diff options
| author | itojun <itojun@pkgsrc.org> | 2000-03-20 02:25:29 +0000 |
|---|---|---|
| committer | itojun <itojun@pkgsrc.org> | 2000-03-20 02:25:29 +0000 |
| commit | 394061aa313a2edbc0bdaf71a893a380fd4c7a41 (patch) | |
| tree | 92efc0c35d41de21ab00c3055913411c99f0a74a /security | |
| parent | 22ff163b2d30a8c6a123ae7814f5ac837a5e7c56 (diff) | |
| download | pkgsrc-394061aa313a2edbc0bdaf71a893a380fd4c7a41.tar.gz | |
split security/ssh and security/ssh6.
security/ssh6: IPv4/v6 ready, socks unavailable, kerberos available (not tested)
security/ssh: IPv4 onlyready, socks available, kerberos available (not tested)
should be integrated into one whenever socks support becomes aware of
getaddrinfo/getnameinfo. two directories with tons of patches/patch-* is
a maintenance headache.
Diffstat (limited to 'security')
73 files changed, 11535 insertions, 3566 deletions
diff --git a/security/Makefile b/security/Makefile index 0206397500c..8718c4fa7fa 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.27 2000/03/10 10:29:36 agc Exp $ +# $NetBSD: Makefile,v 1.28 2000/03/20 02:25:29 itojun Exp $ # FreeBSD Id: Makefile,v 1.23 1997/11/09 10:17:02 asami Exp # @@ -23,6 +23,7 @@ SUBDIR += rsaref SUBDIR += srp_client SUBDIR += ssh + SUBDIR += ssh6 SUBDIR += ssh-ip-tunnel SUBDIR += sudo SUBDIR += tripwire diff --git a/security/ssh/Makefile b/security/ssh/Makefile index 0c0a3b5edde..1771ec47494 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.75 2000/03/18 18:32:16 jlam Exp $ +# $NetBSD: Makefile,v 1.76 2000/03/20 02:25:48 itojun Exp $ # FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp # @@ -12,7 +12,7 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= packages@netbsd.org HOMEPAGE= http://www.cs.hut.fi/ssh/ -CONFLICTS= openssh-[0-9]* +CONFLICTS= openssh-[0-9]* ssh6-* EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} RESTRICTED= "Crypto; export-controlled" @@ -73,7 +73,6 @@ CONFIGURE_ARGS+= --without-idea # Include SOCKS firewall support .if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5) -BROKEN= SOCKS support currently unavailable CONFIGURE_ARGS+= --with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}" CFLAGS+= -I${LOCALBASE}/include .if ${USE_SOCKS} == 4 @@ -121,17 +120,6 @@ CONFIGURE_ARGS+= --disable-suid-ssh CFLAGS+= -DLIBWRAP_FWD .endif -# The original IPv6 patches were fetched from -# PATCH_SITES+= ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ -# PATCHFILES+= ssh-1.2.27-IPv6-1.5-patch.gz -# MD5 (ssh-1.2.27-IPv6-1.5-patch.gz) = b854131fe8aa025abeef32cecfe1b037 - -.if defined(USE_INET6) && ${USE_INET6} == YES -CONFIGURE_ARGS+= --enable-ipv6 -.else -CONFIGURE_ARGS+= --disable-ipv6 -.endif - # be more effective on M68060 machines .if defined(M68060) CONFIGURE_ARGS+= --disable-asm @@ -195,6 +183,6 @@ post-install: ${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh BUILD_DEFS+= USE_IDEA SSH_CONF_DIR SSH_SUID USE_RSAREF2 -BUILD_DEFS+= LIBWRAP_FWD M68060 USE_SOCKS USE_INET6 +BUILD_DEFS+= LIBWRAP_FWD M68060 USE_SOCKS .include "../../mk/bsd.pkg.mk" diff --git a/security/ssh/files/patch-sum b/security/ssh/files/patch-sum index 084b4bfdb9a..51769580ea1 100644 --- a/security/ssh/files/patch-sum +++ b/security/ssh/files/patch-sum @@ -1,46 +1,40 @@ -# $NetBSD: patch-sum,v 1.19 2000/03/18 17:11:58 tron Exp $ +# $NetBSD: patch-sum,v 1.20 2000/03/20 02:25:49 itojun Exp $ MD5 (patch-aa) = 39a4c82d2b89aae61df69a50f7aaa813 -MD5 (patch-ab) = 36dc0eb7feba0554674242b39082a09b -MD5 (patch-ac) = 3b37e0f4ecc7fa49512d02bc7044269f +MD5 (patch-ab) = 14aab959d372b529a72ef5770aae9b27 +MD5 (patch-ac) = cc87561b7921b1d9c94bfa72114a3e5f MD5 (patch-ad) = 60483c735ff0e3c47e640002be0cee75 MD5 (patch-ae) = c0f6b7f8e55442cc311ec00a7deea9a1 -MD5 (patch-af) = 1931160b8c6cebe641b4325aaeffad05 -MD5 (patch-ag) = 47b5e06663afddebbf2998e72f59dde2 +MD5 (patch-af) = 30685d61f9b6b3b1d89839b499acd196 +MD5 (patch-ag) = cf976e91e766180c897337457282b99c MD5 (patch-ah) = 7b6fe18163413b4f70195cb082ff51f5 -MD5 (patch-ai) = ab4a72deaa42a6ae7bf14ec554ed104f -MD5 (patch-aj) = f84243bc83b7f0210ba021cc68ba6746 +MD5 (patch-ai) = 25668756001a2a5406cc18ae7d5cde43 +MD5 (patch-aj) = cb9e03e1f6ac5e5079e0d3c940ea7d86 MD5 (patch-al) = 00d14d38c42bae1c8c597855e1054e2c MD5 (patch-am) = fd4e766e57c58645714fdab8ed55da5d MD5 (patch-an) = 135b09a36c66aaf25a476dcb659efcf7 MD5 (patch-ao) = 98e2eb418ee7f5ad544c32c7d5569ea2 MD5 (patch-ap) = 99049fb6deb9bab8950723b7430a89a4 -MD5 (patch-aq) = 6af8d097a297182328216440e306effa -MD5 (patch-ar) = f402ab7533811e42e6df38ee9dfb2e84 +MD5 (patch-aq) = 0e2a55c248173b5c707518513fa1f028 +MD5 (patch-ar) = 87da758dc3aea7ba995295ba026952c2 MD5 (patch-as) = f1f3fc3e5dae2461fffd2e6555f3077c MD5 (patch-at) = 8f7b4464fb25bf7871191c1aa8de4b30 -MD5 (patch-au) = 5106bb8fd152358b6696491066805df1 +MD5 (patch-au) = 41bf4866b533d1c8e11045bd6af2f387 MD5 (patch-av) = b3f9909bd6a5cc387e929d16f89884c0 -MD5 (patch-aw) = 91ad583415323fd97b46415050b0781a MD5 (patch-ax) = 98084f72d9d51a8635711c5ba2f8b945 MD5 (patch-ay) = bad6d73e938bcf379559d756e05e17b2 -MD5 (patch-az) = 8cb2b06a1f27a7976c96498489313ab3 +MD5 (patch-az) = 3647e942144afd6252831f72337abdcb MD5 (patch-ba) = 4a896f7bd31a506ce863341b177b348c MD5 (patch-bb) = a40ead1d10647afb6b4f6a13ea4a4229 -MD5 (patch-bc) = de9333a77b5f7f4be537fca1009d818c -MD5 (patch-bd) = 3164bf79351963ad8525b1d1c4045355 -MD5 (patch-be) = 5a903a9bacc892a91d5e6d0f7e19c08e -MD5 (patch-bf) = 3f141908ccb754e791b8b7c6b47285bb -MD5 (patch-bg) = 49092f0f234f9a96909d11d5eb285bb3 +MD5 (patch-bd) = c6dbfa6e5a41a0804e5d83564bb2ff8b +MD5 (patch-be) = 81ff3a3eb99bea5d7445f1e61898817d +MD5 (patch-bf) = 1555501d15b084685cd2f3b0382e892f +MD5 (patch-bg) = 1fa1f8317cdd537ccb95d9ce760c14be MD5 (patch-bh) = 92eac2ff64ef86261e1cadf331e16091 -MD5 (patch-bi) = 64d9543d3839c0d14c8a4abfafa4557c -MD5 (patch-bj) = 1f05b41165b267045f5c0a683be2054a -MD5 (patch-bk) = 5ef23643e980a05c5e2b1a11a0ba8083 +MD5 (patch-bi) = 47f8ad7b044b8c60999d5adb10288ee0 +MD5 (patch-bj) = 481295401bc3c94ae5dc588dc206cc4c +MD5 (patch-bk) = e1d08202e611aa0ca82b6330af862c77 MD5 (patch-bl) = 82a4d98c20e38fa515e94df98d99104b -MD5 (patch-bm) = adf57ea5144422880878e5a8c41c4565 MD5 (patch-bn) = b952c31778b8d95772234c21c1ede892 -MD5 (patch-bo) = 9db4ecae0a7bd795d9eeefb7c3386f73 -MD5 (patch-bp) = b519463adf568f2ca2f6720a2055289e -MD5 (patch-bq) = 2ac652937d1957d3d1d050516938c76c MD5 (patch-br) = 73c8bfe4215d67e9803b338cc5169b1f MD5 (patch-la) = 3584ccc61783fe0758d82b5ab82a658e diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab index d3b0973e346..aa5387ebd85 100644 --- a/security/ssh/patches/patch-ab +++ b/security/ssh/patches/patch-ab @@ -1,141 +1,16 @@ -$NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ +$NetBSD: patch-ab,v 1.12 2000/03/20 02:25:49 itojun Exp $ ---- configure.in.orig Wed May 12 20:20:02 1999 -+++ configure.in Sat Mar 18 13:21:59 2000 -@@ -30,8 +30,132 @@ +--- configure.in- Wed May 12 20:20:02 1999 ++++ configure.in Mon Mar 20 09:48:09 2000 +@@ -30,6 +30,7 @@ fi AC_PROG_CC +AC_PROG_CPP AC_ISC_POSIX -+AC_MSG_CHECKING([whether to enable ipv6]) -+AC_ARG_ENABLE(ipv6, -+[ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ipv6=no -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes -+ ;; -+ esac ], -+ -+ AC_TRY_RUN([ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes, -+ AC_MSG_RESULT(no) -+ ipv6=no, -+ AC_MSG_RESULT(no) -+ ipv6=no -+)) -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ AC_MSG_CHECKING([ipv6 stack type]) -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ kame) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ linux) -+ dnl http://www.v6.linux.or.jp/ -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ v6d) -+ AC_EGREP_CPP(yes, [dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"]) -+ ;; -+ zeta) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ AC_MSG_RESULT($ipv6type) -+fi -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") - - case "$host" in -@@ -42,11 +166,12 @@ +@@ -42,11 +43,12 @@ ;; *-*-solaris*) # solaris stuff. appro@fy.chalmers.se @@ -151,7 +26,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ ;; *-*-sunos*) os_sunos=yes -@@ -311,9 +436,9 @@ +@@ -311,9 +313,9 @@ export CFLAGS CC @@ -164,7 +39,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -@@ -370,7 +495,7 @@ +@@ -370,7 +372,7 @@ AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) @@ -173,132 +48,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_CHECK_HEADERS(sys/resource.h login_cap.h sys/stream.h sys/conf.h) -@@ -399,6 +524,16 @@ - [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) - AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) - -+AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage]) -+AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have __ss_family]) -+AC_EGREP_HEADER(__ss_family, sys/socket.h, -+ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have sa_len]) -+AC_EGREP_HEADER(sa_len, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+ - AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) - AC_CHECK_LIB(sec, getspnam) - AC_CHECK_LIB(seq, get_process_stats) -@@ -436,6 +571,107 @@ - - AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) - -+AC_MSG_CHECKING(getaddrinfo bug) -+AC_TRY_RUN([ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (inet4 != 0 && inet4 != 2) -+ goto bad; -+ if (inet6 != 0 && inet6 != 2) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+], -+AC_MSG_RESULT(good) -+buggygetaddrinfo=no, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes) -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ AC_REPLACE_FUNCS(getaddrinfo getnameinfo) -+ fi -+fi -+ - AC_PROG_LN_S - AC_PROG_INSTALL - AC_CHECK_PROG(AR, ar, ar, echo) -@@ -903,8 +1139,8 @@ +@@ -903,8 +905,8 @@ fi AC_MSG_RESULT(Assuming TIS headers and libraries are in $withval.) AC_DEFINE(HAVE_TIS) @@ -309,7 +59,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ AC_MSG_WARN(Remember to read README.TIS. The connection between sshd and TIS authentication server is clear text!) ;; -@@ -912,55 +1148,117 @@ +@@ -912,55 +914,117 @@ AC_MSG_RESULT(no) ) @@ -452,7 +202,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ AC_MSG_CHECKING(whether to use libwrap) AC_ARG_WITH(libwrap, -@@ -970,11 +1268,19 @@ +@@ -970,11 +1034,19 @@ AC_MSG_RESULT(no) ;; yes) @@ -477,7 +227,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ ;; *) AC_MSG_RESULT(yes) -@@ -1227,14 +1533,14 @@ +@@ -1227,14 +1299,14 @@ [ case "$enableval" in no) AC_MSG_RESULT(no) @@ -495,55 +245,7 @@ $NetBSD: patch-ab,v 1.11 2000/03/18 04:35:23 itojun Exp $ ) AC_MSG_CHECKING(whether to enable TCP_NODELAY) -@@ -1252,6 +1558,38 @@ - AC_DEFINE(ENABLE_TCP_NODELAY) - ) - -+AC_MSG_CHECKING(whether to enable another port try support) -+AC_ARG_ENABLE(another-port-try, -+[ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+) -+ -+AC_MSG_CHECKING(whether to enable logging auth info support) -+AC_ARG_ENABLE(log-auth, -+[ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+) -+ - AC_MSG_CHECKING(whether to enable SO_LINGER) - AC_ARG_ENABLE(so-linger, - [ --enable-so-linger Enable setting SO_LINGER socket option], -@@ -1311,6 +1649,8 @@ - AC_DEFINE(SCP_ALL_STATISTICS_ENABLED) - ) - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - AC_ARG_ENABLE(asm, -@@ -1336,4 +1676,4 @@ +@@ -1336,4 +1408,4 @@ AC_SUBST(SSHDCONFOBJS) AC_SUBST(SSHINSTALLMODE) diff --git a/security/ssh/patches/patch-ac b/security/ssh/patches/patch-ac index 287345480f9..687df517d47 100644 --- a/security/ssh/patches/patch-ac +++ b/security/ssh/patches/patch-ac @@ -1,7 +1,7 @@ -$NetBSD: patch-ac,v 1.11 2000/01/22 23:30:42 tron Exp $ +$NetBSD: patch-ac,v 1.12 2000/03/20 02:25:49 itojun Exp $ ---- Makefile.in.orig Wed May 12 13:19:31 1999 -+++ Makefile.in Sun Jan 23 00:22:03 2000 +--- Makefile.in- Wed May 12 20:19:31 1999 ++++ Makefile.in Mon Mar 20 09:41:02 2000 @@ -264,7 +264,7 @@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ diff --git a/security/ssh/patches/patch-af b/security/ssh/patches/patch-af index 3240072f45c..c81c2dd2e99 100644 --- a/security/ssh/patches/patch-af +++ b/security/ssh/patches/patch-af @@ -1,7 +1,7 @@ -$NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ +$NetBSD: patch-af,v 1.10 2000/03/20 02:25:50 itojun Exp $ ---- sshd.c.orig Wed May 12 13:19:29 1999 -+++ sshd.c Mon Mar 6 15:19:36 2000 +--- sshd.c- Wed May 12 20:19:29 1999 ++++ sshd.c Mon Mar 20 09:57:30 2000 @@ -511,7 +511,7 @@ #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -41,228 +41,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* Server configuration options. */ ServerOptions options; -@@ -553,6 +564,19 @@ - /* Name of the server configuration file. */ - char *config_file_name = SERVER_CONFIG_FILE; - -+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ -+#ifdef ENABLE_LOG_AUTH -+char *unauthenticated_user = NULL; -+int log_auth_flag = 0; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Debug mode flag. This can be set on the command line. If debug - mode is enabled, extra debugging output will be sent to the system - log, the daemon will not go to background, and will exit after processing -@@ -576,7 +600,17 @@ - - /* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ --int listen_sock; -+#define MAX_LISTEN_SOCKS 16 -+int listen_socks[MAX_LISTEN_SOCKS]; -+int num_listen_socks = 0; -+void close_listen_socks() -+{ -+ int i; -+ -+ for (i = 0; i < num_listen_socks; i++) -+ close(listen_socks[i]); -+ num_listen_socks = -1; -+} - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ -@@ -649,7 +683,6 @@ - const char *display, const char *auth_proto, - const char *auth_data, const char *ttyname); - -- - /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; - the effect is to reread the configuration file (and to regenerate - the server key). */ -@@ -666,7 +699,7 @@ - void sighup_restart(void) - { - log_msg("Received SIGHUP; restarting."); -- close(listen_sock); -+ close_listen_socks(); - execvp(saved_argv[0], saved_argv); - log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", - saved_argv[0], strerror(errno)); -@@ -680,7 +713,7 @@ - RETSIGTYPE sigterm_handler(int sig) - { - log_msg("Received signal %d; terminating.", sig); -- close(listen_sock); -+ close_listen_socks(); - exit(255); - } - -@@ -759,7 +792,7 @@ - int perm_denied = 0; - int ret; - fd_set fdset; -- struct sockaddr_in sin; -+ struct sockaddr_storage from; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ - char *comment; -@@ -769,6 +802,9 @@ - struct linger linger; - #endif /* SO_LINGER */ - int done; -+ struct addrinfo *ai; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int listen_sock, maxfd; - - /* Save argv[0]. */ - saved_argv = av; -@@ -787,10 +823,26 @@ - initialize_server_options(&options); - - /* Parse command-line arguments. */ -- while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF) -+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4" -+#ifdef ENABLE_IPV6 -+ "6" -+#endif -+ )) != EOF) - { - switch (opt) - { -+ case '4': -+#ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+#else -+ IPv4or6 = AF_INET; -+#endif -+ break; -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+#endif - case 'f': - config_file_name = optarg; - break; -@@ -807,7 +859,7 @@ - options.server_key_bits = atoi(optarg); - break; - case 'p': -- options.port = atoi(optarg); -+ options.ports[options.num_ports++] = atoi(optarg); - break; - case 'g': - options.login_grace_time = atoi(optarg); -@@ -829,6 +881,10 @@ - fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); - fprintf(stderr, "Usage: %s [options]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only\n"); -+#ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only\n"); -+#endif - fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); - fprintf(stderr, " -d Debugging mode\n"); - fprintf(stderr, " -i Started from inetd\n"); -@@ -857,16 +913,15 @@ - fprintf(stderr, "fatal: Bad server key size.\n"); - exit(1); - } -- if (options.port < 1 || options.port > 65535) -- { -- fprintf(stderr, "fatal: Bad port number.\n"); -- exit(1); -- } - if (options.umask != -1) - { - umask(options.umask); - } - -+#ifdef ENABLE_LOG_AUTH -+ log_auth_flag = options.log_auth; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Check that there are no remaining arguments. */ - if (optind < ac) - { -@@ -1034,10 +1089,13 @@ - } - else - { -+ for (ai = options.listen_addrs; ai; ai = ai->ai_next) -+ { - /* Create socket for listening. */ -- listen_sock = socket(AF_INET, SOCK_STREAM, 0); -+ listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (listen_sock < 0) - fatal("socket: %.100s", strerror(errno)); -+ listen_socks[num_listen_socks] = listen_sock; - - /* Set socket options. We try to make the port reusable and have it - close as fast as possible without waiting in unnecessary wait states -@@ -1051,21 +1109,30 @@ - sizeof(linger)); - #endif /* SO_LINGER */ - -- /* Initialize the socket address. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr = options.listen_addr; -- sin.sin_port = htons(options.port); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); - - /* Bind the socket to the desired port. */ -- if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("bind: %.100s", strerror(errno)); -- shutdown(listen_sock, 2); -+ error("Bind to port %s on %s failed: %.200s.", -+ strport, ntop, strerror(errno)); - close(listen_sock); -- fatal("Bind to port %d failed: %.200s.", options.port, -- strerror(errno)); -+ continue; - } -+ num_listen_socks++; -+ -+ /* Start listening on the port. */ -+ log_msg("Server listening on %s port %s.", ntop, strport); -+ if (listen(listen_sock, 5) < 0) -+ fatal("listen: %.100s", strerror(errno)); -+ -+ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */ -+ freeaddrinfo(options.listen_addrs); -+ -+ if (!num_listen_socks) -+ fatal("Cannot bind all addresses."); - - if (!debug_flag) - { -@@ -1081,11 +1148,6 @@ - } - } - -- /* Start listening on the port. */ -- log_msg("Server listening on port %d.", options.port); -- if (listen(listen_sock, 5) < 0) -- fatal("listen: %.100s", strerror(errno)); -- - /* Generate an rsa key. */ - log_msg("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(&sensitive_data.private_key, &public_key, -@@ -1115,7 +1177,6 @@ +@@ -1115,7 +1126,6 @@ /* Arrange SIGCHLD to be caught. */ signal(SIGCHLD, main_sigchld_handler); @@ -270,7 +49,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ #ifdef KRB5 /* Initialize contexts and setup replay cache */ if (!ssh_context) -@@ -1128,7 +1189,6 @@ +@@ -1128,7 +1138,6 @@ krb5_init_ets(ssh_context); } #endif @@ -278,70 +57,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* Stay listening for connections until the system crashes or the daemon is killed with a signal. */ -@@ -1139,9 +1199,15 @@ - - /* Wait in select until there is a connection. */ - FD_ZERO(&fdset); -- FD_SET(listen_sock, &fdset); -- ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); -- if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) -+ maxfd = 0; -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ FD_SET(listen_socks[i], &fdset); -+ if (listen_socks[i] > maxfd) -+ maxfd = listen_socks[i]; -+ } -+ ret = select(maxfd + 1, &fdset, NULL, NULL, NULL); -+ if (ret < 0) - { - if (errno == EINTR) - continue; -@@ -1149,8 +1215,12 @@ - continue; - } - -- aux = sizeof(sin); -- newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux); -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ if (!FD_ISSET(listen_socks[i], &fdset)) -+ continue; -+ aux = sizeof(from); -+ newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux); - if (newsock < 0) - { - if (errno == EINTR) -@@ -1166,7 +1236,7 @@ - /* In debugging mode. Close the listening socket, and start - processing the connection without forking. */ - debug("Server will not fork when running in debugging mode."); -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - pid = getpid(); -@@ -1195,7 +1265,7 @@ - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - #ifdef LIBWRAP -@@ -1233,6 +1303,10 @@ - - /* Close the new socket (the child is now taking care of it). */ - close(newsock); -+ } /* for (i = 0; i < num_host_socks; i++) */ -+ /* child process check (or debug mode) */ -+ if (num_listen_socks < 0) -+ break; - } - } - -@@ -1407,6 +1481,16 @@ +@@ -1407,6 +1416,16 @@ /* Try to remove authentication socket and directory */ auth_delete_socket(NULL); @@ -358,7 +74,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* The connection has been terminated. */ log_msg("Closing connection to %.100s", get_remote_ipaddr()); packet_close(); -@@ -1470,17 +1554,17 @@ +@@ -1470,17 +1489,17 @@ if (options.tis_authentication) auth_mask |= 1 << SSH_AUTH_TIS; #endif @@ -381,7 +97,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ #endif if (options.password_authentication) auth_mask |= 1 << SSH_AUTH_PASSWORD; -@@ -1677,7 +1761,7 @@ +@@ -1677,7 +1696,7 @@ /* XXX No days_before_password_expires calculation here */ } #endif /* HAVE_USERSEC_H */ @@ -390,7 +106,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ { struct spwd *sp; -@@ -1783,56 +1867,62 @@ +@@ -1783,56 +1802,62 @@ endspent(); } #endif /* HAVE_ETC_SHADOW */ @@ -476,7 +192,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ #ifdef HAVE_HPUX_TCB_AUTH { -@@ -2039,7 +2129,7 @@ +@@ -2039,7 +2064,7 @@ } } @@ -485,7 +201,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ grp = getgrgid(pwd->pw_gid); if (grp) group = grp->gr_name; -@@ -2151,12 +2241,12 @@ +@@ -2151,12 +2176,12 @@ unsigned int client_host_key_bits; MP_INT client_host_key_e, client_host_key_n; int password_attempts = 0; @@ -501,7 +217,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ login_cap_t *lc; const char *hostname; const char *ipaddr; -@@ -2167,10 +2257,18 @@ +@@ -2167,10 +2192,18 @@ ipaddr = get_remote_ipaddr(); #endif /* HAVE_LOGIN_CAP_H */ @@ -521,20 +237,16 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* For KRB5 allow the user to input fully qualified name i.e. "username@realm" as the local user name. Then use this name to call out to krb5_aname_to_localname to find if there is a localname -@@ -2203,8 +2301,11 @@ +@@ -2203,7 +2236,7 @@ } else krb5_parse_name(ssh_context, user, &client); -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* KRB5 */ -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = user; -+#endif /* ENABLE_LOG_AUTH */ /* Verify that the user is a valid user. We disallow usernames starting with any characters that are commonly used to start NIS entries. */ - pw = getpwnam(user); -@@ -2218,11 +2319,11 @@ +@@ -2218,11 +2251,11 @@ pwcopy.pw_passwd = xstrdup(pw->pw_passwd); pwcopy.pw_uid = pw->pw_uid; pwcopy.pw_gid = pw->pw_gid; @@ -548,7 +260,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; -@@ -2241,11 +2342,11 @@ +@@ -2241,11 +2274,11 @@ debug("Attempting authentication for %.100s.", user); @@ -563,7 +275,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ #if defined (HAVE_SIA) /* For SIA, only call auth_password() here if the user really has no password. Otherwise, the call would generate misleading -@@ -2254,12 +2355,21 @@ +@@ -2254,9 +2287,13 @@ if (options.password_authentication && sia_no_password(user) && auth_password(user, "")) #else /* defined(HAVE_SIA) */ @@ -579,15 +291,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ { /* Authentication with empty password succeeded. */ debug("Login for user %.100s accepted without authentication.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "empty password accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - /* Success packet will be sent after loop below. */ -@@ -2281,34 +2391,61 @@ +@@ -2281,34 +2318,61 @@ /* Process the packet. */ switch (type) { @@ -657,7 +361,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ case SSH_CMSG_AUTH_KERBEROS: if (!options.kerberos_authentication) { -@@ -2316,9 +2453,10 @@ +@@ -2316,9 +2380,10 @@ log_msg("Kerberos authentication disabled."); break; } @@ -669,19 +373,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ { char *tkt_user; -@@ -2334,6 +2472,11 @@ - /* Client has successfully authenticated to us. */ - log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s", - tkt_user, user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "kerberos authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_KERBEROS; - authenticated = 1; - break; -@@ -2347,11 +2490,31 @@ +@@ -2347,11 +2412,31 @@ } free(tkt_user); } @@ -717,43 +409,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ case SSH_CMSG_AUTH_RHOSTS: if (!options.rhosts_authentication) -@@ -2382,6 +2545,11 @@ - /* Authentication accepted. */ - log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", - user, client_user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS; - authenticated = 1; - remote_user_name = client_user; -@@ -2441,6 +2609,11 @@ - options.strict_modes)) - { - /* Authentication accepted. */ -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts with RSA host authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS_RSA; - authenticated = 1; - remote_user_name = client_user; -@@ -2474,6 +2647,11 @@ - /* Successful authentication. */ - mpz_clear(&n); - log_msg("RSA authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "RSA user authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RSA; - authenticated = 1; - break; -@@ -2568,7 +2746,7 @@ +@@ -2568,7 +2653,7 @@ if (!strncmp(buf, "challenge ", 10) || !strncmp(buf, "chalnecho ", 10)) { snprintf(prompt, sizeof(prompt), @@ -762,19 +418,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ debug("TIS challenge %.500s", buf); packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); packet_put_string(prompt, strlen(prompt)); -@@ -2608,6 +2786,11 @@ - auth_close(); - memset(password, 0, strlen(password)); - xfree(password); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from @%.700s (%s)", -+ user, get_canonical_hostname(), -+ "TIS authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_TIS; - authenticated = 1; - break; -@@ -2657,17 +2840,22 @@ +@@ -2657,11 +2742,11 @@ password_attempts++; /* Try authentication with the password. */ @@ -789,18 +433,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ { /* Successful authentication. */ /* Clear the password from memory. */ - memset(password, 0, strlen(password)); - xfree(password); - log_msg("Password authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "password authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - break; -@@ -2688,7 +2876,7 @@ +@@ -2688,7 +2773,7 @@ if (authenticated) break; @@ -809,7 +442,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* If you forwarded a ticket you get one shot for proper authentication. */ /* If tgt was passed unlink file */ -@@ -2699,7 +2887,7 @@ +@@ -2699,7 +2784,7 @@ else ticket = NULL; } @@ -818,19 +451,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* Send a message indicating that the authentication attempt failed. */ packet_start(SSH_SMSG_FAILURE); -@@ -2708,6 +2896,11 @@ - } - - /* Check if the user is logging in as root and root logins are disallowed. */ -+#ifdef ENABLE_LOG_AUTH -+ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) || -+ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command)) -+ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) - { - if (authentication_type == SSH_AUTH_PASSWORD) -@@ -2724,7 +2917,7 @@ +@@ -2724,7 +2809,7 @@ get_canonical_hostname()); } @@ -839,17 +460,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ lc = login_getclass(pw->pw_class); -@@ -2775,6 +2968,9 @@ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = NULL; -+#endif /* ENABLE_LOG_AUTH */ - - /* Perform session preparation. */ - do_authenticated(pw); -@@ -2965,6 +3161,21 @@ +@@ -2965,6 +3050,21 @@ display = x11_create_display_inet(screen); if (!display) goto fail; @@ -871,12 +482,8 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ break; #else /* XAUTH_PATH */ /* No xauth program; we won't accept forwarding with spoofing. */ -@@ -3280,15 +3491,12 @@ - char line[256]; - struct stat st; - int quiet_login; -- struct sockaddr_in from; -+ struct sockaddr_storage from; +@@ -3283,12 +3383,9 @@ + struct sockaddr_in from; int fromlen; struct pty_cleanup_context cleanup_context; -#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) @@ -889,19 +496,16 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* We no longer need the child running on user's privileges. */ userfile_uninit(); -@@ -3387,9 +3595,9 @@ - - /* Record that there was a login on that terminal. */ +@@ -3389,7 +3486,7 @@ record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, -- &from); -+ (struct sockaddr *)&from); + &from); -#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) +#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) lc = login_getclass(pw->pw_class); #endif -@@ -3398,7 +3606,7 @@ +@@ -3398,7 +3495,7 @@ snprintf(line, sizeof(line), "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; @@ -910,7 +514,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); #endif -@@ -3425,7 +3633,7 @@ +@@ -3425,7 +3522,7 @@ } #endif /* HAVE_SIA */ @@ -919,7 +523,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ if (command == NULL && !quiet_login) { #ifdef HAVE_LOGIN_CAP_H -@@ -3457,7 +3665,7 @@ +@@ -3457,7 +3554,7 @@ FILE *f; /* Print /etc/motd if it exists. */ @@ -928,7 +532,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); #else -@@ -3469,33 +3677,9 @@ +@@ -3469,33 +3566,9 @@ fputs(line, stdout); fclose(f); } @@ -963,15 +567,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ login_close(lc); #endif -@@ -3876,6 +4060,7 @@ - char *user_shell; - char *remote_ip; - int remote_port; -+ int local_port; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - char *real_shell; -@@ -3883,8 +4068,11 @@ +@@ -3883,8 +3956,11 @@ lc = login_getclass(pw->pw_class); auth_checknologin(lc); #else /* !HAVE_LOGIN_CAP_H */ @@ -984,23 +580,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ if ((lc = login_getclass(pw->pw_class)) == NULL) { -@@ -3981,6 +4169,7 @@ - user_shell = xstrdup(pw->pw_shell); - remote_ip = xstrdup(get_remote_ipaddr()); - remote_port = get_remote_port(); -+ local_port = get_local_port(); - - /* Close the connection descriptors; note that this is the child, and the - server will still have the socket open, and it is important that we -@@ -4000,7 +4189,6 @@ - /* Close any extra file descriptors. Note that there may still be - descriptors left by system functions. They will be closed later. */ - endpwent(); -- endhostent(); - - /* Set dummy encryption key to clear information about the key from - memory. This key will never be used. */ -@@ -4019,7 +4207,7 @@ +@@ -4019,7 +4095,7 @@ if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -1009,7 +589,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ char *p, *s, **tmpenv; /* Initialize the new environment. -@@ -4180,10 +4368,23 @@ +@@ -4180,10 +4256,23 @@ and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -1034,16 +614,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* Initialize the environment if not already done. In the first part we allocate space for all environment variables. */ if (env == NULL) -@@ -4257,7 +4458,7 @@ - - /* Set SSH_CLIENT. */ - snprintf(buf, sizeof(buf), -- "%.50s %d %d", remote_ip, remote_port, options.port); -+ "%.50s %d %d", remote_ip, remote_port, local_port); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - /* Set SSH_TTY if we have a pty. */ -@@ -4290,13 +4491,21 @@ +@@ -4290,13 +4379,21 @@ } #endif @@ -1068,60 +639,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ /* Set variable for forwarded authentication connection, if we have one. */ if (auth_get_socket_name() != NULL) -@@ -4426,7 +4635,8 @@ - int i; - char name[255], *p; - char line[256]; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN]; - - strncpy(name, display, sizeof(name)); - name[sizeof(name) - 1] = '\0'; -@@ -4443,7 +4653,10 @@ - /* Moved this call here to avoid a nasty buf in SunOS - 4.1.4 libc where gethostbyname closes an unrelated - file descriptor. */ -- hp = gethostbyname(name); -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) -+ aitop = 0; - - snprintf(line, sizeof(line), - "%.200s -q -", options.xauth_path); -@@ -4461,21 +4674,24 @@ - cp - display, display, cp, auth_proto, - auth_data); - #endif -- if (hp) -+ if (aitop) - { -- for(i = 0; hp->h_addr_list[i]; i++) -+ for (ai = aitop; ai; ai = ai->ai_next) - { -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, -+ NI_NUMERICHOST); -+ if (strchr(ntop, ':')) -+ continue; /* XXX - xauth doesn't accept it */ - if (debug_flag) - { - fprintf(stderr, "Running %s add %s%s %s %s\n", - options.xauth_path, -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - fprintf(f, "add %s%s %s %s\n", -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - } -@@ -4554,7 +4770,7 @@ +@@ -4554,7 +4651,7 @@ /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -1130,7 +648,7 @@ $NetBSD: patch-af,v 1.9 2000/03/06 14:34:18 mjl Exp $ execve(real_shell, argv, env); #else execve(shell, argv, env); -@@ -4579,7 +4795,7 @@ +@@ -4579,7 +4676,7 @@ argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh/patches/patch-ag b/security/ssh/patches/patch-ag index 25ae5ba83fc..b050880a36c 100644 --- a/security/ssh/patches/patch-ag +++ b/security/ssh/patches/patch-ag @@ -1,34 +1,8 @@ -$NetBSD: patch-ag,v 1.3 1999/12/25 05:28:35 kim Exp $ +$NetBSD: patch-ag,v 1.4 2000/03/20 02:25:50 itojun Exp $ ---- log-server.c.orig Wed May 12 07:19:26 1999 -+++ log-server.c Sat Dec 25 00:17:29 1999 -@@ -146,6 +146,25 @@ - syslog(LOG_INFO, "log: %.500s", buf); - } - -+#ifdef ENABLE_LOG_AUTH -+void log_auth(const char *fmt, ...) -+{ -+ char buf[1024]; -+ va_list args; -+ extern int log_auth_flag; -+ if (!log_auth_flag) -+ return; -+ if (log_quiet) -+ return; -+ va_start(args, fmt); -+ vsprintf(buf, fmt, args); -+ va_end(args); -+ if (log_on_stderr) -+ fprintf(stderr, "log: %s\n", buf); -+ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf); -+} -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Converts portable syslog severity to machine-specific syslog severity. */ - - static int syslog_severity(int severity) -@@ -265,9 +284,12 @@ +--- log-server.c- Wed May 12 20:19:26 1999 ++++ log-server.c Mon Mar 20 09:47:23 2000 +@@ -265,9 +265,12 @@ { struct fatal_cleanup *cu, *next_cu; static int fatal_called = 0; @@ -43,7 +17,7 @@ $NetBSD: patch-ag,v 1.3 1999/12/25 05:28:35 kim Exp $ if (!fatal_called) { -@@ -281,19 +303,27 @@ +@@ -281,19 +284,27 @@ (unsigned long)cu->proc, (unsigned long)cu->context); (*cu->proc)(cu->context); } @@ -73,25 +47,3 @@ $NetBSD: patch-ag,v 1.3 1999/12/25 05:28:35 kim Exp $ } } -@@ -322,6 +352,9 @@ - { - char buf[1024]; - va_list args; -+#ifdef ENABLE_LOG_AUTH -+ extern char *unauthenticated_user; -+#endif /* ENABLE_LOG_AUTH */ - - if (log_quiet) - exit(1); -@@ -331,6 +364,11 @@ - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); - syslog(syslog_severity(severity), "fatal: %.500s", buf); -+#ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - - do_fatal_cleanups(); - diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai index dfbecc62bbe..6189cc955b5 100644 --- a/security/ssh/patches/patch-ai +++ b/security/ssh/patches/patch-ai @@ -1,8 +1,8 @@ -$NetBSD: patch-ai,v 1.5 1999/12/25 05:28:35 kim Exp $ +$NetBSD: patch-ai,v 1.6 2000/03/20 02:25:50 itojun Exp $ ---- scp.c.orig Wed May 12 07:19:28 1999 -+++ scp.c Fri Dec 24 21:54:17 1999 -@@ -180,6 +180,19 @@ +--- scp.c- Wed May 12 20:19:28 1999 ++++ scp.c Mon Mar 20 09:53:06 2000 +@@ -180,6 +180,11 @@ #define STDERR_FILENO 2 #endif @@ -11,36 +11,10 @@ $NetBSD: patch-ai,v 1.5 1999/12/25 05:28:35 kim Exp $ +int nofwd = 0; +#endif /* AFS */ + -+/* This is set to non-zero if IPv4 is desired. */ -+int IPv4 = 0; -+ -+#ifdef ENABLE_IPV6 -+/* This is set to non-zero if IPv6 is desired. */ -+int IPv6 = 0; -+#endif -+ /* This is set to non-zero to enable verbose mode. */ int verbose = 0; -@@ -295,8 +308,17 @@ - } - args[i++] = "-x"; - args[i++] = "-a"; -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ args[i++] = "-A"; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - args[i++] = "-oFallBackToRsh no"; - args[i++] = "-oClearAllForwardings yes"; -+ if (IPv4) -+ args[i++] = "-4"; -+#ifdef ENABLE_IPV6 -+ if (IPv6) -+ args[i++] = "-6"; -+#endif - if (verbose) - args[i++] = "-v"; - if (compress) -@@ -305,6 +327,10 @@ +@@ -305,6 +310,10 @@ args[i++] = "-P"; if (batchmode) args[i++] = "-oBatchMode yes"; @@ -51,32 +25,20 @@ $NetBSD: patch-ai,v 1.5 1999/12/25 05:28:35 kim Exp $ if (cipher != NULL) { args[i++] = "-c"; -@@ -441,8 +467,23 @@ +@@ -441,7 +450,11 @@ statistics = 0; fflag = tflag = 0; - while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) -+ while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4" ++ while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S" +#ifdef AFS + "k" +#endif -+#ifdef ENABLE_IPV6 -+ "6" -+#endif + )) != EOF) switch(ch) { /* User-visible flags. */ -+ case '4': -+ IPv4 = 1; -+ break; -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv6 = 1; -+ break; -+#endif case 'S': ssh_program = optarg; - break; -@@ -490,6 +531,11 @@ +@@ -490,6 +503,11 @@ case 'r': iamrecursive = 1; break; @@ -88,85 +50,3 @@ $NetBSD: patch-ai,v 1.5 1999/12/25 05:28:35 kim Exp $ /* Server options. */ case 'd': targetshouldbedirectory = 1; -@@ -589,6 +635,17 @@ - exit(errs != 0); - } - -+char * -+cleanhostname(host) -+ char *host; -+{ -+ if (*host == '[' && host[strlen(host) - 1] == ']') { -+ host[strlen(host) - 1] = '\0'; -+ return (host + 1); -+ } else -+ return host; -+} -+ - void - toremote(targ, argc, argv) - char *targ, *argv[]; -@@ -644,6 +701,7 @@ - bp = xmalloc(len); - if (host) { - *host++ = 0; -+ host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; -@@ -655,13 +713,15 @@ - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -- } else -+ } else { -+ host = cleanhostname(argv[i]); - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -- argv[i], cmd, src, -+ host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -+ } - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; -@@ -671,7 +731,7 @@ - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -- host = thost; -+ host = cleanhostname(thost); - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); -@@ -721,6 +781,7 @@ - else if (!okname(suser)) - continue; - } -+ host = cleanhostname(host); - len = strlen(src) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -f %s", cmd, src); -@@ -1365,11 +1426,19 @@ - colon(cp) - char *cp; - { -+ int flag = 0; -+ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); -+ if (*cp == '[') -+ flag = 1; - - for (; *cp; ++cp) { -- if (*cp == ':') -+ if (*cp == '@' && *(cp+1) == '[') -+ flag = 1; -+ if (*cp == ']' && *(cp+1) == ':' && flag) -+ return (cp+1); -+ if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return (0); diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj index 59c6550889a..9848a82e221 100644 --- a/security/ssh/patches/patch-aj +++ b/security/ssh/patches/patch-aj @@ -1,7 +1,7 @@ -$NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +$NetBSD: patch-aj,v 1.12 2000/03/20 02:25:51 itojun Exp $ ---- configure.orig Wed May 12 20:20:06 1999 -+++ configure Sat Mar 18 13:22:06 2000 +--- configure- Wed May 12 20:20:06 1999 ++++ configure Mon Mar 20 10:00:02 2000 @@ -1,7 +1,7 @@ #! /bin/sh @@ -11,46 +11,23 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation -@@ -12,6 +12,9 @@ - ac_default_prefix=/usr/local - # Any additions from configure.in: - ac_help="$ac_help -+ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support" -+ac_help="$ac_help - --enable-deprecated-linux-pw-encrypt - Enable using of deprecated linx pw_encrypt function." - ac_help="$ac_help -@@ -49,9 +52,13 @@ +@@ -49,9 +49,13 @@ ac_help="$ac_help --with-tis[=DIR] Enable support for TIS authentication server." ac_help="$ac_help - --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support." + --with-krb4[=PATH] Compile in Kerberos v4 support." -+ac_help="$ac_help + ac_help="$ac_help +- --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket." + --with-krb5[=PATH] Compile in Kerberos v5 support." +ac_help="$ac_help + --with-afs Compile in AFS support (requires KTH krb4)." - ac_help="$ac_help -- --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket." ++ac_help="$ac_help + --with-hesiod[=PATH] Compile in Hesiod support." ac_help="$ac_help --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support." ac_help="$ac_help -@@ -83,6 +90,12 @@ - ac_help="$ac_help - --disable-tcp-nodelay Disable TCP_NODELAY socket option" - ac_help="$ac_help -+ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support" -+ac_help="$ac_help -+ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support" -+ac_help="$ac_help - --enable-so-linger Enable setting SO_LINGER socket option" - ac_help="$ac_help - --without-scp-stats Without scp statistics code" -@@ -130,6 +143,7 @@ +@@ -130,6 +134,7 @@ # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= @@ -58,7 +35,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 -@@ -413,7 +427,7 @@ +@@ -413,7 +418,7 @@ verbose=yes ;; -version | --version | --versio | --versi | --vers) @@ -67,7 +44,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ exit 0 ;; -with-* | --with-*) -@@ -583,9 +597,11 @@ +@@ -583,9 +588,11 @@ # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' @@ -80,7 +57,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then -@@ -626,33 +642,33 @@ +@@ -626,33 +633,33 @@ # Make sure we can run config.sub. @@ -91,7 +68,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:635: checking host system type" >&5 -+echo "configure:651: checking host system type" >&5 ++echo "configure:642: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -115,16 +92,16 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo $ac_n "checking cached information""... $ac_c" 1>&6 -echo "configure:656: checking cached information" >&5 -+echo "configure:672: checking cached information" >&5 ++echo "configure:663: checking cached information" >&5 hostcheck="$host" if eval "test \"`echo '$''{'ac_cv_hostcheck'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -671,15 +687,16 @@ +@@ -671,15 +678,16 @@ # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:675: checking for $ac_word" >&5 -+echo "configure:691: checking for $ac_word" >&5 ++echo "configure:682: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -139,12 +116,12 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" -@@ -700,16 +717,17 @@ +@@ -700,16 +708,17 @@ # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:704: checking for $ac_word" >&5 -+echo "configure:721: checking for $ac_word" >&5 ++echo "configure:712: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -160,7 +137,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then -@@ -744,25 +762,61 @@ +@@ -744,25 +753,61 @@ echo "$ac_t""no" 1>&6 fi @@ -170,7 +147,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -+echo "configure:772: checking for $ac_word" >&5 ++echo "configure:763: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else @@ -203,7 +180,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:752: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 -+echo "configure:804: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ++echo "configure:795: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -217,17 +194,17 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ -#line 762 "configure" +cat > conftest.$ac_ext << EOF + -+#line 815 "configure" ++#line 806 "configure" #include "confdefs.h" + main(){return(0);} EOF -if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:811: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then -@@ -776,18 +830,24 @@ +@@ -776,18 +821,24 @@ ac_cv_prog_cc_works=no fi rm -fr conftest* @@ -244,26 +221,26 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:786: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -+echo "configure:846: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 ++echo "configure:837: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:791: checking whether we are using GNU C" >&5 -+echo "configure:851: checking whether we are using GNU C" >&5 ++echo "configure:842: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -796,7 +856,7 @@ +@@ -796,7 +847,7 @@ yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:800: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then -+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:860: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ++if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:851: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no -@@ -807,11 +867,15 @@ +@@ -807,11 +858,15 @@ if test $ac_cv_prog_gcc = yes; then GCC=yes @@ -280,11 +257,11 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +ac_save_CFLAGS="$CFLAGS" +CFLAGS= +echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -+echo "configure:879: checking whether ${CC-cc} accepts -g" >&5 ++echo "configure:870: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -826,20 +890,104 @@ +@@ -826,20 +881,104 @@ fi echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 @@ -308,7 +285,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +fi + +echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -+echo "configure:911: checking how to run the C preprocessor" >&5 ++echo "configure:902: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= @@ -325,13 +302,13 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext <<EOF -+#line 926 "configure" ++#line 917 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:932: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:923: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : @@ -342,13 +319,13 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext <<EOF -+#line 943 "configure" ++#line 934 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : @@ -359,13 +336,13 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext <<EOF -+#line 960 "configure" ++#line 951 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -+{ (eval echo configure:966: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:957: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : @@ -382,223 +359,20 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" -+fi + fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" - fi ++fi +echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:843: checking for POSIXized ISC" >&5 -+echo "configure:991: checking for POSIXized ISC" >&5 ++echo "configure:982: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then -@@ -860,6 +1008,202 @@ - fi - - -+echo $ac_n "checking whether to enable ipv6""... $ac_c" 1>&6 -+echo "configure:1013: checking whether to enable ipv6" >&5 -+# Check whether --enable-ipv6 or --disable-ipv6 was given. -+if test "${enable_ipv6+set}" = set; then -+ enableval="$enable_ipv6" -+ case "$enableval" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ipv6=no -+ ;; -+ *) echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_IPV6 1 -+EOF -+ -+ ipv6=yes -+ ;; -+ esac -+else -+ if test "$cross_compiling" = yes; then -+ echo "$ac_t""no" 1>&6 -+ ipv6=no -+ -+else -+ cat > conftest.$ac_ext <<EOF -+#line 1037 "configure" -+#include "confdefs.h" -+ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+ -+EOF -+if { (eval echo configure:1051: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -+then -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_IPV6 1 -+EOF -+ -+ ipv6=yes -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -fr conftest* -+ echo "$ac_t""no" 1>&6 -+ ipv6=no -+fi -+rm -fr conftest* -+fi -+ -+fi -+ -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ echo $ac_n "checking ipv6 stack type""... $ac_c" 1>&6 -+echo "configure:1077: checking ipv6 stack type" >&5 -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ cat > conftest.$ac_ext <<EOF -+#line 1082 "configure" -+#include "confdefs.h" -+dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ kame) -+ cat > conftest.$ac_ext <<EOF -+#line 1101 "configure" -+#include "confdefs.h" -+dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ linux) -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ cat > conftest.$ac_ext <<EOF -+#line 1128 "configure" -+#include "confdefs.h" -+dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ v6d) -+ cat > conftest.$ac_ext <<EOF -+#line 1149 "configure" -+#include "confdefs.h" -+dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ zeta) -+ cat > conftest.$ac_ext <<EOF -+#line 1170 "configure" -+#include "confdefs.h" -+dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "yes" >/dev/null 2>&1; then -+ rm -rf conftest* -+ ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS" -+fi -+rm -f conftest* -+ -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ echo "$ac_t""$ipv6type" 1>&6 -+fi -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ - cat >> confdefs.h <<EOF - #define HOSTTYPE "$host" - EOF -@@ -876,20 +1220,12 @@ +@@ -876,20 +1015,12 @@ ;; *-*-solaris*) # solaris stuff. appro@fy.chalmers.se @@ -623,12 +397,12 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ;; *-*-sunos*) os_sunos=yes -@@ -931,14 +1267,14 @@ +@@ -931,14 +1062,14 @@ no_shadows_password_checking=yes # We want support for <proj.h> eivind@ii.uib.no cat > conftest.$ac_ext <<EOF -#line 935 "configure" -+#line 1271 "configure" ++#line 1066 "configure" #include "confdefs.h" #include <proj.h> int main() { @@ -636,124 +410,124 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1278: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1073: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_SGI_PROJ_H 1 -@@ -953,7 +1289,7 @@ +@@ -953,7 +1084,7 @@ *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4) os_aix=yes echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 -echo "configure:957: checking for getuserattr in -ls" >&5 -+echo "configure:1293: checking for getuserattr in -ls" >&5 ++echo "configure:1088: checking for getuserattr in -ls" >&5 ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -961,7 +1297,7 @@ +@@ -961,7 +1092,7 @@ ac_save_LIBS="$LIBS" LIBS="-ls $LIBS" cat > conftest.$ac_ext <<EOF -#line 965 "configure" -+#line 1301 "configure" ++#line 1096 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -972,7 +1308,7 @@ +@@ -972,7 +1103,7 @@ getuserattr() ; return 0; } EOF -if { (eval echo configure:976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1004,7 +1340,7 @@ +@@ -1004,7 +1135,7 @@ no_utmpx=yes os_aix=yes echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 -echo "configure:1008: checking for getuserattr in -ls" >&5 -+echo "configure:1344: checking for getuserattr in -ls" >&5 ++echo "configure:1139: checking for getuserattr in -ls" >&5 ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1012,7 +1348,7 @@ +@@ -1012,7 +1143,7 @@ ac_save_LIBS="$LIBS" LIBS="-ls $LIBS" cat > conftest.$ac_ext <<EOF -#line 1016 "configure" -+#line 1352 "configure" ++#line 1147 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1023,7 +1359,7 @@ +@@ -1023,7 +1154,7 @@ getuserattr() ; return 0; } EOF -if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1158: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1054,7 +1390,7 @@ +@@ -1054,7 +1185,7 @@ *-ibm-aix*) os_aix=yes echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 -echo "configure:1058: checking for getuserattr in -ls" >&5 -+echo "configure:1394: checking for getuserattr in -ls" >&5 ++echo "configure:1189: checking for getuserattr in -ls" >&5 ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1062,7 +1398,7 @@ +@@ -1062,7 +1193,7 @@ ac_save_LIBS="$LIBS" LIBS="-ls $LIBS" cat > conftest.$ac_ext <<EOF -#line 1066 "configure" -+#line 1402 "configure" ++#line 1197 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1073,7 +1409,7 @@ +@@ -1073,7 +1204,7 @@ getuserattr() ; return 0; } EOF -if { (eval echo configure:1077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1413: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1123,7 +1459,7 @@ +@@ -1123,7 +1254,7 @@ # Ultrix shadow passwords implemented in auth-passwd.c. no_shadows_password_checking=yes echo $ac_n "checking for authenticate_user in -lauth""... $ac_c" 1>&6 -echo "configure:1127: checking for authenticate_user in -lauth" >&5 -+echo "configure:1463: checking for authenticate_user in -lauth" >&5 ++echo "configure:1258: checking for authenticate_user in -lauth" >&5 ac_lib_var=`echo auth'_'authenticate_user | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1131,7 +1467,7 @@ +@@ -1131,7 +1262,7 @@ ac_save_LIBS="$LIBS" LIBS="-lauth $LIBS" cat > conftest.$ac_ext <<EOF -#line 1135 "configure" -+#line 1471 "configure" ++#line 1266 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1142,7 +1478,7 @@ +@@ -1142,7 +1273,7 @@ authenticate_user() ; return 0; } EOF -if { (eval echo configure:1146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1277: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1170,14 +1506,14 @@ +@@ -1170,14 +1301,14 @@ fi cat > conftest.$ac_ext <<EOF -#line 1174 "configure" -+#line 1510 "configure" ++#line 1305 "configure" #include "confdefs.h" #include <syslog.h> int main() { @@ -761,344 +535,344 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:1181: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1517: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1312: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then : else echo "configure: failed program was:" >&5 -@@ -1215,7 +1551,7 @@ +@@ -1215,7 +1346,7 @@ CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" fi echo $ac_n "checking for HPUX tcb auth option""... $ac_c" 1>&6 -echo "configure:1219: checking for HPUX tcb auth option" >&5 -+echo "configure:1555: checking for HPUX tcb auth option" >&5 ++echo "configure:1350: checking for HPUX tcb auth option" >&5 if test -f /tcb/files/auth/system/pw_id_map; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF -@@ -1227,7 +1563,7 @@ +@@ -1227,7 +1358,7 @@ echo "$ac_t""no" 1>&6 fi echo $ac_n "checking for keyserv""... $ac_c" 1>&6 -echo "configure:1231: checking for keyserv" >&5 -+echo "configure:1567: checking for keyserv" >&5 ++echo "configure:1362: checking for keyserv" >&5 if test -f /usr/sbin/keyserv; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF -@@ -1256,7 +1592,7 @@ +@@ -1256,7 +1387,7 @@ # The man page says that we need -lsecurity -ldb -laud -lm to quickstart # programs using enchanced security. echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 -echo "configure:1260: checking for set_auth_parameters in -lsecurity" >&5 -+echo "configure:1596: checking for set_auth_parameters in -lsecurity" >&5 ++echo "configure:1391: checking for set_auth_parameters in -lsecurity" >&5 ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1264,7 +1600,7 @@ +@@ -1264,7 +1395,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <<EOF -#line 1268 "configure" -+#line 1604 "configure" ++#line 1399 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1275,7 +1611,7 @@ +@@ -1275,7 +1406,7 @@ set_auth_parameters() ; return 0; } EOF -if { (eval echo configure:1279: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1615: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1303,7 +1639,7 @@ +@@ -1303,7 +1434,7 @@ fi echo $ac_n "checking for audgen in -laud""... $ac_c" 1>&6 -echo "configure:1307: checking for audgen in -laud" >&5 -+echo "configure:1643: checking for audgen in -laud" >&5 ++echo "configure:1438: checking for audgen in -laud" >&5 ac_lib_var=`echo aud'_'audgen | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1311,7 +1647,7 @@ +@@ -1311,7 +1442,7 @@ ac_save_LIBS="$LIBS" LIBS="-laud $LIBS" cat > conftest.$ac_ext <<EOF -#line 1315 "configure" -+#line 1651 "configure" ++#line 1446 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1322,7 +1658,7 @@ +@@ -1322,7 +1453,7 @@ audgen() ; return 0; } EOF -if { (eval echo configure:1326: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1350,7 +1686,7 @@ +@@ -1350,7 +1481,7 @@ fi echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 -echo "configure:1354: checking for dbopen in -ldb" >&5 -+echo "configure:1690: checking for dbopen in -ldb" >&5 ++echo "configure:1485: checking for dbopen in -ldb" >&5 ac_lib_var=`echo db'_'dbopen | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1358,7 +1694,7 @@ +@@ -1358,7 +1489,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldb $LIBS" cat > conftest.$ac_ext <<EOF -#line 1362 "configure" -+#line 1698 "configure" ++#line 1493 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1369,7 +1705,7 @@ +@@ -1369,7 +1500,7 @@ dbopen() ; return 0; } EOF -if { (eval echo configure:1373: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1504: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1397,7 +1733,7 @@ +@@ -1397,7 +1528,7 @@ fi echo $ac_n "checking for sin in -lm""... $ac_c" 1>&6 -echo "configure:1401: checking for sin in -lm" >&5 -+echo "configure:1737: checking for sin in -lm" >&5 ++echo "configure:1532: checking for sin in -lm" >&5 ac_lib_var=`echo m'_'sin | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1405,7 +1741,7 @@ +@@ -1405,7 +1536,7 @@ ac_save_LIBS="$LIBS" LIBS="-lm $LIBS" cat > conftest.$ac_ext <<EOF -#line 1409 "configure" -+#line 1745 "configure" ++#line 1540 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1416,7 +1752,7 @@ +@@ -1416,7 +1547,7 @@ sin() ; return 0; } EOF -if { (eval echo configure:1420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1756: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1446,12 +1782,12 @@ +@@ -1446,12 +1577,12 @@ for ac_func in setluid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1450: checking for $ac_func" >&5 -+echo "configure:1786: checking for $ac_func" >&5 ++echo "configure:1581: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1455 "configure" -+#line 1791 "configure" ++#line 1586 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -1474,7 +1810,7 @@ +@@ -1474,7 +1605,7 @@ ; return 0; } EOF -if { (eval echo configure:1478: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1609: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -1507,7 +1843,7 @@ +@@ -1507,7 +1638,7 @@ OLD_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -I." cat > conftest.$ac_ext <<EOF -#line 1511 "configure" -+#line 1847 "configure" ++#line 1642 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/security.h> -@@ -1516,7 +1852,7 @@ +@@ -1516,7 +1647,7 @@ ; return 0; } EOF -if { (eval echo configure:1520: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:1856: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1651: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then : else echo "configure: failed program was:" >&5 -@@ -1545,12 +1881,12 @@ +@@ -1545,12 +1676,12 @@ *-*-linux*|*-*-mklinux*) CFLAGS="-D_GNU_SOURCE $CFLAGS" echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:1549: checking for getspnam" >&5 -+echo "configure:1885: checking for getspnam" >&5 ++echo "configure:1680: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1554 "configure" -+#line 1890 "configure" ++#line 1685 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getspnam(); below. */ -@@ -1573,7 +1909,7 @@ +@@ -1573,7 +1704,7 @@ ; return 0; } EOF -if { (eval echo configure:1577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1913: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else -@@ -1594,7 +1930,7 @@ +@@ -1594,7 +1725,7 @@ if test $ac_cv_func_getspnam = no; then echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 -echo "configure:1598: checking for getspnam in -lshadow" >&5 -+echo "configure:1934: checking for getspnam in -lshadow" >&5 ++echo "configure:1729: checking for getspnam in -lshadow" >&5 ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1602,7 +1938,7 @@ +@@ -1602,7 +1733,7 @@ ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <<EOF -#line 1606 "configure" -+#line 1942 "configure" ++#line 1737 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1613,7 +1949,7 @@ +@@ -1613,7 +1744,7 @@ getspnam() ; return 0; } EOF -if { (eval echo configure:1617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:1953: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1748: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1651,12 +1987,12 @@ +@@ -1651,12 +1782,12 @@ for ac_func in pw_encrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1655: checking for $ac_func" >&5 -+echo "configure:1991: checking for $ac_func" >&5 ++echo "configure:1786: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1660 "configure" -+#line 1996 "configure" ++#line 1791 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -1679,7 +2015,7 @@ +@@ -1679,7 +1810,7 @@ ; return 0; } EOF -if { (eval echo configure:1683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -1705,7 +2041,7 @@ +@@ -1705,7 +1836,7 @@ if test $ac_cv_func_pw_encrypt = no; then echo $ac_n "checking for pw_encrypt in -lshadow""... $ac_c" 1>&6 -echo "configure:1709: checking for pw_encrypt in -lshadow" >&5 -+echo "configure:2045: checking for pw_encrypt in -lshadow" >&5 ++echo "configure:1840: checking for pw_encrypt in -lshadow" >&5 ac_lib_var=`echo shadow'_'pw_encrypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1713,7 +2049,7 @@ +@@ -1713,7 +1844,7 @@ ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <<EOF -#line 1717 "configure" -+#line 2053 "configure" ++#line 1848 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1724,7 +2060,7 @@ +@@ -1724,7 +1855,7 @@ pw_encrypt() ; return 0; } EOF -if { (eval echo configure:1728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1748,7 +2084,7 @@ +@@ -1748,7 +1879,7 @@ fi echo $ac_n "checking whether to enable pw_encrypt""... $ac_c" 1>&6 -echo "configure:1752: checking whether to enable pw_encrypt" >&5 -+echo "configure:2088: checking whether to enable pw_encrypt" >&5 ++echo "configure:1883: checking whether to enable pw_encrypt" >&5 # Check whether --enable-deprecated-linux-pw-encrypt or --disable-deprecated-linux-pw-encrypt was given. if test "${enable_deprecated_linux_pw_encrypt+set}" = set; then enableval="$enable_deprecated_linux_pw_encrypt" -@@ -1825,7 +2161,7 @@ +@@ -1825,7 +1956,7 @@ EOF echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 -echo "configure:1829: checking for openlog in -lgen" >&5 -+echo "configure:2165: checking for openlog in -lgen" >&5 ++echo "configure:1960: checking for openlog in -lgen" >&5 ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1833,7 +2169,7 @@ +@@ -1833,7 +1964,7 @@ ac_save_LIBS="$LIBS" LIBS="-lgen $LIBS" cat > conftest.$ac_ext <<EOF -#line 1837 "configure" -+#line 2173 "configure" ++#line 1968 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1844,7 +2180,7 @@ +@@ -1844,7 +1975,7 @@ openlog() ; return 0; } EOF -if { (eval echo configure:1848: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2184: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1874,7 +2210,7 @@ +@@ -1874,7 +2005,7 @@ ;; *-*-sysv4*) echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 -echo "configure:1878: checking for openlog in -lgen" >&5 -+echo "configure:2214: checking for openlog in -lgen" >&5 ++echo "configure:2009: checking for openlog in -lgen" >&5 ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -1882,7 +2218,7 @@ +@@ -1882,7 +2013,7 @@ ac_save_LIBS="$LIBS" LIBS="-lgen $LIBS" cat > conftest.$ac_ext <<EOF -#line 1886 "configure" -+#line 2222 "configure" ++#line 2017 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -1893,7 +2229,7 @@ +@@ -1893,7 +2024,7 @@ openlog() ; return 0; } EOF -if { (eval echo configure:1897: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:2233: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2028: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -1989,24 +2325,18 @@ +@@ -1989,24 +2120,18 @@ export CFLAGS CC @@ -1111,32 +885,32 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 -echo "configure:2001: checking that the compiler works" >&5 -+echo "configure:2331: checking that the compiler works" >&5 ++echo "configure:2126: checking that the compiler works" >&5 if test "$cross_compiling" = yes; then { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 2006 "configure" -+#line 2336 "configure" ++#line 2131 "configure" #include "confdefs.h" main(int ac, char **av) { return 0; } EOF -if { (eval echo configure:2010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2135: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then echo "$ac_t""yes" 1>&6 else -@@ -2023,18 +2353,18 @@ +@@ -2023,18 +2148,18 @@ if test -z "$no_pipe"; then if test -n "$GCC"; then echo $ac_n "checking if the compiler understands -pipe""... $ac_c" 1>&6 -echo "configure:2027: checking if the compiler understands -pipe" >&5 -+echo "configure:2357: checking if the compiler understands -pipe" >&5 ++echo "configure:2152: checking if the compiler understands -pipe" >&5 OLDCC="$CC" CC="$CC -pipe" cat > conftest.$ac_ext <<EOF -#line 2031 "configure" -+#line 2361 "configure" ++#line 2156 "configure" #include "confdefs.h" int main() { @@ -1144,44 +918,44 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:2038: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2368: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2163: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* echo "$ac_t""yes" 1>&6 else -@@ -2049,7 +2379,7 @@ +@@ -2049,7 +2174,7 @@ fi echo $ac_n "checking whether to enable -Wall""... $ac_c" 1>&6 -echo "configure:2053: checking whether to enable -Wall" >&5 -+echo "configure:2383: checking whether to enable -Wall" >&5 ++echo "configure:2178: checking whether to enable -Wall" >&5 # Check whether --enable-warnings or --disable-warnings was given. if test "${enable_warnings+set}" = set; then enableval="$enable_warnings" -@@ -2063,12 +2393,12 @@ +@@ -2063,12 +2188,12 @@ echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:2067: checking return type of signal handlers" >&5 -+echo "configure:2397: checking return type of signal handlers" >&5 ++echo "configure:2192: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2072 "configure" -+#line 2402 "configure" ++#line 2197 "configure" #include "confdefs.h" #include <sys/types.h> #include <signal.h> -@@ -2085,7 +2415,7 @@ +@@ -2085,7 +2210,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:2089: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2214: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else -@@ -2103,74 +2433,13 @@ +@@ -2103,74 +2228,13 @@ EOF @@ -1248,79 +1022,79 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ - echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:2169: checking for ANSI C header files" >&5 -+echo "configure:2438: checking for ANSI C header files" >&5 ++echo "configure:2233: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2174 "configure" -+#line 2443 "configure" ++#line 2238 "configure" #include "confdefs.h" #include <stdlib.h> #include <stdarg.h> -@@ -2178,8 +2447,8 @@ +@@ -2178,8 +2242,8 @@ #include <float.h> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:2451: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2246: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* ac_cv_header_stdc=yes -@@ -2195,7 +2464,7 @@ +@@ -2195,7 +2259,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext <<EOF -#line 2199 "configure" -+#line 2468 "configure" ++#line 2263 "configure" #include "confdefs.h" #include <string.h> EOF -@@ -2213,7 +2482,7 @@ +@@ -2213,7 +2277,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext <<EOF -#line 2217 "configure" -+#line 2486 "configure" ++#line 2281 "configure" #include "confdefs.h" #include <stdlib.h> EOF -@@ -2234,7 +2503,7 @@ +@@ -2234,7 +2298,7 @@ : else cat > conftest.$ac_ext <<EOF -#line 2238 "configure" -+#line 2507 "configure" ++#line 2302 "configure" #include "confdefs.h" #include <ctype.h> #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -2245,7 +2514,7 @@ +@@ -2245,7 +2309,7 @@ exit (0); } EOF -if { (eval echo configure:2249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2518: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else -@@ -2269,12 +2538,12 @@ +@@ -2269,12 +2333,12 @@ fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:2273: checking for size_t" >&5 -+echo "configure:2542: checking for size_t" >&5 ++echo "configure:2337: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2278 "configure" -+#line 2547 "configure" ++#line 2342 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS -@@ -2283,7 +2552,7 @@ +@@ -2283,7 +2347,7 @@ #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | @@ -1329,37 +1103,37 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ rm -rf conftest* ac_cv_type_size_t=yes else -@@ -2302,12 +2571,12 @@ +@@ -2302,12 +2366,12 @@ fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:2306: checking for uid_t in sys/types.h" >&5 -+echo "configure:2575: checking for uid_t in sys/types.h" >&5 ++echo "configure:2370: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2311 "configure" -+#line 2580 "configure" ++#line 2375 "configure" #include "confdefs.h" #include <sys/types.h> EOF -@@ -2336,12 +2605,12 @@ +@@ -2336,12 +2400,12 @@ fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:2340: checking for off_t" >&5 -+echo "configure:2609: checking for off_t" >&5 ++echo "configure:2404: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2345 "configure" -+#line 2614 "configure" ++#line 2409 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS -@@ -2350,7 +2619,7 @@ +@@ -2350,7 +2414,7 @@ #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | @@ -1368,22 +1142,22 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ rm -rf conftest* ac_cv_type_off_t=yes else -@@ -2369,12 +2638,12 @@ +@@ -2369,12 +2433,12 @@ fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:2373: checking for mode_t" >&5 -+echo "configure:2642: checking for mode_t" >&5 ++echo "configure:2437: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2378 "configure" -+#line 2647 "configure" ++#line 2442 "configure" #include "confdefs.h" #include <sys/types.h> #if STDC_HEADERS -@@ -2383,7 +2652,7 @@ +@@ -2383,7 +2447,7 @@ #endif EOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | @@ -1392,60 +1166,60 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ rm -rf conftest* ac_cv_type_mode_t=yes else -@@ -2402,12 +2671,12 @@ +@@ -2402,12 +2466,12 @@ fi echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 -echo "configure:2406: checking for st_blksize in struct stat" >&5 -+echo "configure:2675: checking for st_blksize in struct stat" >&5 ++echo "configure:2470: checking for st_blksize in struct stat" >&5 if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2411 "configure" -+#line 2680 "configure" ++#line 2475 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/stat.h> -@@ -2415,7 +2684,7 @@ +@@ -2415,7 +2479,7 @@ struct stat s; s.st_blksize; ; return 0; } EOF -if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2688: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2483: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_struct_st_blksize=yes else -@@ -2437,12 +2706,12 @@ +@@ -2437,12 +2501,12 @@ echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:2441: checking for working const" >&5 -+echo "configure:2710: checking for working const" >&5 ++echo "configure:2505: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2446 "configure" -+#line 2715 "configure" ++#line 2510 "configure" #include "confdefs.h" int main() { -@@ -2491,7 +2760,7 @@ +@@ -2491,7 +2555,7 @@ ; return 0; } EOF -if { (eval echo configure:2495: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2764: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2559: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else -@@ -2512,21 +2781,21 @@ +@@ -2512,21 +2576,21 @@ fi echo $ac_n "checking for inline""... $ac_c" 1>&6 -echo "configure:2516: checking for inline" >&5 -+echo "configure:2785: checking for inline" >&5 ++echo "configure:2580: checking for inline" >&5 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1453,7 +1227,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ for ac_kw in inline __inline__ __inline; do cat > conftest.$ac_ext <<EOF -#line 2523 "configure" -+#line 2792 "configure" ++#line 2587 "configure" #include "confdefs.h" int main() { @@ -1461,16 +1235,16 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:2530: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2594: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_inline=$ac_kw; break else -@@ -2552,14 +2821,14 @@ +@@ -2552,14 +2616,14 @@ esac echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:2556: checking whether byte ordering is bigendian" >&5 -+echo "configure:2825: checking whether byte ordering is bigendian" >&5 ++echo "configure:2620: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1478,300 +1252,300 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext <<EOF -#line 2563 "configure" -+#line 2832 "configure" ++#line 2627 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/param.h> -@@ -2570,11 +2839,11 @@ +@@ -2570,11 +2634,11 @@ #endif ; return 0; } EOF -if { (eval echo configure:2574: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2843: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext <<EOF -#line 2578 "configure" -+#line 2847 "configure" ++#line 2642 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/param.h> -@@ -2585,7 +2854,7 @@ +@@ -2585,7 +2649,7 @@ #endif ; return 0; } EOF -if { (eval echo configure:2589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:2858: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2653: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else -@@ -2605,7 +2874,7 @@ +@@ -2605,7 +2669,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 2609 "configure" -+#line 2878 "configure" ++#line 2673 "configure" #include "confdefs.h" main () { /* Are we little or big endian? From Harbison&Steele. */ -@@ -2618,7 +2887,7 @@ +@@ -2618,7 +2682,7 @@ exit (u.c[sizeof (long) - 1] == 1); } EOF -if { (eval echo configure:2622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2891: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else -@@ -2642,7 +2911,7 @@ +@@ -2642,7 +2706,7 @@ fi echo $ac_n "checking size of long""... $ac_c" 1>&6 -echo "configure:2646: checking size of long" >&5 -+echo "configure:2915: checking size of long" >&5 ++echo "configure:2710: checking size of long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -2650,7 +2919,7 @@ +@@ -2650,7 +2714,7 @@ ac_cv_sizeof_long=4 else cat > conftest.$ac_ext <<EOF -#line 2654 "configure" -+#line 2923 "configure" ++#line 2718 "configure" #include "confdefs.h" #include <stdio.h> main() -@@ -2661,7 +2930,7 @@ +@@ -2661,7 +2725,7 @@ exit(0); } EOF -if { (eval echo configure:2665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2934: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long=`cat conftestval` else -@@ -2681,7 +2950,7 @@ +@@ -2681,7 +2745,7 @@ echo $ac_n "checking size of int""... $ac_c" 1>&6 -echo "configure:2685: checking size of int" >&5 -+echo "configure:2954: checking size of int" >&5 ++echo "configure:2749: checking size of int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -2689,7 +2958,7 @@ +@@ -2689,7 +2753,7 @@ ac_cv_sizeof_int=4 else cat > conftest.$ac_ext <<EOF -#line 2693 "configure" -+#line 2962 "configure" ++#line 2757 "configure" #include "confdefs.h" #include <stdio.h> main() -@@ -2700,7 +2969,7 @@ +@@ -2700,7 +2764,7 @@ exit(0); } EOF -if { (eval echo configure:2704: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:2973: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2768: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int=`cat conftestval` else -@@ -2720,7 +2989,7 @@ +@@ -2720,7 +2784,7 @@ echo $ac_n "checking size of short""... $ac_c" 1>&6 -echo "configure:2724: checking size of short" >&5 -+echo "configure:2993: checking size of short" >&5 ++echo "configure:2788: checking size of short" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -2728,7 +2997,7 @@ +@@ -2728,7 +2792,7 @@ ac_cv_sizeof_short=2 else cat > conftest.$ac_ext <<EOF -#line 2732 "configure" -+#line 3001 "configure" ++#line 2796 "configure" #include "confdefs.h" #include <stdio.h> main() -@@ -2739,7 +3008,7 @@ +@@ -2739,7 +2803,7 @@ exit(0); } EOF -if { (eval echo configure:2743: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:3012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_short=`cat conftestval` else -@@ -2764,18 +3033,18 @@ +@@ -2764,18 +2828,18 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2768: checking for $ac_hdr" >&5 -+echo "configure:3037: checking for $ac_hdr" >&5 ++echo "configure:2832: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2773 "configure" -+#line 3042 "configure" ++#line 2837 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2778: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3047: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2842: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -2807,18 +3076,18 @@ +@@ -2807,18 +2871,18 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2811: checking for $ac_hdr" >&5 -+echo "configure:3080: checking for $ac_hdr" >&5 ++echo "configure:2875: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2816 "configure" -+#line 3085 "configure" ++#line 2880 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3090: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2885: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -2844,9 +3113,9 @@ +@@ -2844,9 +2908,9 @@ done echo $ac_n "checking whether utmpx have ut_syslen field""... $ac_c" 1>&6 -echo "configure:2848: checking whether utmpx have ut_syslen field" >&5 -+echo "configure:3117: checking whether utmpx have ut_syslen field" >&5 ++echo "configure:2912: checking whether utmpx have ut_syslen field" >&5 cat > conftest.$ac_ext <<EOF -#line 2850 "configure" -+#line 3119 "configure" ++#line 2914 "configure" #include "confdefs.h" #include <utmpx.h> EOF -@@ -2867,12 +3136,12 @@ +@@ -2867,12 +2931,12 @@ fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:2871: checking for ANSI C header files" >&5 -+echo "configure:3140: checking for ANSI C header files" >&5 ++echo "configure:2935: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2876 "configure" -+#line 3145 "configure" ++#line 2940 "configure" #include "confdefs.h" #include <stdlib.h> #include <stdarg.h> -@@ -2880,8 +3149,8 @@ +@@ -2880,8 +2944,8 @@ #include <float.h> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3153: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2948: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* ac_cv_header_stdc=yes -@@ -2897,7 +3166,7 @@ +@@ -2897,7 +2961,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext <<EOF -#line 2901 "configure" -+#line 3170 "configure" ++#line 2965 "configure" #include "confdefs.h" #include <string.h> EOF -@@ -2915,7 +3184,7 @@ +@@ -2915,7 +2979,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext <<EOF -#line 2919 "configure" -+#line 3188 "configure" ++#line 2983 "configure" #include "confdefs.h" #include <stdlib.h> EOF -@@ -2936,7 +3205,7 @@ +@@ -2936,7 +3000,7 @@ : else cat > conftest.$ac_ext <<EOF -#line 2940 "configure" -+#line 3209 "configure" ++#line 3004 "configure" #include "confdefs.h" #include <ctype.h> #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -@@ -2947,7 +3216,7 @@ +@@ -2947,7 +3011,7 @@ exit (0); } EOF -if { (eval echo configure:2951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null -+if { (eval echo configure:3220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:3015: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else -@@ -2971,12 +3240,12 @@ +@@ -2971,12 +3035,12 @@ fi echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 -echo "configure:2975: checking for sys/wait.h that is POSIX.1 compatible" >&5 -+echo "configure:3244: checking for sys/wait.h that is POSIX.1 compatible" >&5 ++echo "configure:3039: checking for sys/wait.h that is POSIX.1 compatible" >&5 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2980 "configure" -+#line 3249 "configure" ++#line 3044 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/wait.h> -@@ -2992,7 +3261,7 @@ +@@ -2992,7 +3056,7 @@ s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } EOF -if { (eval echo configure:2996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3265: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_sys_wait_h=yes else -@@ -3016,18 +3285,18 @@ +@@ -3016,18 +3080,18 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3020: checking for $ac_hdr" >&5 -+echo "configure:3289: checking for $ac_hdr" >&5 ++echo "configure:3084: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3025 "configure" -+#line 3294 "configure" ++#line 3089 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3030: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3299: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3094: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3052,22 +3321,22 @@ +@@ -3052,22 +3116,22 @@ fi done @@ -1781,222 +1555,222 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3060: checking for $ac_hdr" >&5 -+echo "configure:3329: checking for $ac_hdr" >&5 ++echo "configure:3124: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3065 "configure" -+#line 3334 "configure" ++#line 3129 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3070: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3339: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3134: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3096,18 +3365,18 @@ +@@ -3096,18 +3160,18 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3100: checking for $ac_hdr" >&5 -+echo "configure:3369: checking for $ac_hdr" >&5 ++echo "configure:3164: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3105 "configure" -+#line 3374 "configure" ++#line 3169 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3379: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3174: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3136,18 +3405,18 @@ +@@ -3136,18 +3200,18 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3140: checking for $ac_hdr" >&5 -+echo "configure:3409: checking for $ac_hdr" >&5 ++echo "configure:3204: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3145 "configure" -+#line 3414 "configure" ++#line 3209 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3150: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3214: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3176,18 +3445,18 @@ +@@ -3176,18 +3240,18 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3180: checking for $ac_hdr" >&5 -+echo "configure:3449: checking for $ac_hdr" >&5 ++echo "configure:3244: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3185 "configure" -+#line 3454 "configure" ++#line 3249 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3459: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3254: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3213,12 +3482,12 @@ +@@ -3213,12 +3277,12 @@ done echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 -echo "configure:3217: checking whether time.h and sys/time.h may both be included" >&5 -+echo "configure:3486: checking whether time.h and sys/time.h may both be included" >&5 ++echo "configure:3281: checking whether time.h and sys/time.h may both be included" >&5 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3222 "configure" -+#line 3491 "configure" ++#line 3286 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/time.h> -@@ -3227,7 +3496,7 @@ +@@ -3227,7 +3291,7 @@ struct tm *tp; ; return 0; } EOF -if { (eval echo configure:3231: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3500: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3295: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_time=yes else -@@ -3252,12 +3521,12 @@ +@@ -3252,12 +3316,12 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:3256: checking for $ac_hdr that defines DIR" >&5 -+echo "configure:3525: checking for $ac_hdr that defines DIR" >&5 ++echo "configure:3320: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3261 "configure" -+#line 3530 "configure" ++#line 3325 "configure" #include "confdefs.h" #include <sys/types.h> #include <$ac_hdr> -@@ -3265,7 +3534,7 @@ +@@ -3265,7 +3329,7 @@ DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:3269: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then -+if { (eval echo configure:3538: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3333: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else -@@ -3290,7 +3559,7 @@ +@@ -3290,7 +3354,7 @@ # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:3294: checking for opendir in -ldir" >&5 -+echo "configure:3563: checking for opendir in -ldir" >&5 ++echo "configure:3358: checking for opendir in -ldir" >&5 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3298,7 +3567,7 @@ +@@ -3298,7 +3362,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <<EOF -#line 3302 "configure" -+#line 3571 "configure" ++#line 3366 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3309,7 +3578,7 @@ +@@ -3309,7 +3373,7 @@ opendir() ; return 0; } EOF -if { (eval echo configure:3313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3377: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3331,7 +3600,7 @@ +@@ -3331,7 +3395,7 @@ else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:3335: checking for opendir in -lx" >&5 -+echo "configure:3604: checking for opendir in -lx" >&5 ++echo "configure:3399: checking for opendir in -lx" >&5 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3339,7 +3608,7 @@ +@@ -3339,7 +3403,7 @@ ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <<EOF -#line 3343 "configure" -+#line 3612 "configure" ++#line 3407 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3350,7 +3619,7 @@ +@@ -3350,7 +3414,7 @@ opendir() ; return 0; } EOF -if { (eval echo configure:3354: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3418: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3373,12 +3642,12 @@ +@@ -3373,12 +3437,12 @@ fi echo $ac_n "checking whether stat file-mode macros are broken""... $ac_c" 1>&6 -echo "configure:3377: checking whether stat file-mode macros are broken" >&5 -+echo "configure:3646: checking whether stat file-mode macros are broken" >&5 ++echo "configure:3441: checking whether stat file-mode macros are broken" >&5 if eval "test \"`echo '$''{'ac_cv_header_stat_broken'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3382 "configure" -+#line 3651 "configure" ++#line 3446 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/stat.h> -@@ -3429,19 +3698,19 @@ +@@ -3429,19 +3493,19 @@ fi echo $ac_n "checking whether sys/types.h defines makedev""... $ac_c" 1>&6 -echo "configure:3433: checking whether sys/types.h defines makedev" >&5 -+echo "configure:3702: checking whether sys/types.h defines makedev" >&5 ++echo "configure:3497: checking whether sys/types.h defines makedev" >&5 if eval "test \"`echo '$''{'ac_cv_header_sys_types_h_makedev'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3438 "configure" -+#line 3707 "configure" ++#line 3502 "configure" #include "confdefs.h" #include <sys/types.h> int main() { @@ -2004,340 +1778,278 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:3445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:3714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3509: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_header_sys_types_h_makedev=yes else -@@ -3459,18 +3728,18 @@ +@@ -3459,18 +3523,18 @@ if test $ac_cv_header_sys_types_h_makedev = no; then ac_safe=`echo "sys/mkdev.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for sys/mkdev.h""... $ac_c" 1>&6 -echo "configure:3463: checking for sys/mkdev.h" >&5 -+echo "configure:3732: checking for sys/mkdev.h" >&5 ++echo "configure:3527: checking for sys/mkdev.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3468 "configure" -+#line 3737 "configure" ++#line 3532 "configure" #include "confdefs.h" #include <sys/mkdev.h> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3473: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3742: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3537: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3497,18 +3766,18 @@ +@@ -3497,18 +3561,18 @@ if test $ac_cv_header_sys_mkdev_h = no; then ac_safe=`echo "sys/sysmacros.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for sys/sysmacros.h""... $ac_c" 1>&6 -echo "configure:3501: checking for sys/sysmacros.h" >&5 -+echo "configure:3770: checking for sys/sysmacros.h" >&5 ++echo "configure:3565: checking for sys/sysmacros.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3506 "configure" -+#line 3775 "configure" ++#line 3570 "configure" #include "confdefs.h" #include <sys/sysmacros.h> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3511: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:3780: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3575: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" -@@ -3535,9 +3804,9 @@ +@@ -3535,9 +3599,9 @@ fi echo $ac_n "checking whether utmp have ut_pid field""... $ac_c" 1>&6 -echo "configure:3539: checking whether utmp have ut_pid field" >&5 -+echo "configure:3808: checking whether utmp have ut_pid field" >&5 ++echo "configure:3603: checking whether utmp have ut_pid field" >&5 cat > conftest.$ac_ext <<EOF -#line 3541 "configure" -+#line 3810 "configure" ++#line 3605 "configure" #include "confdefs.h" #include <utmp.h> EOF -@@ -3556,9 +3825,9 @@ +@@ -3556,9 +3620,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_name field""... $ac_c" 1>&6 -echo "configure:3560: checking whether utmp have ut_name field" >&5 -+echo "configure:3829: checking whether utmp have ut_name field" >&5 ++echo "configure:3624: checking whether utmp have ut_name field" >&5 cat > conftest.$ac_ext <<EOF -#line 3562 "configure" -+#line 3831 "configure" ++#line 3626 "configure" #include "confdefs.h" #include <utmp.h> EOF -@@ -3577,9 +3846,9 @@ +@@ -3577,9 +3641,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_id field""... $ac_c" 1>&6 -echo "configure:3581: checking whether utmp have ut_id field" >&5 -+echo "configure:3850: checking whether utmp have ut_id field" >&5 ++echo "configure:3645: checking whether utmp have ut_id field" >&5 cat > conftest.$ac_ext <<EOF -#line 3583 "configure" -+#line 3852 "configure" ++#line 3647 "configure" #include "confdefs.h" #include <utmp.h> EOF -@@ -3598,9 +3867,9 @@ +@@ -3598,9 +3662,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_host field""... $ac_c" 1>&6 -echo "configure:3602: checking whether utmp have ut_host field" >&5 -+echo "configure:3871: checking whether utmp have ut_host field" >&5 ++echo "configure:3666: checking whether utmp have ut_host field" >&5 cat > conftest.$ac_ext <<EOF -#line 3604 "configure" -+#line 3873 "configure" ++#line 3668 "configure" #include "confdefs.h" #include <utmp.h> EOF -@@ -3619,9 +3888,9 @@ +@@ -3619,9 +3683,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_addr field""... $ac_c" 1>&6 -echo "configure:3623: checking whether utmp have ut_addr field" >&5 -+echo "configure:3892: checking whether utmp have ut_addr field" >&5 ++echo "configure:3687: checking whether utmp have ut_addr field" >&5 cat > conftest.$ac_ext <<EOF -#line 3625 "configure" -+#line 3894 "configure" ++#line 3689 "configure" #include "confdefs.h" #include <utmp.h> EOF -@@ -3640,9 +3909,9 @@ +@@ -3640,9 +3704,9 @@ rm -f conftest* echo $ac_n "checking whether you have incompatible SIGINFO macro""... $ac_c" 1>&6 -echo "configure:3644: checking whether you have incompatible SIGINFO macro" >&5 -+echo "configure:3913: checking whether you have incompatible SIGINFO macro" >&5 ++echo "configure:3708: checking whether you have incompatible SIGINFO macro" >&5 cat > conftest.$ac_ext <<EOF -#line 3646 "configure" -+#line 3915 "configure" ++#line 3710 "configure" #include "confdefs.h" #include <sys/siginfo.h> SIGINFO(p,1) -@@ -3662,8 +3931,69 @@ - rm -f conftest* +@@ -3663,7 +3727,7 @@ -+echo $ac_n "checking whether sys/socket.h have struct sockaddr_storage""... $ac_c" 1>&6 -+echo "configure:3936: checking whether sys/socket.h have struct sockaddr_storage" >&5 -+cat > conftest.$ac_ext <<EOF -+#line 3938 "configure" -+#include "confdefs.h" -+#include <sys/socket.h> -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "sockaddr_storage" >/dev/null 2>&1; then -+ rm -rf conftest* -+ cat >> confdefs.h <<\EOF -+#define HAVE_SOCKADDR_STORAGE 1 -+EOF -+ echo "$ac_t""yes" 1>&6 -+else -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ -+echo $ac_n "checking whether sys/socket.h have __ss_family""... $ac_c" 1>&6 -+echo "configure:3956: checking whether sys/socket.h have __ss_family" >&5 -+cat > conftest.$ac_ext <<EOF -+#line 3958 "configure" -+#include "confdefs.h" -+#include <sys/socket.h> -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "__ss_family" >/dev/null 2>&1; then -+ rm -rf conftest* -+ cat >> confdefs.h <<\EOF -+#define HAVE_NEW_SS_FAMILY 1 -+EOF -+ echo "$ac_t""yes" 1>&6 -+else -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ -+echo $ac_n "checking whether sys/socket.h have sa_len""... $ac_c" 1>&6 -+echo "configure:3976: checking whether sys/socket.h have sa_len" >&5 -+cat > conftest.$ac_ext <<EOF -+#line 3978 "configure" -+#include "confdefs.h" -+#include <sys/socket.h> -+EOF -+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | -+ egrep "sa_len" >/dev/null 2>&1; then -+ rm -rf conftest* -+ cat >> confdefs.h <<\EOF -+#define HAVE_SOCKADDR_LEN 1 -+EOF -+ echo "$ac_t""yes" 1>&6 -+else -+ rm -rf conftest* -+ echo "$ac_t""no" 1>&6 -+fi -+rm -f conftest* -+ -+ echo $ac_n "checking for crypt in -lc""... $ac_c" 1>&6 -echo "configure:3667: checking for crypt in -lc" >&5 -+echo "configure:3997: checking for crypt in -lc" >&5 ++echo "configure:3731: checking for crypt in -lc" >&5 ac_lib_var=`echo c'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3671,7 +4001,7 @@ +@@ -3671,7 +3735,7 @@ ac_save_LIBS="$LIBS" LIBS="-lc $LIBS" cat > conftest.$ac_ext <<EOF -#line 3675 "configure" -+#line 4005 "configure" ++#line 3739 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3682,7 +4012,7 @@ +@@ -3682,7 +3746,7 @@ crypt() ; return 0; } EOF -if { (eval echo configure:3686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3701,7 +4031,7 @@ +@@ -3701,7 +3765,7 @@ else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:3705: checking for crypt in -lcrypt" >&5 -+echo "configure:4035: checking for crypt in -lcrypt" >&5 ++echo "configure:3769: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3709,7 +4039,7 @@ +@@ -3709,7 +3773,7 @@ ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <<EOF -#line 3713 "configure" -+#line 4043 "configure" ++#line 3777 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3720,7 +4050,7 @@ +@@ -3720,7 +3784,7 @@ crypt() ; return 0; } EOF -if { (eval echo configure:3724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3750,7 +4080,7 @@ +@@ -3750,7 +3814,7 @@ fi echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3754: checking for getspnam in -lsec" >&5 -+echo "configure:4084: checking for getspnam in -lsec" >&5 ++echo "configure:3818: checking for getspnam in -lsec" >&5 ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3758,7 +4088,7 @@ +@@ -3758,7 +3822,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <<EOF -#line 3762 "configure" -+#line 4092 "configure" ++#line 3826 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3769,7 +4099,7 @@ +@@ -3769,7 +3833,7 @@ getspnam() ; return 0; } EOF -if { (eval echo configure:3773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3837: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3797,7 +4127,7 @@ +@@ -3797,7 +3861,7 @@ fi echo $ac_n "checking for get_process_stats in -lseq""... $ac_c" 1>&6 -echo "configure:3801: checking for get_process_stats in -lseq" >&5 -+echo "configure:4131: checking for get_process_stats in -lseq" >&5 ++echo "configure:3865: checking for get_process_stats in -lseq" >&5 ac_lib_var=`echo seq'_'get_process_stats | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3805,7 +4135,7 @@ +@@ -3805,7 +3869,7 @@ ac_save_LIBS="$LIBS" LIBS="-lseq $LIBS" cat > conftest.$ac_ext <<EOF -#line 3809 "configure" -+#line 4139 "configure" ++#line 3873 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3816,7 +4146,7 @@ +@@ -3816,7 +3880,7 @@ get_process_stats() ; return 0; } EOF -if { (eval echo configure:3820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3884: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3844,7 +4174,7 @@ +@@ -3844,7 +3908,7 @@ fi echo $ac_n "checking for bcopy in -lbsd""... $ac_c" 1>&6 -echo "configure:3848: checking for bcopy in -lbsd" >&5 -+echo "configure:4178: checking for bcopy in -lbsd" >&5 ++echo "configure:3912: checking for bcopy in -lbsd" >&5 ac_lib_var=`echo bsd'_'bcopy | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3852,7 +4182,7 @@ +@@ -3852,7 +3916,7 @@ ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <<EOF -#line 3856 "configure" -+#line 4186 "configure" ++#line 3920 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3863,7 +4193,7 @@ +@@ -3863,7 +3927,7 @@ bcopy() ; return 0; } EOF -if { (eval echo configure:3867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3892,7 +4222,7 @@ +@@ -3892,7 +3956,7 @@ if test -z "$no_libnsl"; then echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:3896: checking for main in -lnsl" >&5 -+echo "configure:4226: checking for main in -lnsl" >&5 ++echo "configure:3960: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3900,14 +4230,14 @@ +@@ -3900,14 +3964,14 @@ ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <<EOF -#line 3904 "configure" -+#line 4234 "configure" ++#line 3968 "configure" #include "confdefs.h" int main() { @@ -2345,551 +2057,314 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:3911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4241: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3975: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3937,7 +4267,7 @@ +@@ -3937,7 +4001,7 @@ fi if test -n "$test_libinet"; then echo $ac_n "checking for inet_network in -linet""... $ac_c" 1>&6 -echo "configure:3941: checking for inet_network in -linet" >&5 -+echo "configure:4271: checking for inet_network in -linet" >&5 ++echo "configure:4005: checking for inet_network in -linet" >&5 ac_lib_var=`echo inet'_'inet_network | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3945,7 +4275,7 @@ +@@ -3945,7 +4009,7 @@ ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <<EOF -#line 3949 "configure" -+#line 4279 "configure" ++#line 4013 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -3956,7 +4286,7 @@ +@@ -3956,7 +4020,7 @@ inet_network() ; return 0; } EOF -if { (eval echo configure:3960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4290: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4024: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -3986,7 +4316,7 @@ +@@ -3986,7 +4050,7 @@ fi if test -z "$no_libsocket"; then echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:3990: checking for socket in -lsocket" >&5 -+echo "configure:4320: checking for socket in -lsocket" >&5 ++echo "configure:4054: checking for socket in -lsocket" >&5 ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -3994,7 +4324,7 @@ +@@ -3994,7 +4058,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <<EOF -#line 3998 "configure" -+#line 4328 "configure" ++#line 4062 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -4005,7 +4335,7 @@ +@@ -4005,7 +4069,7 @@ socket() ; return 0; } EOF -if { (eval echo configure:4009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4339: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4073: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -4035,7 +4365,7 @@ +@@ -4035,7 +4099,7 @@ fi if test -z "$no_libsun"; then echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 -echo "configure:4039: checking for getpwnam in -lsun" >&5 -+echo "configure:4369: checking for getpwnam in -lsun" >&5 ++echo "configure:4103: checking for getpwnam in -lsun" >&5 ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4043,7 +4373,7 @@ +@@ -4043,7 +4107,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsun $LIBS" cat > conftest.$ac_ext <<EOF -#line 4047 "configure" -+#line 4377 "configure" ++#line 4111 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -4054,7 +4384,7 @@ +@@ -4054,7 +4118,7 @@ getpwnam() ; return 0; } EOF -if { (eval echo configure:4058: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4388: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4122: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -4084,7 +4414,7 @@ +@@ -4084,7 +4148,7 @@ fi if test -z "$no_libbsd"; then echo $ac_n "checking for openpty in -lbsd""... $ac_c" 1>&6 -echo "configure:4088: checking for openpty in -lbsd" >&5 -+echo "configure:4418: checking for openpty in -lbsd" >&5 ++echo "configure:4152: checking for openpty in -lbsd" >&5 ac_lib_var=`echo bsd'_'openpty | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4092,7 +4422,7 @@ +@@ -4092,7 +4156,7 @@ ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <<EOF -#line 4096 "configure" -+#line 4426 "configure" ++#line 4160 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -4103,7 +4433,7 @@ +@@ -4103,7 +4167,7 @@ openpty() ; return 0; } EOF -if { (eval echo configure:4107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -4132,7 +4462,7 @@ +@@ -4132,7 +4196,7 @@ fi echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 -echo "configure:4136: checking for login in -lutil" >&5 -+echo "configure:4466: checking for login in -lutil" >&5 ++echo "configure:4200: checking for login in -lutil" >&5 ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -4140,7 +4470,7 @@ +@@ -4140,7 +4204,7 @@ ac_save_LIBS="$LIBS" LIBS="-lutil $LIBS" cat > conftest.$ac_ext <<EOF -#line 4144 "configure" -+#line 4474 "configure" ++#line 4208 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -4151,41 +4481,99 @@ +@@ -4151,7 +4215,7 @@ login() ; return 0; } EOF -if { (eval echo configure:4155: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4219: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* -- eval "ac_cv_lib_$ac_lib_var=no" -+ eval "ac_cv_lib_$ac_lib_var=no" -+fi -+rm -f conftest* -+LIBS="$ac_save_LIBS" -+ -+fi -+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define HAVE_LIBUTIL_LOGIN 1 -+EOF -+ -+ LIBS="$LIBS -lutil" -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ -+ -+if test -z "$no_vhangup"; then -+ for ac_func in vhangup -+do -+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -+echo "configure:4514: checking for $ac_func" >&5 -+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ cat > conftest.$ac_ext <<EOF -+#line 4519 "configure" -+#include "confdefs.h" -+/* System header to define __stub macros and hopefully few prototypes, -+ which can conflict with char $ac_func(); below. */ -+#include <assert.h> -+/* Override any gcc2 internal prototype to avoid an error. */ -+/* We use char because int might match the return type of a gcc2 -+ builtin and then its argument prototype would still apply. */ -+char $ac_func(); -+ -+int main() { -+ -+/* The GNU C library defines this for functions which it implements -+ to always fail with ENOSYS. Some functions are actually named -+ something starting with __ and the normal name is an alias. */ -+#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -+choke me -+#else -+$ac_func(); -+#endif -+ -+; return 0; } -+EOF -+if { (eval echo configure:4542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ eval "ac_cv_func_$ac_func=yes" -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ eval "ac_cv_func_$ac_func=no" - fi - rm -f conftest* --LIBS="$ac_save_LIBS" -- - fi --if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ -+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 -- cat >> confdefs.h <<\EOF --#define HAVE_LIBUTIL_LOGIN 1 -+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` -+ cat >> confdefs.h <<EOF -+#define $ac_tr_func 1 - EOF -- -- LIBS="$LIBS -lutil" -+ - else - echo "$ac_t""no" 1>&6 - fi -+done - -+fi - --if test -z "$no_vhangup"; then -- for ac_func in vhangup -+if test -z "$no_setsid"; then -+ for ac_func in setsid +@@ -4180,12 +4244,12 @@ + for ac_func in vhangup do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4184: checking for $ac_func" >&5 -+echo "configure:4572: checking for $ac_func" >&5 ++echo "configure:4248: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4189 "configure" -+#line 4577 "configure" ++#line 4253 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4208,7 +4596,7 @@ +@@ -4208,7 +4272,7 @@ ; return 0; } EOF -if { (eval echo configure:4212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4600: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4276: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4234,16 +4622,15 @@ - - fi - --if test -z "$no_setsid"; then -- for ac_func in setsid -+for ac_func in gettimeofday times getrusage ftruncate revoke makeutx +@@ -4238,12 +4302,12 @@ + for ac_func in setsid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4242: checking for $ac_func" >&5 -+echo "configure:4629: checking for $ac_func" >&5 ++echo "configure:4306: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4247 "configure" -+#line 4634 "configure" ++#line 4311 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4266,7 +4653,7 @@ +@@ -4266,7 +4330,7 @@ ; return 0; } EOF -if { (eval echo configure:4270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4657: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4290,17 +4677,15 @@ - fi - done - --fi -- --for ac_func in gettimeofday times getrusage ftruncate revoke makeutx -+for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit +@@ -4295,12 +4359,12 @@ + for ac_func in gettimeofday times getrusage ftruncate revoke makeutx do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4299: checking for $ac_func" >&5 -+echo "configure:4684: checking for $ac_func" >&5 ++echo "configure:4363: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4304 "configure" -+#line 4689 "configure" ++#line 4368 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4323,7 +4708,7 @@ +@@ -4323,7 +4387,7 @@ ; return 0; } EOF -if { (eval echo configure:4327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4712: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4391: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4347,15 +4732,15 @@ - fi - done - --for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit -+for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp +@@ -4350,12 +4414,12 @@ + for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4354: checking for $ac_func" >&5 -+echo "configure:4739: checking for $ac_func" >&5 ++echo "configure:4418: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4359 "configure" -+#line 4744 "configure" ++#line 4423 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4378,7 +4763,7 @@ +@@ -4378,7 +4442,7 @@ ; return 0; } EOF -if { (eval echo configure:4382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4446: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4402,15 +4787,15 @@ - fi - done - --for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp -+for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream +@@ -4405,12 +4469,12 @@ + for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4409: checking for $ac_func" >&5 -+echo "configure:4794: checking for $ac_func" >&5 ++echo "configure:4473: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4414 "configure" -+#line 4799 "configure" ++#line 4478 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4433,7 +4818,7 @@ +@@ -4433,7 +4497,7 @@ ; return 0; } EOF -if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4822: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4501: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4457,15 +4842,16 @@ - fi - done - --for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream -+ -+for ac_func in strerror memmove remove random putenv crypt socketpair snprintf +@@ -4460,12 +4524,12 @@ + for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4464: checking for $ac_func" >&5 -+echo "configure:4850: checking for $ac_func" >&5 ++echo "configure:4528: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4469 "configure" -+#line 4855 "configure" ++#line 4533 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4488,7 +4874,7 @@ +@@ -4488,7 +4552,7 @@ ; return 0; } EOF -if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:4878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4556: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4509,19 +4895,135 @@ - - else - echo "$ac_t""no" 1>&6 -+LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" - fi - done - - --for ac_func in strerror memmove remove random putenv crypt socketpair snprintf -+ -+echo $ac_n "checking getaddrinfo bug""... $ac_c" 1>&6 -+echo "configure:4906: checking getaddrinfo bug" >&5 -+if test "$cross_compiling" = yes; then -+ echo "$ac_t""buggy" 1>&6 -+buggygetaddrinfo=yes -+else -+ cat > conftest.$ac_ext <<EOF -+#line 4912 "configure" -+#include "confdefs.h" -+ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (inet4 != 0 && inet4 != 2) -+ goto bad; -+ if (inet6 != 0 && inet6 != 2) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+ -+EOF -+if { (eval echo configure:4998: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -+then -+ echo "$ac_t""good" 1>&6 -+buggygetaddrinfo=no -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -fr conftest* -+ echo "$ac_t""buggy" 1>&6 -+buggygetaddrinfo=yes -+fi -+rm -fr conftest* -+fi -+ -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ for ac_func in getaddrinfo getnameinfo +@@ -4516,12 +4580,12 @@ + for ac_func in strerror memmove remove random putenv crypt socketpair snprintf do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4520: checking for $ac_func" >&5 -+echo "configure:5022: checking for $ac_func" >&5 ++echo "configure:4584: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4525 "configure" -+#line 5027 "configure" ++#line 4589 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -4544,7 +5046,7 @@ +@@ -4544,7 +4608,7 @@ ; return 0; } EOF -if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4612: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -4565,14 +5067,16 @@ +@@ -4565,14 +4629,14 @@ else echo "$ac_t""no" 1>&6 @@ -2899,16 +2374,14 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ done -+ fi -+fi echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 -echo "configure:4576: checking whether ln -s works" >&5 -+echo "configure:5080: checking whether ln -s works" >&5 ++echo "configure:4640: checking whether ln -s works" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -4599,28 +5103,30 @@ +@@ -4599,28 +4663,30 @@ # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install @@ -2918,7 +2391,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:4607: checking for a BSD compatible install" >&5 -+echo "configure:5112: checking for a BSD compatible install" >&5 ++echo "configure:4672: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2943,7 +2416,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ : else ac_cv_path_install="$ac_dir/$ac_prog -c" -@@ -4650,20 +5156,23 @@ +@@ -4650,20 +4716,23 @@ # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' @@ -2955,7 +2428,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ set dummy ar; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4659: checking for $ac_word" >&5 -+echo "configure:5167: checking for $ac_word" >&5 ++echo "configure:4727: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2970,12 +2443,12 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_AR="ar" -@@ -4685,15 +5194,16 @@ +@@ -4685,15 +4754,16 @@ # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4689: checking for $ac_word" >&5 -+echo "configure:5198: checking for $ac_word" >&5 ++echo "configure:4758: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2990,12 +2463,12 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_RANLIB="ranlib" -@@ -4719,15 +5229,16 @@ +@@ -4719,15 +4789,16 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4723: checking for $ac_word" >&5 -+echo "configure:5233: checking for $ac_word" >&5 ++echo "configure:4793: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3010,38 +2483,38 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_MAKEDEP="$ac_prog" -@@ -4754,7 +5265,7 @@ +@@ -4754,7 +4825,7 @@ # Uses ac_ vars as temps to allow command line to override cache and checks. # --without-x overrides everything else, but does not touch the cache. echo $ac_n "checking for X""... $ac_c" 1>&6 -echo "configure:4758: checking for X" >&5 -+echo "configure:5269: checking for X" >&5 ++echo "configure:4829: checking for X" >&5 # Check whether --with-x or --without-x was given. if test "${with_x+set}" = set; then -@@ -4816,13 +5327,13 @@ +@@ -4816,13 +4887,13 @@ # First, try using that file with no special directory specified. cat > conftest.$ac_ext <<EOF -#line 4820 "configure" -+#line 5331 "configure" ++#line 4891 "configure" #include "confdefs.h" #include <$x_direct_test_include> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` -+{ (eval echo configure:5336: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4896: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* # We can compile using X headers with no special include directory. -@@ -4890,14 +5401,14 @@ +@@ -4890,14 +4961,14 @@ ac_save_LIBS="$LIBS" LIBS="-l$x_direct_test_library $LIBS" cat > conftest.$ac_ext <<EOF -#line 4894 "configure" -+#line 5405 "configure" ++#line 4965 "configure" #include "confdefs.h" int main() { @@ -3049,20 +2522,20 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* LIBS="$ac_save_LIBS" # We can link X programs with no special library path. -@@ -5003,17 +5514,17 @@ +@@ -5003,17 +5074,17 @@ case "`(uname -sr) 2>/dev/null`" in "SunOS 5"*) echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 -echo "configure:5007: checking whether -R must be followed by a space" >&5 -+echo "configure:5518: checking whether -R must be followed by a space" >&5 ++echo "configure:5078: checking whether -R must be followed by a space" >&5 ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" cat > conftest.$ac_ext <<EOF -#line 5010 "configure" -+#line 5521 "configure" ++#line 5081 "configure" #include "confdefs.h" int main() { @@ -3070,16 +2543,16 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5528: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5088: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_R_nospace=yes else -@@ -5029,14 +5540,14 @@ +@@ -5029,14 +5100,14 @@ else LIBS="$ac_xsave_LIBS -R $x_libraries" cat > conftest.$ac_ext <<EOF -#line 5033 "configure" -+#line 5544 "configure" ++#line 5104 "configure" #include "confdefs.h" int main() { @@ -3087,274 +2560,274 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_R_space=yes else -@@ -5068,7 +5579,7 @@ +@@ -5068,7 +5139,7 @@ # libraries were built with DECnet support. And karl@cs.umb.edu says # the Alpha needs dnet_stub (dnet does not exist). echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 -echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5 -+echo "configure:5583: checking for dnet_ntoa in -ldnet" >&5 ++echo "configure:5143: checking for dnet_ntoa in -ldnet" >&5 ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5076,7 +5587,7 @@ +@@ -5076,7 +5147,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldnet $LIBS" cat > conftest.$ac_ext <<EOF -#line 5080 "configure" -+#line 5591 "configure" ++#line 5151 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5087,7 +5598,7 @@ +@@ -5087,7 +5158,7 @@ dnet_ntoa() ; return 0; } EOF -if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5162: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5109,7 +5620,7 @@ +@@ -5109,7 +5180,7 @@ if test $ac_cv_lib_dnet_dnet_ntoa = no; then echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 -echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5 -+echo "configure:5624: checking for dnet_ntoa in -ldnet_stub" >&5 ++echo "configure:5184: checking for dnet_ntoa in -ldnet_stub" >&5 ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5117,7 +5628,7 @@ +@@ -5117,7 +5188,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldnet_stub $LIBS" cat > conftest.$ac_ext <<EOF -#line 5121 "configure" -+#line 5632 "configure" ++#line 5192 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5128,7 +5639,7 @@ +@@ -5128,7 +5199,7 @@ dnet_ntoa() ; return 0; } EOF -if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5643: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5203: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5157,12 +5668,12 @@ +@@ -5157,12 +5228,12 @@ # The nsl library prevents programs from opening the X display # on Irix 5.2, according to dickey@clark.net. echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 -echo "configure:5161: checking for gethostbyname" >&5 -+echo "configure:5672: checking for gethostbyname" >&5 ++echo "configure:5232: checking for gethostbyname" >&5 if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 5166 "configure" -+#line 5677 "configure" ++#line 5237 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char gethostbyname(); below. */ -@@ -5185,7 +5696,7 @@ +@@ -5185,7 +5256,7 @@ ; return 0; } EOF -if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5260: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_gethostbyname=yes" else -@@ -5206,7 +5717,7 @@ +@@ -5206,7 +5277,7 @@ if test $ac_cv_func_gethostbyname = no; then echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 -echo "configure:5210: checking for gethostbyname in -lnsl" >&5 -+echo "configure:5721: checking for gethostbyname in -lnsl" >&5 ++echo "configure:5281: checking for gethostbyname in -lnsl" >&5 ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5214,7 +5725,7 @@ +@@ -5214,7 +5285,7 @@ ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <<EOF -#line 5218 "configure" -+#line 5729 "configure" ++#line 5289 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5225,7 +5736,7 @@ +@@ -5225,7 +5296,7 @@ gethostbyname() ; return 0; } EOF -if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5740: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5300: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5255,12 +5766,12 @@ +@@ -5255,12 +5326,12 @@ # -lsocket must be given before -lnsl if both are needed. # We assume that if connect needs -lnsl, so does gethostbyname. echo $ac_n "checking for connect""... $ac_c" 1>&6 -echo "configure:5259: checking for connect" >&5 -+echo "configure:5770: checking for connect" >&5 ++echo "configure:5330: checking for connect" >&5 if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 5264 "configure" -+#line 5775 "configure" ++#line 5335 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char connect(); below. */ -@@ -5283,7 +5794,7 @@ +@@ -5283,7 +5354,7 @@ ; return 0; } EOF -if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_connect=yes" else -@@ -5304,7 +5815,7 @@ +@@ -5304,7 +5375,7 @@ if test $ac_cv_func_connect = no; then echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 -echo "configure:5308: checking for connect in -lsocket" >&5 -+echo "configure:5819: checking for connect in -lsocket" >&5 ++echo "configure:5379: checking for connect in -lsocket" >&5 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5312,7 +5823,7 @@ +@@ -5312,7 +5383,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocket $X_EXTRA_LIBS $LIBS" cat > conftest.$ac_ext <<EOF -#line 5316 "configure" -+#line 5827 "configure" ++#line 5387 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5323,7 +5834,7 @@ +@@ -5323,7 +5394,7 @@ connect() ; return 0; } EOF -if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5398: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5347,12 +5858,12 @@ +@@ -5347,12 +5418,12 @@ # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. echo $ac_n "checking for remove""... $ac_c" 1>&6 -echo "configure:5351: checking for remove" >&5 -+echo "configure:5862: checking for remove" >&5 ++echo "configure:5422: checking for remove" >&5 if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 5356 "configure" -+#line 5867 "configure" ++#line 5427 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char remove(); below. */ -@@ -5375,7 +5886,7 @@ +@@ -5375,7 +5446,7 @@ ; return 0; } EOF -if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5890: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5450: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_remove=yes" else -@@ -5396,7 +5907,7 @@ +@@ -5396,7 +5467,7 @@ if test $ac_cv_func_remove = no; then echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 -echo "configure:5400: checking for remove in -lposix" >&5 -+echo "configure:5911: checking for remove in -lposix" >&5 ++echo "configure:5471: checking for remove in -lposix" >&5 ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5404,7 +5915,7 @@ +@@ -5404,7 +5475,7 @@ ac_save_LIBS="$LIBS" LIBS="-lposix $LIBS" cat > conftest.$ac_ext <<EOF -#line 5408 "configure" -+#line 5919 "configure" ++#line 5479 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5415,7 +5926,7 @@ +@@ -5415,7 +5486,7 @@ remove() ; return 0; } EOF -if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5930: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5439,12 +5950,12 @@ +@@ -5439,12 +5510,12 @@ # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. echo $ac_n "checking for shmat""... $ac_c" 1>&6 -echo "configure:5443: checking for shmat" >&5 -+echo "configure:5954: checking for shmat" >&5 ++echo "configure:5514: checking for shmat" >&5 if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 5448 "configure" -+#line 5959 "configure" ++#line 5519 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char shmat(); below. */ -@@ -5467,7 +5978,7 @@ +@@ -5467,7 +5538,7 @@ ; return 0; } EOF -if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:5982: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_shmat=yes" else -@@ -5488,7 +5999,7 @@ +@@ -5488,7 +5559,7 @@ if test $ac_cv_func_shmat = no; then echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 -echo "configure:5492: checking for shmat in -lipc" >&5 -+echo "configure:6003: checking for shmat in -lipc" >&5 ++echo "configure:5563: checking for shmat in -lipc" >&5 ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5496,7 +6007,7 @@ +@@ -5496,7 +5567,7 @@ ac_save_LIBS="$LIBS" LIBS="-lipc $LIBS" cat > conftest.$ac_ext <<EOF -#line 5500 "configure" -+#line 6011 "configure" ++#line 5571 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5507,7 +6018,7 @@ +@@ -5507,7 +5578,7 @@ shmat() ; return 0; } EOF -if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5540,15 +6051,15 @@ +@@ -5540,15 +5611,15 @@ # libraries we check for below, so use a different variable. # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 -echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5 -+echo "configure:6055: checking for IceConnectionNumber in -lICE" >&5 ++echo "configure:5615: checking for IceConnectionNumber in -lICE" >&5 ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3364,29 +2837,29 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +LIBS="-lICE $X_EXTRA_LIBS $LIBS" cat > conftest.$ac_ext <<EOF -#line 5552 "configure" -+#line 6063 "configure" ++#line 5623 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5559,7 +6070,7 @@ +@@ -5559,7 +5630,7 @@ IceConnectionNumber() ; return 0; } EOF -if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6074: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5634: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5587,7 +6098,7 @@ +@@ -5587,7 +5658,7 @@ # Extract the first word of "passwd", so it can be a program name with args. set dummy passwd; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5591: checking for $ac_word" >&5 -+echo "configure:6102: checking for $ac_word" >&5 ++echo "configure:5662: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -5595,9 +6106,13 @@ +@@ -5595,9 +5666,13 @@ /*) ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a path. ;; @@ -3402,16 +2875,16 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_PASSWD_PATH="$ac_dir/$ac_word" -@@ -5625,7 +6140,7 @@ +@@ -5625,7 +5700,7 @@ # Extract the first word of "xauth", so it can be a program name with args. set dummy xauth; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5629: checking for $ac_word" >&5 -+echo "configure:6144: checking for $ac_word" >&5 ++echo "configure:5704: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -5633,9 +6148,13 @@ +@@ -5633,9 +5708,13 @@ /*) ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a path. ;; @@ -3427,25 +2900,25 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_XAUTH_PATH="$ac_dir/$ac_word" -@@ -5669,7 +6188,7 @@ +@@ -5669,7 +5748,7 @@ X_PROGRAMS="ssh-askpass" fi echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6 -echo "configure:5673: checking for X11 unix domain socket directory" >&5 -+echo "configure:6192: checking for X11 unix domain socket directory" >&5 ++echo "configure:5752: checking for X11 unix domain socket directory" >&5 if test '!' -d /tmp/.X11-unix; then if test -d /var/X/.X11-unix; then -@@ -5698,7 +6217,7 @@ +@@ -5698,7 +5777,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5702: checking for $ac_word" >&5 -+echo "configure:6221: checking for $ac_word" >&5 ++echo "configure:5781: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -5706,9 +6225,13 @@ +@@ -5706,9 +5785,13 @@ /*) ac_cv_path_PERL="$PERL" # Let the user override the test with a path. ;; @@ -3461,217 +2934,217 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_PERL="$ac_dir/$ac_word" -@@ -5739,12 +6262,12 @@ +@@ -5739,12 +5822,12 @@ for ac_func in getpseudotty do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5743: checking for $ac_func" >&5 -+echo "configure:6266: checking for $ac_func" >&5 ++echo "configure:5826: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 5748 "configure" -+#line 6271 "configure" ++#line 5831 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ -@@ -5767,7 +6290,7 @@ +@@ -5767,7 +5850,7 @@ ; return 0; } EOF -if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else -@@ -5792,7 +6315,7 @@ +@@ -5792,7 +5875,7 @@ done echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6 -echo "configure:5796: checking for pseudo ttys" >&5 -+echo "configure:6319: checking for pseudo ttys" >&5 ++echo "configure:5879: checking for pseudo ttys" >&5 if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes then cat >> confdefs.h <<\EOF -@@ -5832,7 +6355,7 @@ +@@ -5832,7 +5915,7 @@ fi echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 -echo "configure:5836: checking for /etc/default/login" >&5 -+echo "configure:6359: checking for /etc/default/login" >&5 ++echo "configure:5919: checking for /etc/default/login" >&5 if test -f /etc/default/login; then cat >> confdefs.h <<\EOF #define HAVE_ETC_DEFAULT_LOGIN 1 -@@ -5845,7 +6368,7 @@ +@@ -5845,7 +5928,7 @@ if test -z "$no_shadows_password_checking"; then echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6 -echo "configure:5849: checking for shadow passwords" >&5 -+echo "configure:6372: checking for shadow passwords" >&5 ++echo "configure:5932: checking for shadow passwords" >&5 if test -f /etc/shadow; then # If we don't have shadow.h, this might be some nonstandard # kludging... So better check it out. -@@ -5859,7 +6382,7 @@ +@@ -5859,7 +5942,7 @@ # have getspent in a system library. However, a libshadow.a library # contaning these is publicly available. echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6 -echo "configure:5863: checking for getspent in -lshadow" >&5 -+echo "configure:6386: checking for getspent in -lshadow" >&5 ++echo "configure:5946: checking for getspent in -lshadow" >&5 ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -5867,7 +6390,7 @@ +@@ -5867,7 +5950,7 @@ ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <<EOF -#line 5871 "configure" -+#line 6394 "configure" ++#line 5954 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -5878,7 +6401,7 @@ +@@ -5878,7 +5961,7 @@ getspent() ; return 0; } EOF -if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:6405: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -5906,9 +6429,9 @@ +@@ -5906,9 +5989,9 @@ fi echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6 -echo "configure:5910: checking whether spwd have sp_expire field" >&5 -+echo "configure:6433: checking whether spwd have sp_expire field" >&5 ++echo "configure:5993: checking whether spwd have sp_expire field" >&5 cat > conftest.$ac_ext <<EOF -#line 5912 "configure" -+#line 6435 "configure" ++#line 5995 "configure" #include "confdefs.h" #include <shadow.h> EOF -@@ -5927,9 +6450,9 @@ +@@ -5927,9 +6010,9 @@ rm -f conftest* echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6 -echo "configure:5931: checking whether spwd have sp_inact field" >&5 -+echo "configure:6454: checking whether spwd have sp_inact field" >&5 ++echo "configure:6014: checking whether spwd have sp_inact field" >&5 cat > conftest.$ac_ext <<EOF -#line 5933 "configure" -+#line 6456 "configure" ++#line 6016 "configure" #include "confdefs.h" #include <shadow.h> EOF -@@ -5968,7 +6491,7 @@ +@@ -5968,7 +6051,7 @@ fi echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6 -echo "configure:5972: checking location of mail spool files" >&5 -+echo "configure:6495: checking location of mail spool files" >&5 ++echo "configure:6055: checking location of mail spool files" >&5 for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE do if test "$dir" = "FILE"; then -@@ -6007,7 +6530,7 @@ +@@ -6007,7 +6090,7 @@ done echo $ac_n "checking location of utmp""... $ac_c" 1>&6 -echo "configure:6011: checking location of utmp" >&5 -+echo "configure:6534: checking location of utmp" >&5 ++echo "configure:6094: checking location of utmp" >&5 if test -f /var/run/utmp; then cat >> confdefs.h <<\EOF #define SSH_UTMP "/var/run/utmp" -@@ -6043,7 +6566,7 @@ +@@ -6043,7 +6126,7 @@ fi echo $ac_n "checking location of wtmp""... $ac_c" 1>&6 -echo "configure:6047: checking location of wtmp" >&5 -+echo "configure:6570: checking location of wtmp" >&5 ++echo "configure:6130: checking location of wtmp" >&5 if test -f /var/log/wtmp; then cat >> confdefs.h <<\EOF #define SSH_WTMP "/var/log/wtmp" -@@ -6077,7 +6600,7 @@ +@@ -6077,7 +6160,7 @@ fi echo $ac_n "checking location of lastlog""... $ac_c" 1>&6 -echo "configure:6081: checking location of lastlog" >&5 -+echo "configure:6604: checking location of lastlog" >&5 ++echo "configure:6164: checking location of lastlog" >&5 if test -f /var/log/lastlog || test -d /var/log/lastlog; then cat >> confdefs.h <<\EOF #define SSH_LASTLOG "/var/log/lastlog" -@@ -6132,7 +6655,7 @@ +@@ -6132,7 +6215,7 @@ fi echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6 -echo "configure:6136: checking whether $LASTLOG is a directory" >&5 -+echo "configure:6659: checking whether $LASTLOG is a directory" >&5 ++echo "configure:6219: checking whether $LASTLOG is a directory" >&5 if test -d $LASTLOG then echo "$ac_t""yes" 1>&6 -@@ -6145,7 +6668,7 @@ +@@ -6145,7 +6228,7 @@ fi echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6 -echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5 -+echo "configure:6672: checking whether to include the IDEA encryption algorithm" >&5 ++echo "configure:6232: checking whether to include the IDEA encryption algorithm" >&5 # Check whether --with-idea or --without-idea was given. if test "${with_idea+set}" = set; then withval="$with_idea" -@@ -6179,7 +6702,7 @@ +@@ -6179,7 +6262,7 @@ echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6 -echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5 -+echo "configure:6706: checking whether to include the Blowfish encryption algorithm" >&5 ++echo "configure:6266: checking whether to include the Blowfish encryption algorithm" >&5 # Check whether --with-blowfish or --without-blowfish was given. if test "${with_blowfish+set}" = set; then withval="$with_blowfish" -@@ -6206,7 +6729,7 @@ +@@ -6206,7 +6289,7 @@ echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6 -echo "configure:6210: checking whether to include the DES encryption algorithm" >&5 -+echo "configure:6733: checking whether to include the DES encryption algorithm" >&5 ++echo "configure:6293: checking whether to include the DES encryption algorithm" >&5 # Check whether --with-des or --without-des was given. if test "${with_des+set}" = set; then withval="$with_des" -@@ -6229,7 +6752,7 @@ +@@ -6229,7 +6312,7 @@ echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6 -echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5 -+echo "configure:6756: checking whether to include the ARCFOUR encryption algorithm" >&5 ++echo "configure:6316: checking whether to include the ARCFOUR encryption algorithm" >&5 # Check whether --with-arcfour or --without-arcfour was given. if test "${with_arcfour+set}" = set; then withval="$with_arcfour" -@@ -6252,7 +6775,7 @@ +@@ -6252,7 +6335,7 @@ echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6 -echo "configure:6256: checking whether to include the none encryption algorithm" >&5 -+echo "configure:6779: checking whether to include the none encryption algorithm" >&5 ++echo "configure:6339: checking whether to include the none encryption algorithm" >&5 # Check whether --with-none or --without-none was given. if test "${with_none+set}" = set; then withval="$with_none" -@@ -6275,7 +6798,7 @@ +@@ -6275,7 +6358,7 @@ echo $ac_n "checking whether to use login""... $ac_c" 1>&6 -echo "configure:6279: checking whether to use login" >&5 -+echo "configure:6802: checking whether to use login" >&5 ++echo "configure:6362: checking whether to use login" >&5 # Check whether --with-login or --without-login was given. if test "${with_login+set}" = set; then withval="$with_login" -@@ -6290,7 +6813,7 @@ +@@ -6290,7 +6373,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:6294: checking for $ac_word" >&5 -+echo "configure:6817: checking for $ac_word" >&5 ++echo "configure:6377: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -6298,9 +6821,13 @@ +@@ -6298,9 +6381,13 @@ /*) ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a path. ;; @@ -3687,25 +3160,25 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_PATH_LOGIN="$ac_dir/$ac_word" -@@ -6349,7 +6876,7 @@ +@@ -6349,7 +6436,7 @@ echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6 -echo "configure:6353: checking whether to use rsh" >&5 -+echo "configure:6880: checking whether to use rsh" >&5 ++echo "configure:6440: checking whether to use rsh" >&5 # Check whether --with-rsh or --without-rsh was given. if test "${with_rsh+set}" = set; then withval="$with_rsh" -@@ -6364,7 +6891,7 @@ +@@ -6364,7 +6451,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:6368: checking for $ac_word" >&5 -+echo "configure:6895: checking for $ac_word" >&5 ++echo "configure:6455: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -6372,9 +6899,13 @@ +@@ -6372,9 +6459,13 @@ /*) ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. ;; @@ -3721,16 +3194,16 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_RSH_PATH="$ac_dir/$ac_word" -@@ -6416,7 +6947,7 @@ +@@ -6416,7 +6507,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:6420: checking for $ac_word" >&5 -+echo "configure:6951: checking for $ac_word" >&5 ++echo "configure:6511: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else -@@ -6424,9 +6955,13 @@ +@@ -6424,9 +6515,13 @@ /*) ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. ;; @@ -3746,52 +3219,52 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_RSH_PATH="$ac_dir/$ac_word" -@@ -6465,7 +7000,7 @@ +@@ -6465,7 +6560,7 @@ # Code to permit setting default path for users (alden@math.ohio-state.edu) echo $ac_n "checking default path""... $ac_c" 1>&6 -echo "configure:6469: checking default path" >&5 -+echo "configure:7004: checking default path" >&5 ++echo "configure:6564: checking default path" >&5 # Check whether --with-path or --without-path was given. if test "${with_path+set}" = set; then withval="$with_path" -@@ -6488,7 +7023,7 @@ +@@ -6488,7 +6583,7 @@ echo $ac_n "checking etcdir""... $ac_c" 1>&6 -echo "configure:6492: checking etcdir" >&5 -+echo "configure:7027: checking etcdir" >&5 ++echo "configure:6587: checking etcdir" >&5 # Check whether --with-etcdir or --without-etcdir was given. if test "${with_etcdir+set}" = set; then withval="$with_etcdir" -@@ -6513,7 +7048,7 @@ +@@ -6513,7 +6608,7 @@ echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6 -echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5 -+echo "configure:7052: checking whether to use nologin.allow file to override nologin" >&5 ++echo "configure:6612: checking whether to use nologin.allow file to override nologin" >&5 # Check whether --with-nologin-allow or --without-nologin-allow was given. if test "${with_nologin_allow+set}" = set; then withval="$with_nologin_allow" -@@ -6543,7 +7078,7 @@ +@@ -6543,7 +6638,7 @@ echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6 -echo "configure:6547: checking whether to support SecurID" >&5 -+echo "configure:7082: checking whether to support SecurID" >&5 ++echo "configure:6642: checking whether to support SecurID" >&5 # Check whether --with-securid or --without-securid was given. if test "${with_securid+set}" = set; then withval="$with_securid" -@@ -6586,7 +7121,7 @@ +@@ -6586,7 +6681,7 @@ echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6 -echo "configure:6590: checking whether to support TIS authentication server" >&5 -+echo "configure:7125: checking whether to support TIS authentication server" >&5 ++echo "configure:6685: checking whether to support TIS authentication server" >&5 # Check whether --with-tis or --without-tis was given. if test "${with_tis+set}" = set; then withval="$with_tis" -@@ -6604,8 +7139,8 @@ +@@ -6604,8 +6699,8 @@ #define HAVE_TIS 1 EOF @@ -3802,7 +3275,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo "configure: warning: Remember to read README.TIS. The connection between sshd and TIS authentication server is clear text!" 1>&2 ;; -@@ -6616,40 +7151,138 @@ +@@ -6616,40 +6711,138 @@ fi @@ -3812,7 +3285,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ -if test "${with_kerberos5+set}" = set; then - withval="$with_kerberos5" +echo $ac_n "checking whether to use Kerberos v4""... $ac_c" 1>&6 -+echo "configure:7156: checking whether to use Kerberos v4" >&5 ++echo "configure:6716: checking whether to use Kerberos v4" >&5 +# Check whether --with-krb4 or --without-krb4 was given. +if test "${with_krb4+set}" = set; then + withval="$with_krb4" @@ -3845,7 +3318,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" + KERBEROS_OBJS="auth-kerberos.o" + echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 -+echo "configure:7185: checking for dn_expand in -lresolv" >&5 ++echo "configure:6745: checking for dn_expand in -lresolv" >&5 +ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 @@ -3853,7 +3326,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + ac_save_LIBS="$LIBS" +LIBS="-lresolv $LIBS" +cat > conftest.$ac_ext <<EOF -+#line 7193 "configure" ++#line 6753 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 @@ -3864,7 +3337,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +dn_expand() +; return 0; } +EOF -+if { (eval echo configure:7204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else @@ -3885,26 +3358,26 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ +fi + + echo $ac_n "checking whether AFS lifetime conversion routines are present""... $ac_c" 1>&6 -+echo "configure:7225: checking whether AFS lifetime conversion routines are present" >&5 ++echo "configure:6785: checking whether AFS lifetime conversion routines are present" >&5 + keeplibs="$LIBS" + keepcflags="$CFLAGS" + LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" + CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" + cat > conftest.$ac_ext <<EOF -+#line 7231 "configure" ++#line 6791 "configure" +#include "confdefs.h" +#include <krb.h> +int main() { + krb_life_to_time(10, 10); +; return 0; } -+EOF -+if { (eval echo configure:7238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + EOF ++if { (eval echo configure:6798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_KRB_LIFE_TO_TIME 1 - EOF - ++EOF ++ +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 @@ -3916,9 +3389,9 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + CFLAGS="$keepcflags" + ;; +esac -+ + +echo $ac_n "checking whether to use Kerberos v5""... $ac_c" 1>&6 -+echo "configure:7258: checking whether to use Kerberos v5" >&5 ++echo "configure:6818: checking whether to use Kerberos v5" >&5 +# Check whether --with-krb5 or --without-krb5 was given. +if test "${with_krb5+set}" = set; then + withval="$with_krb5" @@ -3950,29 +3423,29 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6 -echo "configure:6653: checking for dbm_open in -lndbm" >&5 -+echo "configure:7286: checking for dbm_open in -lndbm" >&5 ++echo "configure:6846: checking for dbm_open in -lndbm" >&5 ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6657,7 +7290,7 @@ +@@ -6657,7 +6850,7 @@ ac_save_LIBS="$LIBS" LIBS="-lndbm $LIBS" cat > conftest.$ac_ext <<EOF -#line 6661 "configure" -+#line 7294 "configure" ++#line 6854 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -6668,7 +7301,7 @@ +@@ -6668,7 +6861,7 @@ dbm_open() ; return 0; } EOF -if { (eval echo configure:6672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7305: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6865: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -6692,40 +7325,66 @@ +@@ -6692,40 +6885,66 @@ ;; esac @@ -3992,7 +3465,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ - *) - if test "$with_kerberos5" = no ; then +echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 -+echo "configure:7330: checking whether to use AFS" >&5 ++echo "configure:6890: checking whether to use AFS" >&5 +# Check whether --with-afs or --without-afs was given. +if test "${with_afs+set}" = set; then + withval="$with_afs" @@ -4022,7 +3495,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + + +echo $ac_n "checking whether to use Hesiod""... $ac_c" 1>&6 -+echo "configure:7357: checking whether to use Hesiod" >&5 ++echo "configure:6917: checking whether to use Hesiod" >&5 +# Check whether --with-hesiod or --without-hesiod was given. +if test "${with_hesiod+set}" = set; then + withval="$with_hesiod" @@ -4055,11 +3528,11 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6 -echo "configure:6729: checking whether to use libwrap" >&5 -+echo "configure:7388: checking whether to use libwrap" >&5 ++echo "configure:6948: checking whether to use libwrap" >&5 # Check whether --with-libwrap or --without-libwrap was given. if test "${with_libwrap+set}" = set; then withval="$with_libwrap" -@@ -6734,56 +7393,41 @@ +@@ -6734,56 +6953,41 @@ echo "$ac_t""no" 1>&6 ;; yes) @@ -4078,7 +3551,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ + OLDLIBS="$LIBS" + LIBS="$WRAPLIBS $LIBS" + cat > conftest.$ac_ext <<EOF -+#line 7401 "configure" ++#line 6961 "configure" #include "confdefs.h" -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 @@ -4097,7 +3570,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 -+if { (eval echo configure:7408: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6968: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi @@ -4138,12 +3611,12 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ;; *) echo "$ac_t""yes" 1>&6 -@@ -6799,14 +7443,14 @@ +@@ -6799,14 +7003,14 @@ OLDLIBS="$LIBS" LIBS="$WRAPLIBS $LIBS" cat > conftest.$ac_ext <<EOF -#line 6803 "configure" -+#line 7447 "configure" ++#line 7007 "configure" #include "confdefs.h" int allow_severity; int deny_severity; int main() { @@ -4151,88 +3624,88 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:6810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7454: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then : else echo "configure: failed program was:" >&5 -@@ -6827,7 +7471,7 @@ +@@ -6827,7 +7031,7 @@ echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6 -echo "configure:6831: checking whether to support SOCKS" >&5 -+echo "configure:7475: checking whether to support SOCKS" >&5 ++echo "configure:7035: checking whether to support SOCKS" >&5 # Check whether --with-socks or --without-socks was given. if test "${with_socks+set}" = set; then withval="$with_socks" -@@ -6838,7 +7482,7 @@ +@@ -6838,7 +7042,7 @@ yes) echo "$ac_t""yes" 1>&6 echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6 -echo "configure:6842: checking for SOCKSconnect in -lsocks5" >&5 -+echo "configure:7486: checking for SOCKSconnect in -lsocks5" >&5 ++echo "configure:7046: checking for SOCKSconnect in -lsocks5" >&5 ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6846,7 +7490,7 @@ +@@ -6846,7 +7050,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocks5 $LIBS" cat > conftest.$ac_ext <<EOF -#line 6850 "configure" -+#line 7494 "configure" ++#line 7054 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -6857,7 +7501,7 @@ +@@ -6857,7 +7061,7 @@ SOCKSconnect() ; return 0; } EOF -if { (eval echo configure:6861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -6879,7 +7523,7 @@ +@@ -6879,7 +7083,7 @@ echo "$ac_t""no" 1>&6 echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6 -echo "configure:6883: checking for Rconnect in -lsocks" >&5 -+echo "configure:7527: checking for Rconnect in -lsocks" >&5 ++echo "configure:7087: checking for Rconnect in -lsocks" >&5 ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 -@@ -6887,7 +7531,7 @@ +@@ -6887,7 +7091,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocks $LIBS" cat > conftest.$ac_ext <<EOF -#line 6891 "configure" -+#line 7535 "configure" ++#line 7095 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 -@@ -6898,7 +7542,7 @@ +@@ -6898,7 +7102,7 @@ Rconnect() ; return 0; } EOF -if { (eval echo configure:6902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7546: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7106: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else -@@ -6934,7 +7578,7 @@ +@@ -6934,7 +7138,7 @@ if test "x$socks" = "x"; then echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6 -echo "configure:6938: checking whether to support SOCKS5" >&5 -+echo "configure:7582: checking whether to support SOCKS5" >&5 ++echo "configure:7142: checking whether to support SOCKS5" >&5 # Check whether --with-socks5 or --without-socks5 was given. if test "${with_socks5+set}" = set; then withval="$with_socks5" -@@ -6968,14 +7612,14 @@ +@@ -6968,14 +7172,14 @@ TMPLIBS="$LIBS" LIBS="$LIBS $KERBEROS_LIBS" cat > conftest.$ac_ext <<EOF -#line 6972 "configure" -+#line 7616 "configure" ++#line 7176 "configure" #include "confdefs.h" int main() { @@ -4240,25 +3713,25 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7183: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then : else echo "configure: failed program was:" >&5 -@@ -6996,7 +7640,7 @@ +@@ -6996,7 +7200,7 @@ if test "x$socks" = "x"; then echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6 -echo "configure:7000: checking whether to support SOCKS4" >&5 -+echo "configure:7644: checking whether to support SOCKS4" >&5 ++echo "configure:7204: checking whether to support SOCKS4" >&5 # Check whether --with-socks4 or --without-socks4 was given. if test "${with_socks4+set}" = set; then withval="$with_socks4" -@@ -7016,14 +7660,14 @@ +@@ -7016,14 +7220,14 @@ fi LIBS="$withval $LIBS" cat > conftest.$ac_ext <<EOF -#line 7020 "configure" -+#line 7664 "configure" ++#line 7224 "configure" #include "confdefs.h" int main() { @@ -4266,70 +3739,70 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ ; return 0; } EOF -if { (eval echo configure:7027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then -+if { (eval echo configure:7671: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then : else echo "configure: failed program was:" >&5 -@@ -7150,7 +7794,7 @@ +@@ -7150,7 +7354,7 @@ fi echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6 -echo "configure:7154: checking whether to use rsaref" >&5 -+echo "configure:7798: checking whether to use rsaref" >&5 ++echo "configure:7358: checking whether to use rsaref" >&5 # Check whether --with-rsaref or --without-rsaref was given. if test "${with_rsaref+set}" = set; then withval="$with_rsaref" -@@ -7184,7 +7828,7 @@ +@@ -7184,7 +7388,7 @@ # This allows group writeability in userfile_check_owner_permissions() echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6 -echo "configure:7188: checking whether to allow group writeability" >&5 -+echo "configure:7832: checking whether to allow group writeability" >&5 ++echo "configure:7392: checking whether to allow group writeability" >&5 # Check whether --enable-group-writeability or --disable-group-writeability was given. if test "${enable_group_writeability+set}" = set; then enableval="$enable_group_writeability" -@@ -7200,7 +7844,7 @@ +@@ -7200,7 +7404,7 @@ echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6 -echo "configure:7204: checking whether to disable forwardings in server" >&5 -+echo "configure:7848: checking whether to disable forwardings in server" >&5 ++echo "configure:7408: checking whether to disable forwardings in server" >&5 # Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given. if test "${enable_server_port_forwardings+set}" = set; then enableval="$enable_server_port_forwardings" -@@ -7222,7 +7866,7 @@ +@@ -7222,7 +7426,7 @@ echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6 -echo "configure:7226: checking whether to disable forwardings in client" >&5 -+echo "configure:7870: checking whether to disable forwardings in client" >&5 ++echo "configure:7430: checking whether to disable forwardings in client" >&5 # Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given. if test "${enable_client_port_forwardings+set}" = set; then enableval="$enable_client_port_forwardings" -@@ -7244,7 +7888,7 @@ +@@ -7244,7 +7448,7 @@ echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6 -echo "configure:7248: checking whether to disable X11 forwarding in server" >&5 -+echo "configure:7892: checking whether to disable X11 forwarding in server" >&5 ++echo "configure:7452: checking whether to disable X11 forwarding in server" >&5 # Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given. if test "${enable_server_x11_forwarding+set}" = set; then enableval="$enable_server_x11_forwarding" -@@ -7266,7 +7910,7 @@ +@@ -7266,7 +7470,7 @@ echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6 -echo "configure:7270: checking whether to disable X11 forwarding in client" >&5 -+echo "configure:7914: checking whether to disable X11 forwarding in client" >&5 ++echo "configure:7474: checking whether to disable X11 forwarding in client" >&5 # Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given. if test "${enable_client_x11_forwarding+set}" = set; then enableval="$enable_client_x11_forwarding" -@@ -7288,28 +7932,28 @@ +@@ -7288,28 +7492,28 @@ echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6 -echo "configure:7292: checking whether to install ssh as suid root" >&5 -+echo "configure:7936: checking whether to install ssh as suid root" >&5 ++echo "configure:7496: checking whether to install ssh as suid root" >&5 # Check whether --enable-suid-ssh or --disable-suid-ssh was given. if test "${enable_suid_ssh+set}" = set; then enableval="$enable_suid_ssh" @@ -4354,118 +3827,56 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ echo $ac_n "checking whether to enable TCP_NODELAY""... $ac_c" 1>&6 -echo "configure:7313: checking whether to enable TCP_NODELAY" >&5 -+echo "configure:7957: checking whether to enable TCP_NODELAY" >&5 ++echo "configure:7517: checking whether to enable TCP_NODELAY" >&5 # Check whether --enable-tcp-nodelay or --disable-tcp-nodelay was given. if test "${enable_tcp_nodelay+set}" = set; then enableval="$enable_tcp_nodelay" -@@ -7334,8 +7978,60 @@ - fi +@@ -7335,7 +7539,7 @@ -+echo $ac_n "checking whether to enable another port try support""... $ac_c" 1>&6 -+echo "configure:7983: checking whether to enable another port try support" >&5 -+# Check whether --enable-another-port-try or --disable-another-port-try was given. -+if test "${enable_another_port_try+set}" = set; then -+ enableval="$enable_another_port_try" -+ case "$enableval" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+ *) echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_ANOTHER_PORT_TRY 1 -+EOF -+ -+ ;; -+ esac -+else -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_ANOTHER_PORT_TRY 1 -+EOF -+ -+ -+fi -+ -+ -+echo $ac_n "checking whether to enable logging auth info support""... $ac_c" 1>&6 -+echo "configure:8009: checking whether to enable logging auth info support" >&5 -+# Check whether --enable-log-auth or --disable-log-auth was given. -+if test "${enable_log_auth+set}" = set; then -+ enableval="$enable_log_auth" -+ case "$enableval" in -+ no) -+ echo "$ac_t""no" 1>&6 -+ ;; -+ *) echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_LOG_AUTH 1 -+EOF -+ -+ ;; -+ esac -+else -+ echo "$ac_t""yes" 1>&6 -+ cat >> confdefs.h <<\EOF -+#define ENABLE_LOG_AUTH 1 -+EOF -+ -+ -+fi -+ -+ echo $ac_n "checking whether to enable SO_LINGER""... $ac_c" 1>&6 -echo "configure:7339: checking whether to enable SO_LINGER" >&5 -+echo "configure:8035: checking whether to enable SO_LINGER" >&5 ++echo "configure:7543: checking whether to enable SO_LINGER" >&5 # Check whether --enable-so-linger or --disable-so-linger was given. if test "${enable_so_linger+set}" = set; then enableval="$enable_so_linger" -@@ -7357,7 +8053,7 @@ +@@ -7357,7 +7561,7 @@ echo $ac_n "checking whether to include scp statistics at all""... $ac_c" 1>&6 -echo "configure:7361: checking whether to include scp statistics at all" >&5 -+echo "configure:8057: checking whether to include scp statistics at all" >&5 ++echo "configure:7565: checking whether to include scp statistics at all" >&5 # Check whether --with-scp-stats or --without-scp-stats was given. if test "${with_scp_stats+set}" = set; then withval="$with_scp_stats" -@@ -7383,7 +8079,7 @@ +@@ -7383,7 +7587,7 @@ echo $ac_n "checking whether to enable scp statistics""... $ac_c" 1>&6 -echo "configure:7387: checking whether to enable scp statistics" >&5 -+echo "configure:8083: checking whether to enable scp statistics" >&5 ++echo "configure:7591: checking whether to enable scp statistics" >&5 # Check whether --enable-scp-stats or --disable-scp-stats was given. if test "${enable_scp_stats+set}" = set; then enableval="$enable_scp_stats" -@@ -7409,7 +8105,7 @@ +@@ -7409,7 +7613,7 @@ echo $ac_n "checking whether to enable scp statistics for all files""... $ac_c" 1>&6 -echo "configure:7413: checking whether to enable scp statistics for all files" >&5 -+echo "configure:8109: checking whether to enable scp statistics for all files" >&5 ++echo "configure:7617: checking whether to enable scp statistics for all files" >&5 # Check whether --enable-all-scp-stats or --disable-all-scp-stats was given. if test "${enable_all_scp_stats+set}" = set; then enableval="$enable_all_scp_stats" -@@ -7434,6 +8130,8 @@ - fi - - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - # Check whether --enable-asm or --disable-asm was given. -@@ -7445,7 +8143,7 @@ +@@ -7445,7 +7649,7 @@ PIDDIR="/var/run" echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6 -echo "configure:7449: checking where to put sshd.pid" >&5 -+echo "configure:8147: checking where to put sshd.pid" >&5 ++echo "configure:7653: checking where to put sshd.pid" >&5 if test '!' -d $PIDDIR; then PIDDIR="$ETCDIR" fi -@@ -7505,7 +8203,7 @@ +@@ -7505,7 +7709,7 @@ # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | @@ -4474,7 +3885,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote substitution # turns \\\\ into \\, and sed turns \\ into \). -@@ -7572,7 +8270,7 @@ +@@ -7572,7 +7776,7 @@ echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) @@ -4483,7 +3894,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; -@@ -7583,7 +8281,7 @@ +@@ -7583,7 +7787,7 @@ ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" @@ -4492,7 +3903,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ EOF cat >> $CONFIG_STATUS <<EOF -@@ -7592,9 +8290,11 @@ +@@ -7592,9 +7796,11 @@ s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF $ac_vpsub $extrasub @@ -4504,7 +3915,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g -@@ -7623,6 +8323,7 @@ +@@ -7623,6 +7829,7 @@ s%@LIBOBJS@%$LIBOBJS%g s%@LN_S@%$LN_S%g s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g @@ -4512,7 +3923,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ s%@INSTALL_DATA@%$INSTALL_DATA%g s%@AR@%$AR%g s%@RANLIB@%$RANLIB%g -@@ -7641,6 +8342,9 @@ +@@ -7641,6 +7848,9 @@ s%@KERBEROS_INCS@%$KERBEROS_INCS%g s%@KERBEROS_LIBS@%$KERBEROS_LIBS%g s%@KERBEROS_OBJS@%$KERBEROS_OBJS%g @@ -4522,7 +3933,7 @@ $NetBSD: patch-aj,v 1.11 2000/03/18 04:35:23 itojun Exp $ s%@WRAPLIBS@%$WRAPLIBS%g s%@subdirs@%$subdirs%g s%@ETCDIR@%$ETCDIR%g -@@ -7691,7 +8395,7 @@ +@@ -7691,7 +7901,7 @@ cat >> $CONFIG_STATUS <<EOF diff --git a/security/ssh/patches/patch-aq b/security/ssh/patches/patch-aq index 0e6dc262f78..19dc4951b89 100644 --- a/security/ssh/patches/patch-aq +++ b/security/ssh/patches/patch-aq @@ -1,7 +1,7 @@ -$NetBSD: patch-aq,v 1.5 1999/12/25 05:28:36 kim Exp $ +$NetBSD: patch-aq,v 1.6 2000/03/20 02:25:52 itojun Exp $ ---- newchannels.c.orig Wed May 12 07:19:27 1999 -+++ newchannels.c Fri Dec 24 22:01:15 1999 +--- newchannels.c- Wed May 12 20:19:27 1999 ++++ newchannels.c Mon Mar 20 09:47:24 2000 @@ -274,7 +274,7 @@ #include "authfd.h" #include "emulate.h" @@ -42,401 +42,7 @@ $NetBSD: patch-aq,v 1.5 1999/12/25 05:28:36 kim Exp $ { struct request_info req; struct servent *serv; -@@ -1405,13 +1407,29 @@ - int host_port, int gatewayports) - { - int ch, sock; -- struct sockaddr_in sin; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = gatewayports ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ packet_disconnect("getaddrinfo: fatal error"); -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create a port to listen for the host. */ -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - -@@ -1421,21 +1439,10 @@ - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -- /* Initialize socket address. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- if (gatewayports) -- sin.sin_addr.s_addr = INADDR_ANY; -- else --#ifdef BROKEN_INET_ADDR -- sin.sin_addr.s_addr = inet_network("127.0.0.1"); --#else /* BROKEN_INET_ADDR */ -- sin.sin_addr.s_addr = inet_addr("127.0.0.1"); --#endif /* BROKEN_INET_ADDR */ -- sin.sin_port = htons(port); -- -+ debug("Listening on %s port %s.", ntop, strport); -+ - /* Bind the socket to the address. */ -- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ -@@ -1448,6 +1455,9 @@ - strcpy(channels[ch].path, host); /* note: host name stored here */ - channels[ch].host_port = host_port; /* port on host to connect to */ - channels[ch].listening_port = port; /* port being listened */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); - } - - /* Initiate forwarding of connections to port "port" on remote host through -@@ -1636,9 +1646,10 @@ - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; -- struct sockaddr_in sin; - char *host, *originator_string; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -@@ -1678,36 +1689,15 @@ - } - } - -- memset(&sin, 0, sizeof(sin)); --#ifdef BROKEN_INET_ADDR -- sin.sin_addr.s_addr = inet_network(host); --#else /* BROKEN_INET_ADDR */ -- sin.sin_addr.s_addr = inet_addr(host); --#endif /* BROKEN_INET_ADDR */ -- if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", host_port); -+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - { -- /* It was a valid numeric host address. */ -- sin.sin_family = AF_INET; -- } -- else -- { -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(host); -- if (!hp) -- { -- error("%.100s: unknown host.", host); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", host); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -+ error("%.100s: unknown host (%s)", host, gai_strerror(gaierr)); -+ goto fail; - } -- sin.sin_port = htons(host_port); - - #ifdef F_SECURE_COMMERCIAL - -@@ -1744,8 +1734,15 @@ - - #endif /* F_SECURE_COMMERCIAL */ - -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create the socket. */ -- sock = socket(sin.sin_family, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -@@ -1753,15 +1750,25 @@ - } - - /* Connect to the host/port. */ -- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("connect %.100s:%d: %.100s", host, host_port, -- strerror(errno)); -+ debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); - close(sock); -+ continue; /* fail -- try next */ -+ } -+ break; /* success */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ -+ if (!ai) -+ { -+ error("connect %.100s:%d: failed.", host, host_port); - goto fail; - } - - /* Successful connection. */ -+ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); -@@ -1803,7 +1810,10 @@ - { - extern ServerOptions options; - int display_number, port, sock; -- struct sockaddr_in sin; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+#define NUM_SOCKS 10 -+ int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS]; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; -@@ -1817,12 +1827,21 @@ - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr.s_addr = INADDR_ANY; -- sin.sin_port = htons(port); -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) -+ { -+ error("getaddrinfo: %.100s", gai_strerror(gaierr)); -+ return NULL; -+ } -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { - -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -@@ -1835,13 +1854,26 @@ - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -- continue; -+ for (n = 0; n < num_socks; n++) -+ { -+ shutdown(socks[n], 2); -+ close(socks[n]); -+ } -+ num_socks = 0; -+ break; - } -+ -+ socks[num_socks++] = sock; -+ if (num_socks == NUM_SOCKS) -+ break; -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ -+ if (num_socks > 0) - break; - } - if (display_number >= MAX_DISPLAYS) -@@ -1851,13 +1883,22 @@ - } - - /* Start listening for connections on the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - if (listen(sock, 5) < 0) - { - error("listen: %.100s", strerror(errno)); - shutdown(sock, 2); - close(sock); -+ for (nn = 0; nn < n; nn++) -+ { -+ shutdown(socks[nn], 2); -+ close(socks[nn]); -+ } - return NULL; - } -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Set up a suitable value for the DISPLAY variable. */ - #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE -@@ -1868,10 +1909,11 @@ - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -- struct hostent *hp; -- struct in_addr addr; -- hp = gethostbyname(hostname); -- if (hp == NULL || !hp->h_addr_list[0]) -+ struct addrinfo hints, *ai; -+ char ntop[ADDRSTRLEN]; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", -@@ -1880,9 +1922,10 @@ - close(sock); - return NULL; - } -- memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - snprintf(buf, sizeof(buf), -- "%.100s:%d.%d", inet_ntoa(addr), display_number, -+ "%.100s:%d.%d", ntop, display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ -@@ -1900,8 +1943,12 @@ - #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ - - /* Allocate a channel for the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, - xstrdup("X11 inet listener")); -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Return a suitable value for the DISPLAY environment variable. */ - return xstrdup(buf); -@@ -1916,9 +1963,10 @@ - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; -- struct sockaddr_in sin; - char buf[255], *cp, *remote_host; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -@@ -2058,59 +2106,54 @@ - goto fail; - } - -- /* Try to parse the host name as a numeric IP address. */ -- memset(&sin, 0, sizeof(sin)); --#ifdef BROKEN_INET_ADDR -- sin.sin_addr.s_addr = inet_network(buf); --#else /* BROKEN_INET_ADDR */ -- sin.sin_addr.s_addr = inet_addr(buf); --#endif /* BROKEN_INET_ADDR */ -- if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -+ /* Look up the host address */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", 6000 + display_number); -+ if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) - { -- /* It was a valid numeric host address. */ -- sin.sin_family = AF_INET; -+ error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); -+ goto fail; - } -- else -+ -+ for (ai = aitop; ai; ai = ai->ai_next) - { -- /* Not a numeric IP address. */ -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(buf); -- if (!hp) -- { -- error("%.100s: unknown host.", buf); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", buf); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -- } -- /* Set port number. */ -- sin.sin_port = htons(6000 + display_number); - - /* Create a socket. */ -- sock = socket(sin.sin_family, SOCK_STREAM, 0); -+ sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { -- error("socket: %.100s", strerror(errno)); -- goto fail; -+ debug("socket: %.100s", strerror(errno)); -+ continue; - } - /* Connect it to the display. */ -- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ debug("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); -+ continue; -+ } -+ /* Success */ -+ break; -+ -+ } /* (ai = aitop, ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ if (!ai) -+ { -+ error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ strerror(errno)); - goto fail; - } +@@ -2110,7 +2112,11 @@ success: /* We have successfully obtained a connection to the real X display. */ @@ -449,7 +55,7 @@ $NetBSD: patch-aq,v 1.5 1999/12/25 05:28:36 kim Exp $ #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) (void)fcntl(sock, F_SETFL, O_NONBLOCK); #else /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ -@@ -2412,6 +2455,10 @@ +@@ -2412,6 +2418,10 @@ ssh-agent connections on your system */ old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); diff --git a/security/ssh/patches/patch-ar b/security/ssh/patches/patch-ar index 7d5b2ea271b..57b7803f945 100644 --- a/security/ssh/patches/patch-ar +++ b/security/ssh/patches/patch-ar @@ -1,7 +1,7 @@ -$NetBSD: patch-ar,v 1.1 1999/12/25 05:28:36 kim Exp $ +$NetBSD: patch-ar,v 1.2 2000/03/20 02:25:52 itojun Exp $ ---- acconfig.h.orig Wed May 12 07:19:23 1999 -+++ acconfig.h Fri Dec 24 21:50:38 1999 +--- acconfig.h- Wed May 12 20:19:23 1999 ++++ acconfig.h Mon Mar 20 09:47:20 2000 @@ -247,16 +247,23 @@ /* Define this if your gettimeofday doesn't have TZ parameter */ #undef HAVE_NO_TZ_IN_GETTIMEOFDAY @@ -33,28 +33,3 @@ $NetBSD: patch-ar,v 1.1 1999/12/25 05:28:36 kim Exp $ /* Define this if you dont have SIGINFO as signal but some other macro */ #undef HAVE_INCOMPATIBLE_SIGINFO -@@ -273,6 +280,24 @@ - /* File used to override /etc/nologin on a per-user basis. The default is - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW -+ -+/* Define this if you have struct sockaddr_storage. */ -+#undef HAVE_SOCKADDR_STORAGE -+ -+/* Define this if you have __sa_family in struct sockaddr_storage. */ -+#undef HAVE_NEW_SS_FAMILY -+ -+/* Define this if you have ss_len in struct sockaddr. */ -+#undef HAVE_SOCKADDR_LEN -+ -+/* Define this if you want to enable IPv6 support. */ -+#undef ENABLE_IPV6 -+ -+/* Define this if you want to enable another port try support. */ -+#undef ENABLE_ANOTHER_PORT_TRY -+ -+/* Define this if you want to enable logging auth info support. */ -+#undef ENABLE_LOG_AUTH - - /* Where to find the X11 socket */ - #undef X11_DIR diff --git a/security/ssh/patches/patch-au b/security/ssh/patches/patch-au index e6cbf28e1f7..66e1242660e 100644 --- a/security/ssh/patches/patch-au +++ b/security/ssh/patches/patch-au @@ -1,16 +1,7 @@ -$NetBSD: patch-au,v 1.4 1999/12/25 05:28:36 kim Exp $ +$NetBSD: patch-au,v 1.5 2000/03/20 02:25:52 itojun Exp $ --- login.c.orig Wed May 12 07:19:26 1999 +++ login.c Fri Dec 24 22:01:25 1999 -@@ -255,7 +255,7 @@ - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -- const char *host, struct sockaddr_in *addr) -+ const char *host, struct sockaddr *addr) - { - int fd; - @@ -271,7 +271,22 @@ struct utmp u, u2; off_t offset; diff --git a/security/ssh/patches/patch-az b/security/ssh/patches/patch-az index ec78f9a8042..e1a919d63ac 100644 --- a/security/ssh/patches/patch-az +++ b/security/ssh/patches/patch-az @@ -1,7 +1,7 @@ -$NetBSD: patch-az,v 1.1 1999/12/25 05:28:36 kim Exp $ +$NetBSD: patch-az,v 1.2 2000/03/20 02:25:53 itojun Exp $ ---- config.h.in.orig Wed May 12 07:20:04 1999 -+++ config.h.in Fri Dec 24 21:50:38 1999 +--- config.h.in- Wed May 12 20:20:04 1999 ++++ config.h.in Mon Mar 20 09:47:20 2000 @@ -244,12 +244,6 @@ /* Support for Secure RPC */ #undef SECURE_RPC @@ -46,51 +46,7 @@ $NetBSD: patch-az,v 1.1 1999/12/25 05:28:36 kim Exp $ /* Define this if you dont have SIGINFO as signal but some other macro */ #undef HAVE_INCOMPATIBLE_SIGINFO -@@ -323,6 +324,24 @@ - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+/* Define this if you have struct sockaddr_storage. */ -+#undef HAVE_SOCKADDR_STORAGE -+ -+/* Define this if you have __sa_family in struct sockaddr_storage. */ -+#undef HAVE_NEW_SS_FAMILY -+ -+/* Define this if you have ss_len in struct sockaddr. */ -+#undef HAVE_SOCKADDR_LEN -+ -+/* Define this if you want to enable IPv6 support. */ -+#undef ENABLE_IPV6 -+ -+/* Define this if you want to enable another port try support. */ -+#undef ENABLE_ANOTHER_PORT_TRY -+ -+/* Define this if you want to enable logging auth info support. */ -+#undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - -@@ -375,12 +394,18 @@ - /* Define if you have the ftruncate function. */ - #undef HAVE_FTRUNCATE - -+/* Define if you have the getaddrinfo function. */ -+#undef HAVE_GETADDRINFO -+ - /* Define if you have the getdtablesize function. */ - #undef HAVE_GETDTABLESIZE - - /* Define if you have the gethostname function. */ - #undef HAVE_GETHOSTNAME - -+/* Define if you have the getnameinfo function. */ -+#undef HAVE_GETNAMEINFO -+ - /* Define if you have the getpseudotty function. */ - #undef HAVE_GETPSEUDOTTY - -@@ -518,6 +543,9 @@ +@@ -518,6 +519,9 @@ /* Define if you have the <sys/dir.h> header file. */ #undef HAVE_SYS_DIR_H diff --git a/security/ssh/patches/patch-bd b/security/ssh/patches/patch-bd index d2755277c99..6455110898f 100644 --- a/security/ssh/patches/patch-bd +++ b/security/ssh/patches/patch-bd @@ -1,8 +1,8 @@ -$NetBSD: patch-bd,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bd,v 1.2 2000/03/20 02:25:55 itojun Exp $ ---- readconf.c.orig Wed May 12 07:19:27 1999 -+++ readconf.c Fri Dec 24 21:50:42 1999 -@@ -170,7 +170,13 @@ +--- readconf.c- Wed May 12 20:19:27 1999 ++++ readconf.c Mon Mar 20 09:47:24 2000 +@@ -170,6 +170,9 @@ oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, @@ -10,23 +10,9 @@ $NetBSD: patch-bd,v 1.1 1999/12/25 05:28:37 kim Exp $ + oAFSTokenPassing, +#endif /* AFS */ oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ oAnotherPort, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost } OpCodes; - -@@ -194,6 +200,9 @@ - { "hostname", oHostName }, - { "proxycommand", oProxyCommand }, - { "port", oPort }, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ { "anotherport", oAnotherPort }, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - { "cipher", oCipher }, - { "remoteforward", oRemoteForward }, - { "localforward", oLocalForward }, -@@ -213,6 +222,9 @@ +@@ -213,6 +216,9 @@ { "useprivilegedport", oUsePrivilegedPort }, { "kerberosauthentication", oKerberosAuthentication }, { "kerberostgtpassing", oKerberosTgtPassing }, @@ -36,7 +22,7 @@ $NetBSD: patch-bd,v 1.1 1999/12/25 05:28:37 kim Exp $ { "clearallforwardings", oClearAllForwardings }, { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "xauthlocation", oXauthPath }, -@@ -354,6 +366,12 @@ +@@ -354,6 +360,12 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; @@ -49,20 +35,7 @@ $NetBSD: patch-bd,v 1.1 1999/12/25 05:28:37 kim Exp $ case oFallBackToRsh: intptr = &options->fallback_to_rsh; goto parse_flag; -@@ -497,6 +515,12 @@ - *intptr = value; - break; - -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ case oAnotherPort: -+ intptr = &options->another_port; -+ goto parse_int; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case oConnectionAttempts: - intptr = &options->connection_attempts; - goto parse_int; -@@ -678,6 +702,9 @@ +@@ -678,6 +690,9 @@ options->rsa_authentication = -1; options->kerberos_authentication = -1; options->kerberos_tgt_passing = -1; @@ -72,17 +45,7 @@ $NetBSD: patch-bd,v 1.1 1999/12/25 05:28:37 kim Exp $ options->tis_authentication = -1; options->password_authentication = -1; options->rhosts_rsa_authentication = -1; -@@ -689,6 +716,9 @@ - options->keepalives = -1; - options->compression_level = -1; - options->port = -1; -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ options->another_port = -1; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - options->connection_attempts = -1; - options->number_of_password_prompts = -1; - options->password_prompt_login = -1; -@@ -724,17 +754,19 @@ +@@ -724,17 +739,19 @@ if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->kerberos_authentication == -1) @@ -108,14 +71,3 @@ $NetBSD: patch-bd,v 1.1 1999/12/25 05:28:37 kim Exp $ if (options->tis_authentication == -1) options->tis_authentication = 0; if (options->password_authentication == -1) -@@ -759,6 +791,10 @@ - options->compression_level = 6; - if (options->port == -1) - options->port = 0; /* Filled in ssh_connect. */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ if (options->another_port == -1) -+ options->another_port = 0; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - if (options->connection_attempts == -1) - options->connection_attempts = 4; - if (options->number_of_password_prompts == -1) diff --git a/security/ssh/patches/patch-be b/security/ssh/patches/patch-be index f531e8004ce..cd1f1ff0211 100644 --- a/security/ssh/patches/patch-be +++ b/security/ssh/patches/patch-be @@ -1,7 +1,7 @@ -$NetBSD: patch-be,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-be,v 1.2 2000/03/20 02:25:55 itojun Exp $ ---- readconf.h.orig Wed May 12 07:19:27 1999 -+++ readconf.h Fri Dec 24 21:50:42 1999 +--- readconf.h- Wed May 12 20:19:27 1999 ++++ readconf.h Mon Mar 20 09:47:24 2000 @@ -85,6 +85,9 @@ int rsa_authentication; /* Try RSA authentication. */ int kerberos_authentication; /* Try Kerberos authentication. */ @@ -12,13 +12,3 @@ $NetBSD: patch-be,v 1.1 1999/12/25 05:28:37 kim Exp $ int tis_authentication; /* Try TIS authsrv authentication. */ int password_authentication; /* Try password authentication. */ int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ -@@ -98,6 +101,9 @@ - int use_privileged_port; /* Use privileged port */ - - int port; /* Port to connect. */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port; /* Port to connect for -A option. */ -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int connection_attempts; /* Max attempts (seconds) before giving up */ - int number_of_password_prompts; /* Max number of password prompts */ - int password_prompt_login; /* Show remote login at password prompt */ diff --git a/security/ssh/patches/patch-bf b/security/ssh/patches/patch-bf index aa10e57e19a..b6f2c8c5652 100644 --- a/security/ssh/patches/patch-bf +++ b/security/ssh/patches/patch-bf @@ -1,29 +1,8 @@ -$NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bf,v 1.2 2000/03/20 02:25:55 itojun Exp $ ---- servconf.c.orig Wed May 12 07:19:28 1999 -+++ servconf.c Fri Dec 24 21:50:42 1999 -@@ -81,8 +81,8 @@ - void initialize_server_options(ServerOptions *options) - { - memset(options, 0, sizeof(*options)); -- options->port = -1; -- options->listen_addr.s_addr = INADDR_ANY; -+ options->num_ports = 0; -+ options->listen_addrs = NULL; - options->host_key_file = NULL; - options->random_seed_file = NULL; - options->pid_file = NULL; -@@ -92,6 +92,9 @@ - options->permit_root_login = -1; - options->ignore_rhosts = -1; - options->ignore_root_rhosts = -1; -+#ifdef ENABLE_LOG_AUTH -+ options->log_auth = -1; -+#endif /* ENABLE_LOG_AUTH */ - options->quiet_mode = -1; - options->fascist_logging = -1; - options->print_motd = -1; -@@ -106,6 +109,12 @@ +--- servconf.c- Wed May 12 20:19:28 1999 ++++ servconf.c Mon Mar 20 09:47:32 2000 +@@ -106,6 +106,12 @@ options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_tgt_passing = -1; @@ -36,48 +15,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $ options->tis_authentication = -1; options->allow_tcp_forwarding = -1; options->password_authentication = -1; -@@ -138,16 +147,31 @@ - - void fill_default_server_options(ServerOptions *options) - { -- if (options->port == -1) -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int i; -+ -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ if (options->listen_addrs == NULL) - { -- struct servent *sp; -- -- sp = getservbyname(SSH_SERVICE_NAME, "tcp"); -- if (sp) -- options->port = ntohs(sp->s_port); -- else -- options->port = SSH_DEFAULT_PORT; -- endservent(); -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ { -+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ /* freeaddrinfo(options->listen_addrs) in sshd.c */ - } - if (options->host_key_file == NULL) - options->host_key_file = HOST_KEY_FILE; -@@ -190,19 +214,27 @@ +@@ -190,19 +196,27 @@ if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->kerberos_authentication == -1) @@ -111,16 +49,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $ if (options->allow_tcp_forwarding == -1) options->allow_tcp_forwarding = 1; if (options->tis_authentication == -1) -@@ -243,13 +275,23 @@ - { - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, -+#ifdef ENABLE_LOG_AUTH -+ sLogAuth, -+#endif /* ENABLE_LOG_AUTH */ - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, - sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, - sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, +@@ -249,7 +263,14 @@ sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout, sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, @@ -136,17 +65,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $ sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts, sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays, sAccountExpireWarningDays -@@ -275,6 +317,9 @@ - { "quietmode", sQuietMode }, - { "fascistlogging", sFascistLogging }, - { "syslogfacility", sLogFacility }, -+#ifdef ENABLE_LOG_AUTH -+ { "logauth", sLogAuth }, -+#endif /* ENABLE_LOG_AUTH */ - { "rhostsauthentication", sRhostsAuthentication }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication }, - { "rsaauthentication", sRSAAuthentication }, -@@ -313,6 +358,12 @@ +@@ -313,6 +334,12 @@ { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberostgtpassing", sKerberosTgtPassing }, @@ -159,77 +78,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $ { "allowtcpforwarding", sAllowTcpForwarding }, { "xauthlocation", sXauthPath }, { "checkmail", sCheckMail }, -@@ -367,6 +418,9 @@ - char *cp, **charptr; - int linenum, *intptr, i, value; - ServerOpCodes opcode; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - f = fopen(filename, "r"); - if (!f) -@@ -389,7 +443,14 @@ - switch (opcode) - { - case sPort: -- intptr = &options->port; -+ if (options->num_ports >= MAX_PORTS) -+ { -+ fprintf(stderr, "%s line %d: too many ports.\n", -+ filename, linenum); -+ exit(1); -+ } -+ options->ports[options->num_ports] = -1; -+ intptr = &options->ports[options->num_ports++]; - parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) -@@ -452,11 +513,25 @@ - filename, linenum); - exit(1); - } --#ifdef BROKEN_INET_ADDR -- options->listen_addr.s_addr = inet_network(cp); --#else /* BROKEN_INET_ADDR */ -- options->listen_addr.s_addr = inet_addr(cp); --#endif /* BROKEN_INET_ADDR */ -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) -+ { -+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", -+ filename, linenum, gai_strerror(gaierr)); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ - break; - - case sHostKeyFile: -@@ -532,6 +607,12 @@ - *intptr = value; - break; - -+#ifdef ENABLE_LOG_AUTH -+ case sLogAuth: -+ intptr = &options->log_auth; -+ goto parse_flag; -+#endif /* ENABLE_LOG_AUTH */ -+ - case sIgnoreRhosts: - intptr = &options->ignore_rhosts; - goto parse_flag; -@@ -571,6 +652,18 @@ +@@ -571,6 +598,18 @@ case sKerberosTgtPassing: intptr = &options->kerberos_tgt_passing; goto parse_flag; diff --git a/security/ssh/patches/patch-bg b/security/ssh/patches/patch-bg index 30dc7459fef..c380db24c9d 100644 --- a/security/ssh/patches/patch-bg +++ b/security/ssh/patches/patch-bg @@ -1,39 +1,8 @@ -$NetBSD: patch-bg,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bg,v 1.2 2000/03/20 02:25:56 itojun Exp $ ---- servconf.h.orig Wed May 12 07:19:28 1999 -+++ servconf.h Fri Dec 24 21:50:42 1999 -@@ -64,6 +64,8 @@ - #ifndef SERVCONF_H - #define SERVCONF_H - -+#define MAX_PORTS 256 /* Max # hosts on allow list. */ -+ - #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ - #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ - #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ -@@ -82,8 +84,9 @@ - - typedef struct - { -- int port; /* Port number to listen on. */ -- struct in_addr listen_addr; /* Address on which the server listens. */ -+ unsigned int num_ports; -+ int ports[MAX_PORTS]; /* Port number to listen on. */ -+ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */ - char *host_key_file; /* File containing host key. */ - char *random_seed_file; /* File containing random seed. */ - char *pid_file; /* File containing process ID number. */ -@@ -91,6 +94,9 @@ - int login_grace_time; /* Disconnect if no auth in this time (sec). */ - int key_regeneration_time; /* Server key lifetime (seconds). */ - int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ -+#ifdef ENABLE_LOG_AUTH -+ int log_auth; /* If true, log authentication info. */ -+#endif /* ENABLE_LOG_AUTH */ - int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, - defaults to ignore_rhosts if not given. */ -@@ -111,6 +117,12 @@ +--- servconf.h- Wed May 12 20:19:28 1999 ++++ servconf.h Mon Mar 20 09:47:32 2000 +@@ -111,6 +111,12 @@ password authentication mechanism, such as SecurID or /etc/passwd */ int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */ diff --git a/security/ssh/patches/patch-bi b/security/ssh/patches/patch-bi index 2d949252709..1d4424cdbe0 100644 --- a/security/ssh/patches/patch-bi +++ b/security/ssh/patches/patch-bi @@ -1,33 +1,8 @@ -$NetBSD: patch-bi,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bi,v 1.2 2000/03/20 02:25:56 itojun Exp $ ---- ssh.c.orig Wed May 12 07:19:28 1999 -+++ ssh.c Fri Dec 24 21:50:42 1999 -@@ -218,6 +218,14 @@ - other functions. */ - RandomState random_state; - -+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ - /* Flag indicating whether debug mode is on. This can be set on the - command line. */ - int debug_flag = 0; -@@ -277,12 +285,19 @@ - { - fprintf(stderr, "Usage: %s [options] host [command]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only.\n"); -+#ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only.\n"); -+#endif -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ fprintf(stderr, " -A Try to connect to another port before original port.\n"); -+#endif /* ENABLE_ANOTHER_PORT_TRY */ +--- ssh.c- Wed May 12 20:19:28 1999 ++++ ssh.c Mon Mar 20 09:47:32 2000 +@@ -280,9 +280,9 @@ fprintf(stderr, " -l user Log in using this user name.\n"); fprintf(stderr, " -n Redirect input from /dev/null.\n"); fprintf(stderr, " -a Disable authentication agent forwarding.\n"); @@ -40,44 +15,7 @@ $NetBSD: patch-bi,v 1.1 1999/12/25 05:28:37 kim Exp $ #ifndef SSH_NO_X11_FORWARDING fprintf(stderr, " -x Disable X11 connection forwarding.\n"); #endif -@@ -413,6 +428,9 @@ - #ifdef SIGWINCH - struct winsize ws; - #endif /* SIGWINCH */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port_flag = 0; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - - /* Save the original real uid. It will be needed later (uid-swapping may - clobber the real uid). */ -@@ -522,6 +540,26 @@ - } - switch (opt) - { -+ case '4': -+#ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+#else -+ IPv4or6 = AF_INET; -+#endif -+ break; -+ -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+#endif -+ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ case 'A': -+ another_port_flag = 1; -+ break; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case 'n': - stdin_null_flag = 1; - break; -@@ -541,6 +579,9 @@ +@@ -541,6 +541,9 @@ case 'k': options.kerberos_tgt_passing = 0; @@ -87,22 +25,3 @@ $NetBSD: patch-bi,v 1.1 1999/12/25 05:28:37 kim Exp $ break; case 'i': -@@ -789,11 +830,18 @@ - { - use_privileged_port = 0; - } -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ if (!another_port_flag) -+ options.another_port = 0; -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - /* Open a connection to the remote host. This needs root privileges if - rhosts_authentication is true. Note that the random_state is not - yet used by this call, although a pointer to it is stored, and thus it - need not be initialized. */ - ok = ssh_connect(host, options.port, options.connection_attempts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ options.another_port, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - !use_privileged_port, - original_real_uid, options.proxy_command, &random_state); - diff --git a/security/ssh/patches/patch-bj b/security/ssh/patches/patch-bj index 48fea92d6dc..b23c857789e 100644 --- a/security/ssh/patches/patch-bj +++ b/security/ssh/patches/patch-bj @@ -1,7 +1,7 @@ -$NetBSD: patch-bj,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bj,v 1.2 2000/03/20 02:25:56 itojun Exp $ ---- ssh.h.orig Wed May 12 07:19:28 1999 -+++ ssh.h Fri Dec 24 21:50:42 1999 +--- ssh.h- Wed May 12 20:19:28 1999 ++++ ssh.h Mon Mar 20 09:47:32 2000 @@ -176,6 +176,16 @@ #include "randoms.h" #include "cipher.h" @@ -58,26 +58,7 @@ $NetBSD: patch-bj,v 1.1 1999/12/25 05:28:37 kim Exp $ /* define this and debug() will print local hostname */ #define LOCAL_HOSTNAME_IN_DEBUG 1 -@@ -430,7 +447,7 @@ - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -- const char *host, struct sockaddr_in *addr); -+ const char *host, struct sockaddr *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ -@@ -447,6 +464,9 @@ - connection is successful, this calls packet_set_connection for the - connection. */ - int ssh_connect(const char *host, int port, int connection_attempts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state); - -@@ -479,12 +499,12 @@ +@@ -479,12 +496,12 @@ /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ @@ -93,64 +74,3 @@ $NetBSD: patch-bj,v 1.1 1999/12/25 05:28:37 kim Exp $ /* Performs the RSA authentication dialog with the client. This returns 0 if the client could not be authenticated, and 1 if authentication was -@@ -872,5 +892,60 @@ - #else - #define UID_ROOT 0 - #endif -+ -+#ifdef HAVE_SOCKADDR_STORAGE -+#ifndef HAVE_NEW_SS_FAMILY -+#define __ss_len ss_len -+#define __ss_family ss_family -+#endif -+#else -+#define _SS_MAXSIZE 128 /* Implementation specific max size */ -+#define _SS_ALIGNSIZE (sizeof(int)) -+#define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) -+#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ -+ _SS_PAD1SIZE + _SS_ALIGNSIZE)) -+struct sockaddr_storage { -+#ifdef HAVE_SOCKADDR_LEN -+ u_char __ss_len; -+ u_char __ss_family; -+#else -+ u_short __ss_family; -+#endif -+ char __ss_pad1[_SS_PAD1SIZE]; -+ int __ss_align; -+ char __ss_pad2[_SS_PAD2SIZE]; -+}; -+#endif -+ -+#ifdef INET6_ADDRSTRLEN -+#define ADDRSTRLEN INET6_ADDRSTRLEN -+#else -+#define ADDRSTRLEN 46 -+#endif -+ -+#define PORTSTRLEN 16 -+ -+/* AF_UNSPEC or AF_INET or AF_INET6 */ -+extern int IPv4or6; -+ -+#ifndef ENABLE_IPV6 -+/* dummy value for old netdb.h */ -+#ifndef AI_PASSIVE -+#define AI_PASSIVE 1 -+#define NI_NUMERICHOST 2 -+#define NI_NAMEREQD 4 -+#define NI_NUMERICSERV 8 -+struct addrinfo { -+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ -+ int ai_family; /* PF_xxx */ -+ int ai_socktype; /* SOCK_xxx */ -+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ -+ size_t ai_addrlen; /* length of ai_addr */ -+ char *ai_canonname; /* canonical name for hostname */ -+ struct sockaddr *ai_addr; /* binary address */ -+ struct addrinfo *ai_next; /* next structure in linked list */ -+}; -+#endif -+#endif /* not ENABLE_IPV6 */ - - #endif /* SSH_H */ diff --git a/security/ssh/patches/patch-bk b/security/ssh/patches/patch-bk index f976745d6da..b18f6e4eb54 100644 --- a/security/ssh/patches/patch-bk +++ b/security/ssh/patches/patch-bk @@ -1,7 +1,7 @@ -$NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bk,v 1.2 2000/03/20 02:25:57 itojun Exp $ ---- sshconnect.c.orig Wed May 12 07:19:29 1999 -+++ sshconnect.c Fri Dec 24 21:50:42 1999 +--- sshconnect.c- Wed May 12 20:19:29 1999 ++++ sshconnect.c Mon Mar 20 09:55:37 2000 @@ -215,7 +215,6 @@ #include "userfile.h" #include "emulate.h" @@ -31,292 +31,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ /* Session id for the current session. */ unsigned char session_id[16]; -@@ -337,7 +348,7 @@ - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - --int ssh_create_socket(uid_t original_real_uid, int privileged) -+int ssh_create_socket(uid_t original_real_uid, int privileged, int family) - { - int sock; - -@@ -345,41 +356,48 @@ - bind our own socket to a privileged port. */ - if (privileged) - { -- struct sockaddr_in sin; -+ struct addrinfo hints, *ai = NULL; -+ int errgai; -+ char strport[PORTSTRLEN]; - int p; - for (p = 1023; p > 512; p--) - { -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) - fatal("socket: %.100s", strerror(errno)); - -- /* Initialize the desired sockaddr_in structure. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr.s_addr = INADDR_ANY; -- sin.sin_port = htons(p); -+ /* Initialize the desired addrinfo structure. */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = family; -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", p); -+ if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) -+ fatal("getaddrinfo: %.100s", gai_strerror(errgai)); - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -- if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) -+ if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #else /* SOCKS */ -- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) -+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); -+ freeaddrinfo(ai); - continue; - } - fatal("bind: %.100s", strerror(errno)); - } - debug("Allocated local port %d.", p); -+ freeaddrinfo(ai); - } - else - { - /* Just create an ordinary socket on arbitrary port. */ -- sock = socket(AF_INET, SOCK_STREAM, 0); -+ sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) - fatal("socket: %.100s", strerror(errno)); - } -@@ -396,14 +414,19 @@ - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -- struct hostent *hp; -- struct sockaddr_in hostaddr; -+ struct addrinfo hints, *ai, *aitop, *aitmp; -+ struct sockaddr_storage hostaddr; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int gaierr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ -@@ -421,10 +444,6 @@ - port = SSH_DEFAULT_PORT; - } - -- /* Map localhost to ip-address locally */ -- if (strcmp(host, "localhost") == 0) -- host = "127.0.0.1"; -- - /* If a proxy command is given, connect using it. */ - if (proxy_command != NULL && *proxy_command) - return ssh_proxy_connect(host, port, original_real_uid, proxy_command, -@@ -432,9 +451,28 @@ - - /* No proxy command. */ - -- /* No host lookup made yet. */ -- hp = NULL; -- -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -+ fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -+ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ if (another_port) -+ { -+ aitmp = aitop; -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", another_port); -+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -+ fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = aitmp; -+ } -+#endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ -@@ -443,103 +481,27 @@ - if (attempt > 0) - debug("Trying again..."); - -- /* Try to parse the host name as a numeric inet address. */ -- memset(&hostaddr, 0, sizeof(hostaddr)); -- hostaddr.sin_family = AF_INET; -- hostaddr.sin_port = htons(port); --#ifdef BROKEN_INET_ADDR -- hostaddr.sin_addr.s_addr = inet_network(host); --#else /* BROKEN_INET_ADDR */ -- hostaddr.sin_addr.s_addr = inet_addr(host); --#endif /* BROKEN_INET_ADDR */ -- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -- { -- /* Create a socket. */ -- sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -- -- /* Valid numeric IP address */ -- debug("Connecting to %.100s port %d.", -- inet_ntoa(hostaddr.sin_addr), port); -- -- /* Connect to the host. */ --#if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) --#else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) --#endif /* SOCKS */ -- >= 0) -- { -- /* Successful connect. */ -- break; -- } -- debug("connect: %.100s", strerror(errno)); -- -- /* Destroy the failed socket. */ -- shutdown(sock, 2); -- close(sock); -- } -- else -- { -- /* Not a valid numeric inet address. */ -- /* Map host name to an address. */ -- if (!hp) -- { -- struct hostent *hp_static; -- --#if defined(SOCKS5) -- hp_static = Rgethostbyname(host); --#else -- hp_static = gethostbyname(host); --#endif -- if (hp_static) -- { -- hp = xmalloc(sizeof(struct hostent)); -- memcpy(hp, hp_static, sizeof(struct hostent)); -- -- /* Copy list of addresses, not just pointers. -- We don't use h_name & h_aliases so leave them as is */ -- for (i = 0; hp_static->h_addr_list[i]; i++) -- ; /* count them */ -- hp->h_addr_list = xmalloc((i + 1) * -- sizeof(hp_static->h_addr_list[0])); -- for (i = 0; hp_static->h_addr_list[i]; i++) -- { -- hp->h_addr_list[i] = xmalloc(hp->h_length); -- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i], -- hp->h_length); -- } -- hp->h_addr_list[i] = NULL; /* last one */ -- } -- } -- if (!hp) -- fatal("Bad host name: %.100s", host); -- if (!hp->h_addr_list[0]) -- fatal("Host does not have an IP address: %.100s", host); -- - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -- for (i = 0; hp->h_addr_list[i]; i++) -+ for (ai = aitop; ai; ai = ai->ai_next) - { -- /* Set the address to connect to. */ -- hostaddr.sin_family = hp->h_addrtype; -- memcpy(&hostaddr.sin_addr, hp->h_addr_list[i], -- sizeof(hostaddr.sin_addr)); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); - -- debug("Connecting to %.200s [%.100s] port %d.", -- host, inet_ntoa(hostaddr.sin_addr), port); -+ debug("Connecting to %.200s [%.100s] port %s.", -+ host, ntop, strport); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -+ !anonymous && geteuid() == UID_ROOT, -+ ai->ai_family); - - /* Connect to the host. */ - #if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, -- sizeof(hostaddr)) >= 0) -+ if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, -- sizeof(hostaddr)) >= 0) -+ if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ -@@ -552,22 +514,15 @@ - returned an error. */ - shutdown(sock, 2); - close(sock); -- } -- if (hp->h_addr_list[i]) -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ if (ai) - break; /* Successful connection. */ -- } - - /* Sleep a moment before retrying. */ - sleep(1); - } - -- if (hp) -- { -- for (i = 0; hp->h_addr_list[i]; i++) -- xfree(hp->h_addr_list[i]); -- xfree(hp->h_addr_list); -- xfree(hp); -- } -+ freeaddrinfo(aitop); - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) -@@ -578,9 +533,11 @@ - /* Set socket options. We would like the socket to disappear as soon as - it has been closed for whatever reason. */ - /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ -+#if 0 /* XXX */ - #if defined(TCP_NODELAY) && defined(ENABLE_TCP_NODELAY) - setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on)); - #endif /* TCP_NODELAY */ -+#endif /* 0 */ - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - linger.l_onoff = 1; - linger.l_linger = 15; -@@ -932,10 +889,9 @@ +@@ -932,10 +943,9 @@ return 0; } @@ -328,16 +43,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ char *remotehost; krb5_data auth; krb5_error_code r; -@@ -946,7 +902,7 @@ - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -- struct sockaddr_in local, foreign; -+ struct sockaddr_storage local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); -@@ -1084,15 +1040,118 @@ +@@ -1084,15 +1094,118 @@ krb5_free_ap_rep_enc_part(ssh_context, repl); return(ret_stat); @@ -459,7 +165,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ char *remotehost; krb5_principal client; krb5_principal server; -@@ -1172,22 +1231,117 @@ +@@ -1172,22 +1285,117 @@ krb5_free_principal(ssh_context, client); krb5_free_principal(ssh_context, server); @@ -521,7 +227,8 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ + packet_write_wait(); + + return 1; -+} + } +-#endif /* KERBEROS_TGT_PASSING */ + +/* Forwards our AFS tokens to the server. */ +void send_afs_tokens(void) @@ -585,13 +292,12 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ + else if (type != SSH_SMSG_SUCCESS) + packet_disconnect("Protocol error on AFS token response: %d", type); + } - } --#endif /* KERBEROS_TGT_PASSING */ ++} +#endif /* AFS */ /* Waits for the server identification string, and sends our own identification string. */ -@@ -1285,14 +1439,12 @@ +@@ -1285,14 +1493,12 @@ unsigned char check_bytes[8]; unsigned int supported_ciphers, supported_authentications, protocol_flags; HostStatus host_status; @@ -607,7 +313,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ /* Convert the user-supplied hostname into all lowercase. */ host = xstrdup(orighost); -@@ -1595,7 +1747,6 @@ +@@ -1595,7 +1801,6 @@ debug("Received encrypted confirmation."); @@ -615,7 +321,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ #ifdef KRB5 if (!ssh_context) { -@@ -1629,7 +1780,6 @@ +@@ -1629,7 +1834,6 @@ debug("Kerberos V5: could not get default ccache."); } #endif /* KRB5 */ @@ -623,7 +329,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ /* Send the name of the user to log in as on the server. */ packet_start(SSH_CMSG_USER); -@@ -1647,24 +1797,39 @@ +@@ -1647,24 +1851,39 @@ packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); @@ -670,7 +376,7 @@ $NetBSD: patch-bk,v 1.1 1999/12/25 05:28:37 kim Exp $ if (try_kerberos_authentication()) { /* The server should respond with success or failure. */ type = packet_read(); -@@ -1673,10 +1838,8 @@ +@@ -1673,10 +1892,8 @@ if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error: got %d in response to Kerberos auth", type); } diff --git a/security/ssh6/Makefile b/security/ssh6/Makefile new file mode 100644 index 00000000000..0a8a0a24854 --- /dev/null +++ b/security/ssh6/Makefile @@ -0,0 +1,201 @@ +# $NetBSD: Makefile,v 1.1 2000/03/20 02:25:30 itojun Exp $ +# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp +# + +DISTNAME= ssh-1.2.27 +PKGNAME= ssh6-1.2.27 +CATEGORIES= security net +MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \ + ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \ + ftp://ftp.cert.dfn.de/pub/tools/net/ssh/ +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} + +MAINTAINER= packages@netbsd.org +HOMEPAGE= http://www.cs.hut.fi/ssh/ + +CONFLICTS= openssh-[0-9]* ssh-* + +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} +RESTRICTED= "Crypto; export-controlled" +MIRROR_DISTFILE= no +LICENSE= no-commercial-use + +CFLAGS= -O2 +GNU_CONFIGURE= YES + +.include "../../mk/bsd.prefs.mk" + +# Use SSH_CONF_DIR from /etc/mk.conf, if defined; otherwise default to /etc +SSH_CONF_DIR?= /etc + +CONFIGURE_ARGS+= --with-etcdir=${SSH_CONF_DIR} --with-libwrap + +#Uncomment if all your users are in their own group and their homedir +#is writeable by that group. Beware the security implications! +#CONFIGURE_ARGS+= --enable-group-writeability + +#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection +#over a secure medium. This is normally dangerous since it can lead to the +#disclosure keys and passwords. +#CONFIGURE_ARGS+= --with-none + +.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES +DEPENDS+= rsaref-2.0p3:../../security/rsaref +CONFIGURE_ARGS+= --with-rsaref="${LOCALBASE}/lib" +CONFIGURE_ENV+= LDFLAGS="-Wl,-R${LOCALBASE}/lib" +CFLAGS+= -I${LOCALBASE}/include +.endif + +# Include support for the SecureID card +# Warning: untested ! +.if defined(USE_SECUREID) && ${USE_SECUREID} == YES +CONFIGURE_ARGS+= --with-secureid +.endif + +# If rsh is elsewhere to /usr/bin/rsh +.if defined(SSH_RSHPATH) +CONFIGURE_ARGS+= --with-rsh=${SSH_RSHPATH} +.endif + +# By default, use IDEA. IDEA can be freely used for non-commercial use. +# However, commercial use may require a license in a number of countries. +# +USE_IDEA?= YES + +# Handle deprecated option SSH_DONT_USE_IDEA. +# +.if defined(SSH_DONT_USE_IDEA) && ${SSH_DONT_USE_IDEA} == YES +USE_IDEA= NO +.endif + +.if ${USE_IDEA} != "YES" +CONFIGURE_ARGS+= --without-idea +.endif + +# Include SOCKS firewall support +.if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5) +BROKEN= SOCKS support currently unavailable +CONFIGURE_ARGS+= --with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}" +CFLAGS+= -I${LOCALBASE}/include +.if ${USE_SOCKS} == 4 +DEPENDS+= socks4-2.2:../../net/socks4 +.else +DEPENDS+= socks5-1.0.2:../../net/socks5 +.endif +.endif + +# The original Kerberos v4 patches were fetched from +# http://www.monkey.org/~dugsong/ssh-afs/ +# PATCH_SITES+= ftp://ftp.monkey.org/pub/users/dugsong/ +# PATCHFILES+= ssh-1.2.27-afs-kerberos.patch-1 +# MD5 (ssh-1.2.27-afs-kerberos.patch-1) = d440f74958d9c3805b76dbc13e97e87d + +.if defined(KERBEROS) && ${KERBEROS} == 4 +USE_KERBEROS= yes +CONFIGURE_ARGS+= --with-krb4=/usr +.endif + +.if defined(KERBEROS) && ${KERBEROS} == 5 +USE_KERBEROS= yes +CONFIGURE_ARGS+=--with-krb5=/usr +.else +CONFIGURE_ARGS+=--without-krb5 +.endif + +# Find X11 libraries with xpkgwedge +.if defined(USE_LOCALBASE_FOR_X11) +CONFIGURE_ARGS+= --x-libraries=${X11BASE}/lib --x-includes=${X11BASE}/include +.endif + +# Enable support for TIS authentication server +.if defined(USE_TIS) && ${USE_TIS} == YES +CONFIGURE_ARGS+= --with-tis=${LOCALBASE} +.endif + +# Don't install "ssh" setuid +.if !defined(SSH_SUID) || ${SSH_SUID} != YES +CONFIGURE_ARGS+= --disable-suid-ssh +.endif + +# Make libwrap also compare against forwards (off by default) +.if defined(LIBWRAP_FWD) && ${LIBWRAP_FWD} == YES +CFLAGS+= -DLIBWRAP_FWD +.endif + +# The original IPv6 patches were fetched from +# PATCH_SITES+= ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ +# PATCHFILES+= ssh-1.2.27-IPv6-1.5-patch.gz +# MD5 (ssh-1.2.27-IPv6-1.5-patch.gz) = b854131fe8aa025abeef32cecfe1b037 + +.if defined(USE_INET6) && ${USE_INET6} == YES +CONFIGURE_ARGS+= --enable-ipv6 +.else +CONFIGURE_ARGS+= --disable-ipv6 +.endif + +# be more effective on M68060 machines +.if defined(M68060) +CONFIGURE_ARGS+= --disable-asm +CFLAGS+= -m68060 +.endif + +DEINSTALL_FILE= ${WRKDIR}/DEINSTALL +MESSAGE_FILE= ${WRKDIR}/MESSAGE +PLIST_SRC= ${WRKDIR}/PLIST + +pre-patch: + @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ + ${WRKSRC}/make-ssh-known-hosts.pl.in + @# SSH DES and AFS/Kerberos DES conflict. + @${MV} -f ${WRKSRC}/des.h ${WRKSRC}/ssh-des.h + +fetch-depends: +.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO + @${ECHO} + @${ECHO} The variable USE_RSAREF2 must be set to either YES or NO + @${ECHO} in order to build this package. USA residents that are + @${ECHO} not licensees of the RSA algorithm MUST set this variable + @${ECHO} to YES. Users outside the USA MUST set this variable to + @${ECHO} NO. Licensees may choose -- NO is faster. + @${ECHO} + @${ECHO} You may also want to set USE_IDEA to NO if this program + @${ECHO} will be used for a commercial purpose. There are other + @${ECHO} configure options\; look at the pkg Makefile for more info. + @${FALSE} +.endif + +post-patch: + @# Make sure that "automake" is never run. + @${FIND} ${WRKSRC} -name Makefile.in -print | xargs ${TOUCH} ${TOUCH_FLAGS} + +post-build: + @cd ${PKGDIR}; \ + for FILE in DEINSTALL MESSAGE PLIST ${FILESDIR}/sshd.sh; do \ + ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \ + -e 's#@PREFIX@#${PREFIX}#g' \ + <$${FILE} >${WRKDIR}/`basename $${FILE}`; \ + done + @if [ -x ${WRKSRC}/ssh-askpass ]; then \ + ${ECHO} bin/ssh-askpass >>${PLIST_SRC}; \ + ${ECHO} bin/ssh-askpass1 >>${PLIST_SRC}; \ + fi + +post-install: + @${MKDIR} ${PREFIX}/share/examples/ssh + @${MKDIR} ${WRKDIR}${SSH_CONF_DIR} + (cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \ + -f ${MAKEFILE} install_prefix=${WRKDIR} install-configs) + ${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \ + ${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh + @${RM} -rf ${WRKDIR}${SSH_CONF_DIR} + @if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \ + ${ECHO} "Generating a secret host key..."; \ + ${PREFIX}/bin/ssh-keygen \ + -f ${SSH_CONF_DIR}/ssh_host_key -N ""; \ + fi + ${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh + +BUILD_DEFS+= USE_IDEA SSH_CONF_DIR SSH_SUID USE_RSAREF2 +BUILD_DEFS+= LIBWRAP_FWD M68060 USE_SOCKS USE_INET6 + +.include "../../mk/bsd.pkg.mk" diff --git a/security/ssh6/files/md5 b/security/ssh6/files/md5 new file mode 100644 index 00000000000..cbd628bf2ec --- /dev/null +++ b/security/ssh6/files/md5 @@ -0,0 +1,3 @@ +$NetBSD: md5,v 1.1 2000/03/20 02:25:31 itojun Exp $ + +MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395 diff --git a/security/ssh6/files/patch-sum b/security/ssh6/files/patch-sum new file mode 100644 index 00000000000..aff928664fd --- /dev/null +++ b/security/ssh6/files/patch-sum @@ -0,0 +1,46 @@ +# $NetBSD: patch-sum,v 1.1 2000/03/20 02:25:31 itojun Exp $ + +MD5 (patch-aa) = 39a4c82d2b89aae61df69a50f7aaa813 +MD5 (patch-ab) = 36dc0eb7feba0554674242b39082a09b +MD5 (patch-ac) = 3b37e0f4ecc7fa49512d02bc7044269f +MD5 (patch-ad) = 60483c735ff0e3c47e640002be0cee75 +MD5 (patch-ae) = c0f6b7f8e55442cc311ec00a7deea9a1 +MD5 (patch-af) = 1931160b8c6cebe641b4325aaeffad05 +MD5 (patch-ag) = 47b5e06663afddebbf2998e72f59dde2 +MD5 (patch-ah) = 7b6fe18163413b4f70195cb082ff51f5 +MD5 (patch-ai) = ab4a72deaa42a6ae7bf14ec554ed104f +MD5 (patch-aj) = f84243bc83b7f0210ba021cc68ba6746 +MD5 (patch-al) = 00d14d38c42bae1c8c597855e1054e2c +MD5 (patch-am) = fd4e766e57c58645714fdab8ed55da5d +MD5 (patch-an) = 135b09a36c66aaf25a476dcb659efcf7 +MD5 (patch-ao) = 98e2eb418ee7f5ad544c32c7d5569ea2 +MD5 (patch-ap) = 99049fb6deb9bab8950723b7430a89a4 +MD5 (patch-aq) = 6af8d097a297182328216440e306effa +MD5 (patch-ar) = f402ab7533811e42e6df38ee9dfb2e84 +MD5 (patch-as) = f1f3fc3e5dae2461fffd2e6555f3077c +MD5 (patch-at) = 8f7b4464fb25bf7871191c1aa8de4b30 +MD5 (patch-au) = 5106bb8fd152358b6696491066805df1 +MD5 (patch-av) = b3f9909bd6a5cc387e929d16f89884c0 +MD5 (patch-aw) = 91ad583415323fd97b46415050b0781a +MD5 (patch-ax) = 98084f72d9d51a8635711c5ba2f8b945 +MD5 (patch-ay) = bad6d73e938bcf379559d756e05e17b2 +MD5 (patch-az) = 8cb2b06a1f27a7976c96498489313ab3 +MD5 (patch-ba) = 4a896f7bd31a506ce863341b177b348c +MD5 (patch-bb) = a40ead1d10647afb6b4f6a13ea4a4229 +MD5 (patch-bc) = de9333a77b5f7f4be537fca1009d818c +MD5 (patch-bd) = 3164bf79351963ad8525b1d1c4045355 +MD5 (patch-be) = 5a903a9bacc892a91d5e6d0f7e19c08e +MD5 (patch-bf) = 3f141908ccb754e791b8b7c6b47285bb +MD5 (patch-bg) = 49092f0f234f9a96909d11d5eb285bb3 +MD5 (patch-bh) = 92eac2ff64ef86261e1cadf331e16091 +MD5 (patch-bi) = 64d9543d3839c0d14c8a4abfafa4557c +MD5 (patch-bj) = 1f05b41165b267045f5c0a683be2054a +MD5 (patch-bk) = 232d88ebcc4acdbb5242751696a0d9ec +MD5 (patch-bl) = 82a4d98c20e38fa515e94df98d99104b +MD5 (patch-bm) = adf57ea5144422880878e5a8c41c4565 +MD5 (patch-bn) = b952c31778b8d95772234c21c1ede892 +MD5 (patch-bo) = 9db4ecae0a7bd795d9eeefb7c3386f73 +MD5 (patch-bp) = b519463adf568f2ca2f6720a2055289e +MD5 (patch-bq) = 2ac652937d1957d3d1d050516938c76c +MD5 (patch-br) = 73c8bfe4215d67e9803b338cc5169b1f +MD5 (patch-la) = 3584ccc61783fe0758d82b5ab82a658e diff --git a/security/ssh6/files/sshd.sh b/security/ssh6/files/sshd.sh new file mode 100644 index 00000000000..71b70f624e4 --- /dev/null +++ b/security/ssh6/files/sshd.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# $NetBSD: sshd.sh,v 1.1 2000/03/20 02:25:32 itojun Exp $ +# +if [ ! -f @SSH_CONF_DIR@/ssh_host_key ] +then + @PREFIX@/bin/ssh-keygen -f @SSH_CONF_DIR@/ssh_host_key -N '' +fi +if [ -x @PREFIX@/sbin/sshd -a -f @SSH_CONF_DIR@/sshd_config ] +then + @PREFIX@/sbin/sshd + echo -n ' sshd' +fi +exit 0 diff --git a/security/ssh6/patches/patch-aa b/security/ssh6/patches/patch-aa new file mode 100644 index 00000000000..ce78efc7efb --- /dev/null +++ b/security/ssh6/patches/patch-aa @@ -0,0 +1,36 @@ +$NetBSD: patch-aa,v 1.1 2000/03/20 02:25:32 itojun Exp $ + +--- rsaglue.c.orig Wed May 12 07:19:28 1999 ++++ rsaglue.c Fri Nov 12 08:40:02 1999 +@@ -71,8 +71,7 @@ + interface without modifying RSAREF. */ + + #define _MD5_H_ /* Kludge to prevent inclusion of rsaref md5.h. */ +-#include "rsaref2/source/global.h" +-#include "rsaref2/source/rsaref.h" ++#include <rsaref/rsaref.h> + + /* Convert an integer from gmp to rsaref representation. */ + +@@ -139,6 +138,10 @@ + + input_bits = mpz_sizeinbase(input, 2); + input_len = (input_bits + 7) / 8; ++ if (input_len > MAX_RSA_MODULUS_LEN) ++ fatal("Input data has too many bits for RSAREF to handle (max %d).", ++ MAX_RSA_MODULUS_BITS); ++ + gmp_to_rsaref(input_data, input_len, input); + + rsaref_public_key(&public_key, key); +@@ -172,6 +175,10 @@ + + input_bits = mpz_sizeinbase(input, 2); + input_len = (input_bits + 7) / 8; ++ if (input_len > MAX_RSA_MODULUS_LEN) ++ fatal("Input data has too many bits for RSAREF to handle (max %d).", ++ MAX_RSA_MODULUS_BITS); ++ + gmp_to_rsaref(input_data, input_len, input); + + rsaref_private_key(&private_key, key); diff --git a/security/ssh6/patches/patch-ab b/security/ssh6/patches/patch-ab new file mode 100644 index 00000000000..008abcfada0 --- /dev/null +++ b/security/ssh6/patches/patch-ab @@ -0,0 +1,551 @@ +$NetBSD: patch-ab,v 1.1 2000/03/20 02:25:33 itojun Exp $ + +--- configure.in.orig Wed May 12 20:20:02 1999 ++++ configure.in Sat Mar 18 13:21:59 2000 +@@ -30,8 +30,132 @@ + fi + + AC_PROG_CC ++AC_PROG_CPP + AC_ISC_POSIX + ++AC_MSG_CHECKING([whether to enable ipv6]) ++AC_ARG_ENABLE(ipv6, ++[ --enable-ipv6 Enable ipv6 (with ipv4) support ++ --disable-ipv6 Disable ipv6 support], ++[ case "$enableval" in ++ no) ++ AC_MSG_RESULT(no) ++ ipv6=no ++ ;; ++ *) AC_MSG_RESULT(yes) ++ AC_DEFINE(ENABLE_IPV6) ++ ipv6=yes ++ ;; ++ esac ], ++ ++ AC_TRY_RUN([ /* AF_INET6 avalable check */ ++#include <sys/types.h> ++#include <sys/socket.h> ++main() ++{ ++ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) ++ exit(1); ++ else ++ exit(0); ++} ++], ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(ENABLE_IPV6) ++ ipv6=yes, ++ AC_MSG_RESULT(no) ++ ipv6=no, ++ AC_MSG_RESULT(no) ++ ipv6=no ++)) ++ ++ipv6type=unknown ++ipv6lib=none ++ ++if test "$ipv6" = "yes"; then ++ AC_MSG_CHECKING([ipv6 stack type]) ++ for i in inria kame linux toshiba v6d zeta; do ++ case $i in ++ inria) ++ dnl http://www.kame.net/ ++ AC_EGREP_CPP(yes, [dnl ++#include <netinet/in.h> ++#ifdef IPV6_INRIA_VERSION ++yes ++#endif], ++ [ipv6type=$i; ++ CPPFLAGS="-DINET6 $CPPFLAGS"]) ++ ;; ++ kame) ++ dnl http://www.kame.net/ ++ AC_EGREP_CPP(yes, [dnl ++#include <netinet/in.h> ++#ifdef __KAME__ ++yes ++#endif], ++ [ipv6type=$i; ++ CPPFLAGS="-DINET6 $CPPFLAGS"]) ++ ;; ++ linux) ++ dnl http://www.v6.linux.or.jp/ ++ if test -d /usr/inet6; then ++ ipv6type=$i ++ ipv6lib=inet6 ++ ipv6libdir=/usr/inet6/lib ++ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" ++ fi ++ ;; ++ toshiba) ++ AC_EGREP_CPP(yes, [dnl ++#include <sys/param.h> ++#ifdef _TOSHIBA_INET6 ++yes ++#endif], ++ [ipv6type=$i; ++ ipv6lib=inet6; ++ ipv6libdir=/usr/local/v6/lib; ++ CPPFLAGS="-DINET6 $CPPFLAGS"]) ++ ;; ++ v6d) ++ AC_EGREP_CPP(yes, [dnl ++#include </usr/local/v6/include/sys/v6config.h> ++#ifdef __V6D__ ++yes ++#endif], ++ [ipv6type=$i; ++ ipv6lib=v6; ++ ipv6libdir=/usr/local/v6/lib; ++ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"]) ++ ;; ++ zeta) ++ AC_EGREP_CPP(yes, [dnl ++#include <sys/param.h> ++#ifdef _ZETA_MINAMI_INET6 ++yes ++#endif], ++ [ipv6type=$i; ++ ipv6lib=inet6; ++ ipv6libdir=/usr/local/v6/lib; ++ CPPFLAGS="-DINET6 $CPPFLAGS"]) ++ ;; ++ esac ++ if test "$ipv6type" != "unknown"; then ++ break ++ fi ++ done ++ AC_MSG_RESULT($ipv6type) ++fi ++ ++if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then ++ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then ++ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" ++ else ++ echo 'Fatal: no $ipv6lib library found. cannot continue.' ++ echo "You need to fetch lib$ipv6lib.a from appropriate" ++ echo 'ipv6 kit and compile beforehand.' ++ exit 1 ++ fi ++fi ++ + AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") + + case "$host" in +@@ -42,11 +166,12 @@ + ;; + *-*-solaris*) + # solaris stuff. appro@fy.chalmers.se +- AC_DEFINE(SECURE_RPC) +- AC_DEFINE(SECURE_NFS) ++# this stuff breaks AFS/Kerberos. YUCK. ++# AC_DEFINE(SECURE_RPC) ++# AC_DEFINE(SECURE_NFS) + # NIS+ is forced so that we don't have to recompile + # if we move to NIS+. appro@fy.chalmers.se +- AC_DEFINE(NIS_PLUS) ++# AC_DEFINE(NIS_PLUS) + ;; + *-*-sunos*) + os_sunos=yes +@@ -311,9 +436,9 @@ + + export CFLAGS CC + +-# Socket pairs appear to be broken on several systems. I don't know exactly +-# where, so I'll use pipes everywhere for now. +-AC_DEFINE(USE_PIPES) ++dnl # Socket pairs appear to be broken on several systems. I don't know exactly ++dnl # where, so I'll use pipes everywhere for now. ++dnl AC_DEFINE(USE_PIPES) + + AC_MSG_CHECKING([that the compiler works]) + AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], +@@ -370,7 +495,7 @@ + AC_HEADER_STDC + AC_HEADER_SYS_WAIT + AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) +-AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) ++AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h) + AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) + AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) + AC_CHECK_HEADERS(sys/resource.h login_cap.h sys/stream.h sys/conf.h) +@@ -399,6 +524,16 @@ + [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) + AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) + ++AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage]) ++AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, ++ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) ++AC_MSG_CHECKING([whether sys/socket.h have __ss_family]) ++AC_EGREP_HEADER(__ss_family, sys/socket.h, ++ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) ++AC_MSG_CHECKING([whether sys/socket.h have sa_len]) ++AC_EGREP_HEADER(sa_len, sys/socket.h, ++ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) ++ + AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) + AC_CHECK_LIB(sec, getspnam) + AC_CHECK_LIB(seq, get_process_stats) +@@ -436,6 +571,107 @@ + + AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) + ++AC_MSG_CHECKING(getaddrinfo bug) ++AC_TRY_RUN([ ++#include <sys/types.h> ++#include <netdb.h> ++#include <string.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++ ++main() ++{ ++ int passive, gaierr, inet4 = 0, inet6 = 0; ++ struct addrinfo hints, *ai, *aitop; ++ char straddr[INET6_ADDRSTRLEN], strport[16]; ++ ++ for (passive = 0; passive <= 1; passive++) { ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = AF_UNSPEC; ++ hints.ai_flags = passive ? AI_PASSIVE : 0; ++ hints.ai_socktype = SOCK_STREAM; ++ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { ++ (void)gai_strerror(gaierr); ++ goto bad; ++ } ++ for (ai = aitop; ai; ai = ai->ai_next) { ++ if (ai->ai_addr == NULL || ++ ai->ai_addrlen == 0 || ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ straddr, sizeof(straddr), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { ++ goto bad; ++ } ++ if (strcmp(strport, "54321") != 0) { ++ goto bad; ++ } ++ switch (ai->ai_family) { ++ case AF_INET: ++ if (passive) { ++ if (strcmp(straddr, "0.0.0.0") != 0) { ++ goto bad; ++ } ++ } else { ++ if (strcmp(straddr, "127.0.0.1") != 0) { ++ goto bad; ++ } ++ } ++ inet4++; ++ break; ++ case AF_INET6: ++ if (passive) { ++ if (strcmp(straddr, "::") != 0) { ++ goto bad; ++ } ++ } else { ++ if (strcmp(straddr, "::1") != 0) { ++ goto bad; ++ } ++ } ++ inet6++; ++ break; ++ case AF_UNSPEC: ++ goto bad; ++ break; ++ default: ++ /* another family support? */ ++ break; ++ } ++ } ++ } ++ ++ if (inet4 != 0 && inet4 != 2) ++ goto bad; ++ if (inet6 != 0 && inet6 != 2) ++ goto bad; ++ ++ if (aitop) ++ freeaddrinfo(aitop); ++ exit(0); ++ ++ bad: ++ if (aitop) ++ freeaddrinfo(aitop); ++ exit(1); ++} ++], ++AC_MSG_RESULT(good) ++buggygetaddrinfo=no, ++AC_MSG_RESULT(buggy) ++buggygetaddrinfo=yes, ++AC_MSG_RESULT(buggy) ++buggygetaddrinfo=yes) ++ ++if test "$buggygetaddrinfo" = "yes"; then ++ if test "$ipv6" = "yes"; then ++ echo 'Fatal: You must get working getaddrinfo() function.' ++ echo ' or you can specify "--disable-ipv6"'. ++ exit 1 ++ else ++ AC_REPLACE_FUNCS(getaddrinfo getnameinfo) ++ fi ++fi ++ + AC_PROG_LN_S + AC_PROG_INSTALL + AC_CHECK_PROG(AR, ar, ar, echo) +@@ -903,8 +1139,8 @@ + fi + AC_MSG_RESULT(Assuming TIS headers and libraries are in $withval.) + AC_DEFINE(HAVE_TIS) +- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" +- LIBS="-L$withval -lauth -lfwall $LIBS" ++ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS" ++ LIBS="-L$withval/lib -lauth -lfwall $LIBS" + AC_MSG_WARN(Remember to read README.TIS. The connection between sshd and TIS authentication + server is clear text!) + ;; +@@ -912,55 +1148,117 @@ + AC_MSG_RESULT(no) + ) + +-AC_MSG_CHECKING(whether to use Kerberos) +-AC_ARG_WITH(kerberos5, +-[ --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support.], ++AC_MSG_CHECKING(whether to use Kerberos v4) ++AC_ARG_WITH(krb4, ++[ --with-krb4[=PATH] Compile in Kerberos v4 support.], + [ case "$withval" in + yes) +- with_kerberos5=/usr/local ++ with_krb4=/usr/kerberos + ;; + esac ], +-[ with_kerberos5=no ] ++[ with_krb4=no ] + ) +-case "$with_kerberos5" in ++case "$with_krb4" in + no) + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(yes) +- AC_DEFINE(KERBEROS) +- AC_DEFINE(KRB5) +- KERBEROS_ROOT="$with_kerberos5" +- KERBEROS_INCS="-I${KERBEROS_ROOT}/include" +- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" +- AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") ++ AC_DEFINE(KRB4) ++ KERBEROS_ROOT="$with_krb4" ++ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV" ++ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" + KERBEROS_OBJS="auth-kerberos.o" ++ AC_CHECK_LIB(resolv, dn_expand, KERBEROS_LIBS="$KERBEROS_LIBS -lresolv") ++ dnl Check whether or not the AFS lifetime conversion routines exist. ++ AC_MSG_CHECKING(whether AFS lifetime conversion routines are present) ++ keeplibs="$LIBS" ++ keepcflags="$CFLAGS" ++ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" ++ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" ++ AC_TRY_LINK([#include <krb.h>], [ krb_life_to_time(10, 10);], ++ [AC_MSG_RESULT(yes) ++ AC_DEFINE(HAVE_KRB_LIFE_TO_TIME)], ++ [AC_MSG_RESULT(no)]) ++ LIBS="$keeplibs" ++ CFLAGS="$keepcflags" + ;; + esac +-AC_SUBST(KERBEROS_ROOT) +-AC_SUBST(KERBEROS_INCS) +-AC_SUBST(KERBEROS_LIBS) +-AC_SUBST(KERBEROS_OBJS) +- +-AC_MSG_CHECKING(whether to enable passing the Kerberos TGT) +-AC_ARG_ENABLE(kerberos-tgt-passing, +-[ --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket.], +-[ case "$enableval" in ++ ++AC_MSG_CHECKING(whether to use Kerberos v5) ++AC_ARG_WITH(krb5, ++[ --with-krb5[=PATH] Compile in Kerberos v5 support.], ++[ case "$withval" in ++ yes) ++ with_krb5=/usr/local ++ ;; ++ esac ], ++[ with_krb5=no ] ++) ++case "$with_krb5" in + no) + AC_MSG_RESULT(no) + ;; + *) +- if test "$with_kerberos5" = no ; then ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(KRB5) ++ KERBEROS_ROOT="$with_krb5" ++ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5" ++ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" ++ AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") ++ KERBEROS_OBJS="auth-kerberos.o" ++ ;; ++esac ++ ++AC_MSG_CHECKING(whether to use AFS) ++AC_ARG_WITH(afs, ++[ --with-afs Compile in AFS support (requires KTH krb4).], ++if test "$with_afs" = no; then + AC_MSG_RESULT(no) +- AC_MSG_WARN("Passing Kerberos TGT requires Kerberos5 support.") + else + AC_MSG_RESULT(yes) +- AC_DEFINE(KERBEROS_TGT_PASSING) ++ AC_DEFINE(AFS) ++ if test "$with_krb4" = no; then ++ AC_MSG_RESULT(no) ++ AC_MSG_WARN("AFS requires Kerberos v4 support.") ++ else ++ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" ++ if test -n "$os_aix"; then ++ KERBEROS_LIBS="${KERBEROS_LIBS} -lld" + fi ++ fi ++fi ++) ++AC_SUBST(KERBEROS_ROOT)dnl ++AC_SUBST(KERBEROS_INCS)dnl ++AC_SUBST(KERBEROS_LIBS)dnl ++AC_SUBST(KERBEROS_OBJS)dnl ++ ++AC_MSG_CHECKING(whether to use Hesiod) ++AC_ARG_WITH(hesiod, ++[ --with-hesiod[=PATH] Compile in Hesiod support.], ++[ case "$withval" in ++ yes) ++ with_hesiod=/usr/local/athena + ;; + esac ], +- AC_MSG_RESULT(no) ++[ with_hesiod=no ] + ) ++case "$with_hesiod" in ++no) ++ AC_MSG_RESULT(no) ++ ;; ++*) ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(HESIOD) ++ HESIOD_ROOT="$with_hesiod" ++ HESIOD_INCS="-I${HESIOD_ROOT}/include" ++ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod" ++ ;; ++esac ++AC_SUBST(HESIOD_ROOT)dnl ++AC_SUBST(HESIOD_INCS)dnl ++AC_SUBST(HESIOD_LIBS)dnl + + AC_MSG_CHECKING(whether to use libwrap) + AC_ARG_WITH(libwrap, +@@ -970,11 +1268,19 @@ + AC_MSG_RESULT(no) + ;; + yes) +- AC_MSG_RESULT(yes) +- AC_CHECK_LIB(wrap, request_init, [ +- AC_DEFINE(LIBWRAP) +- WRAPLIBS="-lwrap" +- AC_DEFINE(HAVE_LIBWRAP) ]) ++ WRAPLIBS="-lwrap" ++ OLDLIBS="$LIBS" ++ LIBS="$WRAPLIBS $LIBS" ++ AC_TRY_LINK([ int allow_severity; int deny_severity; ], ++ [ request_init(); ], [ ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(LIBWRAP) ++ AC_DEFINE(HAVE_LIBWRAP) ++ ], [ ++ AC_MSG_RESULT(no) ++ WRAPLIBS="" ++ ]) ++ LIBS="$OLDLIBS" + ;; + *) + AC_MSG_RESULT(yes) +@@ -1227,14 +1533,14 @@ + [ case "$enableval" in + no) + AC_MSG_RESULT(no) +- SSHINSTALLMODE=0711 ++ SSHINSTALLMODE=0511 + ;; + *) AC_MSG_RESULT(yes) +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + ;; + esac ], + AC_MSG_RESULT(yes) +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + ) + + AC_MSG_CHECKING(whether to enable TCP_NODELAY) +@@ -1252,6 +1558,38 @@ + AC_DEFINE(ENABLE_TCP_NODELAY) + ) + ++AC_MSG_CHECKING(whether to enable another port try support) ++AC_ARG_ENABLE(another-port-try, ++[ --enable-another-port-try Enable another port try support (default) ++ --disable-another-port-try Disable another port try support], ++[ case "$enableval" in ++ no) ++ AC_MSG_RESULT(no) ++ ;; ++ *) AC_MSG_RESULT(yes) ++ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) ++ ;; ++ esac ], ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) ++) ++ ++AC_MSG_CHECKING(whether to enable logging auth info support) ++AC_ARG_ENABLE(log-auth, ++[ --enable-log-auth Enable logging auth info support (default) ++ --disable-log-auth Disable logging auth info support], ++[ case "$enableval" in ++ no) ++ AC_MSG_RESULT(no) ++ ;; ++ *) AC_MSG_RESULT(yes) ++ AC_DEFINE(ENABLE_LOG_AUTH) ++ ;; ++ esac ], ++ AC_MSG_RESULT(yes) ++ AC_DEFINE(ENABLE_LOG_AUTH) ++) ++ + AC_MSG_CHECKING(whether to enable SO_LINGER) + AC_ARG_ENABLE(so-linger, + [ --enable-so-linger Enable setting SO_LINGER socket option], +@@ -1311,6 +1649,8 @@ + AC_DEFINE(SCP_ALL_STATISTICS_ENABLED) + ) + ++CFLAGS="$CPPFLAGS $CFLAGS" ++ + # We include this here only to make it visible in --help; this is only used + # in the gmp subdirectory. + AC_ARG_ENABLE(asm, +@@ -1336,4 +1676,4 @@ + AC_SUBST(SSHDCONFOBJS) + AC_SUBST(SSHINSTALLMODE) + +-AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) ++AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile) diff --git a/security/ssh6/patches/patch-ac b/security/ssh6/patches/patch-ac new file mode 100644 index 00000000000..fdb68c7f0fb --- /dev/null +++ b/security/ssh6/patches/patch-ac @@ -0,0 +1,202 @@ +$NetBSD: patch-ac,v 1.1 2000/03/20 02:25:33 itojun Exp $ + +--- Makefile.in.orig Wed May 12 13:19:31 1999 ++++ Makefile.in Sun Jan 23 00:22:03 2000 +@@ -264,7 +264,7 @@ + CFLAGS = @CFLAGS@ + LDFLAGS = @LDFLAGS@ + DEFS = @DEFS@ $(COMMERCIAL) +-LIBS = @LIBS@ ++LIBS = @LIBS@ @HESIOD_LIBS@ + LIBOBJS = @LIBOBJS@ + CONFOBJS = @CONFOBJS@ + SSHCONFOBJS = @SSHCONFOBJS@ +@@ -285,6 +285,9 @@ + KERBEROS_LIBS = @KERBEROS_LIBS@ + KERBEROS_OBJS = @KERBEROS_OBJS@ + ++HESIOD_ROOT = @HESIOD_ROOT@ ++HESIOD_INCS = @HESIOD_INCS@ ++ + RSAREFDEP = @RSAREFDEP@ + + WRAPLIBS = @WRAPLIBS@ +@@ -304,7 +307,8 @@ + GMPLIBS = -L$(GMPDIR) -lgmp + GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a + +-ZLIBDIR = zlib-1.0.4 ++#ZLIBDIR = zlib-1.0.4 ++ZLIBDIR = /usr/lib + ZLIBDEP = $(ZLIBDIR)/libz.a + ZLIBLIBS = -L$(ZLIBDIR) -lz + +@@ -314,7 +318,7 @@ + X_CFLAGS = @X_CFLAGS@ + X_LIBS = @X_LIBS@ + X_PRE_LIBS = @X_PRE_LIBS@ +-X_EXTRA_LIBS = @X_EXTRA_LIBS@ ++X_EXTRA_LIBS = @X_EXTRA_LIBS@ -R$(X11BASE)/lib + + XLIBS = $(X_LIBS) $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) $(LIBS) + +@@ -322,7 +326,7 @@ + rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o \ + xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o \ + crc32.o rsaglue.o cipher.o des.o match.o arcfour.o mpaux.o \ +- userfile.o signals.o blowfish.o deattack.o ++ userfile.o signals.o blowfish.o deattack.o radix.o + SSHD_OBJS = sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o \ + log-server.o login.o hostfile.o canohost.o servconf.o tildexpand.o \ + serverloop.o $(COMMON_OBJS) $(KERBEROS_OBJS) $(SSHDCONFOBJS) +@@ -411,7 +415,7 @@ + $(CC) -o rfc-pg rfc-pg.o + + .c.o: +- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< ++ $(CC) -c -I. $(KERBEROS_INCS) $(HESIOD_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< + + sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) + -rm -f sshd +@@ -459,14 +463,14 @@ + $(GMPDIR)/libgmp.a: + cd $(GMPDIR); $(MAKE) + +-$(ZLIBDEP): +- -if test '!' -d $(ZLIBDIR); then \ +- mkdir $(ZLIBDIR); \ +- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ +- fi +- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ +- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ +- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a ++#$(ZLIBDEP): ++# -if test '!' -d $(ZLIBDIR); then \ ++# mkdir $(ZLIBDIR); \ ++# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ ++# fi ++# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ ++# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ ++# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a + + $(RSAREFSRCDIR)/librsaref.a: + -if test '!' -d $(RSAREFDIR); then \ +@@ -523,10 +527,10 @@ + # (otherwise it can only log in as the user it runs as, and must be + # bound to a non-privileged port). Also, password authentication may + # not be available if non-root and using shadow passwords. +-install: $(PROGRAMS) make-dirs generate-host-key install-configs ++install: $(PROGRAMS) make-dirs install-configs + -rm -f $(install_prefix)$(bindir)/ssh1.old +- -chmod 755 $(install_prefix)$(bindir)/ssh1 +- -chmod 755 $(install_prefix)$(bindir)/ssh ++ -chmod 555 $(install_prefix)$(bindir)/ssh1 ++ -chmod 555 $(install_prefix)$(bindir)/ssh + -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh1 + -if test -f $(install_prefix)$(bindir)/ssh2; then \ +@@ -549,7 +553,7 @@ + -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \ + rm -f $(install_prefix)$(bindir)/$${p}1.old ; \ + mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \ +- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(bindir)/$${p}1; \ ++ $(INSTALL_PROGRAM) $$p $(install_prefix)$(bindir)/$${p}1; \ + if test -f $(install_prefix)$(bindir)/$${p}2; then \ + echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ + else \ +@@ -566,7 +570,7 @@ + rm -f $(install_prefix)$(bindir)/$${p}1.old ; \ + mv $(install_prefix)$(bindir)/$${p}1 $(install_prefix)$(bindir)/$${p}1.old; \ + $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$${p}1; \ +- chmod 755 $(install_prefix)$(bindir)/$${p}1; \ ++ chmod 555 $(install_prefix)$(bindir)/$${p}1; \ + if test -f $(install_prefix)$(bindir)/$${p}2; then \ + echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ + else \ +@@ -582,7 +586,7 @@ + -for p in $(SBIN_PROGRAMS); do \ + rm -f $(install_prefix)$(sbindir)/$${p}1.old ; \ + mv $(install_prefix)$(sbindir)/$${p}1 $(install_prefix)$(sbindir)/$${p}1.old; \ +- $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(sbindir)/$${p}1; \ ++ $(INSTALL_PROGRAM) $$p $(install_prefix)$(sbindir)/$${p}1; \ + if test -f $(install_prefix)$(sbindir)/$${p}2; then \ + echo "Ssh version 2 $$p utility found, installation doesn't touch $$p link"; \ + else \ +@@ -596,7 +600,7 @@ + $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\ + done + -for p in $(MAN1PAGES); do \ +- $(INSTALL_DATA) -m 0644 $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ ++ $(INSTALL_DATA) $(srcdir)/$$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ + rm -f $(install_prefix)$(man1dir)/$$p.1 ;\ + $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ;\ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ +@@ -615,7 +619,7 @@ + $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \ + fi + -for p in $(MAN1GENERATED); do \ +- $(INSTALL_DATA) -m 0644 $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ ++ $(INSTALL_DATA) $$p.1 $(install_prefix)$(man1dir)/$${p}1.1 ; \ + rm -f $(install_prefix)$(man1dir)/$$p.1 ; \ + $(LN_S) $${p}1.1 $(install_prefix)$(man1dir)/$$p.1 ; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ +@@ -625,7 +629,7 @@ + fi; \ + done + -for p in $(MAN8GENERATED); do \ +- $(INSTALL_DATA) -m 0644 $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \ ++ $(INSTALL_DATA) $$p.8 $(install_prefix)$(man8dir)/$${p}1.8; \ + rm -f $(install_prefix)$(man8dir)/$$p.8 ; \ + $(LN_S) $${p}1.8 $(install_prefix)$(man8dir)/$$p.8 ; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ +@@ -636,12 +640,12 @@ + + install-configs: + -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \ +- $(INSTALL_DATA) -m 0644 $(srcdir)/host_config.sample \ ++ $(INSTALL_DATA) $(srcdir)/host_config.sample \ + $(install_prefix)$(HOST_CONFIG_FILE); fi + -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \ + cat $(srcdir)/server_config.sample | \ + sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \ +- $(INSTALL_DATA) -m 0644 /tmp/ssh_inst.$$$$ \ ++ $(INSTALL_DATA) /tmp/ssh_inst.$$$$ \ + $(install_prefix)$(SERVER_CONFIG_FILE); \ + rm -f /tmp/ssh_inst.$$$$; fi + +@@ -681,13 +685,13 @@ + -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg + cd $(GMPDIR); $(MAKE) clean + # cd $(RSAREFSRCDIR); rm -f *.o *.a +- cd $(ZLIBDIR); $(MAKE) clean ++# cd $(ZLIBDIR); $(MAKE) clean + + distclean: clean + -rm -f Makefile config.status config.cache config.log config.h + -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 + cd $(GMPDIR); $(MAKE) distclean +- cd $(ZLIBDIR); $(MAKE) distclean ++# cd $(ZLIBDIR); $(MAKE) distclean + + dist: dist-free + +@@ -720,8 +724,8 @@ + gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) + # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) + # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a +- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS ++# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) ++# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS + + #ifdef F_SECURE_COMMERCIAL + # +@@ -749,7 +753,7 @@ + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null + + depend: +- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) ++ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) + + tags: + -rm -f TAGS diff --git a/security/ssh6/patches/patch-ad b/security/ssh6/patches/patch-ad new file mode 100644 index 00000000000..ac6458a2d38 --- /dev/null +++ b/security/ssh6/patches/patch-ad @@ -0,0 +1,13 @@ +$NetBSD: patch-ad,v 1.1 2000/03/20 02:25:33 itojun Exp $ + +--- make-ssh-known-hosts.pl.in.orig Tue Mar 17 21:37:38 1998 ++++ make-ssh-known-hosts.pl.in Tue Mar 17 21:44:18 1998 +@@ -1,5 +1,7 @@ +-#! &PERL& -w ++: + # -*- perl -*- ++eval 'exec perl -S "$0" ${1+"$@"}' ++ if $running_under_some_shell; + ###################################################################### + # make-ssh-known-hosts.pl -- Make ssh-known-hosts file + # Copyright (c) 1995 Tero Kivinen diff --git a/security/ssh6/patches/patch-ae b/security/ssh6/patches/patch-ae new file mode 100644 index 00000000000..d39deee0653 --- /dev/null +++ b/security/ssh6/patches/patch-ae @@ -0,0 +1,21 @@ +$NetBSD: patch-ae,v 1.1 2000/03/20 02:25:34 itojun Exp $ + +--- server_config.sample.orig Wed May 12 07:18:51 1999 ++++ server_config.sample Fri Dec 24 22:38:35 1999 +@@ -1,7 +1,6 @@ + # This is ssh server systemwide configuration file. + + Port 22 +-ListenAddress 0.0.0.0 + HostKey _ETCDIR_/ssh_host_key + RandomSeed _ETCDIR_/ssh_random_seed + ServerKeyBits 768 +@@ -16,7 +15,7 @@ + FascistLogging no + PrintMotd yes + KeepAlive yes +-SyslogFacility DAEMON ++SyslogFacility AUTH + RhostsAuthentication no + RhostsRSAAuthentication yes + RSAAuthentication yes diff --git a/security/ssh6/patches/patch-af b/security/ssh6/patches/patch-af new file mode 100644 index 00000000000..e810b0e51e0 --- /dev/null +++ b/security/ssh6/patches/patch-af @@ -0,0 +1,1141 @@ +$NetBSD: patch-af,v 1.1 2000/03/20 02:25:34 itojun Exp $ + +--- sshd.c.orig Wed May 12 13:19:29 1999 ++++ sshd.c Mon Mar 6 15:19:36 2000 +@@ -511,7 +511,7 @@ + #include "firewall.h" /* TIS authsrv authentication */ + #endif + +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + #include <login_cap.h> + #endif + +@@ -537,15 +537,26 @@ + #define O_NOCTTY 0 + #endif + +-#ifdef KERBEROS + #ifdef KRB5 + #include <krb5.h> + /* Global the contexts */ + krb5_context ssh_context = 0; + krb5_auth_context auth_context = 0; + #endif /* KRB5 */ +-char *ticket = "none\0"; +-#endif /* KERBEROS */ ++ ++#ifdef KRB4 ++#include <sys/param.h> ++#include <krb.h> ++#ifdef AFS ++#include <kafs.h> ++/* Local Xauthority file. */ ++char *xauthfile = NULL; ++#endif /* AFS */ ++#endif /* KRB4 */ ++ ++#if defined(KRB5) || defined(KRB4) ++char *ticket = NULL; ++#endif /* KRB5 || KRB4 */ + + /* Server configuration options. */ + ServerOptions options; +@@ -553,6 +564,19 @@ + /* Name of the server configuration file. */ + char *config_file_name = SERVER_CONFIG_FILE; + ++/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. ++ Default value is AF_UNSPEC means both IPv4 and IPv6. */ ++#ifdef ENABLE_IPV6 ++int IPv4or6 = AF_UNSPEC; ++#else ++int IPv4or6 = AF_INET; ++#endif ++ ++#ifdef ENABLE_LOG_AUTH ++char *unauthenticated_user = NULL; ++int log_auth_flag = 0; ++#endif /* ENABLE_LOG_AUTH */ ++ + /* Debug mode flag. This can be set on the command line. If debug + mode is enabled, extra debugging output will be sent to the system + log, the daemon will not go to background, and will exit after processing +@@ -576,7 +600,17 @@ + + /* This is set to the socket that the server is listening; this is used in + the SIGHUP signal handler. */ +-int listen_sock; ++#define MAX_LISTEN_SOCKS 16 ++int listen_socks[MAX_LISTEN_SOCKS]; ++int num_listen_socks = 0; ++void close_listen_socks() ++{ ++ int i; ++ ++ for (i = 0; i < num_listen_socks; i++) ++ close(listen_socks[i]); ++ num_listen_socks = -1; ++} + + /* This is not really needed, and could be eliminated if server-specific + and client-specific code were removed from newchannels.c */ +@@ -649,7 +683,6 @@ + const char *display, const char *auth_proto, + const char *auth_data, const char *ttyname); + +- + /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; + the effect is to reread the configuration file (and to regenerate + the server key). */ +@@ -666,7 +699,7 @@ + void sighup_restart(void) + { + log_msg("Received SIGHUP; restarting."); +- close(listen_sock); ++ close_listen_socks(); + execvp(saved_argv[0], saved_argv); + log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", + saved_argv[0], strerror(errno)); +@@ -680,7 +713,7 @@ + RETSIGTYPE sigterm_handler(int sig) + { + log_msg("Received signal %d; terminating.", sig); +- close(listen_sock); ++ close_listen_socks(); + exit(255); + } + +@@ -759,7 +792,7 @@ + int perm_denied = 0; + int ret; + fd_set fdset; +- struct sockaddr_in sin; ++ struct sockaddr_storage from; + char buf[100]; /* Must not be larger than remote_version. */ + char remote_version[100]; /* Must be at least as big as buf. */ + char *comment; +@@ -769,6 +802,9 @@ + struct linger linger; + #endif /* SO_LINGER */ + int done; ++ struct addrinfo *ai; ++ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; ++ int listen_sock, maxfd; + + /* Save argv[0]. */ + saved_argv = av; +@@ -787,10 +823,26 @@ + initialize_server_options(&options); + + /* Parse command-line arguments. */ +- while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF) ++ while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4" ++#ifdef ENABLE_IPV6 ++ "6" ++#endif ++ )) != EOF) + { + switch (opt) + { ++ case '4': ++#ifdef ENABLE_IPV6 ++ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; ++#else ++ IPv4or6 = AF_INET; ++#endif ++ break; ++#ifdef ENABLE_IPV6 ++ case '6': ++ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; ++ break; ++#endif + case 'f': + config_file_name = optarg; + break; +@@ -807,7 +859,7 @@ + options.server_key_bits = atoi(optarg); + break; + case 'p': +- options.port = atoi(optarg); ++ options.ports[options.num_ports++] = atoi(optarg); + break; + case 'g': + options.login_grace_time = atoi(optarg); +@@ -829,6 +881,10 @@ + fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); + fprintf(stderr, "Usage: %s [options]\n", av0); + fprintf(stderr, "Options:\n"); ++ fprintf(stderr, " -4 Use IPv4 only\n"); ++#ifdef ENABLE_IPV6 ++ fprintf(stderr, " -6 Use IPv6 only\n"); ++#endif + fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); + fprintf(stderr, " -d Debugging mode\n"); + fprintf(stderr, " -i Started from inetd\n"); +@@ -857,16 +913,15 @@ + fprintf(stderr, "fatal: Bad server key size.\n"); + exit(1); + } +- if (options.port < 1 || options.port > 65535) +- { +- fprintf(stderr, "fatal: Bad port number.\n"); +- exit(1); +- } + if (options.umask != -1) + { + umask(options.umask); + } + ++#ifdef ENABLE_LOG_AUTH ++ log_auth_flag = options.log_auth; ++#endif /* ENABLE_LOG_AUTH */ ++ + /* Check that there are no remaining arguments. */ + if (optind < ac) + { +@@ -1034,10 +1089,13 @@ + } + else + { ++ for (ai = options.listen_addrs; ai; ai = ai->ai_next) ++ { + /* Create socket for listening. */ +- listen_sock = socket(AF_INET, SOCK_STREAM, 0); ++ listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); + if (listen_sock < 0) + fatal("socket: %.100s", strerror(errno)); ++ listen_socks[num_listen_socks] = listen_sock; + + /* Set socket options. We try to make the port reusable and have it + close as fast as possible without waiting in unnecessary wait states +@@ -1051,21 +1109,30 @@ + sizeof(linger)); + #endif /* SO_LINGER */ + +- /* Initialize the socket address. */ +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_addr = options.listen_addr; +- sin.sin_port = htons(options.port); ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV); + + /* Bind the socket to the desired port. */ +- if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) ++ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) + { +- error("bind: %.100s", strerror(errno)); +- shutdown(listen_sock, 2); ++ error("Bind to port %s on %s failed: %.200s.", ++ strport, ntop, strerror(errno)); + close(listen_sock); +- fatal("Bind to port %d failed: %.200s.", options.port, +- strerror(errno)); ++ continue; + } ++ num_listen_socks++; ++ ++ /* Start listening on the port. */ ++ log_msg("Server listening on %s port %s.", ntop, strport); ++ if (listen(listen_sock, 5) < 0) ++ fatal("listen: %.100s", strerror(errno)); ++ ++ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */ ++ freeaddrinfo(options.listen_addrs); ++ ++ if (!num_listen_socks) ++ fatal("Cannot bind all addresses."); + + if (!debug_flag) + { +@@ -1081,11 +1148,6 @@ + } + } + +- /* Start listening on the port. */ +- log_msg("Server listening on port %d.", options.port); +- if (listen(listen_sock, 5) < 0) +- fatal("listen: %.100s", strerror(errno)); +- + /* Generate an rsa key. */ + log_msg("Generating %d bit RSA key.", options.server_key_bits); + rsa_generate_key(&sensitive_data.private_key, &public_key, +@@ -1115,7 +1177,6 @@ + /* Arrange SIGCHLD to be caught. */ + signal(SIGCHLD, main_sigchld_handler); + +-#ifdef KERBEROS + #ifdef KRB5 + /* Initialize contexts and setup replay cache */ + if (!ssh_context) +@@ -1128,7 +1189,6 @@ + krb5_init_ets(ssh_context); + } + #endif +-#endif + + /* Stay listening for connections until the system crashes or the + daemon is killed with a signal. */ +@@ -1139,9 +1199,15 @@ + + /* Wait in select until there is a connection. */ + FD_ZERO(&fdset); +- FD_SET(listen_sock, &fdset); +- ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); +- if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) ++ maxfd = 0; ++ for (i = 0; i < num_listen_socks; i++) ++ { ++ FD_SET(listen_socks[i], &fdset); ++ if (listen_socks[i] > maxfd) ++ maxfd = listen_socks[i]; ++ } ++ ret = select(maxfd + 1, &fdset, NULL, NULL, NULL); ++ if (ret < 0) + { + if (errno == EINTR) + continue; +@@ -1149,8 +1215,12 @@ + continue; + } + +- aux = sizeof(sin); +- newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux); ++ for (i = 0; i < num_listen_socks; i++) ++ { ++ if (!FD_ISSET(listen_socks[i], &fdset)) ++ continue; ++ aux = sizeof(from); ++ newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux); + if (newsock < 0) + { + if (errno == EINTR) +@@ -1166,7 +1236,7 @@ + /* In debugging mode. Close the listening socket, and start + processing the connection without forking. */ + debug("Server will not fork when running in debugging mode."); +- close(listen_sock); ++ close_listen_socks(); + sock_in = newsock; + sock_out = newsock; + pid = getpid(); +@@ -1195,7 +1265,7 @@ + the accepted socket. Reinitialize logging (since our + pid has changed). We break out of the loop to handle + the connection. */ +- close(listen_sock); ++ close_listen_socks(); + sock_in = newsock; + sock_out = newsock; + #ifdef LIBWRAP +@@ -1233,6 +1303,10 @@ + + /* Close the new socket (the child is now taking care of it). */ + close(newsock); ++ } /* for (i = 0; i < num_host_socks; i++) */ ++ /* child process check (or debug mode) */ ++ if (num_listen_socks < 0) ++ break; + } + } + +@@ -1407,6 +1481,16 @@ + /* Try to remove authentication socket and directory */ + auth_delete_socket(NULL); + ++#ifdef KRB4 ++ /* Cleanup user's ticket cache file. */ ++ if (options.kerberos_ticket_cleanup) ++ (void) dest_tkt(); ++#ifdef AFS ++ /* Cleanup user's local Xauthority file. */ ++ if (xauthfile) unlink(xauthfile); ++#endif /* AFS */ ++#endif /* KRB4 */ ++ + /* The connection has been terminated. */ + log_msg("Closing connection to %.100s", get_remote_ipaddr()); + packet_close(); +@@ -1470,17 +1554,17 @@ + if (options.tis_authentication) + auth_mask |= 1 << SSH_AUTH_TIS; + #endif +-#ifdef KERBEROS +-#ifdef KRB5 ++#if defined(KRB4) || defined(KRB5) + if (options.kerberos_authentication) + auth_mask |= 1 << SSH_AUTH_KERBEROS; + #endif +-#endif +-#ifdef KERBEROS_TGT_PASSING +-#ifdef KRB5 ++#if defined(AFS) || defined(KRB5) + if (options.kerberos_tgt_passing) + auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; + #endif ++#ifdef AFS ++ if (options.afs_token_passing) ++ auth_mask |= 1 << SSH_PASS_AFS_TOKEN; + #endif + if (options.password_authentication) + auth_mask |= 1 << SSH_AUTH_PASSWORD; +@@ -1677,7 +1761,7 @@ + /* XXX No days_before_password_expires calculation here */ + } + #endif /* HAVE_USERSEC_H */ +-#ifdef HAVE_ETC_SHADOW ++#if defined(HAVE_ETC_SHADOW) && !defined(KRB4) && !defined(KRB5) + { + struct spwd *sp; + +@@ -1783,56 +1867,62 @@ + endspent(); + } + #endif /* HAVE_ETC_SHADOW */ +-#ifdef __FreeBSD__ +- { ++/* Net2,BSD4.4,BSD/OS,NetBSD,FreeBSD and OpenBSD all define BSD4_4 ++ man passwd(5) says that format has changed since BSD4.3 ++ */ ++#ifdef BSD4_4 ++ if(pwd->pw_change || pwd->pw_expire) { + time_t currtime; + +- if (pwd->pw_change || pwd->pw_expire) + currtime = time(NULL); + + /* + * Check for an expired password + */ +- if (pwd->pw_change && pwd->pw_change <= currtime) ++ ++ if (pwd->pw_change) + { +- debug("Account %.100s's password is too old - forced to change.", +- user); +- if (options.forced_passwd_change) ++ /* PASSWD_CHGNOW seems to be -1 for now but... */ ++ if ( ++#if defined(PASSWD_CHGNOW) && PASSWD_CHGNOW > 0 ++ pwd->pw_change == PASSWD_CHGNOW || ++#endif ++ pwd->pw_change <= currtime) + { +- forced_command = xmalloc(sizeof(PASSWD_PATH) + strlen(user) + 2); +- snprintf(forced_command, sizeof(PASSWD_PATH) + strlen(user) + 2, +- "%.100s %.100s", PASSWD_PATH, user); ++ packet_send_debug("Password has expired"); ++ if(options.forced_passwd_change) ++ { ++ debug("Account %.99s's password is too old - change forced.", ++ user); ++ forced_command = xmalloc(sizeof(PASSWD_PATH) + ++ strlen(user) + 1); ++ sprintf(forced_command, "%s %s", PASSWD_PATH, user); + } + else + { + return 0; + } + } +- else +- { +- if (pwd->pw_change) +- { ++#ifdef PASSWD_CHGNOW ++ if(pwd->pw_change != PASSWD_CHGNOW) + days_before_password_expires = (pwd->pw_change - currtime) / 86400; +- } ++#endif + } + + /* + * Check for expired account + */ +- if (pwd->pw_expire && pwd->pw_expire <= currtime) ++ if (pwd->pw_expire) + { +- debug("Account %.100s has expired - access denied.", user); ++ if (pwd->pw_expire <= currtime) ++ { ++ packet_send_debug("Account has expired"); + return 0; + } +- else +- { +- if (pwd->pw_expire) +- { + days_before_account_expires = (pwd->pw_expire - currtime) / 86400; + } + } +- } +-#endif /* !FreeBSD */ ++#endif /* !BSD4_4 */ + + #ifdef HAVE_HPUX_TCB_AUTH + { +@@ -2039,7 +2129,7 @@ + } + } + +- /* Check whether logins are deneid for this group. */ ++ /* Check whether logins are denied for this group. */ + grp = getgrgid(pwd->pw_gid); + if (grp) + group = grp->gr_name; +@@ -2151,12 +2241,12 @@ + unsigned int client_host_key_bits; + MP_INT client_host_key_e, client_host_key_n; + int password_attempts = 0; +-#if defined(KERBEROS) && defined(KRB5) ++#ifdef KRB5 + char kuser[256]; + krb5_principal client = 0, tkt_client = 0; + krb5_data krb5data; +-#endif /* defined(KERBEROS) && defined(KRB5) */ +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#endif /* KRB5 */ ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + login_cap_t *lc; + const char *hostname; + const char *ipaddr; +@@ -2167,10 +2257,18 @@ + ipaddr = get_remote_ipaddr(); + #endif /* HAVE_LOGIN_CAP_H */ + ++#ifdef AFS ++ /* If machine has AFS, set process authentication group. */ ++ if (k_hasafs()) { ++ k_setpag(); ++ k_unlog(); ++ } ++#endif /* AFS */ ++ + if (strlen(user) > 255) + do_authentication_fail_loop(); + +-#if defined(KERBEROS) && defined(KRB5) ++#ifdef KRB5 + /* For KRB5 allow the user to input fully qualified name i.e. + "username@realm" as the local user name. Then use this name to call + out to krb5_aname_to_localname to find if there is a localname +@@ -2203,8 +2301,11 @@ + } + else + krb5_parse_name(ssh_context, user, &client); +-#endif /* defined(KERBEROS) && defined(KRB5) */ ++#endif /* KRB5 */ + ++#ifdef ENABLE_LOG_AUTH ++ unauthenticated_user = user; ++#endif /* ENABLE_LOG_AUTH */ + /* Verify that the user is a valid user. We disallow usernames starting + with any characters that are commonly used to start NIS entries. */ + pw = getpwnam(user); +@@ -2218,11 +2319,11 @@ + pwcopy.pw_passwd = xstrdup(pw->pw_passwd); + pwcopy.pw_uid = pw->pw_uid; + pwcopy.pw_gid = pw->pw_gid; +-#if (defined (__bsdi__) && _BSDI_VERSION >= 199510) || (defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) ++#ifdef BSD4_4 + pwcopy.pw_class = xstrdup(pw->pw_class); + pwcopy.pw_change = pw->pw_change; + pwcopy.pw_expire = pw->pw_expire; +-#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#endif /* BSD4_4 */ + pwcopy.pw_dir = xstrdup(pw->pw_dir); + pwcopy.pw_shell = xstrdup(pw->pw_shell); + pw = &pwcopy; +@@ -2241,11 +2342,11 @@ + + debug("Attempting authentication for %.100s.", user); + +-#if defined (KERBEROS) && defined (KRB5) ++ /* If the user has no password, accept authentication immediately. */ ++#ifdef KRB5 + if (!options.kerberos_authentication && options.password_authentication && + auth_password(user, "", 0)) +-#else /* defined(KERBEROS) && defined(KRB5) */ +- /* If the user has no password, accept authentication immediately. */ ++#else /* KRB5 */ + #if defined (HAVE_SIA) + /* For SIA, only call auth_password() here if the user really + has no password. Otherwise, the call would generate misleading +@@ -2254,12 +2355,21 @@ + if (options.password_authentication && sia_no_password(user) && + auth_password(user, "")) + #else /* defined(HAVE_SIA) */ +- if (options.password_authentication && auth_password(user, "")) ++ if (options.password_authentication && ++#ifdef KRB4 ++ options.kerberos_or_local_passwd && ++#endif /* KRB4 */ ++ auth_password(user, "")) + #endif /* defined(HAVE_SIA) */ +-#endif /* defined(KERBEROS) && defined(KRB5) */ ++#endif /* KRB5 */ + { + /* Authentication with empty password succeeded. */ + debug("Login for user %.100s accepted without authentication.", user); ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from %.700s (%s)", ++ user, get_canonical_hostname(), ++ "empty password accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_PASSWORD; + authenticated = 1; + /* Success packet will be sent after loop below. */ +@@ -2281,34 +2391,61 @@ + /* Process the packet. */ + switch (type) + { +-#ifdef KERBEROS_TGT_PASSING +-#ifdef KRB5 ++#if defined(KRB5) || defined(AFS) + case SSH_CMSG_HAVE_KERBEROS_TGT: ++#ifdef KRB5 + if (!options.kerberos_tgt_passing || + (!(options.kerberos_authentication || + options.password_authentication || + options.rsa_authentication))) ++#else /* KRB5 */ ++ if (!options.kerberos_tgt_passing) ++#endif /* KRB5 */ + { + packet_get_all(); + log_msg("Kerberos tgt passing disabled."); + break; + } +- ++#ifdef KRB5 + /* Accept Kerberos tgt. */ + krb5data.data = packet_get_string((unsigned int *) &krb5data.length); + +- if (!auth_kerberos_tgt(user, &krb5data, client) || ++ if (!auth_krb5_tgt(user, &krb5data, client) || + !krb5_kuserok(ssh_context, client, user)){ + log_msg("Kerberos tgt REFUSED for %.100s", user); + debug("Kerberos tgt REFUSED for %.100s", user); + } + free(krb5data.data); +-#endif ++#else /* KRB5 */ ++ { ++ /* Accept Kerberos tgt. */ ++ char *tgt = packet_get_string(NULL); ++ if (!auth_kerberos_tgt(pw, tgt)) ++ debug("Kerberos tgt REFUSED for %s", user); ++ xfree(tgt); ++ } ++#endif /* KRB5 */ + continue; +-#endif /* KERBEROS_TGT_PASSING */ ++#endif /* KRB5 || AFS */ + +-#ifdef KERBEROS +-#ifdef KRB5 ++#ifdef AFS ++ case SSH_CMSG_HAVE_AFS_TOKEN: ++ if (!k_hasafs() || !options.afs_token_passing) { ++ packet_get_all(); ++ log_msg("AFS token passing disabled."); ++ break; ++ } ++ else { ++ /* Accept AFS token. */ ++ char *token_string = packet_get_string(NULL); ++ if (!auth_afs_token(user, pw->pw_uid, token_string)) ++ debug("AFS token REFUSED for %s", user); ++ xfree(token_string); ++ continue; ++ } ++#endif /* AFS */ ++ ++#if defined(KRB4) || defined(KRB5) + case SSH_CMSG_AUTH_KERBEROS: + if (!options.kerberos_authentication) + { +@@ -2316,9 +2453,10 @@ + log_msg("Kerberos authentication disabled."); + break; + } ++#ifdef KRB5 + /* Try Kerberos authentication. */ + krb5data.data = packet_get_string((unsigned int *) &krb5data.length); +- if (auth_kerberos(user, &krb5data, &tkt_client)) ++ if (auth_krb5(user, &krb5data, &tkt_client)) + { + char *tkt_user; + +@@ -2334,6 +2472,11 @@ + /* Client has successfully authenticated to us. */ + log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s", + tkt_user, user, get_canonical_hostname()); ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from %.700s (%s)", ++ user, get_canonical_hostname(), ++ "kerberos authentication accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_KERBEROS; + authenticated = 1; + break; +@@ -2347,11 +2490,31 @@ + } + free(tkt_user); + } +-#endif /* KRB5 */ +- debug("Kerberos authentication failed for %.100s from %.200s", +- user, get_canonical_hostname()); ++#else /* !KRB5 XXX - how to make these coexist? */ ++ else { ++ /* Try Kerberos v4 authentication. */ ++ KTEXT_ST auth; ++ char *tkt_user = NULL; ++ char *kdata = packet_get_string((unsigned int *)&auth.length); ++ ++ memcpy(auth.dat, kdata, auth.length); ++ xfree(kdata); ++ ++ if (auth_krb4(user, &auth, &tkt_user)) { ++ /* Client has successfully authenticated to us. */ ++ log_msg("Kerberos authentication accepted %s for account " ++ "%.100s from %.200s", tkt_user, user, ++ get_canonical_hostname()); ++ authentication_type = SSH_AUTH_KERBEROS; ++ authenticated = 1; ++ xfree(tkt_user); + break; +-#endif /* KERBEROS */ ++ } ++ log_msg("Kerberos authentication failed for account " ++ "%.100s from %.200s", user, get_canonical_hostname()); ++ } ++#endif /* KRB5 */ ++#endif /* KRB5 || KRB4 */ + + case SSH_CMSG_AUTH_RHOSTS: + if (!options.rhosts_authentication) +@@ -2382,6 +2545,11 @@ + /* Authentication accepted. */ + log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", + user, client_user, get_canonical_hostname()); ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from %.100s@%.700s (%s)", ++ user, client_user, get_canonical_hostname(), ++ "rhosts authentication accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_RHOSTS; + authenticated = 1; + remote_user_name = client_user; +@@ -2441,6 +2609,11 @@ + options.strict_modes)) + { + /* Authentication accepted. */ ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from %.100s@%.700s (%s)", ++ user, client_user, get_canonical_hostname(), ++ "rhosts with RSA host authentication accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_RHOSTS_RSA; + authenticated = 1; + remote_user_name = client_user; +@@ -2474,6 +2647,11 @@ + /* Successful authentication. */ + mpz_clear(&n); + log_msg("RSA authentication for %.100s accepted.", user); ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from %.700s (%s)", ++ user, get_canonical_hostname(), ++ "RSA user authentication accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_RSA; + authenticated = 1; + break; +@@ -2568,7 +2746,7 @@ + if (!strncmp(buf, "challenge ", 10) || + !strncmp(buf, "chalnecho ", 10)) { + snprintf(prompt, sizeof(prompt), +- "Challenge \"%.100s\": ",&buf[10]); ++ "%.100s",&buf[10]); + debug("TIS challenge %.500s", buf); + packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_string(prompt, strlen(prompt)); +@@ -2608,6 +2786,11 @@ + auth_close(); + memset(password, 0, strlen(password)); + xfree(password); ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from @%.700s (%s)", ++ user, get_canonical_hostname(), ++ "TIS authentication accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_TIS; + authenticated = 1; + break; +@@ -2657,17 +2840,22 @@ + password_attempts++; + + /* Try authentication with the password. */ +-#if defined(KERBEROS) && defined(KRB5) ++#ifdef KRB5 + if (auth_password(user, password, client)) +-#else /* defined(KERBEROS) && defined(KRB5) */ ++#else /* KRB5 */ + if (auth_password(user, password)) +-#endif /* defined(KERBEROS) && defined(KRB5) */ ++#endif /* KRB5 */ + { + /* Successful authentication. */ + /* Clear the password from memory. */ + memset(password, 0, strlen(password)); + xfree(password); + log_msg("Password authentication for %.100s accepted.", user); ++#ifdef ENABLE_LOG_AUTH ++ log_auth("%.100s from %.700s (%s)", ++ user, get_canonical_hostname(), ++ "password authentication accepted"); ++#endif /* ENABLE_LOG_AUTH */ + authentication_type = SSH_AUTH_PASSWORD; + authenticated = 1; + break; +@@ -2688,7 +2876,7 @@ + if (authenticated) + break; + +-#ifdef KERBEROS ++#if defined(KRB5) + /* If you forwarded a ticket you get one shot for proper + authentication. */ + /* If tgt was passed unlink file */ +@@ -2699,7 +2887,7 @@ + else + ticket = NULL; + } +-#endif /* KERBEROS */ ++#endif /* KRB5 */ + + /* Send a message indicating that the authentication attempt failed. */ + packet_start(SSH_SMSG_FAILURE); +@@ -2708,6 +2896,11 @@ + } + + /* Check if the user is logging in as root and root logins are disallowed. */ ++#ifdef ENABLE_LOG_AUTH ++ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) || ++ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command)) ++ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); ++#endif /* ENABLE_LOG_AUTH */ + if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) + { + if (authentication_type == SSH_AUTH_PASSWORD) +@@ -2724,7 +2917,7 @@ + get_canonical_hostname()); + } + +-#if defined (__FreeBSD__) && defined (HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined (HAVE_LOGIN_CAP_H) + + lc = login_getclass(pw->pw_class); + +@@ -2775,6 +2968,9 @@ + packet_start(SSH_SMSG_SUCCESS); + packet_send(); + packet_write_wait(); ++#ifdef ENABLE_LOG_AUTH ++ unauthenticated_user = NULL; ++#endif /* ENABLE_LOG_AUTH */ + + /* Perform session preparation. */ + do_authenticated(pw); +@@ -2965,6 +3161,21 @@ + display = x11_create_display_inet(screen); + if (!display) + goto fail; ++#ifdef AFS ++ /* Setup to have a local .Xauthority, if homedir is in AFS. */ ++ { ++ struct stat st; ++ char cell[64], *xauthdir = "/ticket"; ++ ++ if (k_hasafs() && k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) { ++ xauthfile = xmalloc(MAXPATHLEN); ++ if (stat(xauthdir, &st) < 0) ++ xauthdir = "/tmp"; ++ snprintf(xauthfile, MAXPATHLEN, "%s/Xauth%d_%d", xauthdir, ++ pw->pw_uid, getpid()); ++ } ++ } ++#endif /* AFS */ + break; + #else /* XAUTH_PATH */ + /* No xauth program; we won't accept forwarding with spoofing. */ +@@ -3280,15 +3491,12 @@ + char line[256]; + struct stat st; + int quiet_login; +- struct sockaddr_in from; ++ struct sockaddr_storage from; + int fromlen; + struct pty_cleanup_context cleanup_context; +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + login_cap_t *lc; + #endif +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 +- struct timeval tp; +-#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ + + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +@@ -3387,9 +3595,9 @@ + + /* Record that there was a login on that terminal. */ + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, +- &from); ++ (struct sockaddr *)&from); + +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + lc = login_getclass(pw->pw_class); + #endif + +@@ -3398,7 +3606,7 @@ + snprintf(line, sizeof(line), "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; + +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); + #endif + +@@ -3425,7 +3633,7 @@ + } + #endif /* HAVE_SIA */ + +-#ifdef __FreeBSD__ ++#if defined(__FreeBSD__) || defined(__NetBSD__) + if (command == NULL && !quiet_login) + { + #ifdef HAVE_LOGIN_CAP_H +@@ -3457,7 +3665,7 @@ + FILE *f; + + /* Print /etc/motd if it exists. */ +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), + "r"); + #else +@@ -3469,33 +3677,9 @@ + fputs(line, stdout); + fclose(f); + } +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 +- if (pw->pw_change || pw->pw_expire) +- (void)gettimeofday(&tp, (struct timezone *)NULL); +- if (pw->pw_change) +- { +- if (tp.tv_sec >= pw->pw_change) +- { +- fprintf(stderr,"Sorry -- your password has expired.\n"); +- exit(254); +- } +- days_before_password_expires = (pw->pw_change - tp.tv_sec) / +- 86400; +- } +- if (pw->pw_expire) +- { +- if (tp.tv_sec >= pw->pw_expire) +- { +- fprintf(stderr,"Sorry -- your account has expired.\n"); +- exit(254); +- } +- days_before_account_expires = (pw->pw_expire - tp.tv_sec) / +- 86400; +- } +-#endif /* __bsdi__ & _BSDI_VERSION >= 199510 */ + } + +-#if defined (__FreeBSD__) && defined HAVE_LOGIN_CAP_H ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined HAVE_LOGIN_CAP_H + login_close(lc); + #endif + +@@ -3876,6 +4060,7 @@ + char *user_shell; + char *remote_ip; + int remote_port; ++ int local_port; + #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) + login_cap_t *lc; + char *real_shell; +@@ -3883,8 +4068,11 @@ + lc = login_getclass(pw->pw_class); + auth_checknologin(lc); + #else /* !HAVE_LOGIN_CAP_H */ +-#if defined (__bsdi__) && _BSDI_VERSION > 199510 ++#if ( defined (__bsdi__) && _BSDI_VERSION > 199510 ) || (defined(HAVE_LOGIN_CAP_H) && defined(__NetBSD__)) + login_cap_t *lc = 0; ++#if defined(__NetBSD__) ++ char *real_shell; ++#endif + + if ((lc = login_getclass(pw->pw_class)) == NULL) + { +@@ -3981,6 +4169,7 @@ + user_shell = xstrdup(pw->pw_shell); + remote_ip = xstrdup(get_remote_ipaddr()); + remote_port = get_remote_port(); ++ local_port = get_local_port(); + + /* Close the connection descriptors; note that this is the child, and the + server will still have the socket open, and it is important that we +@@ -4000,7 +4189,6 @@ + /* Close any extra file descriptors. Note that there may still be + descriptors left by system functions. They will be closed later. */ + endpwent(); +- endhostent(); + + /* Set dummy encryption key to clear information about the key from + memory. This key will never be used. */ +@@ -4019,7 +4207,7 @@ + if (command != NULL || !options.use_login) + #endif /* USELOGIN */ + { +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + char *p, *s, **tmpenv; + + /* Initialize the new environment. +@@ -4180,10 +4368,23 @@ + and means /bin/sh. */ + shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; + +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); + login_close(lc); + #endif /* HAVE_LOGIN_CAP_H */ ++ ++#ifdef AFS ++ /* Try to get AFS tokens for the local cell. */ ++ if (k_hasafs()) { ++ char cell[64]; ++ ++ if (k_afs_cell_of_file(user_dir, cell, sizeof(cell)) == 0) ++ krb_afslog(cell, 0); ++ ++ krb_afslog(0, 0); ++ } ++#endif /* AFS */ ++ + /* Initialize the environment if not already done. In the first part we + allocate space for all environment variables. */ + if (env == NULL) +@@ -4257,7 +4458,7 @@ + + /* Set SSH_CLIENT. */ + snprintf(buf, sizeof(buf), +- "%.50s %d %d", remote_ip, remote_port, options.port); ++ "%.50s %d %d", remote_ip, remote_port, local_port); + child_set_env(&env, &envsize, "SSH_CLIENT", buf); + + /* Set SSH_TTY if we have a pty. */ +@@ -4290,13 +4491,21 @@ + } + #endif + +-#ifdef KERBEROS +- /* Set KRBTKFILE to point to our ticket */ ++ /* Set KRBTKFILE to point to our ticket. */ + #ifdef KRB5 + if (ticket) + child_set_env(&env, &envsize, "KRB5CCNAME", ticket); + #endif /* KRB5 */ +-#endif /* KERBEROS */ ++#ifdef KRB4 /* XXX - how to make these coexist? */ ++ if (ticket) ++ child_set_env(&env, &envsize, "KRBTKFILE", ticket); ++ ++#ifdef AFS ++ /* Set XAUTHORITY to a local file, if homedir is in AFS. */ ++ if (xauthfile) ++ child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); ++#endif /* AFS */ ++#endif /* KRB4 */ + + /* Set variable for forwarded authentication connection, if we have one. */ + if (auth_get_socket_name() != NULL) +@@ -4426,7 +4635,8 @@ + int i; + char name[255], *p; + char line[256]; +- struct hostent *hp; ++ struct addrinfo hints, *ai, *aitop; ++ char ntop[ADDRSTRLEN]; + + strncpy(name, display, sizeof(name)); + name[sizeof(name) - 1] = '\0'; +@@ -4443,7 +4653,10 @@ + /* Moved this call here to avoid a nasty buf in SunOS + 4.1.4 libc where gethostbyname closes an unrelated + file descriptor. */ +- hp = gethostbyname(name); ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) ++ aitop = 0; + + snprintf(line, sizeof(line), + "%.200s -q -", options.xauth_path); +@@ -4461,21 +4674,24 @@ + cp - display, display, cp, auth_proto, + auth_data); + #endif +- if (hp) ++ if (aitop) + { +- for(i = 0; hp->h_addr_list[i]; i++) ++ for (ai = aitop; ai; ai = ai->ai_next) + { ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), NULL, 0, ++ NI_NUMERICHOST); ++ if (strchr(ntop, ':')) ++ continue; /* XXX - xauth doesn't accept it */ + if (debug_flag) + { + fprintf(stderr, "Running %s add %s%s %s %s\n", + options.xauth_path, +- inet_ntoa(*((struct in_addr *) +- hp->h_addr_list[i])), ++ ntop, + cp, auth_proto, auth_data); + } + fprintf(f, "add %s%s %s %s\n", +- inet_ntoa(*((struct in_addr *) +- hp->h_addr_list[i])), ++ ntop, + cp, auth_proto, auth_data); + } + } +@@ -4554,7 +4770,7 @@ + /* Execute the shell. */ + argv[0] = buf; + argv[1] = NULL; +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + execve(real_shell, argv, env); + #else + execve(shell, argv, env); +@@ -4579,7 +4795,7 @@ + argv[1] = "-c"; + argv[2] = (char *)command; + argv[3] = NULL; +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + execve(real_shell, argv, env); + #else + execve(shell, argv, env); diff --git a/security/ssh6/patches/patch-ag b/security/ssh6/patches/patch-ag new file mode 100644 index 00000000000..89413623cb0 --- /dev/null +++ b/security/ssh6/patches/patch-ag @@ -0,0 +1,97 @@ +$NetBSD: patch-ag,v 1.1 2000/03/20 02:25:34 itojun Exp $ + +--- log-server.c.orig Wed May 12 07:19:26 1999 ++++ log-server.c Sat Dec 25 00:17:29 1999 +@@ -146,6 +146,25 @@ + syslog(LOG_INFO, "log: %.500s", buf); + } + ++#ifdef ENABLE_LOG_AUTH ++void log_auth(const char *fmt, ...) ++{ ++ char buf[1024]; ++ va_list args; ++ extern int log_auth_flag; ++ if (!log_auth_flag) ++ return; ++ if (log_quiet) ++ return; ++ va_start(args, fmt); ++ vsprintf(buf, fmt, args); ++ va_end(args); ++ if (log_on_stderr) ++ fprintf(stderr, "log: %s\n", buf); ++ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf); ++} ++#endif /* ENABLE_LOG_AUTH */ ++ + /* Converts portable syslog severity to machine-specific syslog severity. */ + + static int syslog_severity(int severity) +@@ -265,9 +284,12 @@ + { + struct fatal_cleanup *cu, *next_cu; + static int fatal_called = 0; +-#ifdef KERBEROS ++#if defined(KRB4) || defined(KRB5) + extern char *ticket; +-#endif ++#ifdef AFS ++ extern char *xauthfile; ++#endif /* AFS */ ++#endif /* KRB4 || KRB5 */ + + if (!fatal_called) + { +@@ -281,19 +303,27 @@ + (unsigned long)cu->proc, (unsigned long)cu->context); + (*cu->proc)(cu->context); + } +-#ifdef KERBEROS ++#if defined(KRB4) || defined(KRB5) + /* If you forwarded a ticket you get one shot for proper + authentication. */ + /* If tgt was passed unlink file */ + if (ticket) + { + if (strcmp(ticket,"none")) ++#ifdef KRB5 + /* ticket -> FILE:path */ + unlink(ticket + 5); ++#else /* KRB4 */ ++ unlink(ticket); ++#endif + else + ticket = NULL; + } +-#endif /* KERBEROS */ ++#ifdef AFS ++ /* If local XAUTHORITY was created, remove it. */ ++ if (xauthfile) unlink(xauthfile); ++#endif /* AFS */ ++#endif /* KRB4 || KRB5 */ + } + } + +@@ -322,6 +352,9 @@ + { + char buf[1024]; + va_list args; ++#ifdef ENABLE_LOG_AUTH ++ extern char *unauthenticated_user; ++#endif /* ENABLE_LOG_AUTH */ + + if (log_quiet) + exit(1); +@@ -331,6 +364,11 @@ + if (log_on_stderr) + fprintf(stderr, "fatal: %s\n", buf); + syslog(syslog_severity(severity), "fatal: %.500s", buf); ++#ifdef ENABLE_LOG_AUTH ++ if (unauthenticated_user) ++ log_auth("LOGIN FAILED %.100s from %.200s", ++ unauthenticated_user, get_canonical_hostname()); ++#endif /* ENABLE_LOG_AUTH */ + + do_fatal_cleanups(); + diff --git a/security/ssh6/patches/patch-ah b/security/ssh6/patches/patch-ah new file mode 100644 index 00000000000..5082a050db4 --- /dev/null +++ b/security/ssh6/patches/patch-ah @@ -0,0 +1,34 @@ +$NetBSD: patch-ah,v 1.1 2000/03/20 02:25:35 itojun Exp $ + +--- packet.c.orig Wed May 12 07:19:27 1999 ++++ packet.c Fri Dec 24 21:50:42 1999 +@@ -829,6 +829,7 @@ + { + /* Set IP options for an interactive connection. Use IPTOS_LOWDELAY + and TCP_NODELAY. */ ++#if 0 + #ifdef IPTOS_LOWDELAY + int lowdelay = IPTOS_LOWDELAY; + if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&lowdelay, +@@ -840,11 +841,13 @@ + sizeof(on)) < 0) + error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); + #endif /* TCP_NODELAY */ ++#endif /* 0 */ + } + else + { + /* Set IP options for a non-interactive connection. Use + IPTOS_THROUGHPUT. */ ++#if 0 + #ifdef IPTOS_THROUGHPUT + int throughput = IPTOS_THROUGHPUT; + if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *)&throughput, +@@ -856,6 +859,7 @@ + sizeof(off)) < 0) + error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); + #endif /* TCP_NODELAY */ ++#endif /* 0 */ + } + } + diff --git a/security/ssh6/patches/patch-ai b/security/ssh6/patches/patch-ai new file mode 100644 index 00000000000..4e955bb9340 --- /dev/null +++ b/security/ssh6/patches/patch-ai @@ -0,0 +1,172 @@ +$NetBSD: patch-ai,v 1.1 2000/03/20 02:25:35 itojun Exp $ + +--- scp.c.orig Wed May 12 07:19:28 1999 ++++ scp.c Fri Dec 24 21:54:17 1999 +@@ -180,6 +180,19 @@ + #define STDERR_FILENO 2 + #endif + ++#ifdef AFS ++/* This is set to non-zero to disable authentication forwarding. */ ++int nofwd = 0; ++#endif /* AFS */ ++ ++/* This is set to non-zero if IPv4 is desired. */ ++int IPv4 = 0; ++ ++#ifdef ENABLE_IPV6 ++/* This is set to non-zero if IPv6 is desired. */ ++int IPv6 = 0; ++#endif ++ + /* This is set to non-zero to enable verbose mode. */ + int verbose = 0; + +@@ -295,8 +308,17 @@ + } + args[i++] = "-x"; + args[i++] = "-a"; ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ args[i++] = "-A"; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + args[i++] = "-oFallBackToRsh no"; + args[i++] = "-oClearAllForwardings yes"; ++ if (IPv4) ++ args[i++] = "-4"; ++#ifdef ENABLE_IPV6 ++ if (IPv6) ++ args[i++] = "-6"; ++#endif + if (verbose) + args[i++] = "-v"; + if (compress) +@@ -305,6 +327,10 @@ + args[i++] = "-P"; + if (batchmode) + args[i++] = "-oBatchMode yes"; ++#ifdef AFS ++ if (nofwd) ++ args[i++] = "-k"; ++#endif /* AFS */ + if (cipher != NULL) + { + args[i++] = "-c"; +@@ -441,8 +467,23 @@ + statistics = 0; + + fflag = tflag = 0; +- while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) ++ while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4" ++#ifdef AFS ++ "k" ++#endif ++#ifdef ENABLE_IPV6 ++ "6" ++#endif ++ )) != EOF) + switch(ch) { /* User-visible flags. */ ++ case '4': ++ IPv4 = 1; ++ break; ++#ifdef ENABLE_IPV6 ++ case '6': ++ IPv6 = 1; ++ break; ++#endif + case 'S': + ssh_program = optarg; + break; +@@ -490,6 +531,11 @@ + case 'r': + iamrecursive = 1; + break; ++#ifdef AFS ++ case 'k': ++ nofwd = 1; ++ break; ++#endif /* AFS */ + /* Server options. */ + case 'd': + targetshouldbedirectory = 1; +@@ -589,6 +635,17 @@ + exit(errs != 0); + } + ++char * ++cleanhostname(host) ++ char *host; ++{ ++ if (*host == '[' && host[strlen(host) - 1] == ']') { ++ host[strlen(host) - 1] = '\0'; ++ return (host + 1); ++ } else ++ return host; ++} ++ + void + toremote(targ, argc, argv) + char *targ, *argv[]; +@@ -644,6 +701,7 @@ + bp = xmalloc(len); + if (host) { + *host++ = 0; ++ host = cleanhostname(host); + suser = argv[i]; + if (*suser == '\0') + suser = pwd->pw_name; +@@ -655,13 +713,15 @@ + suser, host, cmd, src, + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); +- } else ++ } else { ++ host = cleanhostname(argv[i]); + (void)snprintf(bp, len, + "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", + ssh_program, verbose ? " -v" : "", options, +- argv[i], cmd, src, ++ host, cmd, src, + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); ++ } + if (verbose) + fprintf(stderr, "Executing: %s\n", bp); + if (system(bp)) errs++; +@@ -671,7 +731,7 @@ + len = strlen(targ) + CMDNEEDS + 20; + bp = xmalloc(len); + (void)snprintf(bp, len, "%s -t %s", cmd, targ); +- host = thost; ++ host = cleanhostname(thost); + if (do_cmd(host, tuser, + bp, &remin, &remout) < 0) + exit(1); +@@ -721,6 +781,7 @@ + else if (!okname(suser)) + continue; + } ++ host = cleanhostname(host); + len = strlen(src) + CMDNEEDS + 20; + bp = xmalloc(len); + (void)snprintf(bp, len, "%s -f %s", cmd, src); +@@ -1365,11 +1426,19 @@ + colon(cp) + char *cp; + { ++ int flag = 0; ++ + if (*cp == ':') /* Leading colon is part of file name. */ + return (0); ++ if (*cp == '[') ++ flag = 1; + + for (; *cp; ++cp) { +- if (*cp == ':') ++ if (*cp == '@' && *(cp+1) == '[') ++ flag = 1; ++ if (*cp == ']' && *(cp+1) == ':' && flag) ++ return (cp+1); ++ if (*cp == ':' && !flag) + return (cp); + if (*cp == '/') + return (0); diff --git a/security/ssh6/patches/patch-aj b/security/ssh6/patches/patch-aj new file mode 100644 index 00000000000..b0e0efdf021 --- /dev/null +++ b/security/ssh6/patches/patch-aj @@ -0,0 +1,4533 @@ +$NetBSD: patch-aj,v 1.1 2000/03/20 02:25:35 itojun Exp $ + +--- configure.orig Wed May 12 20:20:06 1999 ++++ configure Sat Mar 18 13:22:06 2000 +@@ -1,7 +1,7 @@ + #! /bin/sh + + # Guess values for system-dependent variables and create Makefiles. +-# Generated automatically using autoconf version 2.12 ++# Generated automatically using autoconf version 2.13 + # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. + # + # This configure script is free software; the Free Software Foundation +@@ -12,6 +12,9 @@ + ac_default_prefix=/usr/local + # Any additions from configure.in: + ac_help="$ac_help ++ --enable-ipv6 Enable ipv6 (with ipv4) support ++ --disable-ipv6 Disable ipv6 support" ++ac_help="$ac_help + --enable-deprecated-linux-pw-encrypt + Enable using of deprecated linx pw_encrypt function." + ac_help="$ac_help +@@ -49,9 +52,13 @@ + ac_help="$ac_help + --with-tis[=DIR] Enable support for TIS authentication server." + ac_help="$ac_help +- --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support." ++ --with-krb4[=PATH] Compile in Kerberos v4 support." ++ac_help="$ac_help ++ --with-krb5[=PATH] Compile in Kerberos v5 support." ++ac_help="$ac_help ++ --with-afs Compile in AFS support (requires KTH krb4)." + ac_help="$ac_help +- --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket." ++ --with-hesiod[=PATH] Compile in Hesiod support." + ac_help="$ac_help + --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support." + ac_help="$ac_help +@@ -83,6 +90,12 @@ + ac_help="$ac_help + --disable-tcp-nodelay Disable TCP_NODELAY socket option" + ac_help="$ac_help ++ --enable-another-port-try Enable another port try support (default) ++ --disable-another-port-try Disable another port try support" ++ac_help="$ac_help ++ --enable-log-auth Enable logging auth info support (default) ++ --disable-log-auth Disable logging auth info support" ++ac_help="$ac_help + --enable-so-linger Enable setting SO_LINGER socket option" + ac_help="$ac_help + --without-scp-stats Without scp statistics code" +@@ -130,6 +143,7 @@ + # Initialize some other variables. + subdirs= + MFLAGS= MAKEFLAGS= ++SHELL=${CONFIG_SHELL-/bin/sh} + # Maximum number of lines to put in a shell here document. + ac_max_here_lines=12 + +@@ -413,7 +427,7 @@ + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) +- echo "configure generated by autoconf version 2.12" ++ echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) +@@ -583,9 +597,11 @@ + # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. + ac_cpp='$CPP $CPPFLAGS' + ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' ++ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' + cross_compiling=$ac_cv_prog_cc_cross + ++ac_exeext= ++ac_objext=o + if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then +@@ -626,33 +642,33 @@ + + + # Make sure we can run config.sub. +-if $ac_config_sub sun4 >/dev/null 2>&1; then : ++if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : + else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } + fi + + echo $ac_n "checking host system type""... $ac_c" 1>&6 +-echo "configure:635: checking host system type" >&5 ++echo "configure:651: checking host system type" >&5 + + host_alias=$host + case "$host_alias" in + NONE) + case $nonopt in + NONE) +- if host_alias=`$ac_config_guess`; then : ++ if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : + else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } + fi ;; + *) host_alias=$nonopt ;; + esac ;; + esac + +-host=`$ac_config_sub $host_alias` ++host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` + host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` + host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` + host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + echo "$ac_t""$host" 1>&6 + + echo $ac_n "checking cached information""... $ac_c" 1>&6 +-echo "configure:656: checking cached information" >&5 ++echo "configure:672: checking cached information" >&5 + hostcheck="$host" + if eval "test \"`echo '$''{'ac_cv_hostcheck'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -671,15 +687,16 @@ + # Extract the first word of "gcc", so it can be a program name with args. + set dummy gcc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:675: checking for $ac_word" >&5 ++echo "configure:691: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. + else +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" +@@ -700,16 +717,17 @@ + # Extract the first word of "cc", so it can be a program name with args. + set dummy cc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:704: checking for $ac_word" >&5 ++echo "configure:721: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. + else +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_prog_rejected=no +- for ac_dir in $PATH; do ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then +@@ -744,25 +762,61 @@ + echo "$ac_t""no" 1>&6 + fi + ++ if test -z "$CC"; then ++ case "`uname -s`" in ++ *win32* | *WIN32*) ++ # Extract the first word of "cl", so it can be a program name with args. ++set dummy cl; ac_word=$2 ++echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 ++echo "configure:772: checking for $ac_word" >&5 ++if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ if test -n "$CC"; then ++ ac_cv_prog_CC="$CC" # Let the user override the test. ++else ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do ++ test -z "$ac_dir" && ac_dir=. ++ if test -f $ac_dir/$ac_word; then ++ ac_cv_prog_CC="cl" ++ break ++ fi ++ done ++ IFS="$ac_save_ifs" ++fi ++fi ++CC="$ac_cv_prog_CC" ++if test -n "$CC"; then ++ echo "$ac_t""$CC" 1>&6 ++else ++ echo "$ac_t""no" 1>&6 ++fi ++ ;; ++ esac ++ fi + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } + fi + + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +-echo "configure:752: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ++echo "configure:804: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + + ac_ext=c + # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. + ac_cpp='$CPP $CPPFLAGS' + ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +-ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' ++ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' + cross_compiling=$ac_cv_prog_cc_cross + +-cat > conftest.$ac_ext <<EOF +-#line 762 "configure" ++cat > conftest.$ac_ext << EOF ++ ++#line 815 "configure" + #include "confdefs.h" ++ + main(){return(0);} + EOF +-if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then +@@ -776,18 +830,24 @@ + ac_cv_prog_cc_works=no + fi + rm -fr conftest* ++ac_ext=c ++# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ++ac_cpp='$CPP $CPPFLAGS' ++ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' ++ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' ++cross_compiling=$ac_cv_prog_cc_cross + + echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 + if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } + fi + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +-echo "configure:786: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 ++echo "configure:846: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 + echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 + cross_compiling=$ac_cv_prog_cc_cross + + echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +-echo "configure:791: checking whether we are using GNU C" >&5 ++echo "configure:851: checking whether we are using GNU C" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -796,7 +856,7 @@ + yes; + #endif + EOF +-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:800: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ++if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:860: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes + else + ac_cv_prog_gcc=no +@@ -807,11 +867,15 @@ + + if test $ac_cv_prog_gcc = yes; then + GCC=yes +- ac_test_CFLAGS="${CFLAGS+set}" +- ac_save_CFLAGS="$CFLAGS" +- CFLAGS= +- echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +-echo "configure:815: checking whether ${CC-cc} accepts -g" >&5 ++else ++ GCC= ++fi ++ ++ac_test_CFLAGS="${CFLAGS+set}" ++ac_save_CFLAGS="$CFLAGS" ++CFLAGS= ++echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 ++echo "configure:879: checking whether ${CC-cc} accepts -g" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -826,20 +890,104 @@ + fi + + echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 +- if test "$ac_test_CFLAGS" = set; then +- CFLAGS="$ac_save_CFLAGS" +- elif test $ac_cv_prog_cc_g = yes; then ++if test "$ac_test_CFLAGS" = set; then ++ CFLAGS="$ac_save_CFLAGS" ++elif test $ac_cv_prog_cc_g = yes; then ++ if test "$GCC" = yes; then + CFLAGS="-g -O2" + else ++ CFLAGS="-g" ++ fi ++else ++ if test "$GCC" = yes; then + CFLAGS="-O2" ++ else ++ CFLAGS= + fi ++fi ++ ++echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 ++echo "configure:911: checking how to run the C preprocessor" >&5 ++# On Suns, sometimes $CPP names a directory. ++if test -n "$CPP" && test -d "$CPP"; then ++ CPP= ++fi ++if test -z "$CPP"; then ++if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 + else +- GCC= +- test "${CFLAGS+set}" = set || CFLAGS="-g" ++ # This must be in double quotes, not single quotes, because CPP may get ++ # substituted into the Makefile and "${CC-cc}" will confuse make. ++ CPP="${CC-cc} -E" ++ # On the NeXT, cc -E runs the code through the compiler's parser, ++ # not just through cpp. ++ cat > conftest.$ac_ext <<EOF ++#line 926 "configure" ++#include "confdefs.h" ++#include <assert.h> ++Syntax Error ++EOF ++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ++{ (eval echo configure:932: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` ++if test -z "$ac_err"; then ++ : ++else ++ echo "$ac_err" >&5 ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ CPP="${CC-cc} -E -traditional-cpp" ++ cat > conftest.$ac_ext <<EOF ++#line 943 "configure" ++#include "confdefs.h" ++#include <assert.h> ++Syntax Error ++EOF ++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ++{ (eval echo configure:949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` ++if test -z "$ac_err"; then ++ : ++else ++ echo "$ac_err" >&5 ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ CPP="${CC-cc} -nologo -E" ++ cat > conftest.$ac_ext <<EOF ++#line 960 "configure" ++#include "confdefs.h" ++#include <assert.h> ++Syntax Error ++EOF ++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ++{ (eval echo configure:966: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` ++if test -z "$ac_err"; then ++ : ++else ++ echo "$ac_err" >&5 ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ CPP=/lib/cpp ++fi ++rm -f conftest* ++fi ++rm -f conftest* ++fi ++rm -f conftest* ++ ac_cv_prog_CPP="$CPP" ++fi ++ CPP="$ac_cv_prog_CPP" ++else ++ ac_cv_prog_CPP="$CPP" + fi ++echo "$ac_t""$CPP" 1>&6 + + echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 +-echo "configure:843: checking for POSIXized ISC" >&5 ++echo "configure:991: checking for POSIXized ISC" >&5 + if test -d /etc/conf/kconfig.d && + grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 + then +@@ -860,6 +1008,202 @@ + fi + + ++echo $ac_n "checking whether to enable ipv6""... $ac_c" 1>&6 ++echo "configure:1013: checking whether to enable ipv6" >&5 ++# Check whether --enable-ipv6 or --disable-ipv6 was given. ++if test "${enable_ipv6+set}" = set; then ++ enableval="$enable_ipv6" ++ case "$enableval" in ++ no) ++ echo "$ac_t""no" 1>&6 ++ ipv6=no ++ ;; ++ *) echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define ENABLE_IPV6 1 ++EOF ++ ++ ipv6=yes ++ ;; ++ esac ++else ++ if test "$cross_compiling" = yes; then ++ echo "$ac_t""no" 1>&6 ++ ipv6=no ++ ++else ++ cat > conftest.$ac_ext <<EOF ++#line 1037 "configure" ++#include "confdefs.h" ++ /* AF_INET6 avalable check */ ++#include <sys/types.h> ++#include <sys/socket.h> ++main() ++{ ++ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) ++ exit(1); ++ else ++ exit(0); ++} ++ ++EOF ++if { (eval echo configure:1051: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++then ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define ENABLE_IPV6 1 ++EOF ++ ++ ipv6=yes ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -fr conftest* ++ echo "$ac_t""no" 1>&6 ++ ipv6=no ++fi ++rm -fr conftest* ++fi ++ ++fi ++ ++ ++ipv6type=unknown ++ipv6lib=none ++ ++if test "$ipv6" = "yes"; then ++ echo $ac_n "checking ipv6 stack type""... $ac_c" 1>&6 ++echo "configure:1077: checking ipv6 stack type" >&5 ++ for i in inria kame linux toshiba v6d zeta; do ++ case $i in ++ inria) ++ cat > conftest.$ac_ext <<EOF ++#line 1082 "configure" ++#include "confdefs.h" ++dnl ++#include <netinet/in.h> ++#ifdef IPV6_INRIA_VERSION ++yes ++#endif ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "yes" >/dev/null 2>&1; then ++ rm -rf conftest* ++ ipv6type=$i; ++ CPPFLAGS="-DINET6 $CPPFLAGS" ++fi ++rm -f conftest* ++ ++ ;; ++ kame) ++ cat > conftest.$ac_ext <<EOF ++#line 1101 "configure" ++#include "confdefs.h" ++dnl ++#include <netinet/in.h> ++#ifdef __KAME__ ++yes ++#endif ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "yes" >/dev/null 2>&1; then ++ rm -rf conftest* ++ ipv6type=$i; ++ CPPFLAGS="-DINET6 $CPPFLAGS" ++fi ++rm -f conftest* ++ ++ ;; ++ linux) ++ if test -d /usr/inet6; then ++ ipv6type=$i ++ ipv6lib=inet6 ++ ipv6libdir=/usr/inet6/lib ++ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" ++ fi ++ ;; ++ toshiba) ++ cat > conftest.$ac_ext <<EOF ++#line 1128 "configure" ++#include "confdefs.h" ++dnl ++#include <sys/param.h> ++#ifdef _TOSHIBA_INET6 ++yes ++#endif ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "yes" >/dev/null 2>&1; then ++ rm -rf conftest* ++ ipv6type=$i; ++ ipv6lib=inet6; ++ ipv6libdir=/usr/local/v6/lib; ++ CPPFLAGS="-DINET6 $CPPFLAGS" ++fi ++rm -f conftest* ++ ++ ;; ++ v6d) ++ cat > conftest.$ac_ext <<EOF ++#line 1149 "configure" ++#include "confdefs.h" ++dnl ++#include </usr/local/v6/include/sys/v6config.h> ++#ifdef __V6D__ ++yes ++#endif ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "yes" >/dev/null 2>&1; then ++ rm -rf conftest* ++ ipv6type=$i; ++ ipv6lib=v6; ++ ipv6libdir=/usr/local/v6/lib; ++ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS" ++fi ++rm -f conftest* ++ ++ ;; ++ zeta) ++ cat > conftest.$ac_ext <<EOF ++#line 1170 "configure" ++#include "confdefs.h" ++dnl ++#include <sys/param.h> ++#ifdef _ZETA_MINAMI_INET6 ++yes ++#endif ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "yes" >/dev/null 2>&1; then ++ rm -rf conftest* ++ ipv6type=$i; ++ ipv6lib=inet6; ++ ipv6libdir=/usr/local/v6/lib; ++ CPPFLAGS="-DINET6 $CPPFLAGS" ++fi ++rm -f conftest* ++ ++ ;; ++ esac ++ if test "$ipv6type" != "unknown"; then ++ break ++ fi ++ done ++ echo "$ac_t""$ipv6type" 1>&6 ++fi ++ ++if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then ++ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then ++ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" ++ else ++ echo 'Fatal: no $ipv6lib library found. cannot continue.' ++ echo "You need to fetch lib$ipv6lib.a from appropriate" ++ echo 'ipv6 kit and compile beforehand.' ++ exit 1 ++ fi ++fi ++ + cat >> confdefs.h <<EOF + #define HOSTTYPE "$host" + EOF +@@ -876,20 +1220,12 @@ + ;; + *-*-solaris*) + # solaris stuff. appro@fy.chalmers.se +- cat >> confdefs.h <<\EOF +-#define SECURE_RPC 1 +-EOF +- +- cat >> confdefs.h <<\EOF +-#define SECURE_NFS 1 +-EOF +- ++# this stuff breaks AFS/Kerberos. YUCK. ++# AC_DEFINE(SECURE_RPC) ++# AC_DEFINE(SECURE_NFS) + # NIS+ is forced so that we don't have to recompile + # if we move to NIS+. appro@fy.chalmers.se +- cat >> confdefs.h <<\EOF +-#define NIS_PLUS 1 +-EOF +- ++# AC_DEFINE(NIS_PLUS) + ;; + *-*-sunos*) + os_sunos=yes +@@ -931,14 +1267,14 @@ + no_shadows_password_checking=yes + # We want support for <proj.h> eivind@ii.uib.no + cat > conftest.$ac_ext <<EOF +-#line 935 "configure" ++#line 1271 "configure" + #include "confdefs.h" + #include <proj.h> + int main() { + int foo = MAXPROJNAMELEN; + ; return 0; } + EOF +-if { (eval echo configure:942: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1278: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + cat >> confdefs.h <<\EOF + #define HAVE_SGI_PROJ_H 1 +@@ -953,7 +1289,7 @@ + *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4) + os_aix=yes + echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 +-echo "configure:957: checking for getuserattr in -ls" >&5 ++echo "configure:1293: checking for getuserattr in -ls" >&5 + ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -961,7 +1297,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ls $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 965 "configure" ++#line 1301 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -972,7 +1308,7 @@ + getuserattr() + ; return 0; } + EOF +-if { (eval echo configure:976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1004,7 +1340,7 @@ + no_utmpx=yes + os_aix=yes + echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 +-echo "configure:1008: checking for getuserattr in -ls" >&5 ++echo "configure:1344: checking for getuserattr in -ls" >&5 + ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1012,7 +1348,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ls $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1016 "configure" ++#line 1352 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1023,7 +1359,7 @@ + getuserattr() + ; return 0; } + EOF +-if { (eval echo configure:1027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1054,7 +1390,7 @@ + *-ibm-aix*) + os_aix=yes + echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 +-echo "configure:1058: checking for getuserattr in -ls" >&5 ++echo "configure:1394: checking for getuserattr in -ls" >&5 + ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1062,7 +1398,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ls $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1066 "configure" ++#line 1402 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1073,7 +1409,7 @@ + getuserattr() + ; return 0; } + EOF +-if { (eval echo configure:1077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1413: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1123,7 +1459,7 @@ + # Ultrix shadow passwords implemented in auth-passwd.c. + no_shadows_password_checking=yes + echo $ac_n "checking for authenticate_user in -lauth""... $ac_c" 1>&6 +-echo "configure:1127: checking for authenticate_user in -lauth" >&5 ++echo "configure:1463: checking for authenticate_user in -lauth" >&5 + ac_lib_var=`echo auth'_'authenticate_user | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1131,7 +1467,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lauth $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1135 "configure" ++#line 1471 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1142,7 +1478,7 @@ + authenticate_user() + ; return 0; } + EOF +-if { (eval echo configure:1146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1170,14 +1506,14 @@ + fi + + cat > conftest.$ac_ext <<EOF +-#line 1174 "configure" ++#line 1510 "configure" + #include "confdefs.h" + #include <syslog.h> + int main() { + int foo = LOG_DAEMON; + ; return 0; } + EOF +-if { (eval echo configure:1181: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1517: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + : + else + echo "configure: failed program was:" >&5 +@@ -1215,7 +1551,7 @@ + CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" + fi + echo $ac_n "checking for HPUX tcb auth option""... $ac_c" 1>&6 +-echo "configure:1219: checking for HPUX tcb auth option" >&5 ++echo "configure:1555: checking for HPUX tcb auth option" >&5 + if test -f /tcb/files/auth/system/pw_id_map; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +@@ -1227,7 +1563,7 @@ + echo "$ac_t""no" 1>&6 + fi + echo $ac_n "checking for keyserv""... $ac_c" 1>&6 +-echo "configure:1231: checking for keyserv" >&5 ++echo "configure:1567: checking for keyserv" >&5 + if test -f /usr/sbin/keyserv; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +@@ -1256,7 +1592,7 @@ + # The man page says that we need -lsecurity -ldb -laud -lm to quickstart + # programs using enchanced security. + echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 +-echo "configure:1260: checking for set_auth_parameters in -lsecurity" >&5 ++echo "configure:1596: checking for set_auth_parameters in -lsecurity" >&5 + ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1264,7 +1600,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsecurity $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1268 "configure" ++#line 1604 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1275,7 +1611,7 @@ + set_auth_parameters() + ; return 0; } + EOF +-if { (eval echo configure:1279: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1615: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1303,7 +1639,7 @@ + fi + + echo $ac_n "checking for audgen in -laud""... $ac_c" 1>&6 +-echo "configure:1307: checking for audgen in -laud" >&5 ++echo "configure:1643: checking for audgen in -laud" >&5 + ac_lib_var=`echo aud'_'audgen | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1311,7 +1647,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-laud $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1315 "configure" ++#line 1651 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1322,7 +1658,7 @@ + audgen() + ; return 0; } + EOF +-if { (eval echo configure:1326: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1350,7 +1686,7 @@ + fi + + echo $ac_n "checking for dbopen in -ldb""... $ac_c" 1>&6 +-echo "configure:1354: checking for dbopen in -ldb" >&5 ++echo "configure:1690: checking for dbopen in -ldb" >&5 + ac_lib_var=`echo db'_'dbopen | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1358,7 +1694,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ldb $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1362 "configure" ++#line 1698 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1369,7 +1705,7 @@ + dbopen() + ; return 0; } + EOF +-if { (eval echo configure:1373: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1397,7 +1733,7 @@ + fi + + echo $ac_n "checking for sin in -lm""... $ac_c" 1>&6 +-echo "configure:1401: checking for sin in -lm" >&5 ++echo "configure:1737: checking for sin in -lm" >&5 + ac_lib_var=`echo m'_'sin | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1405,7 +1741,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lm $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1409 "configure" ++#line 1745 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1416,7 +1752,7 @@ + sin() + ; return 0; } + EOF +-if { (eval echo configure:1420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1756: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1446,12 +1782,12 @@ + for ac_func in setluid + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:1450: checking for $ac_func" >&5 ++echo "configure:1786: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1455 "configure" ++#line 1791 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -1474,7 +1810,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:1478: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -1507,7 +1843,7 @@ + OLD_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -I." + cat > conftest.$ac_ext <<EOF +-#line 1511 "configure" ++#line 1847 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/security.h> +@@ -1516,7 +1852,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:1520: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1856: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + : + else + echo "configure: failed program was:" >&5 +@@ -1545,12 +1881,12 @@ + *-*-linux*|*-*-mklinux*) + CFLAGS="-D_GNU_SOURCE $CFLAGS" + echo $ac_n "checking for getspnam""... $ac_c" 1>&6 +-echo "configure:1549: checking for getspnam" >&5 ++echo "configure:1885: checking for getspnam" >&5 + if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1554 "configure" ++#line 1890 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char getspnam(); below. */ +@@ -1573,7 +1909,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:1577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1913: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_getspnam=yes" + else +@@ -1594,7 +1930,7 @@ + + if test $ac_cv_func_getspnam = no; then + echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 +-echo "configure:1598: checking for getspnam in -lshadow" >&5 ++echo "configure:1934: checking for getspnam in -lshadow" >&5 + ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1602,7 +1938,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lshadow $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1606 "configure" ++#line 1942 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1613,7 +1949,7 @@ + getspnam() + ; return 0; } + EOF +-if { (eval echo configure:1617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:1953: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1651,12 +1987,12 @@ + for ac_func in pw_encrypt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:1655: checking for $ac_func" >&5 ++echo "configure:1991: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 1660 "configure" ++#line 1996 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -1679,7 +2015,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:1683: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:2019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -1705,7 +2041,7 @@ + + if test $ac_cv_func_pw_encrypt = no; then + echo $ac_n "checking for pw_encrypt in -lshadow""... $ac_c" 1>&6 +-echo "configure:1709: checking for pw_encrypt in -lshadow" >&5 ++echo "configure:2045: checking for pw_encrypt in -lshadow" >&5 + ac_lib_var=`echo shadow'_'pw_encrypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1713,7 +2049,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lshadow $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1717 "configure" ++#line 2053 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1724,7 +2060,7 @@ + pw_encrypt() + ; return 0; } + EOF +-if { (eval echo configure:1728: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:2064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1748,7 +2084,7 @@ + + fi + echo $ac_n "checking whether to enable pw_encrypt""... $ac_c" 1>&6 +-echo "configure:1752: checking whether to enable pw_encrypt" >&5 ++echo "configure:2088: checking whether to enable pw_encrypt" >&5 + # Check whether --enable-deprecated-linux-pw-encrypt or --disable-deprecated-linux-pw-encrypt was given. + if test "${enable_deprecated_linux_pw_encrypt+set}" = set; then + enableval="$enable_deprecated_linux_pw_encrypt" +@@ -1825,7 +2161,7 @@ + EOF + + echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 +-echo "configure:1829: checking for openlog in -lgen" >&5 ++echo "configure:2165: checking for openlog in -lgen" >&5 + ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1833,7 +2169,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lgen $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1837 "configure" ++#line 2173 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1844,7 +2180,7 @@ + openlog() + ; return 0; } + EOF +-if { (eval echo configure:1848: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:2184: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1874,7 +2210,7 @@ + ;; + *-*-sysv4*) + echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 +-echo "configure:1878: checking for openlog in -lgen" >&5 ++echo "configure:2214: checking for openlog in -lgen" >&5 + ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1882,7 +2218,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lgen $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 1886 "configure" ++#line 2222 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -1893,7 +2229,7 @@ + openlog() + ; return 0; } + EOF +-if { (eval echo configure:1897: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:2233: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1989,24 +2325,18 @@ + + export CFLAGS CC + +-# Socket pairs appear to be broken on several systems. I don't know exactly +-# where, so I'll use pipes everywhere for now. +-cat >> confdefs.h <<\EOF +-#define USE_PIPES 1 +-EOF +- + + echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 +-echo "configure:2001: checking that the compiler works" >&5 ++echo "configure:2331: checking that the compiler works" >&5 + if test "$cross_compiling" = yes; then + { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; } + else + cat > conftest.$ac_ext <<EOF +-#line 2006 "configure" ++#line 2336 "configure" + #include "confdefs.h" + main(int ac, char **av) { return 0; } + EOF +-if { (eval echo configure:2010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + echo "$ac_t""yes" 1>&6 + else +@@ -2023,18 +2353,18 @@ + if test -z "$no_pipe"; then + if test -n "$GCC"; then + echo $ac_n "checking if the compiler understands -pipe""... $ac_c" 1>&6 +-echo "configure:2027: checking if the compiler understands -pipe" >&5 ++echo "configure:2357: checking if the compiler understands -pipe" >&5 + OLDCC="$CC" + CC="$CC -pipe" + cat > conftest.$ac_ext <<EOF +-#line 2031 "configure" ++#line 2361 "configure" + #include "confdefs.h" + + int main() { + + ; return 0; } + EOF +-if { (eval echo configure:2038: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2368: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + echo "$ac_t""yes" 1>&6 + else +@@ -2049,7 +2379,7 @@ + fi + + echo $ac_n "checking whether to enable -Wall""... $ac_c" 1>&6 +-echo "configure:2053: checking whether to enable -Wall" >&5 ++echo "configure:2383: checking whether to enable -Wall" >&5 + # Check whether --enable-warnings or --disable-warnings was given. + if test "${enable_warnings+set}" = set; then + enableval="$enable_warnings" +@@ -2063,12 +2393,12 @@ + + + echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +-echo "configure:2067: checking return type of signal handlers" >&5 ++echo "configure:2397: checking return type of signal handlers" >&5 + if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2072 "configure" ++#line 2402 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <signal.h> +@@ -2085,7 +2415,7 @@ + int i; + ; return 0; } + EOF +-if { (eval echo configure:2089: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void + else +@@ -2103,74 +2433,13 @@ + EOF + + +-echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +-echo "configure:2108: checking how to run the C preprocessor" >&5 +-# On Suns, sometimes $CPP names a directory. +-if test -n "$CPP" && test -d "$CPP"; then +- CPP= +-fi +-if test -z "$CPP"; then +-if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then +- echo $ac_n "(cached) $ac_c" 1>&6 +-else +- # This must be in double quotes, not single quotes, because CPP may get +- # substituted into the Makefile and "${CC-cc}" will confuse make. +- CPP="${CC-cc} -E" +- # On the NeXT, cc -E runs the code through the compiler's parser, +- # not just through cpp. +- cat > conftest.$ac_ext <<EOF +-#line 2123 "configure" +-#include "confdefs.h" +-#include <assert.h> +-Syntax Error +-EOF +-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2129: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` +-if test -z "$ac_err"; then +- : +-else +- echo "$ac_err" >&5 +- echo "configure: failed program was:" >&5 +- cat conftest.$ac_ext >&5 +- rm -rf conftest* +- CPP="${CC-cc} -E -traditional-cpp" +- cat > conftest.$ac_ext <<EOF +-#line 2140 "configure" +-#include "confdefs.h" +-#include <assert.h> +-Syntax Error +-EOF +-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2146: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` +-if test -z "$ac_err"; then +- : +-else +- echo "$ac_err" >&5 +- echo "configure: failed program was:" >&5 +- cat conftest.$ac_ext >&5 +- rm -rf conftest* +- CPP=/lib/cpp +-fi +-rm -f conftest* +-fi +-rm -f conftest* +- ac_cv_prog_CPP="$CPP" +-fi +- CPP="$ac_cv_prog_CPP" +-else +- ac_cv_prog_CPP="$CPP" +-fi +-echo "$ac_t""$CPP" 1>&6 +- + echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +-echo "configure:2169: checking for ANSI C header files" >&5 ++echo "configure:2438: checking for ANSI C header files" >&5 + if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2174 "configure" ++#line 2443 "configure" + #include "confdefs.h" + #include <stdlib.h> + #include <stdarg.h> +@@ -2178,8 +2447,8 @@ + #include <float.h> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:2451: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +@@ -2195,7 +2464,7 @@ + if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat > conftest.$ac_ext <<EOF +-#line 2199 "configure" ++#line 2468 "configure" + #include "confdefs.h" + #include <string.h> + EOF +@@ -2213,7 +2482,7 @@ + if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat > conftest.$ac_ext <<EOF +-#line 2217 "configure" ++#line 2486 "configure" + #include "confdefs.h" + #include <stdlib.h> + EOF +@@ -2234,7 +2503,7 @@ + : + else + cat > conftest.$ac_ext <<EOF +-#line 2238 "configure" ++#line 2507 "configure" + #include "confdefs.h" + #include <ctype.h> + #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +@@ -2245,7 +2514,7 @@ + exit (0); } + + EOF +-if { (eval echo configure:2249: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2518: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + : + else +@@ -2269,12 +2538,12 @@ + fi + + echo $ac_n "checking for size_t""... $ac_c" 1>&6 +-echo "configure:2273: checking for size_t" >&5 ++echo "configure:2542: checking for size_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2278 "configure" ++#line 2547 "configure" + #include "confdefs.h" + #include <sys/types.h> + #if STDC_HEADERS +@@ -2283,7 +2552,7 @@ + #endif + EOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then ++ egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_size_t=yes + else +@@ -2302,12 +2571,12 @@ + fi + + echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 +-echo "configure:2306: checking for uid_t in sys/types.h" >&5 ++echo "configure:2575: checking for uid_t in sys/types.h" >&5 + if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2311 "configure" ++#line 2580 "configure" + #include "confdefs.h" + #include <sys/types.h> + EOF +@@ -2336,12 +2605,12 @@ + fi + + echo $ac_n "checking for off_t""... $ac_c" 1>&6 +-echo "configure:2340: checking for off_t" >&5 ++echo "configure:2609: checking for off_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2345 "configure" ++#line 2614 "configure" + #include "confdefs.h" + #include <sys/types.h> + #if STDC_HEADERS +@@ -2350,7 +2619,7 @@ + #endif + EOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then ++ egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_off_t=yes + else +@@ -2369,12 +2638,12 @@ + fi + + echo $ac_n "checking for mode_t""... $ac_c" 1>&6 +-echo "configure:2373: checking for mode_t" >&5 ++echo "configure:2642: checking for mode_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2378 "configure" ++#line 2647 "configure" + #include "confdefs.h" + #include <sys/types.h> + #if STDC_HEADERS +@@ -2383,7 +2652,7 @@ + #endif + EOF + if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | +- egrep "mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then ++ egrep "(^|[^a-zA-Z_0-9])mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_mode_t=yes + else +@@ -2402,12 +2671,12 @@ + fi + + echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 +-echo "configure:2406: checking for st_blksize in struct stat" >&5 ++echo "configure:2675: checking for st_blksize in struct stat" >&5 + if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2411 "configure" ++#line 2680 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/stat.h> +@@ -2415,7 +2684,7 @@ + struct stat s; s.st_blksize; + ; return 0; } + EOF +-if { (eval echo configure:2419: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2688: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_struct_st_blksize=yes + else +@@ -2437,12 +2706,12 @@ + + + echo $ac_n "checking for working const""... $ac_c" 1>&6 +-echo "configure:2441: checking for working const" >&5 ++echo "configure:2710: checking for working const" >&5 + if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2446 "configure" ++#line 2715 "configure" + #include "confdefs.h" + + int main() { +@@ -2491,7 +2760,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:2495: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2764: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes + else +@@ -2512,21 +2781,21 @@ + fi + + echo $ac_n "checking for inline""... $ac_c" 1>&6 +-echo "configure:2516: checking for inline" >&5 ++echo "configure:2785: checking for inline" >&5 + if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_inline=no + for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <<EOF +-#line 2523 "configure" ++#line 2792 "configure" + #include "confdefs.h" + + int main() { + } $ac_kw foo() { + ; return 0; } + EOF +-if { (eval echo configure:2530: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break + else +@@ -2552,14 +2821,14 @@ + esac + + echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +-echo "configure:2556: checking whether byte ordering is bigendian" >&5 ++echo "configure:2825: checking whether byte ordering is bigendian" >&5 + if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_bigendian=unknown + # See if sys/param.h defines the BYTE_ORDER macro. + cat > conftest.$ac_ext <<EOF +-#line 2563 "configure" ++#line 2832 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +@@ -2570,11 +2839,11 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:2574: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2843: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. + cat > conftest.$ac_ext <<EOF +-#line 2578 "configure" ++#line 2847 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +@@ -2585,7 +2854,7 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:2589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2858: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes + else +@@ -2605,7 +2874,7 @@ + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext <<EOF +-#line 2609 "configure" ++#line 2878 "configure" + #include "confdefs.h" + main () { + /* Are we little or big endian? From Harbison&Steele. */ +@@ -2618,7 +2887,7 @@ + exit (u.c[sizeof (long) - 1] == 1); + } + EOF +-if { (eval echo configure:2622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2891: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_bigendian=no + else +@@ -2642,7 +2911,7 @@ + fi + + echo $ac_n "checking size of long""... $ac_c" 1>&6 +-echo "configure:2646: checking size of long" >&5 ++echo "configure:2915: checking size of long" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2650,7 +2919,7 @@ + ac_cv_sizeof_long=4 + else + cat > conftest.$ac_ext <<EOF +-#line 2654 "configure" ++#line 2923 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -2661,7 +2930,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:2665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2934: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_long=`cat conftestval` + else +@@ -2681,7 +2950,7 @@ + + + echo $ac_n "checking size of int""... $ac_c" 1>&6 +-echo "configure:2685: checking size of int" >&5 ++echo "configure:2954: checking size of int" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2689,7 +2958,7 @@ + ac_cv_sizeof_int=4 + else + cat > conftest.$ac_ext <<EOF +-#line 2693 "configure" ++#line 2962 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -2700,7 +2969,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:2704: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2973: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_int=`cat conftestval` + else +@@ -2720,7 +2989,7 @@ + + + echo $ac_n "checking size of short""... $ac_c" 1>&6 +-echo "configure:2724: checking size of short" >&5 ++echo "configure:2993: checking size of short" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2728,7 +2997,7 @@ + ac_cv_sizeof_short=2 + else + cat > conftest.$ac_ext <<EOF +-#line 2732 "configure" ++#line 3001 "configure" + #include "confdefs.h" + #include <stdio.h> + main() +@@ -2739,7 +3008,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:2743: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:3012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_short=`cat conftestval` + else +@@ -2764,18 +3033,18 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2768: checking for $ac_hdr" >&5 ++echo "configure:3037: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2773 "configure" ++#line 3042 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2778: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3047: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -2807,18 +3076,18 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2811: checking for $ac_hdr" >&5 ++echo "configure:3080: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2816 "configure" ++#line 3085 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2821: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3090: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -2844,9 +3113,9 @@ + done + + echo $ac_n "checking whether utmpx have ut_syslen field""... $ac_c" 1>&6 +-echo "configure:2848: checking whether utmpx have ut_syslen field" >&5 ++echo "configure:3117: checking whether utmpx have ut_syslen field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 2850 "configure" ++#line 3119 "configure" + #include "confdefs.h" + #include <utmpx.h> + EOF +@@ -2867,12 +3136,12 @@ + fi + + echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +-echo "configure:2871: checking for ANSI C header files" >&5 ++echo "configure:3140: checking for ANSI C header files" >&5 + if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2876 "configure" ++#line 3145 "configure" + #include "confdefs.h" + #include <stdlib.h> + #include <stdarg.h> +@@ -2880,8 +3149,8 @@ + #include <float.h> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2884: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3153: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +@@ -2897,7 +3166,7 @@ + if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat > conftest.$ac_ext <<EOF +-#line 2901 "configure" ++#line 3170 "configure" + #include "confdefs.h" + #include <string.h> + EOF +@@ -2915,7 +3184,7 @@ + if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat > conftest.$ac_ext <<EOF +-#line 2919 "configure" ++#line 3188 "configure" + #include "confdefs.h" + #include <stdlib.h> + EOF +@@ -2936,7 +3205,7 @@ + : + else + cat > conftest.$ac_ext <<EOF +-#line 2940 "configure" ++#line 3209 "configure" + #include "confdefs.h" + #include <ctype.h> + #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +@@ -2947,7 +3216,7 @@ + exit (0); } + + EOF +-if { (eval echo configure:2951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:3220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + : + else +@@ -2971,12 +3240,12 @@ + fi + + echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 +-echo "configure:2975: checking for sys/wait.h that is POSIX.1 compatible" >&5 ++echo "configure:3244: checking for sys/wait.h that is POSIX.1 compatible" >&5 + if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 2980 "configure" ++#line 3249 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/wait.h> +@@ -2992,7 +3261,7 @@ + s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; + ; return 0; } + EOF +-if { (eval echo configure:2996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3265: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_sys_wait_h=yes + else +@@ -3016,18 +3285,18 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3020: checking for $ac_hdr" >&5 ++echo "configure:3289: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3025 "configure" ++#line 3294 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3030: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3299: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3052,22 +3321,22 @@ + fi + done + +-for ac_hdr in sgtty.h sys/select.h sys/ioctl.h machine/endian.h ++for ac_hdr in sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3060: checking for $ac_hdr" >&5 ++echo "configure:3329: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3065 "configure" ++#line 3334 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3070: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3339: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3096,18 +3365,18 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3100: checking for $ac_hdr" >&5 ++echo "configure:3369: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3105 "configure" ++#line 3374 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3379: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3136,18 +3405,18 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3140: checking for $ac_hdr" >&5 ++echo "configure:3409: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3145 "configure" ++#line 3414 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3150: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3176,18 +3445,18 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3180: checking for $ac_hdr" >&5 ++echo "configure:3449: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3185 "configure" ++#line 3454 "configure" + #include "confdefs.h" + #include <$ac_hdr> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3459: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3213,12 +3482,12 @@ + done + + echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +-echo "configure:3217: checking whether time.h and sys/time.h may both be included" >&5 ++echo "configure:3486: checking whether time.h and sys/time.h may both be included" >&5 + if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3222 "configure" ++#line 3491 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/time.h> +@@ -3227,7 +3496,7 @@ + struct tm *tp; + ; return 0; } + EOF +-if { (eval echo configure:3231: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3500: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes + else +@@ -3252,12 +3521,12 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 +-echo "configure:3256: checking for $ac_hdr that defines DIR" >&5 ++echo "configure:3525: checking for $ac_hdr that defines DIR" >&5 + if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3261 "configure" ++#line 3530 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <$ac_hdr> +@@ -3265,7 +3534,7 @@ + DIR *dirp = 0; + ; return 0; } + EOF +-if { (eval echo configure:3269: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3538: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_header_dirent_$ac_safe=yes" + else +@@ -3290,7 +3559,7 @@ + # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. + if test $ac_header_dirent = dirent.h; then + echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 +-echo "configure:3294: checking for opendir in -ldir" >&5 ++echo "configure:3563: checking for opendir in -ldir" >&5 + ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3298,7 +3567,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ldir $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3302 "configure" ++#line 3571 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3309,7 +3578,7 @@ + opendir() + ; return 0; } + EOF +-if { (eval echo configure:3313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:3582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3331,7 +3600,7 @@ + + else + echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 +-echo "configure:3335: checking for opendir in -lx" >&5 ++echo "configure:3604: checking for opendir in -lx" >&5 + ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3339,7 +3608,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lx $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3343 "configure" ++#line 3612 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3350,7 +3619,7 @@ + opendir() + ; return 0; } + EOF +-if { (eval echo configure:3354: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:3623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3373,12 +3642,12 @@ + fi + + echo $ac_n "checking whether stat file-mode macros are broken""... $ac_c" 1>&6 +-echo "configure:3377: checking whether stat file-mode macros are broken" >&5 ++echo "configure:3646: checking whether stat file-mode macros are broken" >&5 + if eval "test \"`echo '$''{'ac_cv_header_stat_broken'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3382 "configure" ++#line 3651 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/stat.h> +@@ -3429,19 +3698,19 @@ + fi + + echo $ac_n "checking whether sys/types.h defines makedev""... $ac_c" 1>&6 +-echo "configure:3433: checking whether sys/types.h defines makedev" >&5 ++echo "configure:3702: checking whether sys/types.h defines makedev" >&5 + if eval "test \"`echo '$''{'ac_cv_header_sys_types_h_makedev'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3438 "configure" ++#line 3707 "configure" + #include "confdefs.h" + #include <sys/types.h> + int main() { + return makedev(0, 0); + ; return 0; } + EOF +-if { (eval echo configure:3445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:3714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_header_sys_types_h_makedev=yes + else +@@ -3459,18 +3728,18 @@ + if test $ac_cv_header_sys_types_h_makedev = no; then + ac_safe=`echo "sys/mkdev.h" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for sys/mkdev.h""... $ac_c" 1>&6 +-echo "configure:3463: checking for sys/mkdev.h" >&5 ++echo "configure:3732: checking for sys/mkdev.h" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3468 "configure" ++#line 3737 "configure" + #include "confdefs.h" + #include <sys/mkdev.h> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3473: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3742: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3497,18 +3766,18 @@ + if test $ac_cv_header_sys_mkdev_h = no; then + ac_safe=`echo "sys/sysmacros.h" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for sys/sysmacros.h""... $ac_c" 1>&6 +-echo "configure:3501: checking for sys/sysmacros.h" >&5 ++echo "configure:3770: checking for sys/sysmacros.h" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 3506 "configure" ++#line 3775 "configure" + #include "confdefs.h" + #include <sys/sysmacros.h> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3511: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:3780: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +@@ -3535,9 +3804,9 @@ + fi + + echo $ac_n "checking whether utmp have ut_pid field""... $ac_c" 1>&6 +-echo "configure:3539: checking whether utmp have ut_pid field" >&5 ++echo "configure:3808: checking whether utmp have ut_pid field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 3541 "configure" ++#line 3810 "configure" + #include "confdefs.h" + #include <utmp.h> + EOF +@@ -3556,9 +3825,9 @@ + rm -f conftest* + + echo $ac_n "checking whether utmp have ut_name field""... $ac_c" 1>&6 +-echo "configure:3560: checking whether utmp have ut_name field" >&5 ++echo "configure:3829: checking whether utmp have ut_name field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 3562 "configure" ++#line 3831 "configure" + #include "confdefs.h" + #include <utmp.h> + EOF +@@ -3577,9 +3846,9 @@ + rm -f conftest* + + echo $ac_n "checking whether utmp have ut_id field""... $ac_c" 1>&6 +-echo "configure:3581: checking whether utmp have ut_id field" >&5 ++echo "configure:3850: checking whether utmp have ut_id field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 3583 "configure" ++#line 3852 "configure" + #include "confdefs.h" + #include <utmp.h> + EOF +@@ -3598,9 +3867,9 @@ + rm -f conftest* + + echo $ac_n "checking whether utmp have ut_host field""... $ac_c" 1>&6 +-echo "configure:3602: checking whether utmp have ut_host field" >&5 ++echo "configure:3871: checking whether utmp have ut_host field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 3604 "configure" ++#line 3873 "configure" + #include "confdefs.h" + #include <utmp.h> + EOF +@@ -3619,9 +3888,9 @@ + rm -f conftest* + + echo $ac_n "checking whether utmp have ut_addr field""... $ac_c" 1>&6 +-echo "configure:3623: checking whether utmp have ut_addr field" >&5 ++echo "configure:3892: checking whether utmp have ut_addr field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 3625 "configure" ++#line 3894 "configure" + #include "confdefs.h" + #include <utmp.h> + EOF +@@ -3640,9 +3909,9 @@ + rm -f conftest* + + echo $ac_n "checking whether you have incompatible SIGINFO macro""... $ac_c" 1>&6 +-echo "configure:3644: checking whether you have incompatible SIGINFO macro" >&5 ++echo "configure:3913: checking whether you have incompatible SIGINFO macro" >&5 + cat > conftest.$ac_ext <<EOF +-#line 3646 "configure" ++#line 3915 "configure" + #include "confdefs.h" + #include <sys/siginfo.h> + SIGINFO(p,1) +@@ -3662,8 +3931,69 @@ + rm -f conftest* + + ++echo $ac_n "checking whether sys/socket.h have struct sockaddr_storage""... $ac_c" 1>&6 ++echo "configure:3936: checking whether sys/socket.h have struct sockaddr_storage" >&5 ++cat > conftest.$ac_ext <<EOF ++#line 3938 "configure" ++#include "confdefs.h" ++#include <sys/socket.h> ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "sockaddr_storage" >/dev/null 2>&1; then ++ rm -rf conftest* ++ cat >> confdefs.h <<\EOF ++#define HAVE_SOCKADDR_STORAGE 1 ++EOF ++ echo "$ac_t""yes" 1>&6 ++else ++ rm -rf conftest* ++ echo "$ac_t""no" 1>&6 ++fi ++rm -f conftest* ++ ++echo $ac_n "checking whether sys/socket.h have __ss_family""... $ac_c" 1>&6 ++echo "configure:3956: checking whether sys/socket.h have __ss_family" >&5 ++cat > conftest.$ac_ext <<EOF ++#line 3958 "configure" ++#include "confdefs.h" ++#include <sys/socket.h> ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "__ss_family" >/dev/null 2>&1; then ++ rm -rf conftest* ++ cat >> confdefs.h <<\EOF ++#define HAVE_NEW_SS_FAMILY 1 ++EOF ++ echo "$ac_t""yes" 1>&6 ++else ++ rm -rf conftest* ++ echo "$ac_t""no" 1>&6 ++fi ++rm -f conftest* ++ ++echo $ac_n "checking whether sys/socket.h have sa_len""... $ac_c" 1>&6 ++echo "configure:3976: checking whether sys/socket.h have sa_len" >&5 ++cat > conftest.$ac_ext <<EOF ++#line 3978 "configure" ++#include "confdefs.h" ++#include <sys/socket.h> ++EOF ++if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | ++ egrep "sa_len" >/dev/null 2>&1; then ++ rm -rf conftest* ++ cat >> confdefs.h <<\EOF ++#define HAVE_SOCKADDR_LEN 1 ++EOF ++ echo "$ac_t""yes" 1>&6 ++else ++ rm -rf conftest* ++ echo "$ac_t""no" 1>&6 ++fi ++rm -f conftest* ++ ++ + echo $ac_n "checking for crypt in -lc""... $ac_c" 1>&6 +-echo "configure:3667: checking for crypt in -lc" >&5 ++echo "configure:3997: checking for crypt in -lc" >&5 + ac_lib_var=`echo c'_'crypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3671,7 +4001,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lc $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3675 "configure" ++#line 4005 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3682,7 +4012,7 @@ + crypt() + ; return 0; } + EOF +-if { (eval echo configure:3686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3701,7 +4031,7 @@ + else + echo "$ac_t""no" 1>&6 + echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 +-echo "configure:3705: checking for crypt in -lcrypt" >&5 ++echo "configure:4035: checking for crypt in -lcrypt" >&5 + ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3709,7 +4039,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lcrypt $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3713 "configure" ++#line 4043 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3720,7 +4050,7 @@ + crypt() + ; return 0; } + EOF +-if { (eval echo configure:3724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3750,7 +4080,7 @@ + fi + + echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 +-echo "configure:3754: checking for getspnam in -lsec" >&5 ++echo "configure:4084: checking for getspnam in -lsec" >&5 + ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3758,7 +4088,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsec $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3762 "configure" ++#line 4092 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3769,7 +4099,7 @@ + getspnam() + ; return 0; } + EOF +-if { (eval echo configure:3773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3797,7 +4127,7 @@ + fi + + echo $ac_n "checking for get_process_stats in -lseq""... $ac_c" 1>&6 +-echo "configure:3801: checking for get_process_stats in -lseq" >&5 ++echo "configure:4131: checking for get_process_stats in -lseq" >&5 + ac_lib_var=`echo seq'_'get_process_stats | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3805,7 +4135,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lseq $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3809 "configure" ++#line 4139 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3816,7 +4146,7 @@ + get_process_stats() + ; return 0; } + EOF +-if { (eval echo configure:3820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3844,7 +4174,7 @@ + fi + + echo $ac_n "checking for bcopy in -lbsd""... $ac_c" 1>&6 +-echo "configure:3848: checking for bcopy in -lbsd" >&5 ++echo "configure:4178: checking for bcopy in -lbsd" >&5 + ac_lib_var=`echo bsd'_'bcopy | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3852,7 +4182,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lbsd $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3856 "configure" ++#line 4186 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3863,7 +4193,7 @@ + bcopy() + ; return 0; } + EOF +-if { (eval echo configure:3867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3892,7 +4222,7 @@ + + if test -z "$no_libnsl"; then + echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 +-echo "configure:3896: checking for main in -lnsl" >&5 ++echo "configure:4226: checking for main in -lnsl" >&5 + ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3900,14 +4230,14 @@ + ac_save_LIBS="$LIBS" + LIBS="-lnsl $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3904 "configure" ++#line 4234 "configure" + #include "confdefs.h" + + int main() { + main() + ; return 0; } + EOF +-if { (eval echo configure:3911: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4241: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3937,7 +4267,7 @@ + fi + if test -n "$test_libinet"; then + echo $ac_n "checking for inet_network in -linet""... $ac_c" 1>&6 +-echo "configure:3941: checking for inet_network in -linet" >&5 ++echo "configure:4271: checking for inet_network in -linet" >&5 + ac_lib_var=`echo inet'_'inet_network | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3945,7 +4275,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-linet $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3949 "configure" ++#line 4279 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -3956,7 +4286,7 @@ + inet_network() + ; return 0; } + EOF +-if { (eval echo configure:3960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4290: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3986,7 +4316,7 @@ + fi + if test -z "$no_libsocket"; then + echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 +-echo "configure:3990: checking for socket in -lsocket" >&5 ++echo "configure:4320: checking for socket in -lsocket" >&5 + ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3994,7 +4324,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsocket $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 3998 "configure" ++#line 4328 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -4005,7 +4335,7 @@ + socket() + ; return 0; } + EOF +-if { (eval echo configure:4009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4339: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4035,7 +4365,7 @@ + fi + if test -z "$no_libsun"; then + echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 +-echo "configure:4039: checking for getpwnam in -lsun" >&5 ++echo "configure:4369: checking for getpwnam in -lsun" >&5 + ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4043,7 +4373,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsun $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 4047 "configure" ++#line 4377 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -4054,7 +4384,7 @@ + getpwnam() + ; return 0; } + EOF +-if { (eval echo configure:4058: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4388: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4084,7 +4414,7 @@ + fi + if test -z "$no_libbsd"; then + echo $ac_n "checking for openpty in -lbsd""... $ac_c" 1>&6 +-echo "configure:4088: checking for openpty in -lbsd" >&5 ++echo "configure:4418: checking for openpty in -lbsd" >&5 + ac_lib_var=`echo bsd'_'openpty | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4092,7 +4422,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lbsd $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 4096 "configure" ++#line 4426 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -4103,7 +4433,7 @@ + openpty() + ; return 0; } + EOF +-if { (eval echo configure:4107: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4132,7 +4462,7 @@ + + fi + echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 +-echo "configure:4136: checking for login in -lutil" >&5 ++echo "configure:4466: checking for login in -lutil" >&5 + ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4140,7 +4470,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lutil $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 4144 "configure" ++#line 4474 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -4151,41 +4481,99 @@ + login() + ; return 0; } + EOF +-if { (eval echo configure:4155: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* +- eval "ac_cv_lib_$ac_lib_var=no" ++ eval "ac_cv_lib_$ac_lib_var=no" ++fi ++rm -f conftest* ++LIBS="$ac_save_LIBS" ++ ++fi ++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define HAVE_LIBUTIL_LOGIN 1 ++EOF ++ ++ LIBS="$LIBS -lutil" ++else ++ echo "$ac_t""no" 1>&6 ++fi ++ ++ ++if test -z "$no_vhangup"; then ++ for ac_func in vhangup ++do ++echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 ++echo "configure:4514: checking for $ac_func" >&5 ++if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ cat > conftest.$ac_ext <<EOF ++#line 4519 "configure" ++#include "confdefs.h" ++/* System header to define __stub macros and hopefully few prototypes, ++ which can conflict with char $ac_func(); below. */ ++#include <assert.h> ++/* Override any gcc2 internal prototype to avoid an error. */ ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char $ac_func(); ++ ++int main() { ++ ++/* The GNU C library defines this for functions which it implements ++ to always fail with ENOSYS. Some functions are actually named ++ something starting with __ and the normal name is an alias. */ ++#if defined (__stub_$ac_func) || defined (__stub___$ac_func) ++choke me ++#else ++$ac_func(); ++#endif ++ ++; return 0; } ++EOF ++if { (eval echo configure:4542: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ eval "ac_cv_func_$ac_func=yes" ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_func_$ac_func=no" + fi + rm -f conftest* +-LIBS="$ac_save_LIBS" +- + fi +-if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ++ ++if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 +- cat >> confdefs.h <<\EOF +-#define HAVE_LIBUTIL_LOGIN 1 ++ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` ++ cat >> confdefs.h <<EOF ++#define $ac_tr_func 1 + EOF +- +- LIBS="$LIBS -lutil" ++ + else + echo "$ac_t""no" 1>&6 + fi ++done + ++fi + +-if test -z "$no_vhangup"; then +- for ac_func in vhangup ++if test -z "$no_setsid"; then ++ for ac_func in setsid + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4184: checking for $ac_func" >&5 ++echo "configure:4572: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4189 "configure" ++#line 4577 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4208,7 +4596,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4600: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4234,16 +4622,15 @@ + + fi + +-if test -z "$no_setsid"; then +- for ac_func in setsid ++for ac_func in gettimeofday times getrusage ftruncate revoke makeutx + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4242: checking for $ac_func" >&5 ++echo "configure:4629: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4247 "configure" ++#line 4634 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4266,7 +4653,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4657: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4290,17 +4677,15 @@ + fi + done + +-fi +- +-for ac_func in gettimeofday times getrusage ftruncate revoke makeutx ++for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4299: checking for $ac_func" >&5 ++echo "configure:4684: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4304 "configure" ++#line 4689 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4323,7 +4708,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4712: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4347,15 +4732,15 @@ + fi + done + +-for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit ++for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4354: checking for $ac_func" >&5 ++echo "configure:4739: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4359 "configure" ++#line 4744 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4378,7 +4763,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4402,15 +4787,15 @@ + fi + done + +-for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp ++for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4409: checking for $ac_func" >&5 ++echo "configure:4794: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4414 "configure" ++#line 4799 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4433,7 +4818,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4437: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4822: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4457,15 +4842,16 @@ + fi + done + +-for ac_func in setpgid daemon waitpid ttyslot authenticate getpt isastream ++ ++for ac_func in strerror memmove remove random putenv crypt socketpair snprintf + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4464: checking for $ac_func" >&5 ++echo "configure:4850: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4469 "configure" ++#line 4855 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4488,7 +4874,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:4878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4509,19 +4895,135 @@ + + else + echo "$ac_t""no" 1>&6 ++LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" + fi + done + + +-for ac_func in strerror memmove remove random putenv crypt socketpair snprintf ++ ++echo $ac_n "checking getaddrinfo bug""... $ac_c" 1>&6 ++echo "configure:4906: checking getaddrinfo bug" >&5 ++if test "$cross_compiling" = yes; then ++ echo "$ac_t""buggy" 1>&6 ++buggygetaddrinfo=yes ++else ++ cat > conftest.$ac_ext <<EOF ++#line 4912 "configure" ++#include "confdefs.h" ++ ++#include <sys/types.h> ++#include <netdb.h> ++#include <string.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++ ++main() ++{ ++ int passive, gaierr, inet4 = 0, inet6 = 0; ++ struct addrinfo hints, *ai, *aitop; ++ char straddr[INET6_ADDRSTRLEN], strport[16]; ++ ++ for (passive = 0; passive <= 1; passive++) { ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = AF_UNSPEC; ++ hints.ai_flags = passive ? AI_PASSIVE : 0; ++ hints.ai_socktype = SOCK_STREAM; ++ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { ++ (void)gai_strerror(gaierr); ++ goto bad; ++ } ++ for (ai = aitop; ai; ai = ai->ai_next) { ++ if (ai->ai_addr == NULL || ++ ai->ai_addrlen == 0 || ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ straddr, sizeof(straddr), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { ++ goto bad; ++ } ++ if (strcmp(strport, "54321") != 0) { ++ goto bad; ++ } ++ switch (ai->ai_family) { ++ case AF_INET: ++ if (passive) { ++ if (strcmp(straddr, "0.0.0.0") != 0) { ++ goto bad; ++ } ++ } else { ++ if (strcmp(straddr, "127.0.0.1") != 0) { ++ goto bad; ++ } ++ } ++ inet4++; ++ break; ++ case AF_INET6: ++ if (passive) { ++ if (strcmp(straddr, "::") != 0) { ++ goto bad; ++ } ++ } else { ++ if (strcmp(straddr, "::1") != 0) { ++ goto bad; ++ } ++ } ++ inet6++; ++ break; ++ case AF_UNSPEC: ++ goto bad; ++ break; ++ default: ++ /* another family support? */ ++ break; ++ } ++ } ++ } ++ ++ if (inet4 != 0 && inet4 != 2) ++ goto bad; ++ if (inet6 != 0 && inet6 != 2) ++ goto bad; ++ ++ if (aitop) ++ freeaddrinfo(aitop); ++ exit(0); ++ ++ bad: ++ if (aitop) ++ freeaddrinfo(aitop); ++ exit(1); ++} ++ ++EOF ++if { (eval echo configure:4998: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++then ++ echo "$ac_t""good" 1>&6 ++buggygetaddrinfo=no ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -fr conftest* ++ echo "$ac_t""buggy" 1>&6 ++buggygetaddrinfo=yes ++fi ++rm -fr conftest* ++fi ++ ++ ++if test "$buggygetaddrinfo" = "yes"; then ++ if test "$ipv6" = "yes"; then ++ echo 'Fatal: You must get working getaddrinfo() function.' ++ echo ' or you can specify "--disable-ipv6"'. ++ exit 1 ++ else ++ for ac_func in getaddrinfo getnameinfo + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4520: checking for $ac_func" >&5 ++echo "configure:5022: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 4525 "configure" ++#line 5027 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -4544,7 +5046,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5050: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4565,14 +5067,16 @@ + + else + echo "$ac_t""no" 1>&6 +-LIBOBJS="$LIBOBJS ${ac_func}.o" ++LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" + fi + done + + ++ fi ++fi + + echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 +-echo "configure:4576: checking whether ln -s works" >&5 ++echo "configure:5080: checking whether ln -s works" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -4599,28 +5103,30 @@ + # SunOS /usr/etc/install + # IRIX /sbin/install + # AIX /bin/install ++# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag + # AFS /usr/afsws/bin/install, which mishandles nonexistent args + # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" + # ./install, which can be erroneously created by make from ./install.sh. + echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +-echo "configure:4607: checking for a BSD compatible install" >&5 ++echo "configure:5112: checking for a BSD compatible install" >&5 + if test -z "$INSTALL"; then + if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +- IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" ++ IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. +- for ac_prog in ginstall installbsd scoinst install; do ++ # Don't use installbsd from OSF since it installs stuff as root ++ # by default. ++ for ac_prog in ginstall scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. +- # OSF/1 installbsd also uses dspmsg, but is usable. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" +@@ -4650,20 +5156,23 @@ + # It thinks the first close brace ends the variable substitution. + test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + ++test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' ++ + test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + + # Extract the first word of "ar", so it can be a program name with args. + set dummy ar; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:4659: checking for $ac_word" >&5 ++echo "configure:5167: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. + else +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_AR="ar" +@@ -4685,15 +5194,16 @@ + # Extract the first word of "ranlib", so it can be a program name with args. + set dummy ranlib; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:4689: checking for $ac_word" >&5 ++echo "configure:5198: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. + else +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_RANLIB="ranlib" +@@ -4719,15 +5229,16 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:4723: checking for $ac_word" >&5 ++echo "configure:5233: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + if test -n "$MAKEDEP"; then + ac_cv_prog_MAKEDEP="$MAKEDEP" # Let the user override the test. + else +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_MAKEDEP="$ac_prog" +@@ -4754,7 +5265,7 @@ + # Uses ac_ vars as temps to allow command line to override cache and checks. + # --without-x overrides everything else, but does not touch the cache. + echo $ac_n "checking for X""... $ac_c" 1>&6 +-echo "configure:4758: checking for X" >&5 ++echo "configure:5269: checking for X" >&5 + + # Check whether --with-x or --without-x was given. + if test "${with_x+set}" = set; then +@@ -4816,13 +5327,13 @@ + + # First, try using that file with no special directory specified. + cat > conftest.$ac_ext <<EOF +-#line 4820 "configure" ++#line 5331 "configure" + #include "confdefs.h" + #include <$x_direct_test_include> + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +-ac_err=`grep -v '^ *+' conftest.out` ++{ (eval echo configure:5336: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* + # We can compile using X headers with no special include directory. +@@ -4890,14 +5401,14 @@ + ac_save_LIBS="$LIBS" + LIBS="-l$x_direct_test_library $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 4894 "configure" ++#line 5405 "configure" + #include "confdefs.h" + + int main() { + ${x_direct_test_function}() + ; return 0; } + EOF +-if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + LIBS="$ac_save_LIBS" + # We can link X programs with no special library path. +@@ -5003,17 +5514,17 @@ + case "`(uname -sr) 2>/dev/null`" in + "SunOS 5"*) + echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 +-echo "configure:5007: checking whether -R must be followed by a space" >&5 ++echo "configure:5518: checking whether -R must be followed by a space" >&5 + ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" + cat > conftest.$ac_ext <<EOF +-#line 5010 "configure" ++#line 5521 "configure" + #include "confdefs.h" + + int main() { + + ; return 0; } + EOF +-if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5528: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_R_nospace=yes + else +@@ -5029,14 +5540,14 @@ + else + LIBS="$ac_xsave_LIBS -R $x_libraries" + cat > conftest.$ac_ext <<EOF +-#line 5033 "configure" ++#line 5544 "configure" + #include "confdefs.h" + + int main() { + + ; return 0; } + EOF +-if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_R_space=yes + else +@@ -5068,7 +5579,7 @@ + # libraries were built with DECnet support. And karl@cs.umb.edu says + # the Alpha needs dnet_stub (dnet does not exist). + echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 +-echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5 ++echo "configure:5583: checking for dnet_ntoa in -ldnet" >&5 + ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5076,7 +5587,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ldnet $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5080 "configure" ++#line 5591 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5087,7 +5598,7 @@ + dnet_ntoa() + ; return 0; } + EOF +-if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5602: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5109,7 +5620,7 @@ + + if test $ac_cv_lib_dnet_dnet_ntoa = no; then + echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 +-echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5 ++echo "configure:5624: checking for dnet_ntoa in -ldnet_stub" >&5 + ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5117,7 +5628,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ldnet_stub $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5121 "configure" ++#line 5632 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5128,7 +5639,7 @@ + dnet_ntoa() + ; return 0; } + EOF +-if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5643: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5157,12 +5668,12 @@ + # The nsl library prevents programs from opening the X display + # on Irix 5.2, according to dickey@clark.net. + echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 +-echo "configure:5161: checking for gethostbyname" >&5 ++echo "configure:5672: checking for gethostbyname" >&5 + if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 5166 "configure" ++#line 5677 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char gethostbyname(); below. */ +@@ -5185,7 +5696,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_gethostbyname=yes" + else +@@ -5206,7 +5717,7 @@ + + if test $ac_cv_func_gethostbyname = no; then + echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 +-echo "configure:5210: checking for gethostbyname in -lnsl" >&5 ++echo "configure:5721: checking for gethostbyname in -lnsl" >&5 + ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5214,7 +5725,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lnsl $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5218 "configure" ++#line 5729 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5225,7 +5736,7 @@ + gethostbyname() + ; return 0; } + EOF +-if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5740: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5255,12 +5766,12 @@ + # -lsocket must be given before -lnsl if both are needed. + # We assume that if connect needs -lnsl, so does gethostbyname. + echo $ac_n "checking for connect""... $ac_c" 1>&6 +-echo "configure:5259: checking for connect" >&5 ++echo "configure:5770: checking for connect" >&5 + if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 5264 "configure" ++#line 5775 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char connect(); below. */ +@@ -5283,7 +5794,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_connect=yes" + else +@@ -5304,7 +5815,7 @@ + + if test $ac_cv_func_connect = no; then + echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 +-echo "configure:5308: checking for connect in -lsocket" >&5 ++echo "configure:5819: checking for connect in -lsocket" >&5 + ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5312,7 +5823,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsocket $X_EXTRA_LIBS $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5316 "configure" ++#line 5827 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5323,7 +5834,7 @@ + connect() + ; return 0; } + EOF +-if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5347,12 +5858,12 @@ + + # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. + echo $ac_n "checking for remove""... $ac_c" 1>&6 +-echo "configure:5351: checking for remove" >&5 ++echo "configure:5862: checking for remove" >&5 + if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 5356 "configure" ++#line 5867 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char remove(); below. */ +@@ -5375,7 +5886,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5890: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_remove=yes" + else +@@ -5396,7 +5907,7 @@ + + if test $ac_cv_func_remove = no; then + echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 +-echo "configure:5400: checking for remove in -lposix" >&5 ++echo "configure:5911: checking for remove in -lposix" >&5 + ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5404,7 +5915,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lposix $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5408 "configure" ++#line 5919 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5415,7 +5926,7 @@ + remove() + ; return 0; } + EOF +-if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5930: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5439,12 +5950,12 @@ + + # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. + echo $ac_n "checking for shmat""... $ac_c" 1>&6 +-echo "configure:5443: checking for shmat" >&5 ++echo "configure:5954: checking for shmat" >&5 + if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 5448 "configure" ++#line 5959 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char shmat(); below. */ +@@ -5467,7 +5978,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:5982: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_shmat=yes" + else +@@ -5488,7 +5999,7 @@ + + if test $ac_cv_func_shmat = no; then + echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 +-echo "configure:5492: checking for shmat in -lipc" >&5 ++echo "configure:6003: checking for shmat in -lipc" >&5 + ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5496,7 +6007,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lipc $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5500 "configure" ++#line 6011 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5507,7 +6018,7 @@ + shmat() + ; return 0; } + EOF +-if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:6022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5540,15 +6051,15 @@ + # libraries we check for below, so use a different variable. + # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. + echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 +-echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5 ++echo "configure:6055: checking for IceConnectionNumber in -lICE" >&5 + ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_save_LIBS="$LIBS" +-LIBS="-lICE $LIBS" ++LIBS="-lICE $X_EXTRA_LIBS $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5552 "configure" ++#line 6063 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5559,7 +6070,7 @@ + IceConnectionNumber() + ; return 0; } + EOF +-if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:6074: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5587,7 +6098,7 @@ + # Extract the first word of "passwd", so it can be a program name with args. + set dummy passwd; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:5591: checking for $ac_word" >&5 ++echo "configure:6102: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -5595,9 +6106,13 @@ + /*) + ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a path. + ;; ++ ?:/*) ++ ac_cv_path_PASSWD_PATH="$PASSWD_PATH" # Let the user override the test with a dos path. ++ ;; + *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_PASSWD_PATH="$ac_dir/$ac_word" +@@ -5625,7 +6140,7 @@ + # Extract the first word of "xauth", so it can be a program name with args. + set dummy xauth; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:5629: checking for $ac_word" >&5 ++echo "configure:6144: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -5633,9 +6148,13 @@ + /*) + ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a path. + ;; ++ ?:/*) ++ ac_cv_path_XAUTH_PATH="$XAUTH_PATH" # Let the user override the test with a dos path. ++ ;; + *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_XAUTH_PATH="$ac_dir/$ac_word" +@@ -5669,7 +6188,7 @@ + X_PROGRAMS="ssh-askpass" + fi + echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6 +-echo "configure:5673: checking for X11 unix domain socket directory" >&5 ++echo "configure:6192: checking for X11 unix domain socket directory" >&5 + + if test '!' -d /tmp/.X11-unix; then + if test -d /var/X/.X11-unix; then +@@ -5698,7 +6217,7 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:5702: checking for $ac_word" >&5 ++echo "configure:6221: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -5706,9 +6225,13 @@ + /*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a path. + ;; ++ ?:/*) ++ ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path. ++ ;; + *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_PERL="$ac_dir/$ac_word" +@@ -5739,12 +6262,12 @@ + for ac_func in getpseudotty + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5743: checking for $ac_func" >&5 ++echo "configure:6266: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <<EOF +-#line 5748 "configure" ++#line 6271 "configure" + #include "confdefs.h" + /* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +@@ -5767,7 +6290,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:6294: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5792,7 +6315,7 @@ + done + + echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6 +-echo "configure:5796: checking for pseudo ttys" >&5 ++echo "configure:6319: checking for pseudo ttys" >&5 + if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes + then + cat >> confdefs.h <<\EOF +@@ -5832,7 +6355,7 @@ + fi + + echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 +-echo "configure:5836: checking for /etc/default/login" >&5 ++echo "configure:6359: checking for /etc/default/login" >&5 + if test -f /etc/default/login; then + cat >> confdefs.h <<\EOF + #define HAVE_ETC_DEFAULT_LOGIN 1 +@@ -5845,7 +6368,7 @@ + + if test -z "$no_shadows_password_checking"; then + echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6 +-echo "configure:5849: checking for shadow passwords" >&5 ++echo "configure:6372: checking for shadow passwords" >&5 + if test -f /etc/shadow; then + # If we don't have shadow.h, this might be some nonstandard + # kludging... So better check it out. +@@ -5859,7 +6382,7 @@ + # have getspent in a system library. However, a libshadow.a library + # contaning these is publicly available. + echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6 +-echo "configure:5863: checking for getspent in -lshadow" >&5 ++echo "configure:6386: checking for getspent in -lshadow" >&5 + ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5867,7 +6390,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lshadow $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 5871 "configure" ++#line 6394 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -5878,7 +6401,7 @@ + getspent() + ; return 0; } + EOF +-if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:6405: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5906,9 +6429,9 @@ + fi + + echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6 +-echo "configure:5910: checking whether spwd have sp_expire field" >&5 ++echo "configure:6433: checking whether spwd have sp_expire field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 5912 "configure" ++#line 6435 "configure" + #include "confdefs.h" + #include <shadow.h> + EOF +@@ -5927,9 +6450,9 @@ + rm -f conftest* + + echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6 +-echo "configure:5931: checking whether spwd have sp_inact field" >&5 ++echo "configure:6454: checking whether spwd have sp_inact field" >&5 + cat > conftest.$ac_ext <<EOF +-#line 5933 "configure" ++#line 6456 "configure" + #include "confdefs.h" + #include <shadow.h> + EOF +@@ -5968,7 +6491,7 @@ + fi + + echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6 +-echo "configure:5972: checking location of mail spool files" >&5 ++echo "configure:6495: checking location of mail spool files" >&5 + for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE + do + if test "$dir" = "FILE"; then +@@ -6007,7 +6530,7 @@ + done + + echo $ac_n "checking location of utmp""... $ac_c" 1>&6 +-echo "configure:6011: checking location of utmp" >&5 ++echo "configure:6534: checking location of utmp" >&5 + if test -f /var/run/utmp; then + cat >> confdefs.h <<\EOF + #define SSH_UTMP "/var/run/utmp" +@@ -6043,7 +6566,7 @@ + fi + + echo $ac_n "checking location of wtmp""... $ac_c" 1>&6 +-echo "configure:6047: checking location of wtmp" >&5 ++echo "configure:6570: checking location of wtmp" >&5 + if test -f /var/log/wtmp; then + cat >> confdefs.h <<\EOF + #define SSH_WTMP "/var/log/wtmp" +@@ -6077,7 +6600,7 @@ + fi + + echo $ac_n "checking location of lastlog""... $ac_c" 1>&6 +-echo "configure:6081: checking location of lastlog" >&5 ++echo "configure:6604: checking location of lastlog" >&5 + if test -f /var/log/lastlog || test -d /var/log/lastlog; then + cat >> confdefs.h <<\EOF + #define SSH_LASTLOG "/var/log/lastlog" +@@ -6132,7 +6655,7 @@ + fi + + echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6 +-echo "configure:6136: checking whether $LASTLOG is a directory" >&5 ++echo "configure:6659: checking whether $LASTLOG is a directory" >&5 + if test -d $LASTLOG + then + echo "$ac_t""yes" 1>&6 +@@ -6145,7 +6668,7 @@ + fi + + echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6 +-echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5 ++echo "configure:6672: checking whether to include the IDEA encryption algorithm" >&5 + # Check whether --with-idea or --without-idea was given. + if test "${with_idea+set}" = set; then + withval="$with_idea" +@@ -6179,7 +6702,7 @@ + + + echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6 +-echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5 ++echo "configure:6706: checking whether to include the Blowfish encryption algorithm" >&5 + # Check whether --with-blowfish or --without-blowfish was given. + if test "${with_blowfish+set}" = set; then + withval="$with_blowfish" +@@ -6206,7 +6729,7 @@ + + + echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6 +-echo "configure:6210: checking whether to include the DES encryption algorithm" >&5 ++echo "configure:6733: checking whether to include the DES encryption algorithm" >&5 + # Check whether --with-des or --without-des was given. + if test "${with_des+set}" = set; then + withval="$with_des" +@@ -6229,7 +6752,7 @@ + + + echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6 +-echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5 ++echo "configure:6756: checking whether to include the ARCFOUR encryption algorithm" >&5 + # Check whether --with-arcfour or --without-arcfour was given. + if test "${with_arcfour+set}" = set; then + withval="$with_arcfour" +@@ -6252,7 +6775,7 @@ + + + echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6 +-echo "configure:6256: checking whether to include the none encryption algorithm" >&5 ++echo "configure:6779: checking whether to include the none encryption algorithm" >&5 + # Check whether --with-none or --without-none was given. + if test "${with_none+set}" = set; then + withval="$with_none" +@@ -6275,7 +6798,7 @@ + + + echo $ac_n "checking whether to use login""... $ac_c" 1>&6 +-echo "configure:6279: checking whether to use login" >&5 ++echo "configure:6802: checking whether to use login" >&5 + # Check whether --with-login or --without-login was given. + if test "${with_login+set}" = set; then + withval="$with_login" +@@ -6290,7 +6813,7 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:6294: checking for $ac_word" >&5 ++echo "configure:6817: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -6298,9 +6821,13 @@ + /*) + ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a path. + ;; ++ ?:/*) ++ ac_cv_path_PATH_LOGIN="$PATH_LOGIN" # Let the user override the test with a dos path. ++ ;; + *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_PATH_LOGIN="$ac_dir/$ac_word" +@@ -6349,7 +6876,7 @@ + + + echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6 +-echo "configure:6353: checking whether to use rsh" >&5 ++echo "configure:6880: checking whether to use rsh" >&5 + # Check whether --with-rsh or --without-rsh was given. + if test "${with_rsh+set}" = set; then + withval="$with_rsh" +@@ -6364,7 +6891,7 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:6368: checking for $ac_word" >&5 ++echo "configure:6895: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -6372,9 +6899,13 @@ + /*) + ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. + ;; ++ ?:/*) ++ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path. ++ ;; + *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_RSH_PATH="$ac_dir/$ac_word" +@@ -6416,7 +6947,7 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:6420: checking for $ac_word" >&5 ++echo "configure:6951: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -6424,9 +6955,13 @@ + /*) + ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a path. + ;; ++ ?:/*) ++ ac_cv_path_RSH_PATH="$RSH_PATH" # Let the user override the test with a dos path. ++ ;; + *) +- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" +- for ac_dir in $PATH; do ++ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ++ ac_dummy="$PATH" ++ for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_RSH_PATH="$ac_dir/$ac_word" +@@ -6465,7 +7000,7 @@ + + # Code to permit setting default path for users (alden@math.ohio-state.edu) + echo $ac_n "checking default path""... $ac_c" 1>&6 +-echo "configure:6469: checking default path" >&5 ++echo "configure:7004: checking default path" >&5 + # Check whether --with-path or --without-path was given. + if test "${with_path+set}" = set; then + withval="$with_path" +@@ -6488,7 +7023,7 @@ + + + echo $ac_n "checking etcdir""... $ac_c" 1>&6 +-echo "configure:6492: checking etcdir" >&5 ++echo "configure:7027: checking etcdir" >&5 + # Check whether --with-etcdir or --without-etcdir was given. + if test "${with_etcdir+set}" = set; then + withval="$with_etcdir" +@@ -6513,7 +7048,7 @@ + + + echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6 +-echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5 ++echo "configure:7052: checking whether to use nologin.allow file to override nologin" >&5 + # Check whether --with-nologin-allow or --without-nologin-allow was given. + if test "${with_nologin_allow+set}" = set; then + withval="$with_nologin_allow" +@@ -6543,7 +7078,7 @@ + + + echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6 +-echo "configure:6547: checking whether to support SecurID" >&5 ++echo "configure:7082: checking whether to support SecurID" >&5 + # Check whether --with-securid or --without-securid was given. + if test "${with_securid+set}" = set; then + withval="$with_securid" +@@ -6586,7 +7121,7 @@ + + + echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6 +-echo "configure:6590: checking whether to support TIS authentication server" >&5 ++echo "configure:7125: checking whether to support TIS authentication server" >&5 + # Check whether --with-tis or --without-tis was given. + if test "${with_tis+set}" = set; then + withval="$with_tis" +@@ -6604,8 +7139,8 @@ + #define HAVE_TIS 1 + EOF + +- CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" +- LIBS="-L$withval -lauth -lfwall $LIBS" ++ CFLAGS="$CFLAGS -I$withval/include -DHAVE_TIS" ++ LIBS="-L$withval/lib -lauth -lfwall $LIBS" + echo "configure: warning: Remember to read README.TIS. The connection between sshd and TIS authentication + server is clear text!" 1>&2 + ;; +@@ -6616,40 +7151,138 @@ + fi + + +-echo $ac_n "checking whether to use Kerberos""... $ac_c" 1>&6 +-echo "configure:6621: checking whether to use Kerberos" >&5 +-# Check whether --with-kerberos5 or --without-kerberos5 was given. +-if test "${with_kerberos5+set}" = set; then +- withval="$with_kerberos5" ++echo $ac_n "checking whether to use Kerberos v4""... $ac_c" 1>&6 ++echo "configure:7156: checking whether to use Kerberos v4" >&5 ++# Check whether --with-krb4 or --without-krb4 was given. ++if test "${with_krb4+set}" = set; then ++ withval="$with_krb4" + case "$withval" in + yes) +- with_kerberos5=/usr/local ++ with_krb4=/usr/kerberos + ;; + esac + else +- with_kerberos5=no ++ with_krb4=no + + fi + +-case "$with_kerberos5" in ++case "$with_krb4" in + no) + echo "$ac_t""no" 1>&6 + ;; + *) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +-#define KERBEROS 1 ++#define KRB4 1 ++EOF ++ ++ KERBEROS_ROOT="$with_krb4" ++ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/kerberosIV" ++ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes" ++ KERBEROS_OBJS="auth-kerberos.o" ++ echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 ++echo "configure:7185: checking for dn_expand in -lresolv" >&5 ++ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` ++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ ac_save_LIBS="$LIBS" ++LIBS="-lresolv $LIBS" ++cat > conftest.$ac_ext <<EOF ++#line 7193 "configure" ++#include "confdefs.h" ++/* Override any gcc2 internal prototype to avoid an error. */ ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char dn_expand(); ++ ++int main() { ++dn_expand() ++; return 0; } ++EOF ++if { (eval echo configure:7204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=yes" ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=no" ++fi ++rm -f conftest* ++LIBS="$ac_save_LIBS" ++ ++fi ++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ KERBEROS_LIBS="$KERBEROS_LIBS -lresolv" ++else ++ echo "$ac_t""no" 1>&6 ++fi ++ ++ echo $ac_n "checking whether AFS lifetime conversion routines are present""... $ac_c" 1>&6 ++echo "configure:7225: checking whether AFS lifetime conversion routines are present" >&5 ++ keeplibs="$LIBS" ++ keepcflags="$CFLAGS" ++ LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" ++ CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" ++ cat > conftest.$ac_ext <<EOF ++#line 7231 "configure" ++#include "confdefs.h" ++#include <krb.h> ++int main() { ++ krb_life_to_time(10, 10); ++; return 0; } ++EOF ++if { (eval echo configure:7238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define HAVE_KRB_LIFE_TO_TIME 1 + EOF + ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ echo "$ac_t""no" 1>&6 ++fi ++rm -f conftest* ++ LIBS="$keeplibs" ++ CFLAGS="$keepcflags" ++ ;; ++esac ++ ++echo $ac_n "checking whether to use Kerberos v5""... $ac_c" 1>&6 ++echo "configure:7258: checking whether to use Kerberos v5" >&5 ++# Check whether --with-krb5 or --without-krb5 was given. ++if test "${with_krb5+set}" = set; then ++ withval="$with_krb5" ++ case "$withval" in ++ yes) ++ with_krb5=/usr/local ++ ;; ++ esac ++else ++ with_krb5=no ++ ++fi ++ ++case "$with_krb5" in ++ no) ++ echo "$ac_t""no" 1>&6 ++ ;; ++ *) ++ echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF + #define KRB5 1 + EOF + +- KERBEROS_ROOT="$with_kerberos5" +- KERBEROS_INCS="-I${KERBEROS_ROOT}/include" +- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" ++ KERBEROS_ROOT="$with_krb5" ++ KERBEROS_INCS="-I${KERBEROS_ROOT}/include/krb5" ++ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" + echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6 +-echo "configure:6653: checking for dbm_open in -lndbm" >&5 ++echo "configure:7286: checking for dbm_open in -lndbm" >&5 + ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -6657,7 +7290,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lndbm $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 6661 "configure" ++#line 7294 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -6668,7 +7301,7 @@ + dbm_open() + ; return 0; } + EOF +-if { (eval echo configure:6672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:7305: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -6692,40 +7325,66 @@ + ;; + esac + +- +- +- +- +-echo $ac_n "checking whether to enable passing the Kerberos TGT""... $ac_c" 1>&6 +-echo "configure:6701: checking whether to enable passing the Kerberos TGT" >&5 +-# Check whether --enable-kerberos-tgt-passing or --disable-kerberos-tgt-passing was given. +-if test "${enable_kerberos_tgt_passing+set}" = set; then +- enableval="$enable_kerberos_tgt_passing" +- case "$enableval" in +- no) +- echo "$ac_t""no" 1>&6 +- ;; +- *) +- if test "$with_kerberos5" = no ; then ++echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 ++echo "configure:7330: checking whether to use AFS" >&5 ++# Check whether --with-afs or --without-afs was given. ++if test "${with_afs+set}" = set; then ++ withval="$with_afs" ++ if test "$with_afs" = no; then + echo "$ac_t""no" 1>&6 +- echo "configure: warning: "Passing Kerberos TGT requires Kerberos5 support."" 1>&2 + else + echo "$ac_t""yes" 1>&6 +- cat >> confdefs.h <<\EOF +-#define KERBEROS_TGT_PASSING 1 ++ cat >> confdefs.h <<\EOF ++#define AFS 1 + EOF + ++ if test "$with_krb4" = no; then ++ echo "$ac_t""no" 1>&6 ++ echo "configure: warning: "AFS requires Kerberos v4 support."" 1>&2 ++ else ++ KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" ++ if test -n "$os_aix"; then ++ KERBEROS_LIBS="${KERBEROS_LIBS} -lld" + fi ++ fi ++fi ++ ++fi ++ ++ ++echo $ac_n "checking whether to use Hesiod""... $ac_c" 1>&6 ++echo "configure:7357: checking whether to use Hesiod" >&5 ++# Check whether --with-hesiod or --without-hesiod was given. ++if test "${with_hesiod+set}" = set; then ++ withval="$with_hesiod" ++ case "$withval" in ++ yes) ++ with_hesiod=/usr/local/athena + ;; + esac + else +- echo "$ac_t""no" 1>&6 ++ with_hesiod=no + + fi + ++case "$with_hesiod" in ++no) ++ echo "$ac_t""no" 1>&6 ++ ;; ++*) ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define HESIOD 1 ++EOF ++ ++ HESIOD_ROOT="$with_hesiod" ++ HESIOD_INCS="-I${HESIOD_ROOT}/include" ++ HESIOD_LIBS="-L${HESIOD_ROOT}/lib -lhesiod" ++ ;; ++esac + + echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6 +-echo "configure:6729: checking whether to use libwrap" >&5 ++echo "configure:7388: checking whether to use libwrap" >&5 + # Check whether --with-libwrap or --without-libwrap was given. + if test "${with_libwrap+set}" = set; then + withval="$with_libwrap" +@@ -6734,56 +7393,41 @@ + echo "$ac_t""no" 1>&6 + ;; + yes) +- echo "$ac_t""yes" 1>&6 +- echo $ac_n "checking for request_init in -lwrap""... $ac_c" 1>&6 +-echo "configure:6740: checking for request_init in -lwrap" >&5 +-ac_lib_var=`echo wrap'_'request_init | sed 'y%./+-%__p_%'` +-if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then +- echo $ac_n "(cached) $ac_c" 1>&6 +-else +- ac_save_LIBS="$LIBS" +-LIBS="-lwrap $LIBS" +-cat > conftest.$ac_ext <<EOF +-#line 6748 "configure" ++ WRAPLIBS="-lwrap" ++ OLDLIBS="$LIBS" ++ LIBS="$WRAPLIBS $LIBS" ++ cat > conftest.$ac_ext <<EOF ++#line 7401 "configure" + #include "confdefs.h" +-/* Override any gcc2 internal prototype to avoid an error. */ +-/* We use char because int might match the return type of a gcc2 +- builtin and then its argument prototype would still apply. */ +-char request_init(); +- ++ int allow_severity; int deny_severity; + int main() { +-request_init() ++ request_init(); + ; return 0; } + EOF +-if { (eval echo configure:6759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +- rm -rf conftest* +- eval "ac_cv_lib_$ac_lib_var=yes" +-else +- echo "configure: failed program was:" >&5 +- cat conftest.$ac_ext >&5 ++if { (eval echo configure:7408: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* +- eval "ac_cv_lib_$ac_lib_var=no" +-fi +-rm -f conftest* +-LIBS="$ac_save_LIBS" +- +-fi +-if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then +- echo "$ac_t""yes" 1>&6 + +- cat >> confdefs.h <<\EOF ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF + #define LIBWRAP 1 + EOF + +- WRAPLIBS="-lwrap" +- cat >> confdefs.h <<\EOF ++ cat >> confdefs.h <<\EOF + #define HAVE_LIBWRAP 1 + EOF +- ++ ++ + else +- echo "$ac_t""no" 1>&6 ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ ++ echo "$ac_t""no" 1>&6 ++ WRAPLIBS="" ++ + fi +- ++rm -f conftest* ++ LIBS="$OLDLIBS" + ;; + *) + echo "$ac_t""yes" 1>&6 +@@ -6799,14 +7443,14 @@ + OLDLIBS="$LIBS" + LIBS="$WRAPLIBS $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 6803 "configure" ++#line 7447 "configure" + #include "confdefs.h" + int allow_severity; int deny_severity; + int main() { + hosts_access(); + ; return 0; } + EOF +-if { (eval echo configure:6810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:7454: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + : + else + echo "configure: failed program was:" >&5 +@@ -6827,7 +7471,7 @@ + + + echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6 +-echo "configure:6831: checking whether to support SOCKS" >&5 ++echo "configure:7475: checking whether to support SOCKS" >&5 + # Check whether --with-socks or --without-socks was given. + if test "${with_socks+set}" = set; then + withval="$with_socks" +@@ -6838,7 +7482,7 @@ + yes) + echo "$ac_t""yes" 1>&6 + echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6 +-echo "configure:6842: checking for SOCKSconnect in -lsocks5" >&5 ++echo "configure:7486: checking for SOCKSconnect in -lsocks5" >&5 + ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -6846,7 +7490,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsocks5 $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 6850 "configure" ++#line 7494 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -6857,7 +7501,7 @@ + SOCKSconnect() + ; return 0; } + EOF +-if { (eval echo configure:6861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:7505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -6879,7 +7523,7 @@ + echo "$ac_t""no" 1>&6 + + echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6 +-echo "configure:6883: checking for Rconnect in -lsocks" >&5 ++echo "configure:7527: checking for Rconnect in -lsocks" >&5 + ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -6887,7 +7531,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsocks $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 6891 "configure" ++#line 7535 "configure" + #include "confdefs.h" + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 +@@ -6898,7 +7542,7 @@ + Rconnect() + ; return 0; } + EOF +-if { (eval echo configure:6902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:7546: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -6934,7 +7578,7 @@ + + if test "x$socks" = "x"; then + echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6 +-echo "configure:6938: checking whether to support SOCKS5" >&5 ++echo "configure:7582: checking whether to support SOCKS5" >&5 + # Check whether --with-socks5 or --without-socks5 was given. + if test "${with_socks5+set}" = set; then + withval="$with_socks5" +@@ -6968,14 +7612,14 @@ + TMPLIBS="$LIBS" + LIBS="$LIBS $KERBEROS_LIBS" + cat > conftest.$ac_ext <<EOF +-#line 6972 "configure" ++#line 7616 "configure" + #include "confdefs.h" + + int main() { + SOCKSconnect(); + ; return 0; } + EOF +-if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:7623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + : + else + echo "configure: failed program was:" >&5 +@@ -6996,7 +7640,7 @@ + + if test "x$socks" = "x"; then + echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6 +-echo "configure:7000: checking whether to support SOCKS4" >&5 ++echo "configure:7644: checking whether to support SOCKS4" >&5 + # Check whether --with-socks4 or --without-socks4 was given. + if test "${with_socks4+set}" = set; then + withval="$with_socks4" +@@ -7016,14 +7660,14 @@ + fi + LIBS="$withval $LIBS" + cat > conftest.$ac_ext <<EOF +-#line 7020 "configure" ++#line 7664 "configure" + #include "confdefs.h" + + int main() { + Rconnect(); + ; return 0; } + EOF +-if { (eval echo configure:7027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ++if { (eval echo configure:7671: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + : + else + echo "configure: failed program was:" >&5 +@@ -7150,7 +7794,7 @@ + fi + + echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6 +-echo "configure:7154: checking whether to use rsaref" >&5 ++echo "configure:7798: checking whether to use rsaref" >&5 + # Check whether --with-rsaref or --without-rsaref was given. + if test "${with_rsaref+set}" = set; then + withval="$with_rsaref" +@@ -7184,7 +7828,7 @@ + + # This allows group writeability in userfile_check_owner_permissions() + echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6 +-echo "configure:7188: checking whether to allow group writeability" >&5 ++echo "configure:7832: checking whether to allow group writeability" >&5 + # Check whether --enable-group-writeability or --disable-group-writeability was given. + if test "${enable_group_writeability+set}" = set; then + enableval="$enable_group_writeability" +@@ -7200,7 +7844,7 @@ + + + echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6 +-echo "configure:7204: checking whether to disable forwardings in server" >&5 ++echo "configure:7848: checking whether to disable forwardings in server" >&5 + # Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given. + if test "${enable_server_port_forwardings+set}" = set; then + enableval="$enable_server_port_forwardings" +@@ -7222,7 +7866,7 @@ + + + echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6 +-echo "configure:7226: checking whether to disable forwardings in client" >&5 ++echo "configure:7870: checking whether to disable forwardings in client" >&5 + # Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given. + if test "${enable_client_port_forwardings+set}" = set; then + enableval="$enable_client_port_forwardings" +@@ -7244,7 +7888,7 @@ + + + echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6 +-echo "configure:7248: checking whether to disable X11 forwarding in server" >&5 ++echo "configure:7892: checking whether to disable X11 forwarding in server" >&5 + # Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given. + if test "${enable_server_x11_forwarding+set}" = set; then + enableval="$enable_server_x11_forwarding" +@@ -7266,7 +7910,7 @@ + + + echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6 +-echo "configure:7270: checking whether to disable X11 forwarding in client" >&5 ++echo "configure:7914: checking whether to disable X11 forwarding in client" >&5 + # Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given. + if test "${enable_client_x11_forwarding+set}" = set; then + enableval="$enable_client_x11_forwarding" +@@ -7288,28 +7932,28 @@ + + + echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6 +-echo "configure:7292: checking whether to install ssh as suid root" >&5 ++echo "configure:7936: checking whether to install ssh as suid root" >&5 + # Check whether --enable-suid-ssh or --disable-suid-ssh was given. + if test "${enable_suid_ssh+set}" = set; then + enableval="$enable_suid_ssh" + case "$enableval" in + no) + echo "$ac_t""no" 1>&6 +- SSHINSTALLMODE=0711 ++ SSHINSTALLMODE=0511 + ;; + *) echo "$ac_t""yes" 1>&6 +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + ;; + esac + else + echo "$ac_t""yes" 1>&6 +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + + fi + + + echo $ac_n "checking whether to enable TCP_NODELAY""... $ac_c" 1>&6 +-echo "configure:7313: checking whether to enable TCP_NODELAY" >&5 ++echo "configure:7957: checking whether to enable TCP_NODELAY" >&5 + # Check whether --enable-tcp-nodelay or --disable-tcp-nodelay was given. + if test "${enable_tcp_nodelay+set}" = set; then + enableval="$enable_tcp_nodelay" +@@ -7334,8 +7978,60 @@ + fi + + ++echo $ac_n "checking whether to enable another port try support""... $ac_c" 1>&6 ++echo "configure:7983: checking whether to enable another port try support" >&5 ++# Check whether --enable-another-port-try or --disable-another-port-try was given. ++if test "${enable_another_port_try+set}" = set; then ++ enableval="$enable_another_port_try" ++ case "$enableval" in ++ no) ++ echo "$ac_t""no" 1>&6 ++ ;; ++ *) echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define ENABLE_ANOTHER_PORT_TRY 1 ++EOF ++ ++ ;; ++ esac ++else ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define ENABLE_ANOTHER_PORT_TRY 1 ++EOF ++ ++ ++fi ++ ++ ++echo $ac_n "checking whether to enable logging auth info support""... $ac_c" 1>&6 ++echo "configure:8009: checking whether to enable logging auth info support" >&5 ++# Check whether --enable-log-auth or --disable-log-auth was given. ++if test "${enable_log_auth+set}" = set; then ++ enableval="$enable_log_auth" ++ case "$enableval" in ++ no) ++ echo "$ac_t""no" 1>&6 ++ ;; ++ *) echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define ENABLE_LOG_AUTH 1 ++EOF ++ ++ ;; ++ esac ++else ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define ENABLE_LOG_AUTH 1 ++EOF ++ ++ ++fi ++ ++ + echo $ac_n "checking whether to enable SO_LINGER""... $ac_c" 1>&6 +-echo "configure:7339: checking whether to enable SO_LINGER" >&5 ++echo "configure:8035: checking whether to enable SO_LINGER" >&5 + # Check whether --enable-so-linger or --disable-so-linger was given. + if test "${enable_so_linger+set}" = set; then + enableval="$enable_so_linger" +@@ -7357,7 +8053,7 @@ + + + echo $ac_n "checking whether to include scp statistics at all""... $ac_c" 1>&6 +-echo "configure:7361: checking whether to include scp statistics at all" >&5 ++echo "configure:8057: checking whether to include scp statistics at all" >&5 + # Check whether --with-scp-stats or --without-scp-stats was given. + if test "${with_scp_stats+set}" = set; then + withval="$with_scp_stats" +@@ -7383,7 +8079,7 @@ + + + echo $ac_n "checking whether to enable scp statistics""... $ac_c" 1>&6 +-echo "configure:7387: checking whether to enable scp statistics" >&5 ++echo "configure:8083: checking whether to enable scp statistics" >&5 + # Check whether --enable-scp-stats or --disable-scp-stats was given. + if test "${enable_scp_stats+set}" = set; then + enableval="$enable_scp_stats" +@@ -7409,7 +8105,7 @@ + + + echo $ac_n "checking whether to enable scp statistics for all files""... $ac_c" 1>&6 +-echo "configure:7413: checking whether to enable scp statistics for all files" >&5 ++echo "configure:8109: checking whether to enable scp statistics for all files" >&5 + # Check whether --enable-all-scp-stats or --disable-all-scp-stats was given. + if test "${enable_all_scp_stats+set}" = set; then + enableval="$enable_all_scp_stats" +@@ -7434,6 +8130,8 @@ + fi + + ++CFLAGS="$CPPFLAGS $CFLAGS" ++ + # We include this here only to make it visible in --help; this is only used + # in the gmp subdirectory. + # Check whether --enable-asm or --disable-asm was given. +@@ -7445,7 +8143,7 @@ + + PIDDIR="/var/run" + echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6 +-echo "configure:7449: checking where to put sshd.pid" >&5 ++echo "configure:8147: checking where to put sshd.pid" >&5 + if test '!' -d $PIDDIR; then + PIDDIR="$ETCDIR" + fi +@@ -7505,7 +8203,7 @@ + # Ultrix sh set writes to stderr and can't be redirected directly, + # and sets the high bit in the cache file unless we assign to the vars. + (set) 2>&1 | +- case `(ac_space=' '; set) 2>&1` in ++ case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). +@@ -7572,7 +8270,7 @@ + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) +- echo "$CONFIG_STATUS generated by autoconf version 2.12" ++ echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; +@@ -7583,7 +8281,7 @@ + ac_given_srcdir=$srcdir + ac_given_INSTALL="$INSTALL" + +-trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 ++trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 + EOF + cat >> $CONFIG_STATUS <<EOF + +@@ -7592,9 +8290,11 @@ + s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF + $ac_vpsub + $extrasub ++s%@SHELL@%$SHELL%g + s%@CFLAGS@%$CFLAGS%g + s%@CPPFLAGS@%$CPPFLAGS%g + s%@CXXFLAGS@%$CXXFLAGS%g ++s%@FFLAGS@%$FFLAGS%g + s%@DEFS@%$DEFS%g + s%@LDFLAGS@%$LDFLAGS%g + s%@LIBS@%$LIBS%g +@@ -7623,6 +8323,7 @@ + s%@LIBOBJS@%$LIBOBJS%g + s%@LN_S@%$LN_S%g + s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g ++s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g + s%@INSTALL_DATA@%$INSTALL_DATA%g + s%@AR@%$AR%g + s%@RANLIB@%$RANLIB%g +@@ -7641,6 +8342,9 @@ + s%@KERBEROS_INCS@%$KERBEROS_INCS%g + s%@KERBEROS_LIBS@%$KERBEROS_LIBS%g + s%@KERBEROS_OBJS@%$KERBEROS_OBJS%g ++s%@HESIOD_ROOT@%$HESIOD_ROOT%g ++s%@HESIOD_INCS@%$HESIOD_INCS%g ++s%@HESIOD_LIBS@%$HESIOD_LIBS%g + s%@WRAPLIBS@%$WRAPLIBS%g + s%@subdirs@%$subdirs%g + s%@ETCDIR@%$ETCDIR%g +@@ -7691,7 +8395,7 @@ + + cat >> $CONFIG_STATUS <<EOF + +-CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} ++CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} + EOF + cat >> $CONFIG_STATUS <<\EOF + for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/security/ssh6/patches/patch-al b/security/ssh6/patches/patch-al new file mode 100644 index 00000000000..2f1118214b0 --- /dev/null +++ b/security/ssh6/patches/patch-al @@ -0,0 +1,70 @@ +$NetBSD: patch-al,v 1.1 2000/03/20 02:25:36 itojun Exp $ + +--- gmp-2.0.2-ssh-2/longlong.h.orig Wed Apr 29 19:32:35 1998 ++++ gmp-2.0.2-ssh-2/longlong.h Tue Dec 14 23:03:54 1999 +@@ -190,26 +190,40 @@ + "rI" ((USItype)(bh)), \ + "r" ((USItype)(al)), \ + "rI" ((USItype)(bl))) ++#if defined(__ARM_ARCH_3M__) || defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) ++/* Use umull if available */ + #define umul_ppmm(xh, xl, a, b) \ + __asm__ ("%@ Inlined umul_ppmm +- mov %|r0, %2, lsr #16 +- mov %|r2, %3, lsr #16 +- bic %|r1, %2, %|r0, lsl #16 +- bic %|r2, %3, %|r2, lsl #16 +- mul %1, %|r1, %|r2 +- mul %|r2, %|r0, %|r2 +- mul %|r1, %0, %|r1 +- mul %0, %|r0, %0 +- adds %|r1, %|r2, %|r1 ++ umull %0, %1, %2, %3" \ ++ : "=&r" ((USItype) (xl)), \ ++ "=&r" ((USItype) (xh)) \ ++ : "r" ((USItype) (a)), \ ++ "r" ((USItype) (b))) ++#define UMUL_TIME 4 ++#else /* umull */ ++#define umul_ppmm(xh, xl, a, b) \ ++do {register USItype __t0, __t1, __t2; \ ++ __asm__ ("%@ Inlined umul_ppmm ++ mov %2, %5, lsr #16 ++ mov %0, %6, lsr #16 ++ bic %3, %5, %2, lsl #16 ++ bic %4, %6, %0, lsl #16 ++ mul %1, %3, %4 ++ mul %4, %2, %4 ++ mul %3, %0, %3 ++ mul %0, %2, %0 ++ adds %3, %4, %3 + addcs %0, %0, #65536 +- adds %1, %1, %|r1, lsl #16 +- adc %0, %0, %|r1, lsr #16" \ +- : "=&r" ((USItype)(xh)), \ +- "=r" ((USItype)(xl)) \ +- : "r" ((USItype)(a)), \ +- "r" ((USItype)(b)) \ +- : "r0", "r1", "r2") ++ adds %1, %1, %3, lsl #16 ++ adc %0, %0, %3, lsr #16" \ ++ : "=&r" ((USItype) (xh)), \ ++ "=r" ((USItype) (xl)), \ ++ "=&r" (__t0), "=&r" (__t1), "=r" (__t2) \ ++ : "r" ((USItype) (a)), \ ++ "r" ((USItype) (b)));} while (0) ++ + #define UMUL_TIME 20 ++#endif /* umull */ + #define UDIV_TIME 100 + #endif /* __arm__ */ + +@@ -719,7 +733,7 @@ + "g" ((USItype)(d))); \ + (r) = __xx.__i.__l; (q) = __xx.__i.__h; }) + #define count_trailing_zeros(count,x) \ +- do { ++ do { \ + __asm__ ("ffsd %2,%0" \ + : "=r" ((USItype) (count)) \ + : "0" ((USItype) 0), \ diff --git a/security/ssh6/patches/patch-am b/security/ssh6/patches/patch-am new file mode 100644 index 00000000000..7b087b3913f --- /dev/null +++ b/security/ssh6/patches/patch-am @@ -0,0 +1,36 @@ +$NetBSD: patch-am,v 1.1 2000/03/20 02:25:36 itojun Exp $ + +--- gmp-2.0.2-ssh-2/configure.in.orig Mon Feb 22 01:59:06 1999 ++++ gmp-2.0.2-ssh-2/configure.in Fri Jul 16 17:38:35 1999 +@@ -122,6 +122,20 @@ + path="x86" + syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX" + ;; ++ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) ++ if $CC -E - -dM </dev/null | grep -q __ELF__; then ++ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF ++ else ++ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out ++ x86_broken_align=yes ++ fi ++ case "${host}" in ++ i[34]86*-*-*netbsd*) ++ path="x86" ;; ++ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) ++ path="x86/pentium x86" ;; ++ esac ++ ;; + i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \ + i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out + path="x86" +@@ -221,6 +235,10 @@ + ;; + sh2-*-*) + path="sh/sh2 sh" ++ ;; ++ mips*-*-netbsd*) ++ path="mips2" ++ SFLAGS="-Wa,-KPIC" + ;; + mips[34]*-*-*) + path="mips3" diff --git a/security/ssh6/patches/patch-an b/security/ssh6/patches/patch-an new file mode 100644 index 00000000000..e8d6a5fd02e --- /dev/null +++ b/security/ssh6/patches/patch-an @@ -0,0 +1,43 @@ +$NetBSD: patch-an,v 1.1 2000/03/20 02:25:36 itojun Exp $ + +--- gmp-2.0.2-ssh-2/gmp-impl.h.orig Fri Mar 27 18:06:09 1998 ++++ gmp-2.0.2-ssh-2/gmp-impl.h Thu Mar 4 10:20:02 1999 +@@ -281,7 +281,6 @@ + + #if SIZEOF_INT >= 4 /* otherwise fails on 16-bit machines */ + #if defined (__alpha) \ +- || (defined (__arm__) && defined (__ARMWEL__)) \ + || defined (__clipper__) \ + || defined (__cris) \ + || defined (__i386__) \ +@@ -304,7 +303,7 @@ + }; + #else /* Need this as an #else since the tests aren't made exclusive. */ + #if defined (__a29k__) || defined (_AM29K) \ +- || defined (__arm__) \ ++ || (defined (__arm__) && defined (__ARMEB__)) \ + || (defined (__convex__) && defined (_IEEE_FLOAT_)) \ + || defined (__i370__) || defined (__mvs__) \ + || defined (__mc68000__) || defined (__mc68020__) || defined (__NeXT__)\ +@@ -330,6 +329,21 @@ + } s; + double d; + }; ++#define _GMP_IEEE_FLOATS 1 ++#else ++#if defined (__arm__) ++union ieee_double_extract ++{ ++ struct ++ { ++ unsigned int manh:20; ++ unsigned int exp:11; ++ unsigned int sig:1; ++ unsigned int manl:32; ++ } s; ++ double d; ++}; ++#endif + #endif + #endif + #endif /* SIZEOF_INT >= 4 */ diff --git a/security/ssh6/patches/patch-ao b/security/ssh6/patches/patch-ao new file mode 100644 index 00000000000..a17f4ceb4bd --- /dev/null +++ b/security/ssh6/patches/patch-ao @@ -0,0 +1,22 @@ +$NetBSD: patch-ao,v 1.1 2000/03/20 02:25:36 itojun Exp $ + +--- gmp-2.0.2-ssh-2/aclocal.m4.orig Wed Jul 8 18:40:42 1998 ++++ gmp-2.0.2-ssh-2/aclocal.m4 Mon May 10 23:50:28 1999 +@@ -20,7 +20,7 @@ + dnl AM_INIT_AUTOMAKE(package,version, [no-define]) + + AC_DEFUN(AM_INIT_AUTOMAKE, +-[AC_REQUIRE([AM_PROG_INSTALL]) ++[AC_REQUIRE([AC_PROG_INSTALL]) + PACKAGE=[$1] + AC_SUBST(PACKAGE) + VERSION=[$2] +@@ -46,7 +46,7 @@ + + # serial 1 + +-AC_DEFUN(AM_PROG_INSTALL, ++AC_DEFUN(AC_PROG_INSTALL, + [AC_REQUIRE([AC_PROG_INSTALL]) + test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + AC_SUBST(INSTALL_SCRIPT)dnl diff --git a/security/ssh6/patches/patch-ap b/security/ssh6/patches/patch-ap new file mode 100644 index 00000000000..0b6585eab3e --- /dev/null +++ b/security/ssh6/patches/patch-ap @@ -0,0 +1,36 @@ +$NetBSD: patch-ap,v 1.1 2000/03/20 02:25:37 itojun Exp $ + +--- gmp-2.0.2-ssh-2/configure.orig Wed May 12 07:19:35 1999 ++++ gmp-2.0.2-ssh-2/configure Fri Jul 16 17:38:30 1999 +@@ -1855,6 +1855,20 @@ + path="x86" + syntax_alternatives="$syntax_alternatives ELF_SYNTAX BSD_SYNTAX INTEL_SYNTAX" + ;; ++ i[3456]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) ++ if $CC -E - -dM </dev/null | grep -q __ELF__; then ++ syntax_alternatives="$syntax_alternatives ELF_SYNTAX" # ELF ++ else ++ syntax_alternatives="$syntax_alternatives BSD_SYNTAX" # a.out ++ x86_broken_align=yes ++ fi ++ case "${host}" in ++ i[34]86*-*-*netbsd*) ++ path="x86" ;; ++ i[56]86*-*-*netbsd* | pentium-*-*netbsd* | pentiumpro-*-*netbsd*) ++ path="x86/pentium x86" ;; ++ esac ++ ;; + i[34]86*-*-linuxaout* | i[34]86*-*-linuxoldld* | \ + i[34]86*-*-*bsd*) # 386/486 running BSD or Linux with a.out + path="x86" +@@ -1954,6 +1968,10 @@ + ;; + sh2-*-*) + path="sh/sh2 sh" ++ ;; ++ mips*-*-netbsd*) ++ path="mips2" ++ SFLAGS="-Wa,-KPIC" + ;; + mips[34]*-*-*) + path="mips3" diff --git a/security/ssh6/patches/patch-aq b/security/ssh6/patches/patch-aq new file mode 100644 index 00000000000..0fa31c89a33 --- /dev/null +++ b/security/ssh6/patches/patch-aq @@ -0,0 +1,462 @@ +$NetBSD: patch-aq,v 1.1 2000/03/20 02:25:37 itojun Exp $ + +--- newchannels.c.orig Wed May 12 07:19:27 1999 ++++ newchannels.c Fri Dec 24 22:01:15 1999 +@@ -274,7 +274,7 @@ + #include "authfd.h" + #include "emulate.h" + #include "servconf.h" +-#ifdef LIBWRAP ++#if defined(LIBWRAP) && defined(LIBWRAP_FWD) + #include <tcpd.h> + #include <syslog.h> + #ifdef NEED_SYS_SYSLOG_H +@@ -922,6 +922,7 @@ + /* This is our fake X11 server socket. */ + if (FD_ISSET(ch->sock, readset)) + { ++ int on = 1; + debug("X11 connection requested."); + addrlen = sizeof(addr); + newsock = accept(ch->sock, &addr, &addrlen); +@@ -930,11 +931,12 @@ + error("accept: %.100s", strerror(errno)); + break; + } ++ setsockopt(newsock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)); + remote_hostname = get_remote_hostname(newsock); + snprintf(buf, sizeof(buf), "X11 connection from %.200s port %d", + remote_hostname, get_peer_port(newsock)); + xfree(remote_hostname); +-#ifdef LIBWRAP ++#if defined(LIBWRAP) && defined(LIBWRAP_FWD) + { + struct request_info req; + struct servent *serv; +@@ -986,7 +988,7 @@ + ch->listening_port, remote_hostname, + get_peer_port(newsock)); + xfree(remote_hostname); +-#ifdef LIBWRAP ++#if defined(LIBWRAP) && defined(LIBWRAP_FWD) + { + struct request_info req; + struct servent *serv; +@@ -1405,13 +1407,29 @@ + int host_port, int gatewayports) + { + int ch, sock; +- struct sockaddr_in sin; ++ struct addrinfo hints, *ai, *aitop; ++ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; + + if (strlen(host) > sizeof(channels[0].path) - 1) + packet_disconnect("Forward host name too long."); + ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_flags = gatewayports ? AI_PASSIVE : 0; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", port); ++ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) ++ packet_disconnect("getaddrinfo: fatal error"); ++ ++ for (ai = aitop; ai; ai = ai->ai_next) ++ { ++ ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV); ++ + /* Create a port to listen for the host. */ +- sock = socket(AF_INET, SOCK_STREAM, 0); ++ sock = socket(ai->ai_family, SOCK_STREAM, 0); + if (sock < 0) + packet_disconnect("socket: %.100s", strerror(errno)); + +@@ -1421,21 +1439,10 @@ + (void)fcntl(sock, F_SETFL, O_NDELAY); + #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ + +- /* Initialize socket address. */ +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- if (gatewayports) +- sin.sin_addr.s_addr = INADDR_ANY; +- else +-#ifdef BROKEN_INET_ADDR +- sin.sin_addr.s_addr = inet_network("127.0.0.1"); +-#else /* BROKEN_INET_ADDR */ +- sin.sin_addr.s_addr = inet_addr("127.0.0.1"); +-#endif /* BROKEN_INET_ADDR */ +- sin.sin_port = htons(port); +- ++ debug("Listening on %s port %s.", ntop, strport); ++ + /* Bind the socket to the address. */ +- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) ++ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) + packet_disconnect("bind: %.100s", strerror(errno)); + + /* Start listening for connections on the socket. */ +@@ -1448,6 +1455,9 @@ + strcpy(channels[ch].path, host); /* note: host name stored here */ + channels[ch].host_port = host_port; /* port on host to connect to */ + channels[ch].listening_port = port; /* port being listened */ ++ ++ } /* for (ai = aitop; ai; ai = ai->ai_next) */ ++ freeaddrinfo(aitop); + } + + /* Initiate forwarding of connections to port "port" on remote host through +@@ -1636,9 +1646,10 @@ + void channel_input_port_open(void) + { + int remote_channel, sock, newch, host_port, i; +- struct sockaddr_in sin; + char *host, *originator_string; +- struct hostent *hp; ++ struct addrinfo hints, *ai, *aitop; ++ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; ++ int gaierr; + + /* Get remote channel number. */ + remote_channel = packet_get_int(); +@@ -1678,36 +1689,15 @@ + } + } + +- memset(&sin, 0, sizeof(sin)); +-#ifdef BROKEN_INET_ADDR +- sin.sin_addr.s_addr = inet_network(host); +-#else /* BROKEN_INET_ADDR */ +- sin.sin_addr.s_addr = inet_addr(host); +-#endif /* BROKEN_INET_ADDR */ +- if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", host_port); ++ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) + { +- /* It was a valid numeric host address. */ +- sin.sin_family = AF_INET; +- } +- else +- { +- /* Look up the host address from the name servers. */ +- hp = gethostbyname(host); +- if (!hp) +- { +- error("%.100s: unknown host.", host); +- goto fail; +- } +- if (!hp->h_addr_list[0]) +- { +- error("%.100s: host has no IP address.", host); +- goto fail; +- } +- sin.sin_family = hp->h_addrtype; +- memcpy(&sin.sin_addr, hp->h_addr_list[0], +- sizeof(sin.sin_addr)); ++ error("%.100s: unknown host (%s)", host, gai_strerror(gaierr)); ++ goto fail; + } +- sin.sin_port = htons(host_port); + + #ifdef F_SECURE_COMMERCIAL + +@@ -1744,8 +1734,15 @@ + + #endif /* F_SECURE_COMMERCIAL */ + ++ for (ai = aitop; ai; ai = ai->ai_next) ++ { ++ ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV); ++ + /* Create the socket. */ +- sock = socket(sin.sin_family, SOCK_STREAM, 0); ++ sock = socket(ai->ai_family, SOCK_STREAM, 0); + if (sock < 0) + { + error("socket: %.100s", strerror(errno)); +@@ -1753,15 +1750,25 @@ + } + + /* Connect to the host/port. */ +- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) ++ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) + { +- error("connect %.100s:%d: %.100s", host, host_port, +- strerror(errno)); ++ debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); + close(sock); ++ continue; /* fail -- try next */ ++ } ++ break; /* success */ ++ ++ } /* for (ai = aitop; ai; ai = ai->ai_next) */ ++ freeaddrinfo(aitop); ++ ++ if (!ai) ++ { ++ error("connect %.100s:%d: failed.", host, host_port); + goto fail; + } + + /* Successful connection. */ ++ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); + + #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) + (void)fcntl(sock, F_SETFL, O_NONBLOCK); +@@ -1803,7 +1810,10 @@ + { + extern ServerOptions options; + int display_number, port, sock; +- struct sockaddr_in sin; ++ struct addrinfo hints, *ai, *aitop; ++ char strport[PORTSTRLEN]; ++#define NUM_SOCKS 10 ++ int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS]; + char buf[512]; + #ifdef HAVE_GETHOSTNAME + char hostname[257]; +@@ -1817,12 +1827,21 @@ + for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) + { + port = 6000 + display_number; +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_addr.s_addr = INADDR_ANY; +- sin.sin_port = htons(port); ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_flags = AI_PASSIVE; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", port); ++ if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) ++ { ++ error("getaddrinfo: %.100s", gai_strerror(gaierr)); ++ return NULL; ++ } ++ ++ for (ai = aitop; ai; ai = ai->ai_next) ++ { + +- sock = socket(AF_INET, SOCK_STREAM, 0); ++ sock = socket(ai->ai_family, SOCK_STREAM, 0); + if (sock < 0) + { + error("socket: %.100s", strerror(errno)); +@@ -1835,13 +1854,26 @@ + (void)fcntl(sock, F_SETFL, O_NDELAY); + #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ + +- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) ++ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) + { + debug("bind port %d: %.100s", port, strerror(errno)); + shutdown(sock, 2); + close(sock); +- continue; ++ for (n = 0; n < num_socks; n++) ++ { ++ shutdown(socks[n], 2); ++ close(socks[n]); ++ } ++ num_socks = 0; ++ break; + } ++ ++ socks[num_socks++] = sock; ++ if (num_socks == NUM_SOCKS) ++ break; ++ } /* for (ai = aitop; ai; ai = ai->ai_next) */ ++ ++ if (num_socks > 0) + break; + } + if (display_number >= MAX_DISPLAYS) +@@ -1851,13 +1883,22 @@ + } + + /* Start listening for connections on the socket. */ ++ for (n = 0; n < num_socks; n++) ++ { ++ sock = socks[n]; + if (listen(sock, 5) < 0) + { + error("listen: %.100s", strerror(errno)); + shutdown(sock, 2); + close(sock); ++ for (nn = 0; nn < n; nn++) ++ { ++ shutdown(socks[nn], 2); ++ close(socks[nn]); ++ } + return NULL; + } ++ } /* for (n = 0; n < num_socks; n++) */ + + /* Set up a suitable value for the DISPLAY variable. */ + #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE +@@ -1868,10 +1909,11 @@ + if (gethostname(hostname, sizeof(hostname)) < 0) + fatal("gethostname: %.100s", strerror(errno)); + { +- struct hostent *hp; +- struct in_addr addr; +- hp = gethostbyname(hostname); +- if (hp == NULL || !hp->h_addr_list[0]) ++ struct addrinfo hints, *ai; ++ char ntop[ADDRSTRLEN]; ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai) + { + error("Could not get server IP address for %.200s.", hostname); + packet_send_debug("Could not get server IP address for %.200s.", +@@ -1880,9 +1922,10 @@ + close(sock); + return NULL; + } +- memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); + snprintf(buf, sizeof(buf), +- "%.100s:%d.%d", inet_ntoa(addr), display_number, ++ "%.100s:%d.%d", ntop, display_number, + screen_number); + } + #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ +@@ -1900,8 +1943,12 @@ + #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ + + /* Allocate a channel for the socket. */ ++ for (n = 0; n < num_socks; n++) ++ { ++ sock = socks[n]; + (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, + xstrdup("X11 inet listener")); ++ } /* for (n = 0; n < num_socks; n++) */ + + /* Return a suitable value for the DISPLAY environment variable. */ + return xstrdup(buf); +@@ -1916,9 +1963,10 @@ + int remote_channel, display_number, sock, newch; + const char *display; + struct sockaddr_un ssun; +- struct sockaddr_in sin; + char buf[255], *cp, *remote_host; +- struct hostent *hp; ++ struct addrinfo hints, *ai, *aitop; ++ char strport[PORTSTRLEN]; ++ int gaierr; + + /* Get remote channel number. */ + remote_channel = packet_get_int(); +@@ -2058,59 +2106,54 @@ + goto fail; + } + +- /* Try to parse the host name as a numeric IP address. */ +- memset(&sin, 0, sizeof(sin)); +-#ifdef BROKEN_INET_ADDR +- sin.sin_addr.s_addr = inet_network(buf); +-#else /* BROKEN_INET_ADDR */ +- sin.sin_addr.s_addr = inet_addr(buf); +-#endif /* BROKEN_INET_ADDR */ +- if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) ++ /* Look up the host address */ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", 6000 + display_number); ++ if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) + { +- /* It was a valid numeric host address. */ +- sin.sin_family = AF_INET; ++ error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); ++ goto fail; + } +- else ++ ++ for (ai = aitop; ai; ai = ai->ai_next) + { +- /* Not a numeric IP address. */ +- /* Look up the host address from the name servers. */ +- hp = gethostbyname(buf); +- if (!hp) +- { +- error("%.100s: unknown host.", buf); +- goto fail; +- } +- if (!hp->h_addr_list[0]) +- { +- error("%.100s: host has no IP address.", buf); +- goto fail; +- } +- sin.sin_family = hp->h_addrtype; +- memcpy(&sin.sin_addr, hp->h_addr_list[0], +- sizeof(sin.sin_addr)); +- } +- /* Set port number. */ +- sin.sin_port = htons(6000 + display_number); + + /* Create a socket. */ +- sock = socket(sin.sin_family, SOCK_STREAM, 0); ++ sock = socket(ai->ai_family, SOCK_STREAM, 0); + if (sock < 0) + { +- error("socket: %.100s", strerror(errno)); +- goto fail; ++ debug("socket: %.100s", strerror(errno)); ++ continue; + } + /* Connect it to the display. */ +- if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) ++ if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) + { +- error("connect %.100s:%d: %.100s", buf, 6000 + display_number, ++ debug("connect %.100s:%d: %.100s", buf, 6000 + display_number, + strerror(errno)); + close(sock); ++ continue; ++ } ++ /* Success */ ++ break; ++ ++ } /* (ai = aitop, ai; ai = ai->ai_next) */ ++ freeaddrinfo(aitop); ++ if (!ai) ++ { ++ error("connect %.100s:%d: %.100s", buf, 6000 + display_number, ++ strerror(errno)); + goto fail; + } + + success: + /* We have successfully obtained a connection to the real X display. */ +- ++ { ++ int on = 1; ++ setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)); ++ } ++ + #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) + (void)fcntl(sock, F_SETFL, O_NONBLOCK); + #else /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ +@@ -2412,6 +2455,10 @@ + ssh-agent connections on your system */ + old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + ++ /* Make sure the socket doesn't already exist, left over from a system ++ crash perhaps. */ ++ unlink(channel_forwarded_auth_socket_name); ++ + if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) + packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); + diff --git a/security/ssh6/patches/patch-ar b/security/ssh6/patches/patch-ar new file mode 100644 index 00000000000..25e7a654299 --- /dev/null +++ b/security/ssh6/patches/patch-ar @@ -0,0 +1,60 @@ +$NetBSD: patch-ar,v 1.1 2000/03/20 02:25:38 itojun Exp $ + +--- acconfig.h.orig Wed May 12 07:19:23 1999 ++++ acconfig.h Fri Dec 24 21:50:38 1999 +@@ -247,16 +247,23 @@ + /* Define this if your gettimeofday doesn't have TZ parameter */ + #undef HAVE_NO_TZ_IN_GETTIMEOFDAY + +-/* Define this if you want to compile in Kerberos support. */ +-#undef KERBEROS +- + /* Define this if you want to compile in Kerberos V5 support. +- KERBEROS must be compiled in as well. This can be done at configure +- time with the --with-kerberos5 argument*/ ++ This can be done at configure time with the --with-krb5 argument. */ + #undef KRB5 + +-/* Define this if you want to pass the Kerberos TGT. */ +-#undef KERBEROS_TGT_PASSING ++/* Define this if you want to compile in Kerberos V4 support. ++ This can be done at configure time with the --with-krb4 argument. */ ++#undef KRB4 ++ ++/* Define this if you what to build ssh with Hesiod support. */ ++#undef HESIOD ++ ++/* Define this if you want to compile in AFS support. ++ This can be done at configure time with the --with-afs argument. */ ++#undef AFS ++ ++/* Define this if you have the AFS lifetime conversion routines. */ ++#undef HAVE_KRB_LIFE_TO_TIME + + /* Define this if you dont have SIGINFO as signal but some other macro */ + #undef HAVE_INCOMPATIBLE_SIGINFO +@@ -273,6 +280,24 @@ + /* File used to override /etc/nologin on a per-user basis. The default is + /etc/nologin.allow. */ + #undef NOLOGIN_ALLOW ++ ++/* Define this if you have struct sockaddr_storage. */ ++#undef HAVE_SOCKADDR_STORAGE ++ ++/* Define this if you have __sa_family in struct sockaddr_storage. */ ++#undef HAVE_NEW_SS_FAMILY ++ ++/* Define this if you have ss_len in struct sockaddr. */ ++#undef HAVE_SOCKADDR_LEN ++ ++/* Define this if you want to enable IPv6 support. */ ++#undef ENABLE_IPV6 ++ ++/* Define this if you want to enable another port try support. */ ++#undef ENABLE_ANOTHER_PORT_TRY ++ ++/* Define this if you want to enable logging auth info support. */ ++#undef ENABLE_LOG_AUTH + + /* Where to find the X11 socket */ + #undef X11_DIR diff --git a/security/ssh6/patches/patch-as b/security/ssh6/patches/patch-as new file mode 100644 index 00000000000..19eeaaa17f3 --- /dev/null +++ b/security/ssh6/patches/patch-as @@ -0,0 +1,249 @@ +$NetBSD: patch-as,v 1.1 2000/03/20 02:25:40 itojun Exp $ + +--- auth-kerberos.c.orig Wed May 12 07:19:23 1999 ++++ auth-kerberos.c Fri Dec 24 21:50:38 1999 +@@ -38,14 +38,13 @@ + #include "xmalloc.h" + #include "ssh.h" + +-#ifdef KERBEROS +-#if defined (KRB5) ++#ifdef KRB5 + #include <krb5.h> + + extern krb5_context ssh_context; + extern krb5_auth_context auth_context; + +-int auth_kerberos(char *server_user, krb5_data *auth, krb5_principal *client) ++int auth_krb5(char *server_user, krb5_data *auth, krb5_principal *client) + { + krb5_error_code problem; + krb5_ticket *ticket; +@@ -163,11 +162,115 @@ + return 1; + } + #endif /* KRB5 */ +-#endif /* KERBEROS */ + +-#ifdef KERBEROS_TGT_PASSING +-#if defined (KRB5) +-int auth_kerberos_tgt( char *server_user, krb5_data *krb5data) ++#ifdef KRB4 ++#include <sys/param.h> ++#include <krb.h> ++ ++int ssh_tf_init(uid_t uid) ++{ ++ extern char *ticket; ++ char *tkt_root = TKT_ROOT; ++ struct stat st; ++ int fd; ++ ++ /* Set unique ticket string manually since we're still root. */ ++ ticket = xmalloc(MAXPATHLEN); ++#ifdef AFS ++ if (lstat("/ticket", &st) != -1) ++ tkt_root = "/ticket/"; ++#endif /* AFS */ ++ snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid()); ++ (void) krb_set_tkt_string(ticket); ++ ++ /* Make sure we own this ticket file, and we created it. */ ++ if (lstat(ticket, &st) < 0 && errno == ENOENT) { ++ /* good, no ticket file exists. create it. */ ++ if ((fd = open(ticket, O_RDWR|O_CREAT|O_EXCL, 0600)) != -1) { ++ close(fd); ++ return 1; ++ } ++ } ++ else { ++ /* file exists. make sure server_user owns it (e.g. just passed ticket), ++ and that it isn't a symlink, and that it is mode 600. */ ++ if (st.st_mode == (S_IFREG|S_IRUSR|S_IWUSR) && st.st_uid == uid) ++ return 1; ++ } ++ /* Failure. */ ++ log_msg("WARNING: bad ticket file %s", ticket); ++ return 0; ++} ++ ++int auth_krb4(const char *server_user, KTEXT auth, char **client) ++{ ++ AUTH_DAT adat = { 0 }; ++ KTEXT_ST reply; ++ char instance[INST_SZ]; ++ int r, s; ++ u_long cksum; ++ Key_schedule schedule; ++ struct sockaddr_in local, foreign; ++ ++ s = packet_get_connection_in(); ++ ++ r = sizeof(local); ++ memset(&local, 0, sizeof(local)); ++ if (getsockname(s, (struct sockaddr *) &local, &r) < 0) ++ debug("getsockname failed: %.100s", strerror(errno)); ++ r = sizeof(foreign); ++ memset(&foreign, 0, sizeof(foreign)); ++ if (getpeername(s, (struct sockaddr *)&foreign, &r) < 0) ++ debug("getpeername failed: %.100s", strerror(errno)); ++ ++ instance[0] = '*'; instance[1] = 0; ++ ++ /* Get the encrypted request, challenge, and session key. */ ++ if (r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, "")) { ++ packet_send_debug("Kerberos V4 krb_rd_req: %s", krb_err_txt[r]); ++ return 0; ++ } ++ des_key_sched((des_cblock *)adat.session, schedule); ++ ++ *client = xmalloc(MAX_K_NAME_SZ); ++ (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname, ++ *adat.pinst ? "." : "", adat.pinst, adat.prealm); ++ ++ /* Check ~/.klogin authorization now. */ ++ if (kuserok(&adat, (char *)server_user) != KSUCCESS) { ++ packet_send_debug("Kerberos V4 .klogin authorization failed!"); ++ log_msg("Kerberos V4 .klogin authorization failed for %s to account %s", ++ *client, server_user); ++ return 0; ++ } ++ /* Increment the checksum, and return it encrypted with the session key. */ ++ cksum = adat.checksum + 1; ++ cksum = htonl(cksum); ++ ++ /* If we can't successfully encrypt the checksum, we send back an empty ++ message, admitting our failure. */ ++ if ((r = krb_mk_priv((u_char *)&cksum, reply.dat, sizeof(cksum)+1, ++ schedule, &adat.session, &local, &foreign)) < 0) { ++ packet_send_debug("Kerberos V4 mk_priv: (%d) %s", r, krb_err_txt[r]); ++ reply.dat[0] = 0; ++ reply.length = 0; ++ } ++ else ++ reply.length = r; ++ ++ /* Clear session key. */ ++ memset(&adat.session, 0, sizeof(&adat.session)); ++ ++ packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); ++ packet_put_string((char *) reply.dat, reply.length); ++ packet_send(); ++ packet_write_wait(); ++ return 1; ++} ++#endif /* KRB4 */ ++ ++#ifdef KRB5 ++int auth_krb5_tgt( char *server_user, krb5_data *krb5data) + { + krb5_creds **creds; + krb5_error_code retval; +@@ -177,7 +280,7 @@ + extern char *ticket; + static krb5_principal rcache_server = 0; + static krb5_rcache rcache; +- struct sockaddr_in local, foreign; ++ struct sockaddr_storage local, foreign; + krb5_address *local_addr, *remote_addr; + int s; + +@@ -267,5 +370,97 @@ + + } + #endif /* KRB5 */ +-#endif /* KERBEROS_TGT_PASSING */ + ++ ++#ifdef AFS ++#include <kafs.h> ++ ++int auth_kerberos_tgt(struct passwd *pw, const char *string) ++{ ++ CREDENTIALS creds; ++ extern char *ticket; ++ int r; ++ ++ if (!radix_to_creds(string, &creds)) { ++ log_msg("Protocol error decoding Kerberos V4 tgt"); ++ packet_send_debug("Protocol error decoding Kerberos V4 tgt"); ++ goto auth_kerberos_tgt_failure; ++ } ++ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ ++ strcpy(creds.service, "krbtgt"); ++ ++ if (strcmp(creds.service, "krbtgt")) { ++ log_msg("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", ++ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm, ++ pw->pw_uid); ++ packet_send_debug("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", ++ creds.pname, creds.pinst[0] ? "." : "", creds.pinst, ++ creds.realm, pw->pw_uid); ++ goto auth_kerberos_tgt_failure; ++ } ++ if (!ssh_tf_init(pw->pw_uid) || ++ (r = in_tkt(creds.pname, creds.pinst)) || ++ (r = save_credentials(creds.service,creds.instance,creds.realm, ++ creds.session,creds.lifetime,creds.kvno, ++ &creds.ticket_st,creds.issue_date))) { ++ xfree(ticket); ++ ticket = NULL; ++ packet_send_debug("Kerberos V4 tgt refused: couldn't save credentials"); ++ goto auth_kerberos_tgt_failure; ++ } ++ /* Successful authentication, passed all checks. */ ++ chown(ticket, pw->pw_uid, pw->pw_gid); ++ packet_send_debug("Kerberos V4 tgt accepted (%s.%s@%s, %s%s%s@%s)", ++ creds.service,creds.instance,creds.realm, ++ creds.pname,creds.pinst[0] ? "." : "", ++ creds.pinst,creds.realm); ++ ++ packet_start(SSH_SMSG_SUCCESS); ++ packet_send(); ++ packet_write_wait(); ++ return 1; ++ ++auth_kerberos_tgt_failure: ++ memset(&creds, 0, sizeof(creds)); ++ packet_start(SSH_SMSG_FAILURE); ++ packet_send(); ++ packet_write_wait(); ++ return 0; ++} ++ ++int auth_afs_token(char *server_user, uid_t uid, const char *string) ++{ ++ CREDENTIALS creds; ++ ++ if (!radix_to_creds(string, &creds)) { ++ log_msg("Protocol error decoding AFS token"); ++ packet_send_debug("Protocol error decoding AFS token"); ++ packet_start(SSH_SMSG_FAILURE); ++ packet_send(); ++ packet_write_wait(); ++ return 0; ++ } ++ if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ ++ strcpy(creds.service, "afs"); ++ ++ if (strncmp(creds.pname, "AFS ID ", 7) == 0) ++ uid = atoi(creds.pname + 7); ++ ++ if (kafs_settoken(creds.realm, uid, &creds)) { ++ log_msg("AFS token (%s@%s) rejected for uid %d", creds.pname, ++ creds.realm, uid); ++ packet_send_debug("AFS token (%s@%s) rejected for uid %d", creds.pname, ++ creds.realm, uid); ++ packet_start(SSH_SMSG_FAILURE); ++ packet_send(); ++ packet_write_wait(); ++ return 0; ++ } ++ packet_send_debug("AFS token accepted (%s@%s, %s@%s)", creds.service, ++ creds.realm, creds.pname, creds.realm); ++ packet_start(SSH_SMSG_SUCCESS); ++ packet_send(); ++ packet_write_wait(); ++ return 1; ++} ++#endif /* AFS */ diff --git a/security/ssh6/patches/patch-at b/security/ssh6/patches/patch-at new file mode 100644 index 00000000000..b1af8c0962d --- /dev/null +++ b/security/ssh6/patches/patch-at @@ -0,0 +1,191 @@ +$NetBSD: patch-at,v 1.1 2000/03/20 02:25:40 itojun Exp $ + +--- auth-passwd.c.orig Wed May 12 07:19:23 1999 ++++ auth-passwd.c Fri Dec 24 21:50:04 1999 +@@ -301,29 +301,25 @@ + static int securid_initialized = 0; + #endif /* HAVE_SECURID */ + +-#ifdef KERBEROS +-#if defined(KRB5) ++#ifdef KRB5 + #include <krb5.h> + extern krb5_context ssh_context; + extern krb5_auth_context auth_context; +-#else +-#include <krb.h> + #endif /* KRB5 */ +-#endif /* KERBEROS */ + +-#ifdef AFS +-#include <afs/param.h> +-#include <afs/kautils.h> +-#endif /* AFS */ ++#ifdef KRB4 ++#include <sys/param.h> ++#include <krb.h> ++#endif /* KRB4 */ + +-#if defined(KERBEROS) || defined(AFS_KERBEROS) ++#if defined(KRB4) || defined(KRB5) + extern char *ticket; +-#endif /* KERBEROS || AFS_KERBEROS */ ++#endif /* KRB4 || KRB5 */ + + /* Tries to authenticate the user using password. Returns true if + authentication succeeds. */ + +-#if defined(KERBEROS) && defined(KRB5) ++#ifdef KRB5 + /* + * This routine with some modification is from the MIT V5B6 appl/bsd/login.c + * +@@ -479,16 +475,16 @@ + 0 }; + #endif + krb5_preauthtype * preauth = preauth_list; +-#endif /* KERBEROS */ ++#endif /* KRB5 */ + + /* Tries to authenticate the user using password. Returns true if + authentication succeeds. */ +-#ifdef KERBEROS ++#ifdef KRB5 + int auth_password(const char *server_user, const char *password, + krb5_principal client) +-#else /* KERBEROS */ ++#else /* KRB5 */ + int auth_password(const char *server_user, const char *password) +-#endif /* KERBEROS */ ++#endif /* KRB5 */ + { + #if defined(_AIX) && defined(HAVE_AUTHENTICATE) + char *message; +@@ -505,7 +501,7 @@ + } + #else /* _AIX41 && HAVE_AUTHENTICATE */ + +-#ifdef KERBEROS ++#ifdef KRB5 + krb5_error_code problem; + int krb5_options = KDC_OPT_RENEWABLE | KDC_OPT_FORWARDABLE; + krb5_deltat rlife = 0; +@@ -515,7 +511,7 @@ + krb5_ccache ccache; + char ccname[80]; + int results; +-#endif /* KERBEROS */ ++#endif /* KRB5 */ + extern ServerOptions options; + extern char *crypt(const char *key, const char *salt); + struct passwd *pw; +@@ -537,10 +533,9 @@ + saved_pw_name = xstrdup(pw->pw_name); + saved_pw_passwd = xstrdup(pw->pw_passwd); + +-#if defined(KERBEROS) ++#if defined(KRB5) + if (options.kerberos_authentication) + { +-#if defined(KRB5) + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_l%d", getpid()); + + if (problem = krb5_cc_resolve(ssh_context, ccname, &ccache)) +@@ -658,9 +653,96 @@ + return 0; + } + } ++ } + #endif /* KRB5 */ ++#ifdef KRB4 ++ if (options.kerberos_authentication) ++ { ++ AUTH_DAT adata; ++ KTEXT_ST tkt; ++ struct hostent *hp; ++ unsigned long faddr; ++ char localhost[MAXHOSTNAMELEN]; /* local host name */ ++ char phost[INST_SZ]; /* host instance */ ++ char realm[REALM_SZ]; /* local Kerberos realm */ ++ int r; ++ ++ /* Try Kerberos password authentication only for non-root ++ users and only if Kerberos is installed. */ ++ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 0) == KSUCCESS) { ++ ++ /* Set up our ticket file. */ ++ if (!ssh_tf_init(pw->pw_uid)) { ++ log_msg("Couldn't initialize Kerberos ticket file for %s!", ++ server_user); ++ goto kerberos_auth_failure; ++ } ++ /* Try to get TGT using our password. */ ++ if ((r = krb_get_pw_in_tkt((char *)server_user, "", realm, "krbtgt", ++ realm, DEFAULT_TKT_LIFE, (char *)password)) != INTK_OK) { ++ packet_send_debug("Kerberos V4 password authentication for %s " ++ "failed: %s", server_user, krb_err_txt[r]); ++ goto kerberos_auth_failure; ++ } ++ /* Successful authentication. */ ++ chown(ticket, pw->pw_uid, pw->pw_gid); ++ ++ (void) gethostname(localhost, sizeof(localhost)); ++ (void) strncpy(phost, (char *)krb_get_phost(localhost), INST_SZ); ++ phost[INST_SZ-1] = 0; ++ ++ /* Now that we have a TGT, try to get a local "rcmd" ticket to ++ ensure that we are not talking to a bogus Kerberos server. */ ++ r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); ++ ++ if (r == KSUCCESS) { ++ if (!(hp = gethostbyname(localhost))) { ++ log_msg("Couldn't get local host address!"); ++ goto kerberos_auth_failure; ++ } ++ memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); ++ ++ /* Verify our "rcmd" ticket. */ ++ r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, ""); ++ if (r == RD_AP_UNDEC) { ++ /* Probably didn't have a srvtab on localhost. Allow login. */ ++ log_msg("Kerberos V4 TGT for %s unverifiable, no srvtab? " ++ "krb_rd_req: %s", server_user, krb_err_txt[r]); ++ } ++ else if (r != KSUCCESS) { ++ log_msg("Kerberos V4 %s ticket unverifiable: %s", ++ KRB4_SERVICE_NAME, krb_err_txt[r]); ++ goto kerberos_auth_failure; ++ } ++ } ++ else if (r == KDC_PR_UNKNOWN) { ++ /* Allow login if no rcmd service exists, but log the error. */ ++ log_msg("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " ++ "not registered, or srvtab is wrong?", server_user, ++ krb_err_txt[r], KRB4_SERVICE_NAME, phost); ++ } ++ else { ++ /* TGT is bad, forget it. Possibly spoofed. */ ++ packet_send_debug("WARNING: Kerberos V4 TGT possibly spoofed for" ++ "%s: %s", server_user, krb_err_txt[r]); ++ goto kerberos_auth_failure; ++ } ++ ++ /* Authentication succeeded. */ ++ return 1; ++ ++ kerberos_auth_failure: ++ (void) dest_tkt(); ++ xfree(ticket); ++ ticket = NULL; ++ if (!options.kerberos_or_local_passwd ) return 0; ++ } ++ else /* Logging in as root or no local Kerberos realm. */ ++ packet_send_debug("Unable to authenticate to Kerberos."); ++ ++ /* Fall back to ordinary passwd authentication. */ + } +-#endif /* KERBEROS */ ++#endif /* KRB4 */ + + #ifdef HAVE_SECURID + /* Support for Security Dynamics SecurId card. diff --git a/security/ssh6/patches/patch-au b/security/ssh6/patches/patch-au new file mode 100644 index 00000000000..f83de5cc11f --- /dev/null +++ b/security/ssh6/patches/patch-au @@ -0,0 +1,77 @@ +$NetBSD: patch-au,v 1.1 2000/03/20 02:25:40 itojun Exp $ + +--- login.c.orig Wed May 12 07:19:26 1999 ++++ login.c Fri Dec 24 22:01:25 1999 +@@ -255,7 +255,7 @@ + were more standardized. */ + + void record_login(int pid, const char *ttyname, const char *user, uid_t uid, +- const char *host, struct sockaddr_in *addr) ++ const char *host, struct sockaddr *addr) + { + int fd; + +@@ -271,7 +271,22 @@ + struct utmp u, u2; + off_t offset; + const char *utmp, *wtmp; ++#endif ++#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_LASTLOG_H) || defined(HAVE_LASTLOG) ++ char myname[MAXHOSTNAMELEN]; ++ char shost[MAXHOSTNAMELEN]; ++ char *p = NULL, *q = NULL; ++ ++ memset(shost, 0, sizeof(shost)); ++ gethostname(myname, MAXHOSTNAMELEN); ++ if (((p = memchr(myname, '.', MAXHOSTNAMELEN)) != NULL) ++ && ((q = strchr(host, '.')) != NULL) ++ && (strncmp(p, q, MAXHOSTNAMELEN - (p - myname)) == 0)) { ++ strncpy(shost, host, q - host); ++ } ++#endif + ++#if defined(HAVE_UTMP_H) && !defined(HAVE_UTMPX_H) + /* Construct an utmp/wtmp entry. */ + memset(&u, 0, sizeof(u)); + #ifdef DEAD_PROCESS +@@ -301,17 +316,21 @@ + strncpy(u.ut_user, user, sizeof(u.ut_user)); + #endif /* HAVE_NAME_IN_UTMP */ + #ifdef HAVE_HOST_IN_UTMP +- strncpy(u.ut_host, host, sizeof(u.ut_host)); +-#ifdef __FreeBSD__ +- if (strlen(host) > sizeof(u.ut_host)) { ++ if ((*shost != '\0') && (strlen(shost) <= sizeof(u.ut_host))) ++ strncpy(u.ut_host, shost, sizeof(u.ut_host)); ++#ifndef HAVE_ADDR_IN_UTMP ++ else if (strlen(host) > sizeof(u.ut_host)) + strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); +- } +-#endif /* __FreeBSD__ */ ++#endif /* HAVE_ADDR_IN_UTMP */ ++ else ++ strncpy(u.ut_host, host, sizeof(u.ut_host)); + #endif /* HAVE_HOST_IN_UTMP */ + #ifdef HAVE_ADDR_IN_UTMP ++#if 0 /* XXX */ + if (addr) + memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); + else ++#endif /* XXX */ + memset(&u.ut_addr, 0, sizeof(u.ut_addr)); + #endif + +@@ -490,7 +509,12 @@ + /* Update lastlog. */ + ll.ll_time = time(NULL); + strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line)); +- strncpy(ll.ll_host, host, sizeof(ll.ll_host)); ++ if ((*shost != '\0') && (strlen(shost) <= sizeof(ll.ll_host))) ++ strncpy(ll.ll_host, shost, sizeof(ll.ll_host)); ++ else if (strlen(host) > sizeof(ll.ll_host)) ++ strncpy(ll.ll_host, get_remote_ipaddr(), sizeof(ll.ll_host)); ++ else ++ strncpy(ll.ll_host, host, sizeof(ll.ll_host)); + #ifdef LASTLOG_IS_DIR + snprintf(lastlogfile, sizeof(lastlogfile), + "%.100s/%.100s", lastlog, user); diff --git a/security/ssh6/patches/patch-av b/security/ssh6/patches/patch-av new file mode 100644 index 00000000000..503077e2446 --- /dev/null +++ b/security/ssh6/patches/patch-av @@ -0,0 +1,13 @@ +$NetBSD: patch-av,v 1.1 2000/03/20 02:25:40 itojun Exp $ + +--- serverloop.c.orig Wed May 12 13:19:28 1999 ++++ serverloop.c Sat May 15 04:33:35 1999 +@@ -446,7 +446,7 @@ + if (ret == 0) /* Nothing read, timeout expired */ + { + /* Check if idle_timeout expired ? */ +- if (idle_timeout != 0 && !child_terminated && ++ if (idle_timeout != 0 && !child_terminated && idle_time_last && + time(NULL) - idle_time_last > idle_timeout) + { + /* Yes, kill the child */ diff --git a/security/ssh/patches/patch-aw b/security/ssh6/patches/patch-aw index 26b2055e719..1bafdf94611 100644 --- a/security/ssh/patches/patch-aw +++ b/security/ssh6/patches/patch-aw @@ -1,4 +1,4 @@ -$NetBSD: patch-aw,v 1.1 1999/12/25 05:28:36 kim Exp $ +$NetBSD: patch-aw,v 1.1 2000/03/20 02:25:41 itojun Exp $ --- canohost.c.orig Wed May 12 07:19:24 1999 +++ canohost.c Fri Dec 24 21:50:38 1999 diff --git a/security/ssh6/patches/patch-ax b/security/ssh6/patches/patch-ax new file mode 100644 index 00000000000..8385f6c5884 --- /dev/null +++ b/security/ssh6/patches/patch-ax @@ -0,0 +1,60 @@ +$NetBSD: patch-ax,v 1.1 2000/03/20 02:25:41 itojun Exp $ + +--- cipher.c.orig Wed May 12 07:19:24 1999 ++++ cipher.c Fri Dec 24 21:50:04 1999 +@@ -213,7 +213,7 @@ + used. */ + if (keylen < 8) + error("Key length %d is insufficient for DES.", keylen); +- des_set_key(padded, &context->u.des.key); ++ ssh_des_set_key(padded, &context->u.des.key); + memset(context->u.des.iv, 0, sizeof(context->u.des.iv)); + break; + #endif /* WITH_DES */ +@@ -224,12 +224,12 @@ + used (first and last keys are the same). */ + if (keylen < 16) + error("Key length %d is insufficient for 3DES.", keylen); +- des_set_key(padded, &context->u.des3.key1); +- des_set_key(padded + 8, &context->u.des3.key2); ++ ssh_des_set_key(padded, &context->u.des3.key1); ++ ssh_des_set_key(padded + 8, &context->u.des3.key2); + if (keylen <= 16) +- des_set_key(padded, &context->u.des3.key3); ++ ssh_des_set_key(padded, &context->u.des3.key3); + else +- des_set_key(padded + 16, &context->u.des3.key3); ++ ssh_des_set_key(padded + 16, &context->u.des3.key3); + memset(context->u.des3.iv1, 0, sizeof(context->u.des3.iv1)); + memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2)); + memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3)); +@@ -274,12 +274,12 @@ + + #ifdef WITH_DES + case SSH_CIPHER_DES: +- des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); ++ ssh_des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); + break; + #endif /* WITH_DES */ + + case SSH_CIPHER_3DES: +- des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, ++ ssh_des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, + &context->u.des3.key2, context->u.des3.iv2, + &context->u.des3.key3, context->u.des3.iv3, + dest, src, len); +@@ -322,12 +322,12 @@ + + #ifdef WITH_DES + case SSH_CIPHER_DES: +- des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); ++ ssh_des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); + break; + #endif /* WITH_DES */ + + case SSH_CIPHER_3DES: +- des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, ++ ssh_des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, + &context->u.des3.key2, context->u.des3.iv2, + &context->u.des3.key3, context->u.des3.iv3, + dest, src, len); diff --git a/security/ssh6/patches/patch-ay b/security/ssh6/patches/patch-ay new file mode 100644 index 00000000000..b9fcf7e9813 --- /dev/null +++ b/security/ssh6/patches/patch-ay @@ -0,0 +1,13 @@ +$NetBSD: patch-ay,v 1.1 2000/03/20 02:25:41 itojun Exp $ + +--- cipher.h.orig Wed May 12 07:19:25 1999 ++++ cipher.h Fri Dec 24 21:50:04 1999 +@@ -58,7 +58,7 @@ + #ifndef WITHOUT_IDEA + #include "idea.h" + #endif /* WITHOUT_IDEA */ +-#include "des.h" ++#include "ssh-des.h" + #ifdef WITH_ARCFOUR + #include "arcfour.h" + #endif /* WITH_ARCFOUR */ diff --git a/security/ssh6/patches/patch-az b/security/ssh6/patches/patch-az new file mode 100644 index 00000000000..1f44c3117bb --- /dev/null +++ b/security/ssh6/patches/patch-az @@ -0,0 +1,102 @@ +$NetBSD: patch-az,v 1.1 2000/03/20 02:25:41 itojun Exp $ + +--- config.h.in.orig Wed May 12 07:20:04 1999 ++++ config.h.in Fri Dec 24 21:50:38 1999 +@@ -244,12 +244,6 @@ + /* Support for Secure RPC */ + #undef SECURE_RPC + +-/* Support for Secure NFS */ +-#undef SECURE_NFS +- +-/* Support for NIS+ */ +-#undef NIS_PLUS +- + /* Define this to disable all port forwardings in server (except X11) */ + #undef SSHD_NO_PORT_FORWARDING + +@@ -296,16 +290,23 @@ + /* Define this if your gettimeofday doesn't have TZ parameter */ + #undef HAVE_NO_TZ_IN_GETTIMEOFDAY + +-/* Define this if you want to compile in Kerberos support. */ +-#undef KERBEROS +- + /* Define this if you want to compile in Kerberos V5 support. +- KERBEROS must be compiled in as well. This can be done at configure +- time with the --with-kerberos5 argument*/ ++ This can be done at configure time with the --with-krb5 argument. */ + #undef KRB5 + +-/* Define this if you want to pass the Kerberos TGT. */ +-#undef KERBEROS_TGT_PASSING ++/* Define this if you want to compile in Kerberos V4 support. ++ This can be done at configure time with the --with-krb4 argument. */ ++#undef KRB4 ++ ++/* Define this if you what to build ssh with Hesiod support. */ ++#undef HESIOD ++ ++/* Define this if you want to compile in AFS support. ++ This can be done at configure time with the --with-afs argument. */ ++#undef AFS ++ ++/* Define this if you have the AFS lifetime conversion routines. */ ++#undef HAVE_KRB_LIFE_TO_TIME + + /* Define this if you dont have SIGINFO as signal but some other macro */ + #undef HAVE_INCOMPATIBLE_SIGINFO +@@ -323,6 +324,24 @@ + /etc/nologin.allow. */ + #undef NOLOGIN_ALLOW + ++/* Define this if you have struct sockaddr_storage. */ ++#undef HAVE_SOCKADDR_STORAGE ++ ++/* Define this if you have __sa_family in struct sockaddr_storage. */ ++#undef HAVE_NEW_SS_FAMILY ++ ++/* Define this if you have ss_len in struct sockaddr. */ ++#undef HAVE_SOCKADDR_LEN ++ ++/* Define this if you want to enable IPv6 support. */ ++#undef ENABLE_IPV6 ++ ++/* Define this if you want to enable another port try support. */ ++#undef ENABLE_ANOTHER_PORT_TRY ++ ++/* Define this if you want to enable logging auth info support. */ ++#undef ENABLE_LOG_AUTH ++ + /* Where to find the X11 socket */ + #undef X11_DIR + +@@ -375,12 +394,18 @@ + /* Define if you have the ftruncate function. */ + #undef HAVE_FTRUNCATE + ++/* Define if you have the getaddrinfo function. */ ++#undef HAVE_GETADDRINFO ++ + /* Define if you have the getdtablesize function. */ + #undef HAVE_GETDTABLESIZE + + /* Define if you have the gethostname function. */ + #undef HAVE_GETHOSTNAME + ++/* Define if you have the getnameinfo function. */ ++#undef HAVE_GETNAMEINFO ++ + /* Define if you have the getpseudotty function. */ + #undef HAVE_GETPSEUDOTTY + +@@ -518,6 +543,9 @@ + + /* Define if you have the <sys/dir.h> header file. */ + #undef HAVE_SYS_DIR_H ++ ++/* Define if you have the <sys/filio.h> header file. */ ++#undef HAVE_SYS_FILIO_H + + /* Define if you have the <sys/ioctl.h> header file. */ + #undef HAVE_SYS_IOCTL_H diff --git a/security/ssh6/patches/patch-ba b/security/ssh6/patches/patch-ba new file mode 100644 index 00000000000..8bfa55d1459 --- /dev/null +++ b/security/ssh6/patches/patch-ba @@ -0,0 +1,137 @@ +$NetBSD: patch-ba,v 1.1 2000/03/20 02:25:42 itojun Exp $ + +--- des.c.orig Wed May 12 07:19:25 1999 ++++ des.c Fri Dec 24 21:50:04 1999 +@@ -38,7 +38,7 @@ + + #include "includes.h" + #include "getput.h" +-#include "des.h" ++#include "ssh-des.h" + + /* Table for key generation. This used to be in sk.h. */ + /* Copyright (C) 1993 Eric Young - see README for more details */ +@@ -400,7 +400,7 @@ + /* This part is based on code that used to be in ecb_enc.c. */ + /* Copyright (C) 1993 Eric Young - see README for more details */ + +-void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, ++void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, + int encrypt) + { + register word32 t,u; +@@ -452,7 +452,7 @@ + #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ + (a)=(a)^(t)^(t>>(16-(n)))) + +-void des_set_key(unsigned char *key, DESContext *ks) ++void ssh_des_set_key(unsigned char *key, DESContext *ks) + { + register word32 c, d, t, s, shifts; + register int i; +@@ -507,7 +507,7 @@ + } + } + +-void des_cbc_encrypt(DESContext *ks, unsigned char *iv, ++void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, + unsigned char *dest, const unsigned char *src, + unsigned int len) + { +@@ -523,7 +523,7 @@ + { + iv0 ^= GET_32BIT_LSB_FIRST(src + i); + iv1 ^= GET_32BIT_LSB_FIRST(src + i + 4); +- des_encrypt(iv0, iv1, out, ks, 1); ++ ssh_des_encrypt(iv0, iv1, out, ks, 1); + iv0 = out[0]; + iv1 = out[1]; + PUT_32BIT_LSB_FIRST(dest + i, iv0); +@@ -533,7 +533,7 @@ + PUT_32BIT_LSB_FIRST(iv + 4, iv1); + } + +-void des_cbc_decrypt(DESContext *ks, unsigned char *iv, ++void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, + unsigned char *dest, const unsigned char *src, + unsigned int len) + { +@@ -549,7 +549,7 @@ + { + d0 = GET_32BIT_LSB_FIRST(src + i); + d1 = GET_32BIT_LSB_FIRST(src + i + 4); +- des_encrypt(d0, d1, out, ks, 0); ++ ssh_des_encrypt(d0, d1, out, ks, 0); + iv0 ^= out[0]; + iv1 ^= out[1]; + PUT_32BIT_LSB_FIRST(dest + i, iv0); +@@ -561,38 +561,38 @@ + PUT_32BIT_LSB_FIRST(iv + 4, iv1); + } + +-void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, ++void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, + DESContext *ks2, unsigned char *iv2, + DESContext *ks3, unsigned char *iv3, + unsigned char *dest, const unsigned char *src, + unsigned int len) + { +- des_cbc_encrypt(ks1, iv1, dest, src, len); +- des_cbc_decrypt(ks2, iv2, dest, dest, len); +- des_cbc_encrypt(ks3, iv3, dest, dest, len); ++ ssh_des_cbc_encrypt(ks1, iv1, dest, src, len); ++ ssh_des_cbc_decrypt(ks2, iv2, dest, dest, len); ++ ssh_des_cbc_encrypt(ks3, iv3, dest, dest, len); + } + +-void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, ++void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, + DESContext *ks2, unsigned char *iv2, + DESContext *ks3, unsigned char *iv3, + unsigned char *dest, const unsigned char *src, + unsigned int len) + { +- des_cbc_decrypt(ks3, iv3, dest, src, len); +- des_cbc_encrypt(ks2, iv2, dest, dest, len); +- des_cbc_decrypt(ks1, iv1, dest, dest, len); ++ ssh_des_cbc_decrypt(ks3, iv3, dest, src, len); ++ ssh_des_cbc_encrypt(ks2, iv2, dest, dest, len); ++ ssh_des_cbc_decrypt(ks1, iv1, dest, dest, len); + } + +-#ifdef DES_TEST ++#ifdef SSH_DES_TEST + +-void des_encrypt_buf(DESContext *ks, unsigned char *out, ++void ssh_des_encrypt_buf(DESContext *ks, unsigned char *out, + const unsigned char *in, int encrypt) + { + word32 in0, in1, output[0]; + + in0 = GET_32BIT_LSB_FIRST(in); + in1 = GET_32BIT_LSB_FIRST(in + 4); +- des_encrypt(in0, in1, output, ks, encrypt); ++ ssh_des_encrypt(in0, in1, output, ks, encrypt); + PUT_32BIT_LSB_FIRST(out, output[0]); + PUT_32BIT_LSB_FIRST(out + 4, output[1]); + } +@@ -634,15 +634,15 @@ + } + result[i] = value; + } +- des_set_key(key, &ks); +- des_encrypt_buf(&ks, output, data, 1); ++ ssh_des_set_key(key, &ks); ++ ssh_des_encrypt_buf(&ks, output, data, 1); + if (memcmp(output, result, 8) != 0) + fprintf(stderr, "Encrypt failed: %s", line); +- des_encrypt_buf(&ks, output, result, 0); ++ ssh_des_encrypt_buf(&ks, output, result, 0); + if (memcmp(output, data, 8) != 0) + fprintf(stderr, "Decrypt failed: %s", line); + } + exit(0); + } +-#endif /* DES_TEST */ ++#endif /* SSH_DES_TEST */ + diff --git a/security/ssh6/patches/patch-bb b/security/ssh6/patches/patch-bb new file mode 100644 index 00000000000..936d7522631 --- /dev/null +++ b/security/ssh6/patches/patch-bb @@ -0,0 +1,64 @@ +$NetBSD: patch-bb,v 1.1 2000/03/20 02:25:42 itojun Exp $ + +--- ssh-des.h.orig Wed May 12 07:19:25 1999 ++++ ssh-des.h Fri Dec 24 21:50:04 1999 +@@ -25,8 +25,8 @@ + * $Endlog$ + */ + +-#ifndef DES_H +-#define DES_H ++#ifndef SSH_DES_H ++#define SSH_DES_H + + typedef struct + { +@@ -35,40 +35,40 @@ + + /* Sets the des key for the context. Initializes the context. The least + significant bit of each byte of the key is ignored as parity. */ +-void des_set_key(unsigned char *key, DESContext *ks); ++void ssh_des_set_key(unsigned char *key, DESContext *ks); + + /* Encrypts 32 bits in l,r, and stores the result in output[0] and output[1]. + Performs encryption if encrypt is non-zero, and decryption if it is zero. +- The key context must have been initialized previously with des_set_key. */ +-void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, ++ The key context must have been initialized previously with ssh_des_set_key. */ ++void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, + int encrypt); + + /* Encrypts len bytes from src to dest in CBC modes. Len must be a multiple + of 8. iv will be modified at end to a value suitable for continuing + encryption. */ +-void des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, ++void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, + const unsigned char *src, unsigned int len); + + /* Decrypts len bytes from src to dest in CBC modes. Len must be a multiple + of 8. iv will be modified at end to a value suitable for continuing + decryption. */ +-void des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, ++void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, + const unsigned char *src, unsigned int len); + + /* Encrypts in CBC mode using triple-DES. */ +-void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, ++void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, + DESContext *ks2, unsigned char *iv2, + DESContext *ks3, unsigned char *iv3, + unsigned char *dest, const unsigned char *src, + unsigned int len); + + /* Decrypts in CBC mode using triple-DES. */ +-void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, ++void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, + DESContext *ks2, unsigned char *iv2, + DESContext *ks3, unsigned char *iv3, + unsigned char *dest, const unsigned char *src, + unsigned int len); + +-#endif /* DES_H */ ++#endif /* SSH_DES_H */ + + diff --git a/security/ssh/patches/patch-bc b/security/ssh6/patches/patch-bc index ef35ff003df..d3ed2bdddbe 100644 --- a/security/ssh/patches/patch-bc +++ b/security/ssh6/patches/patch-bc @@ -1,4 +1,4 @@ -$NetBSD: patch-bc,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bc,v 1.1 2000/03/20 02:25:42 itojun Exp $ --- match.c.orig Wed May 12 07:19:27 1999 +++ match.c Fri Dec 24 21:50:42 1999 diff --git a/security/ssh6/patches/patch-bd b/security/ssh6/patches/patch-bd new file mode 100644 index 00000000000..0a5b9816623 --- /dev/null +++ b/security/ssh6/patches/patch-bd @@ -0,0 +1,121 @@ +$NetBSD: patch-bd,v 1.1 2000/03/20 02:25:42 itojun Exp $ + +--- readconf.c.orig Wed May 12 07:19:27 1999 ++++ readconf.c Fri Dec 24 21:50:42 1999 +@@ -170,7 +170,13 @@ + oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, + oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, + oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, ++#ifdef AFS ++ oAFSTokenPassing, ++#endif /* AFS */ + oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ oAnotherPort, ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost + } OpCodes; + +@@ -194,6 +200,9 @@ + { "hostname", oHostName }, + { "proxycommand", oProxyCommand }, + { "port", oPort }, ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ { "anotherport", oAnotherPort }, ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + { "cipher", oCipher }, + { "remoteforward", oRemoteForward }, + { "localforward", oLocalForward }, +@@ -213,6 +222,9 @@ + { "useprivilegedport", oUsePrivilegedPort }, + { "kerberosauthentication", oKerberosAuthentication }, + { "kerberostgtpassing", oKerberosTgtPassing }, ++#ifdef AFS ++ { "afstokenpassing", oAFSTokenPassing }, ++#endif /* AFS */ + { "clearallforwardings", oClearAllForwardings }, + { "numberofpasswordprompts", oNumberOfPasswordPrompts }, + { "xauthlocation", oXauthPath }, +@@ -354,6 +366,12 @@ + intptr = &options->kerberos_tgt_passing; + goto parse_flag; + ++#ifdef AFS ++ case oAFSTokenPassing: ++ intptr = &options->afs_token_passing; ++ goto parse_flag; ++#endif /* AFS */ ++ + case oFallBackToRsh: + intptr = &options->fallback_to_rsh; + goto parse_flag; +@@ -497,6 +515,12 @@ + *intptr = value; + break; + ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ case oAnotherPort: ++ intptr = &options->another_port; ++ goto parse_int; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ ++ + case oConnectionAttempts: + intptr = &options->connection_attempts; + goto parse_int; +@@ -678,6 +702,9 @@ + options->rsa_authentication = -1; + options->kerberos_authentication = -1; + options->kerberos_tgt_passing = -1; ++#ifdef AFS ++ options->afs_token_passing = -1; ++#endif /* AFS */ + options->tis_authentication = -1; + options->password_authentication = -1; + options->rhosts_rsa_authentication = -1; +@@ -689,6 +716,9 @@ + options->keepalives = -1; + options->compression_level = -1; + options->port = -1; ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ options->another_port = -1; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + options->connection_attempts = -1; + options->number_of_password_prompts = -1; + options->password_prompt_login = -1; +@@ -724,17 +754,19 @@ + if (options->rsa_authentication == -1) + options->rsa_authentication = 1; + if (options->kerberos_authentication == -1) +-#if defined(KERBEROS) && defined(KRB5) ++#if defined(KRB4) || defined(KRB5) + options->kerberos_authentication = 1; +-#else /* defined(KERBEROS) && defined(KRB5) */ ++#else + options->kerberos_authentication = 0; +-#endif /* defined(KERBEROS) && defined(KRB5) */ ++#endif /* defined(KRB4) || defined(KRB5) */ + if (options->kerberos_tgt_passing == -1) +-#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) ++#if defined(AFS) + options->kerberos_tgt_passing = 1; +-#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ ++ if (options->afs_token_passing == -1) ++ options->afs_token_passing = 1; ++#else + options->kerberos_tgt_passing = 0; +-#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ ++#endif /* AFS */ + if (options->tis_authentication == -1) + options->tis_authentication = 0; + if (options->password_authentication == -1) +@@ -759,6 +791,10 @@ + options->compression_level = 6; + if (options->port == -1) + options->port = 0; /* Filled in ssh_connect. */ ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ if (options->another_port == -1) ++ options->another_port = 0; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + if (options->connection_attempts == -1) + options->connection_attempts = 4; + if (options->number_of_password_prompts == -1) diff --git a/security/ssh6/patches/patch-be b/security/ssh6/patches/patch-be new file mode 100644 index 00000000000..28b6c7a34c3 --- /dev/null +++ b/security/ssh6/patches/patch-be @@ -0,0 +1,24 @@ +$NetBSD: patch-be,v 1.1 2000/03/20 02:25:42 itojun Exp $ + +--- readconf.h.orig Wed May 12 07:19:27 1999 ++++ readconf.h Fri Dec 24 21:50:42 1999 +@@ -85,6 +85,9 @@ + int rsa_authentication; /* Try RSA authentication. */ + int kerberos_authentication; /* Try Kerberos authentication. */ + int kerberos_tgt_passing; /* Try Kerberos tgt passing. */ ++#ifdef AFS ++ int afs_token_passing; /* Try AFS token passing. */ ++#endif /* AFS */ + int tis_authentication; /* Try TIS authsrv authentication. */ + int password_authentication; /* Try password authentication. */ + int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ +@@ -98,6 +101,9 @@ + int use_privileged_port; /* Use privileged port */ + + int port; /* Port to connect. */ ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ int another_port; /* Port to connect for -A option. */ ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + int connection_attempts; /* Max attempts (seconds) before giving up */ + int number_of_password_prompts; /* Max number of password prompts */ + int password_prompt_login; /* Show remote login at password prompt */ diff --git a/security/ssh6/patches/patch-bf b/security/ssh6/patches/patch-bf new file mode 100644 index 00000000000..8175d7fea02 --- /dev/null +++ b/security/ssh6/patches/patch-bf @@ -0,0 +1,250 @@ +$NetBSD: patch-bf,v 1.1 2000/03/20 02:25:42 itojun Exp $ + +--- servconf.c.orig Wed May 12 07:19:28 1999 ++++ servconf.c Fri Dec 24 21:50:42 1999 +@@ -81,8 +81,8 @@ + void initialize_server_options(ServerOptions *options) + { + memset(options, 0, sizeof(*options)); +- options->port = -1; +- options->listen_addr.s_addr = INADDR_ANY; ++ options->num_ports = 0; ++ options->listen_addrs = NULL; + options->host_key_file = NULL; + options->random_seed_file = NULL; + options->pid_file = NULL; +@@ -92,6 +92,9 @@ + options->permit_root_login = -1; + options->ignore_rhosts = -1; + options->ignore_root_rhosts = -1; ++#ifdef ENABLE_LOG_AUTH ++ options->log_auth = -1; ++#endif /* ENABLE_LOG_AUTH */ + options->quiet_mode = -1; + options->fascist_logging = -1; + options->print_motd = -1; +@@ -106,6 +109,12 @@ + options->kerberos_authentication = -1; + options->kerberos_or_local_passwd = -1; + options->kerberos_tgt_passing = -1; ++#if defined(KRB4) ++ options->kerberos_ticket_cleanup = -1; ++#endif /* KRB4 */ ++#ifdef AFS ++ options->afs_token_passing = -1; ++#endif + options->tis_authentication = -1; + options->allow_tcp_forwarding = -1; + options->password_authentication = -1; +@@ -138,16 +147,31 @@ + + void fill_default_server_options(ServerOptions *options) + { +- if (options->port == -1) ++ struct addrinfo hints, *ai, *aitop; ++ char strport[PORTSTRLEN]; ++ int i; ++ ++ if (options->num_ports == 0) ++ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; ++ if (options->listen_addrs == NULL) + { +- struct servent *sp; +- +- sp = getservbyname(SSH_SERVICE_NAME, "tcp"); +- if (sp) +- options->port = ntohs(sp->s_port); +- else +- options->port = SSH_DEFAULT_PORT; +- endservent(); ++ for (i = 0; i < options->num_ports; i++) ++ { ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_flags = AI_PASSIVE; ++ hints.ai_family = IPv4or6; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", options->ports[i]); ++ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) ++ { ++ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); ++ exit(1); ++ } ++ for (ai = aitop; ai->ai_next; ai = ai->ai_next); ++ ai->ai_next = options->listen_addrs; ++ options->listen_addrs = aitop; ++ } ++ /* freeaddrinfo(options->listen_addrs) in sshd.c */ + } + if (options->host_key_file == NULL) + options->host_key_file = HOST_KEY_FILE; +@@ -190,19 +214,27 @@ + if (options->rsa_authentication == -1) + options->rsa_authentication = 1; + if (options->kerberos_authentication == -1) +-#if defined(KERBEROS) && defined(KRB5) ++#if defined(KRB4) || defined(KRB5) + options->kerberos_authentication = 1; +-#else /* defined(KERBEROS) && defined(KRB5) */ ++#else + options->kerberos_authentication = 0; +-#endif /* defined(KERBEROS) && defined(KRB5) */ ++#endif /* defined(KRB4 || KRB5 */ + if (options->kerberos_or_local_passwd == -1) + options->kerberos_or_local_passwd = 0; + if (options->kerberos_tgt_passing == -1) +-#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) ++#if defined(AFS) || defined(KRB5) + options->kerberos_tgt_passing = 1; +-#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ ++#else + options->kerberos_tgt_passing = 0; +-#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ ++#endif /* AFS || KRB5 */ ++#if defined(KRB4) ++ if (options->kerberos_ticket_cleanup == -1) ++ options->kerberos_ticket_cleanup = 1; ++#endif /* KRB4 */ ++#ifdef AFS ++ if (options->afs_token_passing == -1) ++ options->afs_token_passing = 1; ++#endif /* AFS */ + if (options->allow_tcp_forwarding == -1) + options->allow_tcp_forwarding = 1; + if (options->tis_authentication == -1) +@@ -243,13 +275,23 @@ + { + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, ++#ifdef ENABLE_LOG_AUTH ++ sLogAuth, ++#endif /* ENABLE_LOG_AUTH */ + sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, + sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, + sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, + sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, + sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout, + sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, +- sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers, ++ sKerberosTgtPassing, ++#ifdef KRB4 ++ sKerberosTicketCleanup, ++#ifdef AFS ++ sAFSTokenPassing, ++#endif /* AFS */ ++#endif /* KRB4 */ ++ sAllowTcpForwarding, sAllowUsers, sDenyUsers, + sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts, + sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays, + sAccountExpireWarningDays +@@ -275,6 +317,9 @@ + { "quietmode", sQuietMode }, + { "fascistlogging", sFascistLogging }, + { "syslogfacility", sLogFacility }, ++#ifdef ENABLE_LOG_AUTH ++ { "logauth", sLogAuth }, ++#endif /* ENABLE_LOG_AUTH */ + { "rhostsauthentication", sRhostsAuthentication }, + { "rhostsrsaauthentication", sRhostsRSAAuthentication }, + { "rsaauthentication", sRSAAuthentication }, +@@ -313,6 +358,12 @@ + { "kerberosauthentication", sKerberosAuthentication }, + { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, + { "kerberostgtpassing", sKerberosTgtPassing }, ++#ifdef KRB4 ++ { "kerberosticketcleanup", sKerberosTicketCleanup }, ++#endif ++#ifdef AFS ++ { "afstokenpassing", sAFSTokenPassing }, ++#endif + { "allowtcpforwarding", sAllowTcpForwarding }, + { "xauthlocation", sXauthPath }, + { "checkmail", sCheckMail }, +@@ -367,6 +418,9 @@ + char *cp, **charptr; + int linenum, *intptr, i, value; + ServerOpCodes opcode; ++ struct addrinfo hints, *ai, *aitop; ++ char strport[PORTSTRLEN]; ++ int gaierr; + + f = fopen(filename, "r"); + if (!f) +@@ -389,7 +443,14 @@ + switch (opcode) + { + case sPort: +- intptr = &options->port; ++ if (options->num_ports >= MAX_PORTS) ++ { ++ fprintf(stderr, "%s line %d: too many ports.\n", ++ filename, linenum); ++ exit(1); ++ } ++ options->ports[options->num_ports] = -1; ++ intptr = &options->ports[options->num_ports++]; + parse_int: + cp = strtok(NULL, WHITESPACE); + if (!cp) +@@ -452,11 +513,25 @@ + filename, linenum); + exit(1); + } +-#ifdef BROKEN_INET_ADDR +- options->listen_addr.s_addr = inet_network(cp); +-#else /* BROKEN_INET_ADDR */ +- options->listen_addr.s_addr = inet_addr(cp); +-#endif /* BROKEN_INET_ADDR */ ++ if (options->num_ports == 0) ++ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; ++ for (i = 0; i < options->num_ports; i++) ++ { ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", options->ports[i]); ++ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) ++ { ++ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", ++ filename, linenum, gai_strerror(gaierr)); ++ exit(1); ++ } ++ for (ai = aitop; ai->ai_next; ai = ai->ai_next); ++ ai->ai_next = options->listen_addrs; ++ options->listen_addrs = aitop; ++ } ++ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ + break; + + case sHostKeyFile: +@@ -532,6 +607,12 @@ + *intptr = value; + break; + ++#ifdef ENABLE_LOG_AUTH ++ case sLogAuth: ++ intptr = &options->log_auth; ++ goto parse_flag; ++#endif /* ENABLE_LOG_AUTH */ ++ + case sIgnoreRhosts: + intptr = &options->ignore_rhosts; + goto parse_flag; +@@ -571,6 +652,18 @@ + case sKerberosTgtPassing: + intptr = &options->kerberos_tgt_passing; + goto parse_flag; ++ ++#ifdef KRB4 ++ case sKerberosTicketCleanup: ++ intptr = &options->kerberos_ticket_cleanup; ++ goto parse_flag; ++#endif /* KRB4 */ ++ ++#ifdef AFS ++ case sAFSTokenPassing: ++ intptr = &options->afs_token_passing; ++ goto parse_flag; ++#endif /* AFS */ + + case sAllowTcpForwarding: + intptr = &options->allow_tcp_forwarding; diff --git a/security/ssh6/patches/patch-bg b/security/ssh6/patches/patch-bg new file mode 100644 index 00000000000..70c06ba297c --- /dev/null +++ b/security/ssh6/patches/patch-bg @@ -0,0 +1,48 @@ +$NetBSD: patch-bg,v 1.1 2000/03/20 02:25:43 itojun Exp $ + +--- servconf.h.orig Wed May 12 07:19:28 1999 ++++ servconf.h Fri Dec 24 21:50:42 1999 +@@ -64,6 +64,8 @@ + #ifndef SERVCONF_H + #define SERVCONF_H + ++#define MAX_PORTS 256 /* Max # hosts on allow list. */ ++ + #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ + #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ + #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ +@@ -82,8 +84,9 @@ + + typedef struct + { +- int port; /* Port number to listen on. */ +- struct in_addr listen_addr; /* Address on which the server listens. */ ++ unsigned int num_ports; ++ int ports[MAX_PORTS]; /* Port number to listen on. */ ++ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */ + char *host_key_file; /* File containing host key. */ + char *random_seed_file; /* File containing random seed. */ + char *pid_file; /* File containing process ID number. */ +@@ -91,6 +94,9 @@ + int login_grace_time; /* Disconnect if no auth in this time (sec). */ + int key_regeneration_time; /* Server key lifetime (seconds). */ + int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ ++#ifdef ENABLE_LOG_AUTH ++ int log_auth; /* If true, log authentication info. */ ++#endif /* ENABLE_LOG_AUTH */ + int ignore_rhosts; /* Ignore .rhosts and .shosts. */ + int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, + defaults to ignore_rhosts if not given. */ +@@ -111,6 +117,12 @@ + password authentication mechanism, such + as SecurID or /etc/passwd */ + int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */ ++#ifdef KRB4 ++ int kerberos_ticket_cleanup; /* If true, destroy ticket file on logout. */ ++#endif /* KRB4 */ ++#ifdef AFS ++ int afs_token_passing; /* If true, permit AFS token passing. */ ++#endif /* AFS */ + int allow_tcp_forwarding; + int tis_authentication; /* If true, permit TIS authsrv auth. */ + int password_authentication; /* If true, permit password authentication. */ diff --git a/security/ssh6/patches/patch-bh b/security/ssh6/patches/patch-bh new file mode 100644 index 00000000000..adb8ead9c62 --- /dev/null +++ b/security/ssh6/patches/patch-bh @@ -0,0 +1,31 @@ +$NetBSD: patch-bh,v 1.1 2000/03/20 02:25:43 itojun Exp $ + +--- ssh.1.in.orig Wed May 12 07:19:30 1999 ++++ ssh.1.in Fri Dec 24 21:50:04 1999 +@@ -470,7 +470,7 @@ + .ne 3 + .TP + .B \-k +-Disables forwarding of the kerberos tickets. This may ++Disables forwarding of Kerberos tickets / AFS tokens. This may + also be specified on a per-host basis in the configuration file. + .ne 3 + .TP +@@ -770,11 +770,15 @@ + + .TP + .B KerberosAuthentication +-Specifies whether Kerberos V5 authentication will be used. ++Specifies whether Kerberos authentication will be used. + + .TP + .B KerberosTgtPassing +-Specifies whether a Kerberos V5 TGT will be forwarded to the server. ++Specifies whether a Kerberos TGT will be forwarded to the server. ++ ++.TP ++.B AFSTokenPassing ++Specifies whether an AFS token will be forwarded to the server. + + .TP + .B LocalForward diff --git a/security/ssh6/patches/patch-bi b/security/ssh6/patches/patch-bi new file mode 100644 index 00000000000..4ac4b1379f2 --- /dev/null +++ b/security/ssh6/patches/patch-bi @@ -0,0 +1,108 @@ +$NetBSD: patch-bi,v 1.1 2000/03/20 02:25:43 itojun Exp $ + +--- ssh.c.orig Wed May 12 07:19:28 1999 ++++ ssh.c Fri Dec 24 21:50:42 1999 +@@ -218,6 +218,14 @@ + other functions. */ + RandomState random_state; + ++/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. ++ Default value is AF_UNSPEC means both IPv4 and IPv6. */ ++#ifdef ENABLE_IPV6 ++int IPv4or6 = AF_UNSPEC; ++#else ++int IPv4or6 = AF_INET; ++#endif ++ + /* Flag indicating whether debug mode is on. This can be set on the + command line. */ + int debug_flag = 0; +@@ -277,12 +285,19 @@ + { + fprintf(stderr, "Usage: %s [options] host [command]\n", av0); + fprintf(stderr, "Options:\n"); ++ fprintf(stderr, " -4 Use IPv4 only.\n"); ++#ifdef ENABLE_IPV6 ++ fprintf(stderr, " -6 Use IPv6 only.\n"); ++#endif ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ fprintf(stderr, " -A Try to connect to another port before original port.\n"); ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + fprintf(stderr, " -l user Log in using this user name.\n"); + fprintf(stderr, " -n Redirect input from /dev/null.\n"); + fprintf(stderr, " -a Disable authentication agent forwarding.\n"); +-#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) +- fprintf(stderr, " -k Disable Kerberos ticket passing.\n"); +-#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ ++#ifdef AFS ++ fprintf(stderr, " -k Disable Kerberos ticket and AFS token passing.\n"); ++#endif /* AFS */ + #ifndef SSH_NO_X11_FORWARDING + fprintf(stderr, " -x Disable X11 connection forwarding.\n"); + #endif +@@ -413,6 +428,9 @@ + #ifdef SIGWINCH + struct winsize ws; + #endif /* SIGWINCH */ ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ int another_port_flag = 0; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + + /* Save the original real uid. It will be needed later (uid-swapping may + clobber the real uid). */ +@@ -522,6 +540,26 @@ + } + switch (opt) + { ++ case '4': ++#ifdef ENABLE_IPV6 ++ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; ++#else ++ IPv4or6 = AF_INET; ++#endif ++ break; ++ ++#ifdef ENABLE_IPV6 ++ case '6': ++ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; ++ break; ++#endif ++ ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ case 'A': ++ another_port_flag = 1; ++ break; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ ++ + case 'n': + stdin_null_flag = 1; + break; +@@ -541,6 +579,9 @@ + + case 'k': + options.kerberos_tgt_passing = 0; ++#ifdef AFS ++ options.afs_token_passing = 0; ++#endif /* AFS */ + break; + + case 'i': +@@ -789,11 +830,18 @@ + { + use_privileged_port = 0; + } ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ if (!another_port_flag) ++ options.another_port = 0; ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + /* Open a connection to the remote host. This needs root privileges if + rhosts_authentication is true. Note that the random_state is not + yet used by this call, although a pointer to it is stored, and thus it + need not be initialized. */ + ok = ssh_connect(host, options.port, options.connection_attempts, ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ options.another_port, ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + !use_privileged_port, + original_real_uid, options.proxy_command, &random_state); + diff --git a/security/ssh6/patches/patch-bj b/security/ssh6/patches/patch-bj new file mode 100644 index 00000000000..8fe80602685 --- /dev/null +++ b/security/ssh6/patches/patch-bj @@ -0,0 +1,156 @@ +$NetBSD: patch-bj,v 1.1 2000/03/20 02:25:43 itojun Exp $ + +--- ssh.h.orig Wed May 12 07:19:28 1999 ++++ ssh.h Fri Dec 24 21:50:42 1999 +@@ -176,6 +176,16 @@ + #include "randoms.h" + #include "cipher.h" + ++#ifdef HESIOD ++#include <hesiod.h> ++ ++#define getpwnam(a) hes_getpwnam(a) ++#define getpwuid(a) hes_getpwuid(a) ++ ++extern struct passwd *hes_getpwnam(const char *name); ++extern struct passwd *hes_getpwuid(uid_t uid); ++#endif /* HESIOD */ ++ + /* The default cipher used if IDEA is not supported by the remote host. + It is recommended that this be one of the mandatory ciphers (DES, 3DES), + though that is not required. */ +@@ -307,12 +317,13 @@ + protocol.) */ + #define SSH_SESSION_KEY_LENGTH 32 + +-#ifdef KERBEROS + #ifdef KRB5 + #include <krb5.h> +-#define KRB_SERVICE_NAME "host" ++#define KRB5_SERVICE_NAME "host" + #endif /* KRB5 */ +-#endif /* KERBEROS */ ++#ifdef KRB4 ++#define KRB4_SERVICE_NAME "rcmd" ++#endif /* KRB4 */ + + /* Authentication methods. New types can be added, but old types should not + be removed for compatibility. The maximum allowed value is 31. */ +@@ -336,6 +347,10 @@ + + /* If you add new methods add them after this using random number between 16-31 + so if someone else adds also new methods you dont use same number. */ ++#ifdef AFS ++#define SSH_PASS_AFS_TOKEN 21 ++#endif /* AFS */ ++ + + /* Protocol flags. These are bit masks. */ + #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ +@@ -410,7 +425,9 @@ + /* If ou add new messages add them starting from something after 64, better to + use some random number between 64-127 so if someone else adds something else + you dont use same numbers */ +- ++#ifdef AFS ++#define SSH_CMSG_HAVE_AFS_TOKEN 65 ++#endif /* AFS */ + + /* define this and debug() will print local hostname */ + #define LOCAL_HOSTNAME_IN_DEBUG 1 +@@ -430,7 +447,7 @@ + /* Records that the user has logged in. This does many things normally + done by login(1). */ + void record_login(int pid, const char *ttyname, const char *user, uid_t uid, +- const char *host, struct sockaddr_in *addr); ++ const char *host, struct sockaddr *addr); + + /* Records that the user has logged out. This does many thigs normally + done by login(1) or init. */ +@@ -447,6 +464,9 @@ + connection is successful, this calls packet_set_connection for the + connection. */ + int ssh_connect(const char *host, int port, int connection_attempts, ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ int another_port, ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + int anonymous, uid_t original_real_uid, + const char *proxy_command, RandomState *random_state); + +@@ -479,12 +499,12 @@ + + /* Tries to authenticate the user using password. Returns true if + authentication succeeds. */ +-#if defined(KERBEROS) && defined(KRB5) ++#ifdef KRB5 + int auth_password(const char *server_user, const char *password, + krb5_principal client); +-#else /* defined(KERBEROS) && defined(KRB5) */ ++#else /* KRB5 */ + int auth_password(const char *server_user, const char *password); +-#endif /* defined(KERBEROS) && defined(KRB5) */ ++#endif /* KRB5 */ + + /* Performs the RSA authentication dialog with the client. This returns + 0 if the client could not be authenticated, and 1 if authentication was +@@ -872,5 +892,60 @@ + #else + #define UID_ROOT 0 + #endif ++ ++#ifdef HAVE_SOCKADDR_STORAGE ++#ifndef HAVE_NEW_SS_FAMILY ++#define __ss_len ss_len ++#define __ss_family ss_family ++#endif ++#else ++#define _SS_MAXSIZE 128 /* Implementation specific max size */ ++#define _SS_ALIGNSIZE (sizeof(int)) ++#define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) ++#define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ ++ _SS_PAD1SIZE + _SS_ALIGNSIZE)) ++struct sockaddr_storage { ++#ifdef HAVE_SOCKADDR_LEN ++ u_char __ss_len; ++ u_char __ss_family; ++#else ++ u_short __ss_family; ++#endif ++ char __ss_pad1[_SS_PAD1SIZE]; ++ int __ss_align; ++ char __ss_pad2[_SS_PAD2SIZE]; ++}; ++#endif ++ ++#ifdef INET6_ADDRSTRLEN ++#define ADDRSTRLEN INET6_ADDRSTRLEN ++#else ++#define ADDRSTRLEN 46 ++#endif ++ ++#define PORTSTRLEN 16 ++ ++/* AF_UNSPEC or AF_INET or AF_INET6 */ ++extern int IPv4or6; ++ ++#ifndef ENABLE_IPV6 ++/* dummy value for old netdb.h */ ++#ifndef AI_PASSIVE ++#define AI_PASSIVE 1 ++#define NI_NUMERICHOST 2 ++#define NI_NAMEREQD 4 ++#define NI_NUMERICSERV 8 ++struct addrinfo { ++ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ ++ int ai_family; /* PF_xxx */ ++ int ai_socktype; /* SOCK_xxx */ ++ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ ++ size_t ai_addrlen; /* length of ai_addr */ ++ char *ai_canonname; /* canonical name for hostname */ ++ struct sockaddr *ai_addr; /* binary address */ ++ struct addrinfo *ai_next; /* next structure in linked list */ ++}; ++#endif ++#endif /* not ENABLE_IPV6 */ + + #endif /* SSH_H */ diff --git a/security/ssh6/patches/patch-bk b/security/ssh6/patches/patch-bk new file mode 100644 index 00000000000..738624dd945 --- /dev/null +++ b/security/ssh6/patches/patch-bk @@ -0,0 +1,691 @@ +$NetBSD: patch-bk,v 1.1 2000/03/20 02:25:43 itojun Exp $ + +--- sshconnect.c- Wed May 12 20:19:29 1999 ++++ sshconnect.c Mon Mar 20 09:20:32 2000 +@@ -215,7 +215,6 @@ + #include "userfile.h" + #include "emulate.h" + +-#ifdef KERBEROS + #ifdef KRB5 + #include <krb5.h> + +@@ -223,7 +222,19 @@ + krb5_context ssh_context = 0; + krb5_auth_context auth_context = 0; + #endif /* KRB5 */ +-#endif /* KERBEROS */ ++ ++#ifdef KRB4 ++#include <krb.h> ++#ifdef AFS ++#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 ++#include <sys/ioctl.h> ++#endif ++#ifdef HAVE_SYS_FILIO_H ++#include <sys/filio.h> ++#endif ++#include <kafs.h> ++#endif /* AFS */ ++#endif /* KRB4 */ + + /* Session id for the current session. */ + unsigned char session_id[16]; +@@ -337,7 +348,7 @@ + + /* Creates a (possibly privileged) socket for use as the ssh connection. */ + +-int ssh_create_socket(uid_t original_real_uid, int privileged) ++int ssh_create_socket(uid_t original_real_uid, int privileged, int family) + { + int sock; + +@@ -345,43 +356,62 @@ + bind our own socket to a privileged port. */ + if (privileged) + { +- struct sockaddr_in sin; ++ struct addrinfo hints, *ai = NULL; ++ int errgai; ++ char strport[PORTSTRLEN]; + int p; + for (p = 1023; p > 512; p--) + { +- sock = socket(AF_INET, SOCK_STREAM, 0); ++ sock = socket(family, SOCK_STREAM, 0); + if (sock < 0) +- fatal("socket: %.100s", strerror(errno)); ++ { ++ error("socket: %.100s", strerror(errno)); ++ continue; ++ } + +- /* Initialize the desired sockaddr_in structure. */ +- memset(&sin, 0, sizeof(sin)); +- sin.sin_family = AF_INET; +- sin.sin_addr.s_addr = INADDR_ANY; +- sin.sin_port = htons(p); ++ /* Initialize the desired addrinfo structure. */ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = family; ++ hints.ai_flags = AI_PASSIVE; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", p); ++ if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) ++ { ++ error("getaddrinfo: %.100s", gai_strerror(errgai)); ++ close(sock); ++ continue; ++ } + + /* Try to bind the socket to the privileged port. */ + #if defined(SOCKS) +- if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) ++ if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) + break; /* Success. */ + #else /* SOCKS */ +- if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) ++ if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) + break; /* Success. */ + #endif /* SOCKS */ + if (errno == EADDRINUSE) + { + close(sock); ++ if (ai) ++ { ++ freeaddrinfo(ai); ++ ai = NULL; ++ } + continue; + } +- fatal("bind: %.100s", strerror(errno)); ++ error("bind: %.100s", strerror(errno)); + } + debug("Allocated local port %d.", p); ++ if (ai) ++ freeaddrinfo(ai); + } + else + { + /* Just create an ordinary socket on arbitrary port. */ +- sock = socket(AF_INET, SOCK_STREAM, 0); ++ sock = socket(family, SOCK_STREAM, 0); + if (sock < 0) +- fatal("socket: %.100s", strerror(errno)); ++ error("socket: %.100s", strerror(errno)); + } + return sock; + } +@@ -396,14 +426,19 @@ + the daemon. */ + + int ssh_connect(const char *host, int port, int connection_attempts, ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ int another_port, ++#endif /* ENABLE_ANOTHER_PORT_TRY */ + int anonymous, uid_t original_real_uid, + const char *proxy_command, RandomState *random_state) + { + int sock = -1, attempt, i; + int on = 1; + struct servent *sp; +- struct hostent *hp; +- struct sockaddr_in hostaddr; ++ struct addrinfo hints, *ai, *aitop, *aitmp; ++ struct sockaddr_storage hostaddr; ++ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; ++ int gaierr; + #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) + struct linger linger; + #endif /* SO_LINGER */ +@@ -421,10 +456,6 @@ + port = SSH_DEFAULT_PORT; + } + +- /* Map localhost to ip-address locally */ +- if (strcmp(host, "localhost") == 0) +- host = "127.0.0.1"; +- + /* If a proxy command is given, connect using it. */ + if (proxy_command != NULL && *proxy_command) + return ssh_proxy_connect(host, port, original_real_uid, proxy_command, +@@ -432,9 +463,28 @@ + + /* No proxy command. */ + +- /* No host lookup made yet. */ +- hp = NULL; +- ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", port); ++ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) ++ fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); ++ ++#ifdef ENABLE_ANOTHER_PORT_TRY ++ if (another_port) ++ { ++ aitmp = aitop; ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = IPv4or6; ++ hints.ai_socktype = SOCK_STREAM; ++ sprintf(strport, "%d", another_port); ++ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) ++ fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); ++ for (ai = aitop; ai->ai_next; ai = ai->ai_next); ++ ai->ai_next = aitmp; ++ } ++#endif /* ENABLE_ANOTHER_PORT_TRY */ ++ + /* Try to connect several times. On some machines, the first time will + sometimes fail. In general socket code appears to behave quite + magically on many machines. */ +@@ -443,103 +493,29 @@ + if (attempt > 0) + debug("Trying again..."); + +- /* Try to parse the host name as a numeric inet address. */ +- memset(&hostaddr, 0, sizeof(hostaddr)); +- hostaddr.sin_family = AF_INET; +- hostaddr.sin_port = htons(port); +-#ifdef BROKEN_INET_ADDR +- hostaddr.sin_addr.s_addr = inet_network(host); +-#else /* BROKEN_INET_ADDR */ +- hostaddr.sin_addr.s_addr = inet_addr(host); +-#endif /* BROKEN_INET_ADDR */ +- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) +- { +- /* Create a socket. */ +- sock = ssh_create_socket(original_real_uid, +- !anonymous && geteuid() == UID_ROOT); +- +- /* Valid numeric IP address */ +- debug("Connecting to %.100s port %d.", +- inet_ntoa(hostaddr.sin_addr), port); +- +- /* Connect to the host. */ +-#if defined(SOCKS) +- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) +-#else /* SOCKS */ +- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) +-#endif /* SOCKS */ +- >= 0) +- { +- /* Successful connect. */ +- break; +- } +- debug("connect: %.100s", strerror(errno)); +- +- /* Destroy the failed socket. */ +- shutdown(sock, 2); +- close(sock); +- } +- else +- { +- /* Not a valid numeric inet address. */ +- /* Map host name to an address. */ +- if (!hp) +- { +- struct hostent *hp_static; +- +-#if defined(SOCKS5) +- hp_static = Rgethostbyname(host); +-#else +- hp_static = gethostbyname(host); +-#endif +- if (hp_static) +- { +- hp = xmalloc(sizeof(struct hostent)); +- memcpy(hp, hp_static, sizeof(struct hostent)); +- +- /* Copy list of addresses, not just pointers. +- We don't use h_name & h_aliases so leave them as is */ +- for (i = 0; hp_static->h_addr_list[i]; i++) +- ; /* count them */ +- hp->h_addr_list = xmalloc((i + 1) * +- sizeof(hp_static->h_addr_list[0])); +- for (i = 0; hp_static->h_addr_list[i]; i++) +- { +- hp->h_addr_list[i] = xmalloc(hp->h_length); +- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i], +- hp->h_length); +- } +- hp->h_addr_list[i] = NULL; /* last one */ +- } +- } +- if (!hp) +- fatal("Bad host name: %.100s", host); +- if (!hp->h_addr_list[0]) +- fatal("Host does not have an IP address: %.100s", host); +- + /* Loop through addresses for this host, and try each one in + sequence until the connection succeeds. */ +- for (i = 0; hp->h_addr_list[i]; i++) ++ for (ai = aitop; ai; ai = ai->ai_next) + { +- /* Set the address to connect to. */ +- hostaddr.sin_family = hp->h_addrtype; +- memcpy(&hostaddr.sin_addr, hp->h_addr_list[i], +- sizeof(hostaddr.sin_addr)); ++ getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV); + +- debug("Connecting to %.200s [%.100s] port %d.", +- host, inet_ntoa(hostaddr.sin_addr), port); ++ debug("Connecting to %.200s [%.100s] port %s.", ++ host, ntop, strport); + + /* Create a socket for connecting. */ + sock = ssh_create_socket(original_real_uid, +- !anonymous && geteuid() == UID_ROOT); ++ !anonymous && geteuid() == UID_ROOT, ++ ai->ai_family); ++ if (sock < 0) ++ continue; + + /* Connect to the host. */ + #if defined(SOCKS) +- if (Rconnect(sock, (struct sockaddr *)&hostaddr, +- sizeof(hostaddr)) >= 0) ++ if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) + #else /* SOCKS */ +- if (connect(sock, (struct sockaddr *)&hostaddr, +- sizeof(hostaddr)) >= 0) ++ if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) + #endif /* SOCKS */ + { + /* Successful connection. */ +@@ -552,22 +528,15 @@ + returned an error. */ + shutdown(sock, 2); + close(sock); +- } +- if (hp->h_addr_list[i]) ++ } /* for (ai = aitop; ai; ai = ai->ai_next) */ ++ if (ai) + break; /* Successful connection. */ +- } + + /* Sleep a moment before retrying. */ + sleep(1); + } + +- if (hp) +- { +- for (i = 0; hp->h_addr_list[i]; i++) +- xfree(hp->h_addr_list[i]); +- xfree(hp->h_addr_list); +- xfree(hp); +- } ++ freeaddrinfo(aitop); + + /* Return failure if we didn't get a successful connection. */ + if (attempt >= connection_attempts) +@@ -932,10 +901,9 @@ + return 0; + } + +-#ifdef KERBEROS ++#ifdef KRB5 + int try_kerberos_authentication(void) + { +-#ifdef KRB5 + char *remotehost; + krb5_data auth; + krb5_error_code r; +@@ -946,7 +914,7 @@ + int ap_opts, ret_stat = 0; + krb5_keyblock *session_key = 0; + krb5_ap_rep_enc_part *repl = 0; +- struct sockaddr_in local, foreign; ++ struct sockaddr_storage local, foreign; + + memset(&auth, 0 , sizeof(auth)); + remotehost = (char *) get_canonical_hostname(); +@@ -1084,15 +1052,118 @@ + krb5_free_ap_rep_enc_part(ssh_context, repl); + + return(ret_stat); ++} + #endif /* KRB5 */ ++ ++#ifdef KRB4 ++int try_kerberos_authentication() ++{ ++ KTEXT_ST auth; /* Kerberos data */ ++ char *reply; ++ char inst[INST_SZ]; ++ char *realm; ++ char *service; ++ CREDENTIALS cred; ++ int r, type; ++ Key_schedule schedule; ++ u_long checksum, cksum; ++ MSG_DAT msg_data; ++ struct sockaddr_in local, foreign; ++ struct stat st; ++ ++ /* Don't do anything if we don't have any tickets. */ ++ if (stat(tkt_string(), &st) < 0) return 0; ++ ++ strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); ++ ++ realm = (char *)krb_realmofhost(get_canonical_hostname()); ++ if (!realm) { ++ debug("Kerberos V4: no realm for %s", get_canonical_hostname()); ++ return 0; ++ } ++ /* This can really be anything. */ ++ checksum = (u_long) getpid(); ++ ++ if (r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum)) { ++ debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]); ++ return 0; ++ } ++ /* Get session key to decrypt the server's reply with. */ ++ if (r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred)) { ++ debug("get_cred failed: %s", krb_err_txt[r]); ++ return 0; ++ } ++ des_key_sched((des_cblock *)cred.session, schedule); ++ ++ /* Send authentication info to server. */ ++ packet_start(SSH_CMSG_AUTH_KERBEROS); ++ packet_put_string((char *)auth.dat, auth.length); ++ packet_send(); ++ packet_write_wait(); ++ ++ /* zero the buffer */ ++ (void) memset(auth.dat, 0, MAX_KTXT_LEN); ++ ++ r = sizeof(local); ++ memset(&local, 0, sizeof(local)); ++ if (getsockname(packet_get_connection_in(), ++ (struct sockaddr *) &local, &r) < 0) ++ debug("getsockname failed: %.100s", strerror(errno)); ++ ++ r = sizeof(foreign); ++ memset(&foreign, 0, sizeof(foreign)); ++ if (getpeername(packet_get_connection_in(), ++ (struct sockaddr *)&foreign, &r) < 0) ++ debug("getpeername failed: %.100s", strerror(errno)); ++ ++ /* Get server reply. */ ++ type = packet_read(); ++ switch(type) { ++ ++ case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ ++ debug("Kerberos V4 authentication failed."); ++ return 0; ++ break; ++ ++ case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ ++ debug("Kerberos V4 authentication accepted."); ++ ++ /* Get server's response. */ ++ reply = packet_get_string((unsigned int *)&auth.length); ++ memcpy(auth.dat, reply, auth.length); ++ xfree(reply); ++ ++ /* If his response isn't properly encrypted with the session key, ++ and the decrypted checksum fails to match, he's bogus. Bail out. */ ++ if (r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, ++ &foreign, &local, &msg_data)) { ++ debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]); ++ packet_disconnect("Kerberos V4 challenge failed!"); ++ } ++ /* fetch the (incremented) checksum that we supplied in the request */ ++ (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum)); ++ cksum = ntohl(cksum); ++ ++ /* If it matches, we're golden. */ ++ if (cksum == checksum + 1) { ++ debug("Kerberos V4 challenge successful."); ++ return 1; ++ } ++ else ++ packet_disconnect("Kerberos V4 challenge failed!"); ++ break; ++ ++ default: ++ packet_disconnect("Protocol error on Kerberos V4 response: %d", type); ++ } + } +-#endif /* KERBEROS */ ++#endif /* KRB4 */ ++ + +-#ifdef KERBEROS_TGT_PASSING + /* Forward our local Kerberos tgt to the server. */ ++#ifdef KRB5 + int send_kerberos_tgt(void) + { +-#ifdef KRB5 + char *remotehost; + krb5_principal client; + krb5_principal server; +@@ -1172,22 +1243,117 @@ + krb5_free_principal(ssh_context, client); + krb5_free_principal(ssh_context, server); + +- type = packet_read(); +- if (type == SSH_SMSG_SUCCESS) +- { +- debug("Kerberos V5 TGT passing was successful."); +- return 1; +- } +- else +- if (type != SSH_SMSG_FAILURE) +- packet_disconnect("Protocol error on Kerberos tgt response: %d", type); +- else +- debug("Kerberos V5 TGT passing failed."); +- +- return 0; ++ return 1; ++} + #endif /* KRB5 */ ++ ++#ifdef AFS ++int send_kerberos_tgt() ++{ ++ CREDENTIALS *creds; ++ char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; ++ int r, type; ++ unsigned char buffer[8192]; ++ struct stat st; ++ ++ /* Don't do anything if we don't have any tickets. */ ++ if (stat(tkt_string(), &st) < 0) return 0; ++ ++ creds = xmalloc(sizeof(CREDENTIALS)); ++ ++ if ((r=krb_get_tf_fullname(TKT_FILE,pname,pinst,prealm)) != KSUCCESS) { ++ debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]); ++ return 0; ++ } ++ if ((r=krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) { ++ debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]); ++ return 0; ++ } ++ if (time(0) > ++#ifdef HAVE_KRB_LIFE_TO_TIME ++ (unsigned long)krb_life_to_time(creds->issue_date, creds->lifetime)) { ++#else ++ (creds->issue_date + ((unsigned char)creds->lifetime * 5 * 60))) { ++#endif /* HAVE_KRB_LIFE_TO_TIME */ ++ debug("Kerberos V4 ticket expired: %s", TKT_FILE); ++ return 0; ++ } ++ ++ creds_to_radix(creds, buffer); ++ xfree(creds); ++ ++ packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); ++ packet_put_string((char *)buffer, strlen(buffer)); ++ packet_send(); ++ packet_write_wait(); ++ ++ return 1; ++} ++ ++/* Forwards our AFS tokens to the server. */ ++void send_afs_tokens(void) ++{ ++ CREDENTIALS creds; ++ struct ViceIoctl parms; ++ struct ClearToken ct; ++ int i, type; ++ int len; ++ char buf[2048], *p, *server_cell; ++ unsigned char buffer[8192]; ++ ++ /* Move over ktc_GetToken, here's something leaner. */ ++ for (i = 0; i < 100; i++) { /* just in case */ ++ parms.in = (char *)&i; ++ parms.in_size = sizeof(i); ++ parms.out = buf; ++ parms.out_size = sizeof(buf); ++ if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break; ++ p = buf; ++ ++ /* Get secret token. */ ++ memcpy(&creds.ticket_st.length, p, sizeof(unsigned int)); ++ if (creds.ticket_st.length > MAX_KTXT_LEN) break; ++ p += sizeof(unsigned int); ++ memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); ++ p += creds.ticket_st.length; ++ ++ /* Get clear token. */ ++ memcpy(&len, p, sizeof(len)); ++ if (len != sizeof(struct ClearToken)) break; ++ p += sizeof(len); ++ memcpy(&ct, p, len); ++ p += len; ++ p += sizeof(len); /* primary flag */ ++ server_cell = p; ++ ++ /* Flesh out our credentials. */ ++ strcpy(creds.service, "afs"); ++ creds.instance[0] = '\0'; ++ strncpy(creds.realm, server_cell, REALM_SZ); ++ memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); ++ creds.issue_date = ct.BeginTimestamp; ++ creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); ++ creds.kvno = ct.AuthHandle; ++ snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId); ++ creds.pinst[0] = '\0'; ++ ++ /* Encode token, ship it off. */ ++ if (!creds_to_radix(&creds, buffer)) break; ++ packet_start(SSH_CMSG_HAVE_AFS_TOKEN); ++ packet_put_string((char *)buffer, strlen(buffer)); ++ packet_send(); ++ packet_write_wait(); ++ ++ /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */ ++ type = packet_read(); ++ ++ if (type == SSH_SMSG_FAILURE) ++ debug("AFS token for cell %s rejected.", server_cell); ++ else if (type != SSH_SMSG_SUCCESS) ++ packet_disconnect("Protocol error on AFS token response: %d", type); ++ } + } +-#endif /* KERBEROS_TGT_PASSING */ ++#endif /* AFS */ + + /* Waits for the server identification string, and sends our own identification + string. */ +@@ -1285,14 +1451,12 @@ + unsigned char check_bytes[8]; + unsigned int supported_ciphers, supported_authentications, protocol_flags; + HostStatus host_status; +-#ifdef KERBEROS + #ifdef KRB5 + char *kuser; + krb5_ccache ccache; + krb5_error_code problem; + krb5_principal client; +-#endif +-#endif ++#endif /* KRB5 */ + + /* Convert the user-supplied hostname into all lowercase. */ + host = xstrdup(orighost); +@@ -1595,7 +1759,6 @@ + + debug("Received encrypted confirmation."); + +-#ifdef KERBEROS + #ifdef KRB5 + if (!ssh_context) + { +@@ -1629,7 +1792,6 @@ + debug("Kerberos V5: could not get default ccache."); + } + #endif /* KRB5 */ +-#endif /* KERBEROS */ + + /* Send the name of the user to log in as on the server. */ + packet_start(SSH_CMSG_USER); +@@ -1647,24 +1809,39 @@ + packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", + type); + +-#ifdef KERBEROS_TGT_PASSING ++#if defined(KRB5) || defined(AFS) + /* Try Kerberos tgt passing if the server supports it. */ + if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && + options->kerberos_tgt_passing) + { + if (options->cipher == SSH_CIPHER_NONE) + log_msg("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); +- (void)send_kerberos_tgt(); ++ if (send_kerberos_tgt()) ++ { ++ type = packet_read(); ++ if (type == SSH_SMSG_FAILURE) ++ debug("Kerberos TGT passing failed."); ++ else if (type != SSH_SMSG_SUCCESS) ++ packet_disconnect("Protocol error on Kerberos tgt response: %d", type); ++ } + } +-#endif /* KERBEROS_TGT_PASSING */ ++#endif /* KRB5 || AFS */ ++ ++#ifdef AFS ++ /* Try AFS token passing if the server supports it. */ ++ if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && ++ options->afs_token_passing && k_hasafs()) { ++ if (options->cipher == SSH_CIPHER_NONE) ++ log_msg("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); ++ send_afs_tokens(); ++ } ++#endif /* AFS */ + +-#ifdef KERBEROS +-#ifdef KRB5 ++#if defined(KRB4) || defined(KRB5) + if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && + options->kerberos_authentication) + { +- debug("Trying Kerberos V5 authentication."); +-#endif ++ debug("Trying Kerberos authentication."); + if (try_kerberos_authentication()) { + /* The server should respond with success or failure. */ + type = packet_read(); +@@ -1673,10 +1850,8 @@ + if (type != SSH_SMSG_FAILURE) + packet_disconnect("Protocol error: got %d in response to Kerberos auth", type); + } +-#ifdef KRB5 + } +-#endif +-#endif /* KERBEROS */ ++#endif /* KRB4 || KRB5 */ + + /* Use rhosts authentication if running in privileged socket and we do not + wish to remain anonymous. */ diff --git a/security/ssh6/patches/patch-bl b/security/ssh6/patches/patch-bl new file mode 100644 index 00000000000..a9c52c45a21 --- /dev/null +++ b/security/ssh6/patches/patch-bl @@ -0,0 +1,37 @@ +$NetBSD: patch-bl,v 1.1 2000/03/20 02:25:43 itojun Exp $ + +--- sshd.8.in.orig Wed May 12 07:19:31 1999 ++++ sshd.8.in Fri Dec 24 21:50:05 1999 +@@ -529,10 +529,10 @@ + + .TP + .B KerberosAuthentication +-Specifies whether Kerberos V5 authentication is allowed. This can ++Specifies whether Kerberos authentication is allowed. This can + be in the form of a Kerberos ticket, or if PasswordAuthentication + is yes, the password provided by the user will be validated through +-the Kerberos KDC or DCE Security Server. Default is yes. ++the Kerberos KDC / AFS kaserver / DCE Security Server. Default is yes. + + .TP + .B KerberosOrLocalPasswd +@@ -542,8 +542,18 @@ + + .TP + .B KerberosTgtPassing +-Specifies whether a Kerberos V5 TGT may be forwarded to the server. ++Specifies whether a Kerberos TGT may be forwarded to the server. + Default is yes. ++ ++.TP ++.B AFSTokenPassing ++Specifies whether an AFS token may be forwarded to the server. ++Default is yes. ++ ++.TP ++.B KerberosTicketCleanup ++Specifies whether to automatically destroy the user's Kerberos v4 ++ticket cache file on logout. Default is yes. + + .TP + .B KeyRegenerationInterval diff --git a/security/ssh/patches/patch-bm b/security/ssh6/patches/patch-bm index 696eed4235d..82083d8fdde 100644 --- a/security/ssh/patches/patch-bm +++ b/security/ssh6/patches/patch-bm @@ -1,4 +1,4 @@ -$NetBSD: patch-bm,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bm,v 1.1 2000/03/20 02:25:43 itojun Exp $ --- README-IPv6.orig Wed Dec 31 19:00:00 1969 +++ README-IPv6 Fri Dec 24 21:50:38 1999 diff --git a/security/ssh6/patches/patch-bn b/security/ssh6/patches/patch-bn new file mode 100644 index 00000000000..c46a09a8385 --- /dev/null +++ b/security/ssh6/patches/patch-bn @@ -0,0 +1,49 @@ +$NetBSD: patch-bn,v 1.1 2000/03/20 02:25:44 itojun Exp $ + +--- README.AFS-KERBEROS.orig Wed Dec 31 19:00:00 1969 ++++ README.AFS-KERBEROS Fri Dec 24 21:50:03 1999 +@@ -0,0 +1,44 @@ ++ ++ssh-1.2.27-afs-kerberos.patch-1 ++AFS, Kerberos v4 support for SSH ++ ++Here are the extra flags to configure, and what they do: ++ ++--with-krb4[=PATH] Compile in Kerberos v4 support: ++ Kerberos v4 authentication ++ Kerberos v4 password authentication ++ Kerberos v4 ~/.klogin authorization ++ ++These are all enabled by the 'KerberosAuthentication' config option. ++Kerberos v4 and Kerberos v5 support are mutually exclusive for now. ++PATH default is /usr/kerberos. ++ ++--with-hesiod[=PATH] Compile in support for Hesiod: ++ getpwnam(), getpwuid() replacements ++ ++--with-afs Compile in AFS support (requires KTH krb4): ++ ticket/token passing ++ process authentication groups ++ local Xauthority files (for AFS home dirs) ++ /ticket TKT_ROOT directory (if it exists) ++ ++Binaries built with AFS support will work just fine on non-AFS machines! ++You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src), ++or just their libkafs, also available separately from CMU as libkrbafs ++(http://andrew2.andrew.cmu.edu/dist/krbafs.html). ++ ++Additional Kerberos client and server config options (and their defaults): ++ ++ KerberosAuthentication yes ++ KerberosOrLocalPasswd no ++ KerberosTgtPassing yes ++ AFSTokenPassing yes ++ KerberosTicketCleanup yes ++ ++See sshd(8) and ssh(1) for details. ++ ++The latest version of this patch can be found at ++ ++ http://www.monkey.org/~dugsong/ssh-afs-kerberos.html ++ ++dugsong@monkey.org diff --git a/security/ssh/patches/patch-bo b/security/ssh6/patches/patch-bo index 7277f4c1613..7061e6500cb 100644 --- a/security/ssh/patches/patch-bo +++ b/security/ssh6/patches/patch-bo @@ -1,4 +1,4 @@ -$NetBSD: patch-bo,v 1.1 1999/12/25 05:28:37 kim Exp $ +$NetBSD: patch-bo,v 1.1 2000/03/20 02:25:44 itojun Exp $ --- gai.h.orig Wed Dec 31 19:00:00 1969 +++ gai.h Fri Dec 24 21:50:41 1999 diff --git a/security/ssh/patches/patch-bp b/security/ssh6/patches/patch-bp index 450889fa1c0..97c6ac152fe 100644 --- a/security/ssh/patches/patch-bp +++ b/security/ssh6/patches/patch-bp @@ -1,4 +1,4 @@ -$NetBSD: patch-bp,v 1.1 1999/12/25 05:28:38 kim Exp $ +$NetBSD: patch-bp,v 1.1 2000/03/20 02:25:44 itojun Exp $ --- getaddrinfo.c.orig Wed Dec 31 19:00:00 1969 +++ getaddrinfo.c Fri Dec 24 21:50:41 1999 diff --git a/security/ssh/patches/patch-bq b/security/ssh6/patches/patch-bq index 836d7d26612..dbd8fdc7bdd 100644 --- a/security/ssh/patches/patch-bq +++ b/security/ssh6/patches/patch-bq @@ -1,4 +1,4 @@ -$NetBSD: patch-bq,v 1.1 1999/12/25 05:28:38 kim Exp $ +$NetBSD: patch-bq,v 1.1 2000/03/20 02:25:44 itojun Exp $ --- getnameinfo.c.orig Wed Dec 31 19:00:00 1969 +++ getnameinfo.c Fri Dec 24 21:50:41 1999 diff --git a/security/ssh6/patches/patch-br b/security/ssh6/patches/patch-br new file mode 100644 index 00000000000..5bb65d934e6 --- /dev/null +++ b/security/ssh6/patches/patch-br @@ -0,0 +1,272 @@ +$NetBSD: patch-br,v 1.1 2000/03/20 02:25:44 itojun Exp $ + +--- radix.c.orig Wed Dec 31 19:00:00 1969 ++++ radix.c Fri Dec 24 21:50:04 1999 +@@ -0,0 +1,267 @@ ++/* ++ radix.c ++ ++ base-64 encoding pinched from lynx2-7-2, who pinched it from rpem. ++ Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991 ++ and placed in the public domain. ++ ++ dugsong@UMICH.EDU ++*/ ++ ++#include "includes.h" ++ ++#ifdef AFS ++#include <krb.h> ++#include <kafs.h> ++ ++char six2pr[64] = { ++ 'A','B','C','D','E','F','G','H','I','J','K','L','M', ++ 'N','O','P','Q','R','S','T','U','V','W','X','Y','Z', ++ 'a','b','c','d','e','f','g','h','i','j','k','l','m', ++ 'n','o','p','q','r','s','t','u','v','w','x','y','z', ++ '0','1','2','3','4','5','6','7','8','9','+','/' ++}; ++ ++unsigned char pr2six[256]; ++ ++int uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded) ++{ ++ /* ENC is the basic 1 character encoding function to make a char printing */ ++#define ENC(c) six2pr[c] ++ ++ register char *outptr = bufcoded; ++ unsigned int i; ++ ++ for (i=0; i<nbytes; i += 3) { ++ *(outptr++) = ENC(*bufin >> 2); /* c1 */ ++ *(outptr++) = ENC(((*bufin << 4) & 060) | ((bufin[1] >> 4) & 017)); /*c2*/ ++ *(outptr++) = ENC(((bufin[1] << 2) & 074) | ((bufin[2] >> 6) & 03));/*c3*/ ++ *(outptr++) = ENC(bufin[2] & 077); /* c4 */ ++ bufin += 3; ++ } ++ if (i == nbytes+1) { ++ outptr[-1] = '='; ++ } else if (i == nbytes+2) { ++ outptr[-1] = '='; ++ outptr[-2] = '='; ++ } ++ *outptr = '\0'; ++ return(outptr - bufcoded); ++} ++ ++int uudecode(char *bufcoded, unsigned char *bufplain, int outbufsize) ++{ ++ /* single character decode */ ++#define DEC(c) pr2six[c] ++#define MAXVAL 63 ++ ++ static int first = 1; ++ int nbytesdecoded, j; ++ register char *bufin = bufcoded; ++ register unsigned char *bufout = bufplain; ++ register int nprbytes; ++ ++ /* If this is the first call, initialize the mapping table. */ ++ if (first) { ++ first = 0; ++ for(j=0; j<256; j++) pr2six[j] = MAXVAL+1; ++ for(j=0; j<64; j++) pr2six[(unsigned char)six2pr[j]] = (unsigned char)j; ++ } ++ ++ /* Strip leading whitespace. */ ++ while (*bufcoded==' ' || *bufcoded == '\t') bufcoded++; ++ ++ /* Figure out how many characters are in the input buffer. ++ If this would decode into more bytes than would fit into ++ the output buffer, adjust the number of input bytes downwards. */ ++ bufin = bufcoded; ++ while (pr2six[(unsigned char)*(bufin++)] <= MAXVAL); ++ nprbytes = bufin - bufcoded - 1; ++ nbytesdecoded = ((nprbytes+3)/4) * 3; ++ if (nbytesdecoded > outbufsize) ++ nprbytes = (outbufsize*4)/3; ++ ++ bufin = bufcoded; ++ ++ while (nprbytes > 0) { ++ *(bufout++) = (unsigned char) (DEC(*bufin) << 2 | DEC(bufin[1]) >> 4); ++ *(bufout++) = (unsigned char) (DEC(bufin[1]) << 4 | DEC(bufin[2]) >> 2); ++ *(bufout++) = (unsigned char) (DEC(bufin[2]) << 6 | DEC(bufin[3])); ++ bufin += 4; ++ nprbytes -= 4; ++ } ++ if (nprbytes & 03) { ++ if (pr2six[bufin[-2]] > MAXVAL) ++ nbytesdecoded -= 2; ++ else ++ nbytesdecoded -= 1; ++ } ++ return(nbytesdecoded); ++} ++ ++typedef unsigned char my_u_char; ++typedef unsigned int my_u_int32_t; ++typedef unsigned short my_u_short; ++ ++/* Nasty macros from BIND-4.9.2 */ ++ ++#define GETSHORT(s, cp) { \ ++ register my_u_char *t_cp = (my_u_char*)(cp); \ ++ (s) = (((my_u_short)t_cp[0]) << 8) \ ++ | (((my_u_short)t_cp[1])) \ ++ ; \ ++ (cp) += 2; \ ++} ++ ++#define GETLONG(l, cp) { \ ++ register my_u_char *t_cp = (my_u_char*)(cp); \ ++ (l) = (((my_u_int32_t)t_cp[0]) << 24) \ ++ | (((my_u_int32_t)t_cp[1]) << 16) \ ++ | (((my_u_int32_t)t_cp[2]) << 8) \ ++ | (((my_u_int32_t)t_cp[3])) \ ++ ; \ ++ (cp) += 4; \ ++} ++ ++#define PUTSHORT(s, cp) { \ ++ register my_u_short t_s = (my_u_short)(s); \ ++ register my_u_char *t_cp = (my_u_char*)(cp); \ ++ *t_cp++ = t_s >> 8; \ ++ *t_cp = t_s; \ ++ (cp) += 2; \ ++} ++ ++#define PUTLONG(l, cp) { \ ++ register my_u_int32_t t_l = (my_u_int32_t)(l); \ ++ register my_u_char *t_cp = (my_u_char*)(cp); \ ++ *t_cp++ = t_l >> 24; \ ++ *t_cp++ = t_l >> 16; \ ++ *t_cp++ = t_l >> 8; \ ++ *t_cp = t_l; \ ++ (cp) += 4; \ ++} ++ ++#define GETSTRING(s, p, p_l) { \ ++ register char* p_targ = (p) + p_l; \ ++ register char* s_c = (s); \ ++ register char* p_c = (p); \ ++ while (*p_c && (p_c < p_targ)) { \ ++ *s_c++ = *p_c++; \ ++ } \ ++ if (p_c == p_targ) { \ ++ return 1; \ ++ } \ ++ *s_c = *p_c++; \ ++ (p_l) = (p_l) - (p_c - (p)); \ ++ (p) = p_c; \ ++} ++ ++ ++int creds_to_radix(CREDENTIALS *creds, unsigned char *buf) ++{ ++ char *p, *s; ++ int len; ++ char temp[2048]; ++ ++ p = temp; ++ *p++ = 1; /* version */ ++ s = creds->service; while (*s) *p++ = *s++; *p++ = *s; ++ s = creds->instance; while (*s) *p++ = *s++; *p++ = *s; ++ s = creds->realm; while (*s) *p++ = *s++; *p++ = *s; ++ ++ s = creds->pname; while (*s) *p++ = *s++; *p++ = *s; ++ s = creds->pinst; while (*s) *p++ = *s++; *p++ = *s; ++ /* Null string to repeat the realm. */ ++ *p++ = '\0'; ++ ++ PUTLONG(creds->issue_date,p); ++ { ++ unsigned long endTime ; ++#ifdef HAVE_KRB_LIFE_TO_TIME ++ endTime = (unsigned long)krb_life_to_time(creds->issue_date, ++ creds->lifetime); ++#else /* !HAVE_KRB_LIFE_TO_TIME */ ++ endTime = creds->issue_date + ((unsigned char)(creds->lifetime))*5*60; ++#endif /* !HAVE_KRB_LIFE_TO_TIME */ ++ PUTLONG(endTime,p); ++ } ++ ++ memcpy(p,&creds->session, sizeof(creds->session)); ++ p += sizeof(creds->session); ++ ++ PUTSHORT(creds->kvno,p); ++ PUTLONG(creds->ticket_st.length,p); ++ ++ memcpy(p,creds->ticket_st.dat, creds->ticket_st.length); ++ p += creds->ticket_st.length; ++ len = p - temp; ++ ++ return(uuencode(temp, len, buf)); ++} ++ ++int radix_to_creds(char *buf, CREDENTIALS *creds) ++{ ++ ++ char *p, *s; ++ int len, tl, status; ++ char version; ++ char temp[2048]; ++ ++ if (!(len = uudecode(buf, temp, sizeof(temp)))) ++ return 0; ++ ++ p = temp; ++ ++ /* check version and length! */ ++ if (len < 1) return 0; ++ version = *p; p++; len--; ++ ++ GETSTRING(creds->service, p, len); ++ GETSTRING(creds->instance, p, len); ++ GETSTRING(creds->realm, p, len); ++ ++ GETSTRING(creds->pname, p, len); ++ GETSTRING(creds->pinst, p, len); ++ /* Ignore possibly different realm. */ ++ while (*p && len) p++, len--; ++ if (len == 0) return 0; ++ p++, len--; ++ ++ /* Enough space for remaining fixed-length parts? */ ++ if (len < (4 + 4 + sizeof(creds->session) + 2 + 4)) ++ return 0; ++ ++ GETLONG(creds->issue_date,p); ++ len -= 4; ++ { ++ unsigned long endTime; ++ GETLONG(endTime,p); ++ len -= 4; ++#ifdef HAVE_KRB_LIFE_TO_TIME ++ creds->lifetime = krb_time_to_life(creds->issue_date, endTime); ++#else ++ creds->lifetime = ((endTime - creds->issue_date) + 5*60 - 1) / (5*60); ++#endif ++ } ++ ++ memcpy(&creds->session, p, sizeof(creds->session)); ++ p += sizeof(creds->session); ++ len -= sizeof(creds->session); ++ ++ GETSHORT(creds->kvno,p); ++ len -= 2; ++ GETLONG(creds->ticket_st.length,p); ++ len -= 4; ++ ++ tl = creds->ticket_st.length; ++ if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat)) ++ return 0; ++ ++ memcpy(creds->ticket_st.dat, p, tl); ++ p += tl; ++ len -= tl; ++ ++ return 1; ++} ++ ++#endif /* AFS */ diff --git a/security/ssh6/patches/patch-la b/security/ssh6/patches/patch-la new file mode 100644 index 00000000000..feaa3c05026 --- /dev/null +++ b/security/ssh6/patches/patch-la @@ -0,0 +1,28 @@ +$NetBSD: patch-la,v 1.1 2000/03/20 02:25:44 itojun Exp $ + +--- userfile.c.orig Mon Mar 6 15:18:17 2000 ++++ userfile.c Mon Mar 6 15:18:25 2000 +@@ -180,7 +180,7 @@ + #endif + + +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + #include <login_cap.h> + #endif + +@@ -644,9 +644,13 @@ + /* Child. We will start serving request. */ + if (uid != geteuid() || uid != getuid()) + { +-#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) ++#if (defined (__FreeBSD__) || defined(__NetBSD__)) && defined(HAVE_LOGIN_CAP_H) + struct passwd * pw = getpwuid(uid); ++#if defined(__NetBSD__) ++ login_cap_t * lc = login_getpwclass(pw); ++#else + login_cap_t * lc = login_getuserclass(pw); ++#endif + if (setusercontext(lc, pw, uid, + LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH | + LOGIN_SETENV)) < 0) diff --git a/security/ssh6/pkg/COMMENT b/security/ssh6/pkg/COMMENT new file mode 100644 index 00000000000..9432614680e --- /dev/null +++ b/security/ssh6/pkg/COMMENT @@ -0,0 +1 @@ +Secure shell client and server (remote login program) diff --git a/security/ssh6/pkg/DEINSTALL b/security/ssh6/pkg/DEINSTALL new file mode 100644 index 00000000000..0774f8db341 --- /dev/null +++ b/security/ssh6/pkg/DEINSTALL @@ -0,0 +1,18 @@ +#! /bin/sh +# +# $NetBSD: DEINSTALL,v 1.1 2000/03/20 02:25:47 itojun Exp $ +# + +case "$2" in + DEINSTALL) cat <<EOF + +============================================================= +Note that ssh configuration, key, and random-seed files +(@SSH_CONF_DIR@/ssh*) are not removed in the deinstallation +process. You should remove those by hand, if you no longer +need them. +============================================================= + +EOF + ;; +esac diff --git a/security/ssh6/pkg/DESCR b/security/ssh6/pkg/DESCR new file mode 100644 index 00000000000..5c76294d0b0 --- /dev/null +++ b/security/ssh6/pkg/DESCR @@ -0,0 +1,98 @@ +SSH (Secure Shell) is a program to log into another computer over a +network, to execute commands in a remote machine, and to move files +from one machine to another. It provides strong authentication and +secure communications over insecure channels. It is intended as a +replacement for rlogin, rsh, rcp, and rdist. + +FEATURES + + o Strong authentication. Closes several security holes (e.g., IP, + routing, and DNS spoofing). New authentication methods: .rhosts + together with RSA based host authentication, and pure RSA + authentication. + + o Improved privacy. All communications are automatically and + transparently encrypted. RSA is used for key exchange, and a + conventional cipher (normally IDEA, Blowfish, or triple-DES) for + encrypting the session. Encryption is started before + authentication, and no passwords or other information is + transmitted in the clear. Encryption is also used to protect + against spoofed packets. + + o Secure X11 sessions. The program automatically sets DISPLAY on + the server machine, and forwards any X11 connections over the + secure channel. Fake Xauthority information is automatically + generated and forwarded to the remote machine; the local client + automatically examines incoming X11 connections and replaces the + fake authorization data with the real data (never telling the + remote machine the real information). + + o Arbitrary TCP/IP ports can be redirected through the encrypted channel + in both directions (e.g., for e-cash transactions). + + o No retraining needed for normal users; everything happens + automatically, and old .rhosts files will work with strong + authentication if administration installs host key files. + + o Never trusts the network. Minimal trust on the remote side of + the connection. Minimal trust on domain name servers. Pure RSA + authentication never trusts anything but the private key. + + o Client RSA-authenticates the server machine in the beginning of + every connection to prevent trojan horses (by routing or DNS + spoofing) and man-in-the-middle attacks, and the server + RSA-authenticates the client machine before accepting .rhosts or + /etc/hosts.equiv authentication (to prevent DNS, routing, or + IP-spoofing). + + o Host authentication key distribution can be centrally by the + administration, automatically when the first connection is made + to a machine (the key obtained on the first connection will be + recorded and used for authentication in the future), or manually + by each user for his/her own use. The central and per-user host + key repositories are both used and complement each other. Host + keys can be generated centrally or automatically when the software + is installed. Host authentication keys are typically 1024 bits. + + o Any user can create any number of user authentication RSA keys for + his/her own use. Each user has a file which lists the RSA public + keys for which proof of possession of the corresponding private + key is accepted as authentication. User authentication keys are + typically 1024 bits. + + o The server program has its own server RSA key which is + automatically regenerated every hour. This key is never saved in + any file. Exchanged session keys are encrypted using both the + server key and the server host key. The purpose of the separate + server key is to make it impossible to decipher a captured session by + breaking into the server machine at a later time; one hour from + the connection even the server machine cannot decipher the session + key. The key regeneration interval is configurable. The server + key is normally 768 bits. + + o An authentication agent, running in the user's laptop or local + workstation, can be used to hold the user's RSA authentication + keys. Ssh automatically forwards the connection to the + authentication agent over any connections, and there is no need to + store the RSA authentication keys on any machine in the network + (except the user's own local machine). The authentication + protocols never reveal the keys; they can only be used to verify + that the user's agent has a certain key. Eventually the agent + could rely on a smart card to perform all authentication + computations. + + o The software can be installed and used (with restricted + functionality) even without root privileges. + + o The client is customizable in system-wide and per-user + configuration files. Most aspects of the client's operation can + be configured. Different options can be specified on a per-host basis. + + o Automatically executes conventional rsh (after displaying a + warning) if the server machine is not running sshd. + + o Optional compression of all data with gzip (including forwarded X11 + and TCP/IP port data), which may result in significant speedups on + slow connections. + + o Complete replacement for rlogin, rsh, and rcp. diff --git a/security/ssh6/pkg/MESSAGE b/security/ssh6/pkg/MESSAGE new file mode 100644 index 00000000000..41d28c28b6b --- /dev/null +++ b/security/ssh6/pkg/MESSAGE @@ -0,0 +1,19 @@ +========================================================================== +$NetBSD: MESSAGE,v 1.1 2000/03/20 02:25:47 itojun Exp $ + +If "starter" configuration files were installed (in @SSH_CONF_DIR@) +when the package was installed, be sure to examine them (and the man pages +for ssh and sshd) to determine whether you want to make any changes. + +Copies of the example configuration files are installed in +@PREFIX@/share/examples/ssh, so those can still be used for reference +after you have made changes to those installed in @SSH_CONF_DIR@, or if +you had existing configuration files, which would not be overwritten in +the installation process. + +In general, you will want to set up /etc/rc.local to start sshd at boot +time. Something like the following should do the job: + +# Run sshd if installed and configured +@PREFIX@/etc/rc.d/sshd.sh +========================================================================== diff --git a/security/ssh6/pkg/PLIST b/security/ssh6/pkg/PLIST new file mode 100644 index 00000000000..4aa3393b9cf --- /dev/null +++ b/security/ssh6/pkg/PLIST @@ -0,0 +1,40 @@ +@comment $NetBSD: PLIST,v 1.1 2000/03/20 02:25:48 itojun Exp $ +bin/ssh +bin/ssh1 +bin/scp +bin/scp1 +bin/slogin +bin/ssh-add +bin/ssh-add1 +bin/ssh-agent +bin/ssh-agent1 +bin/ssh-keygen +bin/ssh-keygen1 +bin/make-ssh-known-hosts +bin/make-ssh-known-hosts1 +etc/rc.d/sshd.sh +man/man1/make-ssh-known-hosts1.1 +man/man1/make-ssh-known-hosts.1 +man/man1/scp.1 +man/man1/scp1.1 +man/man1/ssh-add.1 +man/man1/ssh-add1.1 +man/man1/ssh-agent.1 +man/man1/ssh-agent1.1 +man/man1/ssh-keygen.1 +man/man1/ssh-keygen1.1 +man/man1/ssh.1 +man/man1/ssh1.1 +man/man1/slogin.1 +man/man1/slogin1.1 +man/man8/sshd.8 +man/man8/sshd1.8 +sbin/sshd +sbin/sshd1 +share/examples/ssh/ssh_config +share/examples/ssh/sshd_config +@exec if [ ! -d @SSH_CONF_DIR@ ]; then echo "Creating directory @SSH_CONF_DIR@ for ssh config files.." ; mkdir -p @SSH_CONF_DIR@; fi +@exec if [ ! -f @SSH_CONF_DIR@/ssh_config ]; then echo "Installing example ssh_config in @SSH_CONF_DIR@.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/ssh_config @SSH_CONF_DIR@; fi +@exec if [ ! -f @SSH_CONF_DIR@/sshd_config ]; then echo "Installing example sshd_config in @SSH_CONF_DIR@.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/sshd_config @SSH_CONF_DIR@; fi +@exec if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]; then echo "Generating a secret host key in @SSH_CONF_DIR@.." ; %D/bin/ssh-keygen -N "" -f @SSH_CONF_DIR@/ssh_host_key; fi +@dirrm share/examples/ssh |