslog(cell, 0); -+ -+ krb_afslog(0, 0); -+ } -+#endif /* AFS */ -+ - /* Initialize the environment if not already done. In the first part we - allocate space for all environment variables. */ - if (env == NULL) -@@ -4257,7 +4458,7 @@ - - /* Set SSH_CLIENT. */ - snprintf(buf, sizeof(buf), -- "%.50s %d %d", remote_ip, remote_port, options.port); -+ "%.50s %d %d", remote_ip, remote_port, local_port); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - /* Set SSH_TTY if we have a pty. */ -@@ -4290,13 +4491,21 @@ - } - #endif - --#ifdef KERBEROS -- /* Set KRBTKFILE to point to our ticket */ -+ /* Set KRBTKFILE to point to our ticket. */ - #ifdef KRB5 - if (ticket) - child_set_env(&env, &envsize, "KRB5CCNAME", ticket); - #endif /* KRB5 */ --#endif /* KERBEROS */ -+#ifdef KRB4 /* XXX - how to make these coexist? */ -+ if (ticket) -+ child_set_env(&env, &envsize, "KRBTKFILE", ticket); -+ -+#ifdef AFS -+ /* Set XAUTHORITY to a local file, if homedir is in AFS. */ -+ if (xauthfile) -+ child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); -+#endif /* AFS */ -+#endif /* KRB4 */ - - /* Set variable for forwarded authentication connection, if we have one. */ - if (auth_get_socket_name() != NULL) -@@ -4426,7 +4635,8 @@ - int i; - char name[255], *p; - char line[256]; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN]; - - strncpy(name, display, sizeof(name)); - name[sizeof(name) - 1] = '\0'; -@@ -4443,7 +4653,10 @@ - /* Moved this call here to avoid a nasty buf in SunOS - 4.1.4 libc where gethostbyname closes an unrelated - file descriptor. */ -- hp = gethostbyname(name); -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) -+ aitop = 0; - - snprintf(line, sizeof(line), - "%.200s -q -", options.xauth_path); -@@ -4461,21 +4674,24 @@ - cp - display, display, cp, auth_proto, - auth_data); - #endif -- if (hp) -+ if (aitop) - { -- for(i = 0; hp->h_addr_list[i]; i++) -+ for (ai = aitop; ai; ai = ai->ai_next) - { -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, -+ NI_NUMERICHOST); -+ if (strchr(ntop, ':')) -+ continue; /* XXX - xauth doesn't accept it */ - if (debug_flag) - { - fprintf(stderr, "Running %s add %s%s %s %s\n", - options.xauth_path, -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - fprintf(f, "add %s%s %s %s\n", -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - } -@@ -4554,7 +4770,7 @@ - /* Execute the shell. */ - argv[0] = buf; - argv[1] = NULL; --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - execve(real_shell, argv, env); - #else - execve(shell, argv, env); -@@ -4579,7 +4795,7 @@ - argv[1] = "-c"; - argv[2] = (char *)command; - argv[3] = NULL; --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - execve(real_shell, argv, env); - #else - execve(shell, argv, env); diff --git a/security/ssh6/patches/patch-ag b/security/ssh6/patches/patch-ag deleted file mode 100644 index 89413623cb0..00000000000 --- a/security/ssh6/patches/patch-ag +++ /dev/null @@ -1,97 +0,0 @@ -$NetBSD: patch-ag,v 1.1 2000/03/20 02:25:34 itojun Exp $ - ---- log-server.c.orig Wed May 12 07:19:26 1999 -+++ log-server.c Sat Dec 25 00:17:29 1999 -@@ -146,6 +146,25 @@ - syslog(LOG_INFO, "log: %.500s", buf); - } - -+#ifdef ENABLE_LOG_AUTH -+void log_auth(const char *fmt, ...) -+{ -+ char buf[1024]; -+ va_list args; -+ extern int log_auth_flag; -+ if (!log_auth_flag) -+ return; -+ if (log_quiet) -+ return; -+ va_start(args, fmt); -+ vsprintf(buf, fmt, args); -+ va_end(args); -+ if (log_on_stderr) -+ fprintf(stderr, "log: %s\n", buf); -+ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf); -+} -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Converts portable syslog severity to machine-specific syslog severity. */ - - static int syslog_severity(int severity) -@@ -265,9 +284,12 @@ - { - struct fatal_cleanup *cu, *next_cu; - static int fatal_called = 0; --#ifdef KERBEROS -+#if defined(KRB4) || defined(KRB5) - extern char *ticket; --#endif -+#ifdef AFS -+ extern char *xauthfile; -+#endif /* AFS */ -+#endif /* KRB4 || KRB5 */ - - if (!fatal_called) - { -@@ -281,19 +303,27 @@ - (unsigned long)cu->proc, (unsigned long)cu->context); - (*cu->proc)(cu->context); - } --#ifdef KERBEROS -+#if defined(KRB4) || defined(KRB5) - /* If you forwarded a ticket you get one shot for proper - authentication. */ - /* If tgt was passed unlink file */ - if (ticket) - { - if (strcmp(ticket,"none")) -+#ifdef KRB5 - /* ticket -> FILE:path */ - unlink(ticket + 5); -+#else /* KRB4 */ -+ unlink(ticket); -+#endif - else - ticket = NULL; - } --#endif /* KERBEROS */ -+#ifdef AFS -+ /* If local XAUTHORITY was created, remove it. */ -+ if (xauthfile) unlink(xauthfile); -+#endif /* AFS */ -+#endif /* KRB4 || KRB5 */ - } - } - -@@ -322,6 +352,9 @@ - { - char buf[1024]; - va_list args; -+#ifdef ENABLE_LOG_AUTH -+ extern char *unauthenticated_user; -+#endif /* ENABLE_LOG_AUTH */ - - if (log_quiet) - exit(1); -@@ -331,6 +364,11 @@ - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); - syslog(syslog_severity(severity), "fatal: %.500s", buf); -+#ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - - do_fatal_cleanups(); - diff --git a/security/ssh6/patches/patch-ah b/security/ssh6/patches/patch-ah deleted file mode 100644 index 5082a050db4..00000000000 --- a/security/ssh6/patches/patch-ah +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-ah,v 1.1 2000/03/20 02:25:35 itojun Exp $ - ---- packet.c.orig Wed May 12 07:19:27 1999 -+++ packet.c Fri Dec 24 21:50:42 1999 -@@ -829,6 +829,7 @@ - { - /* Set IP options for an interactive connection. Use IPTOS_LOWDELAY - and TCP_NODELAY. */ -+#if 0 - #ifdef IPTOS_LOWDELAY - int lowdelay = IPTOS_LOWDELAY; - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&lowdelay, -@@ -840,11 +841,13 @@ - sizeof(on)) < 0) - error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); - #endif /* TCP_NODELAY */ -+#endif /* 0 */ - } - else - { - /* Set IP options for a non-interactive connection. Use - IPTOS_THROUGHPUT. */ -+#if 0 - #ifdef IPTOS_THROUGHPUT - int throughput = IPTOS_THROUGHPUT; - if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&throughput, -@@ -856,6 +859,7 @@ - sizeof(off)) < 0) - error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); - #endif /* TCP_NODELAY */ -+#endif /* 0 */ - } - } - diff --git a/security/ssh6/patches/patch-ai b/security/ssh6/patches/patch-ai deleted file mode 100644 index 4e955bb9340..00000000000 --- a/security/ssh6/patches/patch-ai +++ /dev/null @@ -1,172 +0,0 @@ -$NetBSD: patch-ai,v 1.1 2000/03/20 02:25:35 itojun Exp $ - ---- scp.c.orig Wed May 12 07:19:28 1999 -+++ scp.c Fri Dec 24 21:54:17 1999 -@@ -180,6 +180,19 @@ - #define STDERR_FILENO 2 - #endif - -+#ifdef AFS -+/* This is set to non-zero to disable authentication forwarding. */ -+int nofwd = 0; -+#endif /* AFS */ -+ -+/* This is set to non-zero if IPv4 is desired. */ -+int IPv4 = 0; -+ -+#ifdef ENABLE_IPV6 -+/* This is set to non-zero if IPv6 is desired. */ -+int IPv6 = 0; -+#endif -+ - /* This is set to non-zero to enable verbose mode. */ - int verbose = 0; - -@@ -295,8 +308,17 @@ - } - args[i++] = "-x"; - args[i++] = "-a"; -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ args[i++] = "-A"; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - args[i++] = "-oFallBackToRsh no"; - args[i++] = "-oClearAllForwardings yes"; -+ if (IPv4) -+ args[i++] = "-4"; -+#ifdef ENABLE_IPV6 -+ if (IPv6) -+ args[i++] = "-6"; -+#endif - if (verbose) - args[i++] = "-v"; - if (compress) -@@ -305,6 +327,10 @@ - args[i++] = "-P"; - if (batchmode) - args[i++] = "-oBatchMode yes"; -+#ifdef AFS -+ if (nofwd) -+ args[i++] = "-k"; -+#endif /* AFS */ - if (cipher != NULL) - { - args[i++] = "-c"; -@@ -441,8 +467,23 @@ - statistics = 0; - - fflag = tflag = 0; -- while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) -+ while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4" -+#ifdef AFS -+ "k" -+#endif -+#ifdef ENABLE_IPV6 -+ "6" -+#endif -+ )) != EOF) - switch(ch) { /* User-visible flags. */ -+ case '4': -+ IPv4 = 1; -+ break; -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv6 = 1; -+ break; -+#endif - case 'S': - ssh_program = optarg; - break; -@@ -490,6 +531,11 @@ - case 'r': - iamrecursive = 1; - break; -+#ifdef AFS -+ case 'k': -+ nofwd = 1; -+ break; -+#endif /* AFS */ - /* Server options. */ - case 'd': - targetshouldbedirectory = 1; -@@ -589,6 +635,17 @@ - exit(errs != 0); - } - -+char * -+cleanhostname(host) -+ char *host; -+{ -+ if (*host == '[' && host[strlen(host) - 1] == ']') { -+ host[strlen(host) - 1] = '\0'; -+ return (host + 1); -+ } else -+ return host; -+} -+ - void - toremote(targ, argc, argv) - char *targ, *argv[]; -@@ -644,6 +701,7 @@ - bp = xmalloc(len); - if (host) { - *host++ = 0; -+ host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; -@@ -655,13 +713,15 @@ - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -- } else -+ } else { -+ host = cleanhostname(argv[i]); - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -- argv[i], cmd, src, -+ host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -+ } - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; -@@ -671,7 +731,7 @@ - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -- host = thost; -+ host = cleanhostname(thost); - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); -@@ -721,6 +781,7 @@ - else if (!okname(suser)) - continue; - } -+ host = cleanhostname(host); - len = strlen(src) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -f %s", cmd, src); -@@ -1365,11 +1426,19 @@ - colon(cp) - char *cp; - { -+ int flag = 0; -+ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); -+ if (*cp == '[') -+ flag = 1; - - for (; *cp; ++cp) { -- if (*cp == ':') -+ if (*cp == '@' && *(cp+1) == '[') -+ flag = 1; -+ if (*cp == ']' && *(cp+1) == ':' && flag) -+ return (cp+1); -+ if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return (0); diff --git a/security/ssh6/patches/patch-aj b/security/ssh6/patches/patch-aj deleted file mode 100644 index b0e0efdf021..00000000000 --- a/security/ssh6/patches/patch-aj +++ /dev/null @@ -1,4533 +0,0 @@ -$NetBSD: patch-aj,v 1.1 2000/03/20 02:25:35 itojun Exp $ - ---- configure.orig Wed May 12 20:20:06 1999 -+++ configure Sat Mar 18 13:22:06 2000 -@@ -1,7 +1,7 @@ - #! /bin/sh - - # Guess values for system-dependent variables and create Makefiles. --# Generated automatically using autoconf version 2.12 -+# Generated automatically using autoconf version 2.13 - # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. - # - # This configure script is free software; the Free Software Foundation -@@ -12,6 +12,9 @@ - ac_default_prefix=/usr/local - # Any additions from configure.in: - ac_help="$ac_help -+ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support" -+ac_help="$ac_help - --enable-deprecated-linux-pw-encrypt - Enable using of deprecated linx pw_encrypt function." - ac_help="$ac_help -@@ -49,9 +52,13 @@ - ac_help="$ac_help - --with-tis[=DIR] Enable support for TIS authentication server." - ac_help="$ac_help -- --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support." -+ --with-krb4[=PATH] Compile in Kerberos v4 support." -+ac_help="$ac_help -+ --with-krb5[=PATH] Compile in Kerberos v5 support." -+ac_help="$ac_help -+ --with-afs Compile in AFS support (requires KTH krb4)." - ac_help="$ac_help -- --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket." -+ --with-hesiod[=PATH] Compile in Hesiod support." - ac_help="$ac_help - --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support." - ac_help="$ac_help -@@ -83,6 +90,12 @@ - ac_help="$ac_help - --disable-tcp-nodelay Disable TCP_NODELAY socket option" - ac_help="$ac_help -+ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support" -+ac_help="$ac_help -+ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support" -+ac_help="$ac_help - --enable-so-linger Enable setting SO_LINGER socket option" - ac_help="$ac_help - --without-scp-stats Without scp statistics code" -@@ -130,6 +143,7 @@ - # Initialize some other variables. - subdirs= - MFLAGS= MAKEFLAGS= -+SHELL=${CONFIG_SHELL-/bin/sh} - # Maximum number of lines to put in a shell here document. - ac_max_here_lines=12 - -@@ -413,7 +427,7 @@ - verbose=yes ;; - - -version | --version | --versio | --versi | --vers) -- echo "configure generated by autoconf version 2.12" -+ echo "configure generated by autoconf version 2.13" - exit 0 ;; - - -with-* | --with-*) -@@ -583,9 +597,11 @@ - # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. - ac_cpp='$CPP $CPPFLAGS' - ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' --ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' - cross_compiling=$ac_cv_prog_cc_cross - -+ac_exeext= -+ac_objext=o - if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then -@@ -626,33 +642,33 @@ - - - # Make sure we can run config.sub. --if $ac_config_sub sun4 >/dev/null 2>&1; then : -+if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : - else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } - fi - - echo $ac_n "checking host system type""... $ac_c" 1>&6 --echo "configure:635: checking host system type" >&5 -+echo "configure:651: checking host system type" >&5 - - host_alias=$host - case "$host_alias" in - NONE) - case $nonopt in - NONE) -- if host_alias=`$ac_config_guess`; then : -+ if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : - else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } - fi ;; - *) host_alias=$nonopt ;; - esac ;; - esac - --host=`$ac_config_sub $host_alias` -+host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` - host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` - host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` - host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` - echo "$ac_t""$host" 1>&6 - - echo $ac_n "checking cached information""... $ac_c" 1>&6 --echo "configure:656: checking cached information" >&5 -+echo "configure:672: checking cached information" >&5 - hostcheck="$host" - if eval "test \"`echo '$''{'ac_cv_hostcheck'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -671,15 +687,16 @@ - # Extract the first word of "gcc", so it can be a program name with args. - set dummy gcc; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:675: checking for $ac_word" >&5 -+echo "configure:691: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="gcc" -@@ -700,16 +717,17 @@ - # Extract the first word of "cc", so it can be a program name with args. - set dummy cc; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:704: checking for $ac_word" >&5 -+echo "configure:721: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_prog_rejected=no -- for ac_dir in $PATH; do -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then -@@ -744,25 +762,61 @@ - echo "$ac_t""no" 1>&6 - fi - -+ if test -z "$CC"; then -+ case "`uname -s`" in -+ *win32* | *WIN32*) -+ # Extract the first word of "cl", so it can be a program name with args. -+set dummy cl; ac_word=$2 -+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -+echo "configure:772: checking for $ac_word" >&5 -+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ if test -n "$CC"; then -+ ac_cv_prog_CC="$CC" # Let the user override the test. -+else -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do -+ test -z "$ac_dir" && ac_dir=. -+ if test -f $ac_dir/$ac_word; then -+ ac_cv_prog_CC="cl" -+ break -+ fi -+ done -+ IFS="$ac_save_ifs" -+fi -+fi -+CC="$ac_cv_prog_CC" -+if test -n "$CC"; then -+ echo "$ac_t""$CC" 1>&6 -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ ;; -+ esac -+ fi - test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } - fi - - echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 --echo "configure:752: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 -+echo "configure:804: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 - - ac_ext=c - # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. - ac_cpp='$CPP $CPPFLAGS' - ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' --ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' - cross_compiling=$ac_cv_prog_cc_cross - --cat > conftest.$ac_ext <<EOF --#line 762 "configure" -+cat > conftest.$ac_ext << EOF -+ -+#line 815 "configure" - #include "confdefs.h" -+ - main(){return(0);} - EOF --if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - ac_cv_prog_cc_works=yes - # If we can't run a trivial program, we are probably using a cross compiler. - if (./conftest; exit) 2>/dev/null; then -@@ -776,18 +830,24 @@ - ac_cv_prog_cc_works=no - fi - rm -fr conftest* -+ac_ext=c -+# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -+ac_cpp='$CPP $CPPFLAGS' -+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -+ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -+cross_compiling=$ac_cv_prog_cc_cross - - echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 - if test $ac_cv_prog_cc_works = no; then - { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } - fi - echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 --echo "configure:786: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -+echo "configure:846: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 - echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 - cross_compiling=$ac_cv_prog_cc_cross - - echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 --echo "configure:791: checking whether we are using GNU C" >&5 -+echo "configure:851: checking whether we are using GNU C" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -796,7 +856,7 @@ - yes; - #endif - EOF --if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:800: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then -+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:860: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then - ac_cv_prog_gcc=yes - else - ac_cv_prog_gcc=no -@@ -807,11 +867,15 @@ - - if test $ac_cv_prog_gcc = yes; then - GCC=yes -- ac_test_CFLAGS="${CFLAGS+set}" -- ac_save_CFLAGS="$CFLAGS" -- CFLAGS= -- echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 --echo "configure:815: checking whether ${CC-cc} accepts -g" >&5 -+else -+ GCC= -+fi -+ -+ac_test_CFLAGS="${CFLAGS+set}" -+ac_save_CFLAGS="$CFLAGS" -+CFLAGS= -+echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -+echo "configure:879: checking whether ${CC-cc} accepts -g" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -826,20 +890,104 @@ - fi - - echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 -- if test "$ac_test_CFLAGS" = set; then -- CFLAGS="$ac_save_CFLAGS" -- elif test $ac_cv_prog_cc_g = yes; then -+if test "$ac_test_CFLAGS" = set; then -+ CFLAGS="$ac_save_CFLAGS" -+elif test $ac_cv_prog_cc_g = yes; then -+ if test "$GCC" = yes; then - CFLAGS="-g -O2" - else -+ CFLAGS="-g" -+ fi -+else -+ if test "$GCC" = yes; then - CFLAGS="-O2" -+ else -+ CFLAGS= - fi -+fi -+ -+echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -+echo "configure:911: checking how to run the C preprocessor" >&5 -+# On Suns, sometimes $CPP names a directory. -+if test -n "$CPP" && test -d "$CPP"; then -+ CPP= -+fi -+if test -z "$CPP"; then -+if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 - else -- GCC= -- test "${CFLAGS+set}" = set || CFLAGS="-g" -+ # This must be in double quotes, not single quotes, because CPP may get -+ # substituted into the Makefile and "${CC-cc}" will confuse make. -+ CPP="${CC-cc} -E" -+ # On the NeXT, cc -E runs the code through the compiler's parser, -+ # not just through cpp. -+ cat > conftest.$ac_ext <<EOF -+#line 926 "configure" -+#include "confdefs.h" -+#include <assert.h> -+Syntax Error -+EOF -+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:932: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -+if test -z "$ac_err"; then -+ : -+else -+ echo "$ac_err" >&5 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ CPP="${CC-cc} -E -traditional-cpp" -+ cat > conftest.$ac_ext <<EOF -+#line 943 "configure" -+#include "confdefs.h" -+#include <assert.h> -+Syntax Error -+EOF -+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -+if test -z "$ac_err"; then -+ : -+else -+ echo "$ac_err" >&5 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ CPP="${CC-cc} -nologo -E" -+ cat > conftest.$ac_ext <<EOF -+#line 960 "configure" -+#include "confdefs.h" -+#include <assert.h> -+Syntax Error -+EOF -+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:966: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -+if test -z "$ac_err"; then -+ : -+else -+ echo "$ac_err" >&5 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ CPP=/lib/cpp -+fi -+rm -f conftest* -+fi -+rm -f conftest* -+fi -+rm -f conftest* -+ ac_cv_prog_CPP="$CPP" -+fi -+ CPP="$ac_cv_prog_CPP" -+else -+ ac_cv_prog_CPP="$CPP" - fi -+echo "$ac_t""$CPP" 1>&6 - - echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 --echo "configure:843: checking for POSIXized ISC" >&5 -+echo "configure:991: checking for POSIXized ISC" >&5 - if test -d /etc/conf/kconfig.d && - grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 - then -@@ -860,6 +1008,202 @@ - fi - - -+echo $ac_n "checking whether to enable ipv6""... $ac_c" 1>&6 -+echo "configure:1013: checking whether to enable ipv6" >&5 -+# Check whether --enable-ipv6 or --disable-ipv6 was given. -+if test "${enable_ipv6+set}" = set; then -+ enableval="$enable_ipv6" -+ case "$enableval" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ipv6=no -+ ;; -+ *) echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_IPV6 1 -+EOF -+ -+ ipv6=yes -+ ;; -+ esac -+else -+ if test "$cross_compiling" = yes; then -+ echo "$ac_t""no" 1>&6 -+ ipv6=no -+ -+else -+ cat > conftest.$ac_ext <<EOF -+#line 1037 "configure" -+#include "confdefs.h" -+ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+ -+EOF -+if { (eval echo configure:1051: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -+then -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_IPV6 1 -+EOF -+ -+ ipv6=yes -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -fr conftest* -+ echo "$ac_t""no" 1>&6 -+ ipv6=no -+fi -+rm -fr conftest* -+fi -+ -+fi -+ -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ echo $ac_n "checking ipv6 stack type""... $ac_c" 1>&6 -+echo "configure:1077: checking ipv6 stack type" >&5 -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ cat > conftest.$ac_ext <<EOF -+#line 1082 "configure" -+#include "confdefs.h" -+dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ kame) -+ cat > conftest.$ac_ext <<EOF -+#line 1101 "configure" -+#include "confdefs.h" -+dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ linux) -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ cat > conftest.$ac_ext <<EOF -+#line 1128 "configure" -+#include "confdefs.h" -+dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ v6d) -+ cat > conftest.$ac_ext <<EOF -+#line 1149 "configure" -+#include "confdefs.h" -+dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ zeta) -+ cat > conftest.$ac_ext <<EOF -+#line 1170 "configure" -+#include "confdefs.h" -+dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ echo "$ac_t""$ipv6type" 1>&6 -+fi -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ - cat >> confdefs.h <<EOF - #define HOSTTYPE "$host" - EOF -@@ -876,20 +1220,12 @@ - ;; - *-*-solaris*) - # solaris stuff. appro@fy.chalmers.se -- cat >> confdefs.h <<\EOF --#define SECURE_RPC 1 --EOF -- -- cat >> confdefs.h <<\EOF --#define SECURE_NFS 1 --EOF -- -+# this stuff breaks AFS/Kerberos. YUCK. -+# AC_DEFINE(SECURE_RPC) -+# AC_DEFINE(SECURE_NFS) - # NIS+ is forced so that we don't have to recompile - # if we move to NIS+. appro@fy.chalmers.se -- cat >> confdefs.h <<\EOF --#define NIS_PLUS 1 --EOF -- -+# AC_DEFINE(NIS_PLUS) - ;; - *-*-sunos*) - os_sunos=yes -@@ -931,14 +1267,14 @@ - no_shadows_password_checking=yes - # We want support for <proj.h> eivind@ii.uib.no - cat > conftest.$ac_ext <<EOF --#line 935 "configure" -+#line 1271 "configure" - #include "confdefs.h" - #include <proj.h> - int main() { - int foo = MAXPROJNAMELEN; - ; return 0; } - EOF --if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1278: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - cat >> confdefs.h <<\EOF - #define HAVE_SGI_PROJ_H 1 -@@ -953,7 +1289,7 @@ - *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4) - os_aix=yes - echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 --echo "configure:957: checking for getuserattr in -ls" >&5 -+echo "configure:1293: checking for getuserattr in -ls" >&5 - ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -961,7 +1297,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ls $LIBS" - cat > conftest.$ac_ext <<EOF --#line 965 "configure" -+#line 1301 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -972,7 +1308,7 @@ - getuserattr() - ; return 0; } - EOF --if { (eval echo configure:976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1004,7 +1340,7 @@ - no_utmpx=yes - os_aix=yes - echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 --echo "configure:1008: checking for getuserattr in -ls" >&5 -+echo "configure:1344: checking for getuserattr in -ls" >&5 - ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1012,7 +1348,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ls $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1016 "configure" -+#line 1352 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1023,7 +1359,7 @@ - getuserattr() - ; return 0; } - EOF --if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1054,7 +1390,7 @@ - *-ibm-aix*) - os_aix=yes - echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 --echo "configure:1058: checking for getuserattr in -ls" >&5 -+echo "configure:1394: checking for getuserattr in -ls" >&5 - ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1062,7 +1398,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ls $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1066 "configure" -+#line 1402 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1073,7 +1409,7 @@ - getuserattr() - ; return 0; } - EOF --if { (eval echo configure:1077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1413: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1123,7 +1459,7 @@ - # Ultrix shadow passwords implemented in auth-passwd.c. - no_shadows_password_checking=yes - echo $ac_n "checking for authenticate_user in -lauth""... $ac_c" 1>&6 --echo "configure:1127: checking for authenticate_user in -lauth" >&5 -+echo "configure:1463: checking for authenticate_user in -lauth" >&5 - ac_lib_var=`echo auth'_'authenticate_user | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1131,7 +1467,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lauth $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1135 "configure" -+#line 1471 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1142,7 +1478,7 @@ - authenticate_user() - ; return 0; } - EOF --if { (eval echo configure:1146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1170,14 +1506,14 @@ - fi - - cat > conftest.$ac_ext <<EOF --#line 1174 "configure" -+#line 1510 "configure" - #include "confdefs.h" - #include <syslog.h> - int main() { - int foo = LOG_DAEMON; - ; return 0; } - EOF --if { (eval echo configure:1181: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1517: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - : - else - echo "configure: failed program was:" >&5 -@@ -1215,7 +1551,7 @@ - CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" - fi - echo $ac_n "checking for HPUX tcb auth option""... $ac_c" 1>&6 --echo "configure:1219: checking for HPUX tcb auth option" >&5 -+echo "configure:1555: checking for HPUX tcb auth option" >&5 - if test -f /tcb/files/auth/system/pw_id_map; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -@@ -1227,7 +1563,7 @@ - echo "$ac_t""no" 1>&6 - fi - echo $ac_n "checking for keyserv""... $ac_c" 1>&6 --echo "configure:1231: checking for keyserv" >&5 -+echo "configure:1567: checking for keyserv" >&5 - if test -f /usr/sbin/keyserv; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -@@ -1256,7 +1592,7 @@ - # The man page says that we need -lsecurity -ldb -laud -lm to quickstart - # programs using enchanced security. - echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 --echo "configure:1260: checking for set_auth_parameters in -lsecurity" >&5 -+echo "configure:1596: checking for set_auth_parameters in -lsecurity" >&5 - ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1264,7 +1600,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsecurity $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1268 "configure" -+#line 1604 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1275,7 +1611,7 @@ - set_auth_parameters() - ; return 0; } - EOF --if { (eval echo configure:1279: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1615: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1303,7 +1639,7 @@ - fi - - echo $ac_n "checking for audgen in -laud""... $ac_c" 1>&6 --echo "configure:1307: checking for audgen in -laud" >&5 -+echo "configure:1643: checking for audgen in -laud" >&5 - ac_lib_var=`echo aud'_'audgen | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1311,7 +1647,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-laud $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1315 "configure" -+#line 1651 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1322,7 +1658,7 @@ - audgen() - ; return 0; } - EOF --if { (eval echo configure:1326: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1350,7 +1686,7 @@ - fi - - echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 --echo "configure:1354: checking for dbopen in -ldb" >&5 -+echo "configure:1690: checking for dbopen in -ldb" >&5 - ac_lib_var=`echo db'_'dbopen | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1358,7 +1694,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldb $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1362 "configure" -+#line 1698 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1369,7 +1705,7 @@ - dbopen() - ; return 0; } - EOF --if { (eval echo configure:1373: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1397,7 +1733,7 @@ - fi - - echo $ac_n "checking for sin in -lm""... $ac_c" 1>&6 --echo "configure:1401: checking for sin in -lm" >&5 -+echo "configure:1737: checking for sin in -lm" >&5 - ac_lib_var=`echo m'_'sin | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1405,7 +1741,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lm $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1409 "configure" -+#line 1745 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1416,7 +1752,7 @@ - sin() - ; return 0; } - EOF --if { (eval echo configure:1420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1756: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1446,12 +1782,12 @@ - for ac_func in setluid - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1450: checking for $ac_func" >&5 -+echo "configure:1786: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 1455 "configure" -+#line 1791 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -1474,7 +1810,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1478: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -1507,7 +1843,7 @@ - OLD_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -I." - cat > conftest.$ac_ext <<EOF --#line 1511 "configure" -+#line 1847 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/security.h> -@@ -1516,7 +1852,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1520: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1856: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - : - else - echo "configure: failed program was:" >&5 -@@ -1545,12 +1881,12 @@ - *-*-linux*|*-*-mklinux*) - CFLAGS="-D_GNU_SOURCE $CFLAGS" - echo $ac_n "checking for getspnam""... $ac_c" 1>&6 --echo "configure:1549: checking for getspnam" >&5 -+echo "configure:1885: checking for getspnam" >&5 - if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 1554 "configure" -+#line 1890 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getspnam(); below. */ -@@ -1573,7 +1909,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1913: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_getspnam=yes" - else -@@ -1594,7 +1930,7 @@ - - if test $ac_cv_func_getspnam = no; then - echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 --echo "configure:1598: checking for getspnam in -lshadow" >&5 -+echo "configure:1934: checking for getspnam in -lshadow" >&5 - ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1602,7 +1938,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lshadow $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1606 "configure" -+#line 1942 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1613,7 +1949,7 @@ - getspnam() - ; return 0; } - EOF --if { (eval echo configure:1617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1953: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1651,12 +1987,12 @@ - for ac_func in pw_encrypt - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:1655: checking for $ac_func" >&5 -+echo "configure:1991: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 1660 "configure" -+#line 1996 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -1679,7 +2015,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:1683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -1705,7 +2041,7 @@ - - if test $ac_cv_func_pw_encrypt = no; then - echo $ac_n "checking for pw_encrypt in -lshadow""... $ac_c" 1>&6 --echo "configure:1709: checking for pw_encrypt in -lshadow" >&5 -+echo "configure:2045: checking for pw_encrypt in -lshadow" >&5 - ac_lib_var=`echo shadow'_'pw_encrypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1713,7 +2049,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lshadow $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1717 "configure" -+#line 2053 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1724,7 +2060,7 @@ - pw_encrypt() - ; return 0; } - EOF --if { (eval echo configure:1728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1748,7 +2084,7 @@ - - fi - echo $ac_n "checking whether to enable pw_encrypt""... $ac_c" 1>&6 --echo "configure:1752: checking whether to enable pw_encrypt" >&5 -+echo "configure:2088: checking whether to enable pw_encrypt" >&5 - # Check whether --enable-deprecated-linux-pw-encrypt or --disable-deprecated-linux-pw-encrypt was given. - if test "${enable_deprecated_linux_pw_encrypt+set}" = set; then - enableval="$enable_deprecated_linux_pw_encrypt" -@@ -1825,7 +2161,7 @@ - EOF - - echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 --echo "configure:1829: checking for openlog in -lgen" >&5 -+echo "configure:2165: checking for openlog in -lgen" >&5 - ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1833,7 +2169,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lgen $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1837 "configure" -+#line 2173 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1844,7 +2180,7 @@ - openlog() - ; return 0; } - EOF --if { (eval echo configure:1848: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2184: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1874,7 +2210,7 @@ - ;; - *-*-sysv4*) - echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 --echo "configure:1878: checking for openlog in -lgen" >&5 -+echo "configure:2214: checking for openlog in -lgen" >&5 - ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1882,7 +2218,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lgen $LIBS" - cat > conftest.$ac_ext <<EOF --#line 1886 "configure" -+#line 2222 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -1893,7 +2229,7 @@ - openlog() - ; return 0; } - EOF --if { (eval echo configure:1897: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2233: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -1989,24 +2325,18 @@ - - export CFLAGS CC - --# Socket pairs appear to be broken on several systems. I don't know exactly --# where, so I'll use pipes everywhere for now. --cat >> confdefs.h <<\EOF --#define USE_PIPES 1 --EOF -- - - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 --echo "configure:2001: checking that the compiler works" >&5 -+echo "configure:2331: checking that the compiler works" >&5 - if test "$cross_compiling" = yes; then - { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; } - else - cat > conftest.$ac_ext <<EOF --#line 2006 "configure" -+#line 2336 "configure" - #include "confdefs.h" - main(int ac, char **av) { return 0; } - EOF --if { (eval echo configure:2010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - echo "$ac_t""yes" 1>&6 - else -@@ -2023,18 +2353,18 @@ - if test -z "$no_pipe"; then - if test -n "$GCC"; then - echo $ac_n "checking if the compiler understands -pipe""... $ac_c" 1>&6 --echo "configure:2027: checking if the compiler understands -pipe" >&5 -+echo "configure:2357: checking if the compiler understands -pipe" >&5 - OLDCC="$CC" - CC="$CC -pipe" - cat > conftest.$ac_ext <<EOF --#line 2031 "configure" -+#line 2361 "configure" - #include "confdefs.h" - - int main() { - - ; return 0; } - EOF --if { (eval echo configure:2038: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2368: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - echo "$ac_t""yes" 1>&6 - else -@@ -2049,7 +2379,7 @@ - fi - - echo $ac_n "checking whether to enable -Wall""... $ac_c" 1>&6 --echo "configure:2053: checking whether to enable -Wall" >&5 -+echo "configure:2383: checking whether to enable -Wall" >&5 - # Check whether --enable-warnings or --disable-warnings was given. - if test "${enable_warnings+set}" = set; then - enableval="$enable_warnings" -@@ -2063,12 +2393,12 @@ - - - echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 --echo "configure:2067: checking return type of signal handlers" >&5 -+echo "configure:2397: checking return type of signal handlers" >&5 - if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2072 "configure" -+#line 2402 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <signal.h> -@@ -2085,7 +2415,7 @@ - int i; - ; return 0; } - EOF --if { (eval echo configure:2089: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_type_signal=void - else -@@ -2103,74 +2433,13 @@ - EOF - - --echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 --echo "configure:2108: checking how to run the C preprocessor" >&5 --# On Suns, sometimes $CPP names a directory. --if test -n "$CPP" && test -d "$CPP"; then -- CPP= --fi --if test -z "$CPP"; then --if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then -- echo $ac_n "(cached) $ac_c" 1>&6 --else -- # This must be in double quotes, not single quotes, because CPP may get -- # substituted into the Makefile and "${CC-cc}" will confuse make. -- CPP="${CC-cc} -E" -- # On the NeXT, cc -E runs the code through the compiler's parser, -- # not just through cpp. -- cat > conftest.$ac_ext <<EOF --#line 2123 "configure" --#include "confdefs.h" --#include <assert.h> --Syntax Error --EOF --ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2129: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` --if test -z "$ac_err"; then -- : --else -- echo "$ac_err" >&5 -- echo "configure: failed program was:" >&5 -- cat conftest.$ac_ext >&5 -- rm -rf conftest* -- CPP="${CC-cc} -E -traditional-cpp" -- cat > conftest.$ac_ext <<EOF --#line 2140 "configure" --#include "confdefs.h" --#include <assert.h> --Syntax Error --EOF --ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2146: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` --if test -z "$ac_err"; then -- : --else -- echo "$ac_err" >&5 -- echo "configure: failed program was:" >&5 -- cat conftest.$ac_ext >&5 -- rm -rf conftest* -- CPP=/lib/cpp --fi --rm -f conftest* --fi --rm -f conftest* -- ac_cv_prog_CPP="$CPP" --fi -- CPP="$ac_cv_prog_CPP" --else -- ac_cv_prog_CPP="$CPP" --fi --echo "$ac_t""$CPP" 1>&6 -- - echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 --echo "configure:2169: checking for ANSI C header files" >&5 -+echo "configure:2438: checking for ANSI C header files" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2174 "configure" -+#line 2443 "configure" - #include "confdefs.h" - #include <stdlib.h> - #include <stdarg.h> -@@ -2178,8 +2447,8 @@ - #include <float.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:2451: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - ac_cv_header_stdc=yes -@@ -2195,7 +2464,7 @@ - if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2199 "configure" -+#line 2468 "configure" - #include "confdefs.h" - #include <string.h> - EOF -@@ -2213,7 +2482,7 @@ - if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2217 "configure" -+#line 2486 "configure" - #include "confdefs.h" - #include <stdlib.h> - EOF -@@ -2234,7 +2503,7 @@ - : - else - cat > conftest.$ac_ext <<EOF --#line 2238 "configure" -+#line 2507 "configure" - #include "confdefs.h" - #include <ctype.h> - #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -2245,7 +2514,7 @@ - exit (0); } - - EOF --if { (eval echo configure:2249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2518: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - : - else -@@ -2269,12 +2538,12 @@ - fi - - echo $ac_n "checking for size_t""... $ac_c" 1>&6 --echo "configure:2273: checking for size_t" >&5 -+echo "configure:2542: checking for size_t" >&5 - if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2278 "configure" -+#line 2547 "configure" - #include "confdefs.h" - #include <sys/types.h> - #if STDC_HEADERS -@@ -2283,7 +2552,7 @@ - #endif - EOF - if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then -+ egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_size_t=yes - else -@@ -2302,12 +2571,12 @@ - fi - - echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 --echo "configure:2306: checking for uid_t in sys/types.h" >&5 -+echo "configure:2575: checking for uid_t in sys/types.h" >&5 - if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2311 "configure" -+#line 2580 "configure" - #include "confdefs.h" - #include <sys/types.h> - EOF -@@ -2336,12 +2605,12 @@ - fi - - echo $ac_n "checking for off_t""... $ac_c" 1>&6 --echo "configure:2340: checking for off_t" >&5 -+echo "configure:2609: checking for off_t" >&5 - if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2345 "configure" -+#line 2614 "configure" - #include "confdefs.h" - #include <sys/types.h> - #if STDC_HEADERS -@@ -2350,7 +2619,7 @@ - #endif - EOF - if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then -+ egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_off_t=yes - else -@@ -2369,12 +2638,12 @@ - fi - - echo $ac_n "checking for mode_t""... $ac_c" 1>&6 --echo "configure:2373: checking for mode_t" >&5 -+echo "configure:2642: checking for mode_t" >&5 - if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2378 "configure" -+#line 2647 "configure" - #include "confdefs.h" - #include <sys/types.h> - #if STDC_HEADERS -@@ -2383,7 +2652,7 @@ - #endif - EOF - if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -- egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then -+ egrep "(^|[^a-zA-Z_0-9])mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* - ac_cv_type_mode_t=yes - else -@@ -2402,12 +2671,12 @@ - fi - - echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 --echo "configure:2406: checking for st_blksize in struct stat" >&5 -+echo "configure:2675: checking for st_blksize in struct stat" >&5 - if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2411 "configure" -+#line 2680 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/stat.h> -@@ -2415,7 +2684,7 @@ - struct stat s; s.st_blksize; - ; return 0; } - EOF --if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2688: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_struct_st_blksize=yes - else -@@ -2437,12 +2706,12 @@ - - - echo $ac_n "checking for working const""... $ac_c" 1>&6 --echo "configure:2441: checking for working const" >&5 -+echo "configure:2710: checking for working const" >&5 - if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2446 "configure" -+#line 2715 "configure" - #include "confdefs.h" - - int main() { -@@ -2491,7 +2760,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:2495: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2764: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_const=yes - else -@@ -2512,21 +2781,21 @@ - fi - - echo $ac_n "checking for inline""... $ac_c" 1>&6 --echo "configure:2516: checking for inline" >&5 -+echo "configure:2785: checking for inline" >&5 - if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_cv_c_inline=no - for ac_kw in inline __inline__ __inline; do - cat > conftest.$ac_ext <<EOF --#line 2523 "configure" -+#line 2792 "configure" - #include "confdefs.h" - - int main() { - } $ac_kw foo() { - ; return 0; } - EOF --if { (eval echo configure:2530: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_inline=$ac_kw; break - else -@@ -2552,14 +2821,14 @@ - esac - - echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 --echo "configure:2556: checking whether byte ordering is bigendian" >&5 -+echo "configure:2825: checking whether byte ordering is bigendian" >&5 - if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_cv_c_bigendian=unknown - # See if sys/param.h defines the BYTE_ORDER macro. - cat > conftest.$ac_ext <<EOF --#line 2563 "configure" -+#line 2832 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/param.h> -@@ -2570,11 +2839,11 @@ - #endif - ; return 0; } - EOF --if { (eval echo configure:2574: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2843: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - # It does; now see whether it defined to BIG_ENDIAN or not. - cat > conftest.$ac_ext <<EOF --#line 2578 "configure" -+#line 2847 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/param.h> -@@ -2585,7 +2854,7 @@ - #endif - ; return 0; } - EOF --if { (eval echo configure:2589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2858: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_c_bigendian=yes - else -@@ -2605,7 +2874,7 @@ - { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } - else - cat > conftest.$ac_ext <<EOF --#line 2609 "configure" -+#line 2878 "configure" - #include "confdefs.h" - main () { - /* Are we little or big endian? From Harbison&Steele. */ -@@ -2618,7 +2887,7 @@ - exit (u.c[sizeof (long) - 1] == 1); - } - EOF --if { (eval echo configure:2622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2891: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_c_bigendian=no - else -@@ -2642,7 +2911,7 @@ - fi - - echo $ac_n "checking size of long""... $ac_c" 1>&6 --echo "configure:2646: checking size of long" >&5 -+echo "configure:2915: checking size of long" >&5 - if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -2650,7 +2919,7 @@ - ac_cv_sizeof_long=4 - else - cat > conftest.$ac_ext <<EOF --#line 2654 "configure" -+#line 2923 "configure" - #include "confdefs.h" - #include <stdio.h> - main() -@@ -2661,7 +2930,7 @@ - exit(0); - } - EOF --if { (eval echo configure:2665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2934: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_sizeof_long=`cat conftestval` - else -@@ -2681,7 +2950,7 @@ - - - echo $ac_n "checking size of int""... $ac_c" 1>&6 --echo "configure:2685: checking size of int" >&5 -+echo "configure:2954: checking size of int" >&5 - if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -2689,7 +2958,7 @@ - ac_cv_sizeof_int=4 - else - cat > conftest.$ac_ext <<EOF --#line 2693 "configure" -+#line 2962 "configure" - #include "confdefs.h" - #include <stdio.h> - main() -@@ -2700,7 +2969,7 @@ - exit(0); - } - EOF --if { (eval echo configure:2704: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2973: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_sizeof_int=`cat conftestval` - else -@@ -2720,7 +2989,7 @@ - - - echo $ac_n "checking size of short""... $ac_c" 1>&6 --echo "configure:2724: checking size of short" >&5 -+echo "configure:2993: checking size of short" >&5 - if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -2728,7 +2997,7 @@ - ac_cv_sizeof_short=2 - else - cat > conftest.$ac_ext <<EOF --#line 2732 "configure" -+#line 3001 "configure" - #include "confdefs.h" - #include <stdio.h> - main() -@@ -2739,7 +3008,7 @@ - exit(0); - } - EOF --if { (eval echo configure:2743: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:3012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - ac_cv_sizeof_short=`cat conftestval` - else -@@ -2764,18 +3033,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:2768: checking for $ac_hdr" >&5 -+echo "configure:3037: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2773 "configure" -+#line 3042 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2778: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3047: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -2807,18 +3076,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:2811: checking for $ac_hdr" >&5 -+echo "configure:3080: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2816 "configure" -+#line 3085 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3090: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -2844,9 +3113,9 @@ - done - - echo $ac_n "checking whether utmpx have ut_syslen field""... $ac_c" 1>&6 --echo "configure:2848: checking whether utmpx have ut_syslen field" >&5 -+echo "configure:3117: checking whether utmpx have ut_syslen field" >&5 - cat > conftest.$ac_ext <<EOF --#line 2850 "configure" -+#line 3119 "configure" - #include "confdefs.h" - #include <utmpx.h> - EOF -@@ -2867,12 +3136,12 @@ - fi - - echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 --echo "configure:2871: checking for ANSI C header files" >&5 -+echo "configure:3140: checking for ANSI C header files" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2876 "configure" -+#line 3145 "configure" - #include "confdefs.h" - #include <stdlib.h> - #include <stdarg.h> -@@ -2880,8 +3149,8 @@ - #include <float.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:2884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3153: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - ac_cv_header_stdc=yes -@@ -2897,7 +3166,7 @@ - if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2901 "configure" -+#line 3170 "configure" - #include "confdefs.h" - #include <string.h> - EOF -@@ -2915,7 +3184,7 @@ - if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat > conftest.$ac_ext <<EOF --#line 2919 "configure" -+#line 3188 "configure" - #include "confdefs.h" - #include <stdlib.h> - EOF -@@ -2936,7 +3205,7 @@ - : - else - cat > conftest.$ac_ext <<EOF --#line 2940 "configure" -+#line 3209 "configure" - #include "confdefs.h" - #include <ctype.h> - #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -2947,7 +3216,7 @@ - exit (0); } - - EOF --if { (eval echo configure:2951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:3220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null - then - : - else -@@ -2971,12 +3240,12 @@ - fi - - echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 --echo "configure:2975: checking for sys/wait.h that is POSIX.1 compatible" >&5 -+echo "configure:3244: checking for sys/wait.h that is POSIX.1 compatible" >&5 - if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 2980 "configure" -+#line 3249 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/wait.h> -@@ -2992,7 +3261,7 @@ - s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; - ; return 0; } - EOF --if { (eval echo configure:2996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3265: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_header_sys_wait_h=yes - else -@@ -3016,18 +3285,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3020: checking for $ac_hdr" >&5 -+echo "configure:3289: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3025 "configure" -+#line 3294 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3030: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3299: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3052,22 +3321,22 @@ - fi - done - --for ac_hdr in sgtty.h sys/select.h sys/ioctl.h machine/endian.h -+for ac_hdr in sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3060: checking for $ac_hdr" >&5 -+echo "configure:3329: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3065 "configure" -+#line 3334 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3070: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3339: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3096,18 +3365,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3100: checking for $ac_hdr" >&5 -+echo "configure:3369: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3105 "configure" -+#line 3374 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3379: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3136,18 +3405,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3140: checking for $ac_hdr" >&5 -+echo "configure:3409: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3145 "configure" -+#line 3414 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3150: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3176,18 +3445,18 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 --echo "configure:3180: checking for $ac_hdr" >&5 -+echo "configure:3449: checking for $ac_hdr" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3185 "configure" -+#line 3454 "configure" - #include "confdefs.h" - #include <$ac_hdr> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3459: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3213,12 +3482,12 @@ - done - - echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 --echo "configure:3217: checking whether time.h and sys/time.h may both be included" >&5 -+echo "configure:3486: checking whether time.h and sys/time.h may both be included" >&5 - if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3222 "configure" -+#line 3491 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/time.h> -@@ -3227,7 +3496,7 @@ - struct tm *tp; - ; return 0; } - EOF --if { (eval echo configure:3231: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3500: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - ac_cv_header_time=yes - else -@@ -3252,12 +3521,12 @@ - do - ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 --echo "configure:3256: checking for $ac_hdr that defines DIR" >&5 -+echo "configure:3525: checking for $ac_hdr that defines DIR" >&5 - if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3261 "configure" -+#line 3530 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <$ac_hdr> -@@ -3265,7 +3534,7 @@ - DIR *dirp = 0; - ; return 0; } - EOF --if { (eval echo configure:3269: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3538: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - eval "ac_cv_header_dirent_$ac_safe=yes" - else -@@ -3290,7 +3559,7 @@ - # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. - if test $ac_header_dirent = dirent.h; then - echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 --echo "configure:3294: checking for opendir in -ldir" >&5 -+echo "configure:3563: checking for opendir in -ldir" >&5 - ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3298,7 +3567,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldir $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3302 "configure" -+#line 3571 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3309,7 +3578,7 @@ - opendir() - ; return 0; } - EOF --if { (eval echo configure:3313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3331,7 +3600,7 @@ - - else - echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 --echo "configure:3335: checking for opendir in -lx" >&5 -+echo "configure:3604: checking for opendir in -lx" >&5 - ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3339,7 +3608,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lx $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3343 "configure" -+#line 3612 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3350,7 +3619,7 @@ - opendir() - ; return 0; } - EOF --if { (eval echo configure:3354: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3373,12 +3642,12 @@ - fi - - echo $ac_n "checking whether stat file-mode macros are broken""... $ac_c" 1>&6 --echo "configure:3377: checking whether stat file-mode macros are broken" >&5 -+echo "configure:3646: checking whether stat file-mode macros are broken" >&5 - if eval "test \"`echo '$''{'ac_cv_header_stat_broken'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3382 "configure" -+#line 3651 "configure" - #include "confdefs.h" - #include <sys/types.h> - #include <sys/stat.h> -@@ -3429,19 +3698,19 @@ - fi - - echo $ac_n "checking whether sys/types.h defines makedev""... $ac_c" 1>&6 --echo "configure:3433: checking whether sys/types.h defines makedev" >&5 -+echo "configure:3702: checking whether sys/types.h defines makedev" >&5 - if eval "test \"`echo '$''{'ac_cv_header_sys_types_h_makedev'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3438 "configure" -+#line 3707 "configure" - #include "confdefs.h" - #include <sys/types.h> - int main() { - return makedev(0, 0); - ; return 0; } - EOF --if { (eval echo configure:3445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_cv_header_sys_types_h_makedev=yes - else -@@ -3459,18 +3728,18 @@ - if test $ac_cv_header_sys_types_h_makedev = no; then - ac_safe=`echo "sys/mkdev.h" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for sys/mkdev.h""... $ac_c" 1>&6 --echo "configure:3463: checking for sys/mkdev.h" >&5 -+echo "configure:3732: checking for sys/mkdev.h" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3468 "configure" -+#line 3737 "configure" - #include "confdefs.h" - #include <sys/mkdev.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3473: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3742: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3497,18 +3766,18 @@ - if test $ac_cv_header_sys_mkdev_h = no; then - ac_safe=`echo "sys/sysmacros.h" | sed 'y%./+-%__p_%'` - echo $ac_n "checking for sys/sysmacros.h""... $ac_c" 1>&6 --echo "configure:3501: checking for sys/sysmacros.h" >&5 -+echo "configure:3770: checking for sys/sysmacros.h" >&5 - if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 3506 "configure" -+#line 3775 "configure" - #include "confdefs.h" - #include <sys/sysmacros.h> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:3511: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3780: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -@@ -3535,9 +3804,9 @@ - fi - - echo $ac_n "checking whether utmp have ut_pid field""... $ac_c" 1>&6 --echo "configure:3539: checking whether utmp have ut_pid field" >&5 -+echo "configure:3808: checking whether utmp have ut_pid field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3541 "configure" -+#line 3810 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3556,9 +3825,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_name field""... $ac_c" 1>&6 --echo "configure:3560: checking whether utmp have ut_name field" >&5 -+echo "configure:3829: checking whether utmp have ut_name field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3562 "configure" -+#line 3831 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3577,9 +3846,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_id field""... $ac_c" 1>&6 --echo "configure:3581: checking whether utmp have ut_id field" >&5 -+echo "configure:3850: checking whether utmp have ut_id field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3583 "configure" -+#line 3852 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3598,9 +3867,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_host field""... $ac_c" 1>&6 --echo "configure:3602: checking whether utmp have ut_host field" >&5 -+echo "configure:3871: checking whether utmp have ut_host field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3604 "configure" -+#line 3873 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3619,9 +3888,9 @@ - rm -f conftest* - - echo $ac_n "checking whether utmp have ut_addr field""... $ac_c" 1>&6 --echo "configure:3623: checking whether utmp have ut_addr field" >&5 -+echo "configure:3892: checking whether utmp have ut_addr field" >&5 - cat > conftest.$ac_ext <<EOF --#line 3625 "configure" -+#line 3894 "configure" - #include "confdefs.h" - #include <utmp.h> - EOF -@@ -3640,9 +3909,9 @@ - rm -f conftest* - - echo $ac_n "checking whether you have incompatible SIGINFO macro""... $ac_c" 1>&6 --echo "configure:3644: checking whether you have incompatible SIGINFO macro" >&5 -+echo "configure:3913: checking whether you have incompatible SIGINFO macro" >&5 - cat > conftest.$ac_ext <<EOF --#line 3646 "configure" -+#line 3915 "configure" - #include "confdefs.h" - #include <sys/siginfo.h> - SIGINFO(p,1) -@@ -3662,8 +3931,69 @@ - rm -f conftest* - - -+echo $ac_n "checking whether sys/socket.h have struct sockaddr_storage""... $ac_c" 1>&6 -+echo "configure:3936: checking whether sys/socket.h have struct sockaddr_storage" >&5 -+cat > conftest.$ac_ext <<EOF -+#line 3938 "configure" -+#include "confdefs.h" -+#include <sys/socket.h> -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "sockaddr_storage" >/dev/null 2>&1; then -+ rm -rf conftest* -+ cat >> confdefs.h <<\EOF -+#define HAVE_SOCKADDR_STORAGE 1 -+EOF -+ echo "$ac_t""yes" 1>&6 -+else -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ -+echo $ac_n "checking whether sys/socket.h have __ss_family""... $ac_c" 1>&6 -+echo "configure:3956: checking whether sys/socket.h have __ss_family" >&5 -+cat > conftest.$ac_ext <<EOF -+#line 3958 "configure" -+#include "confdefs.h" -+#include <sys/socket.h> -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "__ss_family" >/dev/null 2>&1; then -+ rm -rf conftest* -+ cat >> confdefs.h <<\EOF -+#define HAVE_NEW_SS_FAMILY 1 -+EOF -+ echo "$ac_t""yes" 1>&6 -+else -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ -+echo $ac_n "checking whether sys/socket.h have sa_len""... $ac_c" 1>&6 -+echo "configure:3976: checking whether sys/socket.h have sa_len" >&5 -+cat > conftest.$ac_ext <<EOF -+#line 3978 "configure" -+#include "confdefs.h" -+#include <sys/socket.h> -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "sa_len" >/dev/null 2>&1; then -+ rm -rf conftest* -+ cat >> confdefs.h <<\EOF -+#define HAVE_SOCKADDR_LEN 1 -+EOF -+ echo "$ac_t""yes" 1>&6 -+else -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ -+ - echo $ac_n "checking for crypt in -lc""... $ac_c" 1>&6 --echo "configure:3667: checking for crypt in -lc" >&5 -+echo "configure:3997: checking for crypt in -lc" >&5 - ac_lib_var=`echo c'_'crypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3671,7 +4001,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lc $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3675 "configure" -+#line 4005 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3682,7 +4012,7 @@ - crypt() - ; return 0; } - EOF --if { (eval echo configure:3686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3701,7 +4031,7 @@ - else - echo "$ac_t""no" 1>&6 - echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 --echo "configure:3705: checking for crypt in -lcrypt" >&5 -+echo "configure:4035: checking for crypt in -lcrypt" >&5 - ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3709,7 +4039,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lcrypt $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3713 "configure" -+#line 4043 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3720,7 +4050,7 @@ - crypt() - ; return 0; } - EOF --if { (eval echo configure:3724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3750,7 +4080,7 @@ - fi - - echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 --echo "configure:3754: checking for getspnam in -lsec" >&5 -+echo "configure:4084: checking for getspnam in -lsec" >&5 - ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3758,7 +4088,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsec $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3762 "configure" -+#line 4092 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3769,7 +4099,7 @@ - getspnam() - ; return 0; } - EOF --if { (eval echo configure:3773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3797,7 +4127,7 @@ - fi - - echo $ac_n "checking for get_process_stats in -lseq""... $ac_c" 1>&6 --echo "configure:3801: checking for get_process_stats in -lseq" >&5 -+echo "configure:4131: checking for get_process_stats in -lseq" >&5 - ac_lib_var=`echo seq'_'get_process_stats | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3805,7 +4135,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lseq $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3809 "configure" -+#line 4139 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3816,7 +4146,7 @@ - get_process_stats() - ; return 0; } - EOF --if { (eval echo configure:3820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3844,7 +4174,7 @@ - fi - - echo $ac_n "checking for bcopy in -lbsd""... $ac_c" 1>&6 --echo "configure:3848: checking for bcopy in -lbsd" >&5 -+echo "configure:4178: checking for bcopy in -lbsd" >&5 - ac_lib_var=`echo bsd'_'bcopy | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3852,7 +4182,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lbsd $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3856 "configure" -+#line 4186 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3863,7 +4193,7 @@ - bcopy() - ; return 0; } - EOF --if { (eval echo configure:3867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3892,7 +4222,7 @@ - - if test -z "$no_libnsl"; then - echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 --echo "configure:3896: checking for main in -lnsl" >&5 -+echo "configure:4226: checking for main in -lnsl" >&5 - ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3900,14 +4230,14 @@ - ac_save_LIBS="$LIBS" - LIBS="-lnsl $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3904 "configure" -+#line 4234 "configure" - #include "confdefs.h" - - int main() { - main() - ; return 0; } - EOF --if { (eval echo configure:3911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4241: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3937,7 +4267,7 @@ - fi - if test -n "$test_libinet"; then - echo $ac_n "checking for inet_network in -linet""... $ac_c" 1>&6 --echo "configure:3941: checking for inet_network in -linet" >&5 -+echo "configure:4271: checking for inet_network in -linet" >&5 - ac_lib_var=`echo inet'_'inet_network | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3945,7 +4275,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-linet $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3949 "configure" -+#line 4279 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -3956,7 +4286,7 @@ - inet_network() - ; return 0; } - EOF --if { (eval echo configure:3960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4290: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -3986,7 +4316,7 @@ - fi - if test -z "$no_libsocket"; then - echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 --echo "configure:3990: checking for socket in -lsocket" >&5 -+echo "configure:4320: checking for socket in -lsocket" >&5 - ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3994,7 +4324,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocket $LIBS" - cat > conftest.$ac_ext <<EOF --#line 3998 "configure" -+#line 4328 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4005,7 +4335,7 @@ - socket() - ; return 0; } - EOF --if { (eval echo configure:4009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4339: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4035,7 +4365,7 @@ - fi - if test -z "$no_libsun"; then - echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 --echo "configure:4039: checking for getpwnam in -lsun" >&5 -+echo "configure:4369: checking for getpwnam in -lsun" >&5 - ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4043,7 +4373,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsun $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4047 "configure" -+#line 4377 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4054,7 +4384,7 @@ - getpwnam() - ; return 0; } - EOF --if { (eval echo configure:4058: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4388: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4084,7 +4414,7 @@ - fi - if test -z "$no_libbsd"; then - echo $ac_n "checking for openpty in -lbsd""... $ac_c" 1>&6 --echo "configure:4088: checking for openpty in -lbsd" >&5 -+echo "configure:4418: checking for openpty in -lbsd" >&5 - ac_lib_var=`echo bsd'_'openpty | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4092,7 +4422,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lbsd $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4096 "configure" -+#line 4426 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4103,7 +4433,7 @@ - openpty() - ; return 0; } - EOF --if { (eval echo configure:4107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -4132,7 +4462,7 @@ - - fi - echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 --echo "configure:4136: checking for login in -lutil" >&5 -+echo "configure:4466: checking for login in -lutil" >&5 - ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4140,7 +4470,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lutil $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4144 "configure" -+#line 4474 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -4151,41 +4481,99 @@ - login() - ; return 0; } - EOF --if { (eval echo configure:4155: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* -- eval "ac_cv_lib_$ac_lib_var=no" -+ eval "ac_cv_lib_$ac_lib_var=no" -+fi -+rm -f conftest* -+LIBS="$ac_save_LIBS" -+ -+fi -+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define HAVE_LIBUTIL_LOGIN 1 -+EOF -+ -+ LIBS="$LIBS -lutil" -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ -+ -+if test -z "$no_vhangup"; then -+ for ac_func in vhangup -+do -+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -+echo "configure:4514: checking for $ac_func" >&5 -+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ cat > conftest.$ac_ext <<EOF -+#line 4519 "configure" -+#include "confdefs.h" -+/* System header to define __stub macros and hopefully few prototypes, -+ which can conflict with char $ac_func(); below. */ -+#include <assert.h> -+/* Override any gcc2 internal prototype to avoid an error. */ -+/* We use char because int might match the return type of a gcc2 -+ builtin and then its argument prototype would still apply. */ -+char $ac_func(); -+ -+int main() { -+ -+/* The GNU C library defines this for functions which it implements -+ to always fail with ENOSYS. Some functions are actually named -+ something starting with __ and the normal name is an alias. */ -+#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -+choke me -+#else -+$ac_func(); -+#endif -+ -+; return 0; } -+EOF -+if { (eval echo configure:4542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ eval "ac_cv_func_$ac_func=yes" -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ eval "ac_cv_func_$ac_func=no" - fi - rm -f conftest* --LIBS="$ac_save_LIBS" -- - fi --if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ -+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 -- cat >> confdefs.h <<\EOF --#define HAVE_LIBUTIL_LOGIN 1 -+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` -+ cat >> confdefs.h <<EOF -+#define $ac_tr_func 1 - EOF -- -- LIBS="$LIBS -lutil" -+ - else - echo "$ac_t""no" 1>&6 - fi -+done - -+fi - --if test -z "$no_vhangup"; then -- for ac_func in vhangup -+if test -z "$no_setsid"; then -+ for ac_func in setsid - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4184: checking for $ac_func" >&5 -+echo "configure:4572: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4189 "configure" -+#line 4577 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4208,7 +4596,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4600: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4234,16 +4622,15 @@ - - fi - --if test -z "$no_setsid"; then -- for ac_func in setsid -+for ac_func in gettimeofday times getrusage ftruncate revoke makeutx - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4242: checking for $ac_func" >&5 -+echo "configure:4629: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4247 "configure" -+#line 4634 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4266,7 +4653,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4657: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4290,17 +4677,15 @@ - fi - done - --fi -- --for ac_func in gettimeofday times getrusage ftruncate revoke makeutx -+for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4299: checking for $ac_func" >&5 -+echo "configure:4684: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4304 "configure" -+#line 4689 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4323,7 +4708,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4712: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4347,15 +4732,15 @@ - fi - done - --for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit -+for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4354: checking for $ac_func" >&5 -+echo "configure:4739: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4359 "configure" -+#line 4744 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4378,7 +4763,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4402,15 +4787,15 @@ - fi - done - --for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp -+for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4409: checking for $ac_func" >&5 -+echo "configure:4794: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4414 "configure" -+#line 4799 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4433,7 +4818,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4822: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4457,15 +4842,16 @@ - fi - done - --for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream -+ -+for ac_func in strerror memmove remove random putenv crypt socketpair snprintf - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4464: checking for $ac_func" >&5 -+echo "configure:4850: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4469 "configure" -+#line 4855 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4488,7 +4874,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4509,19 +4895,135 @@ - - else - echo "$ac_t""no" 1>&6 -+LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" - fi - done - - --for ac_func in strerror memmove remove random putenv crypt socketpair snprintf -+ -+echo $ac_n "checking getaddrinfo bug""... $ac_c" 1>&6 -+echo "configure:4906: checking getaddrinfo bug" >&5 -+if test "$cross_compiling" = yes; then -+ echo "$ac_t""buggy" 1>&6 -+buggygetaddrinfo=yes -+else -+ cat > conftest.$ac_ext <<EOF -+#line 4912 "configure" -+#include "confdefs.h" -+ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (inet4 != 0 && inet4 != 2) -+ goto bad; -+ if (inet6 != 0 && inet6 != 2) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+ -+EOF -+if { (eval echo configure:4998: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -+then -+ echo "$ac_t""good" 1>&6 -+buggygetaddrinfo=no -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -fr conftest* -+ echo "$ac_t""buggy" 1>&6 -+buggygetaddrinfo=yes -+fi -+rm -fr conftest* -+fi -+ -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ for ac_func in getaddrinfo getnameinfo - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:4520: checking for $ac_func" >&5 -+echo "configure:5022: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 4525 "configure" -+#line 5027 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -4544,7 +5046,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -4565,14 +5067,16 @@ - - else - echo "$ac_t""no" 1>&6 --LIBOBJS="$LIBOBJS ${ac_func}.o" -+LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" - fi - done - - -+ fi -+fi - - echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 --echo "configure:4576: checking whether ln -s works" >&5 -+echo "configure:5080: checking whether ln -s works" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -4599,28 +5103,30 @@ - # SunOS /usr/etc/install - # IRIX /sbin/install - # AIX /bin/install -+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag - # AFS /usr/afsws/bin/install, which mishandles nonexistent args - # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" - # ./install, which can be erroneously created by make from ./install.sh. - echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 --echo "configure:4607: checking for a BSD compatible install" >&5 -+echo "configure:5112: checking for a BSD compatible install" >&5 - if test -z "$INSTALL"; then - if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -- IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" -+ IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" - for ac_dir in $PATH; do - # Account for people who put trailing slashes in PATH elements. - case "$ac_dir/" in - /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. -- for ac_prog in ginstall installbsd scoinst install; do -+ # Don't use installbsd from OSF since it installs stuff as root -+ # by default. -+ for ac_prog in ginstall scoinst install; do - if test -f $ac_dir/$ac_prog; then - if test $ac_prog = install && - grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. -- # OSF/1 installbsd also uses dspmsg, but is usable. - : - else - ac_cv_path_install="$ac_dir/$ac_prog -c" -@@ -4650,20 +5156,23 @@ - # It thinks the first close brace ends the variable substitution. - test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' -+ - test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - - # Extract the first word of "ar", so it can be a program name with args. - set dummy ar; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:4659: checking for $ac_word" >&5 -+echo "configure:5167: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_AR="ar" -@@ -4685,15 +5194,16 @@ - # Extract the first word of "ranlib", so it can be a program name with args. - set dummy ranlib; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:4689: checking for $ac_word" >&5 -+echo "configure:5198: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_RANLIB="ranlib" -@@ -4719,15 +5229,16 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:4723: checking for $ac_word" >&5 -+echo "configure:5233: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - if test -n "$MAKEDEP"; then - ac_cv_prog_MAKEDEP="$MAKEDEP" # Let the user override the test. - else -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_MAKEDEP="$ac_prog" -@@ -4754,7 +5265,7 @@ - # Uses ac_ vars as temps to allow command line to override cache and checks. - # --without-x overrides everything else, but does not touch the cache. - echo $ac_n "checking for X""... $ac_c" 1>&6 --echo "configure:4758: checking for X" >&5 -+echo "configure:5269: checking for X" >&5 - - # Check whether --with-x or --without-x was given. - if test "${with_x+set}" = set; then -@@ -4816,13 +5327,13 @@ - - # First, try using that file with no special directory specified. - cat > conftest.$ac_ext <<EOF --#line 4820 "configure" -+#line 5331 "configure" - #include "confdefs.h" - #include <$x_direct_test_include> - EOF - ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" --{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } --ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:5336: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` - if test -z "$ac_err"; then - rm -rf conftest* - # We can compile using X headers with no special include directory. -@@ -4890,14 +5401,14 @@ - ac_save_LIBS="$LIBS" - LIBS="-l$x_direct_test_library $LIBS" - cat > conftest.$ac_ext <<EOF --#line 4894 "configure" -+#line 5405 "configure" - #include "confdefs.h" - - int main() { - ${x_direct_test_function}() - ; return 0; } - EOF --if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - LIBS="$ac_save_LIBS" - # We can link X programs with no special library path. -@@ -5003,17 +5514,17 @@ - case "`(uname -sr) 2>/dev/null`" in - "SunOS 5"*) - echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 --echo "configure:5007: checking whether -R must be followed by a space" >&5 -+echo "configure:5518: checking whether -R must be followed by a space" >&5 - ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" - cat > conftest.$ac_ext <<EOF --#line 5010 "configure" -+#line 5521 "configure" - #include "confdefs.h" - - int main() { - - ; return 0; } - EOF --if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5528: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_R_nospace=yes - else -@@ -5029,14 +5540,14 @@ - else - LIBS="$ac_xsave_LIBS -R $x_libraries" - cat > conftest.$ac_ext <<EOF --#line 5033 "configure" -+#line 5544 "configure" - #include "confdefs.h" - - int main() { - - ; return 0; } - EOF --if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - ac_R_space=yes - else -@@ -5068,7 +5579,7 @@ - # libraries were built with DECnet support. And karl@cs.umb.edu says - # the Alpha needs dnet_stub (dnet does not exist). - echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 --echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5 -+echo "configure:5583: checking for dnet_ntoa in -ldnet" >&5 - ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5076,7 +5587,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldnet $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5080 "configure" -+#line 5591 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5087,7 +5598,7 @@ - dnet_ntoa() - ; return 0; } - EOF --if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5109,7 +5620,7 @@ - - if test $ac_cv_lib_dnet_dnet_ntoa = no; then - echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 --echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5 -+echo "configure:5624: checking for dnet_ntoa in -ldnet_stub" >&5 - ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5117,7 +5628,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-ldnet_stub $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5121 "configure" -+#line 5632 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5128,7 +5639,7 @@ - dnet_ntoa() - ; return 0; } - EOF --if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5643: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5157,12 +5668,12 @@ - # The nsl library prevents programs from opening the X display - # on Irix 5.2, according to dickey@clark.net. - echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 --echo "configure:5161: checking for gethostbyname" >&5 -+echo "configure:5672: checking for gethostbyname" >&5 - if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5166 "configure" -+#line 5677 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char gethostbyname(); below. */ -@@ -5185,7 +5696,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_gethostbyname=yes" - else -@@ -5206,7 +5717,7 @@ - - if test $ac_cv_func_gethostbyname = no; then - echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 --echo "configure:5210: checking for gethostbyname in -lnsl" >&5 -+echo "configure:5721: checking for gethostbyname in -lnsl" >&5 - ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5214,7 +5725,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lnsl $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5218 "configure" -+#line 5729 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5225,7 +5736,7 @@ - gethostbyname() - ; return 0; } - EOF --if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5740: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5255,12 +5766,12 @@ - # -lsocket must be given before -lnsl if both are needed. - # We assume that if connect needs -lnsl, so does gethostbyname. - echo $ac_n "checking for connect""... $ac_c" 1>&6 --echo "configure:5259: checking for connect" >&5 -+echo "configure:5770: checking for connect" >&5 - if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5264 "configure" -+#line 5775 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char connect(); below. */ -@@ -5283,7 +5794,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_connect=yes" - else -@@ -5304,7 +5815,7 @@ - - if test $ac_cv_func_connect = no; then - echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 --echo "configure:5308: checking for connect in -lsocket" >&5 -+echo "configure:5819: checking for connect in -lsocket" >&5 - ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5312,7 +5823,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocket $X_EXTRA_LIBS $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5316 "configure" -+#line 5827 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5323,7 +5834,7 @@ - connect() - ; return 0; } - EOF --if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5347,12 +5858,12 @@ - - # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. - echo $ac_n "checking for remove""... $ac_c" 1>&6 --echo "configure:5351: checking for remove" >&5 -+echo "configure:5862: checking for remove" >&5 - if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5356 "configure" -+#line 5867 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char remove(); below. */ -@@ -5375,7 +5886,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5890: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_remove=yes" - else -@@ -5396,7 +5907,7 @@ - - if test $ac_cv_func_remove = no; then - echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 --echo "configure:5400: checking for remove in -lposix" >&5 -+echo "configure:5911: checking for remove in -lposix" >&5 - ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5404,7 +5915,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lposix $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5408 "configure" -+#line 5919 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5415,7 +5926,7 @@ - remove() - ; return 0; } - EOF --if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5930: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5439,12 +5950,12 @@ - - # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. - echo $ac_n "checking for shmat""... $ac_c" 1>&6 --echo "configure:5443: checking for shmat" >&5 -+echo "configure:5954: checking for shmat" >&5 - if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5448 "configure" -+#line 5959 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char shmat(); below. */ -@@ -5467,7 +5978,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5982: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_shmat=yes" - else -@@ -5488,7 +5999,7 @@ - - if test $ac_cv_func_shmat = no; then - echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 --echo "configure:5492: checking for shmat in -lipc" >&5 -+echo "configure:6003: checking for shmat in -lipc" >&5 - ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5496,7 +6007,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lipc $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5500 "configure" -+#line 6011 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5507,7 +6018,7 @@ - shmat() - ; return 0; } - EOF --if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5540,15 +6051,15 @@ - # libraries we check for below, so use a different variable. - # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. - echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 --echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5 -+echo "configure:6055: checking for IceConnectionNumber in -lICE" >&5 - ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - ac_save_LIBS="$LIBS" --LIBS="-lICE $LIBS" -+LIBS="-lICE $X_EXTRA_LIBS $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5552 "configure" -+#line 6063 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5559,7 +6070,7 @@ - IceConnectionNumber() - ; return 0; } - EOF --if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6074: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5587,7 +6098,7 @@ - # Extract the first word of "passwd", so it can be a program name with args. - set dummy passwd; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:5591: checking for $ac_word" >&5 -+echo "configure:6102: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -5595,9 +6106,13 @@ - /*) - ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PASSWD_PATH="$ac_dir/$ac_word" -@@ -5625,7 +6140,7 @@ - # Extract the first word of "xauth", so it can be a program name with args. - set dummy xauth; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:5629: checking for $ac_word" >&5 -+echo "configure:6144: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -5633,9 +6148,13 @@ - /*) - ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_XAUTH_PATH="$ac_dir/$ac_word" -@@ -5669,7 +6188,7 @@ - X_PROGRAMS="ssh-askpass" - fi - echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6 --echo "configure:5673: checking for X11 unix domain socket directory" >&5 -+echo "configure:6192: checking for X11 unix domain socket directory" >&5 - - if test '!' -d /tmp/.X11-unix; then - if test -d /var/X/.X11-unix; then -@@ -5698,7 +6217,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:5702: checking for $ac_word" >&5 -+echo "configure:6221: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -5706,9 +6225,13 @@ - /*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PERL="$ac_dir/$ac_word" -@@ -5739,12 +6262,12 @@ - for ac_func in getpseudotty - do - echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 --echo "configure:5743: checking for $ac_func" >&5 -+echo "configure:6266: checking for $ac_func" >&5 - if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else - cat > conftest.$ac_ext <<EOF --#line 5748 "configure" -+#line 6271 "configure" - #include "confdefs.h" - /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -@@ -5767,7 +6290,7 @@ - - ; return 0; } - EOF --if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" - else -@@ -5792,7 +6315,7 @@ - done - - echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6 --echo "configure:5796: checking for pseudo ttys" >&5 -+echo "configure:6319: checking for pseudo ttys" >&5 - if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes - then - cat >> confdefs.h <<\EOF -@@ -5832,7 +6355,7 @@ - fi - - echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 --echo "configure:5836: checking for /etc/default/login" >&5 -+echo "configure:6359: checking for /etc/default/login" >&5 - if test -f /etc/default/login; then - cat >> confdefs.h <<\EOF - #define HAVE_ETC_DEFAULT_LOGIN 1 -@@ -5845,7 +6368,7 @@ - - if test -z "$no_shadows_password_checking"; then - echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6 --echo "configure:5849: checking for shadow passwords" >&5 -+echo "configure:6372: checking for shadow passwords" >&5 - if test -f /etc/shadow; then - # If we don't have shadow.h, this might be some nonstandard - # kludging... So better check it out. -@@ -5859,7 +6382,7 @@ - # have getspent in a system library. However, a libshadow.a library - # contaning these is publicly available. - echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6 --echo "configure:5863: checking for getspent in -lshadow" >&5 -+echo "configure:6386: checking for getspent in -lshadow" >&5 - ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5867,7 +6390,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lshadow $LIBS" - cat > conftest.$ac_ext <<EOF --#line 5871 "configure" -+#line 6394 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -5878,7 +6401,7 @@ - getspent() - ; return 0; } - EOF --if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6405: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -5906,9 +6429,9 @@ - fi - - echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6 --echo "configure:5910: checking whether spwd have sp_expire field" >&5 -+echo "configure:6433: checking whether spwd have sp_expire field" >&5 - cat > conftest.$ac_ext <<EOF --#line 5912 "configure" -+#line 6435 "configure" - #include "confdefs.h" - #include <shadow.h> - EOF -@@ -5927,9 +6450,9 @@ - rm -f conftest* - - echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6 --echo "configure:5931: checking whether spwd have sp_inact field" >&5 -+echo "configure:6454: checking whether spwd have sp_inact field" >&5 - cat > conftest.$ac_ext <<EOF --#line 5933 "configure" -+#line 6456 "configure" - #include "confdefs.h" - #include <shadow.h> - EOF -@@ -5968,7 +6491,7 @@ - fi - - echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6 --echo "configure:5972: checking location of mail spool files" >&5 -+echo "configure:6495: checking location of mail spool files" >&5 - for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE - do - if test "$dir" = "FILE"; then -@@ -6007,7 +6530,7 @@ - done - - echo $ac_n "checking location of utmp""... $ac_c" 1>&6 --echo "configure:6011: checking location of utmp" >&5 -+echo "configure:6534: checking location of utmp" >&5 - if test -f /var/run/utmp; then - cat >> confdefs.h <<\EOF - #define SSH_UTMP "/var/run/utmp" -@@ -6043,7 +6566,7 @@ - fi - - echo $ac_n "checking location of wtmp""... $ac_c" 1>&6 --echo "configure:6047: checking location of wtmp" >&5 -+echo "configure:6570: checking location of wtmp" >&5 - if test -f /var/log/wtmp; then - cat >> confdefs.h <<\EOF - #define SSH_WTMP "/var/log/wtmp" -@@ -6077,7 +6600,7 @@ - fi - - echo $ac_n "checking location of lastlog""... $ac_c" 1>&6 --echo "configure:6081: checking location of lastlog" >&5 -+echo "configure:6604: checking location of lastlog" >&5 - if test -f /var/log/lastlog || test -d /var/log/lastlog; then - cat >> confdefs.h <<\EOF - #define SSH_LASTLOG "/var/log/lastlog" -@@ -6132,7 +6655,7 @@ - fi - - echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6 --echo "configure:6136: checking whether $LASTLOG is a directory" >&5 -+echo "configure:6659: checking whether $LASTLOG is a directory" >&5 - if test -d $LASTLOG - then - echo "$ac_t""yes" 1>&6 -@@ -6145,7 +6668,7 @@ - fi - - echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6 --echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5 -+echo "configure:6672: checking whether to include the IDEA encryption algorithm" >&5 - # Check whether --with-idea or --without-idea was given. - if test "${with_idea+set}" = set; then - withval="$with_idea" -@@ -6179,7 +6702,7 @@ - - - echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6 --echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5 -+echo "configure:6706: checking whether to include the Blowfish encryption algorithm" >&5 - # Check whether --with-blowfish or --without-blowfish was given. - if test "${with_blowfish+set}" = set; then - withval="$with_blowfish" -@@ -6206,7 +6729,7 @@ - - - echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6 --echo "configure:6210: checking whether to include the DES encryption algorithm" >&5 -+echo "configure:6733: checking whether to include the DES encryption algorithm" >&5 - # Check whether --with-des or --without-des was given. - if test "${with_des+set}" = set; then - withval="$with_des" -@@ -6229,7 +6752,7 @@ - - - echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6 --echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5 -+echo "configure:6756: checking whether to include the ARCFOUR encryption algorithm" >&5 - # Check whether --with-arcfour or --without-arcfour was given. - if test "${with_arcfour+set}" = set; then - withval="$with_arcfour" -@@ -6252,7 +6775,7 @@ - - - echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6 --echo "configure:6256: checking whether to include the none encryption algorithm" >&5 -+echo "configure:6779: checking whether to include the none encryption algorithm" >&5 - # Check whether --with-none or --without-none was given. - if test "${with_none+set}" = set; then - withval="$with_none" -@@ -6275,7 +6798,7 @@ - - - echo $ac_n "checking whether to use login""... $ac_c" 1>&6 --echo "configure:6279: checking whether to use login" >&5 -+echo "configure:6802: checking whether to use login" >&5 - # Check whether --with-login or --without-login was given. - if test "${with_login+set}" = set; then - withval="$with_login" -@@ -6290,7 +6813,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:6294: checking for $ac_word" >&5 -+echo "configure:6817: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -6298,9 +6821,13 @@ - /*) - ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_PATH_LOGIN="$ac_dir/$ac_word" -@@ -6349,7 +6876,7 @@ - - - echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6 --echo "configure:6353: checking whether to use rsh" >&5 -+echo "configure:6880: checking whether to use rsh" >&5 - # Check whether --with-rsh or --without-rsh was given. - if test "${with_rsh+set}" = set; then - withval="$with_rsh" -@@ -6364,7 +6891,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:6368: checking for $ac_word" >&5 -+echo "configure:6895: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -6372,9 +6899,13 @@ - /*) - ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_RSH_PATH="$ac_dir/$ac_word" -@@ -6416,7 +6947,7 @@ - # Extract the first word of "$ac_prog", so it can be a program name with args. - set dummy $ac_prog; ac_word=$2 - echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 --echo "configure:6420: checking for $ac_word" >&5 -+echo "configure:6951: checking for $ac_word" >&5 - if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -6424,9 +6955,13 @@ - /*) - ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. - ;; -+ ?:/*) -+ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path. -+ ;; - *) -- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" -- for ac_dir in $PATH; do -+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" -+ ac_dummy="$PATH" -+ for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_path_RSH_PATH="$ac_dir/$ac_word" -@@ -6465,7 +7000,7 @@ - - # Code to permit setting default path for users (alden@math.ohio-state.edu) - echo $ac_n "checking default path""... $ac_c" 1>&6 --echo "configure:6469: checking default path" >&5 -+echo "configure:7004: checking default path" >&5 - # Check whether --with-path or --without-path was given. - if test "${with_path+set}" = set; then - withval="$with_path" -@@ -6488,7 +7023,7 @@ - - - echo $ac_n "checking etcdir""... $ac_c" 1>&6 --echo "configure:6492: checking etcdir" >&5 -+echo "configure:7027: checking etcdir" >&5 - # Check whether --with-etcdir or --without-etcdir was given. - if test "${with_etcdir+set}" = set; then - withval="$with_etcdir" -@@ -6513,7 +7048,7 @@ - - - echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6 --echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5 -+echo "configure:7052: checking whether to use nologin.allow file to override nologin" >&5 - # Check whether --with-nologin-allow or --without-nologin-allow was given. - if test "${with_nologin_allow+set}" = set; then - withval="$with_nologin_allow" -@@ -6543,7 +7078,7 @@ - - - echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6 --echo "configure:6547: checking whether to support SecurID" >&5 -+echo "configure:7082: checking whether to support SecurID" >&5 - # Check whether --with-securid or --without-securid was given. - if test "${with_securid+set}" = set; then - withval="$with_securid" -@@ -6586,7 +7121,7 @@ - - - echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6 --echo "configure:6590: checking whether to support TIS authentication server" >&5 -+echo "configure:7125: checking whether to support TIS authentication server" >&5 - # Check whether --with-tis or --without-tis was given. - if test "${with_tis+set}" = set; then - withval="$with_tis" -@@ -6604,8 +7139,8 @@ - #define HAVE_TIS 1 - EOF - -- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" -- LIBS="-L$withval -lauth -lfwall $LIBS" -+ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS" -+ LIBS="-L$withval/lib -lauth -lfwall $LIBS" - echo "configure: warning: Remember to read README.TIS. The connection between sshd and TIS authentication - server is clear text!" 1>&2 - ;; -@@ -6616,40 +7151,138 @@ - fi - - --echo $ac_n "checking whether to use Kerberos""... $ac_c" 1>&6 --echo "configure:6621: checking whether to use Kerberos" >&5 --# Check whether --with-kerberos5 or --without-kerberos5 was given. --if test "${with_kerberos5+set}" = set; then -- withval="$with_kerberos5" -+echo $ac_n "checking whether to use Kerberos v4""... $ac_c" 1>&6 -+echo "configure:7156: checking whether to use Kerberos v4" >&5 -+# Check whether --with-krb4 or --without-krb4 was given. -+if test "${with_krb4+set}" = set; then -+ withval="$with_krb4" - case "$withval" in - yes) -- with_kerberos5=/usr/local -+ with_krb4=/usr/kerberos - ;; - esac - else -- with_kerberos5=no -+ with_krb4=no - - fi - --case "$with_kerberos5" in -+case "$with_krb4" in - no) - echo "$ac_t""no" 1>&6 - ;; - *) - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF --#define KERBEROS 1 -+#define KRB4 1 -+EOF -+ -+ KERBEROS_ROOT="$with_krb4" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" -+ KERBEROS_OBJS="auth-kerberos.o" -+ echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 -+echo "configure:7185: checking for dn_expand in -lresolv" >&5 -+ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` -+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ ac_save_LIBS="$LIBS" -+LIBS="-lresolv $LIBS" -+cat > conftest.$ac_ext <<EOF -+#line 7193 "configure" -+#include "confdefs.h" -+/* Override any gcc2 internal prototype to avoid an error. */ -+/* We use char because int might match the return type of a gcc2 -+ builtin and then its argument prototype would still apply. */ -+char dn_expand(); -+ -+int main() { -+dn_expand() -+; return 0; } -+EOF -+if { (eval echo configure:7204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ eval "ac_cv_lib_$ac_lib_var=yes" -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ eval "ac_cv_lib_$ac_lib_var=no" -+fi -+rm -f conftest* -+LIBS="$ac_save_LIBS" -+ -+fi -+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ echo "$ac_t""yes" 1>&6 -+ KERBEROS_LIBS="$KERBEROS_LIBS -lresolv" -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ -+ echo $ac_n "checking whether AFS lifetime conversion routines are present""... $ac_c" 1>&6 -+echo "configure:7225: checking whether AFS lifetime conversion routines are present" >&5 -+ keeplibs="$LIBS" -+ keepcflags="$CFLAGS" -+ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" -+ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" -+ cat > conftest.$ac_ext <<EOF -+#line 7231 "configure" -+#include "confdefs.h" -+#include <krb.h> -+int main() { -+ krb_life_to_time(10, 10); -+; return 0; } -+EOF -+if { (eval echo configure:7238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define HAVE_KRB_LIFE_TO_TIME 1 - EOF - -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ LIBS="$keeplibs" -+ CFLAGS="$keepcflags" -+ ;; -+esac -+ -+echo $ac_n "checking whether to use Kerberos v5""... $ac_c" 1>&6 -+echo "configure:7258: checking whether to use Kerberos v5" >&5 -+# Check whether --with-krb5 or --without-krb5 was given. -+if test "${with_krb5+set}" = set; then -+ withval="$with_krb5" -+ case "$withval" in -+ yes) -+ with_krb5=/usr/local -+ ;; -+ esac -+else -+ with_krb5=no -+ -+fi -+ -+case "$with_krb5" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+ *) -+ echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF - #define KRB5 1 - EOF - -- KERBEROS_ROOT="$with_kerberos5" -- KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ KERBEROS_ROOT="$with_krb5" -+ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5" -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" - echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6 --echo "configure:6653: checking for dbm_open in -lndbm" >&5 -+echo "configure:7286: checking for dbm_open in -lndbm" >&5 - ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6657,7 +7290,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lndbm $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6661 "configure" -+#line 7294 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -6668,7 +7301,7 @@ - dbm_open() - ; return 0; } - EOF --if { (eval echo configure:6672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7305: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -6692,40 +7325,66 @@ - ;; - esac - -- -- -- -- --echo $ac_n "checking whether to enable passing the Kerberos TGT""... $ac_c" 1>&6 --echo "configure:6701: checking whether to enable passing the Kerberos TGT" >&5 --# Check whether --enable-kerberos-tgt-passing or --disable-kerberos-tgt-passing was given. --if test "${enable_kerberos_tgt_passing+set}" = set; then -- enableval="$enable_kerberos_tgt_passing" -- case "$enableval" in -- no) -- echo "$ac_t""no" 1>&6 -- ;; -- *) -- if test "$with_kerberos5" = no ; then -+echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 -+echo "configure:7330: checking whether to use AFS" >&5 -+# Check whether --with-afs or --without-afs was given. -+if test "${with_afs+set}" = set; then -+ withval="$with_afs" -+ if test "$with_afs" = no; then - echo "$ac_t""no" 1>&6 -- echo "configure: warning: "Passing Kerberos TGT requires Kerberos5 support."" 1>&2 - else - echo "$ac_t""yes" 1>&6 -- cat >> confdefs.h <<\EOF --#define KERBEROS_TGT_PASSING 1 -+ cat >> confdefs.h <<\EOF -+#define AFS 1 - EOF - -+ if test "$with_krb4" = no; then -+ echo "$ac_t""no" 1>&6 -+ echo "configure: warning: "AFS requires Kerberos v4 support."" 1>&2 -+ else -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" -+ if test -n "$os_aix"; then -+ KERBEROS_LIBS="${KERBEROS_LIBS} -lld" - fi -+ fi -+fi -+ -+fi -+ -+ -+echo $ac_n "checking whether to use Hesiod""... $ac_c" 1>&6 -+echo "configure:7357: checking whether to use Hesiod" >&5 -+# Check whether --with-hesiod or --without-hesiod was given. -+if test "${with_hesiod+set}" = set; then -+ withval="$with_hesiod" -+ case "$withval" in -+ yes) -+ with_hesiod=/usr/local/athena - ;; - esac - else -- echo "$ac_t""no" 1>&6 -+ with_hesiod=no - - fi - -+case "$with_hesiod" in -+no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+*) -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define HESIOD 1 -+EOF -+ -+ HESIOD_ROOT="$with_hesiod" -+ HESIOD_INCS="-I${HESIOD_ROOT}/include" -+ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod" -+ ;; -+esac - - echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6 --echo "configure:6729: checking whether to use libwrap" >&5 -+echo "configure:7388: checking whether to use libwrap" >&5 - # Check whether --with-libwrap or --without-libwrap was given. - if test "${with_libwrap+set}" = set; then - withval="$with_libwrap" -@@ -6734,56 +7393,41 @@ - echo "$ac_t""no" 1>&6 - ;; - yes) -- echo "$ac_t""yes" 1>&6 -- echo $ac_n "checking for request_init in -lwrap""... $ac_c" 1>&6 --echo "configure:6740: checking for request_init in -lwrap" >&5 --ac_lib_var=`echo wrap'_'request_init | sed 'y%./+-%__p_%'` --if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then -- echo $ac_n "(cached) $ac_c" 1>&6 --else -- ac_save_LIBS="$LIBS" --LIBS="-lwrap $LIBS" --cat > conftest.$ac_ext <<EOF --#line 6748 "configure" -+ WRAPLIBS="-lwrap" -+ OLDLIBS="$LIBS" -+ LIBS="$WRAPLIBS $LIBS" -+ cat > conftest.$ac_ext <<EOF -+#line 7401 "configure" - #include "confdefs.h" --/* Override any gcc2 internal prototype to avoid an error. */ --/* We use char because int might match the return type of a gcc2 -- builtin and then its argument prototype would still apply. */ --char request_init(); -- -+ int allow_severity; int deny_severity; - int main() { --request_init() -+ request_init(); - ; return 0; } - EOF --if { (eval echo configure:6759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -- rm -rf conftest* -- eval "ac_cv_lib_$ac_lib_var=yes" --else -- echo "configure: failed program was:" >&5 -- cat conftest.$ac_ext >&5 -+if { (eval echo configure:7408: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* -- eval "ac_cv_lib_$ac_lib_var=no" --fi --rm -f conftest* --LIBS="$ac_save_LIBS" -- --fi --if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -- echo "$ac_t""yes" 1>&6 - -- cat >> confdefs.h <<\EOF -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF - #define LIBWRAP 1 - EOF - -- WRAPLIBS="-lwrap" -- cat >> confdefs.h <<\EOF -+ cat >> confdefs.h <<\EOF - #define HAVE_LIBWRAP 1 - EOF -- -+ -+ - else -- echo "$ac_t""no" 1>&6 -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ -+ echo "$ac_t""no" 1>&6 -+ WRAPLIBS="" -+ - fi -- -+rm -f conftest* -+ LIBS="$OLDLIBS" - ;; - *) - echo "$ac_t""yes" 1>&6 -@@ -6799,14 +7443,14 @@ - OLDLIBS="$LIBS" - LIBS="$WRAPLIBS $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6803 "configure" -+#line 7447 "configure" - #include "confdefs.h" - int allow_severity; int deny_severity; - int main() { - hosts_access(); - ; return 0; } - EOF --if { (eval echo configure:6810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7454: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - : - else - echo "configure: failed program was:" >&5 -@@ -6827,7 +7471,7 @@ - - - echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6 --echo "configure:6831: checking whether to support SOCKS" >&5 -+echo "configure:7475: checking whether to support SOCKS" >&5 - # Check whether --with-socks or --without-socks was given. - if test "${with_socks+set}" = set; then - withval="$with_socks" -@@ -6838,7 +7482,7 @@ - yes) - echo "$ac_t""yes" 1>&6 - echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6 --echo "configure:6842: checking for SOCKSconnect in -lsocks5" >&5 -+echo "configure:7486: checking for SOCKSconnect in -lsocks5" >&5 - ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6846,7 +7490,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocks5 $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6850 "configure" -+#line 7494 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -6857,7 +7501,7 @@ - SOCKSconnect() - ; return 0; } - EOF --if { (eval echo configure:6861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -6879,7 +7523,7 @@ - echo "$ac_t""no" 1>&6 - - echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6 --echo "configure:6883: checking for Rconnect in -lsocks" >&5 -+echo "configure:7527: checking for Rconnect in -lsocks" >&5 - ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6887,7 +7531,7 @@ - ac_save_LIBS="$LIBS" - LIBS="-lsocks $LIBS" - cat > conftest.$ac_ext <<EOF --#line 6891 "configure" -+#line 7535 "configure" - #include "confdefs.h" - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 -@@ -6898,7 +7542,7 @@ - Rconnect() - ; return 0; } - EOF --if { (eval echo configure:6902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7546: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" - else -@@ -6934,7 +7578,7 @@ - - if test "x$socks" = "x"; then - echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6 --echo "configure:6938: checking whether to support SOCKS5" >&5 -+echo "configure:7582: checking whether to support SOCKS5" >&5 - # Check whether --with-socks5 or --without-socks5 was given. - if test "${with_socks5+set}" = set; then - withval="$with_socks5" -@@ -6968,14 +7612,14 @@ - TMPLIBS="$LIBS" - LIBS="$LIBS $KERBEROS_LIBS" - cat > conftest.$ac_ext <<EOF --#line 6972 "configure" -+#line 7616 "configure" - #include "confdefs.h" - - int main() { - SOCKSconnect(); - ; return 0; } - EOF --if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - : - else - echo "configure: failed program was:" >&5 -@@ -6996,7 +7640,7 @@ - - if test "x$socks" = "x"; then - echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6 --echo "configure:7000: checking whether to support SOCKS4" >&5 -+echo "configure:7644: checking whether to support SOCKS4" >&5 - # Check whether --with-socks4 or --without-socks4 was given. - if test "${with_socks4+set}" = set; then - withval="$with_socks4" -@@ -7016,14 +7660,14 @@ - fi - LIBS="$withval $LIBS" - cat > conftest.$ac_ext <<EOF --#line 7020 "configure" -+#line 7664 "configure" - #include "confdefs.h" - - int main() { - Rconnect(); - ; return 0; } - EOF --if { (eval echo configure:7027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7671: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - : - else - echo "configure: failed program was:" >&5 -@@ -7150,7 +7794,7 @@ - fi - - echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6 --echo "configure:7154: checking whether to use rsaref" >&5 -+echo "configure:7798: checking whether to use rsaref" >&5 - # Check whether --with-rsaref or --without-rsaref was given. - if test "${with_rsaref+set}" = set; then - withval="$with_rsaref" -@@ -7184,7 +7828,7 @@ - - # This allows group writeability in userfile_check_owner_permissions() - echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6 --echo "configure:7188: checking whether to allow group writeability" >&5 -+echo "configure:7832: checking whether to allow group writeability" >&5 - # Check whether --enable-group-writeability or --disable-group-writeability was given. - if test "${enable_group_writeability+set}" = set; then - enableval="$enable_group_writeability" -@@ -7200,7 +7844,7 @@ - - - echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6 --echo "configure:7204: checking whether to disable forwardings in server" >&5 -+echo "configure:7848: checking whether to disable forwardings in server" >&5 - # Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given. - if test "${enable_server_port_forwardings+set}" = set; then - enableval="$enable_server_port_forwardings" -@@ -7222,7 +7866,7 @@ - - - echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6 --echo "configure:7226: checking whether to disable forwardings in client" >&5 -+echo "configure:7870: checking whether to disable forwardings in client" >&5 - # Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given. - if test "${enable_client_port_forwardings+set}" = set; then - enableval="$enable_client_port_forwardings" -@@ -7244,7 +7888,7 @@ - - - echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6 --echo "configure:7248: checking whether to disable X11 forwarding in server" >&5 -+echo "configure:7892: checking whether to disable X11 forwarding in server" >&5 - # Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given. - if test "${enable_server_x11_forwarding+set}" = set; then - enableval="$enable_server_x11_forwarding" -@@ -7266,7 +7910,7 @@ - - - echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6 --echo "configure:7270: checking whether to disable X11 forwarding in client" >&5 -+echo "configure:7914: checking whether to disable X11 forwarding in client" >&5 - # Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given. - if test "${enable_client_x11_forwarding+set}" = set; then - enableval="$enable_client_x11_forwarding" -@@ -7288,28 +7932,28 @@ - - - echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6 --echo "configure:7292: checking whether to install ssh as suid root" >&5 -+echo "configure:7936: checking whether to install ssh as suid root" >&5 - # Check whether --enable-suid-ssh or --disable-suid-ssh was given. - if test "${enable_suid_ssh+set}" = set; then - enableval="$enable_suid_ssh" - case "$enableval" in - no) - echo "$ac_t""no" 1>&6 -- SSHINSTALLMODE=0711 -+ SSHINSTALLMODE=0511 - ;; - *) echo "$ac_t""yes" 1>&6 -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - ;; - esac - else - echo "$ac_t""yes" 1>&6 -- SSHINSTALLMODE=04711 -+ SSHINSTALLMODE=04511 - - fi - - - echo $ac_n "checking whether to enable TCP_NODELAY""... $ac_c" 1>&6 --echo "configure:7313: checking whether to enable TCP_NODELAY" >&5 -+echo "configure:7957: checking whether to enable TCP_NODELAY" >&5 - # Check whether --enable-tcp-nodelay or --disable-tcp-nodelay was given. - if test "${enable_tcp_nodelay+set}" = set; then - enableval="$enable_tcp_nodelay" -@@ -7334,8 +7978,60 @@ - fi - - -+echo $ac_n "checking whether to enable another port try support""... $ac_c" 1>&6 -+echo "configure:7983: checking whether to enable another port try support" >&5 -+# Check whether --enable-another-port-try or --disable-another-port-try was given. -+if test "${enable_another_port_try+set}" = set; then -+ enableval="$enable_another_port_try" -+ case "$enableval" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+ *) echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_ANOTHER_PORT_TRY 1 -+EOF -+ -+ ;; -+ esac -+else -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_ANOTHER_PORT_TRY 1 -+EOF -+ -+ -+fi -+ -+ -+echo $ac_n "checking whether to enable logging auth info support""... $ac_c" 1>&6 -+echo "configure:8009: checking whether to enable logging auth info support" >&5 -+# Check whether --enable-log-auth or --disable-log-auth was given. -+if test "${enable_log_auth+set}" = set; then -+ enableval="$enable_log_auth" -+ case "$enableval" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+ *) echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_LOG_AUTH 1 -+EOF -+ -+ ;; -+ esac -+else -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_LOG_AUTH 1 -+EOF -+ -+ -+fi -+ -+ - echo $ac_n "checking whether to enable SO_LINGER""... $ac_c" 1>&6 --echo "configure:7339: checking whether to enable SO_LINGER" >&5 -+echo "configure:8035: checking whether to enable SO_LINGER" >&5 - # Check whether --enable-so-linger or --disable-so-linger was given. - if test "${enable_so_linger+set}" = set; then - enableval="$enable_so_linger" -@@ -7357,7 +8053,7 @@ - - - echo $ac_n "checking whether to include scp statistics at all""... $ac_c" 1>&6 --echo "configure:7361: checking whether to include scp statistics at all" >&5 -+echo "configure:8057: checking whether to include scp statistics at all" >&5 - # Check whether --with-scp-stats or --without-scp-stats was given. - if test "${with_scp_stats+set}" = set; then - withval="$with_scp_stats" -@@ -7383,7 +8079,7 @@ - - - echo $ac_n "checking whether to enable scp statistics""... $ac_c" 1>&6 --echo "configure:7387: checking whether to enable scp statistics" >&5 -+echo "configure:8083: checking whether to enable scp statistics" >&5 - # Check whether --enable-scp-stats or --disable-scp-stats was given. - if test "${enable_scp_stats+set}" = set; then - enableval="$enable_scp_stats" -@@ -7409,7 +8105,7 @@ - - - echo $ac_n "checking whether to enable scp statistics for all files""... $ac_c" 1>&6 --echo "configure:7413: checking whether to enable scp statistics for all files" >&5 -+echo "configure:8109: checking whether to enable scp statistics for all files" >&5 - # Check whether --enable-all-scp-stats or --disable-all-scp-stats was given. - if test "${enable_all_scp_stats+set}" = set; then - enableval="$enable_all_scp_stats" -@@ -7434,6 +8130,8 @@ - fi - - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - # Check whether --enable-asm or --disable-asm was given. -@@ -7445,7 +8143,7 @@ - - PIDDIR="/var/run" - echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6 --echo "configure:7449: checking where to put sshd.pid" >&5 -+echo "configure:8147: checking where to put sshd.pid" >&5 - if test '!' -d $PIDDIR; then - PIDDIR="$ETCDIR" - fi -@@ -7505,7 +8203,7 @@ - # Ultrix sh set writes to stderr and can't be redirected directly, - # and sets the high bit in the cache file unless we assign to the vars. - (set) 2>&1 | -- case `(ac_space=' '; set) 2>&1` in -+ case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). -@@ -7572,7 +8270,7 @@ - echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" - exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; - -version | --version | --versio | --versi | --vers | --ver | --ve | --v) -- echo "$CONFIG_STATUS generated by autoconf version 2.12" -+ echo "$CONFIG_STATUS generated by autoconf version 2.13" - exit 0 ;; - -help | --help | --hel | --he | --h) - echo "\$ac_cs_usage"; exit 0 ;; -@@ -7583,7 +8281,7 @@ - ac_given_srcdir=$srcdir - ac_given_INSTALL="$INSTALL" - --trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 -+trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 - EOF - cat >> $CONFIG_STATUS <<EOF - -@@ -7592,9 +8290,11 @@ - s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF - $ac_vpsub - $extrasub -+s%@SHELL@%$SHELL%g - s%@CFLAGS@%$CFLAGS%g - s%@CPPFLAGS@%$CPPFLAGS%g - s%@CXXFLAGS@%$CXXFLAGS%g -+s%@FFLAGS@%$FFLAGS%g - s%@DEFS@%$DEFS%g - s%@LDFLAGS@%$LDFLAGS%g - s%@LIBS@%$LIBS%g -@@ -7623,6 +8323,7 @@ - s%@LIBOBJS@%$LIBOBJS%g - s%@LN_S@%$LN_S%g - s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g -+s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g - s%@INSTALL_DATA@%$INSTALL_DATA%g - s%@AR@%$AR%g - s%@RANLIB@%$RANLIB%g -@@ -7641,6 +8342,9 @@ - s%@KERBEROS_INCS@%$KERBEROS_INCS%g - s%@KERBEROS_LIBS@%$KERBEROS_LIBS%g - s%@KERBEROS_OBJS@%$KERBEROS_OBJS%g -+s%@HESIOD_ROOT@%$HESIOD_ROOT%g -+s%@HESIOD_INCS@%$HESIOD_INCS%g -+s%@HESIOD_LIBS@%$HESIOD_LIBS%g - s%@WRAPLIBS@%$WRAPLIBS%g - s%@subdirs@%$subdirs%g - s%@ETCDIR@%$ETCDIR%g -@@ -7691,7 +8395,7 @@ - - cat >> $CONFIG_STATUS <<EOF - --CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} -+CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} - EOF - cat >> $CONFIG_STATUS <<\EOF - for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/security/ssh6/patches/patch-al b/security/ssh6/patches/patch-al deleted file mode 100644 index 2f1118214b0..00000000000 --- a/security/ssh6/patches/patch-al +++ /dev/null @@ -1,70 +0,0 @@ -$NetBSD: patch-al,v 1.1 2000/03/20 02:25:36 itojun Exp $ - ---- gmp-2.0.2-ssh-2/longlong.h.orig Wed Apr 29 19:32:35 1998 -+++ gmp-2.0.2-ssh-2/longlong.h Tue Dec 14 23:03:54 1999 -@@ -190,26 +190,40 @@ - "rI" ((USItype)(bh)), \ - "r" ((USItype)(al)), \ - "rI" ((USItype)(bl))) -+#if defined(__ARM_ARCH_3M__) || defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -+/* Use umull if available */ - #define umul_ppmm(xh, xl, a, b) \ - __asm__ ("%@ Inlined umul_ppmm -- mov %|r0, %2, lsr #16 -- mov %|r2, %3, lsr #16 -- bic %|r1, %2, %|r0, lsl #16 -- bic %|r2, %3, %|r2, lsl #16 -- mul %1, %|r1, %|r2 -- mul %|r2, %|r0, %|r2 -- mul %|r1, %0, %|r1 -- mul %0, %|r0, %0 -- adds %|r1, %|r2, %|r1 -+ umull %0, %1, %2, %3" \ -+ : "=&r" ((USItype) (xl)), \ -+ "=&r" ((USItype) (xh)) \ -+ : "r" ((USItype) (a)), \ -+ "r" ((USItype) (b))) -+#define UMUL_TIME 4 -+#else /* umull */ -+#define umul_ppmm(xh, xl, a, b) \ -+do {register USItype __t0, __t1, __t2; \ -+ __asm__ ("%@ Inlined umul_ppmm -+ mov %2, %5, lsr #16 -+ mov %0, %6, lsr #16 -+ bic %3, %5, %2, lsl #16 -+ bic %4, %6, %0, lsl #16 -+ mul %1, %3, %4 -+ mul %4, %2, %4 -+ mul %3, %0, %3 -+ mul %0, %2, %0 -+ adds %3, %4, %3 - addcs %0, %0, #65536 -- adds %1, %1, %|r1, lsl #16 -- adc %0, %0, %|r1, lsr #16" \ -- : "=&r" ((USItype)(xh)), \ -- "=r" ((USItype)(xl)) \ -- : "r" ((USItype)(a)), \ -- "r" ((USItype)(b)) \ -- : "r0", "r1", "r2") -+ adds %1, %1, %3, lsl #16 -+ adc %0, %0, %3, lsr #16" \ -+ : "=&r" ((USItype) (xh)), \ -+ "=r" ((USItype) (xl)), \ -+ "=&r" (__t0), "=&r" (__t1), "=r" (__t2) \ -+ : "r" ((USItype) (a)), \ -+ "r" ((USItype) (b)));} while (0) -+ - #define UMUL_TIME 20 -+#endif /* umull */ - #define UDIV_TIME 100 - #endif /* __arm__ */ - -@@ -719,7 +733,7 @@ - "g" ((USItype)(d))); \ - (r) = __xx.__i.__l; (q) = __xx.__i.__h; }) - #define count_trailing_zeros(count,x) \ -- do { -+ do { \ - __asm__ ("ffsd %2,%0" \ - : "=r" ((USItype) (count)) \ - : "0" ((USItype) 0), \ diff --git a/security/ssh6/patches/patch-am b/security/ssh6/patches/patch-am deleted file mode 100644 index 7b087b3913f..00000000000 --- a/security/ssh6/patches/patch-am +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-am,v 1.1 2000/03/20 02:25:36 itojun Exp $ - ---- gmp-2.0.2-ssh-2/configure.in.orig Mon Feb 22 01:59:06 1999 -+++ gmp-2.0.2-ssh-2/configure.in Fri Jul 16 17:38:35 1999 -@@ -122,6 +122,20 @@ - path="x86" - syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX" - ;; -+ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ if $CC -E - -dM </dev/null | grep -q __ELF__; then -+ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF -+ else -+ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out -+ x86_broken_align=yes -+ fi -+ case "${host}" in -+ i[34]86*-*-*netbsd*) -+ path="x86" ;; -+ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ path="x86/pentium x86" ;; -+ esac -+ ;; - i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \ - i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out - path="x86" -@@ -221,6 +235,10 @@ - ;; - sh2-*-*) - path="sh/sh2 sh" -+ ;; -+ mips*-*-netbsd*) -+ path="mips2" -+ SFLAGS="-Wa,-KPIC" - ;; - mips[34]*-*-*) - path="mips3" diff --git a/security/ssh6/patches/patch-an b/security/ssh6/patches/patch-an deleted file mode 100644 index e8d6a5fd02e..00000000000 --- a/security/ssh6/patches/patch-an +++ /dev/null @@ -1,43 +0,0 @@ -$NetBSD: patch-an,v 1.1 2000/03/20 02:25:36 itojun Exp $ - ---- gmp-2.0.2-ssh-2/gmp-impl.h.orig Fri Mar 27 18:06:09 1998 -+++ gmp-2.0.2-ssh-2/gmp-impl.h Thu Mar 4 10:20:02 1999 -@@ -281,7 +281,6 @@ - - #if SIZEOF_INT >= 4 /* otherwise fails on 16-bit machines */ - #if defined (__alpha) \ -- || (defined (__arm__) && defined (__ARMWEL__)) \ - || defined (__clipper__) \ - || defined (__cris) \ - || defined (__i386__) \ -@@ -304,7 +303,7 @@ - }; - #else /* Need this as an #else since the tests aren't made exclusive. */ - #if defined (__a29k__) || defined (_AM29K) \ -- || defined (__arm__) \ -+ || (defined (__arm__) && defined (__ARMEB__)) \ - || (defined (__convex__) && defined (_IEEE_FLOAT_)) \ - || defined (__i370__) || defined (__mvs__) \ - || defined (__mc68000__) || defined (__mc68020__) || defined (__NeXT__)\ -@@ -330,6 +329,21 @@ - } s; - double d; - }; -+#define _GMP_IEEE_FLOATS 1 -+#else -+#if defined (__arm__) -+union ieee_double_extract -+{ -+ struct -+ { -+ unsigned int manh:20; -+ unsigned int exp:11; -+ unsigned int sig:1; -+ unsigned int manl:32; -+ } s; -+ double d; -+}; -+#endif - #endif - #endif - #endif /* SIZEOF_INT >= 4 */ diff --git a/security/ssh6/patches/patch-ao b/security/ssh6/patches/patch-ao deleted file mode 100644 index a17f4ceb4bd..00000000000 --- a/security/ssh6/patches/patch-ao +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ao,v 1.1 2000/03/20 02:25:36 itojun Exp $ - ---- gmp-2.0.2-ssh-2/aclocal.m4.orig Wed Jul 8 18:40:42 1998 -+++ gmp-2.0.2-ssh-2/aclocal.m4 Mon May 10 23:50:28 1999 -@@ -20,7 +20,7 @@ - dnl AM_INIT_AUTOMAKE(package,version, [no-define]) - - AC_DEFUN(AM_INIT_AUTOMAKE, --[AC_REQUIRE([AM_PROG_INSTALL]) -+[AC_REQUIRE([AC_PROG_INSTALL]) - PACKAGE=[$1] - AC_SUBST(PACKAGE) - VERSION=[$2] -@@ -46,7 +46,7 @@ - - # serial 1 - --AC_DEFUN(AM_PROG_INSTALL, -+AC_DEFUN(AC_PROG_INSTALL, - [AC_REQUIRE([AC_PROG_INSTALL]) - test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' - AC_SUBST(INSTALL_SCRIPT)dnl diff --git a/security/ssh6/patches/patch-ap b/security/ssh6/patches/patch-ap deleted file mode 100644 index 0b6585eab3e..00000000000 --- a/security/ssh6/patches/patch-ap +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-ap,v 1.1 2000/03/20 02:25:37 itojun Exp $ - ---- gmp-2.0.2-ssh-2/configure.orig Wed May 12 07:19:35 1999 -+++ gmp-2.0.2-ssh-2/configure Fri Jul 16 17:38:30 1999 -@@ -1855,6 +1855,20 @@ - path="x86" - syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX" - ;; -+ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ if $CC -E - -dM </dev/null | grep -q __ELF__; then -+ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF -+ else -+ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out -+ x86_broken_align=yes -+ fi -+ case "${host}" in -+ i[34]86*-*-*netbsd*) -+ path="x86" ;; -+ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) -+ path="x86/pentium x86" ;; -+ esac -+ ;; - i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \ - i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out - path="x86" -@@ -1954,6 +1968,10 @@ - ;; - sh2-*-*) - path="sh/sh2 sh" -+ ;; -+ mips*-*-netbsd*) -+ path="mips2" -+ SFLAGS="-Wa,-KPIC" - ;; - mips[34]*-*-*) - path="mips3" diff --git a/security/ssh6/patches/patch-aq b/security/ssh6/patches/patch-aq deleted file mode 100644 index 0fa31c89a33..00000000000 --- a/security/ssh6/patches/patch-aq +++ /dev/null @@ -1,462 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2000/03/20 02:25:37 itojun Exp $ - ---- newchannels.c.orig Wed May 12 07:19:27 1999 -+++ newchannels.c Fri Dec 24 22:01:15 1999 -@@ -274,7 +274,7 @@ - #include "authfd.h" - #include "emulate.h" - #include "servconf.h" --#ifdef LIBWRAP -+#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - #include <tcpd.h> - #include <syslog.h> - #ifdef NEED_SYS_SYSLOG_H -@@ -922,6 +922,7 @@ - /* This is our fake X11 server socket. */ - if (FD_ISSET(ch->sock, readset)) - { -+ int on = 1; - debug("X11 connection requested."); - addrlen = sizeof(addr); - newsock = accept(ch->sock, &addr, &addrlen); -@@ -930,11 +931,12 @@ - error("accept: %.100s", strerror(errno)); - break; - } -+ setsockopt(newsock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)); - remote_hostname = get_remote_hostname(newsock); - snprintf(buf, sizeof(buf), "X11 connection from %.200s port %d", - remote_hostname, get_peer_port(newsock)); - xfree(remote_hostname); --#ifdef LIBWRAP -+#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -@@ -986,7 +988,7 @@ - ch->listening_port, remote_hostname, - get_peer_port(newsock)); - xfree(remote_hostname); --#ifdef LIBWRAP -+#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -@@ -1405,13 +1407,29 @@ - int host_port, int gatewayports) - { - int ch, sock; -- struct sockaddr_in sin; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = gatewayports ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ packet_disconnect("getaddrinfo: fatal error"); -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create a port to listen for the host. */ -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - -@@ -1421,21 +1439,10 @@ - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -- /* Initialize socket address. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- if (gatewayports) -- sin.sin_addr.s_addr = INADDR_ANY; -- else --#ifdef BROKEN_INET_ADDR -- sin.sin_addr.s_addr = inet_network("127.0.0.1"); --#else /* BROKEN_INET_ADDR */ -- sin.sin_addr.s_addr = inet_addr("127.0.0.1"); --#endif /* BROKEN_INET_ADDR */ -- sin.sin_port = htons(port); -- -+ debug("Listening on %s port %s.", ntop, strport); -+ - /* Bind the socket to the address. */ -- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ -@@ -1448,6 +1455,9 @@ - strcpy(channels[ch].path, host); /* note: host name stored here */ - channels[ch].host_port = host_port; /* port on host to connect to */ - channels[ch].listening_port = port; /* port being listened */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); - } - - /* Initiate forwarding of connections to port "port" on remote host through -@@ -1636,9 +1646,10 @@ - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; -- struct sockaddr_in sin; - char *host, *originator_string; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -@@ -1678,36 +1689,15 @@ - } - } - -- memset(&sin, 0, sizeof(sin)); --#ifdef BROKEN_INET_ADDR -- sin.sin_addr.s_addr = inet_network(host); --#else /* BROKEN_INET_ADDR */ -- sin.sin_addr.s_addr = inet_addr(host); --#endif /* BROKEN_INET_ADDR */ -- if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", host_port); -+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - { -- /* It was a valid numeric host address. */ -- sin.sin_family = AF_INET; -- } -- else -- { -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(host); -- if (!hp) -- { -- error("%.100s: unknown host.", host); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", host); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -+ error("%.100s: unknown host (%s)", host, gai_strerror(gaierr)); -+ goto fail; - } -- sin.sin_port = htons(host_port); - - #ifdef F_SECURE_COMMERCIAL - -@@ -1744,8 +1734,15 @@ - - #endif /* F_SECURE_COMMERCIAL */ - -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create the socket. */ -- sock = socket(sin.sin_family, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -@@ -1753,15 +1750,25 @@ - } - - /* Connect to the host/port. */ -- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("connect %.100s:%d: %.100s", host, host_port, -- strerror(errno)); -+ debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); - close(sock); -+ continue; /* fail -- try next */ -+ } -+ break; /* success */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ -+ if (!ai) -+ { -+ error("connect %.100s:%d: failed.", host, host_port); - goto fail; - } - - /* Successful connection. */ -+ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); -@@ -1803,7 +1810,10 @@ - { - extern ServerOptions options; - int display_number, port, sock; -- struct sockaddr_in sin; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+#define NUM_SOCKS 10 -+ int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS]; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; -@@ -1817,12 +1827,21 @@ - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr.s_addr = INADDR_ANY; -- sin.sin_port = htons(port); -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) -+ { -+ error("getaddrinfo: %.100s", gai_strerror(gaierr)); -+ return NULL; -+ } -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { - -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -@@ -1835,13 +1854,26 @@ - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -- continue; -+ for (n = 0; n < num_socks; n++) -+ { -+ shutdown(socks[n], 2); -+ close(socks[n]); -+ } -+ num_socks = 0; -+ break; - } -+ -+ socks[num_socks++] = sock; -+ if (num_socks == NUM_SOCKS) -+ break; -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ -+ if (num_socks > 0) - break; - } - if (display_number >= MAX_DISPLAYS) -@@ -1851,13 +1883,22 @@ - } - - /* Start listening for connections on the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - if (listen(sock, 5) < 0) - { - error("listen: %.100s", strerror(errno)); - shutdown(sock, 2); - close(sock); -+ for (nn = 0; nn < n; nn++) -+ { -+ shutdown(socks[nn], 2); -+ close(socks[nn]); -+ } - return NULL; - } -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Set up a suitable value for the DISPLAY variable. */ - #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE -@@ -1868,10 +1909,11 @@ - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -- struct hostent *hp; -- struct in_addr addr; -- hp = gethostbyname(hostname); -- if (hp == NULL || !hp->h_addr_list[0]) -+ struct addrinfo hints, *ai; -+ char ntop[ADDRSTRLEN]; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", -@@ -1880,9 +1922,10 @@ - close(sock); - return NULL; - } -- memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - snprintf(buf, sizeof(buf), -- "%.100s:%d.%d", inet_ntoa(addr), display_number, -+ "%.100s:%d.%d", ntop, display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ -@@ -1900,8 +1943,12 @@ - #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ - - /* Allocate a channel for the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, - xstrdup("X11 inet listener")); -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Return a suitable value for the DISPLAY environment variable. */ - return xstrdup(buf); -@@ -1916,9 +1963,10 @@ - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; -- struct sockaddr_in sin; - char buf[255], *cp, *remote_host; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -@@ -2058,59 +2106,54 @@ - goto fail; - } - -- /* Try to parse the host name as a numeric IP address. */ -- memset(&sin, 0, sizeof(sin)); --#ifdef BROKEN_INET_ADDR -- sin.sin_addr.s_addr = inet_network(buf); --#else /* BROKEN_INET_ADDR */ -- sin.sin_addr.s_addr = inet_addr(buf); --#endif /* BROKEN_INET_ADDR */ -- if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -+ /* Look up the host address */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", 6000 + display_number); -+ if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) - { -- /* It was a valid numeric host address. */ -- sin.sin_family = AF_INET; -+ error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); -+ goto fail; - } -- else -+ -+ for (ai = aitop; ai; ai = ai->ai_next) - { -- /* Not a numeric IP address. */ -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(buf); -- if (!hp) -- { -- error("%.100s: unknown host.", buf); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", buf); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -- } -- /* Set port number. */ -- sin.sin_port = htons(6000 + display_number); - - /* Create a socket. */ -- sock = socket(sin.sin_family, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { -- error("socket: %.100s", strerror(errno)); -- goto fail; -+ debug("socket: %.100s", strerror(errno)); -+ continue; - } - /* Connect it to the display. */ -- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ debug("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); -+ continue; -+ } -+ /* Success */ -+ break; -+ -+ } /* (ai = aitop, ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ if (!ai) -+ { -+ error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ strerror(errno)); - goto fail; - } - - success: - /* We have successfully obtained a connection to the real X display. */ -- -+ { -+ int on = 1; -+ setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)); -+ } -+ - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); - #else /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ -@@ -2412,6 +2455,10 @@ - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - diff --git a/security/ssh6/patches/patch-ar b/security/ssh6/patches/patch-ar deleted file mode 100644 index 25e7a654299..00000000000 --- a/security/ssh6/patches/patch-ar +++ /dev/null @@ -1,60 +0,0 @@ -$NetBSD: patch-ar,v 1.1 2000/03/20 02:25:38 itojun Exp $ - ---- acconfig.h.orig Wed May 12 07:19:23 1999 -+++ acconfig.h Fri Dec 24 21:50:38 1999 -@@ -247,16 +247,23 @@ - /* Define this if your gettimeofday doesn't have TZ parameter */ - #undef HAVE_NO_TZ_IN_GETTIMEOFDAY - --/* Define this if you want to compile in Kerberos support. */ --#undef KERBEROS -- - /* Define this if you want to compile in Kerberos V5 support. -- KERBEROS must be compiled in as well. This can be done at configure -- time with the --with-kerberos5 argument*/ -+ This can be done at configure time with the --with-krb5 argument. */ - #undef KRB5 - --/* Define this if you want to pass the Kerberos TGT. */ --#undef KERBEROS_TGT_PASSING -+/* Define this if you want to compile in Kerberos V4 support. -+ This can be done at configure time with the --with-krb4 argument. */ -+#undef KRB4 -+ -+/* Define this if you what to build ssh with Hesiod support. */ -+#undef HESIOD -+ -+/* Define this if you want to compile in AFS support. -+ This can be done at configure time with the --with-afs argument. */ -+#undef AFS -+ -+/* Define this if you have the AFS lifetime conversion routines. */ -+#undef HAVE_KRB_LIFE_TO_TIME - - /* Define this if you dont have SIGINFO as signal but some other macro */ - #undef HAVE_INCOMPATIBLE_SIGINFO -@@ -273,6 +280,24 @@ - /* File used to override /etc/nologin on a per-user basis. The default is - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW -+ -+/* Define this if you have struct sockaddr_storage. */ -+#undef HAVE_SOCKADDR_STORAGE -+ -+/* Define this if you have __sa_family in struct sockaddr_storage. */ -+#undef HAVE_NEW_SS_FAMILY -+ -+/* Define this if you have ss_len in struct sockaddr. */ -+#undef HAVE_SOCKADDR_LEN -+ -+/* Define this if you want to enable IPv6 support. */ -+#undef ENABLE_IPV6 -+ -+/* Define this if you want to enable another port try support. */ -+#undef ENABLE_ANOTHER_PORT_TRY -+ -+/* Define this if you want to enable logging auth info support. */ -+#undef ENABLE_LOG_AUTH - - /* Where to find the X11 socket */ - #undef X11_DIR diff --git a/security/ssh6/patches/patch-as b/security/ssh6/patches/patch-as deleted file mode 100644 index 19eeaaa17f3..00000000000 --- a/security/ssh6/patches/patch-as +++ /dev/null @@ -1,249 +0,0 @@ -$NetBSD: patch-as,v 1.1 2000/03/20 02:25:40 itojun Exp $ - ---- auth-kerberos.c.orig Wed May 12 07:19:23 1999 -+++ auth-kerberos.c Fri Dec 24 21:50:38 1999 -@@ -38,14 +38,13 @@ - #include "xmalloc.h" - #include "ssh.h" - --#ifdef KERBEROS --#if defined (KRB5) -+#ifdef KRB5 - #include <krb5.h> - - extern krb5_context ssh_context; - extern krb5_auth_context auth_context; - --int auth_kerberos(char *server_user, krb5_data *auth, krb5_principal *client) -+int auth_krb5(char *server_user, krb5_data *auth, krb5_principal *client) - { - krb5_error_code problem; - krb5_ticket *ticket; -@@ -163,11 +162,115 @@ - return 1; - } - #endif /* KRB5 */ --#endif /* KERBEROS */ - --#ifdef KERBEROS_TGT_PASSING --#if defined (KRB5) --int auth_kerberos_tgt( char *server_user, krb5_data *krb5data) -+#ifdef KRB4 -+#include <sys/param.h> -+#include <krb.h> -+ -+int ssh_tf_init(uid_t uid) -+{ -+ extern char *ticket; -+ char *tkt_root = TKT_ROOT; -+ struct stat st; -+ int fd; -+ -+ /* Set unique ticket string manually since we're still root. */ -+ ticket = xmalloc(MAXPATHLEN); -+#ifdef AFS -+ if (lstat("/ticket", &st) != -1) -+ tkt_root = "/ticket/"; -+#endif /* AFS */ -+ snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid()); -+ (void) krb_set_tkt_string(ticket); -+ -+ /* Make sure we own this ticket file, and we created it. */ -+ if (lstat(ticket, &st) < 0 && errno == ENOENT) { -+ /* good, no ticket file exists. create it. */ -+ if ((fd = open(ticket, O_RDWR|O_CREAT|O_EXCL, 0600)) != -1) { -+ close(fd); -+ return 1; -+ } -+ } -+ else { -+ /* file exists. make sure server_user owns it (e.g. just passed ticket), -+ and that it isn't a symlink, and that it is mode 600. */ -+ if (st.st_mode == (S_IFREG|S_IRUSR|S_IWUSR) && st.st_uid == uid) -+ return 1; -+ } -+ /* Failure. */ -+ log_msg("WARNING: bad ticket file %s", ticket); -+ return 0; -+} -+ -+int auth_krb4(const char *server_user, KTEXT auth, char **client) -+{ -+ AUTH_DAT adat = { 0 }; -+ KTEXT_ST reply; -+ char instance[INST_SZ]; -+ int r, s; -+ u_long cksum; -+ Key_schedule schedule; -+ struct sockaddr_in local, foreign; -+ -+ s = packet_get_connection_in(); -+ -+ r = sizeof(local); -+ memset(&local, 0, sizeof(local)); -+ if (getsockname(s, (struct sockaddr *) &local, &r) < 0) -+ debug("getsockname failed: %.100s", strerror(errno)); -+ r = sizeof(foreign); -+ memset(&foreign, 0, sizeof(foreign)); -+ if (getpeername(s, (struct sockaddr *)&foreign, &r) < 0) -+ debug("getpeername failed: %.100s", strerror(errno)); -+ -+ instance[0] = '*'; instance[1] = 0; -+ -+ /* Get the encrypted request, challenge, and session key. */ -+ if (r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, "")) { -+ packet_send_debug("Kerberos V4 krb_rd_req: %s", krb_err_txt[r]); -+ return 0; -+ } -+ des_key_sched((des_cblock *)adat.session, schedule); -+ -+ *client = xmalloc(MAX_K_NAME_SZ); -+ (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname, -+ *adat.pinst ? "." : "", adat.pinst, adat.prealm); -+ -+ /* Check ~/.klogin authorization now. */ -+ if (kuserok(&adat, (char *)server_user) != KSUCCESS) { -+ packet_send_debug("Kerberos V4 .klogin authorization failed!"); -+ log_msg("Kerberos V4 .klogin authorization failed for %s to account %s", -+ *client, server_user); -+ return 0; -+ } -+ /* Increment the checksum, and return it encrypted with the session key. */ -+ cksum = adat.checksum + 1; -+ cksum = htonl(cksum); -+ -+ /* If we can't successfully encrypt the checksum, we send back an empty -+ message, admitting our failure. */ -+ if ((r = krb_mk_priv((u_char *)&cksum, reply.dat, sizeof(cksum)+1, -+ schedule, &adat.session, &local, &foreign)) < 0) { -+ packet_send_debug("Kerberos V4 mk_priv: (%d) %s", r, krb_err_txt[r]); -+ reply.dat[0] = 0; -+ reply.length = 0; -+ } -+ else -+ reply.length = r; -+ -+ /* Clear session key. */ -+ memset(&adat.session, 0, sizeof(&adat.session)); -+ -+ packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); -+ packet_put_string((char *) reply.dat, reply.length); -+ packet_send(); -+ packet_write_wait(); -+ return 1; -+} -+#endif /* KRB4 */ -+ -+#ifdef KRB5 -+int auth_krb5_tgt( char *server_user, krb5_data *krb5data) - { - krb5_creds **creds; - krb5_error_code retval; -@@ -177,7 +280,7 @@ - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -- struct sockaddr_in local, foreign; -+ struct sockaddr_storage local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - -@@ -267,5 +370,97 @@ - - } - #endif /* KRB5 */ --#endif /* KERBEROS_TGT_PASSING */ - -+ -+#ifdef AFS -+#include <kafs.h> -+ -+int auth_kerberos_tgt(struct passwd *pw, const char *string) -+{ -+ CREDENTIALS creds; -+ extern char *ticket; -+ int r; -+ -+ if (!radix_to_creds(string, &creds)) { -+ log_msg("Protocol error decoding Kerberos V4 tgt"); -+ packet_send_debug("Protocol error decoding Kerberos V4 tgt"); -+ goto auth_kerberos_tgt_failure; -+ } -+ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ -+ strcpy(creds.service, "krbtgt"); -+ -+ if (strcmp(creds.service, "krbtgt")) { -+ log_msg("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", -+ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm, -+ pw->pw_uid); -+ packet_send_debug("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", -+ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, -+ creds.realm, pw->pw_uid); -+ goto auth_kerberos_tgt_failure; -+ } -+ if (!ssh_tf_init(pw->pw_uid) || -+ (r = in_tkt(creds.pname, creds.pinst)) || -+ (r = save_credentials(creds.service,creds.instance,creds.realm, -+ creds.session,creds.lifetime,creds.kvno, -+ &creds.ticket_st,creds.issue_date))) { -+ xfree(ticket); -+ ticket = NULL; -+ packet_send_debug("Kerberos V4 tgt refused: couldn't save credentials"); -+ goto auth_kerberos_tgt_failure; -+ } -+ /* Successful authentication, passed all checks. */ -+ chown(ticket, pw->pw_uid, pw->pw_gid); -+ packet_send_debug("Kerberos V4 tgt accepted (%s.%s@%s, %s%s%s@%s)", -+ creds.service,creds.instance,creds.realm, -+ creds.pname,creds.pinst[0] ? "." : "", -+ creds.pinst,creds.realm); -+ -+ packet_start(SSH_SMSG_SUCCESS); -+ packet_send(); -+ packet_write_wait(); -+ return 1; -+ -+auth_kerberos_tgt_failure: -+ memset(&creds, 0, sizeof(creds)); -+ packet_start(SSH_SMSG_FAILURE); -+ packet_send(); -+ packet_write_wait(); -+ return 0; -+} -+ -+int auth_afs_token(char *server_user, uid_t uid, const char *string) -+{ -+ CREDENTIALS creds; -+ -+ if (!radix_to_creds(string, &creds)) { -+ log_msg("Protocol error decoding AFS token"); -+ packet_send_debug("Protocol error decoding AFS token"); -+ packet_start(SSH_SMSG_FAILURE); -+ packet_send(); -+ packet_write_wait(); -+ return 0; -+ } -+ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ -+ strcpy(creds.service, "afs"); -+ -+ if (strncmp(creds.pname, "AFS ID ", 7) == 0) -+ uid = atoi(creds.pname + 7); -+ -+ if (kafs_settoken(creds.realm, uid, &creds)) { -+ log_msg("AFS token (%s@%s) rejected for uid %d", creds.pname, -+ creds.realm, uid); -+ packet_send_debug("AFS token (%s@%s) rejected for uid %d", creds.pname, -+ creds.realm, uid); -+ packet_start(SSH_SMSG_FAILURE); -+ packet_send(); -+ packet_write_wait(); -+ return 0; -+ } -+ packet_send_debug("AFS token accepted (%s@%s, %s@%s)", creds.service, -+ creds.realm, creds.pname, creds.realm); -+ packet_start(SSH_SMSG_SUCCESS); -+ packet_send(); -+ packet_write_wait(); -+ return 1; -+} -+#endif /* AFS */ diff --git a/security/ssh6/patches/patch-at b/security/ssh6/patches/patch-at deleted file mode 100644 index 34a0799a3bb..00000000000 --- a/security/ssh6/patches/patch-at +++ /dev/null @@ -1,192 +0,0 @@ -$NetBSD: patch-at,v 1.2 2000/04/23 19:17:30 thorpej Exp $ - ---- auth-passwd.c.orig Wed May 12 04:19:23 1999 -+++ auth-passwd.c Tue Apr 18 11:48:03 2000 -@@ -301,29 +301,25 @@ - static int securid_initialized = 0; - #endif /* HAVE_SECURID */ - --#ifdef KERBEROS --#if defined(KRB5) -+#ifdef KRB5 - #include <krb5.h> - extern krb5_context ssh_context; - extern krb5_auth_context auth_context; --#else --#include <krb.h> - #endif /* KRB5 */ --#endif /* KERBEROS */ - --#ifdef AFS --#include <afs/param.h> --#include <afs/kautils.h> --#endif /* AFS */ -+#ifdef KRB4 -+#include <sys/param.h> -+#include <krb.h> -+#endif /* KRB4 */ - --#if defined(KERBEROS) || defined(AFS_KERBEROS) -+#if defined(KRB4) || defined(KRB5) - extern char *ticket; --#endif /* KERBEROS || AFS_KERBEROS */ -+#endif /* KRB4 || KRB5 */ - - /* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ - --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - /* - * This routine with some modification is from the MIT V5B6 appl/bsd/login.c - * -@@ -479,16 +475,16 @@ - 0 }; - #endif - krb5_preauthtype * preauth = preauth_list; --#endif /* KERBEROS */ -+#endif /* KRB5 */ - - /* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ --#ifdef KERBEROS -+#ifdef KRB5 - int auth_password(const char *server_user, const char *password, - krb5_principal client) --#else /* KERBEROS */ -+#else /* KRB5 */ - int auth_password(const char *server_user, const char *password) --#endif /* KERBEROS */ -+#endif /* KRB5 */ - { - #if defined(_AIX) && defined(HAVE_AUTHENTICATE) - char *message; -@@ -505,7 +501,7 @@ - } - #else /* _AIX41 && HAVE_AUTHENTICATE */ - --#ifdef KERBEROS -+#ifdef KRB5 - krb5_error_code problem; - int krb5_options = KDC_OPT_RENEWABLE | KDC_OPT_FORWARDABLE; - krb5_deltat rlife = 0; -@@ -515,7 +511,7 @@ - krb5_ccache ccache; - char ccname[80]; - int results; --#endif /* KERBEROS */ -+#endif /* KRB5 */ - extern ServerOptions options; - extern char *crypt(const char *key, const char *salt); - struct passwd *pw; -@@ -537,10 +533,9 @@ - saved_pw_name = xstrdup(pw->pw_name); - saved_pw_passwd = xstrdup(pw->pw_passwd); - --#if defined(KERBEROS) -- if (options.kerberos_authentication) -- { - #if defined(KRB5) -+ if (options.kerberos_authentication && client != NULL) -+ { - snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_l%d", getpid()); - - if (problem = krb5_cc_resolve(ssh_context, ccname, &ccache)) -@@ -658,9 +653,96 @@ - return 0; - } - } -+ } - #endif /* KRB5 */ -+#ifdef KRB4 -+ if (options.kerberos_authentication) -+ { -+ AUTH_DAT adata; -+ KTEXT_ST tkt; -+ struct hostent *hp; -+ unsigned long faddr; -+ char localhost[MAXHOSTNAMELEN]; /* local host name */ -+ char phost[INST_SZ]; /* host instance */ -+ char realm[REALM_SZ]; /* local Kerberos realm */ -+ int r; -+ -+ /* Try Kerberos password authentication only for non-root -+ users and only if Kerberos is installed. */ -+ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 0) == KSUCCESS) { -+ -+ /* Set up our ticket file. */ -+ if (!ssh_tf_init(pw->pw_uid)) { -+ log_msg("Couldn't initialize Kerberos ticket file for %s!", -+ server_user); -+ goto kerberos_auth_failure; -+ } -+ /* Try to get TGT using our password. */ -+ if ((r = krb_get_pw_in_tkt((char *)server_user, "", realm, "krbtgt", -+ realm, DEFAULT_TKT_LIFE, (char *)password)) != INTK_OK) { -+ packet_send_debug("Kerberos V4 password authentication for %s " -+ "failed: %s", server_user, krb_err_txt[r]); -+ goto kerberos_auth_failure; -+ } -+ /* Successful authentication. */ -+ chown(ticket, pw->pw_uid, pw->pw_gid); -+ -+ (void) gethostname(localhost, sizeof(localhost)); -+ (void) strncpy(phost, (char *)krb_get_phost(localhost), INST_SZ); -+ phost[INST_SZ-1] = 0; -+ -+ /* Now that we have a TGT, try to get a local "rcmd" ticket to -+ ensure that we are not talking to a bogus Kerberos server. */ -+ r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); -+ -+ if (r == KSUCCESS) { -+ if (!(hp = gethostbyname(localhost))) { -+ log_msg("Couldn't get local host address!"); -+ goto kerberos_auth_failure; -+ } -+ memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); -+ -+ /* Verify our "rcmd" ticket. */ -+ r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, ""); -+ if (r == RD_AP_UNDEC) { -+ /* Probably didn't have a srvtab on localhost. Allow login. */ -+ log_msg("Kerberos V4 TGT for %s unverifiable, no srvtab? " -+ "krb_rd_req: %s", server_user, krb_err_txt[r]); -+ } -+ else if (r != KSUCCESS) { -+ log_msg("Kerberos V4 %s ticket unverifiable: %s", -+ KRB4_SERVICE_NAME, krb_err_txt[r]); -+ goto kerberos_auth_failure; -+ } -+ } -+ else if (r == KDC_PR_UNKNOWN) { -+ /* Allow login if no rcmd service exists, but log the error. */ -+ log_msg("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " -+ "not registered, or srvtab is wrong?", server_user, -+ krb_err_txt[r], KRB4_SERVICE_NAME, phost); -+ } -+ else { -+ /* TGT is bad, forget it. Possibly spoofed. */ -+ packet_send_debug("WARNING: Kerberos V4 TGT possibly spoofed for" -+ "%s: %s", server_user, krb_err_txt[r]); -+ goto kerberos_auth_failure; -+ } -+ -+ /* Authentication succeeded. */ -+ return 1; -+ -+ kerberos_auth_failure: -+ (void) dest_tkt(); -+ xfree(ticket); -+ ticket = NULL; -+ if (!options.kerberos_or_local_passwd ) return 0; -+ } -+ else /* Logging in as root or no local Kerberos realm. */ -+ packet_send_debug("Unable to authenticate to Kerberos."); -+ -+ /* Fall back to ordinary passwd authentication. */ - } --#endif /* KERBEROS */ -+#endif /* KRB4 */ - - #ifdef HAVE_SECURID - /* Support for Security Dynamics SecurId card. diff --git a/security/ssh6/patches/patch-au b/security/ssh6/patches/patch-au deleted file mode 100644 index f83de5cc11f..00000000000 --- a/security/ssh6/patches/patch-au +++ /dev/null @@ -1,77 +0,0 @@ -$NetBSD: patch-au,v 1.1 2000/03/20 02:25:40 itojun Exp $ - ---- login.c.orig Wed May 12 07:19:26 1999 -+++ login.c Fri Dec 24 22:01:25 1999 -@@ -255,7 +255,7 @@ - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -- const char *host, struct sockaddr_in *addr) -+ const char *host, struct sockaddr *addr) - { - int fd; - -@@ -271,7 +271,22 @@ - struct utmp u, u2; - off_t offset; - const char *utmp, *wtmp; -+#endif -+#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_LASTLOG_H) || defined(HAVE_LASTLOG) -+ char myname[MAXHOSTNAMELEN]; -+ char shost[MAXHOSTNAMELEN]; -+ char *p = NULL, *q = NULL; -+ -+ memset(shost, 0, sizeof(shost)); -+ gethostname(myname, MAXHOSTNAMELEN); -+ if (((p = memchr(myname, '.', MAXHOSTNAMELEN)) != NULL) -+ && ((q = strchr(host, '.')) != NULL) -+ && (strncmp(p, q, MAXHOSTNAMELEN - (p - myname)) == 0)) { -+ strncpy(shost, host, q - host); -+ } -+#endif - -+#if defined(HAVE_UTMP_H) && !defined(HAVE_UTMPX_H) - /* Construct an utmp/wtmp entry. */ - memset(&u, 0, sizeof(u)); - #ifdef DEAD_PROCESS -@@ -301,17 +316,21 @@ - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP -- strncpy(u.ut_host, host, sizeof(u.ut_host)); --#ifdef __FreeBSD__ -- if (strlen(host) > sizeof(u.ut_host)) { -+ if ((*shost != '\0') && (strlen(shost) <= sizeof(u.ut_host))) -+ strncpy(u.ut_host, shost, sizeof(u.ut_host)); -+#ifndef HAVE_ADDR_IN_UTMP -+ else if (strlen(host) > sizeof(u.ut_host)) - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -- } --#endif /* __FreeBSD__ */ -+#endif /* HAVE_ADDR_IN_UTMP */ -+ else -+ strncpy(u.ut_host, host, sizeof(u.ut_host)); - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP -+#if 0 /* XXX */ - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else -+#endif /* XXX */ - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - -@@ -490,7 +509,12 @@ - /* Update lastlog. */ - ll.ll_time = time(NULL); - strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line)); -- strncpy(ll.ll_host, host, sizeof(ll.ll_host)); -+ if ((*shost != '\0') && (strlen(shost) <= sizeof(ll.ll_host))) -+ strncpy(ll.ll_host, shost, sizeof(ll.ll_host)); -+ else if (strlen(host) > sizeof(ll.ll_host)) -+ strncpy(ll.ll_host, get_remote_ipaddr(), sizeof(ll.ll_host)); -+ else -+ strncpy(ll.ll_host, host, sizeof(ll.ll_host)); - #ifdef LASTLOG_IS_DIR - snprintf(lastlogfile, sizeof(lastlogfile), - "%.100s/%.100s", lastlog, user); diff --git a/security/ssh6/patches/patch-av b/security/ssh6/patches/patch-av deleted file mode 100644 index 503077e2446..00000000000 --- a/security/ssh6/patches/patch-av +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-av,v 1.1 2000/03/20 02:25:40 itojun Exp $ - ---- serverloop.c.orig Wed May 12 13:19:28 1999 -+++ serverloop.c Sat May 15 04:33:35 1999 -@@ -446,7 +446,7 @@ - if (ret == 0) /* Nothing read, timeout expired */ - { - /* Check if idle_timeout expired ? */ -- if (idle_timeout != 0 && !child_terminated && -+ if (idle_timeout != 0 && !child_terminated && idle_time_last && - time(NULL) - idle_time_last > idle_timeout) - { - /* Yes, kill the child */ diff --git a/security/ssh6/patches/patch-aw b/security/ssh6/patches/patch-aw deleted file mode 100644 index 1bafdf94611..00000000000 --- a/security/ssh6/patches/patch-aw +++ /dev/null @@ -1,269 +0,0 @@ -$NetBSD: patch-aw,v 1.1 2000/03/20 02:25:41 itojun Exp $ - ---- canohost.c.orig Wed May 12 07:19:24 1999 -+++ canohost.c Fri Dec 24 21:50:38 1999 -@@ -59,10 +59,11 @@ - - char *get_remote_hostname(int socket) - { -- struct sockaddr_in from; -+ struct sockaddr_storage from; - int fromlen, i; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; - char name[255]; -+ char ntop[ADDRSTRLEN], ntop2[ADDRSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -@@ -73,14 +74,16 @@ - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } -+ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - - /* Map the IP address to a host name. */ -- hp = gethostbyaddr((char *)&from.sin_addr, sizeof(struct in_addr), -- from.sin_family); -- if (hp) -+ if (getnameinfo((struct sockaddr *)&from, fromlen, -+ name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) == 0) - { - /* Got host name. */ -- strncpy(name, hp->h_name, sizeof(name)); - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this -@@ -95,25 +98,30 @@ - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -- hp = gethostbyname(name); -- if (!hp) -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.__ss_family; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -- strcpy(name, inet_ntoa(from.sin_addr)); -+ strcpy(name, ntop); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -- for (i = 0; hp->h_addr_list[i]; i++) -- if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) -- == 0) -- break; -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop2, sizeof(ntop2), NULL, 0, NI_NUMERICHOST); -+ if (strcmp(ntop, ntop2) == 0) -+ break; -+ } -+ freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ -- if (!hp->h_addr_list[i]) -+ if (!ai) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -- inet_ntoa(from.sin_addr), name); -- strcpy(name, inet_ntoa(from.sin_addr)); -+ ntop, name); -+ strcpy(name, ntop); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ -@@ -121,7 +129,7 @@ - else - { - /* Host name not found. Use ascii representation of the address. */ -- strcpy(name, inet_ntoa(from.sin_addr)); -+ strcpy(name, ntop); - log_msg("Could not reverse map address %.100s.", name); - } - -@@ -136,6 +144,7 @@ - Notice also that if we just dropped source routing here, the other - side could use IP spoofing to do rest of the interaction and could still - bypass security. So we exit here if we detect any IP options. */ -+ if (from.__ss_family == AF_INET) /* IP options -- IPv4 only */ - { - unsigned char options[200], *ucp; - char text[1024], *cp; -@@ -157,9 +166,9 @@ - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -- inet_ntoa(from.sin_addr), text); -+ ntop, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -- inet_ntoa(from.sin_addr), text); -+ ntop, text); - } - } - #endif -@@ -177,7 +186,7 @@ - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -- struct sockaddr_in from, to; -+ struct sockaddr_storage from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) -@@ -200,8 +209,7 @@ - &tolen) < 0) - goto no_ip_addr; - -- if (from.sin_family == AF_INET && to.sin_family == AF_INET && -- memcmp(&from, &to, sizeof(from)) == 0) -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -@@ -221,8 +229,9 @@ - - const char *get_remote_ipaddr(void) - { -- struct sockaddr_in from, to; -+ struct sockaddr_storage from, to; - int fromlen, tolen, socket; -+ char ntop[ADDRSTRLEN]; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) -@@ -245,8 +254,7 @@ - &tolen) < 0) - goto no_ip_addr; - -- if (from.sin_family == AF_INET && to.sin_family == AF_INET && -- memcmp(&from, &to, sizeof(from)) == 0) -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -@@ -269,7 +277,9 @@ - } - - /* Get the IP address in ascii. */ -- canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr)); -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); -+ canonical_host_ip = xstrdup(ntop); - - /* Return ip address string. */ - return canonical_host_ip; -@@ -279,8 +289,9 @@ - - int get_peer_port(int sock) - { -- struct sockaddr_in from; -+ struct sockaddr_storage from; - int fromlen; -+ char strport[PORTSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -@@ -292,7 +303,9 @@ - } - - /* Return port number. */ -- return ntohs(from.sin_port); -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -+ return atoi(strport); - } - - /* Returns the port number of the remote host. */ -@@ -301,7 +314,7 @@ - { - int socket; - int fromlen, tolen; -- struct sockaddr_in from, to; -+ struct sockaddr_storage from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ -@@ -319,8 +332,7 @@ - &tolen) < 0) - goto no_ip_addr; - -- if (from.sin_family == AF_INET && to.sin_family == AF_INET && -- memcmp(&from, &to, sizeof(from)) == 0) -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_port; - - no_ip_addr: -@@ -335,3 +347,67 @@ - /* Get and return the peer port number. */ - return get_peer_port(socket); - } -+ -+/* Returns the port of the local of the socket. */ -+ -+int get_sock_port(int sock) -+{ -+ struct sockaddr_storage from; -+ int fromlen; -+ char strport[PORTSTRLEN]; -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) -+ { -+ error("getsockname failed: %.100s", strerror(errno)); -+ return 0; -+ } -+ -+ /* Return port number. */ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -+ return atoi(strport); -+} -+ -+/* Returns the port number of the local host. */ -+ -+int get_local_port() -+{ -+ int socket; -+ int fromlen, tolen; -+ struct sockaddr_storage from, to; -+ -+ /* If two different descriptors, check if they are internet-domain, and -+ have the same address. */ -+ if (packet_get_connection_in() != packet_get_connection_out()) -+ { -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(packet_get_connection_in(), (struct sockaddr *)&from, -+ &fromlen) < 0) -+ goto no_ip_addr; -+ -+ tolen = sizeof(to); -+ memset(&to, 0, sizeof(to)); -+ if (getsockname(packet_get_connection_out(), (struct sockaddr *)&to, -+ &tolen) < 0) -+ goto no_ip_addr; -+ -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) -+ goto return_port; -+ -+ no_ip_addr: -+ return 65535; -+ } -+ -+ return_port: -+ -+ /* Get client socket. */ -+ socket = packet_get_connection_in(); -+ -+ /* Get and return the local port number. */ -+ return get_sock_port(socket); -+} -+ diff --git a/security/ssh6/patches/patch-ax b/security/ssh6/patches/patch-ax deleted file mode 100644 index 8385f6c5884..00000000000 --- a/security/ssh6/patches/patch-ax +++ /dev/null @@ -1,60 +0,0 @@ -$NetBSD: patch-ax,v 1.1 2000/03/20 02:25:41 itojun Exp $ - ---- cipher.c.orig Wed May 12 07:19:24 1999 -+++ cipher.c Fri Dec 24 21:50:04 1999 -@@ -213,7 +213,7 @@ - used. */ - if (keylen < 8) - error("Key length %d is insufficient for DES.", keylen); -- des_set_key(padded, &context->u.des.key); -+ ssh_des_set_key(padded, &context->u.des.key); - memset(context->u.des.iv, 0, sizeof(context->u.des.iv)); - break; - #endif /* WITH_DES */ -@@ -224,12 +224,12 @@ - used (first and last keys are the same). */ - if (keylen < 16) - error("Key length %d is insufficient for 3DES.", keylen); -- des_set_key(padded, &context->u.des3.key1); -- des_set_key(padded + 8, &context->u.des3.key2); -+ ssh_des_set_key(padded, &context->u.des3.key1); -+ ssh_des_set_key(padded + 8, &context->u.des3.key2); - if (keylen <= 16) -- des_set_key(padded, &context->u.des3.key3); -+ ssh_des_set_key(padded, &context->u.des3.key3); - else -- des_set_key(padded + 16, &context->u.des3.key3); -+ ssh_des_set_key(padded + 16, &context->u.des3.key3); - memset(context->u.des3.iv1, 0, sizeof(context->u.des3.iv1)); - memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2)); - memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3)); -@@ -274,12 +274,12 @@ - - #ifdef WITH_DES - case SSH_CIPHER_DES: -- des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); -+ ssh_des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); - break; - #endif /* WITH_DES */ - - case SSH_CIPHER_3DES: -- des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, -+ ssh_des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, - &context->u.des3.key2, context->u.des3.iv2, - &context->u.des3.key3, context->u.des3.iv3, - dest, src, len); -@@ -322,12 +322,12 @@ - - #ifdef WITH_DES - case SSH_CIPHER_DES: -- des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); -+ ssh_des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); - break; - #endif /* WITH_DES */ - - case SSH_CIPHER_3DES: -- des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, -+ ssh_des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, - &context->u.des3.key2, context->u.des3.iv2, - &context->u.des3.key3, context->u.des3.iv3, - dest, src, len); diff --git a/security/ssh6/patches/patch-ay b/security/ssh6/patches/patch-ay deleted file mode 100644 index b9fcf7e9813..00000000000 --- a/security/ssh6/patches/patch-ay +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ay,v 1.1 2000/03/20 02:25:41 itojun Exp $ - ---- cipher.h.orig Wed May 12 07:19:25 1999 -+++ cipher.h Fri Dec 24 21:50:04 1999 -@@ -58,7 +58,7 @@ - #ifndef WITHOUT_IDEA - #include "idea.h" - #endif /* WITHOUT_IDEA */ --#include "des.h" -+#include "ssh-des.h" - #ifdef WITH_ARCFOUR - #include "arcfour.h" - #endif /* WITH_ARCFOUR */ diff --git a/security/ssh6/patches/patch-az b/security/ssh6/patches/patch-az deleted file mode 100644 index 1f44c3117bb..00000000000 --- a/security/ssh6/patches/patch-az +++ /dev/null @@ -1,102 +0,0 @@ -$NetBSD: patch-az,v 1.1 2000/03/20 02:25:41 itojun Exp $ - ---- config.h.in.orig Wed May 12 07:20:04 1999 -+++ config.h.in Fri Dec 24 21:50:38 1999 -@@ -244,12 +244,6 @@ - /* Support for Secure RPC */ - #undef SECURE_RPC - --/* Support for Secure NFS */ --#undef SECURE_NFS -- --/* Support for NIS+ */ --#undef NIS_PLUS -- - /* Define this to disable all port forwardings in server (except X11) */ - #undef SSHD_NO_PORT_FORWARDING - -@@ -296,16 +290,23 @@ - /* Define this if your gettimeofday doesn't have TZ parameter */ - #undef HAVE_NO_TZ_IN_GETTIMEOFDAY - --/* Define this if you want to compile in Kerberos support. */ --#undef KERBEROS -- - /* Define this if you want to compile in Kerberos V5 support. -- KERBEROS must be compiled in as well. This can be done at configure -- time with the --with-kerberos5 argument*/ -+ This can be done at configure time with the --with-krb5 argument. */ - #undef KRB5 - --/* Define this if you want to pass the Kerberos TGT. */ --#undef KERBEROS_TGT_PASSING -+/* Define this if you want to compile in Kerberos V4 support. -+ This can be done at configure time with the --with-krb4 argument. */ -+#undef KRB4 -+ -+/* Define this if you what to build ssh with Hesiod support. */ -+#undef HESIOD -+ -+/* Define this if you want to compile in AFS support. -+ This can be done at configure time with the --with-afs argument. */ -+#undef AFS -+ -+/* Define this if you have the AFS lifetime conversion routines. */ -+#undef HAVE_KRB_LIFE_TO_TIME - - /* Define this if you dont have SIGINFO as signal but some other macro */ - #undef HAVE_INCOMPATIBLE_SIGINFO -@@ -323,6 +324,24 @@ - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+/* Define this if you have struct sockaddr_storage. */ -+#undef HAVE_SOCKADDR_STORAGE -+ -+/* Define this if you have __sa_family in struct sockaddr_storage. */ -+#undef HAVE_NEW_SS_FAMILY -+ -+/* Define this if you have ss_len in struct sockaddr. */ -+#undef HAVE_SOCKADDR_LEN -+ -+/* Define this if you want to enable IPv6 support. */ -+#undef ENABLE_IPV6 -+ -+/* Define this if you want to enable another port try support. */ -+#undef ENABLE_ANOTHER_PORT_TRY -+ -+/* Define this if you want to enable logging auth info support. */ -+#undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - -@@ -375,12 +394,18 @@ - /* Define if you have the ftruncate function. */ - #undef HAVE_FTRUNCATE - -+/* Define if you have the getaddrinfo function. */ -+#undef HAVE_GETADDRINFO -+ - /* Define if you have the getdtablesize function. */ - #undef HAVE_GETDTABLESIZE - - /* Define if you have the gethostname function. */ - #undef HAVE_GETHOSTNAME - -+/* Define if you have the getnameinfo function. */ -+#undef HAVE_GETNAMEINFO -+ - /* Define if you have the getpseudotty function. */ - #undef HAVE_GETPSEUDOTTY - -@@ -518,6 +543,9 @@ - - /* Define if you have the <sys/dir.h> header file. */ - #undef HAVE_SYS_DIR_H -+ -+/* Define if you have the <sys/filio.h> header file. */ -+#undef HAVE_SYS_FILIO_H - - /* Define if you have the <sys/ioctl.h> header file. */ - #undef HAVE_SYS_IOCTL_H diff --git a/security/ssh6/patches/patch-ba b/security/ssh6/patches/patch-ba deleted file mode 100644 index 8bfa55d1459..00000000000 --- a/security/ssh6/patches/patch-ba +++ /dev/null @@ -1,137 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2000/03/20 02:25:42 itojun Exp $ - ---- des.c.orig Wed May 12 07:19:25 1999 -+++ des.c Fri Dec 24 21:50:04 1999 -@@ -38,7 +38,7 @@ - - #include "includes.h" - #include "getput.h" --#include "des.h" -+#include "ssh-des.h" - - /* Table for key generation. This used to be in sk.h. */ - /* Copyright (C) 1993 Eric Young - see README for more details */ -@@ -400,7 +400,7 @@ - /* This part is based on code that used to be in ecb_enc.c. */ - /* Copyright (C) 1993 Eric Young - see README for more details */ - --void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, -+void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, - int encrypt) - { - register word32 t,u; -@@ -452,7 +452,7 @@ - #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n)))) - --void des_set_key(unsigned char *key, DESContext *ks) -+void ssh_des_set_key(unsigned char *key, DESContext *ks) - { - register word32 c, d, t, s, shifts; - register int i; -@@ -507,7 +507,7 @@ - } - } - --void des_cbc_encrypt(DESContext *ks, unsigned char *iv, -+void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -@@ -523,7 +523,7 @@ - { - iv0 ^= GET_32BIT_LSB_FIRST(src + i); - iv1 ^= GET_32BIT_LSB_FIRST(src + i + 4); -- des_encrypt(iv0, iv1, out, ks, 1); -+ ssh_des_encrypt(iv0, iv1, out, ks, 1); - iv0 = out[0]; - iv1 = out[1]; - PUT_32BIT_LSB_FIRST(dest + i, iv0); -@@ -533,7 +533,7 @@ - PUT_32BIT_LSB_FIRST(iv + 4, iv1); - } - --void des_cbc_decrypt(DESContext *ks, unsigned char *iv, -+void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -@@ -549,7 +549,7 @@ - { - d0 = GET_32BIT_LSB_FIRST(src + i); - d1 = GET_32BIT_LSB_FIRST(src + i + 4); -- des_encrypt(d0, d1, out, ks, 0); -+ ssh_des_encrypt(d0, d1, out, ks, 0); - iv0 ^= out[0]; - iv1 ^= out[1]; - PUT_32BIT_LSB_FIRST(dest + i, iv0); -@@ -561,38 +561,38 @@ - PUT_32BIT_LSB_FIRST(iv + 4, iv1); - } - --void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -- des_cbc_encrypt(ks1, iv1, dest, src, len); -- des_cbc_decrypt(ks2, iv2, dest, dest, len); -- des_cbc_encrypt(ks3, iv3, dest, dest, len); -+ ssh_des_cbc_encrypt(ks1, iv1, dest, src, len); -+ ssh_des_cbc_decrypt(ks2, iv2, dest, dest, len); -+ ssh_des_cbc_encrypt(ks3, iv3, dest, dest, len); - } - --void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len) - { -- des_cbc_decrypt(ks3, iv3, dest, src, len); -- des_cbc_encrypt(ks2, iv2, dest, dest, len); -- des_cbc_decrypt(ks1, iv1, dest, dest, len); -+ ssh_des_cbc_decrypt(ks3, iv3, dest, src, len); -+ ssh_des_cbc_encrypt(ks2, iv2, dest, dest, len); -+ ssh_des_cbc_decrypt(ks1, iv1, dest, dest, len); - } - --#ifdef DES_TEST -+#ifdef SSH_DES_TEST - --void des_encrypt_buf(DESContext *ks, unsigned char *out, -+void ssh_des_encrypt_buf(DESContext *ks, unsigned char *out, - const unsigned char *in, int encrypt) - { - word32 in0, in1, output[0]; - - in0 = GET_32BIT_LSB_FIRST(in); - in1 = GET_32BIT_LSB_FIRST(in + 4); -- des_encrypt(in0, in1, output, ks, encrypt); -+ ssh_des_encrypt(in0, in1, output, ks, encrypt); - PUT_32BIT_LSB_FIRST(out, output[0]); - PUT_32BIT_LSB_FIRST(out + 4, output[1]); - } -@@ -634,15 +634,15 @@ - } - result[i] = value; - } -- des_set_key(key, &ks); -- des_encrypt_buf(&ks, output, data, 1); -+ ssh_des_set_key(key, &ks); -+ ssh_des_encrypt_buf(&ks, output, data, 1); - if (memcmp(output, result, 8) != 0) - fprintf(stderr, "Encrypt failed: %s", line); -- des_encrypt_buf(&ks, output, result, 0); -+ ssh_des_encrypt_buf(&ks, output, result, 0); - if (memcmp(output, data, 8) != 0) - fprintf(stderr, "Decrypt failed: %s", line); - } - exit(0); - } --#endif /* DES_TEST */ -+#endif /* SSH_DES_TEST */ - diff --git a/security/ssh6/patches/patch-bb b/security/ssh6/patches/patch-bb deleted file mode 100644 index 936d7522631..00000000000 --- a/security/ssh6/patches/patch-bb +++ /dev/null @@ -1,64 +0,0 @@ -$NetBSD: patch-bb,v 1.1 2000/03/20 02:25:42 itojun Exp $ - ---- ssh-des.h.orig Wed May 12 07:19:25 1999 -+++ ssh-des.h Fri Dec 24 21:50:04 1999 -@@ -25,8 +25,8 @@ - * $Endlog$ - */ - --#ifndef DES_H --#define DES_H -+#ifndef SSH_DES_H -+#define SSH_DES_H - - typedef struct - { -@@ -35,40 +35,40 @@ - - /* Sets the des key for the context. Initializes the context. The least - significant bit of each byte of the key is ignored as parity. */ --void des_set_key(unsigned char *key, DESContext *ks); -+void ssh_des_set_key(unsigned char *key, DESContext *ks); - - /* Encrypts 32 bits in l,r, and stores the result in output[0] and output[1]. - Performs encryption if encrypt is non-zero, and decryption if it is zero. -- The key context must have been initialized previously with des_set_key. */ --void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, -+ The key context must have been initialized previously with ssh_des_set_key. */ -+void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, - int encrypt); - - /* Encrypts len bytes from src to dest in CBC modes. Len must be a multiple - of 8. iv will be modified at end to a value suitable for continuing - encryption. */ --void des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, -+void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, - const unsigned char *src, unsigned int len); - - /* Decrypts len bytes from src to dest in CBC modes. Len must be a multiple - of 8. iv will be modified at end to a value suitable for continuing - decryption. */ --void des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, -+void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, - const unsigned char *src, unsigned int len); - - /* Encrypts in CBC mode using triple-DES. */ --void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len); - - /* Decrypts in CBC mode using triple-DES. */ --void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, -+void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, - DESContext *ks2, unsigned char *iv2, - DESContext *ks3, unsigned char *iv3, - unsigned char *dest, const unsigned char *src, - unsigned int len); - --#endif /* DES_H */ -+#endif /* SSH_DES_H */ - - diff --git a/security/ssh6/patches/patch-bc b/security/ssh6/patches/patch-bc deleted file mode 100644 index d3ed2bdddbe..00000000000 --- a/security/ssh6/patches/patch-bc +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2000/03/20 02:25:42 itojun Exp $ - ---- match.c.orig Wed May 12 07:19:27 1999 -+++ match.c Fri Dec 24 21:50:42 1999 -@@ -129,6 +129,11 @@ - is_ip_pattern = 0; - break; - } -+ for(p = pattern; *p; p++) -+ if (!(isxdigit(*p) || *p == ':' || *p == '?' || *p == '*')) -+ break; -+ if (ip && !*p) -+ is_ip_pattern = 1; - if (is_ip_pattern) - { - return match_pattern(ip, pattern); diff --git a/security/ssh6/patches/patch-bd b/security/ssh6/patches/patch-bd deleted file mode 100644 index 0a5b9816623..00000000000 --- a/security/ssh6/patches/patch-bd +++ /dev/null @@ -1,121 +0,0 @@ -$NetBSD: patch-bd,v 1.1 2000/03/20 02:25:42 itojun Exp $ - ---- readconf.c.orig Wed May 12 07:19:27 1999 -+++ readconf.c Fri Dec 24 21:50:42 1999 -@@ -170,7 +170,13 @@ - oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, - oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, - oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, -+#ifdef AFS -+ oAFSTokenPassing, -+#endif /* AFS */ - oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ oAnotherPort, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost - } OpCodes; - -@@ -194,6 +200,9 @@ - { "hostname", oHostName }, - { "proxycommand", oProxyCommand }, - { "port", oPort }, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ { "anotherport", oAnotherPort }, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - { "cipher", oCipher }, - { "remoteforward", oRemoteForward }, - { "localforward", oLocalForward }, -@@ -213,6 +222,9 @@ - { "useprivilegedport", oUsePrivilegedPort }, - { "kerberosauthentication", oKerberosAuthentication }, - { "kerberostgtpassing", oKerberosTgtPassing }, -+#ifdef AFS -+ { "afstokenpassing", oAFSTokenPassing }, -+#endif /* AFS */ - { "clearallforwardings", oClearAllForwardings }, - { "numberofpasswordprompts", oNumberOfPasswordPrompts }, - { "xauthlocation", oXauthPath }, -@@ -354,6 +366,12 @@ - intptr = &options->kerberos_tgt_passing; - goto parse_flag; - -+#ifdef AFS -+ case oAFSTokenPassing: -+ intptr = &options->afs_token_passing; -+ goto parse_flag; -+#endif /* AFS */ -+ - case oFallBackToRsh: - intptr = &options->fallback_to_rsh; - goto parse_flag; -@@ -497,6 +515,12 @@ - *intptr = value; - break; - -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ case oAnotherPort: -+ intptr = &options->another_port; -+ goto parse_int; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case oConnectionAttempts: - intptr = &options->connection_attempts; - goto parse_int; -@@ -678,6 +702,9 @@ - options->rsa_authentication = -1; - options->kerberos_authentication = -1; - options->kerberos_tgt_passing = -1; -+#ifdef AFS -+ options->afs_token_passing = -1; -+#endif /* AFS */ - options->tis_authentication = -1; - options->password_authentication = -1; - options->rhosts_rsa_authentication = -1; -@@ -689,6 +716,9 @@ - options->keepalives = -1; - options->compression_level = -1; - options->port = -1; -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ options->another_port = -1; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - options->connection_attempts = -1; - options->number_of_password_prompts = -1; - options->password_prompt_login = -1; -@@ -724,17 +754,19 @@ - if (options->rsa_authentication == -1) - options->rsa_authentication = 1; - if (options->kerberos_authentication == -1) --#if defined(KERBEROS) && defined(KRB5) -+#if defined(KRB4) || defined(KRB5) - options->kerberos_authentication = 1; --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else - options->kerberos_authentication = 0; --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* defined(KRB4) || defined(KRB5) */ - if (options->kerberos_tgt_passing == -1) --#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) -+#if defined(AFS) - options->kerberos_tgt_passing = 1; --#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+ if (options->afs_token_passing == -1) -+ options->afs_token_passing = 1; -+#else - options->kerberos_tgt_passing = 0; --#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#endif /* AFS */ - if (options->tis_authentication == -1) - options->tis_authentication = 0; - if (options->password_authentication == -1) -@@ -759,6 +791,10 @@ - options->compression_level = 6; - if (options->port == -1) - options->port = 0; /* Filled in ssh_connect. */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ if (options->another_port == -1) -+ options->another_port = 0; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - if (options->connection_attempts == -1) - options->connection_attempts = 4; - if (options->number_of_password_prompts == -1) diff --git a/security/ssh6/patches/patch-be b/security/ssh6/patches/patch-be deleted file mode 100644 index 28b6c7a34c3..00000000000 --- a/security/ssh6/patches/patch-be +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-be,v 1.1 2000/03/20 02:25:42 itojun Exp $ - ---- readconf.h.orig Wed May 12 07:19:27 1999 -+++ readconf.h Fri Dec 24 21:50:42 1999 -@@ -85,6 +85,9 @@ - int rsa_authentication; /* Try RSA authentication. */ - int kerberos_authentication; /* Try Kerberos authentication. */ - int kerberos_tgt_passing; /* Try Kerberos tgt passing. */ -+#ifdef AFS -+ int afs_token_passing; /* Try AFS token passing. */ -+#endif /* AFS */ - int tis_authentication; /* Try TIS authsrv authentication. */ - int password_authentication; /* Try password authentication. */ - int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ -@@ -98,6 +101,9 @@ - int use_privileged_port; /* Use privileged port */ - - int port; /* Port to connect. */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port; /* Port to connect for -A option. */ -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int connection_attempts; /* Max attempts (seconds) before giving up */ - int number_of_password_prompts; /* Max number of password prompts */ - int password_prompt_login; /* Show remote login at password prompt */ diff --git a/security/ssh6/patches/patch-bf b/security/ssh6/patches/patch-bf deleted file mode 100644 index 8175d7fea02..00000000000 --- a/security/ssh6/patches/patch-bf +++ /dev/null @@ -1,250 +0,0 @@ -$NetBSD: patch-bf,v 1.1 2000/03/20 02:25:42 itojun Exp $ - ---- servconf.c.orig Wed May 12 07:19:28 1999 -+++ servconf.c Fri Dec 24 21:50:42 1999 -@@ -81,8 +81,8 @@ - void initialize_server_options(ServerOptions *options) - { - memset(options, 0, sizeof(*options)); -- options->port = -1; -- options->listen_addr.s_addr = INADDR_ANY; -+ options->num_ports = 0; -+ options->listen_addrs = NULL; - options->host_key_file = NULL; - options->random_seed_file = NULL; - options->pid_file = NULL; -@@ -92,6 +92,9 @@ - options->permit_root_login = -1; - options->ignore_rhosts = -1; - options->ignore_root_rhosts = -1; -+#ifdef ENABLE_LOG_AUTH -+ options->log_auth = -1; -+#endif /* ENABLE_LOG_AUTH */ - options->quiet_mode = -1; - options->fascist_logging = -1; - options->print_motd = -1; -@@ -106,6 +109,12 @@ - options->kerberos_authentication = -1; - options->kerberos_or_local_passwd = -1; - options->kerberos_tgt_passing = -1; -+#if defined(KRB4) -+ options->kerberos_ticket_cleanup = -1; -+#endif /* KRB4 */ -+#ifdef AFS -+ options->afs_token_passing = -1; -+#endif - options->tis_authentication = -1; - options->allow_tcp_forwarding = -1; - options->password_authentication = -1; -@@ -138,16 +147,31 @@ - - void fill_default_server_options(ServerOptions *options) - { -- if (options->port == -1) -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int i; -+ -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ if (options->listen_addrs == NULL) - { -- struct servent *sp; -- -- sp = getservbyname(SSH_SERVICE_NAME, "tcp"); -- if (sp) -- options->port = ntohs(sp->s_port); -- else -- options->port = SSH_DEFAULT_PORT; -- endservent(); -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ { -+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ /* freeaddrinfo(options->listen_addrs) in sshd.c */ - } - if (options->host_key_file == NULL) - options->host_key_file = HOST_KEY_FILE; -@@ -190,19 +214,27 @@ - if (options->rsa_authentication == -1) - options->rsa_authentication = 1; - if (options->kerberos_authentication == -1) --#if defined(KERBEROS) && defined(KRB5) -+#if defined(KRB4) || defined(KRB5) - options->kerberos_authentication = 1; --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else - options->kerberos_authentication = 0; --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* defined(KRB4 || KRB5 */ - if (options->kerberos_or_local_passwd == -1) - options->kerberos_or_local_passwd = 0; - if (options->kerberos_tgt_passing == -1) --#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) -+#if defined(AFS) || defined(KRB5) - options->kerberos_tgt_passing = 1; --#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#else - options->kerberos_tgt_passing = 0; --#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#endif /* AFS || KRB5 */ -+#if defined(KRB4) -+ if (options->kerberos_ticket_cleanup == -1) -+ options->kerberos_ticket_cleanup = 1; -+#endif /* KRB4 */ -+#ifdef AFS -+ if (options->afs_token_passing == -1) -+ options->afs_token_passing = 1; -+#endif /* AFS */ - if (options->allow_tcp_forwarding == -1) - options->allow_tcp_forwarding = 1; - if (options->tis_authentication == -1) -@@ -243,13 +275,23 @@ - { - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, -+#ifdef ENABLE_LOG_AUTH -+ sLogAuth, -+#endif /* ENABLE_LOG_AUTH */ - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, - sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, - sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, - sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, - sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout, - sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, -- sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers, -+ sKerberosTgtPassing, -+#ifdef KRB4 -+ sKerberosTicketCleanup, -+#ifdef AFS -+ sAFSTokenPassing, -+#endif /* AFS */ -+#endif /* KRB4 */ -+ sAllowTcpForwarding, sAllowUsers, sDenyUsers, - sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts, - sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays, - sAccountExpireWarningDays -@@ -275,6 +317,9 @@ - { "quietmode", sQuietMode }, - { "fascistlogging", sFascistLogging }, - { "syslogfacility", sLogFacility }, -+#ifdef ENABLE_LOG_AUTH -+ { "logauth", sLogAuth }, -+#endif /* ENABLE_LOG_AUTH */ - { "rhostsauthentication", sRhostsAuthentication }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication }, - { "rsaauthentication", sRSAAuthentication }, -@@ -313,6 +358,12 @@ - { "kerberosauthentication", sKerberosAuthentication }, - { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, - { "kerberostgtpassing", sKerberosTgtPassing }, -+#ifdef KRB4 -+ { "kerberosticketcleanup", sKerberosTicketCleanup }, -+#endif -+#ifdef AFS -+ { "afstokenpassing", sAFSTokenPassing }, -+#endif - { "allowtcpforwarding", sAllowTcpForwarding }, - { "xauthlocation", sXauthPath }, - { "checkmail", sCheckMail }, -@@ -367,6 +418,9 @@ - char *cp, **charptr; - int linenum, *intptr, i, value; - ServerOpCodes opcode; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - f = fopen(filename, "r"); - if (!f) -@@ -389,7 +443,14 @@ - switch (opcode) - { - case sPort: -- intptr = &options->port; -+ if (options->num_ports >= MAX_PORTS) -+ { -+ fprintf(stderr, "%s line %d: too many ports.\n", -+ filename, linenum); -+ exit(1); -+ } -+ options->ports[options->num_ports] = -1; -+ intptr = &options->ports[options->num_ports++]; - parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) -@@ -452,11 +513,25 @@ - filename, linenum); - exit(1); - } --#ifdef BROKEN_INET_ADDR -- options->listen_addr.s_addr = inet_network(cp); --#else /* BROKEN_INET_ADDR */ -- options->listen_addr.s_addr = inet_addr(cp); --#endif /* BROKEN_INET_ADDR */ -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) -+ { -+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", -+ filename, linenum, gai_strerror(gaierr)); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ - break; - - case sHostKeyFile: -@@ -532,6 +607,12 @@ - *intptr = value; - break; - -+#ifdef ENABLE_LOG_AUTH -+ case sLogAuth: -+ intptr = &options->log_auth; -+ goto parse_flag; -+#endif /* ENABLE_LOG_AUTH */ -+ - case sIgnoreRhosts: - intptr = &options->ignore_rhosts; - goto parse_flag; -@@ -571,6 +652,18 @@ - case sKerberosTgtPassing: - intptr = &options->kerberos_tgt_passing; - goto parse_flag; -+ -+#ifdef KRB4 -+ case sKerberosTicketCleanup: -+ intptr = &options->kerberos_ticket_cleanup; -+ goto parse_flag; -+#endif /* KRB4 */ -+ -+#ifdef AFS -+ case sAFSTokenPassing: -+ intptr = &options->afs_token_passing; -+ goto parse_flag; -+#endif /* AFS */ - - case sAllowTcpForwarding: - intptr = &options->allow_tcp_forwarding; diff --git a/security/ssh6/patches/patch-bg b/security/ssh6/patches/patch-bg deleted file mode 100644 index 70c06ba297c..00000000000 --- a/security/ssh6/patches/patch-bg +++ /dev/null @@ -1,48 +0,0 @@ -$NetBSD: patch-bg,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- servconf.h.orig Wed May 12 07:19:28 1999 -+++ servconf.h Fri Dec 24 21:50:42 1999 -@@ -64,6 +64,8 @@ - #ifndef SERVCONF_H - #define SERVCONF_H - -+#define MAX_PORTS 256 /* Max # hosts on allow list. */ -+ - #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ - #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ - #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ -@@ -82,8 +84,9 @@ - - typedef struct - { -- int port; /* Port number to listen on. */ -- struct in_addr listen_addr; /* Address on which the server listens. */ -+ unsigned int num_ports; -+ int ports[MAX_PORTS]; /* Port number to listen on. */ -+ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */ - char *host_key_file; /* File containing host key. */ - char *random_seed_file; /* File containing random seed. */ - char *pid_file; /* File containing process ID number. */ -@@ -91,6 +94,9 @@ - int login_grace_time; /* Disconnect if no auth in this time (sec). */ - int key_regeneration_time; /* Server key lifetime (seconds). */ - int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ -+#ifdef ENABLE_LOG_AUTH -+ int log_auth; /* If true, log authentication info. */ -+#endif /* ENABLE_LOG_AUTH */ - int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, - defaults to ignore_rhosts if not given. */ -@@ -111,6 +117,12 @@ - password authentication mechanism, such - as SecurID or /etc/passwd */ - int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */ -+#ifdef KRB4 -+ int kerberos_ticket_cleanup; /* If true, destroy ticket file on logout. */ -+#endif /* KRB4 */ -+#ifdef AFS -+ int afs_token_passing; /* If true, permit AFS token passing. */ -+#endif /* AFS */ - int allow_tcp_forwarding; - int tis_authentication; /* If true, permit TIS authsrv auth. */ - int password_authentication; /* If true, permit password authentication. */ diff --git a/security/ssh6/patches/patch-bh b/security/ssh6/patches/patch-bh deleted file mode 100644 index adb8ead9c62..00000000000 --- a/security/ssh6/patches/patch-bh +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-bh,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- ssh.1.in.orig Wed May 12 07:19:30 1999 -+++ ssh.1.in Fri Dec 24 21:50:04 1999 -@@ -470,7 +470,7 @@ - .ne 3 - .TP - .B \-k --Disables forwarding of the kerberos tickets. This may -+Disables forwarding of Kerberos tickets / AFS tokens. This may - also be specified on a per-host basis in the configuration file. - .ne 3 - .TP -@@ -770,11 +770,15 @@ - - .TP - .B KerberosAuthentication --Specifies whether Kerberos V5 authentication will be used. -+Specifies whether Kerberos authentication will be used. - - .TP - .B KerberosTgtPassing --Specifies whether a Kerberos V5 TGT will be forwarded to the server. -+Specifies whether a Kerberos TGT will be forwarded to the server. -+ -+.TP -+.B AFSTokenPassing -+Specifies whether an AFS token will be forwarded to the server. - - .TP - .B LocalForward diff --git a/security/ssh6/patches/patch-bi b/security/ssh6/patches/patch-bi deleted file mode 100644 index 4ac4b1379f2..00000000000 --- a/security/ssh6/patches/patch-bi +++ /dev/null @@ -1,108 +0,0 @@ -$NetBSD: patch-bi,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- ssh.c.orig Wed May 12 07:19:28 1999 -+++ ssh.c Fri Dec 24 21:50:42 1999 -@@ -218,6 +218,14 @@ - other functions. */ - RandomState random_state; - -+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ - /* Flag indicating whether debug mode is on. This can be set on the - command line. */ - int debug_flag = 0; -@@ -277,12 +285,19 @@ - { - fprintf(stderr, "Usage: %s [options] host [command]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only.\n"); -+#ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only.\n"); -+#endif -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ fprintf(stderr, " -A Try to connect to another port before original port.\n"); -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - fprintf(stderr, " -l user Log in using this user name.\n"); - fprintf(stderr, " -n Redirect input from /dev/null.\n"); - fprintf(stderr, " -a Disable authentication agent forwarding.\n"); --#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) -- fprintf(stderr, " -k Disable Kerberos ticket passing.\n"); --#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ -+#ifdef AFS -+ fprintf(stderr, " -k Disable Kerberos ticket and AFS token passing.\n"); -+#endif /* AFS */ - #ifndef SSH_NO_X11_FORWARDING - fprintf(stderr, " -x Disable X11 connection forwarding.\n"); - #endif -@@ -413,6 +428,9 @@ - #ifdef SIGWINCH - struct winsize ws; - #endif /* SIGWINCH */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port_flag = 0; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - - /* Save the original real uid. It will be needed later (uid-swapping may - clobber the real uid). */ -@@ -522,6 +540,26 @@ - } - switch (opt) - { -+ case '4': -+#ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+#else -+ IPv4or6 = AF_INET; -+#endif -+ break; -+ -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+#endif -+ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ case 'A': -+ another_port_flag = 1; -+ break; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case 'n': - stdin_null_flag = 1; - break; -@@ -541,6 +579,9 @@ - - case 'k': - options.kerberos_tgt_passing = 0; -+#ifdef AFS -+ options.afs_token_passing = 0; -+#endif /* AFS */ - break; - - case 'i': -@@ -789,11 +830,18 @@ - { - use_privileged_port = 0; - } -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ if (!another_port_flag) -+ options.another_port = 0; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - /* Open a connection to the remote host. This needs root privileges if - rhosts_authentication is true. Note that the random_state is not - yet used by this call, although a pointer to it is stored, and thus it - need not be initialized. */ - ok = ssh_connect(host, options.port, options.connection_attempts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ options.another_port, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - !use_privileged_port, - original_real_uid, options.proxy_command, &random_state); - diff --git a/security/ssh6/patches/patch-bj b/security/ssh6/patches/patch-bj deleted file mode 100644 index 8fe80602685..00000000000 --- a/security/ssh6/patches/patch-bj +++ /dev/null @@ -1,156 +0,0 @@ -$NetBSD: patch-bj,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- ssh.h.orig Wed May 12 07:19:28 1999 -+++ ssh.h Fri Dec 24 21:50:42 1999 -@@ -176,6 +176,16 @@ - #include "randoms.h" - #include "cipher.h" - -+#ifdef HESIOD -+#include <hesiod.h> -+ -+#define getpwnam(a) hes_getpwnam(a) -+#define getpwuid(a) hes_getpwuid(a) -+ -+extern struct passwd *hes_getpwnam(const char *name); -+extern struct passwd *hes_getpwuid(uid_t uid); -+#endif /* HESIOD */ -+ - /* The default cipher used if IDEA is not supported by the remote host. - It is recommended that this be one of the mandatory ciphers (DES, 3DES), - though that is not required. */ -@@ -307,12 +317,13 @@ - protocol.) */ - #define SSH_SESSION_KEY_LENGTH 32 - --#ifdef KERBEROS - #ifdef KRB5 - #include <krb5.h> --#define KRB_SERVICE_NAME "host" -+#define KRB5_SERVICE_NAME "host" - #endif /* KRB5 */ --#endif /* KERBEROS */ -+#ifdef KRB4 -+#define KRB4_SERVICE_NAME "rcmd" -+#endif /* KRB4 */ - - /* Authentication methods. New types can be added, but old types should not - be removed for compatibility. The maximum allowed value is 31. */ -@@ -336,6 +347,10 @@ - - /* If you add new methods add them after this using random number between 16-31 - so if someone else adds also new methods you dont use same number. */ -+#ifdef AFS -+#define SSH_PASS_AFS_TOKEN 21 -+#endif /* AFS */ -+ - - /* Protocol flags. These are bit masks. */ - #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ -@@ -410,7 +425,9 @@ - /* If ou add new messages add them starting from something after 64, better to - use some random number between 64-127 so if someone else adds something else - you dont use same numbers */ -- -+#ifdef AFS -+#define SSH_CMSG_HAVE_AFS_TOKEN 65 -+#endif /* AFS */ - - /* define this and debug() will print local hostname */ - #define LOCAL_HOSTNAME_IN_DEBUG 1 -@@ -430,7 +447,7 @@ - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -- const char *host, struct sockaddr_in *addr); -+ const char *host, struct sockaddr *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ -@@ -447,6 +464,9 @@ - connection is successful, this calls packet_set_connection for the - connection. */ - int ssh_connect(const char *host, int port, int connection_attempts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state); - -@@ -479,12 +499,12 @@ - - /* Tries to authenticate the user using password. Returns true if - authentication succeeds. */ --#if defined(KERBEROS) && defined(KRB5) -+#ifdef KRB5 - int auth_password(const char *server_user, const char *password, - krb5_principal client); --#else /* defined(KERBEROS) && defined(KRB5) */ -+#else /* KRB5 */ - int auth_password(const char *server_user, const char *password); --#endif /* defined(KERBEROS) && defined(KRB5) */ -+#endif /* KRB5 */ - - /* Performs the RSA authentication dialog with the client. This returns - 0 if the client could not be authenticated, and 1 if authentication was -@@ -872,5 +892,60 @@ - #else - #define UID_ROOT 0 - #endif -+ -+#ifdef HAVE_SOCKADDR_STORAGE -+#ifndef HAVE_NEW_SS_FAMILY -+#define __ss_len ss_len -+#define __ss_family ss_family -+#endif -+#else -+#define _SS_MAXSIZE 128 /* Implementation specific max size */ -+#define _SS_ALIGNSIZE (sizeof(int)) -+#define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) -+#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ -+ _SS_PAD1SIZE + _SS_ALIGNSIZE)) -+struct sockaddr_storage { -+#ifdef HAVE_SOCKADDR_LEN -+ u_char __ss_len; -+ u_char __ss_family; -+#else -+ u_short __ss_family; -+#endif -+ char __ss_pad1[_SS_PAD1SIZE]; -+ int __ss_align; -+ char __ss_pad2[_SS_PAD2SIZE]; -+}; -+#endif -+ -+#ifdef INET6_ADDRSTRLEN -+#define ADDRSTRLEN INET6_ADDRSTRLEN -+#else -+#define ADDRSTRLEN 46 -+#endif -+ -+#define PORTSTRLEN 16 -+ -+/* AF_UNSPEC or AF_INET or AF_INET6 */ -+extern int IPv4or6; -+ -+#ifndef ENABLE_IPV6 -+/* dummy value for old netdb.h */ -+#ifndef AI_PASSIVE -+#define AI_PASSIVE 1 -+#define NI_NUMERICHOST 2 -+#define NI_NAMEREQD 4 -+#define NI_NUMERICSERV 8 -+struct addrinfo { -+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ -+ int ai_family; /* PF_xxx */ -+ int ai_socktype; /* SOCK_xxx */ -+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ -+ size_t ai_addrlen; /* length of ai_addr */ -+ char *ai_canonname; /* canonical name for hostname */ -+ struct sockaddr *ai_addr; /* binary address */ -+ struct addrinfo *ai_next; /* next structure in linked list */ -+}; -+#endif -+#endif /* not ENABLE_IPV6 */ - - #endif /* SSH_H */ diff --git a/security/ssh6/patches/patch-bk b/security/ssh6/patches/patch-bk deleted file mode 100644 index 738624dd945..00000000000 --- a/security/ssh6/patches/patch-bk +++ /dev/null @@ -1,691 +0,0 @@ -$NetBSD: patch-bk,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- sshconnect.c- Wed May 12 20:19:29 1999 -+++ sshconnect.c Mon Mar 20 09:20:32 2000 -@@ -215,7 +215,6 @@ - #include "userfile.h" - #include "emulate.h" - --#ifdef KERBEROS - #ifdef KRB5 - #include <krb5.h> - -@@ -223,7 +222,19 @@ - krb5_context ssh_context = 0; - krb5_auth_context auth_context = 0; - #endif /* KRB5 */ --#endif /* KERBEROS */ -+ -+#ifdef KRB4 -+#include <krb.h> -+#ifdef AFS -+#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 -+#include <sys/ioctl.h> -+#endif -+#ifdef HAVE_SYS_FILIO_H -+#include <sys/filio.h> -+#endif -+#include <kafs.h> -+#endif /* AFS */ -+#endif /* KRB4 */ - - /* Session id for the current session. */ - unsigned char session_id[16]; -@@ -337,7 +348,7 @@ - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - --int ssh_create_socket(uid_t original_real_uid, int privileged) -+int ssh_create_socket(uid_t original_real_uid, int privileged, int family) - { - int sock; - -@@ -345,43 +356,62 @@ - bind our own socket to a privileged port. */ - if (privileged) - { -- struct sockaddr_in sin; -+ struct addrinfo hints, *ai = NULL; -+ int errgai; -+ char strport[PORTSTRLEN]; - int p; - for (p = 1023; p > 512; p--) - { -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) -- fatal("socket: %.100s", strerror(errno)); -+ { -+ error("socket: %.100s", strerror(errno)); -+ continue; -+ } - -- /* Initialize the desired sockaddr_in structure. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr.s_addr = INADDR_ANY; -- sin.sin_port = htons(p); -+ /* Initialize the desired addrinfo structure. */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = family; -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", p); -+ if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) -+ { -+ error("getaddrinfo: %.100s", gai_strerror(errgai)); -+ close(sock); -+ continue; -+ } - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -- if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) -+ if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #else /* SOCKS */ -- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) -+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); -+ if (ai) -+ { -+ freeaddrinfo(ai); -+ ai = NULL; -+ } - continue; - } -- fatal("bind: %.100s", strerror(errno)); -+ error("bind: %.100s", strerror(errno)); - } - debug("Allocated local port %d.", p); -+ if (ai) -+ freeaddrinfo(ai); - } - else - { - /* Just create an ordinary socket on arbitrary port. */ -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) -- fatal("socket: %.100s", strerror(errno)); -+ error("socket: %.100s", strerror(errno)); - } - return sock; - } -@@ -396,14 +426,19 @@ - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -- struct hostent *hp; -- struct sockaddr_in hostaddr; -+ struct addrinfo hints, *ai, *aitop, *aitmp; -+ struct sockaddr_storage hostaddr; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int gaierr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ -@@ -421,10 +456,6 @@ - port = SSH_DEFAULT_PORT; - } - -- /* Map localhost to ip-address locally */ -- if (strcmp(host, "localhost") == 0) -- host = "127.0.0.1"; -- - /* If a proxy command is given, connect using it. */ - if (proxy_command != NULL && *proxy_command) - return ssh_proxy_connect(host, port, original_real_uid, proxy_command, -@@ -432,9 +463,28 @@ - - /* No proxy command. */ - -- /* No host lookup made yet. */ -- hp = NULL; -- -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -+ fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -+ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ if (another_port) -+ { -+ aitmp = aitop; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", another_port); -+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -+ fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = aitmp; -+ } -+#endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ -@@ -443,103 +493,29 @@ - if (attempt > 0) - debug("Trying again..."); - -- /* Try to parse the host name as a numeric inet address. */ -- memset(&hostaddr, 0, sizeof(hostaddr)); -- hostaddr.sin_family = AF_INET; -- hostaddr.sin_port = htons(port); --#ifdef BROKEN_INET_ADDR -- hostaddr.sin_addr.s_addr = inet_network(host); --#else /* BROKEN_INET_ADDR */ -- hostaddr.sin_addr.s_addr = inet_addr(host); --#endif /* BROKEN_INET_ADDR */ -- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -- { -- /* Create a socket. */ -- sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -- -- /* Valid numeric IP address */ -- debug("Connecting to %.100s port %d.", -- inet_ntoa(hostaddr.sin_addr), port); -- -- /* Connect to the host. */ --#if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) --#else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) --#endif /* SOCKS */ -- >= 0) -- { -- /* Successful connect. */ -- break; -- } -- debug("connect: %.100s", strerror(errno)); -- -- /* Destroy the failed socket. */ -- shutdown(sock, 2); -- close(sock); -- } -- else -- { -- /* Not a valid numeric inet address. */ -- /* Map host name to an address. */ -- if (!hp) -- { -- struct hostent *hp_static; -- --#if defined(SOCKS5) -- hp_static = Rgethostbyname(host); --#else -- hp_static = gethostbyname(host); --#endif -- if (hp_static) -- { -- hp = xmalloc(sizeof(struct hostent)); -- memcpy(hp, hp_static, sizeof(struct hostent)); -- -- /* Copy list of addresses, not just pointers. -- We don't use h_name & h_aliases so leave them as is */ -- for (i = 0; hp_static->h_addr_list[i]; i++) -- ; /* count them */ -- hp->h_addr_list = xmalloc((i + 1) * -- sizeof(hp_static->h_addr_list[0])); -- for (i = 0; hp_static->h_addr_list[i]; i++) -- { -- hp->h_addr_list[i] = xmalloc(hp->h_length); -- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i], -- hp->h_length); -- } -- hp->h_addr_list[i] = NULL; /* last one */ -- } -- } -- if (!hp) -- fatal("Bad host name: %.100s", host); -- if (!hp->h_addr_list[0]) -- fatal("Host does not have an IP address: %.100s", host); -- - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -- for (i = 0; hp->h_addr_list[i]; i++) -+ for (ai = aitop; ai; ai = ai->ai_next) - { -- /* Set the address to connect to. */ -- hostaddr.sin_family = hp->h_addrtype; -- memcpy(&hostaddr.sin_addr, hp->h_addr_list[i], -- sizeof(hostaddr.sin_addr)); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); - -- debug("Connecting to %.200s [%.100s] port %d.", -- host, inet_ntoa(hostaddr.sin_addr), port); -+ debug("Connecting to %.200s [%.100s] port %s.", -+ host, ntop, strport); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -+ !anonymous && geteuid() == UID_ROOT, -+ ai->ai_family); -+ if (sock < 0) -+ continue; - - /* Connect to the host. */ - #if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, -- sizeof(hostaddr)) >= 0) -+ if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, -- sizeof(hostaddr)) >= 0) -+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ -@@ -552,22 +528,15 @@ - returned an error. */ - shutdown(sock, 2); - close(sock); -- } -- if (hp->h_addr_list[i]) -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ if (ai) - break; /* Successful connection. */ -- } - - /* Sleep a moment before retrying. */ - sleep(1); - } - -- if (hp) -- { -- for (i = 0; hp->h_addr_list[i]; i++) -- xfree(hp->h_addr_list[i]); -- xfree(hp->h_addr_list); -- xfree(hp); -- } -+ freeaddrinfo(aitop); - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) -@@ -932,10 +901,9 @@ - return 0; - } - --#ifdef KERBEROS -+#ifdef KRB5 - int try_kerberos_authentication(void) - { --#ifdef KRB5 - char *remotehost; - krb5_data auth; - krb5_error_code r; -@@ -946,7 +914,7 @@ - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -- struct sockaddr_in local, foreign; -+ struct sockaddr_storage local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); -@@ -1084,15 +1052,118 @@ - krb5_free_ap_rep_enc_part(ssh_context, repl); - - return(ret_stat); -+} - #endif /* KRB5 */ -+ -+#ifdef KRB4 -+int try_kerberos_authentication() -+{ -+ KTEXT_ST auth; /* Kerberos data */ -+ char *reply; -+ char inst[INST_SZ]; -+ char *realm; -+ char *service; -+ CREDENTIALS cred; -+ int r, type; -+ Key_schedule schedule; -+ u_long checksum, cksum; -+ MSG_DAT msg_data; -+ struct sockaddr_in local, foreign; -+ struct stat st; -+ -+ /* Don't do anything if we don't have any tickets. */ -+ if (stat(tkt_string(), &st) < 0) return 0; -+ -+ strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); -+ -+ realm = (char *)krb_realmofhost(get_canonical_hostname()); -+ if (!realm) { -+ debug("Kerberos V4: no realm for %s", get_canonical_hostname()); -+ return 0; -+ } -+ /* This can really be anything. */ -+ checksum = (u_long) getpid(); -+ -+ if (r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum)) { -+ debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]); -+ return 0; -+ } -+ /* Get session key to decrypt the server's reply with. */ -+ if (r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred)) { -+ debug("get_cred failed: %s", krb_err_txt[r]); -+ return 0; -+ } -+ des_key_sched((des_cblock *)cred.session, schedule); -+ -+ /* Send authentication info to server. */ -+ packet_start(SSH_CMSG_AUTH_KERBEROS); -+ packet_put_string((char *)auth.dat, auth.length); -+ packet_send(); -+ packet_write_wait(); -+ -+ /* zero the buffer */ -+ (void) memset(auth.dat, 0, MAX_KTXT_LEN); -+ -+ r = sizeof(local); -+ memset(&local, 0, sizeof(local)); -+ if (getsockname(packet_get_connection_in(), -+ (struct sockaddr *) &local, &r) < 0) -+ debug("getsockname failed: %.100s", strerror(errno)); -+ -+ r = sizeof(foreign); -+ memset(&foreign, 0, sizeof(foreign)); -+ if (getpeername(packet_get_connection_in(), -+ (struct sockaddr *)&foreign, &r) < 0) -+ debug("getpeername failed: %.100s", strerror(errno)); -+ -+ /* Get server reply. */ -+ type = packet_read(); -+ switch(type) { -+ -+ case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ -+ debug("Kerberos V4 authentication failed."); -+ return 0; -+ break; -+ -+ case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ -+ debug("Kerberos V4 authentication accepted."); -+ -+ /* Get server's response. */ -+ reply = packet_get_string((unsigned int *)&auth.length); -+ memcpy(auth.dat, reply, auth.length); -+ xfree(reply); -+ -+ /* If his response isn't properly encrypted with the session key, -+ and the decrypted checksum fails to match, he's bogus. Bail out. */ -+ if (r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, -+ &foreign, &local, &msg_data)) { -+ debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]); -+ packet_disconnect("Kerberos V4 challenge failed!"); -+ } -+ /* fetch the (incremented) checksum that we supplied in the request */ -+ (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum)); -+ cksum = ntohl(cksum); -+ -+ /* If it matches, we're golden. */ -+ if (cksum == checksum + 1) { -+ debug("Kerberos V4 challenge successful."); -+ return 1; -+ } -+ else -+ packet_disconnect("Kerberos V4 challenge failed!"); -+ break; -+ -+ default: -+ packet_disconnect("Protocol error on Kerberos V4 response: %d", type); -+ } - } --#endif /* KERBEROS */ -+#endif /* KRB4 */ -+ - --#ifdef KERBEROS_TGT_PASSING - /* Forward our local Kerberos tgt to the server. */ -+#ifdef KRB5 - int send_kerberos_tgt(void) - { --#ifdef KRB5 - char *remotehost; - krb5_principal client; - krb5_principal server; -@@ -1172,22 +1243,117 @@ - krb5_free_principal(ssh_context, client); - krb5_free_principal(ssh_context, server); - -- type = packet_read(); -- if (type == SSH_SMSG_SUCCESS) -- { -- debug("Kerberos V5 TGT passing was successful."); -- return 1; -- } -- else -- if (type != SSH_SMSG_FAILURE) -- packet_disconnect("Protocol error on Kerberos tgt response: %d", type); -- else -- debug("Kerberos V5 TGT passing failed."); -- -- return 0; -+ return 1; -+} - #endif /* KRB5 */ -+ -+#ifdef AFS -+int send_kerberos_tgt() -+{ -+ CREDENTIALS *creds; -+ char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; -+ int r, type; -+ unsigned char buffer[8192]; -+ struct stat st; -+ -+ /* Don't do anything if we don't have any tickets. */ -+ if (stat(tkt_string(), &st) < 0) return 0; -+ -+ creds = xmalloc(sizeof(CREDENTIALS)); -+ -+ if ((r=krb_get_tf_fullname(TKT_FILE,pname,pinst,prealm)) != KSUCCESS) { -+ debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]); -+ return 0; -+ } -+ if ((r=krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) { -+ debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]); -+ return 0; -+ } -+ if (time(0) > -+#ifdef HAVE_KRB_LIFE_TO_TIME -+ (unsigned long)krb_life_to_time(creds->issue_date, creds->lifetime)) { -+#else -+ (creds->issue_date + ((unsigned char)creds->lifetime * 5 * 60))) { -+#endif /* HAVE_KRB_LIFE_TO_TIME */ -+ debug("Kerberos V4 ticket expired: %s", TKT_FILE); -+ return 0; -+ } -+ -+ creds_to_radix(creds, buffer); -+ xfree(creds); -+ -+ packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); -+ packet_put_string((char *)buffer, strlen(buffer)); -+ packet_send(); -+ packet_write_wait(); -+ -+ return 1; -+} -+ -+/* Forwards our AFS tokens to the server. */ -+void send_afs_tokens(void) -+{ -+ CREDENTIALS creds; -+ struct ViceIoctl parms; -+ struct ClearToken ct; -+ int i, type; -+ int len; -+ char buf[2048], *p, *server_cell; -+ unsigned char buffer[8192]; -+ -+ /* Move over ktc_GetToken, here's something leaner. */ -+ for (i = 0; i < 100; i++) { /* just in case */ -+ parms.in = (char *)&i; -+ parms.in_size = sizeof(i); -+ parms.out = buf; -+ parms.out_size = sizeof(buf); -+ if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break; -+ p = buf; -+ -+ /* Get secret token. */ -+ memcpy(&creds.ticket_st.length, p, sizeof(unsigned int)); -+ if (creds.ticket_st.length > MAX_KTXT_LEN) break; -+ p += sizeof(unsigned int); -+ memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); -+ p += creds.ticket_st.length; -+ -+ /* Get clear token. */ -+ memcpy(&len, p, sizeof(len)); -+ if (len != sizeof(struct ClearToken)) break; -+ p += sizeof(len); -+ memcpy(&ct, p, len); -+ p += len; -+ p += sizeof(len); /* primary flag */ -+ server_cell = p; -+ -+ /* Flesh out our credentials. */ -+ strcpy(creds.service, "afs"); -+ creds.instance[0] = '\0'; -+ strncpy(creds.realm, server_cell, REALM_SZ); -+ memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); -+ creds.issue_date = ct.BeginTimestamp; -+ creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); -+ creds.kvno = ct.AuthHandle; -+ snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); -+ creds.pinst[0] = '\0'; -+ -+ /* Encode token, ship it off. */ -+ if (!creds_to_radix(&creds, buffer)) break; -+ packet_start(SSH_CMSG_HAVE_AFS_TOKEN); -+ packet_put_string((char *)buffer, strlen(buffer)); -+ packet_send(); -+ packet_write_wait(); -+ -+ /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */ -+ type = packet_read(); -+ -+ if (type == SSH_SMSG_FAILURE) -+ debug("AFS token for cell %s rejected.", server_cell); -+ else if (type != SSH_SMSG_SUCCESS) -+ packet_disconnect("Protocol error on AFS token response: %d", type); -+ } - } --#endif /* KERBEROS_TGT_PASSING */ -+#endif /* AFS */ - - /* Waits for the server identification string, and sends our own identification - string. */ -@@ -1285,14 +1451,12 @@ - unsigned char check_bytes[8]; - unsigned int supported_ciphers, supported_authentications, protocol_flags; - HostStatus host_status; --#ifdef KERBEROS - #ifdef KRB5 - char *kuser; - krb5_ccache ccache; - krb5_error_code problem; - krb5_principal client; --#endif --#endif -+#endif /* KRB5 */ - - /* Convert the user-supplied hostname into all lowercase. */ - host = xstrdup(orighost); -@@ -1595,7 +1759,6 @@ - - debug("Received encrypted confirmation."); - --#ifdef KERBEROS - #ifdef KRB5 - if (!ssh_context) - { -@@ -1629,7 +1792,6 @@ - debug("Kerberos V5: could not get default ccache."); - } - #endif /* KRB5 */ --#endif /* KERBEROS */ - - /* Send the name of the user to log in as on the server. */ - packet_start(SSH_CMSG_USER); -@@ -1647,24 +1809,39 @@ - packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", - type); - --#ifdef KERBEROS_TGT_PASSING -+#if defined(KRB5) || defined(AFS) - /* Try Kerberos tgt passing if the server supports it. */ - if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && - options->kerberos_tgt_passing) - { - if (options->cipher == SSH_CIPHER_NONE) - log_msg("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); -- (void)send_kerberos_tgt(); -+ if (send_kerberos_tgt()) -+ { -+ type = packet_read(); -+ if (type == SSH_SMSG_FAILURE) -+ debug("Kerberos TGT passing failed."); -+ else if (type != SSH_SMSG_SUCCESS) -+ packet_disconnect("Protocol error on Kerberos tgt response: %d", type); -+ } - } --#endif /* KERBEROS_TGT_PASSING */ -+#endif /* KRB5 || AFS */ -+ -+#ifdef AFS -+ /* Try AFS token passing if the server supports it. */ -+ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && -+ options->afs_token_passing && k_hasafs()) { -+ if (options->cipher == SSH_CIPHER_NONE) -+ log_msg("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); -+ send_afs_tokens(); -+ } -+#endif /* AFS */ - --#ifdef KERBEROS --#ifdef KRB5 -+#if defined(KRB4) || defined(KRB5) - if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && - options->kerberos_authentication) - { -- debug("Trying Kerberos V5 authentication."); --#endif -+ debug("Trying Kerberos authentication."); - if (try_kerberos_authentication()) { - /* The server should respond with success or failure. */ - type = packet_read(); -@@ -1673,10 +1850,8 @@ - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error: got %d in response to Kerberos auth", type); - } --#ifdef KRB5 - } --#endif --#endif /* KERBEROS */ -+#endif /* KRB4 || KRB5 */ - - /* Use rhosts authentication if running in privileged socket and we do not - wish to remain anonymous. */ diff --git a/security/ssh6/patches/patch-bl b/security/ssh6/patches/patch-bl deleted file mode 100644 index a9c52c45a21..00000000000 --- a/security/ssh6/patches/patch-bl +++ /dev/null @@ -1,37 +0,0 @@ -$NetBSD: patch-bl,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- sshd.8.in.orig Wed May 12 07:19:31 1999 -+++ sshd.8.in Fri Dec 24 21:50:05 1999 -@@ -529,10 +529,10 @@ - - .TP - .B KerberosAuthentication --Specifies whether Kerberos V5 authentication is allowed. This can -+Specifies whether Kerberos authentication is allowed. This can - be in the form of a Kerberos ticket, or if PasswordAuthentication - is yes, the password provided by the user will be validated through --the Kerberos KDC or DCE Security Server. Default is yes. -+the Kerberos KDC / AFS kaserver / DCE Security Server. Default is yes. - - .TP - .B KerberosOrLocalPasswd -@@ -542,8 +542,18 @@ - - .TP - .B KerberosTgtPassing --Specifies whether a Kerberos V5 TGT may be forwarded to the server. -+Specifies whether a Kerberos TGT may be forwarded to the server. - Default is yes. -+ -+.TP -+.B AFSTokenPassing -+Specifies whether an AFS token may be forwarded to the server. -+Default is yes. -+ -+.TP -+.B KerberosTicketCleanup -+Specifies whether to automatically destroy the user's Kerberos v4 -+ticket cache file on logout. Default is yes. - - .TP - .B KeyRegenerationInterval diff --git a/security/ssh6/patches/patch-bm b/security/ssh6/patches/patch-bm deleted file mode 100644 index 82083d8fdde..00000000000 --- a/security/ssh6/patches/patch-bm +++ /dev/null @@ -1,176 +0,0 @@ -$NetBSD: patch-bm,v 1.1 2000/03/20 02:25:43 itojun Exp $ - ---- README-IPv6.orig Wed Dec 31 19:00:00 1969 -+++ README-IPv6 Fri Dec 24 21:50:38 1999 -@@ -0,0 +1,171 @@ -+ssh-1.2.27-IPv6 version 1.5 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * ssh-1.2.27-IPv6 can handle both IPv4 and IPv6. -+ -+ To enable sshd/ssh to handle both IPv4 and IPv6, -+ -+ ./configure --enable-ipv6 -+ -+ Otherwise sshd/ssh handle IPv4 only as same as original ssh. -+ -+ * You can have multiple ListenAddress lines in /etc/sshd_config. -+ It means that sshd can listen multiple addresses. -+ -+ Example1: sshd will bind on these four adresses. -+ -+ ListenAddress 202.249.17.50 -+ ListenAddress 202.249.17.137 -+ ListenAddress 3ffe:501:c0b::1 -+ ListenAddress 3ffe:501:c0b:20:2a0:c9ff:fe3e:f5fc -+ -+ Example2: as same as example1. -+ (Because bertemu.rcac.tdi.co.jp has these four addresses.) -+ -+ ListenAddress bertemu.rcac.tdi.co.jp -+ -+ Example3: sshd will bind on any address both IPv4 and IPv6. -+ -+ ListenAddress :: -+ ListenAddress 0.0.0.0 -+ -+ Example4: as same as example3. -+ -+ No ListenAddress line in /etc/sshd_config. -+ -+ * You don't mind whether the host has IPv4 or IPv6 address. -+ You can also specify using only IPv4 (or only IPv6). -+ -+ Example1: ssh will try all IPv4 and IPv6 addresses that the host has. -+ -+ ssh host -+ -+ Example2: ssh will try all IPv4 addresses that the host has. -+ -+ ssh -4 host -+ -+ Example3: ssh will try all IPv6 addresses that the host has. -+ -+ ssh -6 host -+ -+ * You can have multiple Port lines in /etc/sshd_config and -p options. -+ It means that sshd can listen multiple ports, not only port 22. -+ -+ For example, you run sshd that listens port 22 and port 722, -+ and you can use port 22 for slogin and port 722 for scp. -+ It's useful if you have preference for interactive traffic in the router. -+ -+ You can have "AnotherPort 722" line in /etc/ssh_config or your -+ config file (maybe ~/.ssh/config). In this case, ssh with -A option -+ try to connect to port 722 at first, and try to connect to original -+ port (maybe port 22) if port 722 fails. scp executes ssh with -A option. -+ -+ * IPv6 supported platform -+ -+ IPv6 feature is available on follwing platforms now. -+ -+ kame -- http://www.kame.net/ (used to be called Hydrangea) -+ v6d -- http://onoe2.sm.sony.co.jp/ipv6/ (IPv6 daemon) -+ -+ On the other environments you can compile and run ssh-1.2.27-IPv6 if -+ you have a good getaddrinfo() in your library. -+ -+ * How to get ssh-1.2.27-IPv6 -+ -+ You can get tar.gz or patch to ssh-1.2.27.tar.gz: -+ -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5.tar.gz -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5-patch.gz -+ -+ * How to install ssh-1.2.27-IPv6 -+ -+ Apply ssh-1.2.27-IPv6-1.5-patch to ssh-1.2.27.tar.gz (or use -+ ssh-1.2.27-IPv6-1.5.tar.gz) and then see INSTALL file of ssh-1.2.27. -+ -+ If you want to enable ssh to handle IPv6, for example, -+ -+ % ./configure --enable-ipv6 -+ % make -+ % make install -+ -+ and you will be able to enjoy ssh handling both IPv6 and IPv4. -+ -+ * Change Log -+ -+ v1.5 1999-05-15 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.27 -+ * supported scp with bracketed ipv6 ip address -+ * used struct sockaddr_storage instead of union sockunion -+ -+ v1.4 1998-08-21 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ * cleanup comparing ip address at get_remote_hostname() in canohost.c -+ -+ v1.3 1998-08-14 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ pointed out by Kenji Rikitake <kenji@k2r.org> -+ -+ v1.2.2 1998-08-07 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed IPv6 enable checking bug in configure.in -+ -+ v1.2.1 1998-08-05 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed AuthLog enable handling bug -+ -+ v1.2 1998-08-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.26 -+ -+ v1.1.5 1998-06-13 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported AuthLog (logging authenticated info) in /etc/sshd_config -+ -+ v1.1.4 1998-06-11 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported multiple Port lines in /etc/sshd_config -+ * supported AnotherPort line in /etc/ssh_config -+ * supported -A option of ssh for another port try -+ -+ v1.1.3 1998-06-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * X11 connection forwarding IPv6 support -+ * removeed all hostent and sockaddr_in from *.c -+ -+ v1.1.2 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * configuration support for v6d. -+ -+ v1.1.1 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add getaddinfo.c, getnameinfo.c and gai.h (delete fakelibinet6.c) -+ * configure checks whether getaddrinfo exists or not. -+ -+ v1.1 1998-05-31 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * add fakelibinet6.c (including getaddrinfo and getnameinfo) -+ * compilation support on non-IPv6 environment. -+ * fixed port forwarding bug -+ -+ v1.0.1 1998-05-30 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add ENABLE_IPV6 flag. -+ * configuration support --enable-ipv6 for IPv6 platforms. -+ -+ v1.0 1998-05-30 created by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * first release -+ * IPv6 support except X11 connection forwarding -+ -+ * Guideline for making this patch -+ -+ * protocol family independent (using AF_UNSPEC) -+ * use getaddrinfo and getnameinfo (see RFC2133) -+ * don't use sockaddr_in and AF_INET (but option -4 uses AF_INET) -+ * don't use sockaddr_in6 and AF_INET6 (but option -6 uses AF_INET6) -+ * don't use gethostbyname, gethostbyaddr and hostent -+ * listen to all addresses for all available protocol family -+ * try to connect to all addresses for all available protocol family -+ diff --git a/security/ssh6/patches/patch-bn b/security/ssh6/patches/patch-bn deleted file mode 100644 index c46a09a8385..00000000000 --- a/security/ssh6/patches/patch-bn +++ /dev/null @@ -1,49 +0,0 @@ -$NetBSD: patch-bn,v 1.1 2000/03/20 02:25:44 itojun Exp $ - ---- README.AFS-KERBEROS.orig Wed Dec 31 19:00:00 1969 -+++ README.AFS-KERBEROS Fri Dec 24 21:50:03 1999 -@@ -0,0 +1,44 @@ -+ -+ssh-1.2.27-afs-kerberos.patch-1 -+AFS, Kerberos v4 support for SSH -+ -+Here are the extra flags to configure, and what they do: -+ -+--with-krb4[=PATH] Compile in Kerberos v4 support: -+ Kerberos v4 authentication -+ Kerberos v4 password authentication -+ Kerberos v4 ~/.klogin authorization -+ -+These are all enabled by the 'KerberosAuthentication' config option. -+Kerberos v4 and Kerberos v5 support are mutually exclusive for now. -+PATH default is /usr/kerberos. -+ -+--with-hesiod[=PATH] Compile in support for Hesiod: -+ getpwnam(), getpwuid() replacements -+ -+--with-afs Compile in AFS support (requires KTH krb4): -+ ticket/token passing -+ process authentication groups -+ local Xauthority files (for AFS home dirs) -+ /ticket TKT_ROOT directory (if it exists) -+ -+Binaries built with AFS support will work just fine on non-AFS machines! -+You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src), -+or just their libkafs, also available separately from CMU as libkrbafs -+(http://andrew2.andrew.cmu.edu/dist/krbafs.html). -+ -+Additional Kerberos client and server config options (and their defaults): -+ -+ KerberosAuthentication yes -+ KerberosOrLocalPasswd no -+ KerberosTgtPassing yes -+ AFSTokenPassing yes -+ KerberosTicketCleanup yes -+ -+See sshd(8) and ssh(1) for details. -+ -+The latest version of this patch can be found at -+ -+ http://www.monkey.org/~dugsong/ssh-afs-kerberos.html -+ -+dugsong@monkey.org diff --git a/security/ssh6/patches/patch-bo b/security/ssh6/patches/patch-bo deleted file mode 100644 index 7061e6500cb..00000000000 --- a/security/ssh6/patches/patch-bo +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-bo,v 1.1 2000/03/20 02:25:44 itojun Exp $ - ---- gai.h.orig Wed Dec 31 19:00:00 1969 -+++ gai.h Fri Dec 24 21:50:41 1999 -@@ -0,0 +1,12 @@ -+/* -+ * fake library for ssh -+ * -+ * This file is included in getaddrinfo.c and getnameinfo.c. -+ * See getaddrinfo.c and getnameinfo.c. -+ */ -+ -+/* for old netdb.h */ -+#ifndef EAI_NODATA -+#define EAI_NODATA 1 -+#define EAI_MEMORY 2 -+#endif diff --git a/security/ssh6/patches/patch-bp b/security/ssh6/patches/patch-bp deleted file mode 100644 index 97c6ac152fe..00000000000 --- a/security/ssh6/patches/patch-bp +++ /dev/null @@ -1,120 +0,0 @@ -$NetBSD: patch-bp,v 1.1 2000/03/20 02:25:44 itojun Exp $ - ---- getaddrinfo.c.orig Wed Dec 31 19:00:00 1969 -+++ getaddrinfo.c Fri Dec 24 21:50:41 1999 -@@ -0,0 +1,115 @@ -+/* -+ * fake library for ssh -+ * -+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getaddrinfo.c -+ * will be used if you have broken getaddrinfo or no getaddrinfo. -+ */ -+ -+#include "includes.h" -+#include "ssh.h" -+ -+#include "gai.h" -+ -+static struct addrinfo * -+malloc_ai(port, addr) -+int port; -+u_long addr; -+{ -+ struct addrinfo *ai; -+ -+ if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + -+ sizeof(struct sockaddr_in))) { -+ memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); -+ ai->ai_addr = (struct sockaddr *)(ai + 1); -+ /* XXX -- ssh doesn't use sa_len */ -+ ai->ai_addrlen = sizeof(struct sockaddr_in); -+ ai->ai_addr->sa_family = ai->ai_family = AF_INET; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; -+ return ai; -+ } else { -+ return NULL; -+ } -+} -+ -+char * -+gai_strerror(ecode) -+int ecode; -+{ -+ switch (ecode) { -+ case EAI_NODATA: -+ return "no address associated with hostname."; -+ case EAI_MEMORY: -+ return "memory allocation failure."; -+ default: -+ return "unknown error."; -+ } -+} -+ -+void -+freeaddrinfo(ai) -+struct addrinfo *ai; -+{ -+ struct addrinfo *next; -+ -+ do { -+ next = ai->ai_next; -+ free(ai); -+ } while (ai = next); -+} -+ -+int -+getaddrinfo(hostname, servname, hints, res) -+const char *hostname, *servname; -+const struct addrinfo *hints; -+struct addrinfo **res; -+{ -+ struct addrinfo *cur, *prev = NULL; -+ struct hostent *hp; -+ int i, port; -+ -+ if (servname) -+ port = htons(atoi(servname)); -+ else -+ port = 0; -+ if (hints && hints->ai_flags & AI_PASSIVE) -+ if (*res = malloc_ai(port, htonl(0x00000000))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (!hostname) -+ if (*res = malloc_ai(port, htonl(0x7f000001))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (inet_addr(hostname) != -1) -+ if (*res = malloc_ai(port, inet_addr(hostname))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if ((hp = gethostbyname(hostname)) && -+ hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { -+ for (i = 0; hp->h_addr_list[i]; i++) -+ if (cur = malloc_ai(port, -+ ((struct in_addr *)hp->h_addr_list[i])->s_addr)) { -+ if (prev) -+ prev->ai_next = cur; -+ else -+ *res = cur; -+ prev = cur; -+ } else { -+ if (*res) -+ freeaddrinfo(*res); -+ return EAI_MEMORY; -+ } -+ return 0; -+ } -+ return EAI_NODATA; -+} diff --git a/security/ssh6/patches/patch-bq b/security/ssh6/patches/patch-bq deleted file mode 100644 index dbd8fdc7bdd..00000000000 --- a/security/ssh6/patches/patch-bq +++ /dev/null @@ -1,66 +0,0 @@ -$NetBSD: patch-bq,v 1.1 2000/03/20 02:25:44 itojun Exp $ - ---- getnameinfo.c.orig Wed Dec 31 19:00:00 1969 -+++ getnameinfo.c Fri Dec 24 21:50:41 1999 -@@ -0,0 +1,61 @@ -+/* -+ * fake library for ssh -+ * -+ * This file includes getnameinfo(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getnameinfo.c -+ * will be used if you have broken getnameinfo or no getnameinfo. -+ */ -+ -+#include "includes.h" -+#include "ssh.h" -+ -+#include "gai.h" -+ -+int -+getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) -+const struct sockaddr *sa; -+size_t salen; -+char *host; -+size_t hostlen; -+char *serv; -+size_t servlen; -+int flags; -+{ -+ struct sockaddr_in *sin = (struct sockaddr_in *)sa; -+ struct hostent *hp; -+ char tmpserv[16]; -+ -+ if (serv) { -+ sprintf(tmpserv, "%d", ntohs(sin->sin_port)); -+ if (strlen(tmpserv) > servlen) -+ return EAI_MEMORY; -+ else -+ strcpy(serv, tmpserv); -+ } -+ if (host) -+ if (flags & NI_NUMERICHOST) -+ if (strlen(inet_ntoa(sin->sin_addr)) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, inet_ntoa(sin->sin_addr)); -+ return 0; -+ } -+ else -+ if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), -+ AF_INET)) -+ if (strlen(hp->h_name) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, hp->h_name); -+ return 0; -+ } -+ else -+ return EAI_NODATA; -+ return 0; -+} diff --git a/security/ssh6/patches/patch-br b/security/ssh6/patches/patch-br deleted file mode 100644 index 5bb65d934e6..00000000000 --- a/security/ssh6/patches/patch-br +++ /dev/null @@ -1,272 +0,0 @@ -$NetBSD: patch-br,v 1.1 2000/03/20 02:25:44 itojun Exp $ - ---- radix.c.orig Wed Dec 31 19:00:00 1969 -+++ radix.c Fri Dec 24 21:50:04 1999 -@@ -0,0 +1,267 @@ -+/* -+ radix.c -+ -+ base-64 encoding pinched from lynx2-7-2, who pinched it from rpem. -+ Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991 -+ and placed in the public domain. -+ -+ dugsong@UMICH.EDU -+*/ -+ -+#include "includes.h" -+ -+#ifdef AFS -+#include <krb.h> -+#include <kafs.h> -+ -+char six2pr[64] = { -+ 'A','B','C','D','E','F','G','H','I','J','K','L','M', -+ 'N','O','P','Q','R','S','T','U','V','W','X','Y','Z', -+ 'a','b','c','d','e','f','g','h','i','j','k','l','m', -+ 'n','o','p','q','r','s','t','u','v','w','x','y','z', -+ '0','1','2','3','4','5','6','7','8','9','+','/' -+}; -+ -+unsigned char pr2six[256]; -+ -+int uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded) -+{ -+ /* ENC is the basic 1 character encoding function to make a char printing */ -+#define ENC(c) six2pr[c] -+ -+ register char *outptr = bufcoded; -+ unsigned int i; -+ -+ for (i=0; i<nbytes; i += 3) { -+ *(outptr++) = ENC(*bufin >> 2); /* c1 */ -+ *(outptr++) = ENC(((*bufin << 4) & 060) | ((bufin[1] >> 4) & 017)); /*c2*/ -+ *(outptr++) = ENC(((bufin[1] << 2) & 074) | ((bufin[2] >> 6) & 03));/*c3*/ -+ *(outptr++) = ENC(bufin[2] & 077); /* c4 */ -+ bufin += 3; -+ } -+ if (i == nbytes+1) { -+ outptr[-1] = '='; -+ } else if (i == nbytes+2) { -+ outptr[-1] = '='; -+ outptr[-2] = '='; -+ } -+ *outptr = '\0'; -+ return(outptr - bufcoded); -+} -+ -+int uudecode(char *bufcoded, unsigned char *bufplain, int outbufsize) -+{ -+ /* single character decode */ -+#define DEC(c) pr2six[c] -+#define MAXVAL 63 -+ -+ static int first = 1; -+ int nbytesdecoded, j; -+ register char *bufin = bufcoded; -+ register unsigned char *bufout = bufplain; -+ register int nprbytes; -+ -+ /* If this is the first call, initialize the mapping table. */ -+ if (first) { -+ first = 0; -+ for(j=0; j<256; j++) pr2six[j] = MAXVAL+1; -+ for(j=0; j<64; j++) pr2six[(unsigned char)six2pr[j]] = (unsigned char)j; -+ } -+ -+ /* Strip leading whitespace. */ -+ while (*bufcoded==' ' || *bufcoded == '\t') bufcoded++; -+ -+ /* Figure out how many characters are in the input buffer. -+ If this would decode into more bytes than would fit into -+ the output buffer, adjust the number of input bytes downwards. */ -+ bufin = bufcoded; -+ while (pr2six[(unsigned char)*(bufin++)] <= MAXVAL); -+ nprbytes = bufin - bufcoded - 1; -+ nbytesdecoded = ((nprbytes+3)/4) * 3; -+ if (nbytesdecoded > outbufsize) -+ nprbytes = (outbufsize*4)/3; -+ -+ bufin = bufcoded; -+ -+ while (nprbytes > 0) { -+ *(bufout++) = (unsigned char) (DEC(*bufin) << 2 | DEC(bufin[1]) >> 4); -+ *(bufout++) = (unsigned char) (DEC(bufin[1]) << 4 | DEC(bufin[2]) >> 2); -+ *(bufout++) = (unsigned char) (DEC(bufin[2]) << 6 | DEC(bufin[3])); -+ bufin += 4; -+ nprbytes -= 4; -+ } -+ if (nprbytes & 03) { -+ if (pr2six[bufin[-2]] > MAXVAL) -+ nbytesdecoded -= 2; -+ else -+ nbytesdecoded -= 1; -+ } -+ return(nbytesdecoded); -+} -+ -+typedef unsigned char my_u_char; -+typedef unsigned int my_u_int32_t; -+typedef unsigned short my_u_short; -+ -+/* Nasty macros from BIND-4.9.2 */ -+ -+#define GETSHORT(s, cp) { \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ (s) = (((my_u_short)t_cp[0]) << 8) \ -+ | (((my_u_short)t_cp[1])) \ -+ ; \ -+ (cp) += 2; \ -+} -+ -+#define GETLONG(l, cp) { \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ (l) = (((my_u_int32_t)t_cp[0]) << 24) \ -+ | (((my_u_int32_t)t_cp[1]) << 16) \ -+ | (((my_u_int32_t)t_cp[2]) << 8) \ -+ | (((my_u_int32_t)t_cp[3])) \ -+ ; \ -+ (cp) += 4; \ -+} -+ -+#define PUTSHORT(s, cp) { \ -+ register my_u_short t_s = (my_u_short)(s); \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ *t_cp++ = t_s >> 8; \ -+ *t_cp = t_s; \ -+ (cp) += 2; \ -+} -+ -+#define PUTLONG(l, cp) { \ -+ register my_u_int32_t t_l = (my_u_int32_t)(l); \ -+ register my_u_char *t_cp = (my_u_char*)(cp); \ -+ *t_cp++ = t_l >> 24; \ -+ *t_cp++ = t_l >> 16; \ -+ *t_cp++ = t_l >> 8; \ -+ *t_cp = t_l; \ -+ (cp) += 4; \ -+} -+ -+#define GETSTRING(s, p, p_l) { \ -+ register char* p_targ = (p) + p_l; \ -+ register char* s_c = (s); \ -+ register char* p_c = (p); \ -+ while (*p_c && (p_c < p_targ)) { \ -+ *s_c++ = *p_c++; \ -+ } \ -+ if (p_c == p_targ) { \ -+ return 1; \ -+ } \ -+ *s_c = *p_c++; \ -+ (p_l) = (p_l) - (p_c - (p)); \ -+ (p) = p_c; \ -+} -+ -+ -+int creds_to_radix(CREDENTIALS *creds, unsigned char *buf) -+{ -+ char *p, *s; -+ int len; -+ char temp[2048]; -+ -+ p = temp; -+ *p++ = 1; /* version */ -+ s = creds->service; while (*s) *p++ = *s++; *p++ = *s; -+ s = creds->instance; while (*s) *p++ = *s++; *p++ = *s; -+ s = creds->realm; while (*s) *p++ = *s++; *p++ = *s; -+ -+ s = creds->pname; while (*s) *p++ = *s++; *p++ = *s; -+ s = creds->pinst; while (*s) *p++ = *s++; *p++ = *s; -+ /* Null string to repeat the realm. */ -+ *p++ = '\0'; -+ -+ PUTLONG(creds->issue_date,p); -+ { -+ unsigned long endTime ; -+#ifdef HAVE_KRB_LIFE_TO_TIME -+ endTime = (unsigned long)krb_life_to_time(creds->issue_date, -+ creds->lifetime); -+#else /* !HAVE_KRB_LIFE_TO_TIME */ -+ endTime = creds->issue_date + ((unsigned char)(creds->lifetime))*5*60; -+#endif /* !HAVE_KRB_LIFE_TO_TIME */ -+ PUTLONG(endTime,p); -+ } -+ -+ memcpy(p,&creds->session, sizeof(creds->session)); -+ p += sizeof(creds->session); -+ -+ PUTSHORT(creds->kvno,p); -+ PUTLONG(creds->ticket_st.length,p); -+ -+ memcpy(p,creds->ticket_st.dat, creds->ticket_st.length); -+ p += creds->ticket_st.length; -+ len = p - temp; -+ -+ return(uuencode(temp, len, buf)); -+} -+ -+int radix_to_creds(char *buf, CREDENTIALS *creds) -+{ -+ -+ char *p, *s; -+ int len, tl, status; -+ char version; -+ char temp[2048]; -+ -+ if (!(len = uudecode(buf, temp, sizeof(temp)))) -+ return 0; -+ -+ p = temp; -+ -+ /* check version and length! */ -+ if (len < 1) return 0; -+ version = *p; p++; len--; -+ -+ GETSTRING(creds->service, p, len); -+ GETSTRING(creds->instance, p, len); -+ GETSTRING(creds->realm, p, len); -+ -+ GETSTRING(creds->pname, p, len); -+ GETSTRING(creds->pinst, p, len); -+ /* Ignore possibly different realm. */ -+ while (*p && len) p++, len--; -+ if (len == 0) return 0; -+ p++, len--; -+ -+ /* Enough space for remaining fixed-length parts? */ -+ if (len < (4 + 4 + sizeof(creds->session) + 2 + 4)) -+ return 0; -+ -+ GETLONG(creds->issue_date,p); -+ len -= 4; -+ { -+ unsigned long endTime; -+ GETLONG(endTime,p); -+ len -= 4; -+#ifdef HAVE_KRB_LIFE_TO_TIME -+ creds->lifetime = krb_time_to_life(creds->issue_date, endTime); -+#else -+ creds->lifetime = ((endTime - creds->issue_date) + 5*60 - 1) / (5*60); -+#endif -+ } -+ -+ memcpy(&creds->session, p, sizeof(creds->session)); -+ p += sizeof(creds->session); -+ len -= sizeof(creds->session); -+ -+ GETSHORT(creds->kvno,p); -+ len -= 2; -+ GETLONG(creds->ticket_st.length,p); -+ len -= 4; -+ -+ tl = creds->ticket_st.length; -+ if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat)) -+ return 0; -+ -+ memcpy(creds->ticket_st.dat, p, tl); -+ p += tl; -+ len -= tl; -+ -+ return 1; -+} -+ -+#endif /* AFS */ diff --git a/security/ssh6/patches/patch-ca b/security/ssh6/patches/patch-ca deleted file mode 100644 index b865b7387dd..00000000000 --- a/security/ssh6/patches/patch-ca +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ca,v 1.1 2001/02/13 12:29:06 is Exp $ - ---- deattack.c.orig Wed May 12 13:19:25 1999 -+++ deattack.c Tue Feb 13 11:23:07 2001 -@@ -79,7 +79,7 @@ - detect_attack(unsigned char *buf, word32 len, unsigned char *IV) - { - static word16 *h = (word16 *) NULL; -- static word16 n = HASH_MINSIZE / HASH_ENTRYSIZE; -+ static word32 n = HASH_MINSIZE / HASH_ENTRYSIZE; - register word32 i, j; - word32 l; - register unsigned char *c; diff --git a/security/ssh6/patches/patch-la b/security/ssh6/patches/patch-la deleted file mode 100644 index feaa3c05026..00000000000 --- a/security/ssh6/patches/patch-la +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-la,v 1.1 2000/03/20 02:25:44 itojun Exp $ - ---- userfile.c.orig Mon Mar 6 15:18:17 2000 -+++ userfile.c Mon Mar 6 15:18:25 2000 -@@ -180,7 +180,7 @@ - #endif - - --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - #include <login_cap.h> - #endif - -@@ -644,9 +644,13 @@ - /* Child. We will start serving request. */ - if (uid != geteuid() || uid != getuid()) - { --#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) -+#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) - struct passwd * pw = getpwuid(uid); -+#if defined(__NetBSD__) -+ login_cap_t * lc = login_getpwclass(pw); -+#else - login_cap_t * lc = login_getuserclass(pw); -+#endif - if (setusercontext(lc, pw, uid, - LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH | - LOGIN_SETENV)) < 0) diff --git a/security/ssh6/pkg/DEINSTALL b/security/ssh6/pkg/DEINSTALL deleted file mode 100644 index 0774f8db341..00000000000 --- a/security/ssh6/pkg/DEINSTALL +++ /dev/null @@ -1,18 +0,0 @@ -#! /bin/sh -# -# $NetBSD: DEINSTALL,v 1.1 2000/03/20 02:25:47 itojun Exp $ -# - -case "$2" in - DEINSTALL) cat <<EOF - -============================================================= -Note that ssh configuration, key, and random-seed files -(@SSH_CONF_DIR@/ssh*) are not removed in the deinstallation -process. You should remove those by hand, if you no longer -need them. -============================================================= - -EOF - ;; -esac diff --git a/security/ssh6/pkg/DESCR b/security/ssh6/pkg/DESCR deleted file mode 100644 index e2530afe016..00000000000 --- a/security/ssh6/pkg/DESCR +++ /dev/null @@ -1,99 +0,0 @@ -The IPv6 version of SSH (Secure Shell) is a program to log into -another computer over a network, to execute commands in a remote -machine, and to move files from one machine to another. It provides -strong authentication and secure communications over insecure -channels. It is intended as a replacement for rlogin, rsh, rcp, and -rdist. - -FEATURES - - o Strong authentication. Closes several security holes (e.g., IP, - routing, and DNS spoofing). New authentication methods: .rhosts - together with RSA based host authentication, and pure RSA - authentication. - - o Improved privacy. All communications are automatically and - transparently encrypted. RSA is used for key exchange, and a - conventional cipher (normally IDEA, Blowfish, or triple-DES) for - encrypting the session. Encryption is started before - authentication, and no passwords or other information is - transmitted in the clear. Encryption is also used to protect - against spoofed packets. - - o Secure X11 sessions. The program automatically sets DISPLAY on - the server machine, and forwards any X11 connections over the - secure channel. Fake Xauthority information is automatically - generated and forwarded to the remote machine; the local client - automatically examines incoming X11 connections and replaces the - fake authorization data with the real data (never telling the - remote machine the real information). - - o Arbitrary TCP/IP ports can be redirected through the encrypted channel - in both directions (e.g., for e-cash transactions). - - o No retraining needed for normal users; everything happens - automatically, and old .rhosts files will work with strong - authentication if administration installs host key files. - - o Never trusts the network. Minimal trust on the remote side of - the connection. Minimal trust on domain name servers. Pure RSA - authentication never trusts anything but the private key. - - o Client RSA-authenticates the server machine in the beginning of - every connection to prevent trojan horses (by routing or DNS - spoofing) and man-in-the-middle attacks, and the server - RSA-authenticates the client machine before accepting .rhosts or - /etc/hosts.equiv authentication (to prevent DNS, routing, or - IP-spoofing). - - o Host authentication key distribution can be centrally by the - administration, automatically when the first connection is made - to a machine (the key obtained on the first connection will be - recorded and used for authentication in the future), or manually - by each user for his/her own use. The central and per-user host - key repositories are both used and complement each other. Host - keys can be generated centrally or automatically when the software - is installed. Host authentication keys are typically 1024 bits. - - o Any user can create any number of user authentication RSA keys for - his/her own use. Each user has a file which lists the RSA public - keys for which proof of possession of the corresponding private - key is accepted as authentication. User authentication keys are - typically 1024 bits. - - o The server program has its own server RSA key which is - automatically regenerated every hour. This key is never saved in - any file. Exchanged session keys are encrypted using both the - server key and the server host key. The purpose of the separate - server key is to make it impossible to decipher a captured session by - breaking into the server machine at a later time; one hour from - the connection even the server machine cannot decipher the session - key. The key regeneration interval is configurable. The server - key is normally 768 bits. - - o An authentication agent, running in the user's laptop or local - workstation, can be used to hold the user's RSA authentication - keys. Ssh automatically forwards the connection to the - authentication agent over any connections, and there is no need to - store the RSA authentication keys on any machine in the network - (except the user's own local machine). The authentication - protocols never reveal the keys; they can only be used to verify - that the user's agent has a certain key. Eventually the agent - could rely on a smart card to perform all authentication - computations. - - o The software can be installed and used (with restricted - functionality) even without root privileges. - - o The client is customizable in system-wide and per-user - configuration files. Most aspects of the client's operation can - be configured. Different options can be specified on a per-host basis. - - o Automatically executes conventional rsh (after displaying a - warning) if the server machine is not running sshd. - - o Optional compression of all data with gzip (including forwarded X11 - and TCP/IP port data), which may result in significant speedups on - slow connections. - - o Complete replacement for rlogin, rsh, and rcp. diff --git a/security/ssh6/pkg/MESSAGE b/security/ssh6/pkg/MESSAGE deleted file mode 100644 index ba81750658f..00000000000 --- a/security/ssh6/pkg/MESSAGE +++ /dev/null @@ -1,20 +0,0 @@ -========================================================================== -$NetBSD: MESSAGE,v 1.3 2001/01/29 11:34:42 wiz Exp $ - -If "starter" configuration files were installed (in ${SSH_CONF_DIR}) -when the package was installed, be sure to examine them (and the man pages -for ssh and sshd) to determine whether you want to make any changes. - -Copies of the example configuration files are installed in -${PREFIX}/share/examples/ssh, so those can still be used for reference -after you have made changes to those installed in ${SSH_CONF_DIR}, or if -you had existing configuration files, which would not be overwritten in -the installation process. - -In general, you will want to set up /etc/rc.local to start sshd at boot -time. Something like the following should do the job: - -# Run sshd if installed and configured -${PREFIX}/etc/rc.d/sshd - -========================================================================== diff --git a/security/ssh6/pkg/PLIST b/security/ssh6/pkg/PLIST deleted file mode 100644 index aaf2a4a812d..00000000000 --- a/security/ssh6/pkg/PLIST +++ /dev/null @@ -1,40 +0,0 @@ -@comment $NetBSD: PLIST,v 1.2 2000/09/20 04:49:20 jlam Exp $ -bin/ssh -bin/ssh1 -bin/scp -bin/scp1 -bin/slogin -bin/ssh-add -bin/ssh-add1 -bin/ssh-agent -bin/ssh-agent1 -bin/ssh-keygen -bin/ssh-keygen1 -bin/make-ssh-known-hosts -bin/make-ssh-known-hosts1 -etc/rc.d/sshd -man/man1/make-ssh-known-hosts1.1 -man/man1/make-ssh-known-hosts.1 -man/man1/scp.1 -man/man1/scp1.1 -man/man1/ssh-add.1 -man/man1/ssh-add1.1 -man/man1/ssh-agent.1 -man/man1/ssh-agent1.1 -man/man1/ssh-keygen.1 -man/man1/ssh-keygen1.1 -man/man1/ssh.1 -man/man1/ssh1.1 -man/man1/slogin.1 -man/man1/slogin1.1 -man/man8/sshd.8 -man/man8/sshd1.8 -sbin/sshd -sbin/sshd1 -share/examples/ssh/ssh_config -share/examples/ssh/sshd_config -@exec if [ ! -d @SSH_CONF_DIR@ ]; then echo "Creating directory @SSH_CONF_DIR@ for ssh config files.." ; mkdir -p @SSH_CONF_DIR@; fi -@exec if [ ! -f @SSH_CONF_DIR@/ssh_config ]; then echo "Installing example ssh_config in @SSH_CONF_DIR@.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/ssh_config @SSH_CONF_DIR@; fi -@exec if [ ! -f @SSH_CONF_DIR@/sshd_config ]; then echo "Installing example sshd_config in @SSH_CONF_DIR@.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/sshd_config @SSH_CONF_DIR@; fi -@exec if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]; then echo "Generating a secret host key in @SSH_CONF_DIR@.." ; %D/bin/ssh-keygen -N "" -f @SSH_CONF_DIR@/ssh_host_key; fi -@dirrm share/examples/ssh |