diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index 9baaa3b..0000000 --- a/.cvsignore +++ /dev/null @@ -1,28 +0,0 @@ -*.0 -*.out -Makefile -autom4te.cache -buildit.sh -buildpkg.sh -config.cache -config.h -config.h.in -config.log -config.status -configure -openssh.xml -opensshd.init -scp -sftp -sftp-server -ssh -ssh-add -ssh-agent -ssh-keygen -ssh-keyscan -ssh-keysign -ssh-pkcs11-helper -sshd -stamp-h.in -survey -survey.sh diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 506b42b..0000000 --- a/.gitattributes +++ /dev/null @@ -1,31 +0,0 @@ -# Auto detect text files and perform LF normalization -* text=auto - -# Custom for Visual Studio -*.cs diff=csharp - -# Standard to msysgit -*.doc diff=astextplain -*.DOC diff=astextplain -*.docx diff=astextplain -*.DOCX diff=astextplain -*.dot diff=astextplain -*.DOT diff=astextplain -*.pdf diff=astextplain -*.PDF diff=astextplain -*.rtf diff=astextplain -*.RTF diff=astextplain - - -# conditions for Win32-OpenSSH -*.sh text eol=lf -config.sub text eol=lf -fixalgorithms text eol=lf -runconfigure text eol=lf -configure text eol=lf -config.guess text eol=lf -config.sub text eol=lf -win32_build text eol=lf -win32_config.guess text eol=lf -win32_config.sub text eol=lf - diff --git a/.gitignore b/.gitignore index aa1a453..1e9a2cc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,37 +1,14 @@ -################# -## Eclipse -################# +################################################################################ +# This .gitignore file was automatically created by Microsoft(R) Visual Studio. +################################################################################ -*.pydevproject -.project -.metadata -bin/ -tmp/ -*.tmp -*.bak -*.swp -*~.nib -local.properties -.classpath -.settings/ -.loadpath - -# External tool builders -.externalToolBuilders/ - -# Locally stored "Eclipse launch configurations" -*.launch - -# CDT-specific -.cproject - -# PDT-specific -.buildpath - - -################# -## Visual Studio -################# +/bin/x64/Debug +/contrib/win32/openssh/.vs/Win32-OpenSSH/v14 +/contrib/win32/openssh/lib +/contrib/win32/openssh/Win32/Debug/config/config.tlog +/contrib/win32/openssh/Win32/Debug/libssh/libssh.tlog +/contrib/win32/openssh/Win32/Debug/libssh +/config.h ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. @@ -39,23 +16,51 @@ local.properties # User-specific files *.suo *.user +*.userosscache *.sln.docstates -# Build results +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs +# Build results [Dd]ebug/ +[Dd]ebugPublic/ [Rr]elease/ +[Rr]eleases/ x64/ -build/ +x86/ +bld/ [Bb]in/ [Oo]bj/ +[Ll]og/ + +# Visual Studio 2015 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ # MSTest test Results [Tt]est[Rr]esult*/ [Bb]uild[Ll]og.* +# NUNIT +*.VisualState.xml +TestResult.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# DNX +project.lock.json +project.fragment.lock.json +artifacts/ +Properties/launchSettings.json + *_i.c *_p.c +*_i.h *.ilk *.meta *.obj @@ -75,21 +80,33 @@ build/ *.vssscc .builds *.pidb -*.log +*.svclog *.scc +*.c.bak +*.h.bak + +# Chutzpah Test files +_Chutzpah* # Visual C++ cache files ipch/ *.aps *.ncb +*.opendb *.opensdf *.sdf *.cachefile +*.VC.db +*.VC.VC.opendb # Visual Studio profiler *.psess *.vsp *.vspx +*.sap + +# TFS 2012 Local Workspace +$tf/ # Guidance Automation Toolkit *.gpState @@ -97,6 +114,10 @@ ipch/ # ReSharper is a .NET coding add-in _ReSharper*/ *.[Rr]e[Ss]harper +*.DotSettings.user + +# JustCode is a .NET coding add-in +.JustCode # TeamCity is a build add-in _TeamCity* @@ -104,9 +125,21 @@ _TeamCity* # DotCover is a Code Coverage Tool *.dotCover +# Visual Studio code coverage results +*.coverage +*.coveragexml + # NCrunch -*.ncrunch* +_NCrunch_* .*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ # Installshield output folder [Ee]xpress/ @@ -125,169 +158,129 @@ DocProject/Help/html publish/ # Publish Web Output -*.Publish.xml +*.[Pp]ublish.xml +*.azurePubxml +# TODO: Comment the next line if you want to checkin your web deploy settings +# but database connection strings (with potential passwords) will be unencrypted *.pubxml *.publishproj -# NuGet Packages Directory -## TODO: If you have NuGet Package Restore enabled, uncomment the next line -#packages/ +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ -# Windows Azure Build Output -csx +# NuGet Packages +*.nupkg +# The packages folder can be ignored because of Package Restore +**/packages/* +# except build/, which is used as an MSBuild target. +!**/packages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/packages/repositories.config +# NuGet v3's project.json files produces more ignoreable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ *.build.csdef -# Windows Store app package directory +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!*.[Cc]ache/ # Others -sql/ -*.Cache ClientBin/ -[Ss]tyle[Cc]op.* ~$* *~ *.dbmdl -*.[Pp]ublish.xml +*.dbproj.schemaview +*.jfm *.pfx *.publishsettings +node_modules/ +orleans.codegen.cs + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ # RIA/Silverlight projects Generated_Code/ -# Backup & report files from converting an old project file to a newer -# Visual Studio version. Backup files are not needed, because we have git ;-) +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) _UpgradeReport_Files/ Backup*/ UpgradeLog*.XML UpgradeLog*.htm # SQL Server files -App_Data/*.mdf -App_Data/*.ldf +*.mdf +*.ldf -############# -## Windows detritus -############# +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings -# Windows image file caches -Thumbs.db -ehthumbs.db +# Microsoft Fakes +FakesAssemblies/ -# Folder config file -Desktop.ini +# GhostDoc plugin setting file +*.GhostDoc.xml -# Recycle Bin used on file shares -$RECYCLE.BIN/ +# Node.js Tools for Visual Studio +.ntvs_analysis.dat -# Mac crap -.DS_Store +# Visual Studio 6 build log +*.plg +# Visual Studio 6 workspace options file +*.opt -############# -## Python -############# +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw -*.py[cod] +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions -# Packages -*.egg -*.egg-info -dist/ -build/ -eggs/ -parts/ -var/ -sdist/ -develop-eggs/ -.installed.cfg +# Paket dependency manager +.paket/paket.exe +paket-files/ -# Installer logs -pip-log.txt +# FAKE - F# Make +.fake/ -# Unit test / coverage reports -.coverage -.tox +# JetBrains Rider +.idea/ +*.sln.iml -#Translations -*.mo +# CodeRush +.cr/ -#Mr Developer -.mr.developer.cfg +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc -################## -# Win32-OpenSSH -################## - -*.o -*.dll -*.exe -*.out -*.a -#Makefile -config.status -openssh.xml -opensshd.init -survey.sh -buildpkg.sh -ssh_host_rsa_key.pub -ssh_host_rsa_key -ssh_host_rsa_key -ssh_host_rsa_key -ssh_host_dsa_key -ssh_host_dsa_key.pub -ssh_host_ecdsa_key.pub -ssh_host_ecdsa_key -ssh_host_ed25519_key -ssh_host_ed25519_key.pub -ssh_host_rsa_key.pub -id_rsa.pub -id_rsa -id_dsa.pub -id_dsa -is_rsa -is_rsa.pub -regress/t10.out.pub -regress/t12.out.pub -regress/t6.out1 -regress/t8.out.pub -regress/t9.out.pub -regress/t6.out1 -regress/t10.out.pub -regress/t10.out.pub -regress/t6.out1 -Makefile -openbsd-compat/Makefile -openbsd-compat/regress/Makefile -contrib/win32/win32compat/Makefile -regress/rsa_ssh2_cr.prv -regress/rsa_ssh2_crnl.prv -regress/t7.out.pub -regress/t6.out2 -config.h -config.h.in -configure -config.h.tail -config.sub -config.guess -Makefile.in - - -#temp key files -d2utmpa* -configure -contrib/win32/openssh/Win32-OpenSSH.VC.opendb -contrib/win32/openssh/Win32-OpenSSH.VC.db -*.opendb -*.db - -# Visual C++ cache files -ipch/ -*.aps -*.ncb -*.opendb -*.opensdf -*.sdf -*.cachefile -*.VC.db -*.VC.VC.opendb \ No newline at end of file +# Cake - Uncomment if you are using it +# tools/ \ No newline at end of file diff --git a/.skipped-commit-ids b/.skipped-commit-ids new file mode 100644 index 0000000..02088ce --- /dev/null +++ b/.skipped-commit-ids @@ -0,0 +1,11 @@ +321065a95a7ccebdd5fd08482a1e19afbf524e35 Update DH groups +d4f699a421504df35254cf1c6f1a7c304fb907ca Remove 1k bit groups +aafe246655b53b52bc32c8a24002bc262f4230f7 Remove intermediate moduli +8fa9cd1dee3c3339ae329cf20fb591db6d605120 put back SSH1 for 6.9 +f31327a48dd4103333cc53315ec53fe65ed8a17a Generate new moduli +edbfde98c40007b7752a4ac106095e060c25c1ef Regen moduli +052fd565e3ff2d8cec3bc957d1788f50c827f8e2 Switch to tame-based sandbox +7cf73737f357492776223da1c09179fa6ba74660 Remove moduli <2k +180d84674be1344e45a63990d60349988187c1ae Update moduli +f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead. +96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index ee6460d..0000000 --- a/ChangeLog +++ /dev/null @@ -1,1723 +0,0 @@ -20110906 - - (djm) [README version.h] Correct version - - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon - - (djm) Respin OpenSSH-5.9p1 release - -20110905 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Update version numbers. - -20110904 - - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal - regress errors for the sandbox to warnings. ok tim dtucker - - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations - ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen - support. - -20110829 - - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting - to switch SELinux context away from unconfined_t, based on patch from - Jan Chadima; bz#1919 ok dtucker@ - -20110827 - - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. - -20110818 - - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze - -20110817 - - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for - OpenSSL 0.9.7. ok djm - - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] - binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen - - (djm) [configure.ac] error out if the host lacks the necessary bits for - an explicitly requested sandbox type - - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by - bisson AT archlinux.org - - (djm) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 - [regress/cfgmatch.sh] - use OBJ to find test configs, patch from Tim Rice - - markus@cvs.openbsd.org 2011/06/30 22:44:43 - [regress/connect-privsep.sh] - test with sandbox enabled; ok djm@ - - djm@cvs.openbsd.org 2011/08/02 01:23:41 - [regress/cipher-speed.sh regress/try-ciphers.sh] - add SHA256/SHA512 based HMAC modes - - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 - MAC tests for platforms that hack EVP_SHA2 support - -20110812 - - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context - change error by reporting old and new context names Patch from - jchadima at redhat. - - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] - [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES - init scrips from imorgan AT nas.nasa.gov; bz#1920 - - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the - identify file contained whitespace. bz#1828 patch from gwenael.lambrouin - AT gmail.com; ok dtucker@ - -20110807 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2008/06/26 06:59:39 - [moduli.5] - tweak previous; - - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 - [moduli.5] - "Diffie-Hellman" is the usual spelling for the cryptographic protocol - first published by Whitfield Diffie and Martin Hellman in 1976. - ok jmc@ - - jmc@cvs.openbsd.org 2010/10/14 20:41:28 - [moduli.5] - probabalistic -> probabilistic; from naddy - - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 - [sftp.1] - typo, fix from Laurent Gautrot - -20110805 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/23 23:35:42 - [monitor.c] - ignore EINTR errors from poll() - - tedu@cvs.openbsd.org 2011/07/06 18:09:21 - [authfd.c] - bzero the agent address. the kernel was for a while very cranky about - these things. evne though that's fixed, always good to initialize - memory. ok deraadt djm - - djm@cvs.openbsd.org 2011/07/29 14:42:45 - [sandbox-systrace.c] - fail open(2) with EPERM rather than SIGKILLing the whole process. libc - will call open() to do strerror() when NLS is enabled; - feedback and ok markus@ - - markus@cvs.openbsd.org 2011/08/01 19:18:15 - [gss-serv.c] - prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); - report Adam Zabrock; ok djm@, deraadt@ - - djm@cvs.openbsd.org 2011/08/02 01:22:11 - [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] - Add new SHA256 and SHA512 based HMAC modes from - http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt - Patch from mdb AT juniper.net; feedback and ok markus@ - - djm@cvs.openbsd.org 2011/08/02 23:13:01 - [version.h] - crank now, release later - - djm@cvs.openbsd.org 2011/08/02 23:15:03 - [ssh.c] - typo in comment - -20110624 - - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for - Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing - markus@ - -20110623 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/22 21:47:28 - [servconf.c] - reuse the multistate option arrays to pretty-print options for "sshd -T" - - djm@cvs.openbsd.org 2011/06/22 21:57:01 - [servconf.c servconf.h sshd.c sshd_config.5] - [configure.ac Makefile.in] - introduce sandboxing of the pre-auth privsep child using systrace(4). - - This introduces a new "UsePrivilegeSeparation=sandbox" option for - sshd_config that applies mandatory restrictions on the syscalls the - privsep child can perform. This prevents a compromised privsep child - from being used to attack other hosts (by opening sockets and proxying) - or probing local kernel attack surface. - - The sandbox is implemented using systrace(4) in unsupervised "fast-path" - mode, where a list of permitted syscalls is supplied. Any syscall not - on the list results in SIGKILL being sent to the privsep child. Note - that this requires a kernel with the new SYSTR_POLICY_KILL option. - - UsePrivilegeSeparation=sandbox will become the default in the future - so please start testing it now. - - feedback dtucker@; ok markus@ - - djm@cvs.openbsd.org 2011/06/22 22:08:42 - [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] - hook up a channel confirm callback to warn the user then requested X11 - forwarding was refused by the server; ok markus@ - - djm@cvs.openbsd.org 2011/06/23 09:34:13 - [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] - [sandbox-null.c] - rename sandbox.h => ssh-sandbox.h to make things easier for portable - - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support - setrlimit(2) - -20110620 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/04 00:10:26 - [ssh_config.5] - explain IdentifyFile's semantics a little better, prompted by bz#1898 - ok dtucker jmc - - markus@cvs.openbsd.org 2011/06/14 22:49:18 - [authfile.c] - make sure key_parse_public/private_rsa1() no longer consumes its input - buffer. fixes ssh-add for passphrase-protected ssh1-keys; - noted by naddy@; ok djm@ - - djm@cvs.openbsd.org 2011/06/17 21:44:31 - [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] - make the pre-auth privsep slave log via a socketpair shared with the - monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ - - djm@cvs.openbsd.org 2011/06/17 21:46:16 - [sftp-server.c] - the protocol version should be unsigned; bz#1913 reported by mb AT - smartftp.com - - djm@cvs.openbsd.org 2011/06/17 21:47:35 - [servconf.c] - factor out multi-choice option parsing into a parse_multistate label - and some support structures; ok dtucker@ - - djm@cvs.openbsd.org 2011/06/17 21:57:25 - [clientloop.c] - setproctitle for a mux master that has been gracefully stopped; - bz#1911 from Bert.Wesarg AT googlemail.com - -20110603 - - (dtucker) [README version.h contrib/caldera/openssh.spec - contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version - bumps from the 5.8p2 branch into HEAD. ok djm. - - (tim) [configure.ac defines.h] Run test program to detect system mail - directory. Add --with-maildir option to override. Fixed OpenServer 6 - getting it wrong. Fixed many systems having MAIL=/var/mail//username - ok dtucker - - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair - unconditionally in other places and the survey data we have does not show - any systems that use it. "nuke it" djm@ - - (djm) [configure.ac] enable setproctitle emulation for OS X - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/03 00:54:38 - [ssh.c] - bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg - AT googlemail.com; ok dtucker@ - NB. includes additional portability code to enable setproctitle emulation - on platforms that don't support it. - - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 - [ssh-agent.c] - Check current parent process ID against saved one to determine if the parent - has exited, rather than attempting to send a zero signal, since the latter - won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn - Gillmor, ok djm@ - - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 - [regress/dynamic-forward.sh] - back out revs 1.6 and 1.5 since it's not reliable - - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 - [regress/dynamic-forward.sh] - work around startup and teardown races; caught by deraadt - - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 - [regress/dynamic-forward.sh] - Retry establishing the port forwarding after a small delay, should make - the tests less flaky when the previous test is slow to shut down and free - up the port. - - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. - -20110529 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/05/23 03:30:07 - [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] - [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] - allow AuthorizedKeysFile to specify multiple files, separated by spaces. - Bring back authorized_keys2 as a default search path (to avoid breaking - existing users of this file), but override this in sshd_config so it will - be no longer used on fresh installs. Maybe in 2015 we can remove it - entierly :) - - feedback and ok markus@ dtucker@ - - djm@cvs.openbsd.org 2011/05/23 03:33:38 - [auth.c] - make secure_filename() spam debug logs less - - djm@cvs.openbsd.org 2011/05/23 03:52:55 - [sshconnect.c] - remove extra newline - - jmc@cvs.openbsd.org 2011/05/23 07:10:21 - [sshd.8 sshd_config.5] - tweak previous; ok djm - - djm@cvs.openbsd.org 2011/05/23 07:24:57 - [authfile.c] - read in key comments for v.2 keys (though note that these are not - passed over the agent protocol); bz#439, based on patch from binder - AT arago.de; ok markus@ - - djm@cvs.openbsd.org 2011/05/24 07:15:47 - [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] - Remove undocumented legacy options UserKnownHostsFile2 and - GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile - accept multiple paths per line and making their defaults include - known_hosts2; ok markus - - djm@cvs.openbsd.org 2011/05/23 03:31:31 - [regress/cfgmatch.sh] - include testing of multiple/overridden AuthorizedKeysFiles - refactor to simply daemon start/stop and get rid of racy constructs - -20110520 - - (djm) [session.c] call setexeccon() before executing passwd for pw - changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ - - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options - options, we should corresponding -W-option when trying to determine - whether it is accepted. Also includes a warning fix on the program - fragment uses (bad main() return type). - bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ - - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/05/15 08:09:01 - [authfd.c monitor.c serverloop.c] - use FD_CLOEXEC consistently; patch from zion AT x96.org - - djm@cvs.openbsd.org 2011/05/17 07:13:31 - [key.c] - fatal() if asked to generate a legacy ECDSA cert (these don't exist) - and fix the regress test that was trying to generate them :) - - djm@cvs.openbsd.org 2011/05/20 00:55:02 - [servconf.c] - the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile - and AuthorizedPrincipalsFile were not being correctly applied in - Match blocks, despite being overridable there; ok dtucker@ - - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 - [servconf.c] - Add comment documenting what should be after the preauth check. ok djm - - djm@cvs.openbsd.org 2011/05/20 03:25:45 - [monitor.c monitor_wrap.c servconf.c servconf.h] - use a macro to define which string options to copy between configs - for Match. This avoids problems caused by forgetting to keep three - code locations in perfect sync and ordering - - "this is at once beautiful and horrible" + ok dtucker@ - - djm@cvs.openbsd.org 2011/05/17 07:13:31 - [regress/cert-userkey.sh] - fatal() if asked to generate a legacy ECDSA cert (these don't exist) - and fix the regress test that was trying to generate them :) - - djm@cvs.openbsd.org 2011/05/20 02:43:36 - [cert-hostkey.sh] - another attempt to generate a v00 ECDSA key that broke the test - ID sync only - portable already had this somehow - - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 - [dynamic-forward.sh] - Prevent races in dynamic forwarding test; ok djm - - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 - [dynamic-forward.sh] - fix dumb error in dynamic-forward test - -20110515 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/05/05 05:12:08 - [mux.c] - gracefully fall back when ControlPath is too large for a - sockaddr_un. ok markus@ as part of a larger diff - - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 - [sshd_config] - clarify language about overriding defaults. bz#1892, from Petr Cerny - - djm@cvs.openbsd.org 2011/05/06 01:09:53 - [sftp.1] - mention that IPv6 addresses must be enclosed in square brackets; - bz#1845 - - djm@cvs.openbsd.org 2011/05/06 02:05:41 - [sshconnect2.c] - fix memory leak; bz#1849 ok dtucker@ - - djm@cvs.openbsd.org 2011/05/06 21:14:05 - [packet.c packet.h] - set traffic class for IPv6 traffic as we do for IPv4 TOS; - patch from lionel AT mamane.lu via Colin Watson in bz#1855; - ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:18:02 - [ssh.c ssh_config.5] - add a %L expansion (short-form of the local host name) for ControlPath; - sync some more expansions with LocalCommand; ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:31:38 - [readconf.c ssh_config.5] - support negated Host matching, e.g. - - Host *.example.org !c.example.org - User mekmitasdigoat - - Will match "a.example.org", "b.example.org", but not "c.example.org" - ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:34:32 - [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] - Add a RequestTTY ssh_config option to allow configuration-based - control over tty allocation (like -t/-T); ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:38:58 - [ssh.c] - fix dropping from previous diff - - djm@cvs.openbsd.org 2011/05/06 22:20:10 - [PROTOCOL.mux] - fix numbering; from bert.wesarg AT googlemail.com - - jmc@cvs.openbsd.org 2011/05/07 23:19:39 - [ssh_config.5] - - tweak previous - - come consistency fixes - ok djm - - jmc@cvs.openbsd.org 2011/05/07 23:20:25 - [ssh.1] - +.It RequestTTY - - djm@cvs.openbsd.org 2011/05/08 12:52:01 - [PROTOCOL.mux clientloop.c clientloop.h mux.c] - improve our behaviour when TTY allocation fails: if we are in - RequestTTY=auto mode (the default), then do not treat at TTY - allocation error as fatal but rather just restore the local TTY - to cooked mode and continue. This is more graceful on devices that - never allocate TTYs. - - If RequestTTY is set to "yes" or "force", then failure to allocate - a TTY is fatal. - - ok markus@ - - djm@cvs.openbsd.org 2011/05/10 05:46:46 - [authfile.c] - despam debug() logs by detecting that we are trying to load a private key - in key_try_load_public() and returning early; ok markus@ - - djm@cvs.openbsd.org 2011/05/11 04:47:06 - [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] - remove support for authorized_keys2; it is a relic from the early days - of protocol v.2 support and has been undocumented for many years; - ok markus@ - - djm@cvs.openbsd.org 2011/05/13 00:05:36 - [authfile.c] - warn on unexpected key type in key_parse_private_type() - - (djm) [packet.c] unbreak portability #endif - -20110510 - - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix - --with-ssl-engine which was broken with the change from deprecated - SSLeay_add_all_algorithms(). ok djm - -20110506 - - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype - for closefrom() in test code. Report from Dan Wallis via Gentoo. - -20110505 - - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS - definitions. From des AT des.no - - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] - [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] - [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] - [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] - [regress/README.regress] Remove ssh-rand-helper and all its - tentacles. PRNGd seeding has been rolled into entropy.c directly. - Thanks to tim@ for testing on affected platforms. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/03/10 02:52:57 - [auth2-gss.c auth2.c auth.h] - allow GSSAPI authentication to detect when a server-side failure causes - authentication failure and don't count such failures against MaxAuthTries; - bz#1244 from simon AT sxw.org.uk; ok markus@ before lock - - okan@cvs.openbsd.org 2011/03/15 10:36:02 - [ssh-keyscan.c] - use timerclear macro - ok djm@ - - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 - [ssh-keygen.1 ssh-keygen.c] - Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) - for which host keys do not exist, generate the host keys with the - default key file path, an empty passphrase, default bits for the key - type, and default comment. This will be used by /etc/rc to generate - new host keys. Idea from deraadt. - ok deraadt - - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 - [ssh-keygen.1] - -q not used in /etc/rc now so remove statement. - - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 - [ssh-keygen.c] - remove -d, documentation removed >10 years ago; ok markus - - jmc@cvs.openbsd.org 2011/03/24 15:29:30 - [ssh-keygen.1] - zap trailing whitespace; - - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 - [ssh-keygen.c] - use strcasecmp() for "clear" cert permission option also; ok djm - - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 - [misc.c misc.h servconf.c] - print ipqos friendly string for sshd -T; ok markus - # sshd -Tf sshd_config|grep ipqos - ipqos lowdelay throughput - - djm@cvs.openbsd.org 2011/04/12 04:23:50 - [ssh-keygen.c] - fix -Wshadow - - djm@cvs.openbsd.org 2011/04/12 05:32:49 - [sshd.c] - exit with 0 status on SIGTERM; bz#1879 - - djm@cvs.openbsd.org 2011/04/13 04:02:48 - [ssh-keygen.1] - improve wording; bz#1861 - - djm@cvs.openbsd.org 2011/04/13 04:09:37 - [ssh-keygen.1] - mention valid -b sizes for ECDSA keys; bz#1862 - - djm@cvs.openbsd.org 2011/04/17 22:42:42 - [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] - allow graceful shutdown of multiplexing: request that a mux server - removes its listener socket and refuse future multiplexing requests; - ok markus@ - - djm@cvs.openbsd.org 2011/04/18 00:46:05 - [ssh-keygen.c] - certificate options are supposed to be packed in lexical order of - option name (though we don't actually enforce this at present). - Move one up that was out of sequence - - djm@cvs.openbsd.org 2011/05/04 21:15:29 - [authfile.c authfile.h ssh-add.c] - allow "ssh-add - < key"; feedback and ok markus@ - - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE - so autoreconf 2.68 is happy. - - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ - -20110221 - - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the - Cygwin-specific service installer script ssh-host-config. The actual - functionality is the same, the revisited version is just more - exact when it comes to check for problems which disallow to run - certain aspects of the script. So, part of this script and the also - rearranged service helper script library "csih" is to check if all - the tools required to run the script are available on the system. - The new script also is more thorough to inform the user why the - script failed. Patch from vinschen at redhat com. - -20110218 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/02/16 00:31:14 - [ssh-keysign.c] - make hostbased auth with ECDSA keys work correctly. Based on patch - by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) - -20110206 - - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in - selinux code. Patch from Leonardo Chiquitto - - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key - generation and simplify. Patch from Corinna Vinschen. - -20110204 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/31 21:42:15 - [PROTOCOL.mux] - cut'n'pasto; from bert.wesarg AT googlemail.com - - djm@cvs.openbsd.org 2011/02/04 00:44:21 - [key.c] - fix uninitialised nonce variable; reported by Mateusz Kocielski - - djm@cvs.openbsd.org 2011/02/04 00:44:43 - [version.h] - openssh-5.8 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] update versions in docs and spec files. - - Release OpenSSH 5.8p1 - -20110128 - - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled - before attempting setfscreatecon(). Check whether matchpathcon() - succeeded before using its result. Patch from cjwatson AT debian.org; - bz#1851 - -20110127 - - (tim) [config.guess config.sub] Sync with upstream. - - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete - AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with - AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white - space changes for consistency/readability. Makes autoconf 2.68 happy. - "Nice work" djm - -20110125 - - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c - openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to - port-linux.c to avoid compilation errors. Add -lselinux to ssh when - building with SELinux support to avoid linking failure; report from - amk AT spamfence.net; ok dtucker - -20110122 - - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add - RSA_get_default_method() for the benefit of openssl versions that don't - have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, - ok djm@. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/22 09:18:53 - [version.h] - crank to OpenSSH-5.7 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] update versions in docs and spec files. - - (djm) Release 5.7p1 - -20110119 - - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead - of RPM so build completes. Signatures were changed to .asc since 4.1p1. - - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to - 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- - release testing (random crashes and failure to load ECC keys). - ok dtucker@ - -20110117 - - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in - $PATH, fix cleanup of droppings; reported by openssh AT - roumenpetrov.info; ok dtucker@ - - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding - its unique snowflake of a gdb error to the ones we look for. - - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running - ssh-add to avoid $SUDO failures on Linux - - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new - Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback - to the old values. Feedback from vapier at gentoo org and djm, ok djm. - - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] - [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are - disabled on platforms that do not support them; add a "config_defined()" - shell function that greps for defines in config.h and use them to decide - on feature tests. - Convert a couple of existing grep's over config.h to use the new function - Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent - backslash characters in filenames, enable it for Cygwin and use it to turn - of tests for quotes backslashes in sftp-glob.sh. - based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ - - (tim) [regress/agent-getpeereid.sh] shell portability fix. - - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on - the tinderbox. - - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h - configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem - support, based on patches from Tomas Mraz and jchadima at redhat. - -20110116 - - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based - on configurations that don't have it. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/16 11:50:05 - [clientloop.c] - Use atomicio when flushing protocol 1 std{out,err} buffers at - session close. This was a latent bug exposed by setting a SIGCHLD - handler and spotted by kevin.brott AT gmail.com; ok dtucker@ - - djm@cvs.openbsd.org 2011/01/16 11:50:36 - [sshconnect.c] - reset the SIGPIPE handler when forking to execute child processes; - ok dtucker@ - - djm@cvs.openbsd.org 2011/01/16 12:05:59 - [clientloop.c] - a couple more tweaks to the post-close protocol 1 stderr/stdout flush: - now that we use atomicio(), convert them from while loops to if statements - add test and cast to compile cleanly with -Wsigned - -20110114 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/13 21:54:53 - [mux.c] - correct error messages; patch from bert.wesarg AT googlemail.com - - djm@cvs.openbsd.org 2011/01/13 21:55:25 - [PROTOCOL.mux] - correct protocol names and add a couple of missing protocol number - defines; patch from bert.wesarg AT googlemail.com - - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in - host-key-force target rather than a substitution that is replaced with a - comment so that the Makefile.in is still a syntactically valid Makefile - (useful to run the distprep target) - - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. - - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some - ecdsa bits. - -20110113 - - (djm) [misc.c] include time.h for nanosleep() prototype - - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm - - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating - ecdsa keys. ok djm. - - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid - gcc warning on platforms where it defaults to int - - (djm) [regress/Makefile] add a few more generated files to the clean - target - - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad - #define that was causing diffie-hellman-group-exchange-sha256 to be - incorrectly disabled - - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 - should not depend on ECC support - -20110112 - - OpenBSD CVS Sync - - nicm@cvs.openbsd.org 2010/10/08 21:48:42 - [openbsd-compat/glob.c] - Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit - from ARG_MAX to 64K. - Fixes glob-using programs (notably ftp) able to be triggered to hit - resource limits. - Idea from a similar NetBSD change, original problem reported by jasper@. - ok millert tedu jasper - - djm@cvs.openbsd.org 2011/01/12 01:53:14 - avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS - and sanity check arguments (these will be unnecessary when we switch - struct glob members from being type into to size_t in the future); - "looks ok" tedu@ feedback guenther@ - - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid - silly warnings on write() calls we don't care succeed or not. - - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler - flag tests that don't depend on gcc version at all; suggested by and - ok dtucker@ - -20110111 - - (tim) [regress/host-expand.sh] Fix for building outside of read only - source tree. - - (djm) [platform.c] Some missing includes that show up under -Werror - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/08 10:51:51 - [clientloop.c] - use host and not options.hostname, as the latter may have unescaped - substitution characters - - djm@cvs.openbsd.org 2011/01/11 06:06:09 - [sshlogin.c] - fd leak on error paths; from zinovik@ - NB. Id sync only; we use loginrec.c that was also audited and fixed - recently - - djm@cvs.openbsd.org 2011/01/11 06:13:10 - [clientloop.c ssh-keygen.c sshd.c] - some unsigned long long casts that make things a bit easier for - portable without resorting to dropping PRIu64 formats everywhere - -20110109 - - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by - openssh AT roumenpetrov.info - -20110108 - - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress - test on OSX and others. Reported by imorgan AT nas.nasa.gov - -20110107 - - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test - for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com - - djm@cvs.openbsd.org 2011/01/06 22:23:53 - [ssh.c] - unbreak %n expansion in LocalCommand; patch from bert.wesarg AT - googlemail.com; ok markus@ - - djm@cvs.openbsd.org 2011/01/06 22:23:02 - [clientloop.c] - when exiting due to ServerAliveTimeout, mention the hostname that caused - it (useful with backgrounded controlmaster) - - djm@cvs.openbsd.org 2011/01/06 22:46:21 - [regress/Makefile regress/host-expand.sh] - regress test for LocalCommand %n expansion from bert.wesarg AT - googlemail.com; ok markus@ - - djm@cvs.openbsd.org 2011/01/06 23:01:35 - [sshconnect.c] - reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; - ok markus@ - -20110106 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2010/12/08 22:46:03 - [scp.1 scp.c] - add a new -3 option to scp: Copies between two remote hosts are - transferred through the local host. Without this option the data - is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) - - jmc@cvs.openbsd.org 2010/12/09 14:13:33 - [scp.1 scp.c] - scp.1: grammer fix - scp.c: add -3 to usage() - - markus@cvs.openbsd.org 2010/12/14 11:59:06 - [sshconnect.c] - don't mention key type in key-changed-warning, since we also print - this warning if a new key type appears. ok djm@ - - djm@cvs.openbsd.org 2010/12/15 00:49:27 - [readpass.c] - fix ControlMaster=ask regression - reset SIGCHLD handler before fork (and restore it after) so we don't miss - the the askpass child's exit status. Correct test for exit status/signal to - account for waitpid() failure; with claudio@ ok claudio@ markus@ - - djm@cvs.openbsd.org 2010/12/24 21:41:48 - [auth-options.c] - don't send the actual forced command in a debug message; ok markus deraadt - - otto@cvs.openbsd.org 2011/01/04 20:44:13 - [ssh-keyscan.c] - handle ecdsa-sha2 with various key lengths; hint and ok djm@ - -20110104 - - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage - formatter if it is present, followed by nroff and groff respectively. - Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports - in favour of mandoc). feedback and ok tim - -20110103 - - (djm) [Makefile.in] revert local hack I didn't intend to commit - -20110102 - - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker - - (djm) [configure.ac] Check whether libdes is needed when building - with Heimdal krb5 support. On OpenBSD this library no longer exists, - so linking it unconditionally causes a build failure; ok dtucker - -20101226 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/12/08 04:02:47 - [ssh_config.5 sshd_config.5] - explain that IPQoS arguments are separated by whitespace; iirc requested - by jmc@ a while back - -20101205 - - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from - debugging. Spotted by djm. - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/12/03 23:49:26 - [schnorr.c] - check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao - (this code is still disabled, but apprently people are treating it as - a reference implementation) - - djm@cvs.openbsd.org 2010/12/03 23:55:27 - [auth-rsa.c] - move check for revoked keys to run earlier (in auth_rsa_key_allowed) - bz#1829; patch from ldv AT altlinux.org; ok markus@ - - djm@cvs.openbsd.org 2010/12/04 00:18:01 - [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] - add a protocol extension to support a hard link operation. It is - available through the "ln" command in the client. The old "ln" - behaviour of creating a symlink is available using its "-s" option - or through the preexisting "symlink" command; based on a patch from - miklos AT szeredi.hu in bz#1555; ok markus@ - - djm@cvs.openbsd.org 2010/12/04 13:31:37 - [hostfile.c] - fix fd leak; spotted and ok dtucker - - djm@cvs.openbsd.org 2010/12/04 00:21:19 - [regress/sftp-cmds.sh] - adjust for hard-link support - - (dtucker) [regress/Makefile] Id sync. - -20101204 - - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) - instead of (arc4random() % range) - - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add - shims for the new, non-deprecated OpenSSL key generation functions for - platforms that don't have the new interfaces. - -20101201 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 - [auth2-pubkey.c] - clean up cases of ;; - - djm@cvs.openbsd.org 2010/11/21 01:01:13 - [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] - honour $TMPDIR for client xauth and ssh-agent temporary directories; - feedback and ok markus@ - - djm@cvs.openbsd.org 2010/11/21 10:57:07 - [authfile.c] - Refactor internals of private key loading and saving to work on memory - buffers rather than directly on files. This will make a few things - easier to do in the future; ok markus@ - - djm@cvs.openbsd.org 2010/11/23 02:35:50 - [auth.c] - use strict_modes already passed as function argument over referencing - global options.strict_modes - - djm@cvs.openbsd.org 2010/11/23 23:57:24 - [clientloop.c] - avoid NULL deref on receiving a channel request on an unknown or invalid - channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ - - djm@cvs.openbsd.org 2010/11/24 01:24:14 - [channels.c] - remove a debug() that pollutes stderr on client connecting to a server - in debug mode (channel_close_fds is called transitively from the session - code post-fork); bz#1719, ok dtucker - - djm@cvs.openbsd.org 2010/11/25 04:10:09 - [session.c] - replace close() loop for fds 3->64 with closefrom(); - ok markus deraadt dtucker - - djm@cvs.openbsd.org 2010/11/26 05:52:49 - [scp.c] - Pass through ssh command-line flags and options when doing remote-remote - transfers, e.g. to enable agent forwarding which is particularly useful - in this case; bz#1837 ok dtucker@ - - markus@cvs.openbsd.org 2010/11/29 18:57:04 - [authfile.c] - correctly load comment for encrypted rsa1 keys; - report/fix Joachim Schipper; ok djm@ - - djm@cvs.openbsd.org 2010/11/29 23:45:51 - [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] - [sshconnect.h sshconnect2.c] - automatically order the hostkeys requested by the client based on - which hostkeys are already recorded in known_hosts. This avoids - hostkey warnings when connecting to servers with new ECDSA keys - that are preferred by default; with markus@ - -20101124 - - (dtucker) [platform.c session.c] Move the getluid call out of session.c and - into the platform-specific code Only affects SCO, tested by and ok tim@. - - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow - group read/write. ok dtucker@ - - (dtucker) [packet.c] Remove redundant local declaration of "int tos". - - (djm) [defines.h] Add IP DSCP defines - -20101122 - - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch - from vapier at gentoo org. - -20101120 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/11/05 02:46:47 - [packet.c] - whitespace KNF - - djm@cvs.openbsd.org 2010/11/10 01:33:07 - [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] - use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. - these have been around for years by this time. ok markus - - djm@cvs.openbsd.org 2010/11/13 23:27:51 - [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] - [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] - allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of - hardcoding lowdelay/throughput. - - bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ - - jmc@cvs.openbsd.org 2010/11/15 07:40:14 - [ssh_config.5] - libary -> library; - - jmc@cvs.openbsd.org 2010/11/18 15:01:00 - [scp.1 sftp.1 ssh.1 sshd_config.5] - add IPQoS to the various -o lists, and zap some trailing whitespace; - -20101111 - - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on - platforms that don't support ECC. Fixes some spurious warnings reported - by tim@ - -20101109 - - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. - Feedback from dtucker@ - - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add - support for platforms missing isblank(). ok djm@ - -20101108 - - (tim) [regress/Makefile] Fixes to allow building/testing outside source - tree. - - (tim) [regress/kextype.sh] Shell portability fix. - -20101107 - - (dtucker) [platform.c] includes.h instead of defines.h so that we get - the correct typedefs. - -20101105 - - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of - int. Should fix bz#1817 cleanly; ok dtucker@ - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/09/22 12:26:05 - [regress/Makefile regress/kextype.sh] - regress test for each of the key exchange algorithms that we support - - djm@cvs.openbsd.org 2010/10/28 11:22:09 - [authfile.c key.c key.h ssh-keygen.c] - fix a possible NULL deref on loading a corrupt ECDH key - - store ECDH group information in private keys files as "named groups" - rather than as a set of explicit group parameters (by setting - the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and - retrieves the group's OpenSSL NID that we need for various things. - - jmc@cvs.openbsd.org 2010/10/28 18:33:28 - [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] - knock out some "-*- nroff -*-" lines; - - djm@cvs.openbsd.org 2010/11/04 02:45:34 - [sftp-server.c] - umask should be parsed as octal. reported by candland AT xmission.com; - ok markus@ - - (dtucker) [configure.ac platform.{c,h} session.c - openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. - Patch from cory.erickson at csu mnscu edu with a bit of rework from me. - ok djm@ - - (dtucker) [platform.c platform.h session.c] Add a platform hook to run - after the user's groups are established and move the selinux calls into it. - - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into - platform.c - - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. - - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to - retain previous behavior. - - (dtucker) [platform.c session.c] Move the PAM credential establishment for - the LOGIN_CAP case into platform.c. - - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into - platform.c - - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. - - (dtucker) [platform.c session.c] Move irix setusercontext fragment into - platform.c. - - (dtucker) [platform.c session.c] Move PAM credential establishment for the - non-LOGIN_CAP case into platform.c. - - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case - check into platform.c - - (dtucker) [regress/keytype.sh] Import new test. - - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] - Import recent changes to regress/Makefile, pass a flag to enable ECC tests - from configure through to regress/Makefile and use it in the tests. - - (dtucker) [regress/kextype.sh] Add missing "test". - - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not - strictly correct since while ECC requires sha256 the reverse is not true - however it does prevent spurious test failures. - - (dtucker) [platform.c] Need servconf.h and extern options. - -20101025 - - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with - 1.12 to unbreak Solaris build. - ok djm@ - - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a - native one. - -20101024 - - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. - - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms - which don't have ECC support in libcrypto. - - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms - which don't have ECC support in libcrypto. - - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't - have it. - - (dtucker) OpenBSD CVS Sync - - sthen@cvs.openbsd.org 2010/10/23 22:06:12 - [sftp.c] - escape '[' in filename tab-completion; fix a type while there. - ok djm@ - -20101021 - - OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 - [mux.c] - Typo in confirmation message. bz#1827, patch from imorgan at - nas nasa gov - - djm@cvs.openbsd.org 2010/08/31 12:24:09 - [regress/cert-hostkey.sh regress/cert-userkey.sh] - tests for ECDSA certificates - -20101011 - - (djm) [canohost.c] Zero a4 instead of addr to better match type. - bz#1825, reported by foo AT mailinator.com - - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) - -20101011 - - (djm) [configure.ac] Use = instead of == in shell tests. Patch from - dr AT vasco.com - -20101007 - - (djm) [ssh-agent.c] Fix type for curve name. - - (djm) OpenBSD CVS Sync - - matthew@cvs.openbsd.org 2010/09/24 13:33:00 - [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] - [openbsd-compat/timingsafe_bcmp.c] - Add timingsafe_bcmp(3) to libc, mention that it's already in the - kernel in kern(9), and remove it from OpenSSH. - ok deraadt@, djm@ - NB. re-added under openbsd-compat/ for portable OpenSSH - - djm@cvs.openbsd.org 2010/09/25 09:30:16 - [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] - make use of new glob(3) GLOB_KEEPSTAT extension to save extra server - rountrips to fetch per-file stat(2) information. - NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to - match. - - djm@cvs.openbsd.org 2010/09/26 22:26:33 - [sftp.c] - when performing an "ls" in columnated (short) mode, only call - ioctl(TIOCGWINSZ) once to get the window width instead of per- - filename - - djm@cvs.openbsd.org 2010/09/30 11:04:51 - [servconf.c] - prevent free() of string in .rodata when overriding AuthorizedKeys in - a Match block; patch from rein AT basefarm.no - - djm@cvs.openbsd.org 2010/10/01 23:05:32 - [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] - adapt to API changes in openssl-1.0.0a - NB. contains compat code to select correct API for older OpenSSL - - djm@cvs.openbsd.org 2010/10/05 05:13:18 - [sftp.c sshconnect.c] - use default shell /bin/sh if $SHELL is ""; ok markus@ - - djm@cvs.openbsd.org 2010/10/06 06:39:28 - [clientloop.c ssh.c sshconnect.c sshconnect.h] - kill proxy command on fatal() (we already kill it on clean exit); - ok markus@ - - djm@cvs.openbsd.org 2010/10/06 21:10:21 - [sshconnect.c] - swapped args to kill(2) - - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. - - (djm) [cipher-acss.c] Add missing header. - - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp - -20100924 - - (djm) OpenBSD CVS Sync - - naddy@cvs.openbsd.org 2010/09/10 15:19:29 - [ssh-keygen.1] - * mention ECDSA in more places - * less repetition in FILES section - * SSHv1 keys are still encrypted with 3DES - help and ok jmc@ - - djm@cvs.openbsd.org 2010/09/11 21:44:20 - [ssh.1] - mention RFC 5656 for ECC stuff - - jmc@cvs.openbsd.org 2010/09/19 21:30:05 - [sftp.1] - more wacky macro fixing; - - djm@cvs.openbsd.org 2010/09/20 04:41:47 - [ssh.c] - install a SIGCHLD handler to reap expiried child process; ok markus@ - - djm@cvs.openbsd.org 2010/09/20 04:50:53 - [jpake.c schnorr.c] - check that received values are smaller than the group size in the - disabled and unfinished J-PAKE code. - avoids catastrophic security failure found by Sebastien Martini - - djm@cvs.openbsd.org 2010/09/20 04:54:07 - [jpake.c] - missing #include - - djm@cvs.openbsd.org 2010/09/20 07:19:27 - [mux.c] - "atomically" create the listening mux socket by binding it on a temorary - name and then linking it into position after listen() has succeeded. - this allows the mux clients to determine that the server socket is - either ready or stale without races. stale server sockets are now - automatically removed - ok deraadt - - djm@cvs.openbsd.org 2010/09/22 05:01:30 - [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] - [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] - add a KexAlgorithms knob to the client and server configuration to allow - selection of which key exchange methods are used by ssh(1) and sshd(8) - and their order of preference. - ok markus@ - - jmc@cvs.openbsd.org 2010/09/22 08:30:08 - [ssh.1 ssh_config.5] - ssh.1: add kexalgorithms to the -o list - ssh_config.5: format the kexalgorithms in a more consistent - (prettier!) way - ok djm - - djm@cvs.openbsd.org 2010/09/22 22:58:51 - [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] - [sftp-client.h sftp.1 sftp.c] - add an option per-read/write callback to atomicio - - factor out bandwidth limiting code from scp(1) into a generic bandwidth - limiter that can be attached using the atomicio callback mechanism - - add a bandwidth limit option to sftp(1) using the above - "very nice" markus@ - - jmc@cvs.openbsd.org 2010/09/23 13:34:43 - [sftp.c] - add [-l limit] to usage(); - - jmc@cvs.openbsd.org 2010/09/23 13:36:46 - [scp.1 sftp.1] - add KexAlgorithms to the -o list; - -20100910 - - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact - return code since it can apparently return -1 under some conditions. From - openssh bugs werbittewas de, ok djm@ - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/31 12:33:38 - [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] - reintroduce commit from tedu@, which I pulled out for release - engineering: - OpenSSL_add_all_algorithms is the name of the function we have a - man page for, so use that. ok djm - - jmc@cvs.openbsd.org 2010/08/31 17:40:54 - [ssh-agent.1] - fix some macro abuse; - - jmc@cvs.openbsd.org 2010/08/31 21:14:58 - [ssh.1] - small text tweak to accommodate previous; - - naddy@cvs.openbsd.org 2010/09/01 15:21:35 - [servconf.c] - pick up ECDSA host key by default; ok djm@ - - markus@cvs.openbsd.org 2010/09/02 16:07:25 - [ssh-keygen.c] - permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ - - markus@cvs.openbsd.org 2010/09/02 16:08:39 - [ssh.c] - unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ - - naddy@cvs.openbsd.org 2010/09/02 17:21:50 - [ssh-keygen.c] - Switch ECDSA default key size to 256 bits, which according to RFC5656 - should still be better than our current RSA-2048 default. - ok djm@, markus@ - - jmc@cvs.openbsd.org 2010/09/03 11:09:29 - [scp.1] - add an EXIT STATUS section for /usr/bin; - - jmc@cvs.openbsd.org 2010/09/04 09:38:34 - [ssh-add.1 ssh.1] - two more EXIT STATUS sections; - - naddy@cvs.openbsd.org 2010/09/06 17:10:19 - [sshd_config] - add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste - - ok deraadt@ - - djm@cvs.openbsd.org 2010/09/08 03:54:36 - [authfile.c] - typo - - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 - [compress.c] - work around name-space collisions some buggy compilers (looking at you - gcc, at least in earlier versions, but this does not forgive your current - transgressions) seen between zlib and openssl - ok djm - - djm@cvs.openbsd.org 2010/09/09 10:45:45 - [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] - ECDH/ECDSA compliance fix: these methods vary the hash function they use - (SHA256/384/512) depending on the length of the curve in use. The previous - code incorrectly used SHA256 in all cases. - - This fix will cause authentication failure when using 384 or 521-bit curve - keys if one peer hasn't been upgraded and the other has. (256-bit curve - keys work ok). In particular you may need to specify HostkeyAlgorithms - when connecting to a server that has not been upgraded from an upgraded - client. - - ok naddy@ - - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] - [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] - [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on - platforms that don't have the requisite OpenSSL support. ok dtucker@ - - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs - for missing headers and compiler warnings. - -20100831 - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/08/08 19:36:30 - [ssh-keysign.8 ssh.1 sshd.8] - use the same template for all FILES sections; i.e. -compact/.Pp where we - have multiple items, and .Pa for path names; - - tedu@cvs.openbsd.org 2010/08/12 23:34:39 - [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] - OpenSSL_add_all_algorithms is the name of the function we have a man page - for, so use that. ok djm - - djm@cvs.openbsd.org 2010/08/16 04:06:06 - [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] - backout previous temporarily; discussed with deraadt@ - - djm@cvs.openbsd.org 2010/08/31 09:58:37 - [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] - [packet.h ssh-dss.c ssh-rsa.c] - Add buffer_get_cstring() and related functions that verify that the - string extracted from the buffer contains no embedded \0 characters* - This prevents random (possibly malicious) crap from being appended to - strings where it would not be noticed if the string is used with - a string(3) function. - - Use the new API in a few sensitive places. - - * actually, we allow a single one at the end of the string for now because - we don't know how many deployed implementations get this wrong, but don't - count on this to remain indefinitely. - - djm@cvs.openbsd.org 2010/08/31 11:54:45 - [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] - [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] - [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] - [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] - [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] - [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] - [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] - Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and - host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer - better performance than plain DH and DSA at the same equivalent symmetric - key length, as well as much shorter keys. - - Only the mandatory sections of RFC5656 are implemented, specifically the - three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and - ECDSA. Point compression (optional in RFC5656 is NOT implemented). - - Certificate host and user keys using the new ECDSA key types are supported. - - Note that this code has not been tested for interoperability and may be - subject to change. - - feedback and ok markus@ - - (djm) [Makefile.in] Add new ECC files - - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include - includes.h - -20100827 - - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, - remove. Patch from martynas at venck us - -20100823 - - (djm) Release OpenSSH-5.6p1 - -20100816 - - (dtucker) [configure.ac openbsd-compat/Makefile.in - openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to - the compat library which helps on platforms like old IRIX. Based on work - by djm, tested by Tom Christensen. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/12 21:49:44 - [ssh.c] - close any extra file descriptors inherited from parent at start and - reopen stdin/stdout to /dev/null when forking for ControlPersist. - - prevents tools that fork and run a captive ssh for communication from - failing to exit when the ssh completes while they wait for these fds to - close. The inherited fds may persist arbitrarily long if a background - mux master has been started by ControlPersist. cvs and scp were effected - by this. - - "please commit" markus@ - - (djm) [regress/README.regress] typo - -20100812 - - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh - regress/test-exec.sh] Under certain conditions when testing with sudo - tests would fail because the pidfile could not be read by a regular user. - "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" - Make sure cat is run by $SUDO. no objection from me. djm@ - - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. - -20100809 - - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is - already set. Makes FreeBSD user openable tunnels useful; patch from - richard.burakowski+ossh AT mrburak.net, ok dtucker@ - - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. - based in part on a patch from Colin Watson, ok djm@ - -20100809 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/08 16:26:42 - [version.h] - crank to 5.6 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers - -20100805 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/04 05:37:01 - [ssh.1 ssh_config.5 sshd.8] - Remove mentions of weird "addr/port" alternate address format for IPv6 - addresses combinations. It hasn't worked for ages and we have supported - the more commen "[addr]:port" format for a long time. ok jmc@ markus@ - - djm@cvs.openbsd.org 2010/08/04 05:40:39 - [PROTOCOL.certkeys ssh-keygen.c] - tighten the rules for certificate encoding by requiring that options - appear in lexical order and make our ssh-keygen comply. ok markus@ - - djm@cvs.openbsd.org 2010/08/04 05:42:47 - [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] - [ssh-keysign.c ssh.c] - enable certificates for hostbased authentication, from Iain Morgan; - "looks ok" markus@ - - djm@cvs.openbsd.org 2010/08/04 05:49:22 - [authfile.c] - commited the wrong version of the hostbased certificate diff; this - version replaces some strlc{py,at} verbosity with xasprintf() at - the request of markus@ - - djm@cvs.openbsd.org 2010/08/04 06:07:11 - [ssh-keygen.1 ssh-keygen.c] - Support CA keys in PKCS#11 tokens; feedback and ok markus@ - - djm@cvs.openbsd.org 2010/08/04 06:08:40 - [ssh-keysign.c] - clean for -Wuninitialized (Id sync only; portable had this change) - - djm@cvs.openbsd.org 2010/08/05 13:08:42 - [channels.c] - Fix a trio of bugs in the local/remote window calculation for datagram - data channels (i.e. TunnelForward): - - Calculate local_consumed correctly in channel_handle_wfd() by measuring - the delta to buffer_len(c->output) from when we start to when we finish. - The proximal problem here is that the output_filter we use in portable - modified the length of the dequeued datagram (to futz with the headers - for !OpenBSD). - - In channel_output_poll(), don't enqueue datagrams that won't fit in the - peer's advertised packet size (highly unlikely to ever occur) or which - won't fit in the peer's remaining window (more likely). - - In channel_input_data(), account for the 4-byte string header in - datagram packets that we accept from the peer and enqueue in c->output. - - report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; - "looks good" markus@ - -20100803 - - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from - PAM to sane values in case the PAM method doesn't write to them. Spotted by - Bitman Zhou, ok djm@. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/07/16 04:45:30 - [ssh-keygen.c] - avoid bogus compiler warning - - djm@cvs.openbsd.org 2010/07/16 14:07:35 - [ssh-rsa.c] - more timing paranoia - compare all parts of the expected decrypted - data before returning. AFAIK not exploitable in the SSH protocol. - "groovy" deraadt@ - - djm@cvs.openbsd.org 2010/07/19 03:16:33 - [sftp-client.c] - bz#1797: fix swapped args in upload_dir_internal(), breaking recursive - upload depth checks and causing verbose printing of transfers to always - be turned on; patch from imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2010/07/19 09:15:12 - [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] - add a "ControlPersist" option that automatically starts a background - ssh(1) multiplex master when connecting. This connection can stay alive - indefinitely, or can be set to automatically close after a user-specified - duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but - further hacked on by wmertens AT cisco.com, apb AT cequrux.com, - martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ - - djm@cvs.openbsd.org 2010/07/21 02:10:58 - [misc.c] - sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern - - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 - [ssh.1] - Ciphers is documented in ssh_config(5) these days - -20100819 - - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more - details about its behaviour WRT existing directories. Patch from - asguthrie at gmail com, ok djm. - -20100716 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/07/02 04:32:44 - [misc.c] - unbreak strdelim() skipping past quoted strings, e.g. - AllowUsers "blah blah" blah - was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com - ok dtucker; - - djm@cvs.openbsd.org 2010/07/12 22:38:52 - [ssh.c] - Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") - for protocol 2. ok markus@ - - djm@cvs.openbsd.org 2010/07/12 22:41:13 - [ssh.c ssh_config.5] - expand %h to the hostname in ssh_config Hostname options. While this - sounds useless, it is actually handy for working with unqualified - hostnames: - - Host *.* - Hostname %h - Host * - Hostname %h.example.org - - "I like it" markus@ - - djm@cvs.openbsd.org 2010/07/13 11:52:06 - [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] - [packet.c ssh-rsa.c] - implement a timing_safe_cmp() function to compare memory without leaking - timing information by short-circuiting like memcmp() and use it for - some of the more sensitive comparisons (though nothing high-value was - readily attackable anyway); "looks ok" markus@ - - djm@cvs.openbsd.org 2010/07/13 23:13:16 - [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] - [ssh-rsa.c] - s/timing_safe_cmp/timingsafe_bcmp/g - - jmc@cvs.openbsd.org 2010/07/14 17:06:58 - [ssh.1] - finally ssh synopsis looks nice again! this commit just removes a ton of - hacks we had in place to make it work with old groff; - - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 - [ssh-keygen.1] - repair incorrect block nesting, which screwed up indentation; - problem reported and fix OK by jmc@ - -20100714 - - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass - (line 77) should have been for no_x11_askpass. - -20100702 - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/06/26 00:57:07 - [ssh_config.5] - tweak previous; - - djm@cvs.openbsd.org 2010/06/26 23:04:04 - [ssh.c] - oops, forgot to #include ; spotted and patch from chl@ - - djm@cvs.openbsd.org 2010/06/29 23:15:30 - [ssh-keygen.1 ssh-keygen.c] - allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; - bz#1749; ok markus@ - - djm@cvs.openbsd.org 2010/06/29 23:16:46 - [auth2-pubkey.c sshd_config.5] - allow key options (command="..." and friends) in AuthorizedPrincipals; - ok markus@ - - jmc@cvs.openbsd.org 2010/06/30 07:24:25 - [ssh-keygen.1] - tweak previous; - - jmc@cvs.openbsd.org 2010/06/30 07:26:03 - [ssh-keygen.c] - sort usage(); - - jmc@cvs.openbsd.org 2010/06/30 07:28:34 - [sshd_config.5] - tweak previous; - - millert@cvs.openbsd.org 2010/07/01 13:06:59 - [scp.c] - Fix a longstanding problem where if you suspend scp at the - password/passphrase prompt the terminal mode is not restored. - OK djm@ - - phessler@cvs.openbsd.org 2010/06/27 19:19:56 - [regress/Makefile] - fix how we run the tests so we can successfully use SUDO='sudo -E' - in our env - - djm@cvs.openbsd.org 2010/06/29 23:59:54 - [cert-userkey.sh] - regress tests for key options in AuthorizedPrincipals - -20100627 - - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs - key.h. - -20100626 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/05/21 05:00:36 - [misc.c] - colon() returns char*, so s/return (0)/return NULL/ - - markus@cvs.openbsd.org 2010/06/08 21:32:19 - [ssh-pkcs11.c] - check length of value returned C_GetAttributValue for != 0 - from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/17 07:07:30 - [mux.c] - Correct sizing of object to be allocated by calloc(), replacing - sizeof(state) with sizeof(*state). This worked by accident since - the struct contained a single int at present, but could have broken - in the future. patch from hyc AT symas.com - - djm@cvs.openbsd.org 2010/06/18 00:58:39 - [sftp.c] - unbreak ls in working directories that contains globbing characters in - their pathnames. bz#1655 reported by vgiffin AT apple.com - - djm@cvs.openbsd.org 2010/06/18 03:16:03 - [session.c] - Missing check for chroot_director == "none" (we already checked against - NULL); bz#1564 from Jan.Pechanec AT Sun.COM - - djm@cvs.openbsd.org 2010/06/18 04:43:08 - [sftp-client.c] - fix memory leak in do_realpath() error path; bz#1771, patch from - anicka AT suse.cz - - djm@cvs.openbsd.org 2010/06/22 04:22:59 - [servconf.c sshd_config.5] - expose some more sshd_config options inside Match blocks: - AuthorizedKeysFile AuthorizedPrincipalsFile - HostbasedUsesNameFromPacketOnly PermitTunnel - bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:32:06 - [ssh-keygen.c] - standardise error messages when attempting to open private key - files to include "progname: filename: error reason" - bz#1783; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:49:47 - [auth.c] - queue auth debug messages for bad ownership or permissions on the user's - keyfiles. These messages will be sent after the user has successfully - authenticated (where our client will display them with LogLevel=debug). - bz#1554; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:54:30 - [ssh-keyscan.c] - replace verbose and overflow-prone Linebuf code with read_keyfile_line() - based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:59:12 - [session.c] - include the user name on "subsystem request for ..." log messages; - bz#1571; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/23 02:59:02 - [ssh-keygen.c] - fix printing of extensions in v01 certificates that I broke in r1.190 - - djm@cvs.openbsd.org 2010/06/25 07:14:46 - [channels.c mux.c readconf.c readconf.h ssh.h] - bz#1327: remove hardcoded limit of 100 permitopen clauses and port - forwards per direction; ok markus@ stevesk@ - - djm@cvs.openbsd.org 2010/06/25 07:20:04 - [channels.c session.c] - bz#1750: fix requirement for /dev/null inside ChrootDirectory for - internal-sftp accidentally introduced in r1.253 by removing the code - that opens and dup /dev/null to stderr and modifying the channels code - to read stderr but discard it instead; ok markus@ - - djm@cvs.openbsd.org 2010/06/25 08:46:17 - [auth1.c auth2-none.c] - skip the initial check for access with an empty password when - PermitEmptyPasswords=no; bz#1638; ok markus@ - - djm@cvs.openbsd.org 2010/06/25 23:10:30 - [ssh.c] - log the hostname and address that we connected to at LogLevel=verbose - after authentication is successful to mitigate "phishing" attacks by - servers with trusted keys that accept authentication silently and - automatically before presenting fake password/passphrase prompts; - "nice!" markus@ - - djm@cvs.openbsd.org 2010/06/25 23:10:30 - [ssh.c] - log the hostname and address that we connected to at LogLevel=verbose - after authentication is successful to mitigate "phishing" attacks by - servers with trusted keys that accept authentication silently and - automatically before presenting fake password/passphrase prompts; - "nice!" markus@ - -20100622 - - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 - bz#1579; ok dtucker - -20100618 - - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ - rather than assuming that $CWD == $HOME. bz#1500, patch from - timothy AT gelter.com - -20100617 - - (tim) [contrib/cygwin/README] Remove a reference to the obsolete - minires-devel package, and to add the reference to the libedit-devel - package since CYgwin now provides libedit. Patch from Corinna Vinschen. - -20100521 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/05/07 11:31:26 - [regress/Makefile regress/cert-userkey.sh] - regress tests for AuthorizedPrincipalsFile and "principals=" key option. - feedback and ok markus@ - - djm@cvs.openbsd.org 2010/05/11 02:58:04 - [auth-rsa.c] - don't accept certificates marked as "cert-authority" here; ok markus@ - - djm@cvs.openbsd.org 2010/05/14 00:47:22 - [ssh-add.c] - check that the certificate matches the corresponding private key before - grafting it on - - djm@cvs.openbsd.org 2010/05/14 23:29:23 - [channels.c channels.h mux.c ssh.c] - Pause the mux channel while waiting for reply from aynch callbacks. - Prevents misordering of replies if new requests arrive while waiting. - - Extend channel open confirm callback to allow signalling failure - conditions as well as success. Use this to 1) fix a memory leak, 2) - start using the above pause mechanism and 3) delay sending a success/ - failure message on mux slave session open until we receive a reply from - the server. - - motivated by and with feedback from markus@ - - markus@cvs.openbsd.org 2010/05/16 12:55:51 - [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] - mux support for remote forwarding with dynamic port allocation, - use with - LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` - feedback and ok djm@ - - djm@cvs.openbsd.org 2010/05/20 11:25:26 - [auth2-pubkey.c] - fix logspam when key options (from="..." especially) deny non-matching - keys; reported by henning@ also bz#1765; ok markus@ dtucker@ - - djm@cvs.openbsd.org 2010/05/20 23:46:02 - [PROTOCOL.certkeys auth-options.c ssh-keygen.c] - Move the permit-* options to the non-critical "extensions" field for v01 - certificates. The logic is that if another implementation fails to - implement them then the connection just loses features rather than fails - outright. - - ok markus@ - -20100511 - - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve - circular dependency problem on old or odd platforms. From Tom Lane, ok - djm@. - - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older - libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't - already. ok dtucker@ - -20100510 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/04/23 01:47:41 - [ssh-keygen.c] - bz#1740: display a more helpful error message when $HOME is - inaccessible while trying to create .ssh directory. Based on patch - from jchadima AT redhat.com; ok dtucker@ - - djm@cvs.openbsd.org 2010/04/23 22:27:38 - [mux.c] - set "detach_close" flag when registering channel cleanup callbacks. - This causes the channel to close normally when its fds close and - hangs when terminating a mux slave using ~. bz#1758; ok markus@ - - djm@cvs.openbsd.org 2010/04/23 22:42:05 - [session.c] - set stderr to /dev/null for subsystems rather than just closing it. - avoids hangs if a subsystem or shell initialisation writes to stderr. - bz#1750; ok markus@ - - djm@cvs.openbsd.org 2010/04/23 22:48:31 - [ssh-keygen.c] - refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, - since we would refuse to use them anyway. bz#1516; ok dtucker@ - - djm@cvs.openbsd.org 2010/04/26 22:28:24 - [sshconnect2.c] - bz#1502: authctxt.success is declared as an int, but passed by - reference to function that accepts sig_atomic_t*. Convert it to - the latter; ok markus@ dtucker@ - - djm@cvs.openbsd.org 2010/05/01 02:50:50 - [PROTOCOL.certkeys] - typo; jmeltzer@ - - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 - [sftp.c] - restore mput and mget which got lost in the tab-completion changes. - found by Kenneth Whitaker, ok djm@ - - djm@cvs.openbsd.org 2010/05/07 11:30:30 - [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] - [key.c servconf.c servconf.h sshd.8 sshd_config.5] - add some optional indirection to matching of principal names listed - in certificates. Currently, a certificate must include the a user's name - to be accepted for authentication. This change adds the ability to - specify a list of certificate principal names that are acceptable. - - When authenticating using a CA trusted through ~/.ssh/authorized_keys, - this adds a new principals="name1[,name2,...]" key option. - - For CAs listed through sshd_config's TrustedCAKeys option, a new config - option "AuthorizedPrincipalsFile" specifies a per-user file containing - the list of acceptable names. - - If either option is absent, the current behaviour of requiring the - username to appear in principals continues to apply. - - These options are useful for role accounts, disjoint account namespaces - and "user@realm"-style naming policies in certificates. - - feedback and ok markus@ - - jmc@cvs.openbsd.org 2010/05/07 12:49:17 - [sshd_config.5] - tweak previous; - -20100423 - - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir - in the openssl install directory (some newer openssl versions do this on at - least some amd64 platforms). - -20100418 - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/04/16 06:45:01 - [ssh_config.5] - tweak previous; ok djm - - jmc@cvs.openbsd.org 2010/04/16 06:47:04 - [ssh-keygen.1 ssh-keygen.c] - tweak previous; ok djm - - djm@cvs.openbsd.org 2010/04/16 21:14:27 - [sshconnect.c] - oops, %r => remote username, not %u - - djm@cvs.openbsd.org 2010/04/16 01:58:45 - [regress/cert-hostkey.sh regress/cert-userkey.sh] - regression tests for v01 certificate format - includes interop tests for v00 certs - - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default - file. - -20100416 - - (djm) Release openssh-5.5p1 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/03/26 03:13:17 - [bufaux.c] - allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer - argument to allow skipping past values in a buffer - - jmc@cvs.openbsd.org 2010/03/26 06:54:36 - [ssh.1] - tweak previous; - - jmc@cvs.openbsd.org 2010/03/27 14:26:55 - [ssh_config.5] - tweak previous; ok dtucker - - djm@cvs.openbsd.org 2010/04/10 00:00:16 - [ssh.c] - bz#1746 - suppress spurious tty warning when using -O and stdin - is not a tty; ok dtucker@ markus@ - - djm@cvs.openbsd.org 2010/04/10 00:04:30 - [sshconnect.c] - fix terminology: we didn't find a certificate in known_hosts, we found - a CA key - - djm@cvs.openbsd.org 2010/04/10 02:08:44 - [clientloop.c] - bz#1698: kill channel when pty allocation requests fail. Fixed - stuck client if the server refuses pty allocation. - ok dtucker@ "think so" markus@ - - djm@cvs.openbsd.org 2010/04/10 02:10:56 - [sshconnect2.c] - show the key type that we are offering in debug(), helps distinguish - between certs and plain keys as the path to the private key is usually - the same. - - djm@cvs.openbsd.org 2010/04/10 05:48:16 - [mux.c] - fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au - - djm@cvs.openbsd.org 2010/04/14 22:27:42 - [ssh_config.5 sshconnect.c] - expand %r => remote username in ssh_config:ProxyCommand; - ok deraadt markus - - markus@cvs.openbsd.org 2010/04/15 20:32:55 - [ssh-pkcs11.c] - retry lookup for private key if there's no matching key with CKA_SIGN - attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) - ok djm@ - - djm@cvs.openbsd.org 2010/04/16 01:47:26 - [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] - [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] - [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] - [sshconnect.c sshconnect2.c sshd.c] - revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the - following changes: - - move the nonce field to the beginning of the certificate where it can - better protect against chosen-prefix attacks on the signature hash - - Rename "constraints" field to "critical options" - - Add a new non-critical "extensions" field - - Add a serial number - - The older format is still support for authentication and cert generation - (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) - - ok markus@ diff --git a/INSTALL b/INSTALL index cbbb2df..582eef8 100644 --- a/INSTALL +++ b/INSTALL @@ -7,14 +7,15 @@ OpenSSL) Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems): http://www.gzip.org/zlib/ -libcrypto (LibreSSL or OpenSSL >= 0.9.8f) +libcrypto (LibreSSL or OpenSSL >= 0.9.8f < 1.1.0) LibreSSL http://www.libressl.org/ ; or OpenSSL http://www.openssl.org/ LibreSSL/OpenSSL should be compiled as a position-independent library (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it. If you must use a non-position-independent libcrypto, then you may need -to configure OpenSSH --without-pie. +to configure OpenSSH --without-pie. Note that because of API changes, +OpenSSL 1.1.x is not currently supported. The remaining items are optional. diff --git a/INSTALL.win32 b/INSTALL.win32 deleted file mode 100644 index d94f5b1..0000000 --- a/INSTALL.win32 +++ /dev/null @@ -1,227 +0,0 @@ -STEP 1: Prepare the Cygwin environment -====================================== - -1. Download the Cygwin installer from www.cygwin.com - -2. Launch the Cygwin installer, and ensure that packages listed below are selected as 'install': - - devel/mingw-* - devel/mingw64-* - perl/* - devel/make: GNU Tool - devel/autoconf - devel/autoconf-2.69-2 - - See REFERENCE VERSIONS below for the detailed list of packages used for reference build. - - - -STEP 2: Compile -=============== - -Build with Cygwin 32-bit ------------------------- - -1. Ensure that are you using correct mingw32 toolchain. You must have administrative rights. - - To do that, create symbolic links: - - /bin/i686-pc-mingw32-* |-> /bin/* - - or run the /scripts/set-mingw32.sh script from the Cygwin /bin directory - - -2. Prepare the 32-bit libssl.a and libcrypto.a libraries and the openssl headers. - - These libraries are used by 32-bit openssh and 32-bit ssh-lsa. - - - Download OpenSSL sources from http://www.openssl.org/source/. - - Version used as reference build is openssl-1.0.1e. - - - Compile sources by running: - - $./Configure mingw - $make - - -3. Prepare 32-bit libz.a and zlib.dll. - - - Download ZLIB sources from http://www.zlib.net - - Version used as reference build is 1.2.8. - - - Compile sources by running: - - make -f win32/Makefile.gcc - - -4. Build 32-bit OpenSSH: - -Run the following commands under a Cygwin shell in the openssh directory: - - $autoreconf - - $./configure --build=i686-pc-mingw32 - --host=i686-pc-mingw32 - --with-ssl-dir= - --with-zlib= - --with-kerberos5 - -where is a directory where openssl sources are extracted and is a directory where zlib sources are extracted - - - - $cat config.h.tail >> config.h - - - - -Build one of SSH family tool: - -Run: - - $make - - where is any of the OpenSSH tools ported to Win32. - - - sftp.exe available starting from openssh-5.9p1-win32 - ssh-agent.exe available starting from openssh-4.7p1-win32 - ssh-add.exe available starting from openssh-4.7p1-win32 - ssh-keygen.exe available starting from openssh-4.7p1-win32 - sftp-server.exe available starting from openssh-4.7p1-win32 - ssh.exe - sshd.exe - -4. Build 32-bit ssh-lsa for native RSA/DSA key authorization - -Move to contribwin32win32compatlsa directory and run: - - $export LIBSSL_PATH="/home/nars/openssl-1.0.1e" - - $make -f Makefile.mingw32 - - - This command should produce the 32-bit ssh-lsa.dll file. - - -Build with Cygwin 64-bit ------------------------- - -1. Build 32-bit openssl, zlib and openssh following 1-4 steps from 32-bit instruction. OpenSSH tools are always 32-bit. - -2. Ensure that you are using correct mingw64 toolchain. You must have administrative rights. - - To do that you must create symbolic links: - - /bin/x86_64-w64-mingw32-* |-> /bin/* - - or run /scripts/set-mingw64.sh from the Cygwin /bin directory. - - -3. Prepare the 64-bit libssl.a and libcrypto.a libraries and the openssl headers. These libraries are used by 64-bit ssh-lsa. - - - Move clean OpenSSL sources into another directory, e.g. openssl-64. - - - Compile sources by running: - - $./Configure mingw64 - $make - -4. Build 64-bit ssh-lsa for native RSA/DSA key authorization - - - Move to contribwin32win32compatlsa directory and run: - - $export LIBSSL_PATH="/home/nars/openssl-1.0.1e" - - $make -f Makefile.mingw32 - - - This command should produce 64-bit ssh-lsa.dll file. - - -STEP 3 - Install ssh-lsa on system where sshd server is running -=============================================================== - -- Copy the ssh-lsa.dll to the %WINDIR%/System32 directory. - - -IMPORTANT NOTE: - -If your Windows is at 64-bit, be sure that you use a 64-bit file manager to copy ssh-lsa.dll, otherwise this dll will be not visible on the 64-bit OS. - -For example: - -- Drag and drop file using Windows explorer. - -Or: - -- Run copy ssh-lsa.dll c:/windows/system32 under a cmd.exe console. - -- Then, by using the regedit tool, add 'ssh-lsa' string to the end of the registry key below: - - HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages - - -Reboot the machine. - - - -REFERENCE VERSIONS -================== - -CYGWIN PACKAGES ---------------- - -13-1 Devel/autoconf: Wrapper for autoconf command - -2.13-12 Devel/autoconf2.1: Stable version of the automatic configure builder - -2.69-2 Devel/autoconf2.5: An extensible package of m4 macros shell scripts - to automatically configure software code packages - -2.23.51-1 Devel/binutils: The GNU assembler, linker and binary utilites -4.8.2-1 Devel/libgcc1: GCC C runtime library -4.8.2-1 Devel/libssp0: GCC Stack-smashing Protection runtime library -4.8.2-1 Devel/libstdc++6: GCC C++ runtime library -4.0-2 Devel/make: The GNU version of 'make' utility -2.23.1-1 Devel/mingw-binutils: Bintutils for MinGW.org win32 toolchain (util) - -4.7.3-1 Devel/mingw-gcc-core -4.7.3-1 Devel/mingw-gcc-g++ -4.7.3-1 Devel/mingw-gcc-obj - -20110507-2 Devel/mingw-pthreads: Libpthread for MinGW.org - -4.0-1 Devel/mingw-runtime: MinGW.org MSVC & compiler runtime header and libraries -4.0-1 Devel/mingw-w32api - -2.22.52-1 Devel/mingw64-i686-binutils -4.7.3-1 Devel/mingw64-i686-gcc-core -4.7.3-1 Devel/mingw64-i686-gcc-g++ -3.0.0-1 Devel/mingw64-i686-headers -20100619-5 Devel/mingw64-i686-pthreads -3.0.0-1 Devel/mingw64-i686-runtime -3.0b_svn5935-1 Devel/mingw64-winpthreads - -2.22.52-1 Devel/mingw64-x86_64-binutils -4.7.3-1 Devel/mingw64-x86_64-gcc -4.7.3-1 Devel/mingw64-x86_64-core -4.7.3-1 Devel/mingw64-x86_64-g++ -3.0.0-1 Devel/mingw64-x86_64-headers -20100619-5 Devel/mingw64-x86_64-pthreads -3.0.0-1 Devel/mingw64-x86_64-runtime -3.0b-svn5935-1 Devel/mingw64-x86_64-winpthreads - -5.14.2-3 Perl/perl - - -OpenSSL -------- - -openssl-1.0.1e - - -ZLIB ----- - -zlib-1.2.8 \ No newline at end of file diff --git a/Makefile.in b/Makefile.in index 12176f8..12991cd 100644 --- a/Makefile.in +++ b/Makefile.in @@ -82,7 +82,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ compat.o crc32.o deattack.o fatal.o hostfile.o \ log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ - atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \ + atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o utf8.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ ssh-pkcs11.o smult_curve25519_ref.o \ @@ -91,11 +91,11 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ - kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o openssl-dh.o openssl-bn.o + kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ + platform-pledge.o platform-tracing.o SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect1.o sshconnect2.o mux.o \ - roaming_common.o roaming_client.o + sshconnect.o sshconnect1.o sshconnect2.o mux.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ audit.o audit-bsm.o audit-linux.o platform.o \ @@ -108,9 +108,9 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ - roaming_common.o roaming_serv.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ - sandbox-seccomp-filter.o sandbox-capsicum.o + sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ + sandbox-solaris.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 @@ -178,14 +178,14 @@ ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o - $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o + $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o - $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) +ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -223,7 +223,7 @@ umac128.o: umac.c $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \ -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \ -Dumac_update=umac128_update -Dumac_final=umac128_final \ - -Dumac_delete=umac128_delete + -Dumac_delete=umac128_delete -Dumac_ctx=umac128_ctx clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log @@ -240,6 +240,8 @@ clean: regressclean rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o rm -f regress/unittests/kex/test_kex + rm -f regress/misc/kexfuzz/*.o + rm -f regress/misc/kexfuzz/kexfuzz (cd openbsd-compat && $(MAKE) clean) distclean: regressclean @@ -260,6 +262,7 @@ distclean: regressclean rm -f regress/unittests/hostkeys/test_hostkeys rm -f regress/unittests/kex/*.o rm -f regress/unittests/kex/test_kex + rm -f regress/unittests/misc/kexfuzz (cd openbsd-compat && $(MAKE) distclean) if test -d pkg ; then \ rm -fr pkg ; \ @@ -327,10 +330,6 @@ install-files: $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 - -rm -f $(DESTDIR)$(bindir)/slogin - ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 install-sysconf: if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ @@ -359,41 +358,19 @@ install-sysconf: host-key: ssh-keygen$(EXEEXT) @if [ -z "$(DESTDIR)" ] ; then \ - if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \ - echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \ - fi ; \ - if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \ - echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \ - fi ; \ - if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \ - echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \ - fi ; \ - if [ -f $(sysconfdir)/ssh_host_ed25519_key ] ; then \ - echo "$(sysconfdir)/ssh_host_ed25519_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t ed25519 -f $(sysconfdir)/ssh_host_ed25519_key -N "" ; \ - fi ; \ - if [ -z "@COMMENT_OUT_ECC@" ] ; then \ - if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \ - echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \ - fi ; \ - fi ; \ - fi ; + ./ssh-keygen -A; \ + fi -host-key-force: ssh-keygen$(EXEEXT) - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" +host-key-force: ssh-keygen$(EXEEXT) ssh$(EXEEXT) + if ./ssh -Q protocol-version | grep '^1$$' >/dev/null; then \ + ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""; \ + fi ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N "" - test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" + if ./ssh -Q key | grep ecdsa >/dev/null ; then \ + ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""; \ + fi uninstallall: uninstall -rm -f $(DESTDIR)$(sysconfdir)/ssh_config @@ -407,7 +384,6 @@ uninstallall: uninstall -rmdir $(DESTDIR)$(libexecdir) uninstall: - -rm -f $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) @@ -430,7 +406,6 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 regress-prep: [ -d `pwd`/regress ] || mkdir -p `pwd`/regress @@ -447,19 +422,27 @@ regress-prep: mkdir -p `pwd`/regress/unittests/hostkeys [ -d `pwd`/regress/unittests/kex ] || \ mkdir -p `pwd`/regress/unittests/kex + [ -d `pwd`/regress/misc/kexfuzz ] || \ + mkdir -p `pwd`/regress/misc/kexfuzz [ -f `pwd`/regress/Makefile ] || \ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile -regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ +REGRESSLIBS=libssh.a $(LIBCOMPAT) + +regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ +regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ +regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/netcat.c \ + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + +regress/check-perm$(EXEEXT): $(srcdir)/regress/check-perm.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/check-perm.c \ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) UNITTESTS_TEST_HELPER_OBJS=\ @@ -510,8 +493,7 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ UNITTESTS_TEST_KEX_OBJS=\ regress/unittests/kex/tests.o \ - regress/unittests/kex/test_kex.o \ - roaming_dummy.o + regress/unittests/kex/test_kex.o regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ regress/unittests/test_helper/libtest_helper.a libssh.a @@ -530,17 +512,25 @@ regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ regress/unittests/test_helper/libtest_helper.a \ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -REGRESS_BINARIES=\ - regress/modpipe$(EXEEXT) \ +MISC_KEX_FUZZ_OBJS=\ + regress/misc/kexfuzz/kexfuzz.o + +regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a + $(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \ + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) + +regress-binaries: regress/modpipe$(EXEEXT) \ regress/setuid-allowed$(EXEEXT) \ regress/netcat$(EXEEXT) \ + regress/check-perm$(EXEEXT) \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ regress/unittests/sshkey/test_sshkey$(EXEEXT) \ regress/unittests/bitmap/test_bitmap$(EXEEXT) \ regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ - regress/unittests/kex/test_kex$(EXEEXT) + regress/unittests/kex/test_kex$(EXEEXT) \ + regress/misc/kexfuzz/kexfuzz$(EXEEXT) -tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES) +tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS) BUILDDIR=`pwd`; \ TEST_SSH_SCP="$${BUILDDIR}/scp"; \ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ @@ -565,6 +555,7 @@ tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES) OBJ="$${BUILDDIR}/regress/" \ PATH="$${BUILDDIR}:$${PATH}" \ TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ + TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ TEST_SSH_SCP="$${TEST_SSH_SCP}" \ TEST_SSH_SSH="$${TEST_SSH_SSH}" \ TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \ diff --git a/PROTOCOL b/PROTOCOL index 131adfe..c6f99a3 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -247,6 +247,8 @@ to request that the server make a connection to a Unix domain socket. uint32 initial window size uint32 maximum packet size string socket path + string reserved + uint32 reserved Similar to forwarded-tcpip, forwarded-streamlocal is sent by the server when the client has previously send the server a streamlocal-forward @@ -452,4 +454,4 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $ +$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $ diff --git a/PROTOCOL.agent b/PROTOCOL.agent index 27ec0c1..60d36f9 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent @@ -206,6 +206,28 @@ ECDSA certificates may be added with: string key_comment constraint[] key_constraints +ED25519 keys may be added using the following request + byte SSH2_AGENTC_ADD_IDENTITY or + SSH2_AGENTC_ADD_ID_CONSTRAINED + string "ssh-ed25519" + string ed25519_public_key + string ed25519_private_key || ed25519_public_key + string key_comment + constraint[] key_constraints + +ED25519 certificates may be added with: + byte SSH2_AGENTC_ADD_IDENTITY or + SSH2_AGENTC_ADD_ID_CONSTRAINED + string "ssh-ed25519-cert-v01@openssh.com" + string certificate + string ed25519_public_key + string ed25519_private_key || ed25519_public_key + string key_comment + constraint[] key_constraints + +For both ssh-ed25519 and ssh-ed25519-cert-v01@openssh.com keys, the private +key has the public key appended (for historical reasons). + RSA keys may be added with this request: byte SSH2_AGENTC_ADD_IDENTITY or @@ -557,4 +579,4 @@ Locking and unlocking affects both protocol 1 and protocol 2 keys. SSH_AGENT_CONSTRAIN_LIFETIME 1 SSH_AGENT_CONSTRAIN_CONFIRM 2 -$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $ +$OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $ diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index c985910..aa6f5ae 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys @@ -100,9 +100,9 @@ DSA certificate ECDSA certificate - string "ecdsa-sha2-nistp256@openssh.com" | - "ecdsa-sha2-nistp384@openssh.com" | - "ecdsa-sha2-nistp521@openssh.com" + string "ecdsa-sha2-nistp256-v01@openssh.com" | + "ecdsa-sha2-nistp384-v01@openssh.com" | + "ecdsa-sha2-nistp521-v01@openssh.com" string nonce string curve string public_key @@ -118,6 +118,23 @@ ECDSA certificate string signature key string signature +ED25519 certificate + + string "ssh-ed25519-cert-v01@openssh.com" + string nonce + string pk + uint64 serial + uint32 type + string key id + string valid principals + uint64 valid after + uint64 valid before + string critical options + string extensions + string reserved + string signature key + string signature + The nonce field is a CA-provided random bitstring of arbitrary length (but typically 16 or 32 bytes) included to make attacks that depend on inducing collisions in the signature hash infeasible. @@ -129,6 +146,9 @@ p, q, g, y are the DSA parameters as described in FIPS-186-2. curve and public key are respectively the ECDSA "[identifier]" and "Q" defined in section 3.1 of RFC5656. +pk is the encoded Ed25519 public key as defined by +draft-josefsson-eddsa-ed25519-03. + serial is an optional certificate serial number set by the CA to provide an abbreviated way to refer to certificates from that CA. If a CA does not wish to number its certificates it must set this @@ -146,7 +166,7 @@ strings packed inside it. These principals list the names for which this certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and usernames for SSH_CERT_TYPE_USER certificates. As a special case, a zero-length "valid principals" field means the certificate is valid for -any principal of the specified type. XXX DNS wildcards? +any principal of the specified type. "valid after" and "valid before" specify a validity period for the certificate. Each represents a time in seconds since 1970-01-01 @@ -183,7 +203,7 @@ signature is computed over all preceding fields from the initial string up to, and including the signature key. Signatures are computed and encoded according to the rules defined for the CA's public key algorithm (RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA -types). +types), and draft-josefsson-eddsa-ed25519-03 for Ed25519. Critical options ---------------- @@ -203,8 +223,9 @@ option-specific information (see below). All options are "critical", if an implementation does not recognise a option then the validating party should refuse to accept the certificate. -The supported options and the contents and structure of their -data fields are: +No critical options are defined for host certificates at present. The +supported user certificate options and the contents and structure of +their data fields are: Name Format Description ----------------------------------------------------------------------------- @@ -233,8 +254,9 @@ as is the requirement that each name appear only once. If an implementation does not recognise an extension, then it should ignore it. -The supported extensions and the contents and structure of their data -fields are: +No extensions are defined for host certificates at present. The +supported user certificate extensions and the contents and structure of +their data fields are: Name Format Description ----------------------------------------------------------------------------- @@ -262,4 +284,4 @@ permit-user-rc empty Flag indicating that execution of of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $ diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index 9cf73a9..4857d38 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 @@ -34,6 +34,8 @@ Detailed Construction The chacha20-poly1305@openssh.com cipher requires 512 bits of key material as output from the SSH key exchange. This forms two 256 bit keys (K_1 and K_2), used by two separate instances of chacha20. +The first 256 bits consitute K_2 and the second 256 bits become +K_1. The instance keyed by K_1 is a stream cipher that is used only to encrypt the 4 byte packet length field. The second instance, @@ -101,5 +103,5 @@ References [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 -$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ +$OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $ diff --git a/README b/README index a52c75a..4b6c342 100644 --- a/README +++ b/README @@ -1,5 +1,4 @@ -See http://www.openssh.com/txt/release-7.1 for the release notes. -See https://github.com/PowerShell/Win32-OpenSSH/wiki for build/deployment information +See http://www.openssh.com/txt/release-7.3p1 for the release notes. Please read http://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/README.md b/README.md deleted file mode 100644 index 530d70f..0000000 --- a/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# OpenSSH - -Win32 port of OpenSSH - -See the [wiki](https://github.com/PowerShell/Win32-OpenSSH/wiki) for installation instructions and help - - -[First release announcement](http://blogs.msdn.com/b/powershell/archive/2015/10/19/openssh-for-windows-update.aspx -) - -### Chocolatey - -[![](http://img.shields.io/chocolatey/dt/win32-openssh.svg)](https://chocolatey.org/packages/win32-openssh) [![](http://img.shields.io/chocolatey/v/win32-openssh.svg)](https://chocolatey.org/packages/win32-openssh) diff --git a/README.platform b/README.platform index d198232..8d75c16 100644 --- a/README.platform +++ b/README.platform @@ -36,6 +36,9 @@ loginrestrictions() function, in particular that the user has the "rlogin" attribute set. This check is not done for the root account, instead the PermitRootLogin setting in sshd_config is used. +If you are using the IBM compiler you probably want to use CC=xlc rather +than the default of cc. + Cygwin ------ diff --git a/README.win32 b/README.win32 deleted file mode 100644 index 45fc750..0000000 --- a/README.win32 +++ /dev/null @@ -1,180 +0,0 @@ -README.win32 - -openssh-5.9p1-win32-3 - -- Added the INSTALL.win32 to the package. It provides installation - instructions for the OpenSSH win32 port. - -openssh-5.9p1-win32-2 - -- Adjusted sources to compile with mingw-gcc 4.7. - -openssh-5.9p1-win32-1 - -Implemented: - -- Ported statvfs and fstatvfs extensions in sftp-server on - Windows. - -- Added support for Windows domain accounts. - -- Added support for network logon if interactive one failed on Windows. - -- Implemented Kerberos authentication using MIT/Kerberos and native - SSPI/Kerberos. - -- Disabled stdin echo while reading password on Windows. - -- sshd doesn't need lsa, when target user is owner of sshd - process on Windows. - -- integrated ssh-lsa with openssh tree. - -Bug fixes: - -- Fixed resource leaks in sshd on Windows. - -- Fixed possible hang up in ssh on Windows. - -- Fixed clean up of Winsta0 DACL on server side. - -- Added 'PamLibrary' option to sshd_config. This option changes - default path to libpam.so. if no specified default path is used. - -- Ported -oAuthorizedKeysFile to Windows. - -- Fixed path expanding under SYSTEM account on Windows. - -- Fixed block issue when the same socket used for stdin and stdout in - sftp-server on Windows. - -- Fixed possible heap corruption on file copying in sftp-server. - -- Fixed possible connection drop, when copying big files in - sftp-server on Windows. - -- Removed one redundant code page conversion in sftp-server on Windows. - -- Fixed access to root directory in sftp-server on Windows. - -- Fixed wrong exit code in SERVICE_CONTROL_STOP handler on Windows. - -- Changed encoding local characters while formatting error messages on - Windows. - -- Speeded up retreving HANDLE's type, when socket used on Windows. - -- Set stdout to binary mode as default if pipe is used in ssh on - Windows. - -openssh-5.9p1-win32 - -- Updated to OpenSSH version 5.9p1. - -- The openSSH SFTP client has been ported to Win 32. - -openssh-4.7p1-win32-1 - -- The following tools have been ported to Win32: ssh-agent, ssh-add, - sftp-server program and ssh-keygen. All the basic functionalities - related to the creation of the key-pairs are fully supported. The - managing of the known_hosts file is missing. - -- Added support to SSH client for MIT Kerberos for Windows and for - authorization based on smartcard devices. - -- Updated SSH server to support login also when the account doesn't - have administrative privileges. - -- Added support for native RSA/DSA key authorization via ssh-lsa. - Installing this tool requires administrative privileges and - a reboot of the machine. - -- The ProxyCommand option is now supported on Win32. - -- Added support for installing SSHD as a service by means of sc.exe - command line tool for Windows. Since command line parameters are not - passed to the SSHD process, a default sshd_config file is searched - in the following locations: in the installation directory where - sshd.exe is located (e.g. C:\sshd); the directory 'etc' under - the installation directory (e.g. C:\sshd\etc), and the directory 'etc' - in the installation directory (e.g C:\etc). - -- Improved SSH server to be fully operative on Windows Vista. SSHD can - work on Windows XP without SP1. - -- Improved logging facilities of SSHD: now all instances of the SSH - server log to the same file and SSHD creates a minidump file if a - crash occurs. - -- Solved problem with processes that may be left running when the SSHD - service is stopped or after an abnormal closure of the SSH session. - -- Fixed some memory leaks. - -- Fixed possible crashes of SSHD when a great number of connections is - established. - -- Fixed possible hanging of the SSHD service that may occurr when the - SSH session is closing and when reading a passphrase. - -- Fixed logging behavior of SSH client. Now when the client is run in - debug mode, output of packet dumps can be redirected to a file. - Solved other issues occurring when packet dumps when standard error - is redirected. - -- Fixed a problem related to the inheritance of handles in SSHD. - -- Fixed a bug in the session_get() function causing a segmentation - fault of SSHD. - -- Fixed the closure of startup pipes. This solves a problem which was - limiting the number of sessions to 10. - -- Fixed a problem causing a delay in establishing the connection when - SSHD is started as a Win32 service. Speeded-up login. - -- Disabled the privilege separation on Win32. - -- Solved issues preventing the correct detection of home directory - either on Windows 7 and when the user domain is set to NULL. - -- Fixed a segmentation fault of SSHD on Windows 7 at 64bit. - -- Added the setting of the USERPROFILE variable to the value detected - just after a successful login. - -openssh-5.4p1-win32 - -- Updated to OpenSSH version 5.4p1. - -openssh-4.7p1-win32 - -- Added the Win32 compat layer. - -- The Win32 layer provides support for: User identity and password - management functions like getuid(),setuid(),getpw*() and others; - string management functions like strcasecmp(), strncasecmp() and - other functions such as gettimeofday() and gethomedir(); management - of file descriptors, file handlers and sockets in an unified way; - file descriptor and sockets functions such as fstat(), fdopen(), - open(), dup(),dup2(), pipe(),create(),shutdown(),accept(),read(), - write(),close(), socket(), setsockopt(),getsockopt(), getpeername(), - getsockname(), ioctlsocket(), listen(),bind(),connect(), and others; - the select() function which can work on sockets, files, pipes and - console handlers; Windows users authentication. - -- Introduced some changes to the OpenSSH code for: supporting the - CreateProcess() function replacing fork() and allowing compilation - on Win32 platform. - -- Open Issues: SSHD cannot be installed as a Windows service by means - of Win32 administrative tools; if SSHD is running as a Windows - service, it requires that property 'Allow service to interact with - desktop' is set; to allow the connecting user to be authenticated by - SSHD, it is necessary that the user belongs to the 'Administrators' - group; if the connecting user has been authorized with public key - authentication, the GetUserName() function always returns 'SYSTEM' - instead of the username; possible crashes may occur during autho- - rization phase when SSHD is running on Vista; port of the ssh-keygen - tool is not available in this version. diff --git a/aclocal.m4 b/aclocal.m4 index 9bdea5e..1640683 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,4 +1,4 @@ -dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $ +dnl $Id: aclocal.m4,v 1.13 2014/01/22 10:30:12 djm Exp $ dnl dnl OpenSSH-specific autoconf macros dnl @@ -8,19 +8,104 @@ dnl Check that $CC accepts a flag 'check_flag'. If it is supported append dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append dnl 'check_flag'. AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ - AC_MSG_CHECKING([if $CC supports $1]) + AC_MSG_CHECKING([if $CC supports compile flag $1]) saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $1" + CFLAGS="$CFLAGS $WERROR $1" _define_flag="$2" test "x$_define_flag" = "x" && _define_flag="$1" - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], - [ AC_MSG_RESULT([yes]) - CFLAGS="$saved_CFLAGS $_define_flag"], + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + ]])], + [ +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" +else + AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $_define_flag" +fi], [ AC_MSG_RESULT([no]) CFLAGS="$saved_CFLAGS" ] ) }]) +dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag]) +dnl Check that $CC accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_CFLAG_LINK], [{ + AC_MSG_CHECKING([if $CC supports compile flag $1 and linking succeeds]) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + ]])], + [ +if `grep -i "unrecognized option" conftest.err >/dev/null` +then + AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" +else + AC_MSG_RESULT([yes]) + CFLAGS="$saved_CFLAGS $_define_flag" +fi], + [ AC_MSG_RESULT([no]) + CFLAGS="$saved_CFLAGS" ] + ) +}]) + +dnl OSSH_CHECK_LDFLAG_LINK(check_flag[, define_flag]) +dnl Check that $LD accepts a flag 'check_flag'. If it is supported append +dnl 'define_flag' to $LDFLAGS. If 'define_flag' is not specified, then append +dnl 'check_flag'. +AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{ + AC_MSG_CHECKING([if $LD supports link flag $1]) + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR $1" + _define_flag="$2" + test "x$_define_flag" = "x" && _define_flag="$1" + AC_LINK_IFELSE([AC_LANG_SOURCE([[ +#include +#include +int main(int argc, char **argv) { + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + exit(0); +} + ]])], + [ AC_MSG_RESULT([yes]) + LDFLAGS="$saved_LDFLAGS $_define_flag"], + [ AC_MSG_RESULT([no]) + LDFLAGS="$saved_LDFLAGS" ] + ) +}]) dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol) dnl Does AC_EGREP_HEADER on 'header' for the string 'field' diff --git a/acss.c b/acss.c deleted file mode 100644 index 86e2c01..0000000 --- a/acss.c +++ /dev/null @@ -1,267 +0,0 @@ -/* $Id: acss.c,v 1.4 2006/07/24 04:51:01 djm Exp $ */ -/* - * Copyright (c) 2004 The OpenBSD project - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include - -#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00906000L) - -#include "acss.h" - -/* decryption sbox */ -static unsigned char sboxdec[] = { - 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, - 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, - 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, - 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, - 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, - 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, - 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, - 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, - 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, - 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, - 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, - 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, - 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, - 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, - 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, - 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, - 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, - 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, - 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, - 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, - 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, - 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, - 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, - 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, - 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, - 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, - 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, - 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, - 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, - 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, - 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, - 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff -}; - -/* encryption sbox */ -static unsigned char sboxenc[] = { - 0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75, - 0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b, - 0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21, - 0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f, - 0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5, - 0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab, - 0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0, - 0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2, - 0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74, - 0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76, - 0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20, - 0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22, - 0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4, - 0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6, - 0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1, - 0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf, - 0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25, - 0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b, - 0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71, - 0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f, - 0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5, - 0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb, - 0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0, - 0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2, - 0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24, - 0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26, - 0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70, - 0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72, - 0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4, - 0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6, - 0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1, - 0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff -}; - -static unsigned char reverse[] = { - 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, - 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, - 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, - 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, - 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, - 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, - 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, - 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, - 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, - 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, - 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, - 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, - 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, - 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, - 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, - 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, - 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, - 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, - 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, - 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, - 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, - 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, - 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, - 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, - 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, - 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, - 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, - 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, - 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, - 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, - 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, - 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff -}; - -/* - * Two linear feedback shift registers are used: - * - * lfsr17: polynomial of degree 17, primitive modulo 2 (listed in Schneier) - * x^15 + x + 1 - * lfsr25: polynomial of degree 25, not know if primitive modulo 2 - * x^13 + x^5 + x^4 + x^1 + 1 - * - * Output bits are discarded, instead the feedback bits are added to produce - * the cipher stream. Depending on the mode, feedback bytes may be inverted - * bit-wise before addition. - * - * The lfsrs are seeded with bytes from the raw key: - * - * lfsr17: byte 0[0:7] at bit 9 - * byte 1[0:7] at bit 0 - * - * lfsr25: byte 2[0:4] at bit 16 - * byte 2[5:7] at bit 22 - * byte 3[0:7] at bit 8 - * byte 4[0:7] at bit 0 - * - * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in - * lfsr25. - * - */ - -int -acss(ACSS_KEY *key, unsigned long len, const unsigned char *in, - unsigned char *out) -{ - unsigned long i; - unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp; - - lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0; - - /* keystream is sum of lfsrs */ - for (i = 0; i < len; i++) { - lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14); - key->lfsr17 = (key->lfsr17 >> 8) - ^ (lfsr17tmp << 9) - ^ (lfsr17tmp << 12) - ^ (lfsr17tmp << 15); - key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */ - - lfsr25tmp = key->lfsr25 - ^ (key->lfsr25 >> 3) - ^ (key->lfsr25 >> 4) - ^ (key->lfsr25 >> 12); - key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17); - key->lfsr25 &= 0x1ffffff; /* 25 bit LFSR */ - - lfsrsumtmp = key->lfsrsum; - - /* addition */ - switch (key->mode) { - case ACSS_AUTHENTICATE: - case ACSS_DATA: - key->lfsrsum = 0xff & ~(key->lfsr17 >> 9); - key->lfsrsum += key->lfsr25 >> 17; - break; - case ACSS_SESSIONKEY: - key->lfsrsum = key->lfsr17 >> 9; - key->lfsrsum += key->lfsr25 >> 17; - break; - case ACSS_TITLEKEY: - key->lfsrsum = key->lfsr17 >> 9; - key->lfsrsum += 0xff & ~(key->lfsr25 >> 17); - break; - default: - return 1; - } - key->lfsrsum += (lfsrsumtmp >> 8); - - if (key->encrypt) { - out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff]; - } else { - out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff; - } - } - - return 0; -} - -static void -acss_seed(ACSS_KEY *key) -{ - int i; - - /* if available, mangle with subkey */ - if (key->subkey_avilable) { - for (i = 0; i < ACSS_KEYSIZE; i++) - key->seed[i] = reverse[key->data[i] ^ key->subkey[i]]; - } else { - for (i = 0; i < ACSS_KEYSIZE; i++) - key->seed[i] = reverse[key->data[i]]; - } - - /* seed lfsrs */ - key->lfsr17 = key->seed[1] - | (key->seed[0] << 9) - | (1 << 8); /* inject 1 at bit 9 */ - key->lfsr25 = key->seed[4] - | (key->seed[3] << 8) - | ((key->seed[2] & 0x1f) << 16) - | ((key->seed[2] & 0xe0) << 17) - | (1 << 21); /* inject 1 at bit 22 */ - - key->lfsrsum = 0; -} - -void -acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode) -{ - memcpy(key->data, data, sizeof(key->data)); - memset(key->subkey, 0, sizeof(key->subkey)); - - if (enc != -1) - key->encrypt = enc; - key->mode = mode; - key->subkey_avilable = 0; - - acss_seed(key); -} - -void -acss_setsubkey(ACSS_KEY *key, const unsigned char *subkey) -{ - memcpy(key->subkey, subkey, sizeof(key->subkey)); - key->subkey_avilable = 1; - acss_seed(key); -} -#endif diff --git a/acss.h b/acss.h deleted file mode 100644 index 91b4895..0000000 --- a/acss.h +++ /dev/null @@ -1,47 +0,0 @@ -/* $Id: acss.h,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */ -/* - * Copyright (c) 2004 The OpenBSD project - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _ACSS_H_ -#define _ACSS_H_ - -/* 40bit key */ -#define ACSS_KEYSIZE 5 - -/* modes of acss */ -#define ACSS_AUTHENTICATE 0 -#define ACSS_SESSIONKEY 1 -#define ACSS_TITLEKEY 2 -#define ACSS_DATA 3 - -typedef struct acss_key_st { - unsigned int lfsr17; /* current state of lfsrs */ - unsigned int lfsr25; - unsigned int lfsrsum; - unsigned char seed[ACSS_KEYSIZE]; - unsigned char data[ACSS_KEYSIZE]; - unsigned char subkey[ACSS_KEYSIZE]; - int encrypt; /* XXX make these bit flags? */ - int mode; - int seeded; - int subkey_avilable; -} ACSS_KEY; - -void acss_setkey(ACSS_KEY *, const unsigned char *, int, int); -void acss_setsubkey(ACSS_KEY *, const unsigned char *); -int acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *); - -#endif /* ifndef _ACSS_H_ */ diff --git a/appveyor.yml b/appveyor.yml new file mode 100644 index 0000000..ed2e885 --- /dev/null +++ b/appveyor.yml @@ -0,0 +1,42 @@ +version: 0.0.4.0.{build} +image: Visual Studio 2015 + +branches: + only: + - V_7_3w + +init: + - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) + +build_script: + - ps: | + Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 + Invoke-AppVeyorBuild + +after_build: + - ps: | + Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 + Install-OpenSSH + - ps: Write-Verbose "Restart computer ..." + - ps: Restart-Computer -ComputerName localhost -Force + - ps: Start-Sleep -s 5 # Needs to be proceeded with -ps: as it's interpreted by AppVeyor + - ps: Write-Verbose "Restart computer completed" + +before_test: + - ps: | + Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 + Install-TestDependencies + +test_script: + - cmd: | + "%ProgramFiles%\PowerShell\6.0.0.12\powershell.exe" -Command "Import-Module \"%APPVEYOR_BUILD_FOLDER%\contrib\win32\openssh\AppVeyor.psm1\";Run-OpenSSHTests" + +after_test: + - ps: | + Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 + Upload-OpenSSHTestResults + +on_finish: + - ps: | + Import-Module $env:APPVEYOR_BUILD_FOLDER\contrib\win32\openssh\AppVeyor.psm1 + Publish-Artifact diff --git a/atomicio.c b/atomicio.c index 0f3f9b8..b1ec234 100644 --- a/atomicio.c +++ b/atomicio.c @@ -54,7 +54,7 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, { char *s = _s; size_t pos = 0; - int res; + ssize_t res; struct pollfd pfd; #ifndef BROKEN_READ_COMPARISON diff --git a/audit-bsm.c b/audit-bsm.c index 6e2ea28..6135591 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -35,7 +35,6 @@ /* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ #include "includes.h" - #if defined(USE_BSM_AUDIT) #include diff --git a/audit-linux.c b/audit-linux.c index b3ee2f4..d3524f7 100644 --- a/audit-linux.c +++ b/audit-linux.c @@ -36,17 +36,17 @@ #include "log.h" #include "audit.h" #include "canohost.h" +#include "packet.h" -const char* audit_username(void); +const char *audit_username(void); int -linux_audit_record_event(int uid, const char *username, - const char *hostname, const char *ip, const char *ttyn, int success) +linux_audit_record_event(int uid, const char *username, const char *hostname, + const char *ip, const char *ttyn, int success) { int audit_fd, rc, saved_errno; - audit_fd = audit_open(); - if (audit_fd < 0) { + if ((audit_fd = audit_open()) < 0) { if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) return 1; /* No audit support in kernel */ @@ -58,6 +58,7 @@ linux_audit_record_event(int uid, const char *username, username == NULL ? uid : -1, hostname, ip, ttyn, success); saved_errno = errno; close(audit_fd); + /* * Do not report error if the error is EPERM and sshd is run as non * root user. @@ -65,7 +66,8 @@ linux_audit_record_event(int uid, const char *username, if ((rc == -EPERM) && (geteuid() != 0)) rc = 0; errno = saved_errno; - return (rc >= 0); + + return rc >= 0; } /* Below is the sshd audit API code */ @@ -73,8 +75,8 @@ linux_audit_record_event(int uid, const char *username, void audit_connection_from(const char *host, int port) { -} /* not implemented */ +} void audit_run_command(const char *command) @@ -85,8 +87,8 @@ audit_run_command(const char *command) void audit_session_open(struct logininfo *li) { - if (linux_audit_record_event(li->uid, NULL, li->hostname, - NULL, li->line, 1) == 0) + if (linux_audit_record_event(li->uid, NULL, li->hostname, NULL, + li->line, 1) == 0) fatal("linux_audit_write_entry failed: %s", strerror(errno)); } @@ -99,6 +101,8 @@ audit_session_close(struct logininfo *li) void audit_event(ssh_audit_event_t event) { + struct ssh *ssh = active_state; /* XXX */ + switch(event) { case SSH_AUTH_SUCCESS: case SSH_CONNECTION_CLOSE: @@ -106,7 +110,6 @@ audit_event(ssh_audit_event_t event) case SSH_LOGIN_EXCEED_MAXTRIES: case SSH_LOGIN_ROOT_DENIED: break; - case SSH_AUTH_FAIL_NONE: case SSH_AUTH_FAIL_PASSWD: case SSH_AUTH_FAIL_KBDINT: @@ -115,12 +118,11 @@ audit_event(ssh_audit_event_t event) case SSH_AUTH_FAIL_GSSAPI: case SSH_INVALID_USER: linux_audit_record_event(-1, audit_username(), NULL, - get_remote_ipaddr(), "sshd", 0); + ssh_remote_ipaddr(ssh), "sshd", 0); break; - default: debug("%s: unhandled event %d", __func__, event); + break; } } - #endif /* USE_LINUX_AUDIT */ diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 2f4dbd2..e00718f 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-bsdauth.c,v 1.13 2014/06/24 01:13:21 djm Exp $ */ +/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -24,14 +24,6 @@ */ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif #include #include @@ -111,7 +103,7 @@ bsdauth_respond(void *ctx, u_int numresponses, char **responses) if (!authctxt->valid) return -1; - if (authctxt->as == 0) + if (authctxt->as == NULL) error("bsdauth_respond: no bsd auth session"); if (numresponses != 1) diff --git a/auth-krb5.c b/auth-krb5.c index 41dec59..a5a81ed 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -1,8 +1,8 @@ -/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ +/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */ /* * Kerberos v5 authentication and ticket-passing routines. * - * $FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp $ + * From: FreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar */ /* * Copyright (c) 2002 Daniel Kouril. All rights reserved. @@ -30,22 +30,12 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include #include #include "xmalloc.h" #include "ssh.h" -#include "ssh1.h" #include "packet.h" #include "log.h" #include "buffer.h" diff --git a/auth-options.c b/auth-options.c index 6d38140..b399b91 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.68 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.71 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -12,15 +12,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include @@ -38,6 +29,7 @@ #include "ssherr.h" #include "log.h" #include "canohost.h" +#include "packet.h" #include "sshbuf.h" #include "misc.h" #include "channels.h" @@ -84,18 +76,44 @@ auth_clear_options(void) free(ce->s); free(ce); } - if (forced_command) { - free(forced_command); - forced_command = NULL; - } - if (authorized_principals) { - free(authorized_principals); - authorized_principals = NULL; - } + free(forced_command); + forced_command = NULL; + free(authorized_principals); + authorized_principals = NULL; forced_tun_device = -1; channel_clear_permitted_opens(); } +/* + * Match flag 'opt' in *optsp, and if allow_negate is set then also match + * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0 + * if negated option matches. + * If the option or negated option matches, then *optsp is updated to + * point to the first character after the option and, if 'msg' is not NULL + * then a message based on it added via auth_debug_add(). + */ +static int +match_flag(const char *opt, int allow_negate, char **optsp, const char *msg) +{ + size_t opt_len = strlen(opt); + char *opts = *optsp; + int negate = 0; + + if (allow_negate && strncasecmp(opts, "no-", 3) == 0) { + opts += 3; + negate = 1; + } + if (strncasecmp(opts, opt, opt_len) == 0) { + *optsp = opts + opt_len; + if (msg != NULL) { + auth_debug_add("%s %s.", msg, + negate ? "disabled" : "enabled"); + } + return negate ? 0 : 1; + } + return -1; +} + /* * return 1 if access is granted, 0 if not. * side effect: sets key option flags @@ -103,8 +121,9 @@ auth_clear_options(void) int auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) { + struct ssh *ssh = active_state; /* XXX */ const char *cp; - int i; + int i, r; /* reset options */ auth_clear_options(); @@ -113,52 +132,48 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) return 1; while (*opts && *opts != ' ' && *opts != '\t') { - cp = "cert-authority"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - key_is_cert_authority = 1; - opts += strlen(cp); + if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) { + key_is_cert_authority = r; goto next_option; } - cp = "no-port-forwarding"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("Port forwarding disabled."); + if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) { + auth_debug_add("Key is restricted."); no_port_forwarding_flag = 1; - opts += strlen(cp); - goto next_option; - } - cp = "no-agent-forwarding"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("Agent forwarding disabled."); no_agent_forwarding_flag = 1; - opts += strlen(cp); - goto next_option; - } - cp = "no-X11-forwarding"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("X11 forwarding disabled."); no_x11_forwarding_flag = 1; - opts += strlen(cp); - goto next_option; - } - cp = "no-pty"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("Pty allocation disabled."); no_pty_flag = 1; - opts += strlen(cp); + no_user_rc = 1; goto next_option; } - cp = "no-user-rc"; - if (strncasecmp(opts, cp, strlen(cp)) == 0) { - auth_debug_add("User rc file execution disabled."); - no_user_rc = 1; - opts += strlen(cp); + if ((r = match_flag("port-forwarding", 1, &opts, + "Port forwarding")) != -1) { + no_port_forwarding_flag = r != 1; + goto next_option; + } + if ((r = match_flag("agent-forwarding", 1, &opts, + "Agent forwarding")) != -1) { + no_agent_forwarding_flag = r != 1; + goto next_option; + } + if ((r = match_flag("x11-forwarding", 1, &opts, + "X11 forwarding")) != -1) { + no_x11_forwarding_flag = r != 1; + goto next_option; + } + if ((r = match_flag("pty", 1, &opts, + "PTY allocation")) != -1) { + no_pty_flag = r != 1; + goto next_option; + } + if ((r = match_flag("user-rc", 1, &opts, + "User rc execution")) != -1) { + no_user_rc = r != 1; goto next_option; } cp = "command=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { opts += strlen(cp); - if (forced_command != NULL) - free(forced_command); + free(forced_command); forced_command = xmalloc(strlen(opts) + 1); i = 0; while (*opts) { @@ -188,8 +203,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) cp = "principals=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { opts += strlen(cp); - if (authorized_principals != NULL) - free(authorized_principals); + free(authorized_principals); authorized_principals = xmalloc(strlen(opts) + 1); i = 0; while (*opts) { @@ -261,9 +275,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) } cp = "from=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - const char *remote_ip = get_remote_ipaddr(); - const char *remote_host = get_canonical_hostname( - options.use_dns); + const char *remote_ip = ssh_remote_ipaddr(ssh); + const char *remote_host = auth_get_canonical_hostname( + ssh, options.use_dns); char *patterns = xmalloc(strlen(opts) + 1); opts += strlen(cp); @@ -445,6 +459,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, char **cert_forced_command, int *cert_source_address_done) { + struct ssh *ssh = active_state; /* XXX */ char *command, *allowed; const char *remote_ip; char *name = NULL; @@ -518,7 +533,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, free(allowed); goto out; } - remote_ip = get_remote_ipaddr(); + remote_ip = ssh_remote_ipaddr(ssh); result = addr_match_cidr_list(remote_ip, allowed); free(allowed); @@ -575,8 +590,7 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw, free(*cert_forced_command); *cert_forced_command = NULL; } - if (name != NULL) - free(name); + free(name); sshbuf_free(data); sshbuf_free(c); return ret; @@ -620,8 +634,7 @@ auth_cert_options(struct sshkey *k, struct passwd *pw) no_user_rc |= cert_no_user_rc; /* CA-specified forced command supersedes key option */ if (cert_forced_command != NULL) { - if (forced_command != NULL) - free(forced_command); + free(forced_command); forced_command = cert_forced_command; } return 0; diff --git a/auth-pam.c b/auth-pam.c index 6055948..348fe37 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -45,16 +45,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ -#include "includes.h" -/* - * We support only client side kerberos on Windows. - */ +/* Based on FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des */ -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif +#include "includes.h" #include #include @@ -75,9 +68,9 @@ /* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */ #ifdef PAM_SUN_CODEBASE -# define sshpam_const /* Solaris, HP-UX, AIX */ +# define sshpam_const /* Solaris, HP-UX, SunOS */ #else -# define sshpam_const const /* LinuxPAM, OpenPAM */ +# define sshpam_const const /* LinuxPAM, OpenPAM, AIX */ #endif /* Ambiguity in spec: is it an array of pointers or a pointer to an array? */ @@ -161,9 +154,12 @@ sshpam_sigchld_handler(int sig) <= 0) { /* PAM thread has not exitted, privsep slave must have */ kill(cleanup_ctxt->pam_thread, SIGTERM); - if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) - <= 0) - return; /* could not wait */ + while (waitpid(cleanup_ctxt->pam_thread, + &sshpam_thread_status, 0) == -1) { + if (errno == EINTR) + continue; + return; + } } if (WIFSIGNALED(sshpam_thread_status) && WTERMSIG(sshpam_thread_status) == SIGTERM) @@ -224,7 +220,11 @@ pthread_join(sp_pthread_t thread, void **value) if (sshpam_thread_status != -1) return (sshpam_thread_status); signal(SIGCHLD, sshpam_oldsig); - waitpid(thread, &status, 0); + while (waitpid(thread, &status, 0) == -1) { + if (errno == EINTR) + continue; + fatal("%s: waitpid: %s", __func__, strerror(errno)); + } return (status); } #endif @@ -236,10 +236,10 @@ static int sshpam_authenticated = 0; static int sshpam_session_open = 0; static int sshpam_cred_established = 0; static int sshpam_account_status = -1; +static int sshpam_maxtries_reached = 0; static char **sshpam_env = NULL; static Authctxt *sshpam_authctxt = NULL; static const char *sshpam_password = NULL; -static char badpw[] = "\b\n\r\177INCORRECT"; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -372,17 +372,6 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: - buffer_put_cstring(&buffer, - PAM_MSG_MEMBER(msg, i, msg)); - if (ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) - goto fail; - if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) - goto fail; - if (buffer_get_char(&buffer) != PAM_AUTHTOK) - goto fail; - reply[i].resp = buffer_get_string(&buffer, NULL); - break; case PAM_PROMPT_ECHO_ON: buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); @@ -396,12 +385,6 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: - buffer_put_cstring(&buffer, - PAM_MSG_MEMBER(msg, i, msg)); - if (ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) - goto fail; - break; case PAM_TEXT_INFO: buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); @@ -475,6 +458,8 @@ sshpam_thread(void *ctxtp) if (sshpam_err != PAM_SUCCESS) goto auth_fail; sshpam_err = pam_authenticate(sshpam_handle, flags); + if (sshpam_err == PAM_MAXTRIES) + sshpam_set_maxtries_reached(1); if (sshpam_err != PAM_SUCCESS) goto auth_fail; @@ -526,6 +511,8 @@ sshpam_thread(void *ctxtp) /* XXX - can't do much about an error here */ if (sshpam_err == PAM_ACCT_EXPIRED) ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); + else if (sshpam_maxtries_reached) + ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer); else ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); buffer_free(&buffer); @@ -631,6 +618,7 @@ sshpam_init(Authctxt *authctxt) extern char *__progname; const char *pam_rhost, *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; + struct ssh *ssh = active_state; /* XXX */ if (sshpam_handle != NULL) { /* We already have a PAM context; check if the user matches */ @@ -651,7 +639,7 @@ sshpam_init(Authctxt *authctxt) sshpam_handle = NULL; return (-1); } - pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns); + pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns); debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); if (sshpam_err != PAM_SUCCESS) { @@ -722,6 +710,7 @@ static int sshpam_query(void *ctx, char **name, char **info, u_int *num, char ***prompts, u_int **echo_on) { + struct ssh *ssh = active_state; /* XXX */ Buffer buffer; struct pam_ctxt *ctxt = ctx; size_t plen; @@ -764,7 +753,11 @@ sshpam_query(void *ctx, char **name, char **info, free(msg); break; case PAM_ACCT_EXPIRED: - sshpam_account_status = 0; + case PAM_MAXTRIES: + if (type == PAM_ACCT_EXPIRED) + sshpam_account_status = 0; + if (type == PAM_MAXTRIES) + sshpam_set_maxtries_reached(1); /* FALLTHROUGH */ case PAM_AUTH_ERR: debug3("PAM: %s", pam_strerror(sshpam_handle, type)); @@ -804,7 +797,7 @@ sshpam_query(void *ctx, char **name, char **info, error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", sshpam_authctxt->user, - get_remote_name_or_ip(utmp_len, options.use_dns)); + auth_get_canonical_hostname(ssh, options.use_dns)); /* FALLTHROUGH */ default: *num = 0; @@ -817,12 +810,35 @@ sshpam_query(void *ctx, char **name, char **info, return (-1); } +/* + * Returns a junk password of identical length to that the user supplied. + * Used to mitigate timing attacks against crypt(3)/PAM stacks that + * vary processing time in proportion to password length. + */ +static char * +fake_password(const char *wire_password) +{ + const char junk[] = "\b\n\r\177INCORRECT"; + char *ret = NULL; + size_t i, l = wire_password != NULL ? strlen(wire_password) : 0; + + if (l >= INT_MAX) + fatal("%s: password length too long: %zu", __func__, l); + + ret = malloc(l + 1); + for (i = 0; i < l; i++) + ret[i] = junk[i % (sizeof(junk) - 1)]; + ret[i] = '\0'; + return ret; +} + /* XXX - see also comment in auth-chall.c:verify_response */ static int sshpam_respond(void *ctx, u_int num, char **resp) { Buffer buffer; struct pam_ctxt *ctxt = ctx; + char *fake; debug2("PAM: %s entering, %u responses", __func__, num); switch (ctxt->pam_done) { @@ -843,8 +859,11 @@ sshpam_respond(void *ctx, u_int num, char **resp) (sshpam_authctxt->pw->pw_uid != 0 || options.permit_root_login == PERMIT_YES)) buffer_put_cstring(&buffer, *resp); - else - buffer_put_cstring(&buffer, badpw); + else { + fake = fake_password(*resp); + buffer_put_cstring(&buffer, fake); + free(fake); + } if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { buffer_free(&buffer); return (-1); @@ -1188,6 +1207,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) { int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); + char *fake = NULL; if (!options.use_pam || sshpam_handle == NULL) fatal("PAM: %s called when PAM disabled or failed to " @@ -1203,7 +1223,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) */ if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)) - sshpam_password = badpw; + sshpam_password = fake = fake_password(password); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&passwd_conv); @@ -1213,6 +1233,9 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_password = NULL; + free(fake); + if (sshpam_err == PAM_MAXTRIES) + sshpam_set_maxtries_reached(1); if (sshpam_err == PAM_SUCCESS && authctxt->valid) { debug("PAM: password authentication accepted for %.100s", authctxt->user); @@ -1224,4 +1247,21 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) return 0; } } + +int +sshpam_get_maxtries_reached(void) +{ + return sshpam_maxtries_reached; +} + +void +sshpam_set_maxtries_reached(int reached) +{ + if (reached == 0 || sshpam_maxtries_reached) + return; + sshpam_maxtries_reached = 1; + options.password_authentication = 0; + options.kbd_interactive_authentication = 0; + options.challenge_response_authentication = 0; +} #endif /* USE_PAM */ diff --git a/auth-pam.h b/auth-pam.h index a1a2b52..2e9a0c0 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -45,6 +45,8 @@ void free_pam_environment(char **); void sshpam_thread_cleanup(void); void sshpam_cleanup(void); int sshpam_auth_passwd(Authctxt *, const char *); +int sshpam_get_maxtries_reached(void); +void sshpam_set_maxtries_reached(int); int is_pam_session_open(void); #endif /* USE_PAM */ diff --git a/auth-passwd.c b/auth-passwd.c index 1401e96..810d298 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -37,18 +37,6 @@ */ #include "includes.h" -#ifdef WIN32_FIXME -#include "xmalloc.h" -#endif - - /* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME -#undef GSSAPI -#undef KRB5 -#endif #include @@ -78,6 +66,8 @@ extern login_cap_t *lc; #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ +#define MAX_PASSWORD_LEN 1024 + void disable_forwarding(void) { @@ -99,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password) static int expire_checked = 0; #endif + if (strlen(password) > MAX_PASSWORD_LEN) + return 0; + #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; @@ -201,7 +194,9 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) } } -#elif defined(WIN32_FIXME) +#endif + +#ifdef WINDOWS extern int auth_sock; int sys_auth_passwd(Authctxt *authctxt, const char *password) { @@ -246,7 +241,7 @@ int sys_auth_passwd(Authctxt *authctxt, const char *password) { struct passwd *pw = authctxt->pw; - char *encrypted_password; + char *encrypted_password, *salt = NULL; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; @@ -255,9 +250,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); - /* Encrypt the candidate password using the proper salt. */ - encrypted_password = xcrypt(password, - (pw_password[0] && pw_password[1]) ? pw_password : "xx"); + /* + * Encrypt the candidate password using the proper salt, or pass a + * NULL and let xcrypt pick one. + */ + if (authctxt->valid && pw_password[0] && pw_password[1]) + salt = pw_password; + encrypted_password = xcrypt(password, salt); /* * Authentication is accepted if the encrypted passwords diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index a4ccb73..057335b 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rh-rsa.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: auth-rh-rsa.c,v 1.45 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -15,11 +15,6 @@ #include "includes.h" -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #ifdef WITH_SSH1 #include @@ -47,8 +42,8 @@ extern ServerOptions options; int -auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, - Key *client_host_key) +auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *cuser, + const char *chost, Key *client_host_key) { HostStatus host_status; @@ -73,7 +68,8 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, int auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) { - char *chost; + struct ssh *ssh = active_state; /* XXX */ + const char *chost; struct passwd *pw = authctxt->pw; debug("Trying rhosts with RSA host authentication for client user %.100s", @@ -83,7 +79,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) client_host_key->rsa == NULL) return 0; - chost = (char *)get_canonical_hostname(options.use_dns); + chost = auth_get_canonical_hostname(ssh, options.use_dns); debug("Rhosts RSA authentication: canonical host %.900s", chost); if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) { diff --git a/auth-rhosts.c b/auth-rhosts.c index d00478b..42bdfb5 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.46 2014/12/23 22:42:48 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.47 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -16,15 +16,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include @@ -39,14 +30,15 @@ #include #include "packet.h" -#include "buffer.h" #include "uidswap.h" #include "pathnames.h" #include "log.h" #include "misc.h" +#include "buffer.h" /* XXX */ +#include "key.h" /* XXX */ #include "servconf.h" #include "canohost.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" @@ -203,10 +195,11 @@ check_rhosts_file(const char *filename, const char *hostname, int auth_rhosts(struct passwd *pw, const char *client_user) { + struct ssh *ssh = active_state; /* XXX */ const char *hostname, *ipaddr; - hostname = get_canonical_hostname(options.use_dns); - ipaddr = get_remote_ipaddr(); + hostname = auth_get_canonical_hostname(ssh, options.use_dns); + ipaddr = ssh_remote_ipaddr(ssh); return auth_rhosts2(pw, client_user, hostname, ipaddr); } diff --git a/auth-rsa.c b/auth-rsa.c index 3812438..cbd971b 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -16,15 +16,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #ifdef WITH_SSH1 #include diff --git a/auth-skey.c b/auth-skey.c index ba0ee90..3536ec8 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -25,15 +25,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #ifdef SKEY #include diff --git a/auth.c b/auth.c index 5b21636..668fd75 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.115 2016/06/15 00:40:40 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -27,6 +27,7 @@ #include #include +#include #include @@ -50,6 +51,7 @@ #include #include #include +#include #include "xmalloc.h" #include "match.h" @@ -97,6 +99,7 @@ int auth_debug_init; int allowed_user(struct passwd * pw) { + struct ssh *ssh = active_state; /* XXX */ struct stat st; const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; u_int i; @@ -184,8 +187,8 @@ allowed_user(struct passwd * pw) if (options.num_deny_users > 0 || options.num_allow_users > 0 || options.num_deny_groups > 0 || options.num_allow_groups > 0) { - hostname = get_canonical_hostname(options.use_dns); - ipaddr = get_remote_ipaddr(); + hostname = auth_get_canonical_hostname(ssh, options.use_dns); + ipaddr = ssh_remote_ipaddr(ssh); } /* Return false if user is listed in DenyUsers */ @@ -276,6 +279,7 @@ void auth_log(Authctxt *authctxt, int authenticated, int partial, const char *method, const char *submethod) { + struct ssh *ssh = active_state; /* XXX */ void (*authlog) (const char *fmt,...) = verbose; char *authmsg; @@ -302,8 +306,8 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, authctxt->valid ? "" : "invalid user ", authctxt->user, - get_remote_ipaddr(), - get_remote_port(), + ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), compat20 ? "ssh2" : "ssh1", authctxt->info != NULL ? ": " : "", authctxt->info != NULL ? authctxt->info : ""); @@ -316,11 +320,12 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, strncmp(method, "keyboard-interactive", 20) == 0 || strcmp(method, "challenge-response") == 0)) record_failed_login(authctxt->user, - get_canonical_hostname(options.use_dns), "ssh"); + auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); # ifdef WITH_AIXAUTHENTICATE if (authenticated) sys_auth_record_login(authctxt->user, - get_canonical_hostname(options.use_dns), "ssh", &loginmsg); + auth_get_canonical_hostname(ssh, options.use_dns), "ssh", + &loginmsg); # endif #endif #ifdef SSH_AUDIT_EVENTS @@ -333,12 +338,14 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, void auth_maxtries_exceeded(Authctxt *authctxt) { + struct ssh *ssh = active_state; /* XXX */ + error("maximum authentication attempts exceeded for " "%s%.100s from %.200s port %d %s", authctxt->valid ? "" : "invalid user ", authctxt->user, - get_remote_ipaddr(), - get_remote_port(), + ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), compat20 ? "ssh2" : "ssh1"); packet_disconnect("Too many authentication failures"); /* NOTREACHED */ @@ -350,6 +357,8 @@ auth_maxtries_exceeded(Authctxt *authctxt) int auth_root_allowed(const char *method) { + struct ssh *ssh = active_state; /* XXX */ + switch (options.permit_root_login) { case PERMIT_YES: return 1; @@ -366,7 +375,8 @@ auth_root_allowed(const char *method) } break; } - logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); + logit("ROOT LOGIN REFUSED FROM %.200s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return 0; } @@ -378,7 +388,6 @@ auth_root_allowed(const char *method) * * This returns a buffer allocated by xmalloc. */ - char * expand_authorized_keys(const char *filename, struct passwd *pw) { @@ -620,6 +629,7 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes) struct passwd * getpwnamallow(const char *user) { + struct ssh *ssh = active_state; /* XXX */ #ifdef HAVE_LOGIN_CAP extern login_cap_t *lc; #ifdef BSD_AUTH @@ -655,11 +665,11 @@ getpwnamallow(const char *user) } #endif if (pw == NULL) { - logit("Invalid user %.100s from %.100s", - user, get_remote_ipaddr()); + logit("Invalid user %.100s from %.100s port %d", + user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); #ifdef CUSTOM_FAILED_LOGIN record_failed_login(user, - get_canonical_hostname(options.use_dns), "ssh"); + auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS audit_event(SSH_INVALID_USER); @@ -789,3 +799,117 @@ fakepw(void) return (&fake); } + +/* + * Returns the remote DNS hostname as a string. The returned string must not + * be freed. NB. this will usually trigger a DNS query the first time it is + * called. + * This function does additional checks on the hostname to mitigate some + * attacks on legacy rhosts-style authentication. + * XXX is RhostsRSAAuthentication vulnerable to these? + * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) + */ + +static char * +remote_hostname(struct ssh *ssh) +{ + struct sockaddr_storage from; + socklen_t fromlen; + struct addrinfo hints, *ai, *aitop; + char name[NI_MAXHOST], ntop2[NI_MAXHOST]; + const char *ntop = ssh_remote_ipaddr(ssh); + + /* Get IP address of client. */ + fromlen = sizeof(from); + memset(&from, 0, sizeof(from)); + if (getpeername(ssh_packet_get_connection_in(ssh), + (struct sockaddr *)&from, &fromlen) < 0) { + debug("getpeername failed: %.100s", strerror(errno)); + return strdup(ntop); + } + + ipv64_normalise_mapped(&from, &fromlen); + if (from.ss_family == AF_INET6) + fromlen = sizeof(struct sockaddr_in6); + + debug3("Trying to reverse map address %.100s.", ntop); + /* Map the IP address to a host name. */ + if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), + NULL, 0, NI_NAMEREQD) != 0) { + /* Host name not found. Use ip address. */ + return strdup(ntop); + } + + /* + * if reverse lookup result looks like a numeric hostname, + * someone is trying to trick us by PTR record like following: + * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 + */ + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(name, NULL, &hints, &ai) == 0) { + logit("Nasty PTR record \"%s\" is set up for %s, ignoring", + name, ntop); + freeaddrinfo(ai); + return strdup(ntop); + } + + /* Names are stored in lowercase. */ + lowercase(name); + + /* + * Map it back to an IP address and check that the given + * address actually is an address of this host. This is + * necessary because anyone with access to a name server can + * define arbitrary names for an IP address. Mapping from + * name to IP address can be trusted better (but can still be + * fooled if the intruder has access to the name server of + * the domain). + */ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = from.ss_family; + hints.ai_socktype = SOCK_STREAM; + if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { + logit("reverse mapping checking getaddrinfo for %.700s " + "[%s] failed.", name, ntop); + return strdup(ntop); + } + /* Look for the address from the list of addresses. */ + for (ai = aitop; ai; ai = ai->ai_next) { + if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, + sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && + (strcmp(ntop, ntop2) == 0)) + break; + } + freeaddrinfo(aitop); + /* If we reached the end of the list, the address was not there. */ + if (ai == NULL) { + /* Address not found for the host name. */ + logit("Address %.100s maps to %.600s, but this does not " + "map back to the address.", ntop, name); + return strdup(ntop); + } + return strdup(name); +} + +/* + * Return the canonical name of the host in the other side of the current + * connection. The host name is cached, so it is efficient to call this + * several times. + */ + +const char * +auth_get_canonical_hostname(struct ssh *ssh, int use_dns) +{ + static char *dnsname; + + if (!use_dns) + return ssh_remote_ipaddr(ssh); + else if (dnsname != NULL) + return dnsname; + else { + dnsname = remote_hostname(ssh); + return dnsname; + } +} diff --git a/auth.h b/auth.h index edc2d68..5d73d1e 100644 --- a/auth.h +++ b/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.84 2015/05/08 06:41:56 djm Exp $ */ +/* $OpenBSD: auth.h,v 1.88 2016/05/04 14:04:40 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -42,10 +42,8 @@ #include #endif -#ifdef WIN32_FIXME - - #include - +#ifdef WINDOWS +#include #endif struct ssh; @@ -130,7 +128,8 @@ BIGNUM *auth_rsa_generate_challenge(Key *); int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); -int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); +int auth_rhosts_rsa_key_allowed(struct passwd *, const char *, + const char *, Key *); int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); int user_key_allowed(struct passwd *, Key *, int); void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) @@ -197,13 +196,14 @@ int verify_response(Authctxt *, const char *); void abandon_challenge_response(Authctxt *); char *expand_authorized_keys(const char *, struct passwd *pw); - char *authorized_principals_file(struct passwd *); FILE *auth_openkeyfile(const char *, struct passwd *, int); FILE *auth_openprincipals(const char *, struct passwd *, int); int auth_key_is_revoked(Key *); +const char *auth_get_canonical_hostname(struct ssh *, int); + HostStatus check_key_in_hostfiles(struct passwd *, Key *, const char *, const char *, const char *); @@ -216,7 +216,7 @@ Key *get_hostkey_private_by_type(int, int, struct ssh *); int get_hostkey_index(Key *, int, struct ssh *); int ssh1_session_key(BIGNUM *); int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, - const u_char *, size_t, u_int); + const u_char *, size_t, const char *, u_int); /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff --git a/auth1.c b/auth1.c index 83d0464..5073c49 100644 --- a/auth1.c +++ b/auth1.c @@ -12,16 +12,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - - #ifdef WITH_SSH1 #include diff --git a/auth2-chall.c b/auth2-chall.c index 4aff09d..ead4803 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ +/* $OpenBSD: auth2-chall.c,v 1.44 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2001 Per Allansson. All rights reserved. @@ -122,8 +122,8 @@ kbdint_alloc(const char *devs) buffer_append(&b, devices[i]->name, strlen(devices[i]->name)); } - buffer_append(&b, "\0", 1); - kbdintctxt->devices = xstrdup(buffer_ptr(&b)); + if ((kbdintctxt->devices = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); } else { kbdintctxt->devices = xstrdup(devs); diff --git a/auth2-gss.c b/auth2-gss.c index 2a91d6a..1ca8357 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -26,15 +26,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #ifdef GSSAPI #include diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 7e22b9a..1b3c3b2 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.25 2015/05/04 06:10:48 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.26 2016/03/07 19:02:43 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,15 +25,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include @@ -169,6 +160,7 @@ int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, Key *key) { + struct ssh *ssh = active_state; /* XXX */ const char *resolvedname, *ipaddr, *lookup, *reason; HostStatus host_status; int len; @@ -177,8 +169,8 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, if (auth_key_is_revoked(key)) return 0; - resolvedname = get_canonical_hostname(options.use_dns); - ipaddr = get_remote_ipaddr(); + resolvedname = auth_get_canonical_hostname(ssh, options.use_dns); + ipaddr = ssh_remote_ipaddr(ssh); debug2("%s: chost %s resolvedname %s ipaddr %s", __func__, chost, resolvedname, ipaddr); diff --git a/auth2-jpake.c b/auth2-jpake.c deleted file mode 100644 index a460e82..0000000 --- a/auth2-jpake.c +++ /dev/null @@ -1,563 +0,0 @@ -/* $OpenBSD: auth2-jpake.c,v 1.4 2010/08/31 11:54:45 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Server side of zero-knowledge password auth using J-PAKE protocol - * as described in: - * - * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", - * 16th Workshop on Security Protocols, Cambridge, April 2008 - * - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - */ - -#ifdef JPAKE - -#include -#include - -#include -#include -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "ssh2.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "buffer.h" -#include "packet.h" -#include "dispatch.h" -#include "log.h" -#include "servconf.h" -#include "auth-options.h" -#include "canohost.h" -#ifdef GSSAPI -#include "ssh-gss.h" -#endif -#include "monitor_wrap.h" - -#include "schnorr.h" -#include "jpake.h" - -/* - * XXX options->permit_empty_passwd (at the moment, they will be refused - * anyway because they will mismatch on fake salt. - */ - -/* Dispatch handlers */ -static void input_userauth_jpake_client_step1(int, u_int32_t, void *); -static void input_userauth_jpake_client_step2(int, u_int32_t, void *); -static void input_userauth_jpake_client_confirm(int, u_int32_t, void *); - -static int auth2_jpake_start(Authctxt *); - -/* import */ -extern ServerOptions options; -extern u_char *session_id2; -extern u_int session_id2_len; - -/* - * Attempt J-PAKE authentication. - */ -static int -userauth_jpake(Authctxt *authctxt) -{ - int authenticated = 0; - - packet_check_eom(); - - debug("jpake-01@openssh.com requested"); - - if (authctxt->user != NULL) { - if (authctxt->jpake_ctx == NULL) - authctxt->jpake_ctx = jpake_new(); - if (options.zero_knowledge_password_authentication) - authenticated = auth2_jpake_start(authctxt); - } - - return authenticated; -} - -Authmethod method_jpake = { - "jpake-01@openssh.com", - userauth_jpake, - &options.zero_knowledge_password_authentication -}; - -/* Clear context and callbacks */ -void -auth2_jpake_stop(Authctxt *authctxt) -{ - /* unregister callbacks */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL); - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL); - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL); - if (authctxt->jpake_ctx != NULL) { - jpake_free(authctxt->jpake_ctx); - authctxt->jpake_ctx = NULL; - } -} - -/* Returns 1 if 'c' is a valid crypt(3) salt character, 0 otherwise */ -static int -valid_crypt_salt(int c) -{ - if (c >= 'A' && c <= 'Z') - return 1; - if (c >= 'a' && c <= 'z') - return 1; - if (c >= '.' && c <= '9') - return 1; - return 0; -} - -/* - * Derive fake salt as H(username || first_private_host_key) - * This provides relatively stable fake salts for non-existent - * users and avoids the jpake method becoming an account validity - * oracle. - */ -static void -derive_rawsalt(const char *username, u_char *rawsalt, u_int len) -{ - u_char *digest; - u_int digest_len; - Buffer b; - Key *k; - - buffer_init(&b); - buffer_put_cstring(&b, username); - if ((k = get_hostkey_by_index(0)) == NULL || - (k->flags & KEY_FLAG_EXT)) - fatal("%s: no hostkeys", __func__); - switch (k->type) { - case KEY_RSA1: - case KEY_RSA: - if (k->rsa->p == NULL || k->rsa->q == NULL) - fatal("%s: RSA key missing p and/or q", __func__); - buffer_put_bignum2(&b, k->rsa->p); - buffer_put_bignum2(&b, k->rsa->q); - break; - case KEY_DSA: - if (k->dsa->priv_key == NULL) - fatal("%s: DSA key missing priv_key", __func__); - buffer_put_bignum2(&b, k->dsa->priv_key); - break; - case KEY_ECDSA: - if (EC_KEY_get0_private_key(k->ecdsa) == NULL) - fatal("%s: ECDSA key missing priv_key", __func__); - buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa)); - break; - default: - fatal("%s: unknown key type %d", __func__, k->type); - } - if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(), - &digest, &digest_len) != 0) - fatal("%s: hash_buffer", __func__); - buffer_free(&b); - if (len > digest_len) - fatal("%s: not enough bytes for rawsalt (want %u have %u)", - __func__, len, digest_len); - memcpy(rawsalt, digest, len); - bzero(digest, digest_len); - xfree(digest); -} - -/* ASCII an integer [0, 64) for inclusion in a password/salt */ -static char -pw_encode64(u_int i64) -{ - const u_char e64[] = - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - return e64[i64 % 64]; -} - -/* Generate ASCII salt bytes for user */ -static char * -makesalt(u_int want, const char *user) -{ - u_char rawsalt[32]; - static char ret[33]; - u_int i; - - if (want > sizeof(ret) - 1) - fatal("%s: want %u", __func__, want); - - derive_rawsalt(user, rawsalt, sizeof(rawsalt)); - bzero(ret, sizeof(ret)); - for (i = 0; i < want; i++) - ret[i] = pw_encode64(rawsalt[i]); - bzero(rawsalt, sizeof(rawsalt)); - - return ret; -} - -/* - * Select the system's default password hashing scheme and generate - * a stable fake salt under it for use by a non-existent account. - * Prevents jpake method being used to infer the validity of accounts. - */ -static void -fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme) -{ - char *rounds_s, *style; - long long rounds; - login_cap_t *lc; - - - if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL && - (lc = login_getclass(NULL)) == NULL) - fatal("%s: login_getclass failed", __func__); - style = login_getcapstr(lc, "localcipher", NULL, NULL); - if (style == NULL) - style = xstrdup("blowfish,6"); - login_close(lc); - - if ((rounds_s = strchr(style, ',')) != NULL) - *rounds_s++ = '\0'; - rounds = strtonum(rounds_s, 1, 1<<31, NULL); - - if (strcmp(style, "md5") == 0) { - xasprintf(salt, "$1$%s$", makesalt(8, authctxt->user)); - *scheme = xstrdup("md5"); - } else if (strcmp(style, "old") == 0) { - *salt = xstrdup(makesalt(2, authctxt->user)); - *scheme = xstrdup("crypt"); - } else if (strcmp(style, "newsalt") == 0) { - rounds = MAX(rounds, 7250); - rounds = MIN(rounds, (1<<24) - 1); - xasprintf(salt, "_%c%c%c%c%s", - pw_encode64(rounds), pw_encode64(rounds >> 6), - pw_encode64(rounds >> 12), pw_encode64(rounds >> 18), - makesalt(4, authctxt->user)); - *scheme = xstrdup("crypt-extended"); - } else { - /* Default to blowfish */ - rounds = MAX(rounds, 3); - rounds = MIN(rounds, 31); - xasprintf(salt, "$2a$%02lld$%s", rounds, - makesalt(22, authctxt->user)); - *scheme = xstrdup("bcrypt"); - } - xfree(style); - debug3("%s: fake %s salt for user %s: %s", - __func__, *scheme, authctxt->user, *salt); -} - -/* - * Fetch password hashing scheme, password salt and derive shared secret - * for user. If user does not exist, a fake but stable and user-unique - * salt will be returned. - */ -void -auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s, - char **hash_scheme, char **salt) -{ - char *cp; - u_char *secret; - u_int secret_len, salt_len; - -#ifdef JPAKE_DEBUG - debug3("%s: valid %d pw %.5s...", __func__, - authctxt->valid, authctxt->pw->pw_passwd); -#endif - - *salt = NULL; - *hash_scheme = NULL; - if (authctxt->valid) { - if (strncmp(authctxt->pw->pw_passwd, "$2$", 3) == 0 && - strlen(authctxt->pw->pw_passwd) > 28) { - /* - * old-variant bcrypt: - * "$2$", 2 digit rounds, "$", 22 bytes salt - */ - salt_len = 3 + 2 + 1 + 22 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("bcrypt"); - } else if (strncmp(authctxt->pw->pw_passwd, "$2a$", 4) == 0 && - strlen(authctxt->pw->pw_passwd) > 29) { - /* - * current-variant bcrypt: - * "$2a$", 2 digit rounds, "$", 22 bytes salt - */ - salt_len = 4 + 2 + 1 + 22 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("bcrypt"); - } else if (strncmp(authctxt->pw->pw_passwd, "$1$", 3) == 0 && - strlen(authctxt->pw->pw_passwd) > 5) { - /* - * md5crypt: - * "$1$", salt until "$" - */ - cp = strchr(authctxt->pw->pw_passwd + 3, '$'); - if (cp != NULL) { - salt_len = (cp - authctxt->pw->pw_passwd) + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, - salt_len); - *hash_scheme = xstrdup("md5crypt"); - } - } else if (strncmp(authctxt->pw->pw_passwd, "_", 1) == 0 && - strlen(authctxt->pw->pw_passwd) > 9) { - /* - * BSDI extended crypt: - * "_", 4 digits count, 4 chars salt - */ - salt_len = 1 + 4 + 4 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("crypt-extended"); - } else if (strlen(authctxt->pw->pw_passwd) == 13 && - valid_crypt_salt(authctxt->pw->pw_passwd[0]) && - valid_crypt_salt(authctxt->pw->pw_passwd[1])) { - /* - * traditional crypt: - * 2 chars salt - */ - salt_len = 2 + 1; - *salt = xmalloc(salt_len); - strlcpy(*salt, authctxt->pw->pw_passwd, salt_len); - *hash_scheme = xstrdup("crypt"); - } - if (*salt == NULL) { - debug("%s: unrecognised crypt scheme for user %s", - __func__, authctxt->pw->pw_name); - } - } - if (*salt == NULL) - fake_salt_and_scheme(authctxt, salt, hash_scheme); - - if (hash_buffer(authctxt->pw->pw_passwd, - strlen(authctxt->pw->pw_passwd), EVP_sha256(), - &secret, &secret_len) != 0) - fatal("%s: hash_buffer", __func__); - if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL) - fatal("%s: BN_bin2bn (secret)", __func__); -#ifdef JPAKE_DEBUG - debug3("%s: salt = %s (len %u)", __func__, - *salt, (u_int)strlen(*salt)); - debug3("%s: scheme = %s", __func__, *hash_scheme); - JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); -#endif - bzero(secret, secret_len); - xfree(secret); -} - -/* - * Begin authentication attempt. - * Note, sets authctxt->postponed while in subprotocol - */ -static int -auth2_jpake_start(Authctxt *authctxt) -{ - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x3_proof, *x4_proof; - u_int x3_proof_len, x4_proof_len; - char *salt, *hash_scheme; - - debug("%s: start", __func__); - - PRIVSEP(jpake_step1(pctx->grp, - &pctx->server_id, &pctx->server_id_len, - &pctx->x3, &pctx->x4, &pctx->g_x3, &pctx->g_x4, - &x3_proof, &x3_proof_len, - &x4_proof, &x4_proof_len)); - - PRIVSEP(auth2_jpake_get_pwdata(authctxt, &pctx->s, - &hash_scheme, &salt)); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 1 sending in %s", __func__)); - - packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1); - packet_put_cstring(hash_scheme); - packet_put_cstring(salt); - packet_put_string(pctx->server_id, pctx->server_id_len); - packet_put_bignum2(pctx->g_x3); - packet_put_bignum2(pctx->g_x4); - packet_put_string(x3_proof, x3_proof_len); - packet_put_string(x4_proof, x4_proof_len); - packet_send(); - packet_write_wait(); - - bzero(hash_scheme, strlen(hash_scheme)); - bzero(salt, strlen(salt)); - xfree(hash_scheme); - xfree(salt); - bzero(x3_proof, x3_proof_len); - bzero(x4_proof, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - - /* Expect step 1 packet from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, - input_userauth_jpake_client_step1); - - authctxt->postponed = 1; - return 0; -} - -/* ARGSUSED */ -static void -input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x1_proof, *x2_proof, *x4_s_proof; - u_int x1_proof_len, x2_proof_len, x4_s_proof_len; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, NULL); - - /* Fetch step 1 values */ - if ((pctx->g_x1 = BN_new()) == NULL || - (pctx->g_x2 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - pctx->client_id = packet_get_string(&pctx->client_id_len); - packet_get_bignum2(pctx->g_x1); - packet_get_bignum2(pctx->g_x2); - x1_proof = packet_get_string(&x1_proof_len); - x2_proof = packet_get_string(&x2_proof_len); - packet_check_eom(); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 1 received in %s", __func__)); - - PRIVSEP(jpake_step2(pctx->grp, pctx->s, pctx->g_x3, - pctx->g_x1, pctx->g_x2, pctx->x4, - pctx->client_id, pctx->client_id_len, - pctx->server_id, pctx->server_id_len, - x1_proof, x1_proof_len, - x2_proof, x2_proof_len, - &pctx->b, - &x4_s_proof, &x4_s_proof_len)); - - bzero(x1_proof, x1_proof_len); - bzero(x2_proof, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); - - /* Send values for step 2 */ - packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2); - packet_put_bignum2(pctx->b); - packet_put_string(x4_s_proof, x4_s_proof_len); - packet_send(); - packet_write_wait(); - - bzero(x4_s_proof, x4_s_proof_len); - xfree(x4_s_proof); - - /* Expect step 2 packet from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, - input_userauth_jpake_client_step2); -} - -/* ARGSUSED */ -static void -input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - u_char *x2_s_proof; - u_int x2_s_proof_len; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, NULL); - - if ((pctx->a = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* Fetch step 2 values */ - packet_get_bignum2(pctx->a); - x2_s_proof = packet_get_string(&x2_s_proof_len); - packet_check_eom(); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "step 2 received in %s", __func__)); - - /* Derive shared key and calculate confirmation hash */ - PRIVSEP(jpake_key_confirm(pctx->grp, pctx->s, pctx->a, - pctx->x4, pctx->g_x3, pctx->g_x4, pctx->g_x1, pctx->g_x2, - pctx->server_id, pctx->server_id_len, - pctx->client_id, pctx->client_id_len, - session_id2, session_id2_len, - x2_s_proof, x2_s_proof_len, - &pctx->k, - &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); - - bzero(x2_s_proof, x2_s_proof_len); - xfree(x2_s_proof); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); - - /* Send key confirmation proof */ - packet_start(SSH2_MSG_USERAUTH_JPAKE_SERVER_CONFIRM); - packet_put_string(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - packet_send(); - packet_write_wait(); - - /* Expect confirmation from peer */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, - input_userauth_jpake_client_confirm); -} - -/* ARGSUSED */ -static void -input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt) -{ - Authctxt *authctxt = ctxt; - struct jpake_ctx *pctx = authctxt->jpake_ctx; - int authenticated = 0; - - /* Disable this message */ - dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_CONFIRM, NULL); - - pctx->h_k_cid_sessid = packet_get_string(&pctx->h_k_cid_sessid_len); - packet_check_eom(); - - if (!use_privsep) - JPAKE_DEBUG_CTX((pctx, "confirm received in %s", __func__)); - - /* Verify expected confirmation hash */ - if (PRIVSEP(jpake_check_confirm(pctx->k, - pctx->client_id, pctx->client_id_len, - session_id2, session_id2_len, - pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len)) == 1) - authenticated = authctxt->valid ? 1 : 0; - else - debug("%s: confirmation mismatch", __func__); - - /* done */ - authctxt->postponed = 0; - jpake_free(authctxt->jpake_ctx); - authctxt->jpake_ctx = NULL; - userauth_finish(authctxt, authenticated, method_jpake.name); -} - -#endif /* JPAKE */ - diff --git a/auth2-none.c b/auth2-none.c index 36b7679..e71e221 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -25,15 +25,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include #include diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 9ab001c..9e7a144 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.55 2016/01/27 00:53:12 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,15 +25,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include #include @@ -93,22 +84,22 @@ extern u_int session_id2_len; static int userauth_pubkey(Authctxt *authctxt) -{ +{ Buffer b; Key *key = NULL; - char *pkalg, *userstyle; + char *pkalg, *userstyle, *fp = NULL; u_char *pkblob, *sig; u_int alen, blen, slen; int have_sig, pktype; int authenticated = 0; if (!authctxt->valid) { - debug2("userauth_pubkey: disabled because of invalid user"); + debug2("%s: disabled because of invalid user", __func__); return 0; } have_sig = packet_get_char(); if (datafellows & SSH_BUG_PKAUTH) { - debug2("userauth_pubkey: SSH_BUG_PKAUTH"); + debug2("%s: SSH_BUG_PKAUTH", __func__); /* no explicit pkalg given */ pkblob = packet_get_string(&blen); buffer_init(&b); @@ -123,18 +114,18 @@ userauth_pubkey(Authctxt *authctxt) pktype = key_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { /* this is perfectly legal */ - logit("userauth_pubkey: unsupported public key algorithm: %s", - pkalg); + logit("%s: unsupported public key algorithm: %s", + __func__, pkalg); goto done; } key = key_from_blob(pkblob, blen); if (key == NULL) { - error("userauth_pubkey: cannot decode key: %s", pkalg); + error("%s: cannot decode key: %s", __func__, pkalg); goto done; } if (key->type != pktype) { - error("userauth_pubkey: type mismatch for decoded key " - "(received %d, expected %d)", key->type, pktype); + error("%s: type mismatch for decoded key " + "(received %d, expected %d)", __func__, key->type, pktype); goto done; } if (key_type_plain(key->type) == KEY_RSA && @@ -143,6 +134,7 @@ userauth_pubkey(Authctxt *authctxt) "signature scheme"); goto done; } + fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); if (auth2_userkey_already_used(authctxt, key)) { logit("refusing previously-used %s key", key_type(key)); goto done; @@ -155,6 +147,8 @@ userauth_pubkey(Authctxt *authctxt) } if (have_sig) { + debug3("%s: have signature for %s %s", + __func__, sshkey_type(key), fp); sig = packet_get_string(&slen); packet_check_eom(); buffer_init(&b); @@ -216,6 +210,7 @@ userauth_pubkey(Authctxt *authctxt) break; } + debug3("auth agent authenticated %s", authctxt->pw->pw_name); break; } @@ -247,7 +242,8 @@ userauth_pubkey(Authctxt *authctxt) #endif /* else #ifdef WIN32_FIXME. */ } else { - debug("test whether pkalg/pkblob are acceptable"); + debug("%s: test whether pkalg/pkblob are acceptable for %s %s", + __func__, sshkey_type(key), fp); packet_check_eom(); /* XXX fake reply and always send PK_OK ? */ @@ -277,11 +273,12 @@ userauth_pubkey(Authctxt *authctxt) if (authenticated != 1) auth_clear_options(); done: - debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); + debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg); if (key != NULL) key_free(key); free(pkalg); free(pkblob); + free(fp); return authenticated; } @@ -796,7 +793,6 @@ match_principals_command(struct passwd *user_pw, struct sshkey_cert *cert) * Checks whether key is allowed in authorized_keys-format file, * returns 1 if the key is allowed or 0 otherwise. */ - static int check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) { @@ -880,8 +876,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) free(fp); continue; } - verbose("Accepted certificate ID \"%s\" " + verbose("Accepted certificate ID \"%s\" (serial %llu) " "signed by %s CA %s via %s", key->cert->key_id, + (unsigned long long)key->cert->serial, key_type(found), fp, file); free(fp); found_key = 1; @@ -959,8 +956,10 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) if (auth_cert_options(key, pw) != 0) goto out; - verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", - key->cert->key_id, key_type(key->cert->signature_key), ca_fp, + verbose("Accepted certificate ID \"%s\" (serial %llu) signed by " + "%s CA %s via %s", key->cert->key_id, + (unsigned long long)key->cert->serial, + key_type(key->cert->signature_key), ca_fp, options.trusted_user_ca_keys); ret = 1; diff --git a/auth2.c b/auth2.c index aa08084..9108b86 100644 --- a/auth2.c +++ b/auth2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.135 2015/01/19 20:07:45 markus Exp $ */ +/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,15 +25,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include #include @@ -433,8 +424,8 @@ authmethods_get(Authctxt *authctxt) buffer_append(&b, authmethods[i]->name, strlen(authmethods[i]->name)); } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); + if ((list = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); return list; } diff --git a/authfd.c b/authfd.c index 786b073..1f79cf0 100644 --- a/authfd.c +++ b/authfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.98 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: authfd.c,v 1.100 2015/12/04 16:41:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -161,7 +161,11 @@ ssh_get_authentication_socket(int *fdp) } /* Communicate with agent: send request and read reply */ +#ifdef WINDOWS int +#else +static int +#endif ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply) { int r; @@ -466,11 +470,24 @@ ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, } #endif +/* encode signature algoritm in flag bits, so we can keep the msg format */ +static u_int +agent_encode_alg(struct sshkey *key, const char *alg) +{ + if (alg != NULL && key->type == KEY_RSA) { + if (strcmp(alg, "rsa-sha2-256") == 0) + return SSH_AGENT_RSA_SHA2_256; + else if (strcmp(alg, "rsa-sha2-512") == 0) + return SSH_AGENT_RSA_SHA2_512; + } + return 0; +} + /* ask agent to sign data, returns err.h code on error, 0 on success */ int ssh_agent_sign(int sock, struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, const char *alg, u_int compat) { struct sshbuf *msg; u_char *blob = NULL, type; @@ -489,12 +506,13 @@ ssh_agent_sign(int sock, struct sshkey *key, return SSH_ERR_ALLOC_FAIL; if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) goto out; + flags |= agent_encode_alg(key, alg); if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 || (r = sshbuf_put_string(msg, blob, blen)) != 0 || (r = sshbuf_put_string(msg, data, datalen)) != 0 || (r = sshbuf_put_u32(msg, flags)) != 0) goto out; - if ((r = ssh_request_reply(sock, msg, msg) != 0)) + if ((r = ssh_request_reply(sock, msg, msg)) != 0) goto out; if ((r = sshbuf_get_u8(msg, &type)) != 0) goto out; diff --git a/authfd.h b/authfd.h index bea20c2..4b417e3 100644 --- a/authfd.h +++ b/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.38 2015/01/14 20:05:27 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.39 2015/12/04 16:41:28 markus Exp $ */ /* * Author: Tatu Ylonen @@ -41,7 +41,7 @@ int ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, u_char session_id[16], u_char response[16]); int ssh_agent_sign(int sock, struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); + const u_char *data, size_t datalen, const char *alg, u_int compat); /* Messages for the authentication agent connection. */ #define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 @@ -86,5 +86,7 @@ int ssh_agent_sign(int sock, struct sshkey *key, #define SSH_COM_AGENT2_FAILURE 102 #define SSH_AGENT_OLD_SIGNATURE 0x01 +#define SSH_AGENT_RSA_SHA2_256 0x02 +#define SSH_AGENT_RSA_SHA2_512 0x04 #endif /* AUTHFD_H */ diff --git a/authfile.c b/authfile.c index 6955ae0..3ce3723 100644 --- a/authfile.c +++ b/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.116 2015/07/09 09:49:46 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.121 2016/04/09 12:39:30 djm Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -149,7 +149,8 @@ sshkey_load_public_rsa1(int fd, struct sshkey **keyp, char **commentp) struct sshbuf *b = NULL; int r; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if (commentp != NULL) *commentp = NULL; @@ -205,12 +206,12 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase, { int fd, r; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if (commentp != NULL) *commentp = NULL; if ((fd = open(filename, O_RDONLY)) < 0) { - if (perm_ok != NULL) *perm_ok = 0; return SSH_ERR_SYSTEM_ERROR; @@ -237,6 +238,8 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, struct sshbuf *buffer = NULL; int r; + if (keyp != NULL) + *keyp = NULL; if ((buffer = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; @@ -249,8 +252,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, /* success */ r = 0; out: - if (buffer != NULL) - sshbuf_free(buffer); + sshbuf_free(buffer); return r; } @@ -262,7 +264,8 @@ sshkey_load_private(const char *filename, const char *passphrase, struct sshbuf *buffer = NULL; int r, fd; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if (commentp != NULL) *commentp = NULL; @@ -278,14 +281,13 @@ sshkey_load_private(const char *filename, const char *passphrase, goto out; } if ((r = sshkey_load_file(fd, buffer)) != 0 || - (r = sshkey_parse_private_fileblob(buffer, passphrase, filename, - keyp, commentp)) != 0) + (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, + commentp)) != 0) goto out; r = 0; out: close(fd); - if (buffer != NULL) - sshbuf_free(buffer); + sshbuf_free(buffer); return r; } @@ -416,7 +418,8 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp) char *file = NULL; int r = SSH_ERR_INTERNAL_ERROR; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if (asprintf(&file, "%s-cert.pub", filename) == -1) return SSH_ERR_ALLOC_FAIL; @@ -426,16 +429,15 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp) } if ((r = sshkey_try_load_public(pub, file, NULL)) != 0) goto out; - - *keyp = pub; - pub = NULL; + /* success */ + if (keyp != NULL) { + *keyp = pub; + pub = NULL; + } r = 0; - out: - if (file != NULL) - free(file); - if (pub != NULL) - sshkey_free(pub); + free(file); + sshkey_free(pub); return r; } @@ -447,7 +449,8 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, struct sshkey *key = NULL, *cert = NULL; int r; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; switch (type) { #ifdef WITH_OPENSSL @@ -477,13 +480,13 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, (r = sshkey_cert_copy(cert, key)) != 0) goto out; r = 0; - *keyp = key; - key = NULL; + if (keyp != NULL) { + *keyp = key; + key = NULL; + } out: - if (key != NULL) - sshkey_free(key); - if (cert != NULL) - sshkey_free(cert); + sshkey_free(key); + sshkey_free(cert); return r; } @@ -544,8 +547,7 @@ sshkey_in_file(struct sshkey *key, const char *filename, int strict_type, } r = SSH_ERR_KEY_NOT_FOUND; out: - if (pub != NULL) - sshkey_free(pub); + sshkey_free(pub); fclose(f); return r; } diff --git a/bitmap.c b/bitmap.c index 19cd2e8..f950322 100644 --- a/bitmap.c +++ b/bitmap.c @@ -53,7 +53,7 @@ void bitmap_free(struct bitmap *b) { if (b != NULL && b->d != NULL) { - memset(b->d, 0, b->len); + explicit_bzero(b->d, b->len); free(b->d); } free(b); diff --git a/bufaux.c b/bufaux.c index b0bf352..3976896 100644 --- a/bufaux.c +++ b/bufaux.c @@ -257,4 +257,3 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l) fatal("%s: %s", __func__, ssh_err(ret)); } - diff --git a/build.sh b/build.sh deleted file mode 100644 index c73627f..0000000 --- a/build.sh +++ /dev/null @@ -1,9 +0,0 @@ -autoreconf -./configure --build=i686-pc-mingw32 --host=i686-pc-mingw32 --with-ssl-dir=../openssl-1.0.1e --with-kerberos5 --with-zlib=../zlib-1.2.8 -cat config.h.tail >> config.h - -make ssh.exe -make sshd.exe -make sftp.exe -make sftp-server.exe -make ssh-agent.exe \ No newline at end of file diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 4de9d42..4b842b3 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in @@ -337,17 +337,17 @@ then else if [ "\${USE_SYM_LINKS}" = yes ] then - [ "$RCS_D" = yes ] && \ + [ "$RCS_D" = yes ] && \\ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - [ "$RC1_D" = no ] || \ + [ "$RC1_D" = no ] || \\ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s else - [ "$RCS_D" = yes ] && \ + [ "$RCS_D" = yes ] && \\ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - [ "$RC1_D" = no ] || \ + [ "$RC1_D" = no ] || \\ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l fi @@ -538,10 +538,10 @@ then PRE_INS_STOP=no POST_INS_START=no # determine if should restart the daemon -if [ -s ${piddir}/sshd.pid ] && \ +if [ -s ${piddir}/sshd.pid ] && \\ /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 then - ans=\`ckyorn -d n \ + ans=\`ckyorn -d n \\ -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? case \$ans in [y,Y]*) PRE_INS_STOP=yes @@ -552,7 +552,7 @@ then else # determine if we should start sshd - ans=\`ckyorn -d n \ + ans=\`ckyorn -d n \\ -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? case \$ans in [y,Y]*) POST_INS_START=yes ;; @@ -573,7 +573,7 @@ USE_SYM_LINKS=no PRE_INS_STOP=no POST_INS_START=no # Use symbolic links? -ans=\`ckyorn -d n \ +ans=\`ckyorn -d n \\ -p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? case \$ans in [y,Y]*) USE_SYM_LINKS=yes ;; @@ -582,7 +582,7 @@ esac # determine if should restart the daemon if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] then - ans=\`ckyorn -d n \ + ans=\`ckyorn -d n \\ -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? case \$ans in [y,Y]*) PRE_INS_STOP=yes @@ -593,7 +593,7 @@ then else # determine if we should start sshd - ans=\`ckyorn -d n \ + ans=\`ckyorn -d n \\ -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? case \$ans in [y,Y]*) POST_INS_START=yes ;; diff --git a/canohost.c b/canohost.c index 223964e..f71a085 100644 --- a/canohost.c +++ b/canohost.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.72 2015/03/01 15:44:40 millert Exp $ */ +/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,147 +35,6 @@ #include "canohost.h" #include "misc.h" -static void check_ip_options(int, char *); -static char *canonical_host_ip = NULL; -static int cached_port = -1; - -/* - * Return the canonical name of the host at the other end of the socket. The - * caller should free the returned string. - */ - -static char * -get_remote_hostname(int sock, int use_dns) -{ - struct sockaddr_storage from; - socklen_t fromlen; - struct addrinfo hints, *ai, *aitop; - char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; - - /* Get IP address of client. */ - fromlen = sizeof(from); - memset(&from, 0, sizeof(from)); - if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { - debug("getpeername failed: %.100s", strerror(errno)); - cleanup_exit(255); - } - - if (from.ss_family == AF_INET) - check_ip_options(sock, ntop); - - ipv64_normalise_mapped(&from, &fromlen); - - if (from.ss_family == AF_INET6) - fromlen = sizeof(struct sockaddr_in6); - - if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) - fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); - - if (!use_dns) - return xstrdup(ntop); - - debug3("Trying to reverse map address %.100s.", ntop); - /* Map the IP address to a host name. */ - if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), - NULL, 0, NI_NAMEREQD) != 0) { - /* Host name not found. Use ip address. */ - return xstrdup(ntop); - } - - /* - * if reverse lookup result looks like a numeric hostname, - * someone is trying to trick us by PTR record like following: - * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 - */ - memset(&hints, 0, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(name, NULL, &hints, &ai) == 0) { - logit("Nasty PTR record \"%s\" is set up for %s, ignoring", - name, ntop); - freeaddrinfo(ai); - return xstrdup(ntop); - } - - /* Names are stores in lowercase. */ - lowercase(name); - - /* - * Map it back to an IP address and check that the given - * address actually is an address of this host. This is - * necessary because anyone with access to a name server can - * define arbitrary names for an IP address. Mapping from - * name to IP address can be trusted better (but can still be - * fooled if the intruder has access to the name server of - * the domain). - */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = from.ss_family; - hints.ai_socktype = SOCK_STREAM; - if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { - logit("reverse mapping checking getaddrinfo for %.700s " - "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop); - return xstrdup(ntop); - } - /* Look for the address from the list of addresses. */ - for (ai = aitop; ai; ai = ai->ai_next) { - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, - sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && - (strcmp(ntop, ntop2) == 0)) - break; - } - freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ - if (!ai) { - /* Address not found for the host name. */ - logit("Address %.100s maps to %.600s, but this does not " - "map back to the address - POSSIBLE BREAK-IN ATTEMPT!", - ntop, name); - return xstrdup(ntop); - } - return xstrdup(name); -} - -/* - * If IP options are supported, make sure there are none (log and - * disconnect them if any are found). Basically we are worried about - * source routing; it can be used to pretend you are somebody - * (ip-address) you are not. That itself may be "almost acceptable" - * under certain circumstances, but rhosts autentication is useless - * if source routing is accepted. Notice also that if we just dropped - * source routing here, the other side could use IP spoofing to do - * rest of the interaction and could still bypass security. So we - * exit here if we detect any IP options. - */ -/* IPv4 only */ -static void -check_ip_options(int sock, char *ipaddr) -{ -#ifdef IP_OPTIONS - u_char options[200]; - char text[sizeof(options) * 3 + 1]; - socklen_t option_size, i; - int ipproto; - struct protoent *ip; - - if ((ip = getprotobyname("ip")) != NULL) - ipproto = ip->p_proto; - else - ipproto = IPPROTO_IP; - option_size = sizeof(options); - if (getsockopt(sock, ipproto, IP_OPTIONS, options, - &option_size) >= 0 && option_size != 0) { - text[0] = '\0'; - for (i = 0; i < option_size; i++) - snprintf(text + i*3, sizeof(text) - i*3, - " %2.2x", options[i]); - fatal("Connection from %.100s with IP options:%.800s", - ipaddr, text); - } -#endif /* IP_OPTIONS */ -} - void ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { @@ -201,38 +60,6 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) a4->sin_port = port; } -/* - * Return the canonical name of the host in the other side of the current - * connection. The host name is cached, so it is efficient to call this - * several times. - */ - -const char * -get_canonical_hostname(int use_dns) -{ - char *host; - static char *canonical_host_name = NULL; - static char *remote_ip = NULL; - - /* Check if we have previously retrieved name with same option. */ - if (use_dns && canonical_host_name != NULL) - return canonical_host_name; - if (!use_dns && remote_ip != NULL) - return remote_ip; - - /* Get the real hostname if socket; otherwise return UNKNOWN. */ - if (packet_connection_is_on_socket()) - host = get_remote_hostname(packet_get_connection_in(), use_dns); - else - host = "UNKNOWN"; - - if (use_dns) - canonical_host_name = host; - else - remote_ip = host; - return host; -} - /* * Returns the local/remote IP-address/hostname of socket as a string. * The returned string must be freed. @@ -250,12 +77,10 @@ get_socket_address(int sock, int remote, int flags) memset(&addr, 0, sizeof(addr)); if (remote) { - if (getpeername(sock, (struct sockaddr *)&addr, &addrlen) - < 0) + if (getpeername(sock, (struct sockaddr *)&addr, &addrlen) != 0) return NULL; } else { - if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) - < 0) + if (getsockname(sock, (struct sockaddr *)&addr, &addrlen) != 0) return NULL; } @@ -271,7 +96,7 @@ get_socket_address(int sock, int remote, int flags) /* Get the address in ascii. */ if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), NULL, 0, flags)) != 0) { - error("get_socket_address: getnameinfo %d failed: %s", + error("%s: getnameinfo %d failed: %s", __func__, flags, ssh_gai_strerror(r)); return NULL; } @@ -316,7 +141,8 @@ get_local_name(int fd) /* Handle the case where we were passed a pipe */ if (gethostname(myname, sizeof(myname)) == -1) { - verbose("get_local_name: gethostname: %s", strerror(errno)); + verbose("%s: gethostname: %s", __func__, strerror(errno)); + host = xstrdup("UNKNOWN"); } else { host = xstrdup(myname); } @@ -324,51 +150,9 @@ get_local_name(int fd) return host; } -void -clear_cached_addr(void) -{ - free(canonical_host_ip); - canonical_host_ip = NULL; - cached_port = -1; -} - -/* - * Returns the IP-address of the remote host as a string. The returned - * string must not be freed. - */ - -const char * -get_remote_ipaddr(void) -{ - /* Check whether we have cached the ipaddr. */ - if (canonical_host_ip == NULL) { - if (packet_connection_is_on_socket()) { - canonical_host_ip = - get_peer_ipaddr(packet_get_connection_in()); - if (canonical_host_ip == NULL) - cleanup_exit(255); - } else { - /* If not on socket, return UNKNOWN. */ - canonical_host_ip = xstrdup("UNKNOWN"); - } - } - return canonical_host_ip; -} - -const char * -get_remote_name_or_ip(u_int utmp_len, int use_dns) -{ - static const char *remote = ""; - if (utmp_len > 0) - remote = get_canonical_hostname(use_dns); - if (utmp_len == 0 || strlen(remote) > utmp_len) - remote = get_remote_ipaddr(); - return remote; -} - /* Returns the local/remote port for the socket. */ -int +static int get_sock_port(int sock, int local) { struct sockaddr_storage from; @@ -402,27 +186,11 @@ get_sock_port(int sock, int local) /* Return port number. */ if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0, strport, sizeof(strport), NI_NUMERICSERV)) != 0) - fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed: %s", + fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__, ssh_gai_strerror(r)); return atoi(strport); } -/* Returns remote/local port number for the current connection. */ - -static int -get_port(int local) -{ - /* - * If the connection is not a socket, return 65535. This is - * intentionally chosen to be an unprivileged port number. - */ - if (!packet_connection_is_on_socket()) - return 65535; - - /* Get socket and return the port number. */ - return get_sock_port(packet_get_connection_in(), local); -} - int get_peer_port(int sock) { @@ -430,17 +198,7 @@ get_peer_port(int sock) } int -get_remote_port(void) +get_local_port(int sock) { - /* Cache to avoid getpeername() on a dead connection */ - if (cached_port == -1) - cached_port = get_port(0); - - return cached_port; -} - -int -get_local_port(void) -{ - return get_port(1); + return get_sock_port(sock, 1); } diff --git a/canohost.h b/canohost.h index 4c8636f..26d6285 100644 --- a/canohost.h +++ b/canohost.h @@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.h,v 1.11 2009/05/27 06:31:25 andreas Exp $ */ +/* $OpenBSD: canohost.h,v 1.12 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen @@ -12,18 +12,15 @@ * called by a name other than "ssh" or "Secure Shell". */ -const char *get_canonical_hostname(int); -const char *get_remote_ipaddr(void); -const char *get_remote_name_or_ip(u_int, int); +#ifndef _CANOHOST_H +#define _CANOHOST_H char *get_peer_ipaddr(int); int get_peer_port(int); char *get_local_ipaddr(int); char *get_local_name(int); +int get_local_port(int); -int get_remote_port(void); -int get_local_port(void); -int get_sock_port(int, int); -void clear_cached_addr(void); +#endif /* _CANOHOST_H */ void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/channels.c b/channels.c index e0bfb2b..93a151b 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.347 2015/07/01 02:26:31 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.351 2016/07/19 11:38:53 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -41,7 +41,6 @@ #include "includes.h" - #include #include /* MIN MAX */ #include @@ -84,7 +83,6 @@ #include "authfd.h" #include "pathnames.h" - /* -- channel core */ /* @@ -140,6 +138,9 @@ static int num_adm_permitted_opens = 0; /* special-case port number meaning allow any port */ #define FWD_PERMIT_ANY_PORT 0 +/* special-case wildcard meaning allow any host */ +#define FWD_PERMIT_ANY_HOST "*" + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -664,7 +665,7 @@ channel_open_message(void) case SSH_CHANNEL_INPUT_DRAINING: case SSH_CHANNEL_OUTPUT_DRAINING: snprintf(buf, sizeof buf, - " #%d %.300s (t%d r%d i%d/%d o%d/%d fd %d/%d cc %d)\r\n", + " #%d %.300s (t%d r%d i%u/%d o%u/%d fd %d/%d cc %d)\r\n", c->self, c->remote_name, c->type, c->remote_id, c->istate, buffer_len(&c->input), @@ -1371,9 +1372,8 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) errno = oerrno; } if (newsock < 0) { - if (errno != EINTR && errno != EWOULDBLOCK - && errno != ECONNABORTED - ) + if (errno != EINTR && errno != EWOULDBLOCK && + errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) c->notbefore = monotime() + 1; @@ -1419,7 +1419,7 @@ port_open_helper(Channel *c, char *rtype) { char buf[1024]; char *local_ipaddr = get_local_ipaddr(c->sock); - int local_port = c->sock == -1 ? 65536 : get_sock_port(c->sock, 1); + int local_port = c->sock == -1 ? 65536 : get_local_port(c->sock); char *remote_ipaddr = get_peer_ipaddr(c->sock); int remote_port = get_peer_port(c->sock); @@ -1540,9 +1540,8 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { - if (errno != EINTR && errno != EWOULDBLOCK - && errno != ECONNABORTED - ) + if (errno != EINTR && errno != EWOULDBLOCK && + errno != ECONNABORTED) error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) c->notbefore = monotime() + 1; @@ -1723,8 +1722,8 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) /* Send buffered output data to the socket. */ if (c->wfd != -1 && - FD_ISSET(c->wfd, writeset) && - buffer_len(&c->output) > 0) { + FD_ISSET(c->wfd, writeset) && + buffer_len(&c->output) > 0) { olen = buffer_len(&c->output); if (c->output_filter != NULL) { if ((buf = c->output_filter(c, &data, &dlen)) == NULL) { @@ -1908,13 +1907,13 @@ read_mux(Channel *c, u_int need) if (buffer_len(&c->input) < need) { rlen = need - buffer_len(&c->input); len = read(c->rfd, buf, MIN(rlen, CHAN_RBUF)); + if (len < 0 && (errno == EINTR || errno == EAGAIN)) + return buffer_len(&c->input); if (len <= 0) { - if (errno != EINTR && errno != EAGAIN) { - debug2("channel %d: ctl read<=0 rfd %d len %d", - c->self, c->rfd, len); - chan_read_failed(c); - return 0; - } + debug2("channel %d: ctl read<=0 rfd %d len %d", + c->self, c->rfd, len); + chan_read_failed(c); + return 0; } else buffer_append(&c->input, buf, len); } @@ -2212,10 +2211,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, u_int n, sz, nfdset; n = MAX(*maxfdp, channel_max_fd); - /* - * Winsock can't support this sort of fdset reallocation - */ - + nfdset = howmany(n+1, NFDBITS); /* Explicitly test here, because xrealloc isn't always called */ if (nfdset && SIZE_MAX / nfdset < sizeof(fd_mask)) @@ -2228,9 +2224,7 @@ channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, *writesetp = xreallocarray(*writesetp, nfdset, sizeof(fd_mask)); *nallocp = sz; } - *maxfdp = n; - memset(*readsetp, 0, sz); memset(*writesetp, 0, sz); @@ -2376,6 +2370,7 @@ channel_output_poll(void) } } + /* -- protocol input */ /* ARGSUSED */ @@ -2431,12 +2426,10 @@ channel_input_data(int type, u_int32_t seq, void *ctxt) } c->local_window -= win_len; } - if (c->datagram) buffer_put_string(&c->output, data, data_len); - else { + else buffer_append(&c->output, data, data_len); - } packet_check_eom(); return 0; } @@ -2449,10 +2442,6 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) char *data; u_int data_len, tcode; Channel *c; -#ifdef WIN32_FIXME - char *respbuf = NULL; - size_t resplen = 0; -#endif /* Get the channel number and verify it. */ id = packet_get_int(); @@ -2488,20 +2477,7 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) } debug2("channel %d: rcvd ext data %d", c->self, data_len); c->local_window -= data_len; - #ifndef WIN32_FIXME//N buffer_append(&c->extended, data, data_len); - #else - if (c->client_tty) { - if (telProcessNetwork(data, data_len, &respbuf, &resplen) > 0) // run it by ANSI engine if it is the ssh client - buffer_append(&c->extended, data, data_len); - - if (respbuf != NULL) { - sshbuf_put(&c->input, respbuf, resplen); - } - } - else - buffer_append(&c->extended, data, data_len); - #endif free(data); return 0; } @@ -2971,7 +2947,7 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, if (type == SSH_CHANNEL_RPORT_LISTENER && fwd->listen_port == 0 && allocated_listen_port != NULL && *allocated_listen_port == 0) { - *allocated_listen_port = get_sock_port(sock, 1); + *allocated_listen_port = get_local_port(sock); debug("Allocated listen port %d", *allocated_listen_port); } @@ -3334,7 +3310,8 @@ open_match(ForwardPermission *allowed_open, const char *requestedhost, if (allowed_open->port_to_connect != FWD_PERMIT_ANY_PORT && allowed_open->port_to_connect != requestedport) return 0; - if (strcmp(allowed_open->host_to_connect, requestedhost) != 0) + if (strcmp(allowed_open->host_to_connect, FWD_PERMIT_ANY_HOST) != 0 && + strcmp(allowed_open->host_to_connect, requestedhost) != 0) return 0; return 1; } @@ -3899,7 +3876,6 @@ channel_connect_to_path(const char *path, char *ctype, char *rname) void channel_send_window_changes(void) { - u_int i; struct winsize ws; @@ -3908,20 +3884,11 @@ channel_send_window_changes(void) channels[i]->type != SSH_CHANNEL_OPEN) continue; #ifndef WIN32_FIXME - if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) - continue -#else - { - CONSOLE_SCREEN_BUFFER_INFO c_info; - /* TODO - Fix this for multiple channels*/ - if (!GetConsoleScreenBufferInfo(GetStdHandle(STD_OUTPUT_HANDLE), &c_info)) - continue; - ws.ws_col = c_info.dwSize.X; - ws.ws_row = c_info.dwSize.Y; - ws.ws_xpixel = 640; - ws.ws_ypixel = 480; - } + /* TODO - Fix this for multiple channels*/ #endif + if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) + continue; + channel_request_start(i, "window-change", 0); packet_put_int((u_int)ws.ws_col); packet_put_int((u_int)ws.ws_row); @@ -3931,7 +3898,6 @@ channel_send_window_changes(void) } } - /* -- X11 forwarding */ /* diff --git a/channels.h b/channels.h index 07c6a21..9d76c9d 100644 --- a/channels.h +++ b/channels.h @@ -228,7 +228,6 @@ void channel_cancel_cleanup(int); int channel_close_fd(int *); void channel_send_window_changes(void); - /* protocol handler */ int channel_input_close(int, u_int32_t, void *); diff --git a/cipher-acss.c b/cipher-acss.c deleted file mode 100644 index e755f92..0000000 --- a/cipher-acss.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (c) 2004 The OpenBSD project - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include - -#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) - -#include "acss.h" -#include "openbsd-compat/openssl-compat.h" - -#define data(ctx) ((EVP_ACSS_KEY *)(ctx)->cipher_data) - -typedef struct { - ACSS_KEY ks; -} EVP_ACSS_KEY; - -#define EVP_CTRL_SET_ACSS_MODE 0xff06 -#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07 - -static int -acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA); - return 1; -} - -static int -acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, - LIBCRYPTO_EVP_INL_TYPE inl) -{ - acss(&data(ctx)->ks,inl,in,out); - return 1; -} - -static int -acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - switch(type) { - case EVP_CTRL_SET_ACSS_MODE: - data(ctx)->ks.mode = arg; - return 1; - case EVP_CTRL_SET_ACSS_SUBKEY: - acss_setsubkey(&data(ctx)->ks,(unsigned char *)ptr); - return 1; - default: - return -1; - } -} - -const EVP_CIPHER * -evp_acss(void) -{ - static EVP_CIPHER acss_cipher; - - memset(&acss_cipher, 0, sizeof(EVP_CIPHER)); - - acss_cipher.nid = NID_undef; - acss_cipher.block_size = 1; - acss_cipher.key_len = 5; - acss_cipher.init = acss_init_key; - acss_cipher.do_cipher = acss_ciph; - acss_cipher.ctx_size = sizeof(EVP_ACSS_KEY); - acss_cipher.ctrl = acss_ctrl; - - return (&acss_cipher); -} -#endif - diff --git a/cipher-bf1.c b/cipher-bf1.c index ee72ac0..7d51f51 100644 --- a/cipher-bf1.c +++ b/cipher-bf1.c @@ -20,7 +20,7 @@ #include "includes.h" -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) #include @@ -100,4 +100,4 @@ evp_ssh1_bf(void) ssh1_bf.key_len = 32; return (&ssh1_bf); } -#endif /* WITH_OPENSSL */ +#endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ diff --git a/cipher.c b/cipher.c index 09a0580..031bda9 100644 --- a/cipher.c +++ b/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.100 2015/01/14 10:29:45 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.101 2015/12/10 17:08:40 mmcc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - + #include "includes.h" #include @@ -43,7 +43,6 @@ #include #include - #include "cipher.h" #include "misc.h" #include "sshbuf.h" @@ -52,12 +51,6 @@ #include "openbsd-compat/openssl-compat.h" - - -#ifdef USE_MSCNG -#undef WITH_OPENSSL -#endif - #ifdef WITH_SSH1 extern const EVP_CIPHER *evp_ssh1_bf(void); extern const EVP_CIPHER *evp_ssh1_3des(void); @@ -88,18 +81,26 @@ static const struct sshcipher ciphers[] = { #ifdef WITH_SSH1 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, +# ifndef OPENSSL_NO_BF { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, +# endif /* OPENSSL_NO_BF */ #endif /* WITH_SSH1 */ #ifdef WITH_OPENSSL { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, +# ifndef OPENSSL_NO_BF { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, +# endif /* OPENSSL_NO_BF */ +# ifndef OPENSSL_NO_CAST { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, +# endif /* OPENSSL_NO_CAST */ +# ifndef OPENSSL_NO_RC4 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, +# endif /* OPENSSL_NO_RC4 */ { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, @@ -115,19 +116,9 @@ static const struct sshcipher ciphers[] = { SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, # endif /* OPENSSL_HAVE_EVPGCM */ #else /* WITH_OPENSSL */ - -#ifdef USE_MSCNG - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CTR, NULL }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CTR, NULL }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CTR, NULL }, - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CBC, NULL }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CBC, NULL }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, _CNG_CIPHER_AES | _CNG_MODE_CBC, NULL }, -#else { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, -#endif { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, #endif /* WITH_OPENSSL */ { "chacha20-poly1305@openssh.com", @@ -310,8 +301,6 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, int do_encrypt) { - - #ifdef WITH_OPENSSL int ret = SSH_ERR_INTERNAL_ERROR; const EVP_CIPHER *type; @@ -335,25 +324,11 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, return chachapoly_init(&cc->cp_ctx, key, keylen); } #ifndef WITH_OPENSSL - -#ifdef USE_MSCNG - - /* cng shares cipher flag with NONE. Make sure the NONE cipher isn't requested */ - if ((cc->cipher->flags & CFLAG_NONE) == 0) - { - - if (cng_cipher_init(&cc->cng_ctx,key,keylen,iv, ivlen,cc->cipher->flags)) - return SSH_ERR_LIBCRYPTO_ERROR; - - return 0; - } -#else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); aesctr_ivsetup(&cc->ac_ctx, iv); return 0; } -#endif if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; return SSH_ERR_INVALID_ARGUMENT; @@ -386,8 +361,7 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, if (cipher->discard_len > 0) { if ((junk = malloc(cipher->discard_len)) == NULL || (discard = malloc(cipher->discard_len)) == NULL) { - if (junk != NULL) - free(junk); + free(junk); ret = SSH_ERR_ALLOC_FAIL; goto bad; } @@ -406,7 +380,6 @@ cipher_init(struct sshcipher_ctx *cc, const struct sshcipher *cipher, return 0; } - /* * cipher_crypt() operates as following: * Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'. @@ -421,44 +394,18 @@ int cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen) { -#ifdef USE_MSCNG - int ret = 0; -#endif - if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) { return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); } #ifndef WITH_OPENSSL - -#ifdef USE_MSCNG - - /* cng shares cipher flag with NONE. Make sure the NONE cipher isn't requested */ - if ((cc->cipher->flags & CFLAG_NONE) == 0) - { - if (aadlen) - memcpy(dest, src, aadlen); - if (cc->encrypt) - ret = cng_cipher_encrypt(&cc->cng_ctx,dest+aadlen, len, src+aadlen,len); - else - ret = cng_cipher_decrypt(&cc->cng_ctx,dest+aadlen, len, src+aadlen, len); - - if (ret != len){ - return SSH_ERR_LIBCRYPTO_ERROR; - } - return 0; - } -#else - if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { + if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { if (aadlen) memcpy(dest, src, aadlen); aesctr_encrypt_bytes(&cc->ac_ctx, src + aadlen, dest + aadlen, len); return 0; } -#endif - - if ((cc->cipher->flags & CFLAG_NONE) != 0) { memcpy(dest, src, aadlen + len); return 0; @@ -532,10 +479,6 @@ cipher_cleanup(struct sshcipher_ctx *cc) else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) return SSH_ERR_LIBCRYPTO_ERROR; #endif -#ifdef USE_MSCNG - else - cng_cipher_cleanup(&cc->cng_ctx); -#endif return 0; } @@ -690,7 +633,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) int cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) const struct sshcipher *c = cc->cipher; int plen = 0; @@ -709,7 +652,7 @@ cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) void cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) { -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4) const struct sshcipher *c = cc->cipher; int plen; diff --git a/cipher.h b/cipher.h index 6b49b4d..06d4be4 100644 --- a/cipher.h +++ b/cipher.h @@ -41,9 +41,7 @@ #include #include "cipher-chachapoly.h" #include "cipher-aesctr.h" -#ifdef USE_MSCNG -#include "contrib/win32/win32compat/cng_cipher.h" -#endif + /* * Cipher types for SSH-1. New types can be added, but old types should not * be removed for compatibility. The maximum allowed value is 31. @@ -72,10 +70,6 @@ struct sshcipher_ctx { struct chachapoly_ctx cp_ctx; /* XXX union with evp? */ struct aesctr_ctx ac_ctx; /* XXX union with evp? */ const struct sshcipher *cipher; - #ifdef USE_MSCNG - struct ssh_cng_cipher_ctx cng_ctx; - #endif - }; u_int cipher_mask_ssh1(int); diff --git a/clientloop.c b/clientloop.c index ddc3078..b0bcb4e 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.286 2016/07/23 02:54:08 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -111,7 +111,6 @@ #include "sshpty.h" #include "match.h" #include "msg.h" -#include "roaming.h" #include "ssherr.h" #include "hostfile.h" @@ -132,6 +131,9 @@ extern int stdin_null_flag; /* Flag indicating that no shell has been requested */ extern int no_shell_flag; +/* Flag indicating that ssh should daemonise after authentication is complete */ +extern int fork_after_authentication_flag; + /* Control socket */ extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ @@ -177,8 +179,6 @@ static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ static void client_init_dispatch(void); int session_ident = -1; -int session_resumed = 0; - /* Track escape per proto2 channel */ struct escape_filter_ctx { int escape_pending; @@ -296,6 +296,9 @@ client_x11_display_valid(const char *display) { size_t i, dlen; + if (display == NULL) + return 0; + dlen = strlen(display); for (i = 0; i < dlen; i++) { if (!isalnum((u_char)display[i]) && @@ -309,35 +312,34 @@ client_x11_display_valid(const char *display) #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" #define X11_TIMEOUT_SLACK 60 -void +int client_x11_get_proto(const char *display, const char *xauth_path, u_int trusted, u_int timeout, char **_proto, char **_data) { - char cmd[1024]; - char line[512]; - char xdisplay[512]; + char cmd[1024], line[512], xdisplay[512]; + char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; static char proto[512], data[512]; FILE *f; - int got_data = 0, generated = 0, do_unlink = 0, i; - char *xauthdir, *xauthfile; + int got_data = 0, generated = 0, do_unlink = 0, i, r; struct stat st; u_int now, x11_timeout_real; - xauthdir = xauthfile = NULL; *_proto = proto; *_data = data; - proto[0] = data[0] = '\0'; + proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; - if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) { + if (!client_x11_display_valid(display)) { + if (display != NULL) + logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", + display); + return -1; + } + if (xauth_path != NULL && stat(xauth_path, &st) == -1) { debug("No xauth program."); - } else if (!client_x11_display_valid(display)) { - logit("DISPLAY '%s' invalid, falling back to fake xauth data", - display); - } else { - if (display == NULL) { - debug("x11_get_proto: DISPLAY not set"); - return; - } + xauth_path = NULL; + } + + if (xauth_path != NULL) { /* * Handle FamilyLocal case where $DISPLAY does * not match an authorization entry. For this we @@ -346,45 +348,60 @@ client_x11_get_proto(const char *display, const char *xauth_path, * is not perfect. */ if (strncmp(display, "localhost:", 10) == 0) { - snprintf(xdisplay, sizeof(xdisplay), "unix:%s", - display + 10); + if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", + display + 10)) < 0 || + (size_t)r >= sizeof(xdisplay)) { + error("%s: display name too long", __func__); + return -1; + } display = xdisplay; } if (trusted == 0) { - xauthdir = xmalloc(PATH_MAX); - xauthfile = xmalloc(PATH_MAX); - mktemp_proto(xauthdir, PATH_MAX); /* + * Generate an untrusted X11 auth cookie. + * * The authentication cookie should briefly outlive * ssh's willingness to forward X11 connections to * avoid nasty fail-open behaviour in the X server. */ + mktemp_proto(xauthdir, sizeof(xauthdir)); + if (mkdtemp(xauthdir) == NULL) { + error("%s: mkdtemp: %s", + __func__, strerror(errno)); + return -1; + } + do_unlink = 1; + if ((r = snprintf(xauthfile, sizeof(xauthfile), + "%s/xauthfile", xauthdir)) < 0 || + (size_t)r >= sizeof(xauthfile)) { + error("%s: xauthfile path too long", __func__); + unlink(xauthfile); + rmdir(xauthdir); + return -1; + } + if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) x11_timeout_real = UINT_MAX; else x11_timeout_real = timeout + X11_TIMEOUT_SLACK; - if (mkdtemp(xauthdir) != NULL) { - do_unlink = 1; - snprintf(xauthfile, PATH_MAX, "%s/xauthfile", - xauthdir); - snprintf(cmd, sizeof(cmd), - "%s -f %s generate %s " SSH_X11_PROTO - " untrusted timeout %u 2>" _PATH_DEVNULL, - xauth_path, xauthfile, display, - x11_timeout_real); - debug2("x11_get_proto: %s", cmd); - if (x11_refuse_time == 0) { - now = monotime() + 1; - if (UINT_MAX - timeout < now) - x11_refuse_time = UINT_MAX; - else - x11_refuse_time = now + timeout; - channel_set_x11_refuse_time( - x11_refuse_time); - } - if (system(cmd) == 0) - generated = 1; + if ((r = snprintf(cmd, sizeof(cmd), + "%s -f %s generate %s " SSH_X11_PROTO + " untrusted timeout %u 2>" _PATH_DEVNULL, + xauth_path, xauthfile, display, + x11_timeout_real)) < 0 || + (size_t)r >= sizeof(cmd)) + fatal("%s: cmd too long", __func__); + debug2("%s: %s", __func__, cmd); + if (x11_refuse_time == 0) { + now = monotime() + 1; + if (UINT_MAX - timeout < now) + x11_refuse_time = UINT_MAX; + else + x11_refuse_time = now + timeout; + channel_set_x11_refuse_time(x11_refuse_time); } + if (system(cmd) == 0) + generated = 1; } /* @@ -406,17 +423,20 @@ client_x11_get_proto(const char *display, const char *xauth_path, got_data = 1; if (f) pclose(f); - } else - error("Warning: untrusted X11 forwarding setup failed: " - "xauth key data not generated"); + } } if (do_unlink) { unlink(xauthfile); rmdir(xauthdir); } - free(xauthdir); - free(xauthfile); + + /* Don't fall back to fake X11 data for untrusted forwarding */ + if (!trusted && !got_data) { + error("Warning: untrusted X11 forwarding setup failed: " + "xauth key data not generated"); + return -1; + } /* * If we didn't get authentication data, just make up some @@ -440,6 +460,8 @@ client_x11_get_proto(const char *display, const char *xauth_path, rnd >>= 8; } } + + return 0; } /* @@ -537,7 +559,6 @@ client_make_packets_from_stdin_data(void) static void client_check_window_change(void) { - struct winsize ws; if (! received_window_change_signal) @@ -550,7 +571,6 @@ client_check_window_change(void) if (compat20) { channel_send_window_changes(); } else { -#ifndef WIN32_FIXME if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) return; packet_start(SSH_CMSG_WINDOW_SIZE); @@ -559,7 +579,6 @@ client_check_window_change(void) packet_put_int((u_int)ws.ws_xpixel); packet_put_int((u_int)ws.ws_ypixel); packet_send(); -#endif } } @@ -748,7 +767,7 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr) static void client_process_net_input(fd_set *readset) { - int len, cont = 0; + int len; char buf[SSH_IOBUFSZ]; /* @@ -757,8 +776,8 @@ client_process_net_input(fd_set *readset) */ if (FD_ISSET(connection_in, readset)) { /* Read as much as possible. */ - len = roaming_read(connection_in, buf, sizeof(buf), &cont); - if (len == 0 && cont == 0) { + len = read(connection_in, buf, sizeof(buf)); + if (len == 0) { /* * Received EOF. The remote host has closed the * connection. @@ -907,7 +926,6 @@ process_cmdline(void) leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); handler = signal(SIGINT, SIG_IGN); - cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); if (s == NULL) goto out; @@ -1487,32 +1505,6 @@ client_simple_escape_filter(Channel *c, char *buf, int len) buf, len); } -#ifdef WIN32_FIXME -u_char * client_ansi_parser_filter(Channel *c, u_char **buf, u_int *len) { - /* TODO - account for error/extended stream*/ - char *respbuf = NULL; - size_t resplen = 0; - - - if (c->client_tty) { - if (telProcessNetwork(buffer_ptr(&c->output), buffer_len(&c->output), &respbuf, &resplen) == 0) - buffer_clear(&c->output); - if (respbuf != NULL) { - sshbuf_put(&c->input, respbuf, resplen); - buffer_clear(&c->output); - } - *buf = buffer_ptr(&c->output); - *len = buffer_len(&c->output); - return *buf; - } - else { - *buf = buffer_ptr(&c->output); - *len = buffer_len(&c->output); - return *buf; - } -} -#endif - static void client_channel_closed(int id, void *arg) { @@ -1533,13 +1525,44 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) { fd_set *readset = NULL, *writeset = NULL; double start_time, total_time; - int r, max_fd = 0, max_fd2 = 0, len, rekeying = 0; + int r, max_fd = 0, max_fd2 = 0, len; u_int64_t ibytes, obytes; u_int nalloc = 0; char buf[100]; debug("Entering interactive session."); + if (options.control_master && + !option_clear_or_none(options.control_path)) { + debug("pledge: id"); + if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (options.forward_x11 || options.permit_local_command) { + debug("pledge: exec"); + if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (options.update_hostkeys) { + debug("pledge: filesystem full"); + if (pledge("stdio rpath wpath cpath unix inet dns proc tty", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (!option_clear_or_none(options.proxy_command) || + fork_after_authentication_flag) { + debug("pledge: proc"); + if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else { + debug("pledge: network"); + if (pledge("stdio unix inet dns tty", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + } + start_time = get_current_time(); /* Initialize variables. */ @@ -1578,7 +1601,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) * Set signal handlers, (e.g. to restore non-blocking mode) * but don't overwrite SIG_IGN, matches behaviour from rsh(1) */ - if (signal(SIGHUP, SIG_IGN) != SIG_IGN) signal(SIGHUP, signal_handler); if (signal(SIGINT, SIG_IGN) != SIG_IGN) @@ -1597,11 +1619,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) if (session_ident != -1) { if (escape_char_arg != SSH_ESCAPECHAR_NONE) { channel_register_filter(session_ident, -#ifdef WIN32_FIXME - client_simple_escape_filter, client_ansi_parser_filter, -#else client_simple_escape_filter, NULL, -#endif client_filter_cleanup, client_new_escape_filter_ctx( escape_char_arg)); @@ -1623,10 +1641,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) if (compat20 && session_closed && !channel_still_open()) break; - rekeying = (active_state->kex != NULL && !active_state->kex->done); - - if (rekeying) { + if (ssh_packet_is_rekeying(active_state)) { debug("rekeying in progress"); + } else if (need_rekeying) { + /* manual rekey request */ + debug("need rekeying"); + if ((r = kex_start_rekex(active_state)) != 0) + fatal("%s: kex_start_rekex: %s", __func__, + ssh_err(r)); + need_rekeying = 0; } else { /* * Make packets of buffered stdin data, and buffer @@ -1657,23 +1680,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) */ max_fd2 = max_fd; client_wait_until_can_do_something(&readset, &writeset, - &max_fd2, &nalloc, rekeying); + &max_fd2, &nalloc, ssh_packet_is_rekeying(active_state)); if (quit_pending) break; /* Do channel operations unless rekeying in progress. */ - if (!rekeying) { + if (!ssh_packet_is_rekeying(active_state)) channel_after_select(readset, writeset); - if (need_rekeying || packet_need_rekeying()) { - debug("need rekeying"); - active_state->kex->done = 0; - if ((r = kex_send_kexinit(active_state)) != 0) - fatal("%s: kex_send_kexinit: %s", - __func__, ssh_err(r)); - need_rekeying = 0; - } - } /* Buffer input from the connection. */ client_process_net_input(readset); @@ -1691,14 +1705,6 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) client_process_output(writeset); } - if (session_resumed) { - connection_in = packet_get_connection_in(); - connection_out = packet_get_connection_out(); - max_fd = MAX(max_fd, connection_out); - max_fd = MAX(max_fd, connection_in); - session_resumed = 0; - } - /* * Send as much buffered packet data as possible to the * sender. @@ -1792,7 +1798,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) } /* Clear and free any buffers. */ - memset(buf, 0, sizeof(buf)); + explicit_bzero(buf, sizeof(buf)); buffer_free(&stdin_buffer); buffer_free(&stdout_buffer); buffer_free(&stderr_buffer); @@ -2570,18 +2576,15 @@ client_session2_setup(int id, int want_tty, int want_subsystem, options.ip_qos_interactive, options.ip_qos_bulk); if (want_tty) { -#ifndef WIN32_FIXME struct winsize ws; /* Store window size in the packet. */ if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0) memset(&ws, 0, sizeof(ws)); -#endif /* !WIN32_FIXME */ channel_request_start(id, "pty-req", 1); client_expect_confirm(id, "PTY allocation", CONFIRM_TTY); -#ifndef WIN32_FIXME packet_put_cstring(term != NULL ? term : ""); packet_put_int((u_int)ws.ws_col); packet_put_int((u_int)ws.ws_row); @@ -2591,14 +2594,6 @@ client_session2_setup(int id, int want_tty, int want_subsystem, tiop = get_saved_tio(); tty_make_modes(-1, tiop); -#else - packet_put_cstring(term != NULL ? term : "ansi"); - packet_put_int((u_int) ScreenX); - packet_put_int((u_int) ScrollBottom); - packet_put_int((u_int) 640); - packet_put_int((u_int) 480); - tty_make_modes(-1, NULL); -#endif /* else !WIN32_FIXME */ packet_send(); /* XXX wait for reply */ c->client_tty = 1; diff --git a/clientloop.h b/clientloop.h index 338d451..f4d4c69 100644 --- a/clientloop.h +++ b/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ +/* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */ /* * Author: Tatu Ylonen @@ -39,7 +39,7 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); -void client_x11_get_proto(const char *, const char *, u_int, u_int, +int client_x11_get_proto(const char *, const char *, u_int, u_int, char **, char **); void client_global_request_reply_fwd(int, u_int32_t, void *); void client_session2_setup(int, int, int, const char *, struct termios *, diff --git a/compat.c b/compat.c index 5583804..69a104f 100644 --- a/compat.c +++ b/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */ +/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * diff --git a/compress.c b/compress.c deleted file mode 100644 index 7f05f3e..0000000 --- a/compress.c +++ /dev/null @@ -1,169 +0,0 @@ -/* $OpenBSD: compress.c,v 1.26 2010/09/08 04:13:31 deraadt Exp $ */ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Interface to packet compression for ssh. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#include "includes.h" - -#include - -#include - -#include "log.h" -#include "buffer.h" -#include "compress.h" - -#ifndef WIN32_ZLIB_NO -#include -#endif - -z_stream incoming_stream; -z_stream outgoing_stream; -static int compress_init_send_called = 0; -static int compress_init_recv_called = 0; -static int inflate_failed = 0; -static int deflate_failed = 0; - -/* - * Initializes compression; level is compression level from 1 to 9 - * (as in gzip). - */ - -void -buffer_compress_init_send(int level) -{ - if (compress_init_send_called == 1) - deflateEnd(&outgoing_stream); - compress_init_send_called = 1; - debug("Enabling compression at level %d.", level); - if (level < 1 || level > 9) - fatal("Bad compression level %d.", level); - deflateInit(&outgoing_stream, level); -} -void -buffer_compress_init_recv(void) -{ - if (compress_init_recv_called == 1) - inflateEnd(&incoming_stream); - compress_init_recv_called = 1; - inflateInit(&incoming_stream); -} - -/* Frees any data structures allocated for compression. */ - -void -buffer_compress_uninit(void) -{ - debug("compress outgoing: raw data %llu, compressed %llu, factor %.2f", - (unsigned long long)outgoing_stream.total_in, - (unsigned long long)outgoing_stream.total_out, - outgoing_stream.total_in == 0 ? 0.0 : - (double) outgoing_stream.total_out / outgoing_stream.total_in); - debug("compress incoming: raw data %llu, compressed %llu, factor %.2f", - (unsigned long long)incoming_stream.total_out, - (unsigned long long)incoming_stream.total_in, - incoming_stream.total_out == 0 ? 0.0 : - (double) incoming_stream.total_in / incoming_stream.total_out); - if (compress_init_recv_called == 1 && inflate_failed == 0) - inflateEnd(&incoming_stream); - if (compress_init_send_called == 1 && deflate_failed == 0) - deflateEnd(&outgoing_stream); -} - -/* - * Compresses the contents of input_buffer into output_buffer. All packets - * compressed using this function will form a single compressed data stream; - * however, data will be flushed at the end of every call so that each - * output_buffer can be decompressed independently (but in the appropriate - * order since they together form a single compression stream) by the - * receiver. This appends the compressed data to the output buffer. - */ - -void -buffer_compress(Buffer * input_buffer, Buffer * output_buffer) -{ - u_char buf[4096]; - int status; - - /* This case is not handled below. */ - if (buffer_len(input_buffer) == 0) - return; - - /* Input is the contents of the input buffer. */ - outgoing_stream.next_in = buffer_ptr(input_buffer); - outgoing_stream.avail_in = buffer_len(input_buffer); - - /* Loop compressing until deflate() returns with avail_out != 0. */ - do { - /* Set up fixed-size output buffer. */ - outgoing_stream.next_out = buf; - outgoing_stream.avail_out = sizeof(buf); - - /* Compress as much data into the buffer as possible. */ - status = deflate(&outgoing_stream, Z_PARTIAL_FLUSH); - switch (status) { - case Z_OK: - /* Append compressed data to output_buffer. */ - buffer_append(output_buffer, buf, - sizeof(buf) - outgoing_stream.avail_out); - break; - default: - deflate_failed = 1; - fatal("buffer_compress: deflate returned %d", status); - /* NOTREACHED */ - } - } while (outgoing_stream.avail_out == 0); -} - -/* - * Uncompresses the contents of input_buffer into output_buffer. All packets - * uncompressed using this function will form a single compressed data - * stream; however, data will be flushed at the end of every call so that - * each output_buffer. This must be called for the same size units that the - * buffer_compress was called, and in the same order that buffers compressed - * with that. This appends the uncompressed data to the output buffer. - */ - -void -buffer_uncompress(Buffer * input_buffer, Buffer * output_buffer) -{ - u_char buf[4096]; - int status; - - incoming_stream.next_in = buffer_ptr(input_buffer); - incoming_stream.avail_in = buffer_len(input_buffer); - - for (;;) { - /* Set up fixed-size output buffer. */ - incoming_stream.next_out = buf; - incoming_stream.avail_out = sizeof(buf); - - status = inflate(&incoming_stream, Z_PARTIAL_FLUSH); - switch (status) { - case Z_OK: - buffer_append(output_buffer, buf, - sizeof(buf) - incoming_stream.avail_out); - break; - case Z_BUF_ERROR: - /* - * Comments in zlib.h say that we should keep calling - * inflate() until we get an error. This appears to - * be the error that we get. - */ - return; - default: - inflate_failed = 1; - fatal("buffer_uncompress: inflate returned %d", status); - /* NOTREACHED */ - } - } -} diff --git a/compress.h b/compress.h deleted file mode 100644 index 418d6fd..0000000 --- a/compress.h +++ /dev/null @@ -1,25 +0,0 @@ -/* $OpenBSD: compress.h,v 1.12 2006/03/25 22:22:43 djm Exp $ */ - -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * Interface to packet compression for ssh. - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -#ifndef COMPRESS_H -#define COMPRESS_H - -void buffer_compress_init_send(int); -void buffer_compress_init_recv(void); -void buffer_compress_uninit(void); -void buffer_compress(Buffer *, Buffer *); -void buffer_uncompress(Buffer *, Buffer *); - -#endif /* COMPRESS_H */ diff --git a/config.h.in b/config.h.in deleted file mode 100644 index 7500df5..0000000 --- a/config.h.in +++ /dev/null @@ -1,1707 +0,0 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address - */ -#undef AIX_GETNAMEINFO_HACK - -/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ -#undef AIX_LOGINFAILED_4ARG - -/* System only supports IPv4 audit records */ -#undef AU_IPv4 - -/* Define if your resolver libs need this for getrrsetbyname */ -#undef BIND_8_COMPAT - -/* The system has incomplete BSM API */ -#undef BROKEN_BSM_API - -/* Define if cmsg_type is not passed correctly */ -#undef BROKEN_CMSG_TYPE - -/* getaddrinfo is broken (if present) */ -#undef BROKEN_GETADDRINFO - -/* getgroups(0,NULL) will return -1 */ -#undef BROKEN_GETGROUPS - -/* FreeBSD glob does not do what we need */ -#undef BROKEN_GLOB - -/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ -#undef BROKEN_INET_NTOA - -/* ia_uinfo routines not supported by OS yet */ -#undef BROKEN_LIBIAF - -/* Ultrix mmap can't map files */ -#undef BROKEN_MMAP - -/* Define if your struct dirent expects you to allocate extra space for d_name - */ -#undef BROKEN_ONE_BYTE_DIRENT_D_NAME - -/* Can't do comparisons on readv */ -#undef BROKEN_READV_COMPARISON - -/* NetBSD read function is sometimes redirected, breaking atomicio comparisons - against it */ -#undef BROKEN_READ_COMPARISON - -/* realpath does not work with nonexistent files */ -#undef BROKEN_REALPATH - -/* Needed for NeXT */ -#undef BROKEN_SAVED_UIDS - -/* Define if your setregid() is broken */ -#undef BROKEN_SETREGID - -/* Define if your setresgid() is broken */ -#undef BROKEN_SETRESGID - -/* Define if your setresuid() is broken */ -#undef BROKEN_SETRESUID - -/* Define if your setreuid() is broken */ -#undef BROKEN_SETREUID - -/* LynxOS has broken setvbuf() implementation */ -#undef BROKEN_SETVBUF - -/* QNX shadow support is broken */ -#undef BROKEN_SHADOW_EXPIRE - -/* Define if your snprintf is busted */ -#undef BROKEN_SNPRINTF - -/* FreeBSD strnvis argument order is swapped compared to OpenBSD */ -#undef BROKEN_STRNVIS - -/* tcgetattr with ICANON may hang */ -#undef BROKEN_TCGETATTR_ICANON - -/* updwtmpx is broken (if present) */ -#undef BROKEN_UPDWTMPX - -/* Define if you have BSD auth support */ -#undef BSD_AUTH - -/* Define if you want to specify the path to your lastlog file */ -#undef CONF_LASTLOG_FILE - -/* Define if you want to specify the path to your utmp file */ -#undef CONF_UTMP_FILE - -/* Define if you want to specify the path to your wtmpx file */ -#undef CONF_WTMPX_FILE - -/* Define if you want to specify the path to your wtmp file */ -#undef CONF_WTMP_FILE - -/* Define if your platform needs to skip post auth file descriptor passing */ -#undef DISABLE_FD_PASSING - -/* Define if you don't want to use lastlog */ -#undef DISABLE_LASTLOG - -/* Define if you don't want to use your system's login() call */ -#undef DISABLE_LOGIN - -/* Define if you don't want to use pututline() etc. to write [uw]tmp */ -#undef DISABLE_PUTUTLINE - -/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ -#undef DISABLE_PUTUTXLINE - -/* Define if you want to disable shadow passwords */ -#undef DISABLE_SHADOW - -/* Define if you don't want to use utmp */ -#undef DISABLE_UTMP - -/* Define if you don't want to use utmpx */ -#undef DISABLE_UTMPX - -/* Define if you don't want to use wtmp */ -#undef DISABLE_WTMP - -/* Define if you don't want to use wtmpx */ -#undef DISABLE_WTMPX - -/* Enable for PKCS#11 support */ -#undef ENABLE_PKCS11 - -/* File names may not contain backslash characters */ -#undef FILESYSTEM_NO_BACKSLASH - -/* fsid_t has member val */ -#undef FSID_HAS_VAL - -/* fsid_t has member __val */ -#undef FSID_HAS___VAL - -/* Define to 1 if the `getpgrp' function requires zero arguments. */ -#undef GETPGRP_VOID - -/* Conflicting defs for getspnam */ -#undef GETSPNAM_CONFLICTING_DEFS - -/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ -#undef GLOB_HAS_ALTDIRFUNC - -/* Define if your system glob() function has gl_matchc options in glob_t */ -#undef GLOB_HAS_GL_MATCHC - -/* Define if your system glob() function has gl_statv options in glob_t */ -#undef GLOB_HAS_GL_STATV - -/* Define this if you want GSSAPI support in the version 2 protocol */ -#undef GSSAPI - -/* Define if you want to use shadow password expire field */ -#undef HAS_SHADOW_EXPIRE - -/* Define if your system uses access rights style file descriptor passing */ -#undef HAVE_ACCRIGHTS_IN_MSGHDR - -/* Define if you have ut_addr in utmp.h */ -#undef HAVE_ADDR_IN_UTMP - -/* Define if you have ut_addr in utmpx.h */ -#undef HAVE_ADDR_IN_UTMPX - -/* Define if you have ut_addr_v6 in utmp.h */ -#undef HAVE_ADDR_V6_IN_UTMP - -/* Define if you have ut_addr_v6 in utmpx.h */ -#undef HAVE_ADDR_V6_IN_UTMPX - -/* Define to 1 if you have the `arc4random' function. */ -#undef HAVE_ARC4RANDOM - -/* Define to 1 if you have the `arc4random_buf' function. */ -#undef HAVE_ARC4RANDOM_BUF - -/* Define to 1 if you have the `arc4random_stir' function. */ -#undef HAVE_ARC4RANDOM_STIR - -/* Define to 1 if you have the `arc4random_uniform' function. */ -#undef HAVE_ARC4RANDOM_UNIFORM - -/* Define to 1 if you have the `asprintf' function. */ -#undef HAVE_ASPRINTF - -/* OpenBSD's gcc has bounded */ -#undef HAVE_ATTRIBUTE__BOUNDED__ - -/* Have attribute nonnull */ -#undef HAVE_ATTRIBUTE__NONNULL__ - -/* OpenBSD's gcc has sentinel */ -#undef HAVE_ATTRIBUTE__SENTINEL__ - -/* Define to 1 if you have the `aug_get_machine' function. */ -#undef HAVE_AUG_GET_MACHINE - -/* Define to 1 if you have the `b64_ntop' function. */ -#undef HAVE_B64_NTOP - -/* Define to 1 if you have the `b64_pton' function. */ -#undef HAVE_B64_PTON - -/* Define if you have the basename function. */ -#undef HAVE_BASENAME - -/* Define to 1 if you have the `bcopy' function. */ -#undef HAVE_BCOPY - -/* Define to 1 if you have the `bcrypt_pbkdf' function. */ -#undef HAVE_BCRYPT_PBKDF - -/* Define to 1 if you have the `bindresvport_sa' function. */ -#undef HAVE_BINDRESVPORT_SA - -/* Define to 1 if you have the `blf_enc' function. */ -#undef HAVE_BLF_ENC - -/* Define to 1 if you have the header file. */ -#undef HAVE_BLF_H - -/* Define to 1 if you have the `Blowfish_expand0state' function. */ -#undef HAVE_BLOWFISH_EXPAND0STATE - -/* Define to 1 if you have the `Blowfish_expandstate' function. */ -#undef HAVE_BLOWFISH_EXPANDSTATE - -/* Define to 1 if you have the `Blowfish_initstate' function. */ -#undef HAVE_BLOWFISH_INITSTATE - -/* Define to 1 if you have the `Blowfish_stream2word' function. */ -#undef HAVE_BLOWFISH_STREAM2WORD - -/* Define to 1 if you have the `BN_is_prime_ex' function. */ -#undef HAVE_BN_IS_PRIME_EX - -/* Define to 1 if you have the header file. */ -#undef HAVE_BSD_LIBUTIL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_BSM_AUDIT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_BSTRING_H - -/* Define to 1 if you have the `cap_rights_limit' function. */ -#undef HAVE_CAP_RIGHTS_LIMIT - -/* Define to 1 if you have the `clock' function. */ -#undef HAVE_CLOCK - -/* Have clock_gettime */ -#undef HAVE_CLOCK_GETTIME - -/* define if you have clock_t data type */ -#undef HAVE_CLOCK_T - -/* Define to 1 if you have the `closefrom' function. */ -#undef HAVE_CLOSEFROM - -/* Define if gai_strerror() returns const char * */ -#undef HAVE_CONST_GAI_STRERROR_PROTO - -/* Define if your system uses ancillary data style file descriptor passing */ -#undef HAVE_CONTROL_IN_MSGHDR - -/* Define to 1 if you have the `crypt' function. */ -#undef HAVE_CRYPT - -/* Define to 1 if you have the header file. */ -#undef HAVE_CRYPTO_SHA2_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_CRYPT_H - -/* Define if you are on Cygwin */ -#undef HAVE_CYGWIN - -/* Define if your libraries define daemon() */ -#undef HAVE_DAEMON - -/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if - you don't. */ -#undef HAVE_DECL_AI_NUMERICSERV - -/* Define to 1 if you have the declaration of `authenticate', and to 0 if you - don't. */ -#undef HAVE_DECL_AUTHENTICATE - -/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you - don't. */ -#undef HAVE_DECL_GLOB_NOMATCH - -/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE', - and to 0 if you don't. */ -#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE - -/* Define to 1 if you have the declaration of `howmany', and to 0 if you - don't. */ -#undef HAVE_DECL_HOWMANY - -/* Define to 1 if you have the declaration of `h_errno', and to 0 if you - don't. */ -#undef HAVE_DECL_H_ERRNO - -/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you - don't. */ -#undef HAVE_DECL_LOGINFAILED - -/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if - you don't. */ -#undef HAVE_DECL_LOGINRESTRICTIONS - -/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you - don't. */ -#undef HAVE_DECL_LOGINSUCCESS - -/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you - don't. */ -#undef HAVE_DECL_MAXSYMLINKS - -/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you - don't. */ -#undef HAVE_DECL_NFDBITS - -/* Define to 1 if you have the declaration of `offsetof', and to 0 if you - don't. */ -#undef HAVE_DECL_OFFSETOF - -/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you - don't. */ -#undef HAVE_DECL_O_NONBLOCK - -/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you - don't. */ -#undef HAVE_DECL_PASSWDEXPIRED - -/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you - don't. */ -#undef HAVE_DECL_SETAUTHDB - -/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you - don't. */ -#undef HAVE_DECL_SHUT_RD - -/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. - */ -#undef HAVE_DECL_WRITEV - -/* Define to 1 if you have the declaration of `_getlong', and to 0 if you - don't. */ -#undef HAVE_DECL__GETLONG - -/* Define to 1 if you have the declaration of `_getshort', and to 0 if you - don't. */ -#undef HAVE_DECL__GETSHORT - -/* Define to 1 if you have the `DES_crypt' function. */ -#undef HAVE_DES_CRYPT - -/* Define if you have /dev/ptmx */ -#undef HAVE_DEV_PTMX - -/* Define if you have /dev/ptc */ -#undef HAVE_DEV_PTS_AND_PTC - -/* Define to 1 if you have the header file. */ -#undef HAVE_DIRENT_H - -/* Define to 1 if you have the `dirfd' function. */ -#undef HAVE_DIRFD - -/* Define to 1 if you have the `dirname' function. */ -#undef HAVE_DIRNAME - -/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ -#undef HAVE_DSA_GENERATE_PARAMETERS_EX - -/* Define to 1 if you have the header file. */ -#undef HAVE_ELF_H - -/* Define to 1 if you have the `endgrent' function. */ -#undef HAVE_ENDGRENT - -/* Define to 1 if you have the header file. */ -#undef HAVE_ENDIAN_H - -/* Define to 1 if you have the `endutent' function. */ -#undef HAVE_ENDUTENT - -/* Define to 1 if you have the `endutxent' function. */ -#undef HAVE_ENDUTXENT - -/* Define if your system has /etc/default/login */ -#undef HAVE_ETC_DEFAULT_LOGIN - -/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ -#undef HAVE_EVP_CIPHER_CTX_CTRL - -/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ -#undef HAVE_EVP_DIGESTFINAL_EX - -/* Define to 1 if you have the `EVP_DigestInit_ex' function. */ -#undef HAVE_EVP_DIGESTINIT_EX - -/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ -#undef HAVE_EVP_MD_CTX_CLEANUP - -/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ -#undef HAVE_EVP_MD_CTX_COPY_EX - -/* Define to 1 if you have the `EVP_MD_CTX_init' function. */ -#undef HAVE_EVP_MD_CTX_INIT - -/* Define to 1 if you have the `EVP_ripemd160' function. */ -#undef HAVE_EVP_RIPEMD160 - -/* Define to 1 if you have the `EVP_sha256' function. */ -#undef HAVE_EVP_SHA256 - -/* Define if you have ut_exit in utmp.h */ -#undef HAVE_EXIT_IN_UTMP - -/* Define to 1 if you have the `explicit_bzero' function. */ -#undef HAVE_EXPLICIT_BZERO - -/* Define to 1 if you have the `fchmod' function. */ -#undef HAVE_FCHMOD - -/* Define to 1 if you have the `fchown' function. */ -#undef HAVE_FCHOWN - -/* Use F_CLOSEM fcntl for closefrom */ -#undef HAVE_FCNTL_CLOSEM - -/* Define to 1 if you have the header file. */ -#undef HAVE_FCNTL_H - -/* Define to 1 if the system has the type `fd_mask'. */ -#undef HAVE_FD_MASK - -/* Define to 1 if you have the header file. */ -#undef HAVE_FEATURES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_FLOATINGPOINT_H - -/* Define to 1 if you have the `fmt_scaled' function. */ -#undef HAVE_FMT_SCALED - -/* Define to 1 if you have the `freeaddrinfo' function. */ -#undef HAVE_FREEADDRINFO - -/* Define to 1 if the system has the type `fsblkcnt_t'. */ -#undef HAVE_FSBLKCNT_T - -/* Define to 1 if the system has the type `fsfilcnt_t'. */ -#undef HAVE_FSFILCNT_T - -/* Define to 1 if you have the `fstatfs' function. */ -#undef HAVE_FSTATFS - -/* Define to 1 if you have the `fstatvfs' function. */ -#undef HAVE_FSTATVFS - -/* Define to 1 if you have the `futimes' function. */ -#undef HAVE_FUTIMES - -/* Define to 1 if you have the `gai_strerror' function. */ -#undef HAVE_GAI_STRERROR - -/* Define to 1 if you have the `getaddrinfo' function. */ -#undef HAVE_GETADDRINFO - -/* Define to 1 if you have the `getaudit' function. */ -#undef HAVE_GETAUDIT - -/* Define to 1 if you have the `getaudit_addr' function. */ -#undef HAVE_GETAUDIT_ADDR - -/* Define to 1 if you have the `getcwd' function. */ -#undef HAVE_GETCWD - -/* Define to 1 if you have the `getgrouplist' function. */ -#undef HAVE_GETGROUPLIST - -/* Define to 1 if you have the `getgrset' function. */ -#undef HAVE_GETGRSET - -/* Define to 1 if you have the `getlastlogxbyname' function. */ -#undef HAVE_GETLASTLOGXBYNAME - -/* Define to 1 if you have the `getluid' function. */ -#undef HAVE_GETLUID - -/* Define to 1 if you have the `getnameinfo' function. */ -#undef HAVE_GETNAMEINFO - -/* Define to 1 if you have the `getopt' function. */ -#undef HAVE_GETOPT - -/* Define to 1 if you have the header file. */ -#undef HAVE_GETOPT_H - -/* Define if your getopt(3) defines and uses optreset */ -#undef HAVE_GETOPT_OPTRESET - -/* Define if your libraries define getpagesize() */ -#undef HAVE_GETPAGESIZE - -/* Define to 1 if you have the `getpeereid' function. */ -#undef HAVE_GETPEEREID - -/* Define to 1 if you have the `getpeerucred' function. */ -#undef HAVE_GETPEERUCRED - -/* Define to 1 if you have the `getpgid' function. */ -#undef HAVE_GETPGID - -/* Define to 1 if you have the `getpgrp' function. */ -#undef HAVE_GETPGRP - -/* Define to 1 if you have the `getpwanam' function. */ -#undef HAVE_GETPWANAM - -/* Define to 1 if you have the `getrlimit' function. */ -#undef HAVE_GETRLIMIT - -/* Define if getrrsetbyname() exists */ -#undef HAVE_GETRRSETBYNAME - -/* Define to 1 if you have the `getrusage' function. */ -#undef HAVE_GETRUSAGE - -/* Define to 1 if you have the `getseuserbyname' function. */ -#undef HAVE_GETSEUSERBYNAME - -/* Define to 1 if you have the `gettimeofday' function. */ -#undef HAVE_GETTIMEOFDAY - -/* Define to 1 if you have the `getttyent' function. */ -#undef HAVE_GETTTYENT - -/* Define to 1 if you have the `getutent' function. */ -#undef HAVE_GETUTENT - -/* Define to 1 if you have the `getutid' function. */ -#undef HAVE_GETUTID - -/* Define to 1 if you have the `getutline' function. */ -#undef HAVE_GETUTLINE - -/* Define to 1 if you have the `getutxent' function. */ -#undef HAVE_GETUTXENT - -/* Define to 1 if you have the `getutxid' function. */ -#undef HAVE_GETUTXID - -/* Define to 1 if you have the `getutxline' function. */ -#undef HAVE_GETUTXLINE - -/* Define to 1 if you have the `getutxuser' function. */ -#undef HAVE_GETUTXUSER - -/* Define to 1 if you have the `get_default_context_with_level' function. */ -#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL - -/* Define to 1 if you have the `glob' function. */ -#undef HAVE_GLOB - -/* Define to 1 if you have the header file. */ -#undef HAVE_GLOB_H - -/* Define to 1 if you have the `group_from_gid' function. */ -#undef HAVE_GROUP_FROM_GID - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GENERIC_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GSSAPI_GENERIC_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GSSAPI_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GSSAPI_KRB5_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_KRB5_H - -/* Define if HEADER.ad exists in arpa/nameser.h */ -#undef HAVE_HEADER_AD - -/* Define to 1 if you have the `HMAC_CTX_init' function. */ -#undef HAVE_HMAC_CTX_INIT - -/* Define if you have ut_host in utmp.h */ -#undef HAVE_HOST_IN_UTMP - -/* Define if you have ut_host in utmpx.h */ -#undef HAVE_HOST_IN_UTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_IAF_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_IA_H - -/* Define if you have ut_id in utmp.h */ -#undef HAVE_ID_IN_UTMP - -/* Define if you have ut_id in utmpx.h */ -#undef HAVE_ID_IN_UTMPX - -/* Define to 1 if you have the `inet_aton' function. */ -#undef HAVE_INET_ATON - -/* Define to 1 if you have the `inet_ntoa' function. */ -#undef HAVE_INET_NTOA - -/* Define to 1 if you have the `inet_ntop' function. */ -#undef HAVE_INET_NTOP - -/* Define to 1 if you have the `innetgr' function. */ -#undef HAVE_INNETGR - -/* define if you have int64_t data type */ -#undef HAVE_INT64_T - -/* Define to 1 if the system has the type `intmax_t'. */ -#undef HAVE_INTMAX_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_INTTYPES_H - -/* define if you have intxx_t data type */ -#undef HAVE_INTXX_T - -/* Define to 1 if the system has the type `in_addr_t'. */ -#undef HAVE_IN_ADDR_T - -/* Define to 1 if the system has the type `in_port_t'. */ -#undef HAVE_IN_PORT_T - -/* Define if you have isblank(3C). */ -#undef HAVE_ISBLANK - -/* Define to 1 if you have the `krb5_cc_new_unique' function. */ -#undef HAVE_KRB5_CC_NEW_UNIQUE - -/* Define to 1 if you have the `krb5_free_error_message' function. */ -#undef HAVE_KRB5_FREE_ERROR_MESSAGE - -/* Define to 1 if you have the `krb5_get_error_message' function. */ -#undef HAVE_KRB5_GET_ERROR_MESSAGE - -/* Define to 1 if you have the header file. */ -#undef HAVE_LASTLOG_H - -/* Define if you want ldns support */ -#undef HAVE_LDNS - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIBAUDIT_H - -/* Define to 1 if you have the `bsm' library (-lbsm). */ -#undef HAVE_LIBBSM - -/* Define to 1 if you have the `crypt' library (-lcrypt). */ -#undef HAVE_LIBCRYPT - -/* Define to 1 if you have the `dl' library (-ldl). */ -#undef HAVE_LIBDL - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIBGEN_H - -/* Define if system has libiaf that supports set_id */ -#undef HAVE_LIBIAF - -/* Define to 1 if you have the `network' library (-lnetwork). */ -#undef HAVE_LIBNETWORK - -/* Define to 1 if you have the `nsl' library (-lnsl). */ -#undef HAVE_LIBNSL - -/* Define to 1 if you have the `pam' library (-lpam). */ -#undef HAVE_LIBPAM - -/* Define to 1 if you have the `socket' library (-lsocket). */ -#undef HAVE_LIBSOCKET - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIBUTIL_H - -/* Define to 1 if you have the `xnet' library (-lxnet). */ -#undef HAVE_LIBXNET - -/* Define to 1 if you have the `z' library (-lz). */ -#undef HAVE_LIBZ - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIMITS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LINUX_AUDIT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LINUX_FILTER_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LINUX_IF_TUN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LINUX_SECCOMP_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LOCALE_H - -/* Define to 1 if you have the `login' function. */ -#undef HAVE_LOGIN - -/* Define to 1 if you have the header file. */ -#undef HAVE_LOGIN_CAP_H - -/* Define to 1 if you have the `login_getcapbool' function. */ -#undef HAVE_LOGIN_GETCAPBOOL - -/* Define to 1 if you have the header file. */ -#undef HAVE_LOGIN_H - -/* Define to 1 if you have the `logout' function. */ -#undef HAVE_LOGOUT - -/* Define to 1 if you have the `logwtmp' function. */ -#undef HAVE_LOGWTMP - -/* Define to 1 if the system has the type `long double'. */ -#undef HAVE_LONG_DOUBLE - -/* Define to 1 if the system has the type `long long'. */ -#undef HAVE_LONG_LONG - -/* Define to 1 if you have the header file. */ -#undef HAVE_MAILLOCK_H - -/* Define to 1 if you have the `mblen' function. */ -#undef HAVE_MBLEN - -/* Define to 1 if you have the `md5_crypt' function. */ -#undef HAVE_MD5_CRYPT - -/* Define if you want to allow MD5 passwords */ -#undef HAVE_MD5_PASSWORDS - -/* Define to 1 if you have the `memmove' function. */ -#undef HAVE_MEMMOVE - -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the `memset_s' function. */ -#undef HAVE_MEMSET_S - -/* Define to 1 if you have the `mkdtemp' function. */ -#undef HAVE_MKDTEMP - -/* Define to 1 if you have the `mmap' function. */ -#undef HAVE_MMAP - -/* define if you have mode_t data type */ -#undef HAVE_MODE_T - -/* Some systems put nanosleep outside of libc */ -#undef HAVE_NANOSLEEP - -/* Define to 1 if you have the header file. */ -#undef HAVE_NDIR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETDB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETGROUP_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NET_IF_TUN_H - -/* Define if you are on NeXT */ -#undef HAVE_NEXT - -/* Define to 1 if you have the `ngetaddrinfo' function. */ -#undef HAVE_NGETADDRINFO - -/* Define to 1 if you have the `nsleep' function. */ -#undef HAVE_NSLEEP - -/* Define to 1 if you have the `ogetaddrinfo' function. */ -#undef HAVE_OGETADDRINFO - -/* Define if you have an old version of PAM which takes only one argument to - pam_strerror */ -#undef HAVE_OLD_PAM - -/* Define to 1 if you have the `openlog_r' function. */ -#undef HAVE_OPENLOG_R - -/* Define to 1 if you have the `openpty' function. */ -#undef HAVE_OPENPTY - -/* Define if your ssl headers are included with #include */ -#undef HAVE_OPENSSL - -/* Define if you have Digital Unix Security Integration Architecture */ -#undef HAVE_OSF_SIA - -/* Define to 1 if you have the `pam_getenvlist' function. */ -#undef HAVE_PAM_GETENVLIST - -/* Define to 1 if you have the header file. */ -#undef HAVE_PAM_PAM_APPL_H - -/* Define to 1 if you have the `pam_putenv' function. */ -#undef HAVE_PAM_PUTENV - -/* Define to 1 if you have the header file. */ -#undef HAVE_PATHS_H - -/* Define if you have ut_pid in utmp.h */ -#undef HAVE_PID_IN_UTMP - -/* define if you have pid_t data type */ -#undef HAVE_PID_T - -/* Define to 1 if you have the `poll' function. */ -#undef HAVE_POLL - -/* Define to 1 if you have the header file. */ -#undef HAVE_POLL_H - -/* Define to 1 if you have the `prctl' function. */ -#undef HAVE_PRCTL - -/* Define if you have /proc/$pid/fd */ -#undef HAVE_PROC_PID - -/* Define to 1 if you have the `pstat' function. */ -#undef HAVE_PSTAT - -/* Define to 1 if you have the header file. */ -#undef HAVE_PTY_H - -/* Define to 1 if you have the `pututline' function. */ -#undef HAVE_PUTUTLINE - -/* Define to 1 if you have the `pututxline' function. */ -#undef HAVE_PUTUTXLINE - -/* Define to 1 if you have the `readpassphrase' function. */ -#undef HAVE_READPASSPHRASE - -/* Define to 1 if you have the header file. */ -#undef HAVE_READPASSPHRASE_H - -/* Define to 1 if you have the `reallocarray' function. */ -#undef HAVE_REALLOCARRAY - -/* Define to 1 if you have the `realpath' function. */ -#undef HAVE_REALPATH - -/* Define to 1 if you have the `recvmsg' function. */ -#undef HAVE_RECVMSG - -/* sys/resource.h has RLIMIT_NPROC */ -#undef HAVE_RLIMIT_NPROC - -/* Define to 1 if you have the header file. */ -#undef HAVE_RPC_TYPES_H - -/* Define to 1 if you have the `rresvport_af' function. */ -#undef HAVE_RRESVPORT_AF - -/* Define to 1 if you have the `RSA_generate_key_ex' function. */ -#undef HAVE_RSA_GENERATE_KEY_EX - -/* Define to 1 if you have the `RSA_get_default_method' function. */ -#undef HAVE_RSA_GET_DEFAULT_METHOD - -/* Define to 1 if you have the header file. */ -#undef HAVE_SANDBOX_H - -/* Define to 1 if you have the `sandbox_init' function. */ -#undef HAVE_SANDBOX_INIT - -/* define if you have sa_family_t data type */ -#undef HAVE_SA_FAMILY_T - -/* Define to 1 if you have the `scan_scaled' function. */ -#undef HAVE_SCAN_SCALED - -/* Define if you have SecureWare-based protected password database */ -#undef HAVE_SECUREWARE - -/* Define to 1 if you have the header file. */ -#undef HAVE_SECURITY_PAM_APPL_H - -/* Define to 1 if you have the `sendmsg' function. */ -#undef HAVE_SENDMSG - -/* Define to 1 if you have the `setauthdb' function. */ -#undef HAVE_SETAUTHDB - -/* Define to 1 if you have the `setdtablesize' function. */ -#undef HAVE_SETDTABLESIZE - -/* Define to 1 if you have the `setegid' function. */ -#undef HAVE_SETEGID - -/* Define to 1 if you have the `setenv' function. */ -#undef HAVE_SETENV - -/* Define to 1 if you have the `seteuid' function. */ -#undef HAVE_SETEUID - -/* Define to 1 if you have the `setgroupent' function. */ -#undef HAVE_SETGROUPENT - -/* Define to 1 if you have the `setgroups' function. */ -#undef HAVE_SETGROUPS - -/* Define to 1 if you have the `setlinebuf' function. */ -#undef HAVE_SETLINEBUF - -/* Define to 1 if you have the `setlogin' function. */ -#undef HAVE_SETLOGIN - -/* Define to 1 if you have the `setluid' function. */ -#undef HAVE_SETLUID - -/* Define to 1 if you have the `setpassent' function. */ -#undef HAVE_SETPASSENT - -/* Define to 1 if you have the `setpcred' function. */ -#undef HAVE_SETPCRED - -/* Define to 1 if you have the `setproctitle' function. */ -#undef HAVE_SETPROCTITLE - -/* Define to 1 if you have the `setregid' function. */ -#undef HAVE_SETREGID - -/* Define to 1 if you have the `setresgid' function. */ -#undef HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -#undef HAVE_SETRESUID - -/* Define to 1 if you have the `setreuid' function. */ -#undef HAVE_SETREUID - -/* Define to 1 if you have the `setrlimit' function. */ -#undef HAVE_SETRLIMIT - -/* Define to 1 if you have the `setsid' function. */ -#undef HAVE_SETSID - -/* Define to 1 if you have the `setutent' function. */ -#undef HAVE_SETUTENT - -/* Define to 1 if you have the `setutxdb' function. */ -#undef HAVE_SETUTXDB - -/* Define to 1 if you have the `setutxent' function. */ -#undef HAVE_SETUTXENT - -/* Define to 1 if you have the `setvbuf' function. */ -#undef HAVE_SETVBUF - -/* Define to 1 if you have the `set_id' function. */ -#undef HAVE_SET_ID - -/* Define to 1 if you have the `SHA256_Update' function. */ -#undef HAVE_SHA256_UPDATE - -/* Define to 1 if you have the header file. */ -#undef HAVE_SHA2_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SHADOW_H - -/* Define to 1 if you have the `sigaction' function. */ -#undef HAVE_SIGACTION - -/* Define to 1 if you have the `sigvec' function. */ -#undef HAVE_SIGVEC - -/* Define to 1 if the system has the type `sig_atomic_t'. */ -#undef HAVE_SIG_ATOMIC_T - -/* define if you have size_t data type */ -#undef HAVE_SIZE_T - -/* Define to 1 if you have the `snprintf' function. */ -#undef HAVE_SNPRINTF - -/* Define to 1 if you have the `socketpair' function. */ -#undef HAVE_SOCKETPAIR - -/* Have PEERCRED socket option */ -#undef HAVE_SO_PEERCRED - -/* define if you have ssize_t data type */ -#undef HAVE_SSIZE_T - -/* Fields in struct sockaddr_storage */ -#undef HAVE_SS_FAMILY_IN_SS - -/* Define to 1 if you have the `statfs' function. */ -#undef HAVE_STATFS - -/* Define to 1 if you have the `statvfs' function. */ -#undef HAVE_STATVFS - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDDEF_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the `strdup' function. */ -#undef HAVE_STRDUP - -/* Define to 1 if you have the `strerror' function. */ -#undef HAVE_STRERROR - -/* Define to 1 if you have the `strftime' function. */ -#undef HAVE_STRFTIME - -/* Silly mkstemp() */ -#undef HAVE_STRICT_MKSTEMP - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the `strlcat' function. */ -#undef HAVE_STRLCAT - -/* Define to 1 if you have the `strlcpy' function. */ -#undef HAVE_STRLCPY - -/* Define to 1 if you have the `strmode' function. */ -#undef HAVE_STRMODE - -/* Define to 1 if you have the `strnlen' function. */ -#undef HAVE_STRNLEN - -/* Define to 1 if you have the `strnvis' function. */ -#undef HAVE_STRNVIS - -/* Define to 1 if you have the `strptime' function. */ -#undef HAVE_STRPTIME - -/* Define to 1 if you have the `strsep' function. */ -#undef HAVE_STRSEP - -/* Define to 1 if you have the `strtoll' function. */ -#undef HAVE_STRTOLL - -/* Define to 1 if you have the `strtonum' function. */ -#undef HAVE_STRTONUM - -/* Define to 1 if you have the `strtoul' function. */ -#undef HAVE_STRTOUL - -/* Define to 1 if you have the `strtoull' function. */ -#undef HAVE_STRTOULL - -/* define if you have struct addrinfo data type */ -#undef HAVE_STRUCT_ADDRINFO - -/* define if you have struct in6_addr data type */ -#undef HAVE_STRUCT_IN6_ADDR - -/* Define to 1 if `pw_change' is member of `struct passwd'. */ -#undef HAVE_STRUCT_PASSWD_PW_CHANGE - -/* Define to 1 if `pw_class' is member of `struct passwd'. */ -#undef HAVE_STRUCT_PASSWD_PW_CLASS - -/* Define to 1 if `pw_expire' is member of `struct passwd'. */ -#undef HAVE_STRUCT_PASSWD_PW_EXPIRE - -/* Define to 1 if `pw_gecos' is member of `struct passwd'. */ -#undef HAVE_STRUCT_PASSWD_PW_GECOS - -/* define if you have struct sockaddr_in6 data type */ -#undef HAVE_STRUCT_SOCKADDR_IN6 - -/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */ -#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID - -/* define if you have struct sockaddr_storage data type */ -#undef HAVE_STRUCT_SOCKADDR_STORAGE - -/* Define to 1 if `st_blksize' is member of `struct stat'. */ -#undef HAVE_STRUCT_STAT_ST_BLKSIZE - -/* Define to 1 if the system has the type `struct timespec'. */ -#undef HAVE_STRUCT_TIMESPEC - -/* define if you have struct timeval */ -#undef HAVE_STRUCT_TIMEVAL - -/* Define to 1 if you have the `swap32' function. */ -#undef HAVE_SWAP32 - -/* Define to 1 if you have the `sysconf' function. */ -#undef HAVE_SYSCONF - -/* Define if you have syslen in utmpx.h */ -#undef HAVE_SYSLEN_IN_UTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_AUDIT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_BITYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_BSDTTY_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_CAPABILITY_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_CDEFS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_DIR_H - -/* Define if your system defines sys_errlist[] */ -#undef HAVE_SYS_ERRLIST - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_MMAN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_MOUNT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_NDIR_H - -/* Define if your system defines sys_nerr */ -#undef HAVE_SYS_NERR - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_POLL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PRCTL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PSTAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PTMS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SELECT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STATVFS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STREAM_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STROPTS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STRTIO_H - -/* Force use of sys/syslog.h on Ultrix */ -#undef HAVE_SYS_SYSLOG_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SYSMACROS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TIMERS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TIME_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_UN_H - -/* Define to 1 if you have the `tcgetpgrp' function. */ -#undef HAVE_TCGETPGRP - -/* Define to 1 if you have the `tcsendbreak' function. */ -#undef HAVE_TCSENDBREAK - -/* Define to 1 if you have the `time' function. */ -#undef HAVE_TIME - -/* Define to 1 if you have the header file. */ -#undef HAVE_TIME_H - -/* Define if you have ut_time in utmp.h */ -#undef HAVE_TIME_IN_UTMP - -/* Define if you have ut_time in utmpx.h */ -#undef HAVE_TIME_IN_UTMPX - -/* Define to 1 if you have the `timingsafe_bcmp' function. */ -#undef HAVE_TIMINGSAFE_BCMP - -/* Define to 1 if you have the header file. */ -#undef HAVE_TMPDIR_H - -/* Define to 1 if you have the `truncate' function. */ -#undef HAVE_TRUNCATE - -/* Define to 1 if you have the header file. */ -#undef HAVE_TTYENT_H - -/* Define if you have ut_tv in utmp.h */ -#undef HAVE_TV_IN_UTMP - -/* Define if you have ut_tv in utmpx.h */ -#undef HAVE_TV_IN_UTMPX - -/* Define if you have ut_type in utmp.h */ -#undef HAVE_TYPE_IN_UTMP - -/* Define if you have ut_type in utmpx.h */ -#undef HAVE_TYPE_IN_UTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_UCRED_H - -/* Define to 1 if the system has the type `uintmax_t'. */ -#undef HAVE_UINTMAX_T - -/* define if you have uintxx_t data type */ -#undef HAVE_UINTXX_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_UNISTD_H - -/* Define to 1 if you have the `unsetenv' function. */ -#undef HAVE_UNSETENV - -/* Define to 1 if the system has the type `unsigned long long'. */ -#undef HAVE_UNSIGNED_LONG_LONG - -/* Define to 1 if you have the `updwtmp' function. */ -#undef HAVE_UPDWTMP - -/* Define to 1 if you have the `updwtmpx' function. */ -#undef HAVE_UPDWTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_USERSEC_H - -/* Define to 1 if you have the `user_from_uid' function. */ -#undef HAVE_USER_FROM_UID - -/* Define to 1 if you have the `usleep' function. */ -#undef HAVE_USLEEP - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTIL_H - -/* Define to 1 if you have the `utimes' function. */ -#undef HAVE_UTIMES - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTIME_H - -/* Define to 1 if you have the `utmpname' function. */ -#undef HAVE_UTMPNAME - -/* Define to 1 if you have the `utmpxname' function. */ -#undef HAVE_UTMPXNAME - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTMPX_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTMP_H - -/* define if you have u_char data type */ -#undef HAVE_U_CHAR - -/* define if you have u_int data type */ -#undef HAVE_U_INT - -/* define if you have u_int64_t data type */ -#undef HAVE_U_INT64_T - -/* define if you have u_intxx_t data type */ -#undef HAVE_U_INTXX_T - -/* Define to 1 if you have the `vasprintf' function. */ -#undef HAVE_VASPRINTF - -/* Define if va_copy exists */ -#undef HAVE_VA_COPY - -/* Define to 1 if you have the header file. */ -#undef HAVE_VIS_H - -/* Define to 1 if you have the `vsnprintf' function. */ -#undef HAVE_VSNPRINTF - -/* Define to 1 if you have the `waitpid' function. */ -#undef HAVE_WAITPID - -/* Define to 1 if you have the `_getlong' function. */ -#undef HAVE__GETLONG - -/* Define to 1 if you have the `_getpty' function. */ -#undef HAVE__GETPTY - -/* Define to 1 if you have the `_getshort' function. */ -#undef HAVE__GETSHORT - -/* Define if you have struct __res_state _res as an extern */ -#undef HAVE__RES_EXTERN - -/* Define to 1 if you have the `__b64_ntop' function. */ -#undef HAVE___B64_NTOP - -/* Define to 1 if you have the `__b64_pton' function. */ -#undef HAVE___B64_PTON - -/* Define if compiler implements __FUNCTION__ */ -#undef HAVE___FUNCTION__ - -/* Define if libc defines __progname */ -#undef HAVE___PROGNAME - -/* Fields in struct sockaddr_storage */ -#undef HAVE___SS_FAMILY_IN_SS - -/* Define if __va_copy exists */ -#undef HAVE___VA_COPY - -/* Define if compiler implements __func__ */ -#undef HAVE___func__ - -/* Define this if you are using the Heimdal version of Kerberos V5 */ -#undef HEIMDAL - -/* Define if you need to use IP address instead of hostname in $DISPLAY */ -#undef IPADDR_IN_DISPLAY - -/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ -#undef IPV4_IN_IPV6 - -/* Define if your system choked on IP TOS setting */ -#undef IP_TOS_IS_BROKEN - -/* Define if you want Kerberos 5 support */ -#undef KRB5 - -/* Define if pututxline updates lastlog too */ -#undef LASTLOG_WRITE_PUTUTXLINE - -/* Define to whatever link() returns for "not supported" if it doesn't return - EOPNOTSUPP. */ -#undef LINK_OPNOTSUPP_ERRNO - -/* Adjust Linux out-of-memory killer */ -#undef LINUX_OOM_ADJUST - -/* max value of long long calculated by configure */ -#undef LLONG_MAX - -/* min value of long long calculated by configure */ -#undef LLONG_MIN - -/* Account locked with pw(1) */ -#undef LOCKED_PASSWD_PREFIX - -/* String used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_STRING - -/* String used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_SUBSTR - -/* Some versions of /bin/login need the TERM supplied on the commandline */ -#undef LOGIN_NEEDS_TERM - -/* Some systems need a utmpx entry for /bin/login to work */ -#undef LOGIN_NEEDS_UTMPX - -/* Define if your login program cannot handle end of options ("--") */ -#undef LOGIN_NO_ENDOPT - -/* If your header files don't define LOGIN_PROGRAM, then use this (detected) - from environment and PATH */ -#undef LOGIN_PROGRAM_FALLBACK - -/* Set this to your mail directory if you do not have _PATH_MAILDIR */ -#undef MAIL_DIRECTORY - -/* Need setpgrp to acquire controlling tty */ -#undef NEED_SETPGRP - -/* compiler does not accept __attribute__ on return types */ -#undef NO_ATTRIBUTE_ON_RETURN_TYPE - -/* Define if the concept of ports only accessible to superusers isn't known */ -#undef NO_IPPORT_RESERVED_CONCEPT - -/* Define if you don't want to use lastlog in session.c */ -#undef NO_SSH_LASTLOG - -/* Define if X11 doesn't support AF_UNIX sockets on that system */ -#undef NO_X11_UNIX_SOCKETS - -/* Define if EVP_DigestUpdate returns void */ -#undef OPENSSL_EVP_DIGESTUPDATE_VOID - -/* OpenSSL has ECC */ -#undef OPENSSL_HAS_ECC - -/* libcrypto has NID_X9_62_prime256v1 */ -#undef OPENSSL_HAS_NISTP256 - -/* libcrypto has NID_secp384r1 */ -#undef OPENSSL_HAS_NISTP384 - -/* libcrypto has NID_secp521r1 */ -#undef OPENSSL_HAS_NISTP521 - -/* libcrypto has EVP AES CTR */ -#undef OPENSSL_HAVE_EVPCTR - -/* libcrypto has EVP AES GCM */ -#undef OPENSSL_HAVE_EVPGCM - -/* libcrypto is missing AES 192 and 256 bit functions */ -#undef OPENSSL_LOBOTOMISED_AES - -/* Define if you want the OpenSSL internally seeded PRNG only */ -#undef OPENSSL_PRNG_ONLY - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* Define if you are using Solaris-derived PAM which passes pam_messages to - the conversation function with an extra level of indirection */ -#undef PAM_SUN_CODEBASE - -/* Work around problematic Linux PAM modules handling of PAM_TTY */ -#undef PAM_TTY_KLUDGE - -/* must supply username to passwd */ -#undef PASSWD_NEEDS_USERNAME - -/* System dirs owned by bin (uid 2) */ -#undef PLATFORM_SYS_DIR_UID - -/* Port number of PRNGD/EGD random number socket */ -#undef PRNGD_PORT - -/* Location of PRNGD/EGD random number socket */ -#undef PRNGD_SOCKET - -/* read(1) can return 0 for a non-closed fd */ -#undef PTY_ZEROREAD - -/* Sandbox using capsicum */ -#undef SANDBOX_CAPSICUM - -/* Sandbox using Darwin sandbox_init(3) */ -#undef SANDBOX_DARWIN - -/* no privsep sandboxing */ -#undef SANDBOX_NULL - -/* Sandbox using setrlimit(2) */ -#undef SANDBOX_RLIMIT - -/* Sandbox using seccomp filter */ -#undef SANDBOX_SECCOMP_FILTER - -/* setrlimit RLIMIT_FSIZE works */ -#undef SANDBOX_SKIP_RLIMIT_FSIZE - -/* define if setrlimit RLIMIT_NOFILE breaks things */ -#undef SANDBOX_SKIP_RLIMIT_NOFILE - -/* Sandbox using systrace(4) */ -#undef SANDBOX_SYSTRACE - -/* Specify the system call convention in use */ -#undef SECCOMP_AUDIT_ARCH - -/* Define if your platform breaks doing a seteuid before a setuid */ -#undef SETEUID_BREAKS_SETUID - -/* The size of `int', as computed by sizeof. */ -#undef SIZEOF_INT - -/* The size of `long int', as computed by sizeof. */ -#undef SIZEOF_LONG_INT - -/* The size of `long long int', as computed by sizeof. */ -#undef SIZEOF_LONG_LONG_INT - -/* The size of `short int', as computed by sizeof. */ -#undef SIZEOF_SHORT_INT - -/* Define if you want S/Key support */ -#undef SKEY - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -#undef SKEYCHALLENGE_4ARG - -/* Define as const if snprintf() can declare const char *fmt */ -#undef SNPRINTF_CONST - -/* Define to a Set Process Title type if your system is supported by - bsd-setproctitle.c */ -#undef SPT_TYPE - -/* Define if sshd somehow reacquires a controlling TTY after setsid() */ -#undef SSHD_ACQUIRES_CTTY - -/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ -#undef SSHPAM_CHAUTHTOK_NEEDS_RUID - -/* Use audit debugging module */ -#undef SSH_AUDIT_EVENTS - -/* Windows is sensitive to read buffer size */ -#undef SSH_IOBUFSZ - -/* non-privileged user for privilege separation */ -#undef SSH_PRIVSEP_USER - -/* Use tunnel device compatibility to OpenBSD */ -#undef SSH_TUN_COMPAT_AF - -/* Open tunnel devices the FreeBSD way */ -#undef SSH_TUN_FREEBSD - -/* Open tunnel devices the Linux tun/tap way */ -#undef SSH_TUN_LINUX - -/* No layer 2 tunnel support */ -#undef SSH_TUN_NO_L2 - -/* Open tunnel devices the OpenBSD way */ -#undef SSH_TUN_OPENBSD - -/* Prepend the address family to IP tunnel traffic */ -#undef SSH_TUN_PREPEND_AF - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* Define if you want a different $PATH for the superuser */ -#undef SUPERUSER_PATH - -/* syslog_r function is safe to use in in a signal handler */ -#undef SYSLOG_R_SAFE_IN_SIGHAND - -/* Support passwords > 8 chars */ -#undef UNIXWARE_LONG_PASSWORDS - -/* Specify default $PATH */ -#undef USER_PATH - -/* Define this if you want to use libkafs' AFS support */ -#undef USE_AFS - -/* Use BSM audit module */ -#undef USE_BSM_AUDIT - -/* Use btmp to log bad logins */ -#undef USE_BTMP - -/* Use libedit for sftp */ -#undef USE_LIBEDIT - -/* Use Linux audit module */ -#undef USE_LINUX_AUDIT - -/* Enable OpenSSL engine support */ -#undef USE_OPENSSL_ENGINE - -/* Define if you want to enable PAM support */ -#undef USE_PAM - -/* Use PIPES instead of a socketpair() */ -#undef USE_PIPES - -/* Define if you have Solaris process contracts */ -#undef USE_SOLARIS_PROCESS_CONTRACTS - -/* Define if you have Solaris projects */ -#undef USE_SOLARIS_PROJECTS - -/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ -#undef WITH_ABBREV_NO_TTY - -/* Define if you want to enable AIX4's authenticate function */ -#undef WITH_AIXAUTHENTICATE - -/* Define if you have/want arrays (cluster-wide session managment, not C - arrays) */ -#undef WITH_IRIX_ARRAY - -/* Define if you want IRIX audit trails */ -#undef WITH_IRIX_AUDIT - -/* Define if you want IRIX kernel jobs */ -#undef WITH_IRIX_JOBS - -/* Define if you want IRIX project management */ -#undef WITH_IRIX_PROJECT - -/* use libcrypto for cryptography */ -#undef WITH_OPENSSL - -/* Define if you want SELinux support. */ -#undef WITH_SELINUX - -/* include SSH protocol version 1 support */ -#undef WITH_SSH1 - -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -#undef WORDS_BIGENDIAN - -/* Define if xauth is found in your path */ -#undef XAUTH_PATH - -/* Number of bits in a file offset, on hosts where this is settable. */ -#undef _FILE_OFFSET_BITS - -/* Define for large files, on AIX-style hosts. */ -#undef _LARGE_FILES - -/* log for bad login attempts */ -#undef _PATH_BTMP - -/* Full path of your "passwd" program */ -#undef _PATH_PASSWD_PROG - -/* Specify location of ssh.pid */ -#undef _PATH_SSH_PIDDIR - -/* Define if we don't have struct __res_state in resolv.h */ -#undef __res_state - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif - -/* type to use in place of socklen_t if not defined */ -#undef socklen_t diff --git a/configure b/configure deleted file mode 100644 index 0d7a5b9..0000000 --- a/configure +++ /dev/null @@ -1,36863 +0,0 @@ -#! /bin/sh -# From configure.ac Revision: 1.583 . -# Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for OpenSSH Portable. -# -# Report bugs to . -# -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -# This configure script is free software; the Free Software Foundation -# gives unlimited permission to copy, distribute and modify it. -## --------------------- ## -## M4sh Initialization. ## -## --------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - - - -# PATH needs CR -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh -fi - -# Support unset when possible. -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - as_unset=unset -else - as_unset=false -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -as_nl=' -' -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -case $0 in - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - { (exit 1); exit 1; } -fi - -# Work around bugs in pre-3.0 UWIN ksh. -for as_var in ENV MAIL MAILPATH -do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -for as_var in \ - LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ - LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ - LC_TELEPHONE LC_TIME -do - if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then - eval $as_var=C; export $as_var - else - ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - fi -done - -# Required to use basename. -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - - -# Name of the executable. -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# CDPATH. -$as_unset CDPATH - - -if test "x$CONFIG_SHELL" = x; then - if (eval ":") 2>/dev/null; then - as_have_required=yes -else - as_have_required=no -fi - - if test $as_have_required = yes && (eval ": -(as_func_return () { - (exit \$1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = \"\$1\" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test \$exitcode = 0) || { (exit 1); exit 1; } - -( - as_lineno_1=\$LINENO - as_lineno_2=\$LINENO - test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" && - test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; } -") 2> /dev/null; then - : -else - as_candidate_shells= - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - case $as_dir in - /*) - for as_base in sh bash ksh sh5; do - as_candidate_shells="$as_candidate_shells $as_dir/$as_base" - done;; - esac -done -IFS=$as_save_IFS - - - for as_shell in $as_candidate_shells $SHELL; do - # Try only shells that exist, to save several forks. - if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { ("$as_shell") 2> /dev/null <<\_ASEOF -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - -: -_ASEOF -}; then - CONFIG_SHELL=$as_shell - as_have_required=yes - if { "$as_shell" 2> /dev/null <<\_ASEOF -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - -: -(as_func_return () { - (exit $1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = "$1" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test $exitcode = 0) || { (exit 1); exit 1; } - -( - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; } - -_ASEOF -}; then - break -fi - -fi - - done - - if test "x$CONFIG_SHELL" != x; then - for as_var in BASH_ENV ENV - do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - done - export CONFIG_SHELL - exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} -fi - - - if test $as_have_required = no; then - echo This script requires a shell more modern than all the - echo shells that I found on your system. Please install a - echo modern shell, or manually run the script under such a - echo shell if you do have one. - { (exit 1); exit 1; } -fi - - -fi - -fi - - - -(eval "as_func_return () { - (exit \$1) -} -as_func_success () { - as_func_return 0 -} -as_func_failure () { - as_func_return 1 -} -as_func_ret_success () { - return 0 -} -as_func_ret_failure () { - return 1 -} - -exitcode=0 -if as_func_success; then - : -else - exitcode=1 - echo as_func_success failed. -fi - -if as_func_failure; then - exitcode=1 - echo as_func_failure succeeded. -fi - -if as_func_ret_success; then - : -else - exitcode=1 - echo as_func_ret_success failed. -fi - -if as_func_ret_failure; then - exitcode=1 - echo as_func_ret_failure succeeded. -fi - -if ( set x; as_func_ret_success y && test x = \"\$1\" ); then - : -else - exitcode=1 - echo positional parameters were not saved. -fi - -test \$exitcode = 0") || { - echo No shell found that supports shell functions. - echo Please tell autoconf@gnu.org about your system, - echo including any error possibly output before this - echo message -} - - - - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { - - # Create $as_me.lineno as a copy of $as_myself, but with $LINENO - # uniformly replaced by the line number. The first 'sed' inserts a - # line-number line after each line using $LINENO; the second 'sed' - # does the real work. The second script uses 'N' to pair each - # line-number line with the line containing $LINENO, and appends - # trailing '-' during substitution so that $LINENO is not a special - # case at line end. - # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the - # scripts with optimization help from Paolo Bonzini. Blame Lee - # E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 - { (exit 1); exit 1; }; } - - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in --n*) - case `echo 'x\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - *) ECHO_C='\c';; - esac;; -*) - ECHO_N='-n';; -esac - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir -fi -echo >conf$$.file -if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -p' -elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln -else - as_ln_s='cp -p' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - -if mkdir -p . 2>/dev/null; then - as_mkdir_p=: -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - -if test -x / >/dev/null 2>&1; then - as_test_x='test -x' -else - if ls -dL / >/dev/null 2>&1; then - as_ls_L_option=L - else - as_ls_L_option= - fi - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then - test -d "$1/."; - else - case $1 in - -*)set "./$1";; - esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -fi -as_executable_p=$as_test_x - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - - -exec 7<&0 &1 - -# Name of the host. -# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, -# so uname gets run too. -ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` - -# -# Initializations. -# -ac_default_prefix=/usr/local -ac_clean_files= -ac_config_libobj_dir=. -LIBOBJS= -cross_compiling=no -subdirs= -MFLAGS= -MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} - -# Identity of this package. -PACKAGE_NAME='OpenSSH' -PACKAGE_TARNAME='openssh' -PACKAGE_VERSION='Portable' -PACKAGE_STRING='OpenSSH Portable' -PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org' - -ac_unique_file="ssh.c" -# Factoring default headers for most tests. -ac_includes_default="\ -#include -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef STDC_HEADERS -# include -# include -#else -# ifdef HAVE_STDLIB_H -# include -# endif -#endif -#ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include -# endif -# include -#endif -#ifdef HAVE_STRINGS_H -# include -#endif -#ifdef HAVE_INTTYPES_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#ifdef HAVE_UNISTD_H -# include -#endif" - -ac_subst_vars='SHELL -PATH_SEPARATOR -PACKAGE_NAME -PACKAGE_TARNAME -PACKAGE_VERSION -PACKAGE_STRING -PACKAGE_BUGREPORT -exec_prefix -prefix -program_transform_name -bindir -sbindir -libexecdir -datarootdir -datadir -sysconfdir -sharedstatedir -localstatedir -includedir -oldincludedir -docdir -infodir -htmldir -dvidir -pdfdir -psdir -libdir -localedir -mandir -DEFS -ECHO_C -ECHO_N -ECHO_T -LIBS -build_alias -host_alias -target_alias -CC -CFLAGS -LDFLAGS -CPPFLAGS -ac_ct_CC -EXEEXT -OBJEXT -build -build_cpu -build_vendor -build_os -host -host_cpu -host_vendor -host_os -CPP -GREP -EGREP -AWK -RANLIB -INSTALL_PROGRAM -INSTALL_SCRIPT -INSTALL_DATA -AR -ac_ct_AR -CAT -KILL -PERL -SED -ENT -TEST_MINUS_S_SH -SH -GROFF -NROFF -MANDOC -TEST_SHELL -MANFMT -PATH_GROUPADD_PROG -PATH_USERADD_PROG -MAKE_PACKAGE_SUPPORTED -STARTUP_SCRIPT_SHELL -LOGIN_PROGRAM_FALLBACK -PATH_PASSWD_PROG -LD -PKGCONFIG -LIBEDIT -TEST_SSH_ECC -COMMENT_OUT_ECC -SSH_PRIVSEP_USER -SSHLIBS -SSHDLIBS -KRB5CONF -GSSLIBS -K5LIBS -PRIVSEP_PATH -xauth_path -STRIP_OPT -XAUTH_PATH -MANTYPE -mansubdir -user_path -piddir -TEST_SSH_IPV6 -TEST_MALLOC_OPTIONS -UNSUPPORTED_ALGORITHMS -LIBOBJS -LTLIBOBJS' -ac_subst_files='' - ac_precious_vars='build_alias -host_alias -target_alias -CC -CFLAGS -LDFLAGS -LIBS -CPPFLAGS -CPP' - - -# Initialize some variables set by options. -ac_init_help= -ac_init_version=false -# The variables have the same names as the options, with -# dashes changed to underlines. -cache_file=/dev/null -exec_prefix=NONE -no_create= -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -verbose= -x_includes=NONE -x_libraries=NONE - -# Installation directory options. -# These are left unexpanded so users can "make install exec_prefix=/foo" -# and all the variables that are supposed to be based on exec_prefix -# by default will actually change. -# Use braces instead of parens because sh, perl, etc. also accept them. -# (The list follows the same order as the GNU Coding Standards.) -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datarootdir='${prefix}/share' -datadir='${datarootdir}' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -includedir='${prefix}/include' -oldincludedir='/usr/include' -docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' -infodir='${datarootdir}/info' -htmldir='${docdir}' -dvidir='${docdir}' -pdfdir='${docdir}' -psdir='${docdir}' -libdir='${exec_prefix}/lib' -localedir='${datarootdir}/locale' -mandir='${datarootdir}/man' - -ac_prev= -ac_dashdash= -for ac_option -do - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval $ac_prev=\$ac_option - ac_prev= - continue - fi - - case $ac_option in - *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *) ac_optarg=yes ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case $ac_dashdash$ac_option in - --) - ac_dashdash=yes ;; - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir=$ac_optarg ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build_alias ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build_alias=$ac_optarg ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file=$ac_optarg ;; - - --config-cache | -C) - cache_file=config.cache ;; - - -datadir | --datadir | --datadi | --datad) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=*) - datadir=$ac_optarg ;; - - -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ - | --dataroo | --dataro | --datar) - ac_prev=datarootdir ;; - -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ - | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) - datarootdir=$ac_optarg ;; - - -disable-* | --disable-*) - ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid feature name: $ac_feature" >&2 - { (exit 1); exit 1; }; } - ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` - eval enable_$ac_feature=no ;; - - -docdir | --docdir | --docdi | --doc | --do) - ac_prev=docdir ;; - -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) - docdir=$ac_optarg ;; - - -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) - ac_prev=dvidir ;; - -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) - dvidir=$ac_optarg ;; - - -enable-* | --enable-*) - ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid feature name: $ac_feature" >&2 - { (exit 1); exit 1; }; } - ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'` - eval enable_$ac_feature=\$ac_optarg ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix=$ac_optarg ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he | -h) - ac_init_help=long ;; - -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) - ac_init_help=recursive ;; - -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) - ac_init_help=short ;; - - -host | --host | --hos | --ho) - ac_prev=host_alias ;; - -host=* | --host=* | --hos=* | --ho=*) - host_alias=$ac_optarg ;; - - -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) - ac_prev=htmldir ;; - -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ - | --ht=*) - htmldir=$ac_optarg ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir=$ac_optarg ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir=$ac_optarg ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir=$ac_optarg ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir=$ac_optarg ;; - - -localedir | --localedir | --localedi | --localed | --locale) - ac_prev=localedir ;; - -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) - localedir=$ac_optarg ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst | --locals) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) - localstatedir=$ac_optarg ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir=$ac_optarg ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c | -n) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir=$ac_optarg ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix=$ac_optarg ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix=$ac_optarg ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix=$ac_optarg ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name=$ac_optarg ;; - - -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) - ac_prev=pdfdir ;; - -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) - pdfdir=$ac_optarg ;; - - -psdir | --psdir | --psdi | --psd | --ps) - ac_prev=psdir ;; - -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) - psdir=$ac_optarg ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir=$ac_optarg ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir=$ac_optarg ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site=$ac_optarg ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir=$ac_optarg ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir=$ac_optarg ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target_alias ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target_alias=$ac_optarg ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers | -V) - ac_init_version=: ;; - - -with-* | --with-*) - ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid package name: $ac_package" >&2 - { (exit 1); exit 1; }; } - ac_package=`echo $ac_package | sed 's/[-.]/_/g'` - eval with_$ac_package=\$ac_optarg ;; - - -without-* | --without-*) - ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid package name: $ac_package" >&2 - { (exit 1); exit 1; }; } - ac_package=`echo $ac_package | sed 's/[-.]/_/g'` - eval with_$ac_package=no ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes=$ac_optarg ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries=$ac_optarg ;; - - -*) { echo "$as_me: error: unrecognized option: $ac_option -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; } - ;; - - *=*) - ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` - # Reject names that are not valid shell variable names. - expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && - { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 - { (exit 1); exit 1; }; } - eval $ac_envvar=\$ac_optarg - export $ac_envvar ;; - - *) - # FIXME: should be removed in autoconf 3.0. - echo "$as_me: WARNING: you should use --build, --host, --target" >&2 - expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - echo "$as_me: WARNING: invalid host type: $ac_option" >&2 - : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} - ;; - - esac -done - -if test -n "$ac_prev"; then - ac_option=--`echo $ac_prev | sed 's/_/-/g'` - { echo "$as_me: error: missing argument to $ac_option" >&2 - { (exit 1); exit 1; }; } -fi - -# Be sure to have absolute directory names. -for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir -do - eval ac_val=\$$ac_var - case $ac_val in - [\\/$]* | ?:[\\/]* ) continue;; - NONE | '' ) case $ac_var in *prefix ) continue;; esac;; - esac - { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 - { (exit 1); exit 1; }; } -done - -# There might be people who depend on the old broken behavior: `$host' -# used to hold the argument of --host etc. -# FIXME: To remove some day. -build=$build_alias -host=$host_alias -target=$target_alias - -# FIXME: To remove some day. -if test "x$host_alias" != x; then - if test "x$build_alias" = x; then - cross_compiling=maybe - echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. - If a cross compiler is detected then cross compile mode will be used." >&2 - elif test "x$build_alias" != "x$host_alias"; then - cross_compiling=yes - fi -fi - -ac_tool_prefix= -test -n "$host_alias" && ac_tool_prefix=$host_alias- - -test "$silent" = yes && exec 6>/dev/null - - -ac_pwd=`pwd` && test -n "$ac_pwd" && -ac_ls_di=`ls -di .` && -ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - { echo "$as_me: error: Working directory cannot be determined" >&2 - { (exit 1); exit 1; }; } -test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - { echo "$as_me: error: pwd does not report name of working directory" >&2 - { (exit 1); exit 1; }; } - - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then the parent directory. - ac_confdir=`$as_dirname -- "$0" || -$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$0" : 'X\(//\)[^/]' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -echo X"$0" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - srcdir=$ac_confdir - if test ! -r "$srcdir/$ac_unique_file"; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r "$srcdir/$ac_unique_file"; then - test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 - { (exit 1); exit 1; }; } -fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" -ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2 - { (exit 1); exit 1; }; } - pwd)` -# When building in place, set srcdir=. -if test "$ac_abs_confdir" = "$ac_pwd"; then - srcdir=. -fi -# Remove unnecessary trailing slashes from srcdir. -# Double slashes in file names in object file debugging info -# mess up M-x gdb in Emacs. -case $srcdir in -*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; -esac -for ac_var in $ac_precious_vars; do - eval ac_env_${ac_var}_set=\${${ac_var}+set} - eval ac_env_${ac_var}_value=\$${ac_var} - eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} - eval ac_cv_env_${ac_var}_value=\$${ac_var} -done - -# -# Report the --help message. -# -if test "$ac_init_help" = "long"; then - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF -\`configure' configures OpenSSH Portable to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - -To assign environment variables (e.g., CC, CFLAGS...), specify them as -VAR=VALUE. See below for descriptions of some of the useful variables. - -Defaults for the options are specified in brackets. - -Configuration: - -h, --help display this help and exit - --help=short display options specific to this package - --help=recursive display the short help of all the included packages - -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking...' messages - --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' - -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] - -Installation directories: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [PREFIX] - -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. - -For better control, use the options below. - -Fine tuning of the installation directories: - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] - --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] - --datadir=DIR read-only architecture-independent data [DATAROOTDIR] - --infodir=DIR info documentation [DATAROOTDIR/info] - --localedir=DIR locale-dependent data [DATAROOTDIR/locale] - --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root [DATAROOTDIR/doc/openssh] - --htmldir=DIR html documentation [DOCDIR] - --dvidir=DIR dvi documentation [DOCDIR] - --pdfdir=DIR pdf documentation [DOCDIR] - --psdir=DIR ps documentation [DOCDIR] -_ACEOF - - cat <<\_ACEOF - -System types: - --build=BUILD configure for building on BUILD [guessed] - --host=HOST cross-compile to build programs to run on HOST [BUILD] -_ACEOF -fi - -if test -n "$ac_init_help"; then - case $ac_init_help in - short | recursive ) echo "Configuration of OpenSSH Portable:";; - esac - cat <<\_ACEOF - -Optional Features: - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --disable-largefile omit support for large files - --disable-strip Disable calling strip(1) on install - --disable-etc-default-login Disable using PATH from /etc/default/login no - --disable-lastlog disable use of lastlog even if detected no - --disable-utmp disable use of utmp even if detected no - --disable-utmpx disable use of utmpx even if detected no - --disable-wtmp disable use of wtmp even if detected no - --disable-wtmpx disable use of wtmpx even if detected no - --disable-libutil disable use of libutil (login() etc.) no - --disable-pututline disable use of pututline() etc. (uwtmp) no - --disable-pututxline disable use of pututxline() etc. (uwtmpx) no - -Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** - --without-ssh1 Enable support for SSH protocol 1 - --without-stackprotect Don't use compiler's stack protection - --without-hardening Don't use toolchain hardening flags - --without-rpath Disable auto-added -R linker paths - --with-cflags Specify additional flags to pass to compiler - --with-cppflags Specify additional flags to pass to preprocessor - --with-ldflags Specify additional flags to pass to linker - --with-libs Specify additional libraries to link with - --with-Werror Build main code with -Werror - --with-solaris-contracts Enable Solaris process contracts (experimental) - --with-solaris-projects Enable Solaris projects (experimental) - --with-osfsia Enable Digital Unix SIA - --with-zlib=PATH Use zlib in PATH - --without-zlib-version-check Disable zlib version check - --with-skey[=PATH] Enable S/Key support (optionally in PATH) - --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) - --with-libedit[=PATH] Enable libedit support for sftp - --with-audit=module Enable audit support (modules=debug,bsm,linux) - --with-pie Build Position Independent Executables if possible - --with-ssl-dir=PATH Specify path to OpenSSL installation - --without-openssl-header-check Disable OpenSSL version consistency check - --with-ssl-engine Enable OpenSSL (hardware) ENGINE support - --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT - --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) - --with-pam Enable PAM support - --with-privsep-user=user Specify non-privileged user for privilege separation - --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum) - --with-selinux Enable SELinux support - --with-kerberos5=PATH Enable Kerberos 5 support - --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) - --with-xauth=PATH Specify path to xauth program - --with-maildir=/path/to/mail Specify your system mail directory - --with-mantype=man|cat|doc Set man page type - --with-md5-passwords Enable use of MD5 passwords - --without-shadow Disable shadow password support - --with-ipaddr-display Use ip address instead of hostname in $DISPLAY - --with-default-path= Specify default $PATH environment for server - --with-superuser-path= Specify different path for super-user - --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses - --with-bsd-auth Enable BSD auth support - --with-pid-dir=PATH Specify location of ssh.pid file - --with-lastlog=FILE|DIR specify lastlog location common locations - -Some influential environment variables: - CC C compiler command - CFLAGS C compiler flags - LDFLAGS linker flags, e.g. -L if you have libraries in a - nonstandard directory - LIBS libraries to pass to the linker, e.g. -l - CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I if - you have headers in a nonstandard directory - CPP C preprocessor - -Use these variables to override the choices made by `configure' or to help -it to find libraries and programs with nonstandard names/locations. - -Report bugs to . -_ACEOF -ac_status=$? -fi - -if test "$ac_init_help" = "recursive"; then - # If there are subdirs, report their specific --help. - for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue - test -d "$ac_dir" || continue - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. - if test -f "$ac_srcdir/configure.gnu"; then - echo && - $SHELL "$ac_srcdir/configure.gnu" --help=recursive - elif test -f "$ac_srcdir/configure"; then - echo && - $SHELL "$ac_srcdir/configure" --help=recursive - else - echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 - fi || ac_status=$? - cd "$ac_pwd" || { ac_status=$?; break; } - done -fi - -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF -OpenSSH configure Portable -generated by GNU Autoconf 2.61 - -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, -2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. -This configure script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it. -_ACEOF - exit -fi -cat >config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - -It was created by OpenSSH $as_me Portable, which was -generated by GNU Autoconf 2.61. Invocation command line was - - $ $0 $@ - -_ACEOF -exec 5>>config.log -{ -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - -hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` - -/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` -/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` -/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` -/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` - -_ASUNAME - -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - echo "PATH: $as_dir" -done -IFS=$as_save_IFS - -} >&5 - -cat >&5 <<_ACEOF - - -## ----------- ## -## Core tests. ## -## ----------- ## - -_ACEOF - - -# Keep a trace of the command line. -# Strip out --no-create and --no-recursion so they do not pile up. -# Strip out --silent because we don't want to record it for future runs. -# Also quote any args containing shell meta-characters. -# Make two passes to allow for proper duplicate-argument suppression. -ac_configure_args= -ac_configure_args0= -ac_configure_args1= -ac_must_keep_next=false -for ac_pass in 1 2 -do - for ac_arg - do - case $ac_arg in - -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - continue ;; - *\'*) - ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - case $ac_pass in - 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; - 2) - ac_configure_args1="$ac_configure_args1 '$ac_arg'" - if test $ac_must_keep_next = true; then - ac_must_keep_next=false # Got value, back to normal. - else - case $ac_arg in - *=* | --config-cache | -C | -disable-* | --disable-* \ - | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ - | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ - | -with-* | --with-* | -without-* | --without-* | --x) - case "$ac_configure_args0 " in - "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; - esac - ;; - -* ) ac_must_keep_next=true ;; - esac - fi - ac_configure_args="$ac_configure_args '$ac_arg'" - ;; - esac - done -done -$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } -$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } - -# When interrupted or exit'd, cleanup temporary files, and complete -# config.log. We remove comments because anyway the quotes in there -# would cause problems or look ugly. -# WARNING: Use '\'' to represent an apostrophe within the trap. -# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. -trap 'exit_status=$? - # Save into config.log some information that might help in debugging. - { - echo - - cat <<\_ASBOX -## ---------------- ## -## Cache variables. ## -## ---------------- ## -_ASBOX - echo - # The following way of writing the cache mishandles newlines in values, -( - for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 -echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - *) $as_unset $ac_var ;; - esac ;; - esac - done - (set) 2>&1 | - case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - sed -n \ - "s/'\''/'\''\\\\'\'''\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" - ;; #( - *) - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) - echo - - cat <<\_ASBOX -## ----------------- ## -## Output variables. ## -## ----------------- ## -_ASBOX - echo - for ac_var in $ac_subst_vars - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - echo "$ac_var='\''$ac_val'\''" - done | sort - echo - - if test -n "$ac_subst_files"; then - cat <<\_ASBOX -## ------------------- ## -## File substitutions. ## -## ------------------- ## -_ASBOX - echo - for ac_var in $ac_subst_files - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - echo "$ac_var='\''$ac_val'\''" - done | sort - echo - fi - - if test -s confdefs.h; then - cat <<\_ASBOX -## ----------- ## -## confdefs.h. ## -## ----------- ## -_ASBOX - echo - cat confdefs.h - echo - fi - test "$ac_signal" != 0 && - echo "$as_me: caught signal $ac_signal" - echo "$as_me: exit $exit_status" - } >&5 - rm -f core *.core core.conftest.* && - rm -f -r conftest* confdefs* conf$$* $ac_clean_files && - exit $exit_status -' 0 -for ac_signal in 1 2 13 15; do - trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal -done -ac_signal=0 - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -f -r conftest* confdefs.h - -# Predefined preprocessor variables. - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF - - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF - - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF - - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF - - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF - - -# Let the site file select an alternate cache file if it wants to. -# Prefer explicitly selected file to automatically selected ones. -if test -n "$CONFIG_SITE"; then - set x "$CONFIG_SITE" -elif test "x$prefix" != xNONE; then - set x "$prefix/share/config.site" "$prefix/etc/config.site" -else - set x "$ac_default_prefix/share/config.site" \ - "$ac_default_prefix/etc/config.site" -fi -shift -for ac_site_file -do - if test -r "$ac_site_file"; then - { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 -echo "$as_me: loading site script $ac_site_file" >&6;} - sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" - fi -done - -if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special - # files actually), so we avoid doing that. - if test -f "$cache_file"; then - { echo "$as_me:$LINENO: loading cache $cache_file" >&5 -echo "$as_me: loading cache $cache_file" >&6;} - case $cache_file in - [\\/]* | ?:[\\/]* ) . "$cache_file";; - *) . "./$cache_file";; - esac - fi -else - { echo "$as_me:$LINENO: creating cache $cache_file" >&5 -echo "$as_me: creating cache $cache_file" >&6;} - >$cache_file -fi - -# Check that the precious variables saved in the cache have kept the same -# value. -ac_cache_corrupted=false -for ac_var in $ac_precious_vars; do - eval ac_old_set=\$ac_cv_env_${ac_var}_set - eval ac_new_set=\$ac_env_${ac_var}_set - eval ac_old_val=\$ac_cv_env_${ac_var}_value - eval ac_new_val=\$ac_env_${ac_var}_value - case $ac_old_set,$ac_new_set in - set,) - { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,set) - { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 -echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,);; - *) - if test "x$ac_old_val" != "x$ac_new_val"; then - { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 -echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} - { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 -echo "$as_me: former value: $ac_old_val" >&2;} - { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 -echo "$as_me: current value: $ac_new_val" >&2;} - ac_cache_corrupted=: - fi;; - esac - # Pass precious variables to config.status. - if test "$ac_new_set" = set; then - case $ac_new_val in - *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; - *) ac_arg=$ac_var=$ac_new_val ;; - esac - case " $ac_configure_args " in - *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. - *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; - esac - fi -done -if $ac_cache_corrupted; then - { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 -echo "$as_me: error: changes in the environment can compromise the build" >&2;} - { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 -echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} - { (exit 1); exit 1; }; } -fi - - - - - - - - - - - - - - - - - - - - - - - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -ac_config_headers="$ac_config_headers config.h" - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CC="gcc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 -echo "${ECHO_T}$ac_ct_CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { echo "$as_me:$LINENO: result: $CC" >&5 -echo "${ECHO_T}$CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_CC="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 -echo "${ECHO_T}$ac_ct_CC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi - -fi - - -test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH -See \`config.log' for more details." >&5 -echo "$as_me: error: no acceptable C compiler found in \$PATH -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } - -# Provide some information about the compiler. -echo "$as_me:$LINENO: checking for C compiler version" >&5 -ac_compiler=`set X $ac_compile; echo $2` -{ (ac_try="$ac_compiler --version >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler --version >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -v >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -v >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } -{ (ac_try="$ac_compiler -V >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compiler -V >&5") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } - -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.exe b.out" -# Try to create an executable without -o first, disregard a.out. -# It will help us diagnose broken compilers, and finding out an intuition -# of exeext. -{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 -echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; } -ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` -# -# List of possible output files, starting from the most likely. -# The algorithm is not robust to junk in `.', hence go to wildcards (a.*) -# only as a last resort. b.out is created by i960 compilers. -ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out' -# -# The IRIX 6 linker writes into existing files which may not be -# executable, retaining their permissions. Remove them first so a -# subsequent execution test works. -ac_rmfiles= -for ac_file in $ac_files -do - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac -done -rm -f $ac_rmfiles - -if { (ac_try="$ac_link_default" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' -# in a Makefile. We should not override ac_cv_exeext if it was cached, -# so that the user can short-circuit this test for compilers unknown to -# Autoconf. -for ac_file in $ac_files '' -do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - fi - # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' - # argument, so we may need to know it at that point already. - # Even if this section looks crufty: it has the advantage of - # actually working. - break;; - * ) - break;; - esac -done -test "$ac_cv_exeext" = no && ac_cv_exeext= - -else - ac_file='' -fi - -{ echo "$as_me:$LINENO: result: $ac_file" >&5 -echo "${ECHO_T}$ac_file" >&6; } -if test -z "$ac_file"; then - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { echo "$as_me:$LINENO: error: C compiler cannot create executables -See \`config.log' for more details." >&5 -echo "$as_me: error: C compiler cannot create executables -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } -fi - -ac_exeext=$ac_cv_exeext - -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5 -echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; } -# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 -# If not cross compiling, check that we can run a simple program. -if test "$cross_compiling" != yes; then - if { ac_try='./$ac_file' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { echo "$as_me:$LINENO: error: cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } - fi - fi -fi -{ echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -rm -f a.out a.exe conftest$ac_cv_exeext b.out -ac_clean_files=$ac_clean_files_save -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 -echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; } -{ echo "$as_me:$LINENO: result: $cross_compiling" >&5 -echo "${ECHO_T}$cross_compiling" >&6; } - -{ echo "$as_me:$LINENO: checking for suffix of executables" >&5 -echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; } -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. -for ac_file in conftest.exe conftest conftest.*; do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;; - *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - break;; - * ) break;; - esac -done -else - { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } -fi - -rm -f conftest$ac_cv_exeext -{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 -echo "${ECHO_T}$ac_cv_exeext" >&6; } - -rm -f conftest.$ac_ext -EXEEXT=$ac_cv_exeext -ac_exeext=$EXEEXT -{ echo "$as_me:$LINENO: checking for suffix of object files" >&5 -echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; } -if test "${ac_cv_objext+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.o conftest.obj -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; then - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac -done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute suffix of object files: cannot compile -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } -fi - -rm -f conftest.$ac_cv_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 -echo "${ECHO_T}$ac_cv_objext" >&6; } -OBJEXT=$ac_cv_objext -ac_objext=$OBJEXT -{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 -echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; } -if test "${ac_cv_c_compiler_gnu+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_compiler_gnu=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_compiler_gnu=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 -echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; } -GCC=`test $ac_compiler_gnu = yes && echo yes` -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 -echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; } -if test "${ac_cv_prog_cc_g+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_cc_g=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - CFLAGS="" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_cc_g=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 -echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5 -echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; } -if test "${ac_cv_prog_cc_c89+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -#include -#include -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_prog_cc_c89=$ac_arg -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { echo "$as_me:$LINENO: result: none needed" >&5 -echo "${ECHO_T}none needed" >&6; } ;; - xno) - { echo "$as_me:$LINENO: result: unsupported" >&5 -echo "${ECHO_T}unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5 -echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;; -esac - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5 -echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;} - { (exit 1); exit 1; }; } -fi - -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. - - -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5 -echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;} - { (exit 1); exit 1; }; } - -{ echo "$as_me:$LINENO: checking build system type" >&5 -echo $ECHO_N "checking build system type... $ECHO_C" >&6; } -if test "${ac_cv_build+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_build_alias=$build_alias -test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` -test "x$ac_build_alias" = x && - { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 -echo "$as_me: error: cannot guess build type; you must specify one" >&2;} - { (exit 1); exit 1; }; } -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5 -echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;} - { (exit 1); exit 1; }; } - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5 -echo "${ECHO_T}$ac_cv_build" >&6; } -case $ac_cv_build in -*-*-*) ;; -*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5 -echo "$as_me: error: invalid value of canonical build" >&2;} - { (exit 1); exit 1; }; };; -esac -build=$ac_cv_build -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_build -shift -build_cpu=$1 -build_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -build_os=$* -IFS=$ac_save_IFS -case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac - - -{ echo "$as_me:$LINENO: checking host system type" >&5 -echo $ECHO_N "checking host system type... $ECHO_C" >&6; } -if test "${ac_cv_host+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "x$host_alias" = x; then - ac_cv_host=$ac_cv_build -else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5 -echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;} - { (exit 1); exit 1; }; } -fi - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5 -echo "${ECHO_T}$ac_cv_host" >&6; } -case $ac_cv_host in -*-*-*) ;; -*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5 -echo "$as_me: error: invalid value of canonical host" >&2;} - { (exit 1); exit 1; }; };; -esac -host=$ac_cv_host -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_host -shift -host_cpu=$1 -host_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -host_os=$* -IFS=$ac_save_IFS -case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 -echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if test "${ac_cv_prog_CPP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Broken: fails on valid input. -continue -fi - -rm -f conftest.err conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - # Broken: success on invalid input. -continue -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Passes both tests. -ac_preproc_ok=: -break -fi - -rm -f conftest.err conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ echo "$as_me:$LINENO: result: $CPP" >&5 -echo "${ECHO_T}$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Broken: fails on valid input. -continue -fi - -rm -f conftest.err conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - # Broken: success on invalid input. -continue -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Passes both tests. -ac_preproc_ok=: -break -fi - -rm -f conftest.err conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - : -else - { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&5 -echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5 -echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; } -if test "${ac_cv_path_GREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Extract the first word of "grep ggrep" to use in msg output -if test -z "$GREP"; then -set dummy grep ggrep; ac_prog_name=$2 -if test "${ac_cv_path_GREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_path_GREP_found=false -# Loop through the user's path and test for each of PROGNAME-LIST -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue - # Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - - $ac_path_GREP_found && break 3 - done -done - -done -IFS=$as_save_IFS - - -fi - -GREP="$ac_cv_path_GREP" -if test -z "$GREP"; then - { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } -fi - -else - ac_cv_path_GREP=$GREP -fi - - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5 -echo "${ECHO_T}$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ echo "$as_me:$LINENO: checking for egrep" >&5 -echo $ECHO_N "checking for egrep... $ECHO_C" >&6; } -if test "${ac_cv_path_EGREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - # Extract the first word of "egrep" to use in msg output -if test -z "$EGREP"; then -set dummy egrep; ac_prog_name=$2 -if test "${ac_cv_path_EGREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_path_EGREP_found=false -# Loop through the user's path and test for each of PROGNAME-LIST -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue - # Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - - $ac_path_EGREP_found && break 3 - done -done - -done -IFS=$as_save_IFS - - -fi - -EGREP="$ac_cv_path_EGREP" -if test -z "$EGREP"; then - { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } -fi - -else - ac_cv_path_EGREP=$EGREP -fi - - - fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 -echo "${ECHO_T}$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - -{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5 -echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; } -if test "${ac_cv_header_stdc+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -#include -#include - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_header_stdc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_header_stdc=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then - : -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then - : -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then - : -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - : -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 -echo "${ECHO_T}$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -cat >>confdefs.h <<\_ACEOF -#define STDC_HEADERS 1 -_ACEOF - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. - - - - - - - - - -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 -echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; } -if test "${ac_cv_c_bigendian+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # See if sys/param.h defines the BYTE_ORDER macro. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include - -int -main () -{ -#if ! (defined BYTE_ORDER && defined BIG_ENDIAN && defined LITTLE_ENDIAN \ - && BYTE_ORDER && BIG_ENDIAN && LITTLE_ENDIAN) - bogus endian macros -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - # It does; now see whether it defined to BIG_ENDIAN or not. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include - -int -main () -{ -#if BYTE_ORDER != BIG_ENDIAN - not big endian -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_c_bigendian=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_c_bigendian=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # It does not; compile a test program. -if test "$cross_compiling" = yes; then - # try to guess the endianness by grepping values into an object file - ac_cv_c_bigendian=unknown - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; -short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; -void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } -short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; -short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; -void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } -int -main () -{ - _ascii (); _ebcdic (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then - ac_cv_c_bigendian=yes -fi -if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then - if test "$ac_cv_c_bigendian" = unknown; then - ac_cv_c_bigendian=no - else - # finding both strings is unlikely to happen, but who knows? - ac_cv_c_bigendian=unknown - fi -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ - - /* Are we little or big endian? From Harbison&Steele. */ - union - { - long int l; - char c[sizeof (long int)]; - } u; - u.l = 1; - return u.c[sizeof (long int) - 1] == 1; - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_c_bigendian=no -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_c_bigendian=yes -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 -echo "${ECHO_T}$ac_cv_c_bigendian" >&6; } -case $ac_cv_c_bigendian in - yes) - -cat >>confdefs.h <<\_ACEOF -#define WORDS_BIGENDIAN 1 -_ACEOF - ;; - no) - ;; - *) - { { echo "$as_me:$LINENO: error: unknown endianness -presetting ac_cv_c_bigendian=no (or yes) will help" >&5 -echo "$as_me: error: unknown endianness -presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} - { (exit 1); exit 1; }; } ;; -esac - - -# Checks for programs. -for ac_prog in gawk mawk nawk awk -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_AWK+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$AWK"; then - ac_cv_prog_AWK="$AWK" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_AWK="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -AWK=$ac_cv_prog_AWK -if test -n "$AWK"; then - { echo "$as_me:$LINENO: result: $AWK" >&5 -echo "${ECHO_T}$AWK" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$AWK" && break -done - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 -echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if test "${ac_cv_prog_CPP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Broken: fails on valid input. -continue -fi - -rm -f conftest.err conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - # Broken: success on invalid input. -continue -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Passes both tests. -ac_preproc_ok=: -break -fi - -rm -f conftest.err conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ echo "$as_me:$LINENO: result: $CPP" >&5 -echo "${ECHO_T}$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - : -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Broken: fails on valid input. -continue -fi - -rm -f conftest.err conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - # Broken: success on invalid input. -continue -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - # Passes both tests. -ac_preproc_ok=: -break -fi - -rm -f conftest.err conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.err conftest.$ac_ext -if $ac_preproc_ok; then - : -else - { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&5 -echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details." >&2;} - { (exit 1); exit 1; }; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_RANLIB+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { echo "$as_me:$LINENO: result: $RANLIB" >&5 -echo "${ECHO_T}$RANLIB" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 -echo "${ECHO_T}$ac_ct_RANLIB" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi - -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AmigaOS /C/install, which installs bootblocks on floppy discs -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# OS/2's system install, which has a completely different semantic -# ./install, which can be erroneously created by make from ./install.sh. -{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 -echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; } -if test -z "$INSTALL"; then -if test "${ac_cv_path_install+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in - ./ | .// | /cC/* | \ - /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ - /usr/ucb/* ) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then - if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # program-specific install script used by HP pwplus--don't use. - : - else - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 - fi - fi - done - done - ;; -esac -done -IFS=$as_save_IFS - - -fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL=$ac_cv_path_install - else - # As a last resort, use the slow shell script. Don't cache a - # value for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - INSTALL=$ac_install_sh - fi -fi -{ echo "$as_me:$LINENO: result: $INSTALL" >&5 -echo "${ECHO_T}$INSTALL" >&6; } - -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - -{ echo "$as_me:$LINENO: checking for egrep" >&5 -echo $ECHO_N "checking for egrep... $ECHO_C" >&6; } -if test "${ac_cv_path_EGREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - # Extract the first word of "egrep" to use in msg output -if test -z "$EGREP"; then -set dummy egrep; ac_prog_name=$2 -if test "${ac_cv_path_EGREP+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_path_EGREP_found=false -# Loop through the user's path and test for each of PROGNAME-LIST -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue - # Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - echo $ECHO_N "0123456789$ECHO_C" >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - ac_count=`expr $ac_count + 1` - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - - $ac_path_EGREP_found && break 3 - done -done - -done -IFS=$as_save_IFS - - -fi - -EGREP="$ac_cv_path_EGREP" -if test -z "$EGREP"; then - { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5 -echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;} - { (exit 1); exit 1; }; } -fi - -else - ac_cv_path_EGREP=$EGREP -fi - - - fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5 -echo "${ECHO_T}$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - -if test -n "$ac_tool_prefix"; then - for ac_prog in ar - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_AR+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$AR"; then - ac_cv_prog_AR="$AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_AR="$ac_tool_prefix$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -AR=$ac_cv_prog_AR -if test -n "$AR"; then - { echo "$as_me:$LINENO: result: $AR" >&5 -echo "${ECHO_T}$AR" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$AR" && break - done -fi -if test -z "$AR"; then - ac_ct_AR=$AR - for ac_prog in ar -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_ac_ct_AR+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$ac_ct_AR"; then - ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_ac_ct_AR="$ac_prog" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -ac_ct_AR=$ac_cv_prog_ac_ct_AR -if test -n "$ac_ct_AR"; then - { echo "$as_me:$LINENO: result: $ac_ct_AR" >&5 -echo "${ECHO_T}$ac_ct_AR" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$ac_ct_AR" && break -done - - if test "x$ac_ct_AR" = x; then - AR="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - AR=$ac_ct_AR - fi -fi - -# Extract the first word of "cat", so it can be a program name with args. -set dummy cat; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_CAT+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $CAT in - [\\/]* | ?:[\\/]*) - ac_cv_path_CAT="$CAT" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -CAT=$ac_cv_path_CAT -if test -n "$CAT"; then - { echo "$as_me:$LINENO: result: $CAT" >&5 -echo "${ECHO_T}$CAT" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "kill", so it can be a program name with args. -set dummy kill; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_KILL+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $KILL in - [\\/]* | ?:[\\/]*) - ac_cv_path_KILL="$KILL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -KILL=$ac_cv_path_KILL -if test -n "$KILL"; then - { echo "$as_me:$LINENO: result: $KILL" >&5 -echo "${ECHO_T}$KILL" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -for ac_prog in perl5 perl -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_PERL+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $PERL in - [\\/]* | ?:[\\/]*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -PERL=$ac_cv_path_PERL -if test -n "$PERL"; then - { echo "$as_me:$LINENO: result: $PERL" >&5 -echo "${ECHO_T}$PERL" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$PERL" && break -done - -# Extract the first word of "sed", so it can be a program name with args. -set dummy sed; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_SED+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $SED in - [\\/]* | ?:[\\/]*) - ac_cv_path_SED="$SED" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -SED=$ac_cv_path_SED -if test -n "$SED"; then - { echo "$as_me:$LINENO: result: $SED" >&5 -echo "${ECHO_T}$SED" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - -# Extract the first word of "ent", so it can be a program name with args. -set dummy ent; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_ENT+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $ENT in - [\\/]* | ?:[\\/]*) - ac_cv_path_ENT="$ENT" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -ENT=$ac_cv_path_ENT -if test -n "$ENT"; then - { echo "$as_me:$LINENO: result: $ENT" >&5 -echo "${ECHO_T}$ENT" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - -# Extract the first word of "bash", so it can be a program name with args. -set dummy bash; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $TEST_MINUS_S_SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH -if test -n "$TEST_MINUS_S_SH"; then - { echo "$as_me:$LINENO: result: $TEST_MINUS_S_SH" >&5 -echo "${ECHO_T}$TEST_MINUS_S_SH" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "ksh", so it can be a program name with args. -set dummy ksh; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $TEST_MINUS_S_SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH -if test -n "$TEST_MINUS_S_SH"; then - { echo "$as_me:$LINENO: result: $TEST_MINUS_S_SH" >&5 -echo "${ECHO_T}$TEST_MINUS_S_SH" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "sh", so it can be a program name with args. -set dummy sh; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $TEST_MINUS_S_SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH -if test -n "$TEST_MINUS_S_SH"; then - { echo "$as_me:$LINENO: result: $TEST_MINUS_S_SH" >&5 -echo "${ECHO_T}$TEST_MINUS_S_SH" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "sh", so it can be a program name with args. -set dummy sh; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_SH+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_SH="$SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -SH=$ac_cv_path_SH -if test -n "$SH"; then - { echo "$as_me:$LINENO: result: $SH" >&5 -echo "${ECHO_T}$SH" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "groff", so it can be a program name with args. -set dummy groff; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_GROFF+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $GROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -GROFF=$ac_cv_path_GROFF -if test -n "$GROFF"; then - { echo "$as_me:$LINENO: result: $GROFF" >&5 -echo "${ECHO_T}$GROFF" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "nroff", so it can be a program name with args. -set dummy nroff; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_NROFF+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $NROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -NROFF=$ac_cv_path_NROFF -if test -n "$NROFF"; then - { echo "$as_me:$LINENO: result: $NROFF" >&5 -echo "${ECHO_T}$NROFF" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "mandoc", so it can be a program name with args. -set dummy mandoc; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_MANDOC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $MANDOC in - [\\/]* | ?:[\\/]*) - ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -MANDOC=$ac_cv_path_MANDOC -if test -n "$MANDOC"; then - { echo "$as_me:$LINENO: result: $MANDOC" >&5 -echo "${ECHO_T}$MANDOC" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -TEST_SHELL=sh - - -if test "x$MANDOC" != "x" ; then - MANFMT="$MANDOC" -elif test "x$NROFF" != "x" ; then - MANFMT="$NROFF -mandoc" -elif test "x$GROFF" != "x" ; then - MANFMT="$GROFF -mandoc -Tascii" -else - { echo "$as_me:$LINENO: WARNING: no manpage formatted found" >&5 -echo "$as_me: WARNING: no manpage formatted found" >&2;} - MANFMT="false" -fi - - -# Extract the first word of "groupadd", so it can be a program name with args. -set dummy groupadd; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_PATH_GROUPADD_PROG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $PATH_GROUPADD_PROG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /usr/sbin${PATH_SEPARATOR}/etc -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd" - ;; -esac -fi -PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG -if test -n "$PATH_GROUPADD_PROG"; then - { echo "$as_me:$LINENO: result: $PATH_GROUPADD_PROG" >&5 -echo "${ECHO_T}$PATH_GROUPADD_PROG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "useradd", so it can be a program name with args. -set dummy useradd; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_PATH_USERADD_PROG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $PATH_USERADD_PROG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /usr/sbin${PATH_SEPARATOR}/etc -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd" - ;; -esac -fi -PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG -if test -n "$PATH_USERADD_PROG"; then - { echo "$as_me:$LINENO: result: $PATH_USERADD_PROG" >&5 -echo "${ECHO_T}$PATH_USERADD_PROG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Extract the first word of "pkgmk", so it can be a program name with args. -set dummy pkgmk; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$MAKE_PACKAGE_SUPPORTED"; then - ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no" -fi -fi -MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED -if test -n "$MAKE_PACKAGE_SUPPORTED"; then - { echo "$as_me:$LINENO: result: $MAKE_PACKAGE_SUPPORTED" >&5 -echo "${ECHO_T}$MAKE_PACKAGE_SUPPORTED" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -if test -x /sbin/sh; then - STARTUP_SCRIPT_SHELL=/sbin/sh - -else - STARTUP_SCRIPT_SHELL=/bin/sh - -fi - -# System features -# Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then - enableval=$enable_largefile; -fi - -if test "$enable_largefile" != no; then - - { echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5 -echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6; } -if test "${ac_cv_sys_largefile_CC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext - CC="$CC -n32" - rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_largefile_CC=' -n32'; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5 -echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi - - { echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6; } -if test "${ac_cv_sys_file_offset_bits+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_file_offset_bits=no; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#define _FILE_OFFSET_BITS 64 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_file_offset_bits=64; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown - break -done -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5 -echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF -;; -esac -rm -f conftest* - if test $ac_cv_sys_file_offset_bits = unknown; then - { echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5 -echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6; } -if test "${ac_cv_sys_large_files+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_large_files=no; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#define _LARGE_FILES 1 -#include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_sys_large_files=1; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5 -echo "${ECHO_T}$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF -;; -esac -rm -f conftest* - fi -fi - - -if test -z "$AR" ; then - { { echo "$as_me:$LINENO: error: *** 'ar' missing, please install or fix your \$PATH ***" >&5 -echo "$as_me: error: *** 'ar' missing, please install or fix your \$PATH ***" >&2;} - { (exit 1); exit 1; }; } -fi - -# Use LOGIN_PROGRAM from environment if possible -if test ! -z "$LOGIN_PROGRAM" ; then - -cat >>confdefs.h <<_ACEOF -#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM" -_ACEOF - -else - # Search for login - # Extract the first word of "login", so it can be a program name with args. -set dummy login; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_LOGIN_PROGRAM_FALLBACK+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $LOGIN_PROGRAM_FALLBACK in - [\\/]* | ?:[\\/]*) - ac_cv_path_LOGIN_PROGRAM_FALLBACK="$LOGIN_PROGRAM_FALLBACK" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_LOGIN_PROGRAM_FALLBACK="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK -if test -n "$LOGIN_PROGRAM_FALLBACK"; then - { echo "$as_me:$LINENO: result: $LOGIN_PROGRAM_FALLBACK" >&5 -echo "${ECHO_T}$LOGIN_PROGRAM_FALLBACK" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then - cat >>confdefs.h <<_ACEOF -#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM_FALLBACK" -_ACEOF - - fi -fi - -# Extract the first word of "passwd", so it can be a program name with args. -set dummy passwd; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_PATH_PASSWD_PROG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $PATH_PASSWD_PROG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG -if test -n "$PATH_PASSWD_PROG"; then - { echo "$as_me:$LINENO: result: $PATH_PASSWD_PROG" >&5 -echo "${ECHO_T}$PATH_PASSWD_PROG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -if test ! -z "$PATH_PASSWD_PROG" ; then - -cat >>confdefs.h <<_ACEOF -#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG" -_ACEOF - -fi - -if test -z "$LD" ; then - LD=$CC -fi - - -{ echo "$as_me:$LINENO: checking for inline" >&5 -echo $ECHO_N "checking for inline... $ECHO_C" >&6; } -if test "${ac_cv_c_inline+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_c_inline=no -for ac_kw in inline __inline__ __inline; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#ifndef __cplusplus -typedef int foo_t; -static $ac_kw foo_t static_foo () {return 0; } -$ac_kw foo_t foo () {return 0; } -#endif - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_c_inline=$ac_kw -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - test "$ac_cv_c_inline" != no && break -done - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5 -echo "${ECHO_T}$ac_cv_c_inline" >&6; } - - -case $ac_cv_c_inline in - inline | yes) ;; - *) - case $ac_cv_c_inline in - no) ac_val=;; - *) ac_val=$ac_cv_c_inline;; - esac - cat >>confdefs.h <<_ACEOF -#ifndef __cplusplus -#define inline $ac_val -#endif -_ACEOF - ;; -esac - - -{ echo "$as_me:$LINENO: checking whether LLONG_MAX is declared" >&5 -echo $ECHO_N "checking whether LLONG_MAX is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_LLONG_MAX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef LLONG_MAX - (void) LLONG_MAX; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_LLONG_MAX=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_LLONG_MAX=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_LLONG_MAX" >&5 -echo "${ECHO_T}$ac_cv_have_decl_LLONG_MAX" >&6; } -if test $ac_cv_have_decl_LLONG_MAX = yes; then - have_llong_max=1 -fi - -{ echo "$as_me:$LINENO: checking whether SYSTR_POLICY_KILL is declared" >&5 -echo $ECHO_N "checking whether SYSTR_POLICY_KILL is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_SYSTR_POLICY_KILL+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - - -int -main () -{ -#ifndef SYSTR_POLICY_KILL - (void) SYSTR_POLICY_KILL; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_SYSTR_POLICY_KILL=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_SYSTR_POLICY_KILL=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_SYSTR_POLICY_KILL" >&5 -echo "${ECHO_T}$ac_cv_have_decl_SYSTR_POLICY_KILL" >&6; } -if test $ac_cv_have_decl_SYSTR_POLICY_KILL = yes; then - have_systr_policy_kill=1 -fi - -{ echo "$as_me:$LINENO: checking whether RLIMIT_NPROC is declared" >&5 -echo $ECHO_N "checking whether RLIMIT_NPROC is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_RLIMIT_NPROC+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - - -int -main () -{ -#ifndef RLIMIT_NPROC - (void) RLIMIT_NPROC; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_RLIMIT_NPROC=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_RLIMIT_NPROC=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_RLIMIT_NPROC" >&5 -echo "${ECHO_T}$ac_cv_have_decl_RLIMIT_NPROC" >&6; } -if test $ac_cv_have_decl_RLIMIT_NPROC = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_RLIMIT_NPROC -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking whether PR_SET_NO_NEW_PRIVS is declared" >&5 -echo $ECHO_N "checking whether PR_SET_NO_NEW_PRIVS is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_PR_SET_NO_NEW_PRIVS+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - - -int -main () -{ -#ifndef PR_SET_NO_NEW_PRIVS - (void) PR_SET_NO_NEW_PRIVS; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_PR_SET_NO_NEW_PRIVS=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_PR_SET_NO_NEW_PRIVS=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" >&5 -echo "${ECHO_T}$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" >&6; } -if test $ac_cv_have_decl_PR_SET_NO_NEW_PRIVS = yes; then - have_linux_no_new_privs=1 -fi - - -openssl=yes -ssh1=no - -# Check whether --with-openssl was given. -if test "${with_openssl+set}" = set; then - withval=$with_openssl; if test "x$withval" = "xno" ; then - openssl=no - ssh1=no - fi - - -fi - -{ echo "$as_me:$LINENO: checking whether OpenSSL will be used for cryptography" >&5 -echo $ECHO_N "checking whether OpenSSL will be used for cryptography... $ECHO_C" >&6; } -if test "x$openssl" = "xyes" ; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<_ACEOF -#define WITH_OPENSSL 1 -_ACEOF - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Check whether --with-ssh1 was given. -if test "${with_ssh1+set}" = set; then - withval=$with_ssh1; - if test "x$withval" = "xyes" ; then - if test "x$openssl" = "xno" ; then - { { echo "$as_me:$LINENO: error: Cannot enable SSH protocol 1 with OpenSSL disabled" >&5 -echo "$as_me: error: Cannot enable SSH protocol 1 with OpenSSL disabled" >&2;} - { (exit 1); exit 1; }; } - fi - ssh1=yes - elif test "x$withval" = "xno" ; then - ssh1=no - else - { { echo "$as_me:$LINENO: error: unknown --with-ssh1 argument" >&5 -echo "$as_me: error: unknown --with-ssh1 argument" >&2;} - { (exit 1); exit 1; }; } - fi - - -fi - -{ echo "$as_me:$LINENO: checking whether SSH protocol 1 support is enabled" >&5 -echo $ECHO_N "checking whether SSH protocol 1 support is enabled... $ECHO_C" >&6; } -if test "x$ssh1" = "xyes" ; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<_ACEOF -#define WITH_SSH1 1 -_ACEOF - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - -use_stack_protector=1 -use_toolchain_hardening=1 - -# Check whether --with-stackprotect was given. -if test "${with_stackprotect+set}" = set; then - withval=$with_stackprotect; - if test "x$withval" = "xno"; then - use_stack_protector=0 - fi -fi - - -# Check whether --with-hardening was given. -if test "${with_hardening+set}" = set; then - withval=$with_hardening; - if test "x$withval" = "xno"; then - use_toolchain_hardening=0 - fi -fi - - -# We use -Werror for the tests only so that we catch warnings like "this is -# on by default" for things like -fPIE. -{ echo "$as_me:$LINENO: checking if $CC supports -Werror" >&5 -echo $ECHO_N "checking if $CC supports -Werror... $ECHO_C" >&6; } -saved_CFLAGS="$CFLAGS" -CFLAGS="$CFLAGS -Werror" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - WERROR="-Werror" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - WERROR="" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -CFLAGS="$saved_CFLAGS" - -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Qunused-arguments" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Qunused-arguments... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Qunused-arguments" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wunknown-warning-option" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wunknown-warning-option... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wall" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wall... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wall" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wall" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wpointer-arith" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wpointer-arith... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wpointer-arith" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wuninitialized" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wuninitialized... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wuninitialized" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wuninitialized" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wsign-compare" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wsign-compare... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wsign-compare" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wsign-compare" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wformat-security" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wformat-security... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wformat-security" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wformat-security" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wsizeof-pointer-memaccess" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wsizeof-pointer-memaccess... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wsizeof-pointer-memaccess" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wpointer-sign" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wpointer-sign... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wpointer-sign" - _define_flag="-Wno-pointer-sign" - test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wunused-result" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wunused-result... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wunused-result" - _define_flag="-Wno-unused-result" - test "x$_define_flag" = "x" && _define_flag="-Wunused-result" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -fno-strict-aliasing" >&5 -echo $ECHO_N "checking if $CC supports compile flag -fno-strict-aliasing... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -fno-strict-aliasing" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 -echo $ECHO_N "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - if test "x$use_toolchain_hardening" = "x1"; then - { - { echo "$as_me:$LINENO: checking if $LD supports link flag -Wl,-z,relro" >&5 -echo $ECHO_N "checking if $LD supports link flag -Wl,-z,relro... $ECHO_C" >&6; } - saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - LDFLAGS="$saved_LDFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $LD supports link flag -Wl,-z,now" >&5 -echo $ECHO_N "checking if $LD supports link flag -Wl,-z,now... $ECHO_C" >&6; } - saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - LDFLAGS="$saved_LDFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 -echo $ECHO_N "checking if $LD supports link flag -Wl,-z,noexecstack... $ECHO_C" >&6; } - saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - LDFLAGS="$saved_LDFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -} - # NB. -ftrapv expects certain support functions to be present in - # the compiler library (libgcc or similar) to detect integer operations - # that can overflow. We must check that the result of enabling it - # actually links. The test program compiled/linked includes a number - # of integer operations that should exercise this. - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 -echo $ECHO_N "checking if $CC supports compile flag -ftrapv and linking succeeds... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -ftrapv" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-ftrapv" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -} - fi - { echo "$as_me:$LINENO: checking gcc version" >&5 -echo $ECHO_N "checking gcc version... $ECHO_C" >&6; } - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) no_attrib_nonnull=1 ;; - 2.8* | 2.9*) - no_attrib_nonnull=1 - ;; - 2.*) no_attrib_nonnull=1 ;; - *) ;; - esac - { echo "$as_me:$LINENO: result: $GCC_VER" >&5 -echo "${ECHO_T}$GCC_VER" >&6; } - - { echo "$as_me:$LINENO: checking if $CC accepts -fno-builtin-memset" >&5 -echo $ECHO_N "checking if $CC accepts -fno-builtin-memset... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fno-builtin-memset" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - char b[10]; memset(b, 0, sizeof(b)); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - # -fstack-protector-all doesn't always work for some GCC versions - # and/or platforms, so we test if we can. If it's not supported - # on a given platform gcc will emit a warning so we use -Werror. - if test "x$use_stack_protector" = "x1"; then - for t in -fstack-protector-strong -fstack-protector-all \ - -fstack-protector; do - { echo "$as_me:$LINENO: checking if $CC supports $t" >&5 -echo $ECHO_N "checking if $CC supports $t... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - saved_LDFLAGS="$LDFLAGS" - CFLAGS="$CFLAGS $t -Werror" - LDFLAGS="$LDFLAGS $t -Werror" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - - char x[256]; - snprintf(x, sizeof(x), "XXX"); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $t" - LDFLAGS="$saved_LDFLAGS $t" - { echo "$as_me:$LINENO: checking if $t works" >&5 -echo $ECHO_N "checking if $t works... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: cannot test" >&5 -echo "$as_me: WARNING: cross compiling: cannot test" >&2;} - break - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - - char x[256]; - snprintf(x, sizeof(x), "XXX"); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - break -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - CFLAGS="$saved_CFLAGS" - LDFLAGS="$saved_LDFLAGS" - done - fi - - if test -z "$have_llong_max"; then - # retry LLONG_MAX with -std=gnu99, needed on some Linuxes - unset ac_cv_have_decl_LLONG_MAX - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -std=gnu99" - { echo "$as_me:$LINENO: checking whether LLONG_MAX is declared" >&5 -echo $ECHO_N "checking whether LLONG_MAX is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_LLONG_MAX+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - - -int -main () -{ -#ifndef LLONG_MAX - (void) LLONG_MAX; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_LLONG_MAX=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_LLONG_MAX=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_LLONG_MAX" >&5 -echo "${ECHO_T}$ac_cv_have_decl_LLONG_MAX" >&6; } -if test $ac_cv_have_decl_LLONG_MAX = yes; then - have_llong_max=1 -else - CFLAGS="$saved_CFLAGS" -fi - - fi -fi - -{ echo "$as_me:$LINENO: checking if compiler allows __attribute__ on return types" >&5 -echo $ECHO_N "checking if compiler allows __attribute__ on return types... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -__attribute__((__unused__)) static void foo(void){return;} -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define NO_ATTRIBUTE_ON_RETURN_TYPE 1 -_ACEOF - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test "x$no_attrib_nonnull" != "x1" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ATTRIBUTE__NONNULL__ 1 -_ACEOF - -fi - - -# Check whether --with-rpath was given. -if test "${with_rpath+set}" = set; then - withval=$with_rpath; - if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 - fi - - -fi - - -# Allow user to specify flags - -# Check whether --with-cflags was given. -if test "${with_cflags+set}" = set; then - withval=$with_cflags; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - - -fi - - -# Check whether --with-cppflags was given. -if test "${with_cppflags+set}" = set; then - withval=$with_cppflags; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - - -fi - - -# Check whether --with-ldflags was given. -if test "${with_ldflags+set}" = set; then - withval=$with_ldflags; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - - -fi - - -# Check whether --with-libs was given. -if test "${with_libs+set}" = set; then - withval=$with_libs; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - - -fi - - -# Check whether --with-Werror was given. -if test "${with_Werror+set}" = set; then - withval=$with_Werror; - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - - -fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -for ac_header in \ - blf.h \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - elf.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - inttypes.h \ - limits.h \ - locale.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - poll.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/capability.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/poll.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/statvfs.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - ucred.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ - -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# lastlog.h requires sys/time.h to be included first on Solaris - -for ac_header in lastlog.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TIME_H -# include -#endif - - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# sys/ptms.h requires sys/stream.h to be included first on Solaris - -for ac_header in sys/ptms.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_STREAM_H -# include -#endif - - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# login_cap.h requires sys/types.h on NetBSD - -for ac_header in login_cap.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# older BSDs need sys/param.h before sys/mount.h - -for ac_header in sys/mount.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# Android requires sys/socket.h to be included before sys/un.h - -for ac_header in sys/un.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# Messages for features tested for in target-specific section -SIA_MSG="no" -SPC_MSG="no" -SP_MSG="no" - -# Check for some target-specific stuff -case "$host" in -*-*-aix*) - # Some versions of VAC won't allow macro redefinitions at - # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that - # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are - # not fatal. - { echo "$as_me:$LINENO: checking if compiler allows macro redefinitions" >&5 -echo $ECHO_N "checking if compiler allows macro redefinitions... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#define testmacro foo -#define testmacro bar -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" - CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" - CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - { echo "$as_me:$LINENO: checking how to specify blibpath for linker ($LD)" >&5 -echo $ECHO_N "checking how to specify blibpath for linker ($LD)... $ECHO_C" >&6; } - if (test -z "$blibpath"); then - blibpath="/usr/lib:/lib" - fi - saved_LDFLAGS="$LDFLAGS" - if test "$GCC" = "yes"; then - flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" - else - flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," - fi - for tryflags in $flags ;do - if (test -z "$blibflags"); then - LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - blibflags=$tryflags -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - fi - done - if (test -z "$blibflags"); then - { echo "$as_me:$LINENO: result: not found" >&5 -echo "${ECHO_T}not found" >&6; } - { { echo "$as_me:$LINENO: error: *** must be able to specify blibpath on AIX - check config.log" >&5 -echo "$as_me: error: *** must be able to specify blibpath on AIX - check config.log" >&2;} - { (exit 1); exit 1; }; } - else - { echo "$as_me:$LINENO: result: $blibflags" >&5 -echo "${ECHO_T}$blibflags" >&6; } - fi - LDFLAGS="$saved_LDFLAGS" - { echo "$as_me:$LINENO: checking for authenticate" >&5 -echo $ECHO_N "checking for authenticate... $ECHO_C" >&6; } -if test "${ac_cv_func_authenticate+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define authenticate to an innocuous variant, in case declares authenticate. - For example, HP-UX 11i declares gettimeofday. */ -#define authenticate innocuous_authenticate - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char authenticate (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef authenticate - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char authenticate (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_authenticate || defined __stub___authenticate -choke me -#endif - -int -main () -{ -return authenticate (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_authenticate=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_authenticate=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_authenticate" >&5 -echo "${ECHO_T}$ac_cv_func_authenticate" >&6; } -if test $ac_cv_func_authenticate = yes; then - -cat >>confdefs.h <<\_ACEOF -#define WITH_AIXAUTHENTICATE 1 -_ACEOF - -else - { echo "$as_me:$LINENO: checking for authenticate in -ls" >&5 -echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6; } -if test "${ac_cv_lib_s_authenticate+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ls $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char authenticate (); -int -main () -{ -return authenticate (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_s_authenticate=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_s_authenticate=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_s_authenticate" >&5 -echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6; } -if test $ac_cv_lib_s_authenticate = yes; then - cat >>confdefs.h <<\_ACEOF -#define WITH_AIXAUTHENTICATE 1 -_ACEOF - - LIBS="$LIBS -ls" - -fi - - -fi - - { echo "$as_me:$LINENO: checking whether authenticate is declared" >&5 -echo $ECHO_N "checking whether authenticate is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_authenticate+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef authenticate - (void) authenticate; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_authenticate=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_authenticate=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_authenticate" >&5 -echo "${ECHO_T}$ac_cv_have_decl_authenticate" >&6; } -if test $ac_cv_have_decl_authenticate = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_AUTHENTICATE 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_AUTHENTICATE 0 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking whether loginrestrictions is declared" >&5 -echo $ECHO_N "checking whether loginrestrictions is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_loginrestrictions+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef loginrestrictions - (void) loginrestrictions; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_loginrestrictions=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_loginrestrictions=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_loginrestrictions" >&5 -echo "${ECHO_T}$ac_cv_have_decl_loginrestrictions" >&6; } -if test $ac_cv_have_decl_loginrestrictions = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINRESTRICTIONS 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINRESTRICTIONS 0 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking whether loginsuccess is declared" >&5 -echo $ECHO_N "checking whether loginsuccess is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_loginsuccess+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef loginsuccess - (void) loginsuccess; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_loginsuccess=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_loginsuccess=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_loginsuccess" >&5 -echo "${ECHO_T}$ac_cv_have_decl_loginsuccess" >&6; } -if test $ac_cv_have_decl_loginsuccess = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINSUCCESS 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINSUCCESS 0 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking whether passwdexpired is declared" >&5 -echo $ECHO_N "checking whether passwdexpired is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_passwdexpired+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef passwdexpired - (void) passwdexpired; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_passwdexpired=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_passwdexpired=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_passwdexpired" >&5 -echo "${ECHO_T}$ac_cv_have_decl_passwdexpired" >&6; } -if test $ac_cv_have_decl_passwdexpired = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_PASSWDEXPIRED 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_PASSWDEXPIRED 0 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking whether setauthdb is declared" >&5 -echo $ECHO_N "checking whether setauthdb is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_setauthdb+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef setauthdb - (void) setauthdb; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_setauthdb=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_setauthdb=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_setauthdb" >&5 -echo "${ECHO_T}$ac_cv_have_decl_setauthdb" >&6; } -if test $ac_cv_have_decl_setauthdb = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SETAUTHDB 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SETAUTHDB 0 -_ACEOF - - -fi - - - { echo "$as_me:$LINENO: checking whether loginfailed is declared" >&5 -echo $ECHO_N "checking whether loginfailed is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_loginfailed+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - - -int -main () -{ -#ifndef loginfailed - (void) loginfailed; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_loginfailed=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_loginfailed=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_loginfailed" >&5 -echo "${ECHO_T}$ac_cv_have_decl_loginfailed" >&6; } -if test $ac_cv_have_decl_loginfailed = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINFAILED 1 -_ACEOF - -{ echo "$as_me:$LINENO: checking if loginfailed takes 4 arguments" >&5 -echo $ECHO_N "checking if loginfailed takes 4 arguments... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - (void)loginfailed("user","host","tty",0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define AIX_LOGINFAILED_4ARG 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINFAILED 0 -_ACEOF - - -fi - - - - -for ac_func in getgrset setauthdb -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - { echo "$as_me:$LINENO: checking whether F_CLOSEM is declared" >&5 -echo $ECHO_N "checking whether F_CLOSEM is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_F_CLOSEM+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include - #include - - -int -main () -{ -#ifndef F_CLOSEM - (void) F_CLOSEM; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_F_CLOSEM=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_F_CLOSEM=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_F_CLOSEM" >&5 -echo "${ECHO_T}$ac_cv_have_decl_F_CLOSEM" >&6; } -if test $ac_cv_have_decl_F_CLOSEM = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_FCNTL_CLOSEM 1 -_ACEOF - -fi - - check_for_aix_broken_getaddrinfo=1 - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_REALPATH 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_LASTLOG 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LOGIN_NEEDS_UTMPX 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SPT_TYPE SPT_REUSEARGV -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define PTY_ZEROREAD 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define PLATFORM_SYS_DIR_UID 2 -_ACEOF - - ;; -*-*-android*) - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMP 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMP 1 -_ACEOF - - ;; -*-*-cygwin*) - check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textreadmode.o" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_CYGWIN 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_SHADOW 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define NO_X11_UNIX_SOCKETS 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define NO_IPPORT_RESERVED_CONCEPT 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_IOBUFSZ 65535 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define FILESYSTEM_NO_BACKSLASH 1 -_ACEOF - - # Cygwin defines optargs, optargs as declspec(dllimport) for historical - # reasons which cause compile warnings, so we disable those warnings. - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -Wno-attributes" >&5 -echo $ECHO_N "checking if $CC supports compile flag -Wno-attributes... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -Wno-attributes" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wno-attributes" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - ;; -*-*-dgux*) - -cat >>confdefs.h <<\_ACEOF -#define IP_TOS_IS_BROKEN 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - ;; -*-*-darwin*) - use_pie=auto - { echo "$as_me:$LINENO: checking if we have working getaddrinfo" >&5 -echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: result: assume it is working" >&5 -echo "${ECHO_T}assume it is working" >&6; } -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - exit(0); - else - exit(1); -} - -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: working" >&5 -echo "${ECHO_T}working" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -{ echo "$as_me:$LINENO: result: buggy" >&5 -echo "${ECHO_T}buggy" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETADDRINFO 1 -_ACEOF - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_GLOB 1 -_ACEOF - - -cat >>confdefs.h <<_ACEOF -#define BIND_8_COMPAT 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_FREEBSD 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_COMPAT_AF 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_PREPEND_AF 1 -_ACEOF - - - { echo "$as_me:$LINENO: checking whether AU_IPv4 is declared" >&5 -echo $ECHO_N "checking whether AU_IPv4 is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_AU_IPv4+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef AU_IPv4 - (void) AU_IPv4; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_AU_IPv4=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_AU_IPv4=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_AU_IPv4" >&5 -echo "${ECHO_T}$ac_cv_have_decl_AU_IPv4" >&6; } -if test $ac_cv_have_decl_AU_IPv4 = yes; then - : -else - -cat >>confdefs.h <<\_ACEOF -#define AU_IPv4 0 -_ACEOF - - #include - -cat >>confdefs.h <<\_ACEOF -#define LASTLOG_WRITE_PUTUTXLINE 1 -_ACEOF - - -fi - - -cat >>confdefs.h <<\_ACEOF -#define SPT_TYPE SPT_REUSEARGV -_ACEOF - - -for ac_func in sandbox_init -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -for ac_header in sandbox.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - ;; -*-*-dragonfly*) - SSHDLIBS="$SSHDLIBS -lcrypt" - TEST_MALLOC_OPTIONS="AFGJPRX" - ;; -*-*-haiku*) - LIBS="$LIBS -lbsd " - -{ echo "$as_me:$LINENO: checking for socket in -lnetwork" >&5 -echo $ECHO_N "checking for socket in -lnetwork... $ECHO_C" >&6; } -if test "${ac_cv_lib_network_socket+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnetwork $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char socket (); -int -main () -{ -return socket (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_network_socket=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_network_socket=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_network_socket" >&5 -echo "${ECHO_T}$ac_cv_lib_network_socket" >&6; } -if test $ac_cv_lib_network_socket = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBNETWORK 1 -_ACEOF - - LIBS="-lnetwork $LIBS" - -fi - - cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INT64_T 1 -_ACEOF - - MANTYPE=man - ;; -*-*-hpux*) - # first we define all of the options common to all HP-UX releases - CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" - IPADDR_IN_DISPLAY=yes - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LOGIN_NO_ENDOPT 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOGIN_NEEDS_UTMPX 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_STRING "*" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SPT_TYPE SPT_PSTAT -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define PLATFORM_SYS_DIR_UID 2 -_ACEOF - - maildir="/var/mail" - LIBS="$LIBS -lsec" - -{ echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 -echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6; } -if test "${ac_cv_lib_xnet_t_error+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lxnet $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char t_error (); -int -main () -{ -return t_error (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_xnet_t_error=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_xnet_t_error=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 -echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6; } -if test $ac_cv_lib_xnet_t_error = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBXNET 1 -_ACEOF - - LIBS="-lxnet $LIBS" - -else - { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 -echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} - { (exit 1); exit 1; }; } -fi - - - # next, we define all of the options specific to major releases - case "$host" in - *-*-hpux10*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -Ae" - fi - ;; - *-*-hpux11*) - -cat >>confdefs.h <<\_ACEOF -#define PAM_SUN_CODEBASE 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMP 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define USE_BTMP 1 -_ACEOF - - check_for_hpux_broken_getaddrinfo=1 - check_for_conflicting_getspnam=1 - ;; - esac - - # lastly, we define options specific to minor releases - case "$host" in - *-*-hpux10.26) - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SECUREWARE 1 -_ACEOF - - disable_ptmx_check=yes - LIBS="$LIBS -lsecpw" - ;; - esac - ;; -*-*-irix5*) - PATH="$PATH:/usr/etc" - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_INET_NTOA 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define WITH_ABBREV_NO_TTY 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_STRING "*LK*" -_ACEOF - - ;; -*-*-irix6*) - PATH="$PATH:/usr/etc" - -cat >>confdefs.h <<\_ACEOF -#define WITH_IRIX_ARRAY 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define WITH_IRIX_PROJECT 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define WITH_IRIX_AUDIT 1 -_ACEOF - - { echo "$as_me:$LINENO: checking for jlimit_startjob" >&5 -echo $ECHO_N "checking for jlimit_startjob... $ECHO_C" >&6; } -if test "${ac_cv_func_jlimit_startjob+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define jlimit_startjob to an innocuous variant, in case declares jlimit_startjob. - For example, HP-UX 11i declares gettimeofday. */ -#define jlimit_startjob innocuous_jlimit_startjob - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char jlimit_startjob (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef jlimit_startjob - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char jlimit_startjob (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_jlimit_startjob || defined __stub___jlimit_startjob -choke me -#endif - -int -main () -{ -return jlimit_startjob (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_jlimit_startjob=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_jlimit_startjob=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_jlimit_startjob" >&5 -echo "${ECHO_T}$ac_cv_func_jlimit_startjob" >&6; } -if test $ac_cv_func_jlimit_startjob = yes; then - -cat >>confdefs.h <<\_ACEOF -#define WITH_IRIX_JOBS 1 -_ACEOF - -fi - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_INET_NTOA 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_UPDWTMPX 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define WITH_ABBREV_NO_TTY 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_STRING "*LK*" -_ACEOF - - ;; -*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) - check_for_libcrypt_later=1 - cat >>confdefs.h <<\_ACEOF -#define PAM_TTY_KLUDGE 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_PREFIX "!" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SPT_TYPE SPT_REUSEARGV -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define _PATH_BTMP "/var/log/btmp" -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define USE_BTMP 1 -_ACEOF - - ;; -*-*-linux*) - no_dev_ptmx=1 - use_pie=auto - check_for_libcrypt_later=1 - check_for_openpty_ctty_bug=1 - -cat >>confdefs.h <<\_ACEOF -#define PAM_TTY_KLUDGE 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_PREFIX "!" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SPT_TYPE SPT_REUSEARGV -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LINK_OPNOTSUPP_ERRNO EPERM -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define _PATH_BTMP "/var/log/btmp" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USE_BTMP 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LINUX_OOM_ADJUST 1 -_ACEOF - - inet6_default_4in6=yes - case `uname -r` in - 1.*|2.0.*) - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_CMSG_TYPE 1 -_ACEOF - - ;; - esac - # tun(4) forwarding compat code - -for ac_header in linux/if_tun.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_LINUX 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_COMPAT_AF 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_PREPEND_AF 1 -_ACEOF - - fi - - - -for ac_header in linux/seccomp.h linux/filter.h linux/audit.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -for ac_func in prctl -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - { echo "$as_me:$LINENO: checking for seccomp architecture" >&5 -echo $ECHO_N "checking for seccomp architecture... $ECHO_C" >&6; } - seccomp_audit_arch= - case "$host" in - x86_64-*) - seccomp_audit_arch=AUDIT_ARCH_X86_64 - ;; - i*86-*) - seccomp_audit_arch=AUDIT_ARCH_I386 - ;; - arm*-*) - seccomp_audit_arch=AUDIT_ARCH_ARM - ;; - aarch64*-*) - seccomp_audit_arch=AUDIT_ARCH_AARCH64 - ;; - esac - if test "x$seccomp_audit_arch" != "x" ; then - { echo "$as_me:$LINENO: result: \"$seccomp_audit_arch\"" >&5 -echo "${ECHO_T}\"$seccomp_audit_arch\"" >&6; } - -cat >>confdefs.h <<_ACEOF -#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch -_ACEOF - - else - { echo "$as_me:$LINENO: result: architecture not supported" >&5 -echo "${ECHO_T}architecture not supported" >&6; } - fi - ;; -mips-sony-bsd|mips-sony-newsos4) - -cat >>confdefs.h <<\_ACEOF -#define NEED_SETPGRP 1 -_ACEOF - - SONY=1 - ;; -*-*-netbsd*) - check_for_libcrypt_before=1 - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_FREEBSD 1 -_ACEOF - - if test "${ac_cv_header_net_if_tap_h+set}" = set; then - { echo "$as_me:$LINENO: checking for net/if_tap.h" >&5 -echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6; } -if test "${ac_cv_header_net_if_tap_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5 -echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking net/if_tap.h usability" >&5 -echo $ECHO_N "checking net/if_tap.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking net/if_tap.h presence" >&5 -echo $ECHO_N "checking net/if_tap.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: net/if_tap.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: net/if_tap.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: net/if_tap.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for net/if_tap.h" >&5 -echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6; } -if test "${ac_cv_header_net_if_tap_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_net_if_tap_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5 -echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6; } - -fi -if test $ac_cv_header_net_if_tap_h = yes; then - : -else - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_NO_L2 1 -_ACEOF - -fi - - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_PREPEND_AF 1 -_ACEOF - - TEST_MALLOC_OPTIONS="AJRX" - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_STRNVIS 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_READ_COMPARISON 1 -_ACEOF - - ;; -*-*-freebsd*) - check_for_libcrypt_later=1 - -cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_PREFIX "*LOCKED*" -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_FREEBSD 1 -_ACEOF - - if test "${ac_cv_header_net_if_tap_h+set}" = set; then - { echo "$as_me:$LINENO: checking for net/if_tap.h" >&5 -echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6; } -if test "${ac_cv_header_net_if_tap_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5 -echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking net/if_tap.h usability" >&5 -echo $ECHO_N "checking net/if_tap.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking net/if_tap.h presence" >&5 -echo $ECHO_N "checking net/if_tap.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: net/if_tap.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: net/if_tap.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: net/if_tap.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for net/if_tap.h" >&5 -echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6; } -if test "${ac_cv_header_net_if_tap_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_net_if_tap_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5 -echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6; } - -fi -if test $ac_cv_header_net_if_tap_h = yes; then - : -else - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_NO_L2 1 -_ACEOF - -fi - - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_GLOB 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_STRNVIS 1 -_ACEOF - - TEST_MALLOC_OPTIONS="AJRX" - # Preauth crypto occasionally uses file descriptors for crypto offload - # and will crash if they cannot be opened. - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_SKIP_RLIMIT_NOFILE 1 -_ACEOF - - ;; -*-*-bsdi*) - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - ;; -*-next-*) - conf_lastlog_location="/usr/adm/lastlog" - conf_utmp_location=/etc/utmp - conf_wtmp_location=/usr/adm/wtmp - maildir=/usr/spool/mail - -cat >>confdefs.h <<\_ACEOF -#define HAVE_NEXT 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_REALPATH 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SAVED_UIDS 1 -_ACEOF - - ;; -*-*-openbsd*) - use_pie=auto - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ATTRIBUTE__SENTINEL__ 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ATTRIBUTE__BOUNDED__ 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSH_TUN_OPENBSD 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SYSLOG_R_SAFE_IN_SIGHAND 1 -_ACEOF - - TEST_MALLOC_OPTIONS="AFGJPRX" - ;; -*-*-solaris*) - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - cat >>confdefs.h <<\_ACEOF -#define PAM_SUN_CODEBASE 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOGIN_NEEDS_UTMPX 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define LOGIN_NEEDS_TERM 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define PAM_TTY_KLUDGE 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_STRING "*LK*" -_ACEOF - - # Pushing STREAMS modules will cause sshd to acquire a controlling tty. - -cat >>confdefs.h <<\_ACEOF -#define SSHD_ACQUIRES_CTTY 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define PASSWD_NEEDS_USERNAME 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_TCGETATTR_ICANON 1 -_ACEOF - - external_path_file=/etc/default/login - # hardwire lastlog location (can't detect it on some versions) - conf_lastlog_location="/var/adm/lastlog" - { echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5 -echo $ECHO_N "checking for obsolete utmp and wtmp in solaris2.x... $ECHO_C" >&6; } - sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` - if test "$sol2ver" -ge 8; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMP 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMP 1 -_ACEOF - - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - -# Check whether --with-solaris-contracts was given. -if test "${with_solaris_contracts+set}" = set; then - withval=$with_solaris_contracts; - { echo "$as_me:$LINENO: checking for ct_tmpl_activate in -lcontract" >&5 -echo $ECHO_N "checking for ct_tmpl_activate in -lcontract... $ECHO_C" >&6; } -if test "${ac_cv_lib_contract_ct_tmpl_activate+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcontract $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ct_tmpl_activate (); -int -main () -{ -return ct_tmpl_activate (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_contract_ct_tmpl_activate=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_contract_ct_tmpl_activate=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5 -echo "${ECHO_T}$ac_cv_lib_contract_ct_tmpl_activate" >&6; } -if test $ac_cv_lib_contract_ct_tmpl_activate = yes; then - -cat >>confdefs.h <<\_ACEOF -#define USE_SOLARIS_PROCESS_CONTRACTS 1 -_ACEOF - - SSHDLIBS="$SSHDLIBS -lcontract" - SPC_MSG="yes" -fi - - -fi - - -# Check whether --with-solaris-projects was given. -if test "${with_solaris_projects+set}" = set; then - withval=$with_solaris_projects; - { echo "$as_me:$LINENO: checking for setproject in -lproject" >&5 -echo $ECHO_N "checking for setproject in -lproject... $ECHO_C" >&6; } -if test "${ac_cv_lib_project_setproject+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lproject $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setproject (); -int -main () -{ -return setproject (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_project_setproject=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_project_setproject=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_project_setproject" >&5 -echo "${ECHO_T}$ac_cv_lib_project_setproject" >&6; } -if test $ac_cv_lib_project_setproject = yes; then - -cat >>confdefs.h <<\_ACEOF -#define USE_SOLARIS_PROJECTS 1 -_ACEOF - - SSHDLIBS="$SSHDLIBS -lproject" - SP_MSG="yes" -fi - - -fi - - TEST_SHELL=$SHELL # let configure find us a capable shell - ;; -*-*-sunos4*) - CPPFLAGS="$CPPFLAGS -DSUNOS4" - -for ac_func in getpwanam -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - cat >>confdefs.h <<\_ACEOF -#define PAM_SUN_CODEBASE 1 -_ACEOF - - conf_utmp_location=/etc/utmp - conf_wtmp_location=/var/adm/wtmp - conf_lastlog_location=/var/adm/lastlog - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - ;; -*-ncr-sysv*) - LIBS="$LIBS -lc89" - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SSHD_ACQUIRES_CTTY 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - ;; -*-sni-sysv*) - # /usr/ucblib MUST NOT be searched on ReliantUNIX - -{ echo "$as_me:$LINENO: checking for dlsym in -ldl" >&5 -echo $ECHO_N "checking for dlsym in -ldl... $ECHO_C" >&6; } -if test "${ac_cv_lib_dl_dlsym+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlsym (); -int -main () -{ -return dlsym (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_dl_dlsym=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dl_dlsym=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlsym" >&5 -echo "${ECHO_T}$ac_cv_lib_dl_dlsym" >&6; } -if test $ac_cv_lib_dl_dlsym = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDL 1 -_ACEOF - - LIBS="-ldl $LIBS" - -fi - - # -lresolv needs to be at the end of LIBS or DNS lookups break - { echo "$as_me:$LINENO: checking for res_query in -lresolv" >&5 -echo $ECHO_N "checking for res_query in -lresolv... $ECHO_C" >&6; } -if test "${ac_cv_lib_resolv_res_query+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char res_query (); -int -main () -{ -return res_query (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_resolv_res_query=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_resolv_res_query=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_res_query" >&5 -echo "${ECHO_T}$ac_cv_lib_resolv_res_query" >&6; } -if test $ac_cv_lib_resolv_res_query = yes; then - LIBS="$LIBS -lresolv" -fi - - IPADDR_IN_DISPLAY=yes - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define IP_TOS_IS_BROKEN 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SSHD_ACQUIRES_CTTY 1 -_ACEOF - - external_path_file=/etc/default/login - # /usr/ucblib/libucb.a no longer needed on ReliantUNIX - # Attention: always take care to bind libsocket and libnsl before libc, - # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog - ;; -# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. -*-*-sysv4.2*) - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define PASSWD_NEEDS_USERNAME 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_STRING "*LK*" -_ACEOF - - TEST_SHELL=$SHELL # let configure find us a capable shell - ;; -# UnixWare 7.x, OpenUNIX 8 -*-*-sysv5*) - CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" - -cat >>confdefs.h <<\_ACEOF -#define UNIXWARE_LONG_PASSWORDS 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETADDRINFO 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define PASSWD_NEEDS_USERNAME 1 -_ACEOF - - TEST_SHELL=$SHELL # let configure find us a capable shell - case "$host" in - *-*-sysv5SCO_SV*) # SCO OpenServer 6.x - maildir=/var/spool/mail - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_LIBIAF 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_UPDWTMPX 1 -_ACEOF - - { echo "$as_me:$LINENO: checking for getluid in -lprot" >&5 -echo $ECHO_N "checking for getluid in -lprot... $ECHO_C" >&6; } -if test "${ac_cv_lib_prot_getluid+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lprot $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getluid (); -int -main () -{ -return getluid (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_prot_getluid=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_prot_getluid=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_prot_getluid" >&5 -echo "${ECHO_T}$ac_cv_lib_prot_getluid" >&6; } -if test $ac_cv_lib_prot_getluid = yes; then - LIBS="$LIBS -lprot" - - -for ac_func in getluid setluid -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - cat >>confdefs.h <<\_ACEOF -#define HAVE_SECUREWARE 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_SHADOW 1 -_ACEOF - - -fi - - ;; - *) cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_STRING "*LK*" -_ACEOF - - check_for_libcrypt_later=1 - ;; - esac - ;; -*-*-sysv*) - ;; -# SCO UNIX and OEM versions of SCO UNIX -*-*-sco3.2v4*) - { { echo "$as_me:$LINENO: error: \"This Platform is no longer supported.\"" >&5 -echo "$as_me: error: \"This Platform is no longer supported.\"" >&2;} - { (exit 1); exit 1; }; } - ;; -# SCO OpenServer 5.x -*-*-sco3.2v5*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -belf" - fi - LIBS="$LIBS -lprot -lx -ltinfo -lm" - no_dev_ptmx=1 - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define HAVE_SECUREWARE 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_SHADOW 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETADDRINFO 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define WITH_ABBREV_NO_TTY 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_UPDWTMPX 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define PASSWD_NEEDS_USERNAME 1 -_ACEOF - - - -for ac_func in getluid setluid -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - MANTYPE=man - TEST_SHELL=$SHELL # let configure find us a capable shell - SKIP_DISABLE_LASTLOG_DEFINE=yes - ;; -*-*-unicosmk*) - -cat >>confdefs.h <<\_ACEOF -#define NO_SSH_LASTLOG 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define WITH_ABBREV_NO_TTY 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define NO_SSH_LASTLOG 1 -_ACEOF - - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-dec-osf*) - { echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 -echo $ECHO_N "checking for Digital Unix SIA... $ECHO_C" >&6; } - no_osfsia="" - -# Check whether --with-osfsia was given. -if test "${with_osfsia+set}" = set; then - withval=$with_osfsia; - if test "x$withval" = "xno" ; then - { echo "$as_me:$LINENO: result: disabled" >&5 -echo "${ECHO_T}disabled" >&6; } - no_osfsia=1 - fi - -fi - - if test -z "$no_osfsia" ; then - if test -f /etc/sia/matrix.conf; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define HAVE_OSF_SIA 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_LOGIN 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - LIBS="$LIBS -lsecurity -ldb -lm -laud" - SIA_MSG="yes" - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define LOCKED_PASSWD_SUBSTR "Nologin" -_ACEOF - - fi - fi - cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETADDRINFO 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SETEUID_BREAKS_SETUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREUID 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETREGID 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_READV_COMPARISON 1 -_ACEOF - - ;; - -*-*-nto-qnx*) - cat >>confdefs.h <<\_ACEOF -#define USE_PIPES 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define NO_X11_UNIX_SOCKETS 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_LASTLOG 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define SSHD_ACQUIRES_CTTY 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SHADOW_EXPIRE 1 -_ACEOF - - enable_etc_default_login=no # has incompatible /etc/default/login - case "$host" in - *-*-nto-qnx6*) - cat >>confdefs.h <<\_ACEOF -#define DISABLE_FD_PASSING 1 -_ACEOF - - ;; - esac - ;; - -*-*-ultrix*) - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETGROUPS 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_MMAP 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define NEED_SETPGRP 1 -_ACEOF - - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SYS_SYSLOG_H 1 -_ACEOF - - ;; - -*-*-lynxos) - CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETVBUF 1 -_ACEOF - - ;; -esac - -{ echo "$as_me:$LINENO: checking compiler and flags for sanity" >&5 -echo $ECHO_N "checking compiler and flags for sanity... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking compiler sanity" >&5 -echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { { echo "$as_me:$LINENO: error: *** compiler cannot create working executables, check config.log ***" >&5 -echo "$as_me: error: *** compiler cannot create working executables, check config.log ***" >&2;} - { (exit 1); exit 1; }; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -# Checks for libraries. -{ echo "$as_me:$LINENO: checking for yp_match" >&5 -echo $ECHO_N "checking for yp_match... $ECHO_C" >&6; } -if test "${ac_cv_func_yp_match+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define yp_match to an innocuous variant, in case declares yp_match. - For example, HP-UX 11i declares gettimeofday. */ -#define yp_match innocuous_yp_match - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char yp_match (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef yp_match - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char yp_match (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_yp_match || defined __stub___yp_match -choke me -#endif - -int -main () -{ -return yp_match (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_yp_match=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_yp_match=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_yp_match" >&5 -echo "${ECHO_T}$ac_cv_func_yp_match" >&6; } -if test $ac_cv_func_yp_match = yes; then - : -else - -{ echo "$as_me:$LINENO: checking for yp_match in -lnsl" >&5 -echo $ECHO_N "checking for yp_match in -lnsl... $ECHO_C" >&6; } -if test "${ac_cv_lib_nsl_yp_match+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnsl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char yp_match (); -int -main () -{ -return yp_match (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_nsl_yp_match=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_nsl_yp_match=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_yp_match" >&5 -echo "${ECHO_T}$ac_cv_lib_nsl_yp_match" >&6; } -if test $ac_cv_lib_nsl_yp_match = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBNSL 1 -_ACEOF - - LIBS="-lnsl $LIBS" - -fi - -fi - -{ echo "$as_me:$LINENO: checking for setsockopt" >&5 -echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6; } -if test "${ac_cv_func_setsockopt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define setsockopt to an innocuous variant, in case declares setsockopt. - For example, HP-UX 11i declares gettimeofday. */ -#define setsockopt innocuous_setsockopt - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char setsockopt (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef setsockopt - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setsockopt (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_setsockopt || defined __stub___setsockopt -choke me -#endif - -int -main () -{ -return setsockopt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_setsockopt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_setsockopt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_setsockopt" >&5 -echo "${ECHO_T}$ac_cv_func_setsockopt" >&6; } -if test $ac_cv_func_setsockopt = yes; then - : -else - -{ echo "$as_me:$LINENO: checking for setsockopt in -lsocket" >&5 -echo $ECHO_N "checking for setsockopt in -lsocket... $ECHO_C" >&6; } -if test "${ac_cv_lib_socket_setsockopt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsocket $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setsockopt (); -int -main () -{ -return setsockopt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_socket_setsockopt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_socket_setsockopt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_socket_setsockopt" >&5 -echo "${ECHO_T}$ac_cv_lib_socket_setsockopt" >&6; } -if test $ac_cv_lib_socket_setsockopt = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSOCKET 1 -_ACEOF - - LIBS="-lsocket $LIBS" - -fi - -fi - - - -for ac_func in dirname -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -for ac_header in libgen.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -else - - { echo "$as_me:$LINENO: checking for dirname in -lgen" >&5 -echo $ECHO_N "checking for dirname in -lgen... $ECHO_C" >&6; } -if test "${ac_cv_lib_gen_dirname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgen $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dirname (); -int -main () -{ -return dirname (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_gen_dirname=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_gen_dirname=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_gen_dirname" >&5 -echo "${ECHO_T}$ac_cv_lib_gen_dirname" >&6; } -if test $ac_cv_lib_gen_dirname = yes; then - - { echo "$as_me:$LINENO: checking for broken dirname" >&5 -echo $ECHO_N "checking for broken dirname... $ECHO_C" >&6; } -if test "${ac_cv_have_broken_dirname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - save_LIBS="$LIBS" - LIBS="$LIBS -lgen" - if test "$cross_compiling" = yes; then - ac_cv_have_broken_dirname="no" -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int main(int argc, char **argv) { - char *s, buf[32]; - - strncpy(buf,"/etc", 32); - s = dirname(buf); - if (!s || strncmp(s, "/", 32) != 0) { - exit(1); - } else { - exit(0); - } -} - -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_have_broken_dirname="no" -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - ac_cv_have_broken_dirname="yes" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - LIBS="$save_LIBS" - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_broken_dirname" >&5 -echo "${ECHO_T}$ac_cv_have_broken_dirname" >&6; } - if test "x$ac_cv_have_broken_dirname" = "xno" ; then - LIBS="$LIBS -lgen" - cat >>confdefs.h <<\_ACEOF -#define HAVE_DIRNAME 1 -_ACEOF - - -for ac_header in libgen.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - fi - -fi - - -fi -done - - -{ echo "$as_me:$LINENO: checking for getspnam" >&5 -echo $ECHO_N "checking for getspnam... $ECHO_C" >&6; } -if test "${ac_cv_func_getspnam+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getspnam to an innocuous variant, in case declares getspnam. - For example, HP-UX 11i declares gettimeofday. */ -#define getspnam innocuous_getspnam - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getspnam (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getspnam - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getspnam (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getspnam || defined __stub___getspnam -choke me -#endif - -int -main () -{ -return getspnam (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getspnam=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getspnam=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getspnam" >&5 -echo "${ECHO_T}$ac_cv_func_getspnam" >&6; } -if test $ac_cv_func_getspnam = yes; then - : -else - { echo "$as_me:$LINENO: checking for getspnam in -lgen" >&5 -echo $ECHO_N "checking for getspnam in -lgen... $ECHO_C" >&6; } -if test "${ac_cv_lib_gen_getspnam+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgen $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getspnam (); -int -main () -{ -return getspnam (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_gen_getspnam=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_gen_getspnam=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_gen_getspnam" >&5 -echo "${ECHO_T}$ac_cv_lib_gen_getspnam" >&6; } -if test $ac_cv_lib_gen_getspnam = yes; then - LIBS="$LIBS -lgen" -fi - -fi - -{ echo "$as_me:$LINENO: checking for library containing basename" >&5 -echo $ECHO_N "checking for library containing basename... $ECHO_C" >&6; } -if test "${ac_cv_search_basename+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char basename (); -int -main () -{ -return basename (); - ; - return 0; -} -_ACEOF -for ac_lib in '' gen; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_basename=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_basename+set}" = set; then - break -fi -done -if test "${ac_cv_search_basename+set}" = set; then - : -else - ac_cv_search_basename=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_basename" >&5 -echo "${ECHO_T}$ac_cv_search_basename" >&6; } -ac_res=$ac_cv_search_basename -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_BASENAME 1 -_ACEOF - -fi - - - -# Check whether --with-zlib was given. -if test "${with_zlib+set}" = set; then - withval=$with_zlib; if test "x$withval" = "xno" ; then - { { echo "$as_me:$LINENO: error: *** zlib is required ***" >&5 -echo "$as_me: error: *** zlib is required ***" >&2;} - { (exit 1); exit 1; }; } - elif test "x$withval" != "xyes"; then - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - -fi - - -if test "${ac_cv_header_zlib_h+set}" = set; then - { echo "$as_me:$LINENO: checking for zlib.h" >&5 -echo $ECHO_N "checking for zlib.h... $ECHO_C" >&6; } -if test "${ac_cv_header_zlib_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_zlib_h" >&5 -echo "${ECHO_T}$ac_cv_header_zlib_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking zlib.h usability" >&5 -echo $ECHO_N "checking zlib.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking zlib.h presence" >&5 -echo $ECHO_N "checking zlib.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: zlib.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: zlib.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: zlib.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: zlib.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: zlib.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: zlib.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: zlib.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: zlib.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: zlib.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: zlib.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: zlib.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: zlib.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: zlib.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: zlib.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: zlib.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: zlib.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for zlib.h" >&5 -echo $ECHO_N "checking for zlib.h... $ECHO_C" >&6; } -if test "${ac_cv_header_zlib_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_zlib_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_zlib_h" >&5 -echo "${ECHO_T}$ac_cv_header_zlib_h" >&6; } - -fi -if test $ac_cv_header_zlib_h = yes; then - : -else - { { echo "$as_me:$LINENO: error: *** zlib.h missing - please install first or check config.log ***" >&5 -echo "$as_me: error: *** zlib.h missing - please install first or check config.log ***" >&2;} - { (exit 1); exit 1; }; } -fi - - - -{ echo "$as_me:$LINENO: checking for deflate in -lz" >&5 -echo $ECHO_N "checking for deflate in -lz... $ECHO_C" >&6; } -if test "${ac_cv_lib_z_deflate+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lz $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char deflate (); -int -main () -{ -return deflate (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_z_deflate=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_z_deflate=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_z_deflate" >&5 -echo "${ECHO_T}$ac_cv_lib_z_deflate" >&6; } -if test $ac_cv_lib_z_deflate = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBZ 1 -_ACEOF - - LIBS="-lz $LIBS" - -else - - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" - save_LIBS="$LIBS" - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" - LIBS="$LIBS -lz" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char deflate (); -int -main () -{ -return deflate (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - cat >>confdefs.h <<\_ACEOF -#define HAVE_LIBZ 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 -echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} - { (exit 1); exit 1; }; } - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - -fi - - - -# Check whether --with-zlib-version-check was given. -if test "${with_zlib_version_check+set}" = set; then - withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then - zlib_check_nonfatal=1 - fi - - -fi - - -{ echo "$as_me:$LINENO: checking for possibly buggy zlib" >&5 -echo $ECHO_N "checking for possibly buggy zlib... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking zlib version" >&5 -echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - - int a=0, b=0, c=0, d=0, n, v; - n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); - if (n != 3 && n != 4) - exit(1); - v = a*1000000 + b*10000 + c*100 + d; - fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); - - /* 1.1.4 is OK */ - if (a == 1 && b == 1 && c >= 4) - exit(0); - - /* 1.2.3 and up are OK */ - if (v >= 1020300) - exit(0); - - exit(2); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - if test -z "$zlib_check_nonfatal" ; then - { { echo "$as_me:$LINENO: error: *** zlib too old - check config.log *** -Your reported zlib version has known security problems. It's possible your -vendor has fixed these problems without changing the version number. If you -are sure this is the case, you can disable the check by running -\"./configure --without-zlib-version-check\". -If you are in doubt, upgrade zlib to version 1.2.3 or greater. -See http://www.gzip.org/zlib/ for details." >&5 -echo "$as_me: error: *** zlib too old - check config.log *** -Your reported zlib version has known security problems. It's possible your -vendor has fixed these problems without changing the version number. If you -are sure this is the case, you can disable the check by running -\"./configure --without-zlib-version-check\". -If you are in doubt, upgrade zlib to version 1.2.3 or greater. -See http://www.gzip.org/zlib/ for details." >&2;} - { (exit 1); exit 1; }; } - else - { echo "$as_me:$LINENO: WARNING: zlib version may have security problems" >&5 -echo "$as_me: WARNING: zlib version may have security problems" >&2;} - fi - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -{ echo "$as_me:$LINENO: checking for strcasecmp" >&5 -echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6; } -if test "${ac_cv_func_strcasecmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define strcasecmp to an innocuous variant, in case declares strcasecmp. - For example, HP-UX 11i declares gettimeofday. */ -#define strcasecmp innocuous_strcasecmp - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char strcasecmp (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef strcasecmp - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strcasecmp (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_strcasecmp || defined __stub___strcasecmp -choke me -#endif - -int -main () -{ -return strcasecmp (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_strcasecmp=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_strcasecmp=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_strcasecmp" >&5 -echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6; } -if test $ac_cv_func_strcasecmp = yes; then - : -else - { echo "$as_me:$LINENO: checking for strcasecmp in -lresolv" >&5 -echo $ECHO_N "checking for strcasecmp in -lresolv... $ECHO_C" >&6; } -if test "${ac_cv_lib_resolv_strcasecmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strcasecmp (); -int -main () -{ -return strcasecmp (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_resolv_strcasecmp=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_resolv_strcasecmp=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_strcasecmp" >&5 -echo "${ECHO_T}$ac_cv_lib_resolv_strcasecmp" >&6; } -if test $ac_cv_lib_resolv_strcasecmp = yes; then - LIBS="$LIBS -lresolv" -fi - - -fi - - -for ac_func in utimes -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -else - { echo "$as_me:$LINENO: checking for utimes in -lc89" >&5 -echo $ECHO_N "checking for utimes in -lc89... $ECHO_C" >&6; } -if test "${ac_cv_lib_c89_utimes+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lc89 $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char utimes (); -int -main () -{ -return utimes (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_c89_utimes=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_c89_utimes=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 -echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6; } -if test $ac_cv_lib_c89_utimes = yes; then - cat >>confdefs.h <<\_ACEOF -#define HAVE_UTIMES 1 -_ACEOF - - LIBS="$LIBS -lc89" -fi - - -fi -done - - - - -for ac_header in bsd/libutil.h libutil.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - -{ echo "$as_me:$LINENO: checking for library containing fmt_scaled" >&5 -echo $ECHO_N "checking for library containing fmt_scaled... $ECHO_C" >&6; } -if test "${ac_cv_search_fmt_scaled+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char fmt_scaled (); -int -main () -{ -return fmt_scaled (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_fmt_scaled=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_fmt_scaled+set}" = set; then - break -fi -done -if test "${ac_cv_search_fmt_scaled+set}" = set; then - : -else - ac_cv_search_fmt_scaled=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_fmt_scaled" >&5 -echo "${ECHO_T}$ac_cv_search_fmt_scaled" >&6; } -ac_res=$ac_cv_search_fmt_scaled -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ echo "$as_me:$LINENO: checking for library containing scan_scaled" >&5 -echo $ECHO_N "checking for library containing scan_scaled... $ECHO_C" >&6; } -if test "${ac_cv_search_scan_scaled+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char scan_scaled (); -int -main () -{ -return scan_scaled (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_scan_scaled=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_scan_scaled+set}" = set; then - break -fi -done -if test "${ac_cv_search_scan_scaled+set}" = set; then - : -else - ac_cv_search_scan_scaled=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_scan_scaled" >&5 -echo "${ECHO_T}$ac_cv_search_scan_scaled" >&6; } -ac_res=$ac_cv_search_scan_scaled -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ echo "$as_me:$LINENO: checking for library containing login" >&5 -echo $ECHO_N "checking for library containing login... $ECHO_C" >&6; } -if test "${ac_cv_search_login+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char login (); -int -main () -{ -return login (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_login=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_login+set}" = set; then - break -fi -done -if test "${ac_cv_search_login+set}" = set; then - : -else - ac_cv_search_login=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_login" >&5 -echo "${ECHO_T}$ac_cv_search_login" >&6; } -ac_res=$ac_cv_search_login -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ echo "$as_me:$LINENO: checking for library containing logout" >&5 -echo $ECHO_N "checking for library containing logout... $ECHO_C" >&6; } -if test "${ac_cv_search_logout+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char logout (); -int -main () -{ -return logout (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_logout=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_logout+set}" = set; then - break -fi -done -if test "${ac_cv_search_logout+set}" = set; then - : -else - ac_cv_search_logout=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_logout" >&5 -echo "${ECHO_T}$ac_cv_search_logout" >&6; } -ac_res=$ac_cv_search_logout -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ echo "$as_me:$LINENO: checking for library containing logwtmp" >&5 -echo $ECHO_N "checking for library containing logwtmp... $ECHO_C" >&6; } -if test "${ac_cv_search_logwtmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char logwtmp (); -int -main () -{ -return logwtmp (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_logwtmp=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_logwtmp+set}" = set; then - break -fi -done -if test "${ac_cv_search_logwtmp+set}" = set; then - : -else - ac_cv_search_logwtmp=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_logwtmp" >&5 -echo "${ECHO_T}$ac_cv_search_logwtmp" >&6; } -ac_res=$ac_cv_search_logwtmp -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ echo "$as_me:$LINENO: checking for library containing openpty" >&5 -echo $ECHO_N "checking for library containing openpty... $ECHO_C" >&6; } -if test "${ac_cv_search_openpty+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char openpty (); -int -main () -{ -return openpty (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_openpty=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_openpty+set}" = set; then - break -fi -done -if test "${ac_cv_search_openpty+set}" = set; then - : -else - ac_cv_search_openpty=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_openpty" >&5 -echo "${ECHO_T}$ac_cv_search_openpty" >&6; } -ac_res=$ac_cv_search_openpty -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - -{ echo "$as_me:$LINENO: checking for library containing updwtmp" >&5 -echo $ECHO_N "checking for library containing updwtmp... $ECHO_C" >&6; } -if test "${ac_cv_search_updwtmp+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char updwtmp (); -int -main () -{ -return updwtmp (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_updwtmp=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_updwtmp+set}" = set; then - break -fi -done -if test "${ac_cv_search_updwtmp+set}" = set; then - : -else - ac_cv_search_updwtmp=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_updwtmp" >&5 -echo "${ECHO_T}$ac_cv_search_updwtmp" >&6; } -ac_res=$ac_cv_search_updwtmp -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - - - - - - - -for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -# On some platforms, inet_ntop may be found in libresolv or libnsl. -{ echo "$as_me:$LINENO: checking for library containing inet_ntop" >&5 -echo $ECHO_N "checking for library containing inet_ntop... $ECHO_C" >&6; } -if test "${ac_cv_search_inet_ntop+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char inet_ntop (); -int -main () -{ -return inet_ntop (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv nsl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_inet_ntop=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_inet_ntop+set}" = set; then - break -fi -done -if test "${ac_cv_search_inet_ntop+set}" = set; then - : -else - ac_cv_search_inet_ntop=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_inet_ntop" >&5 -echo "${ECHO_T}$ac_cv_search_inet_ntop" >&6; } -ac_res=$ac_cv_search_inet_ntop -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - - -for ac_func in strftime -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -else - # strftime is in -lintl on SCO UNIX. -{ echo "$as_me:$LINENO: checking for strftime in -lintl" >&5 -echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6; } -if test "${ac_cv_lib_intl_strftime+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lintl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strftime (); -int -main () -{ -return strftime (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_intl_strftime=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_intl_strftime=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5 -echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6; } -if test $ac_cv_lib_intl_strftime = yes; then - cat >>confdefs.h <<\_ACEOF -#define HAVE_STRFTIME 1 -_ACEOF - -LIBS="-lintl $LIBS" -fi - -fi -done - - -# Check for ALTDIRFUNC glob() extension -{ echo "$as_me:$LINENO: checking for GLOB_ALTDIRFUNC support" >&5 -echo $ECHO_N "checking for GLOB_ALTDIRFUNC support... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #ifdef GLOB_ALTDIRFUNC - FOUNDIT - #endif - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "FOUNDIT" >/dev/null 2>&1; then - - -cat >>confdefs.h <<\_ACEOF -#define GLOB_HAS_ALTDIRFUNC 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - - -fi -rm -f conftest* - - -# Check for g.gl_matchc glob() extension -{ echo "$as_me:$LINENO: checking for gl_matchc field in glob_t" >&5 -echo $ECHO_N "checking for gl_matchc field in glob_t... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - glob_t g; g.gl_matchc = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - -cat >>confdefs.h <<\_ACEOF -#define GLOB_HAS_GL_MATCHC 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -# Check for g.gl_statv glob() extension -{ echo "$as_me:$LINENO: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5 -echo $ECHO_N "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - -#ifndef GLOB_KEEPSTAT -#error "glob does not support GLOB_KEEPSTAT extension" -#endif -glob_t g; -g.gl_statv = NULL; - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - -cat >>confdefs.h <<\_ACEOF -#define GLOB_HAS_GL_STATV 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -{ echo "$as_me:$LINENO: checking whether GLOB_NOMATCH is declared" >&5 -echo $ECHO_N "checking whether GLOB_NOMATCH is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_GLOB_NOMATCH+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef GLOB_NOMATCH - (void) GLOB_NOMATCH; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_GLOB_NOMATCH=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_GLOB_NOMATCH=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_GLOB_NOMATCH" >&5 -echo "${ECHO_T}$ac_cv_have_decl_GLOB_NOMATCH" >&6; } -if test $ac_cv_have_decl_GLOB_NOMATCH = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GLOB_NOMATCH 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GLOB_NOMATCH 0 -_ACEOF - - -fi - - - -{ echo "$as_me:$LINENO: checking whether struct dirent allocates space for d_name" >&5 -echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5 -echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;} - cat >>confdefs.h <<\_ACEOF -#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1 -_ACEOF - - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int -main () -{ - - struct dirent d; - exit(sizeof(d.d_name)<=sizeof(char)); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1 -_ACEOF - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -{ echo "$as_me:$LINENO: checking for /proc/pid/fd directory" >&5 -echo $ECHO_N "checking for /proc/pid/fd directory... $ECHO_C" >&6; } -if test -d "/proc/$$/fd" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_PROC_PID 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - -# Check whether user wants S/Key support -SKEY_MSG="no" - -# Check whether --with-skey was given. -if test "${with_skey+set}" = set; then - withval=$with_skey; - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - -cat >>confdefs.h <<\_ACEOF -#define SKEY 1 -_ACEOF - - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - { echo "$as_me:$LINENO: checking for s/key support" >&5 -echo $ECHO_N "checking for s/key support... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - - char *ff = skey_keyinfo(""); ff=""; - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { { echo "$as_me:$LINENO: error: ** Incomplete or missing s/key libraries." >&5 -echo "$as_me: error: ** Incomplete or missing s/key libraries." >&2;} - { (exit 1); exit 1; }; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - { echo "$as_me:$LINENO: checking if skeychallenge takes 4 arguments" >&5 -echo $ECHO_N "checking if skeychallenge takes 4 arguments... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - - (void)skeychallenge(NULL,"name","",0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define SKEYCHALLENGE_4ARG 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - - -fi - - -# Check whether user wants to use ldns -LDNS_MSG="no" - -# Check whether --with-ldns was given. -if test "${with_ldns+set}" = set; then - withval=$with_ldns; - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - -cat >>confdefs.h <<\_ACEOF -#define HAVE_LDNS 1 -_ACEOF - - LIBS="-lldns $LIBS" - LDNS_MSG="yes" - - { echo "$as_me:$LINENO: checking for ldns support" >&5 -echo $ECHO_N "checking for ldns support... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include -int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } - - -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { { echo "$as_me:$LINENO: error: ** Incomplete or missing ldns libraries." >&5 -echo "$as_me: error: ** Incomplete or missing ldns libraries." >&2;} - { (exit 1); exit 1; }; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - fi - - -fi - - -# Check whether user wants libedit support -LIBEDIT_MSG="no" - -# Check whether --with-libedit was given. -if test "${with_libedit+set}" = set; then - withval=$with_libedit; if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_PKGCONFIG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $PKGCONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -PKGCONFIG=$ac_cv_path_PKGCONFIG -if test -n "$PKGCONFIG"; then - { echo "$as_me:$LINENO: result: $PKGCONFIG" >&5 -echo "${ECHO_T}$PKGCONFIG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKGCONFIG"; then - ac_pt_PKGCONFIG=$PKGCONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_ac_pt_PKGCONFIG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $ac_pt_PKGCONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG -if test -n "$ac_pt_PKGCONFIG"; then - { echo "$as_me:$LINENO: result: $ac_pt_PKGCONFIG" >&5 -echo "${ECHO_T}$ac_pt_PKGCONFIG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - if test "x$ac_pt_PKGCONFIG" = x; then - PKGCONFIG="no" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&5 -echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools -whose name does not start with the host triplet. If you think this -configuration is useful to you, please write to autoconf@gnu.org." >&2;} -ac_tool_warned=yes ;; -esac - PKGCONFIG=$ac_pt_PKGCONFIG - fi -else - PKGCONFIG="$ac_cv_path_PKGCONFIG" -fi - - if test "x$PKGCONFIG" != "xno"; then - { echo "$as_me:$LINENO: checking if $PKGCONFIG knows about libedit" >&5 -echo $ECHO_N "checking if $PKGCONFIG knows about libedit... $ECHO_C" >&6; } - if "$PKGCONFIG" libedit; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - use_pkgconfig_for_libedit=yes - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - fi - else - CPPFLAGS="$CPPFLAGS -I${withval}/include" - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi - if test "x$use_pkgconfig_for_libedit" = "xyes"; then - LIBEDIT=`$PKGCONFIG --libs libedit` - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" - else - LIBEDIT="-ledit -lcurses" - fi - OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` - { echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 -echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6; } -if test "${ac_cv_lib_edit_el_init+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ledit $OTHERLIBS - $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char el_init (); -int -main () -{ -return el_init (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_edit_el_init=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_edit_el_init=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_edit_el_init" >&5 -echo "${ECHO_T}$ac_cv_lib_edit_el_init" >&6; } -if test $ac_cv_lib_edit_el_init = yes; then - -cat >>confdefs.h <<\_ACEOF -#define USE_LIBEDIT 1 -_ACEOF - - LIBEDIT_MSG="yes" - - -else - { { echo "$as_me:$LINENO: error: libedit not found" >&5 -echo "$as_me: error: libedit not found" >&2;} - { (exit 1); exit 1; }; } -fi - - { echo "$as_me:$LINENO: checking if libedit version is compatible" >&5 -echo $ECHO_N "checking if libedit version is compatible... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - - int i = H_SETSIZE; - el_init("", NULL, NULL, NULL); - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { { echo "$as_me:$LINENO: error: libedit version is not compatible" >&5 -echo "$as_me: error: libedit version is not compatible" >&2;} - { (exit 1); exit 1; }; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - -fi - - -AUDIT_MODULE=none - -# Check whether --with-audit was given. -if test "${with_audit+set}" = set; then - withval=$with_audit; - { echo "$as_me:$LINENO: checking for supported audit module" >&5 -echo $ECHO_N "checking for supported audit module... $ECHO_C" >&6; } - case "$withval" in - bsm) - { echo "$as_me:$LINENO: result: bsm" >&5 -echo "${ECHO_T}bsm" >&6; } - AUDIT_MODULE=bsm - -for ac_header in bsm/audit.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_TIME_H -# include -#endif - - - -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - eval "$as_ac_Header=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_Header=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -else - { { echo "$as_me:$LINENO: error: BSM enabled and bsm/audit.h not found" >&5 -echo "$as_me: error: BSM enabled and bsm/audit.h not found" >&2;} - { (exit 1); exit 1; }; } -fi - -done - - -{ echo "$as_me:$LINENO: checking for getaudit in -lbsm" >&5 -echo $ECHO_N "checking for getaudit in -lbsm... $ECHO_C" >&6; } -if test "${ac_cv_lib_bsm_getaudit+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lbsm $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getaudit (); -int -main () -{ -return getaudit (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_bsm_getaudit=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_bsm_getaudit=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_bsm_getaudit" >&5 -echo "${ECHO_T}$ac_cv_lib_bsm_getaudit" >&6; } -if test $ac_cv_lib_bsm_getaudit = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBBSM 1 -_ACEOF - - LIBS="-lbsm $LIBS" - -else - { { echo "$as_me:$LINENO: error: BSM enabled and required library not found" >&5 -echo "$as_me: error: BSM enabled and required library not found" >&2;} - { (exit 1); exit 1; }; } -fi - - -for ac_func in getaudit -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -else - { { echo "$as_me:$LINENO: error: BSM enabled and required function not found" >&5 -echo "$as_me: error: BSM enabled and required function not found" >&2;} - { (exit 1); exit 1; }; } -fi -done - - # These are optional - - -for ac_func in getaudit_addr aug_get_machine -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -cat >>confdefs.h <<\_ACEOF -#define USE_BSM_AUDIT 1 -_ACEOF - - if test "$sol2ver" -ge 11; then - SSHDLIBS="$SSHDLIBS -lscf" - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_BSM_API 1 -_ACEOF - - fi - ;; - linux) - { echo "$as_me:$LINENO: result: linux" >&5 -echo "${ECHO_T}linux" >&6; } - AUDIT_MODULE=linux - -for ac_header in libaudit.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - SSHDLIBS="$SSHDLIBS -laudit" - -cat >>confdefs.h <<\_ACEOF -#define USE_LINUX_AUDIT 1 -_ACEOF - - ;; - debug) - AUDIT_MODULE=debug - { echo "$as_me:$LINENO: result: debug" >&5 -echo "${ECHO_T}debug" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define SSH_AUDIT_EVENTS 1 -_ACEOF - - ;; - no) - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) - { { echo "$as_me:$LINENO: error: Unknown audit module $withval" >&5 -echo "$as_me: error: Unknown audit module $withval" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - -fi - - - -# Check whether --with-pie was given. -if test "${with_pie+set}" = set; then - withval=$with_pie; - if test "x$withval" = "xno"; then - use_pie=no - fi - if test "x$withval" = "xyes"; then - use_pie=yes - fi - - -fi - -if test "x$use_pie" = "x"; then - use_pie=no -fi -if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then - # Turn off automatic PIE when toolchain hardening is off. - use_pie=no -fi -if test "x$use_pie" = "xauto"; then - # Automatic PIE requires gcc >= 4.x - { echo "$as_me:$LINENO: checking for gcc >= 4.x" >&5 -echo $ECHO_N "checking for gcc >= 4.x... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#if !defined(__GNUC__) || __GNUC__ < 4 -#error gcc is too old -#endif - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - use_pie=no - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -if test "x$use_pie" != "xno"; then - SAVED_CFLAGS="$CFLAGS" - SAVED_LDFLAGS="$LDFLAGS" - { - { echo "$as_me:$LINENO: checking if $CC supports compile flag -fPIE" >&5 -echo $ECHO_N "checking if $CC supports compile flag -fPIE... $ECHO_C" >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -fPIE" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-fPIE" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - -if `grep -i "unrecognized option" conftest.err >/dev/null` -then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -fi -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { echo "$as_me:$LINENO: checking if $LD supports link flag -pie" >&5 -echo $ECHO_N "checking if $LD supports link flag -pie... $ECHO_C" >&6; } - saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -pie" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-pie" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int main(int argc, char **argv) { - /* Some math to catch -ftrapv problems in the toolchain */ - int i = 123 * argc, j = 456 + argc, k = 789 - argc; - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - exit(0); -} - -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - LDFLAGS="$saved_LDFLAGS" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -} - # We use both -fPIE and -pie or neither. - { echo "$as_me:$LINENO: checking whether both -fPIE and -pie are supported" >&5 -echo $ECHO_N "checking whether both -fPIE and -pie are supported... $ECHO_C" >&6; } - if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ - echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - CFLAGS="$SAVED_CFLAGS" - LDFLAGS="$SAVED_LDFLAGS" - fi -fi - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -for ac_func in \ - Blowfish_initstate \ - Blowfish_expandstate \ - Blowfish_expand0state \ - Blowfish_stream2word \ - asprintf \ - b64_ntop \ - __b64_ntop \ - b64_pton \ - __b64_pton \ - bcopy \ - bcrypt_pbkdf \ - bindresvport_sa \ - blf_enc \ - cap_rights_limit \ - clock \ - closefrom \ - dirfd \ - endgrent \ - explicit_bzero \ - fchmod \ - fchown \ - freeaddrinfo \ - fstatfs \ - fstatvfs \ - futimes \ - getaddrinfo \ - getcwd \ - getgrouplist \ - getnameinfo \ - getopt \ - getpeereid \ - getpeerucred \ - getpgid \ - getpgrp \ - _getpty \ - getrlimit \ - getttyent \ - glob \ - group_from_gid \ - inet_aton \ - inet_ntoa \ - inet_ntop \ - innetgr \ - login_getcapbool \ - mblen \ - md5_crypt \ - memmove \ - memset_s \ - mkdtemp \ - mmap \ - ngetaddrinfo \ - nsleep \ - ogetaddrinfo \ - openlog_r \ - poll \ - prctl \ - pstat \ - readpassphrase \ - reallocarray \ - recvmsg \ - rresvport_af \ - sendmsg \ - setdtablesize \ - setegid \ - setenv \ - seteuid \ - setgroupent \ - setgroups \ - setlinebuf \ - setlogin \ - setpassent\ - setpcred \ - setproctitle \ - setregid \ - setreuid \ - setrlimit \ - setsid \ - setvbuf \ - sigaction \ - sigvec \ - snprintf \ - socketpair \ - statfs \ - statvfs \ - strdup \ - strerror \ - strlcat \ - strlcpy \ - strmode \ - strnlen \ - strnvis \ - strptime \ - strtonum \ - strtoll \ - strtoul \ - strtoull \ - swap32 \ - sysconf \ - tcgetpgrp \ - timingsafe_bcmp \ - truncate \ - unsetenv \ - updwtmpx \ - user_from_uid \ - usleep \ - vasprintf \ - vsnprintf \ - waitpid \ - -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - return (isblank('a')); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ISBLANK 1 -_ACEOF - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -# PKCS11 depends on OpenSSL. -if test "x$openssl" = "xyes" ; then - # PKCS#11 support requires dlopen() and co - { echo "$as_me:$LINENO: checking for library containing dlopen" >&5 -echo $ECHO_N "checking for library containing dlopen... $ECHO_C" >&6; } -if test "${ac_cv_search_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_dlopen=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_dlopen+set}" = set; then - break -fi -done -if test "${ac_cv_search_dlopen+set}" = set; then - : -else - ac_cv_search_dlopen=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_dlopen" >&5 -echo "${ECHO_T}$ac_cv_search_dlopen" >&6; } -ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define ENABLE_PKCS11 -_ACEOF - - -fi - -fi - -# IRIX has a const char return value for gai_strerror() - -for ac_func in gai_strerror -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define HAVE_GAI_STRERROR 1 -_ACEOF - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -const char *gai_strerror(int); - -int -main () -{ - - char *str; - str = gai_strerror(0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - -cat >>confdefs.h <<\_ACEOF -#define HAVE_CONST_GAI_STRERROR_PROTO 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -done - - -{ echo "$as_me:$LINENO: checking for library containing nanosleep" >&5 -echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6; } -if test "${ac_cv_search_nanosleep+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char nanosleep (); -int -main () -{ -return nanosleep (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt posix4; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_nanosleep=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_nanosleep+set}" = set; then - break -fi -done -if test "${ac_cv_search_nanosleep+set}" = set; then - : -else - ac_cv_search_nanosleep=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5 -echo "${ECHO_T}$ac_cv_search_nanosleep" >&6; } -ac_res=$ac_cv_search_nanosleep -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_NANOSLEEP 1 -_ACEOF - -fi - - -{ echo "$as_me:$LINENO: checking for library containing clock_gettime" >&5 -echo $ECHO_N "checking for library containing clock_gettime... $ECHO_C" >&6; } -if test "${ac_cv_search_clock_gettime+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char clock_gettime (); -int -main () -{ -return clock_gettime (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_clock_gettime=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_clock_gettime+set}" = set; then - break -fi -done -if test "${ac_cv_search_clock_gettime+set}" = set; then - : -else - ac_cv_search_clock_gettime=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_clock_gettime" >&5 -echo "${ECHO_T}$ac_cv_search_clock_gettime" >&6; } -ac_res=$ac_cv_search_clock_gettime -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_CLOCK_GETTIME 1 -_ACEOF - -fi - - -{ echo "$as_me:$LINENO: checking whether getrusage is declared" >&5 -echo $ECHO_N "checking whether getrusage is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_getrusage+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef getrusage - (void) getrusage; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_getrusage=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_getrusage=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_getrusage" >&5 -echo "${ECHO_T}$ac_cv_have_decl_getrusage" >&6; } -if test $ac_cv_have_decl_getrusage = yes; then - -for ac_func in getrusage -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi - -{ echo "$as_me:$LINENO: checking whether strsep is declared" >&5 -echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_strsep+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_STRING_H -# include -#endif - - -int -main () -{ -#ifndef strsep - (void) strsep; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_strsep=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_strsep=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5 -echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6; } -if test $ac_cv_have_decl_strsep = yes; then - -for ac_func in strsep -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi - - -{ echo "$as_me:$LINENO: checking whether tcsendbreak is declared" >&5 -echo $ECHO_N "checking whether tcsendbreak is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_tcsendbreak+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - - -int -main () -{ -#ifndef tcsendbreak - (void) tcsendbreak; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_tcsendbreak=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_tcsendbreak=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_tcsendbreak" >&5 -echo "${ECHO_T}$ac_cv_have_decl_tcsendbreak" >&6; } -if test $ac_cv_have_decl_tcsendbreak = yes; then - cat >>confdefs.h <<\_ACEOF -#define HAVE_TCSENDBREAK 1 -_ACEOF - -else - -for ac_func in tcsendbreak -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi - - -{ echo "$as_me:$LINENO: checking whether h_errno is declared" >&5 -echo $ECHO_N "checking whether h_errno is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_h_errno+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -#ifndef h_errno - (void) h_errno; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_h_errno=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_h_errno=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_h_errno" >&5 -echo "${ECHO_T}$ac_cv_have_decl_h_errno" >&6; } -if test $ac_cv_have_decl_h_errno = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRNO 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRNO 0 -_ACEOF - - -fi - - - -{ echo "$as_me:$LINENO: checking whether SHUT_RD is declared" >&5 -echo $ECHO_N "checking whether SHUT_RD is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_SHUT_RD+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -#ifndef SHUT_RD - (void) SHUT_RD; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_SHUT_RD=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_SHUT_RD=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_SHUT_RD" >&5 -echo "${ECHO_T}$ac_cv_have_decl_SHUT_RD" >&6; } -if test $ac_cv_have_decl_SHUT_RD = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SHUT_RD 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SHUT_RD 0 -_ACEOF - - -fi - - - -{ echo "$as_me:$LINENO: checking whether O_NONBLOCK is declared" >&5 -echo $ECHO_N "checking whether O_NONBLOCK is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_O_NONBLOCK+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef HAVE_FCNTL_H -# include -#endif - - -int -main () -{ -#ifndef O_NONBLOCK - (void) O_NONBLOCK; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_O_NONBLOCK=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_O_NONBLOCK=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_O_NONBLOCK" >&5 -echo "${ECHO_T}$ac_cv_have_decl_O_NONBLOCK" >&6; } -if test $ac_cv_have_decl_O_NONBLOCK = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_O_NONBLOCK 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_O_NONBLOCK 0 -_ACEOF - - -fi - - - -{ echo "$as_me:$LINENO: checking whether writev is declared" >&5 -echo $ECHO_N "checking whether writev is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_writev+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - - -int -main () -{ -#ifndef writev - (void) writev; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_writev=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_writev=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_writev" >&5 -echo "${ECHO_T}$ac_cv_have_decl_writev" >&6; } -if test $ac_cv_have_decl_writev = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_WRITEV 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_WRITEV 0 -_ACEOF - - -fi - - - -{ echo "$as_me:$LINENO: checking whether MAXSYMLINKS is declared" >&5 -echo $ECHO_N "checking whether MAXSYMLINKS is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_MAXSYMLINKS+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - - -int -main () -{ -#ifndef MAXSYMLINKS - (void) MAXSYMLINKS; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_MAXSYMLINKS=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_MAXSYMLINKS=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_MAXSYMLINKS" >&5 -echo "${ECHO_T}$ac_cv_have_decl_MAXSYMLINKS" >&6; } -if test $ac_cv_have_decl_MAXSYMLINKS = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_MAXSYMLINKS 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_MAXSYMLINKS 0 -_ACEOF - - -fi - - - -{ echo "$as_me:$LINENO: checking whether offsetof is declared" >&5 -echo $ECHO_N "checking whether offsetof is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_offsetof+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - - -int -main () -{ -#ifndef offsetof - (void) offsetof; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_offsetof=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_offsetof=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_offsetof" >&5 -echo "${ECHO_T}$ac_cv_have_decl_offsetof" >&6; } -if test $ac_cv_have_decl_offsetof = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OFFSETOF 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OFFSETOF 0 -_ACEOF - - -fi - - - -# extra bits for select(2) -{ echo "$as_me:$LINENO: checking whether howmany is declared" >&5 -echo $ECHO_N "checking whether howmany is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_howmany+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_SYS_SYSMACROS_H -#include -#endif -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif - - -int -main () -{ -#ifndef howmany - (void) howmany; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_howmany=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_howmany=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_howmany" >&5 -echo "${ECHO_T}$ac_cv_have_decl_howmany" >&6; } -if test $ac_cv_have_decl_howmany = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_HOWMANY 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_HOWMANY 0 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking whether NFDBITS is declared" >&5 -echo $ECHO_N "checking whether NFDBITS is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_NFDBITS+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_SYS_SYSMACROS_H -#include -#endif -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif - - -int -main () -{ -#ifndef NFDBITS - (void) NFDBITS; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_NFDBITS=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_NFDBITS=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_NFDBITS" >&5 -echo "${ECHO_T}$ac_cv_have_decl_NFDBITS" >&6; } -if test $ac_cv_have_decl_NFDBITS = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_NFDBITS 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_NFDBITS 0 -_ACEOF - - -fi - - -{ echo "$as_me:$LINENO: checking for fd_mask" >&5 -echo $ECHO_N "checking for fd_mask... $ECHO_C" >&6; } -if test "${ac_cv_type_fd_mask+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif - - -typedef fd_mask ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_fd_mask=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_fd_mask=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_fd_mask" >&5 -echo "${ECHO_T}$ac_cv_type_fd_mask" >&6; } -if test $ac_cv_type_fd_mask = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_FD_MASK 1 -_ACEOF - - -fi - - - -for ac_func in setresuid -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - - { echo "$as_me:$LINENO: checking if setresuid seems to work" >&5 -echo $ECHO_N "checking if setresuid seems to work... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking setresuid" >&5 -echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - - errno=0; - setresuid(0,0,0); - if (errno==ENOSYS) - exit(1); - else - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETRESUID 1 -_ACEOF - - { echo "$as_me:$LINENO: result: not implemented" >&5 -echo "${ECHO_T}not implemented" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -fi -done - - - -for ac_func in setresgid -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - - { echo "$as_me:$LINENO: checking if setresgid seems to work" >&5 -echo $ECHO_N "checking if setresgid seems to work... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking setresuid" >&5 -echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - - errno=0; - setresgid(0,0,0); - if (errno==ENOSYS) - exit(1); - else - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SETRESGID 1 -_ACEOF - - { echo "$as_me:$LINENO: result: not implemented" >&5 -echo "${ECHO_T}not implemented" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -fi -done - - - -for ac_func in realpath -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - - { echo "$as_me:$LINENO: checking if realpath works with non-existent files" >&5 -echo $ECHO_N "checking if realpath works with non-existent files... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: assuming working" >&5 -echo "$as_me: WARNING: cross compiling: assuming working" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - - char buf[PATH_MAX]; - if (realpath("/opensshnonexistentfilename1234", buf) == NULL) - if (errno == ENOENT) - exit(1); - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_REALPATH 1 -_ACEOF - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -fi -done - - - - -for ac_func in gettimeofday time -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - - - - - -for ac_func in endutent getutent getutid getutline pututline setutent -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -for ac_func in utmpname -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - - - - - -for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - - -for ac_func in setutxdb setutxent utmpxname -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -for ac_func in getlastlogxbyname -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -{ echo "$as_me:$LINENO: checking for daemon" >&5 -echo $ECHO_N "checking for daemon... $ECHO_C" >&6; } -if test "${ac_cv_func_daemon+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define daemon to an innocuous variant, in case declares daemon. - For example, HP-UX 11i declares gettimeofday. */ -#define daemon innocuous_daemon - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char daemon (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef daemon - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char daemon (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_daemon || defined __stub___daemon -choke me -#endif - -int -main () -{ -return daemon (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_daemon=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_daemon=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5 -echo "${ECHO_T}$ac_cv_func_daemon" >&6; } -if test $ac_cv_func_daemon = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_DAEMON 1 -_ACEOF - -else - { echo "$as_me:$LINENO: checking for daemon in -lbsd" >&5 -echo $ECHO_N "checking for daemon in -lbsd... $ECHO_C" >&6; } -if test "${ac_cv_lib_bsd_daemon+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lbsd $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char daemon (); -int -main () -{ -return daemon (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_bsd_daemon=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_bsd_daemon=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_bsd_daemon" >&5 -echo "${ECHO_T}$ac_cv_lib_bsd_daemon" >&6; } -if test $ac_cv_lib_bsd_daemon = yes; then - LIBS="$LIBS -lbsd"; cat >>confdefs.h <<\_ACEOF -#define HAVE_DAEMON 1 -_ACEOF - -fi - - -fi - - -{ echo "$as_me:$LINENO: checking for getpagesize" >&5 -echo $ECHO_N "checking for getpagesize... $ECHO_C" >&6; } -if test "${ac_cv_func_getpagesize+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define getpagesize to an innocuous variant, in case declares getpagesize. - For example, HP-UX 11i declares gettimeofday. */ -#define getpagesize innocuous_getpagesize - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char getpagesize (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef getpagesize - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getpagesize (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_getpagesize || defined __stub___getpagesize -choke me -#endif - -int -main () -{ -return getpagesize (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_func_getpagesize=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getpagesize=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getpagesize" >&5 -echo "${ECHO_T}$ac_cv_func_getpagesize" >&6; } -if test $ac_cv_func_getpagesize = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_GETPAGESIZE 1 -_ACEOF - -else - { echo "$as_me:$LINENO: checking for getpagesize in -lucb" >&5 -echo $ECHO_N "checking for getpagesize in -lucb... $ECHO_C" >&6; } -if test "${ac_cv_lib_ucb_getpagesize+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lucb $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getpagesize (); -int -main () -{ -return getpagesize (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_ucb_getpagesize=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_ucb_getpagesize=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_ucb_getpagesize" >&5 -echo "${ECHO_T}$ac_cv_lib_ucb_getpagesize" >&6; } -if test $ac_cv_lib_ucb_getpagesize = yes; then - LIBS="$LIBS -lucb"; cat >>confdefs.h <<\_ACEOF -#define HAVE_GETPAGESIZE 1 -_ACEOF - -fi - - -fi - - -# Check for broken snprintf -if test "x$ac_cv_func_snprintf" = "xyes" ; then - { echo "$as_me:$LINENO: checking whether snprintf correctly terminates long strings" >&5 -echo $ECHO_N "checking whether snprintf correctly terminates long strings... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: Assuming working snprintf()" >&5 -echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - - char b[5]; - snprintf(b,5,"123456789"); - exit(b[4]!='\0'); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SNPRINTF 1 -_ACEOF - - { echo "$as_me:$LINENO: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 -echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -# We depend on vsnprintf returning the right thing on overflow: the -# number of characters it tried to create (as per SUSv3) -if test "x$ac_cv_func_vsnprintf" = "xyes" ; then - { echo "$as_me:$LINENO: checking whether vsnprintf returns correct values on overflow" >&5 -echo $ECHO_N "checking whether vsnprintf returns correct values on overflow... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: Assuming working vsnprintf()" >&5 -echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int x_snprintf(char *str, size_t count, const char *fmt, ...) -{ - size_t ret; - va_list ap; - - va_start(ap, fmt); - ret = vsnprintf(str, count, fmt, ap); - va_end(ap); - return ret; -} - -int -main () -{ - -char x[1]; -if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) - return 1; -if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) - return 1; -return 0; - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define BROKEN_SNPRINTF 1 -_ACEOF - - { echo "$as_me:$LINENO: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5 -echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;} - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -# On systems where [v]snprintf is broken, but is declared in stdio, -# check that the fmt argument is const char * or just char *. -# This is only useful for when BROKEN_SNPRINTF -{ echo "$as_me:$LINENO: checking whether snprintf can declare const char *fmt" >&5 -echo $ECHO_N "checking whether snprintf can declare const char *fmt... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -int snprintf(char *a, size_t b, const char *c, ...) { return 0; } - -int -main () -{ - - snprintf(0, 0, 0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define SNPRINTF_CONST const -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SNPRINTF_CONST /* not const */ -_ACEOF - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -# Check for missing getpeereid (or equiv) support -NO_PEERCHECK="" -if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then - { echo "$as_me:$LINENO: checking whether system supports SO_PEERCRED getsockopt" >&5 -echo $ECHO_N "checking whether system supports SO_PEERCRED getsockopt... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -int -main () -{ -int i = SO_PEERCRED; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SO_PEERCRED 1 -_ACEOF - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - NO_PEERCHECK=1 - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if test "x$ac_cv_func_mkdtemp" = "xyes" ; then -{ echo "$as_me:$LINENO: checking for (overly) strict mkstemp" >&5 -echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define HAVE_STRICT_MKSTEMP 1 -_ACEOF - - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - -int -main () -{ - - char template[]="conftest.mkstemp-test"; - if (mkstemp(template) == -1) - exit(1); - unlink(template); - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRICT_MKSTEMP 1 -_ACEOF - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -if test ! -z "$check_for_openpty_ctty_bug"; then - { echo "$as_me:$LINENO: checking if openpty correctly handles controlling tty" >&5 -echo $ECHO_N "checking if openpty correctly handles controlling tty... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: result: cross-compiling, assuming yes" >&5 -echo "${ECHO_T}cross-compiling, assuming yes" >&6; } - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include - -int -main () -{ - - pid_t pid; - int fd, ptyfd, ttyfd, status; - - pid = fork(); - if (pid < 0) { /* failed */ - exit(1); - } else if (pid > 0) { /* parent */ - waitpid(pid, &status, 0); - if (WIFEXITED(status)) - exit(WEXITSTATUS(status)); - else - exit(2); - } else { /* child */ - close(0); close(1); close(2); - setsid(); - openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) - exit(3); /* Acquired ctty: broken */ - else - exit(0); /* Did not acquire ctty: OK */ - } - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SSHD_ACQUIRES_CTTY 1 -_ACEOF - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then - { echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 -echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: result: cross-compiling, assuming yes" >&5 -echo "${ECHO_T}cross-compiling, assuming yes" >&6; } - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include -#include - -#define TEST_PORT "2222" - -int -main () -{ - - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (err != 0) { - if (err == EAI_SYSTEM) - perror("getnameinfo EAI_SYSTEM"); - else - fprintf(stderr, "getnameinfo failed: %s\n", - gai_strerror(err)); - exit(2); - } - - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) - perror("socket"); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (errno == EBADF) - exit(3); - } - } - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETADDRINFO 1 -_ACEOF - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_aix_broken_getaddrinfo" = "x1"; then - { echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 -echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: result: cross-compiling, assuming no" >&5 -echo "${ECHO_T}cross-compiling, assuming no" >&6; } - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include -#include - -#define TEST_PORT "2222" - -int -main () -{ - - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (ai->ai_family == AF_INET && err != 0) { - perror("getnameinfo"); - exit(2); - } - } - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define AIX_GETNAMEINFO_HACK 1 -_ACEOF - - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define BROKEN_GETADDRINFO 1 -_ACEOF - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes"; then - { echo "$as_me:$LINENO: checking whether AI_NUMERICSERV is declared" >&5 -echo $ECHO_N "checking whether AI_NUMERICSERV is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_AI_NUMERICSERV+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - #include - #include - -int -main () -{ -#ifndef AI_NUMERICSERV - (void) AI_NUMERICSERV; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_AI_NUMERICSERV=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_AI_NUMERICSERV=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_AI_NUMERICSERV" >&5 -echo "${ECHO_T}$ac_cv_have_decl_AI_NUMERICSERV" >&6; } -if test $ac_cv_have_decl_AI_NUMERICSERV = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_AI_NUMERICSERV 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_AI_NUMERICSERV 0 -_ACEOF - - -fi - - -fi - -if test "x$check_for_conflicting_getspnam" = "x1"; then - { echo "$as_me:$LINENO: checking for conflicting getspnam in shadow.h" >&5 -echo $ECHO_N "checking for conflicting getspnam in shadow.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define GETSPNAM_CONFLICTING_DEFS 1 -_ACEOF - - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5 -echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6; } -if test "${ac_cv_func_getpgrp_void+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Use it with a single arg. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -getpgrp (0); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_func_getpgrp_void=no -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_func_getpgrp_void=yes -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_getpgrp_void" >&5 -echo "${ECHO_T}$ac_cv_func_getpgrp_void" >&6; } -if test $ac_cv_func_getpgrp_void = yes; then - -cat >>confdefs.h <<\_ACEOF -#define GETPGRP_VOID 1 -_ACEOF - -fi - - -# Search for OpenSSL -saved_CPPFLAGS="$CPPFLAGS" -saved_LDFLAGS="$LDFLAGS" - -# Check whether --with-ssl-dir was given. -if test "${with_ssl_dir+set}" = set; then - withval=$with_ssl_dir; - if test "x$openssl" = "xno" ; then - { { echo "$as_me:$LINENO: error: cannot use --with-ssl-dir when OpenSSL disabled" >&5 -echo "$as_me: error: cannot use --with-ssl-dir when OpenSSL disabled" >&2;} - { (exit 1); exit 1; }; } - fi - if test "x$withval" != "xno" ; then - case "$withval" in - # Relative paths - ./*|../*) withval="`pwd`/$withval" - esac - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - elif test -d "$withval/lib64"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - - -fi - - - -# Check whether --with-openssl-header-check was given. -if test "${with_openssl_header_check+set}" = set; then - withval=$with_openssl_header_check; - if test "x$withval" = "xno" ; then - openssl_check_nonfatal=1 - fi - - -fi - - -openssl_engine=no - -# Check whether --with-ssl-engine was given. -if test "${with_ssl_engine+set}" = set; then - withval=$with_ssl_engine; - if test "x$openssl" = "xno" ; then - { { echo "$as_me:$LINENO: error: cannot use --with-ssl-engine when OpenSSL disabled" >&5 -echo "$as_me: error: cannot use --with-ssl-engine when OpenSSL disabled" >&2;} - { (exit 1); exit 1; }; } - fi - if test "x$withval" != "xno" ; then - openssl_engine=yes - fi - - -fi - - -if test "x$openssl" = "xyes" ; then - LIBS="-lcrypto $LIBS" - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char RAND_add (); -int -main () -{ -return RAND_add (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_OPENSSL 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" - if test "${ac_cv_header_openssl_opensslv_h+set}" = set; then - { echo "$as_me:$LINENO: checking for openssl/opensslv.h" >&5 -echo $ECHO_N "checking for openssl/opensslv.h... $ECHO_C" >&6; } -if test "${ac_cv_header_openssl_opensslv_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_opensslv_h" >&5 -echo "${ECHO_T}$ac_cv_header_openssl_opensslv_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking openssl/opensslv.h usability" >&5 -echo $ECHO_N "checking openssl/opensslv.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking openssl/opensslv.h presence" >&5 -echo $ECHO_N "checking openssl/opensslv.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: openssl/opensslv.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: openssl/opensslv.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for openssl/opensslv.h" >&5 -echo $ECHO_N "checking for openssl/opensslv.h... $ECHO_C" >&6; } -if test "${ac_cv_header_openssl_opensslv_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_openssl_opensslv_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_openssl_opensslv_h" >&5 -echo "${ECHO_T}$ac_cv_header_openssl_opensslv_h" >&6; } - -fi -if test $ac_cv_header_openssl_opensslv_h = yes; then - : -else - { { echo "$as_me:$LINENO: error: *** OpenSSL headers missing - please install first or check config.log ***" >&5 -echo "$as_me: error: *** OpenSSL headers missing - please install first or check config.log ***" >&2;} - { (exit 1); exit 1; }; } -fi - - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char RAND_add (); -int -main () -{ -return RAND_add (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - cat >>confdefs.h <<\_ACEOF -#define HAVE_OPENSSL 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { { echo "$as_me:$LINENO: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&5 -echo "$as_me: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&2;} - { (exit 1); exit 1; }; } - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - # Determine OpenSSL header version - { echo "$as_me:$LINENO: checking OpenSSL header version" >&5 -echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5 -echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #define DATA "conftest.sslincver" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) - exit(1); - - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - ssl_header_ver=`cat conftest.sslincver` - { echo "$as_me:$LINENO: result: $ssl_header_ver" >&5 -echo "${ECHO_T}$ssl_header_ver" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: not found" >&5 -echo "${ECHO_T}not found" >&6; } - { { echo "$as_me:$LINENO: error: OpenSSL version header not found." >&5 -echo "$as_me: error: OpenSSL version header not found." >&2;} - { (exit 1); exit 1; }; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - - # Determine OpenSSL library version - { echo "$as_me:$LINENO: checking OpenSSL library version" >&5 -echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5 -echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #include - #define DATA "conftest.ssllibver" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), - SSLeay_version(SSLEAY_VERSION))) <0) - exit(1); - - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - ssl_library_ver=`cat conftest.ssllibver` - # Check version is supported. - case "$ssl_library_ver" in - 0090[0-7]*|009080[0-5]*) - { { echo "$as_me:$LINENO: error: OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" >&5 -echo "$as_me: error: OpenSSL >= 0.9.8f required (have \"$ssl_library_ver\")" >&2;} - { (exit 1); exit 1; }; } - ;; - *) ;; - esac - { echo "$as_me:$LINENO: result: $ssl_library_ver" >&5 -echo "${ECHO_T}$ssl_library_ver" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: not found" >&5 -echo "${ECHO_T}not found" >&6; } - { { echo "$as_me:$LINENO: error: OpenSSL library not found." >&5 -echo "$as_me: error: OpenSSL library not found." >&2;} - { (exit 1); exit 1; }; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - - # Sanity check OpenSSL headers - { echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 -echo $ECHO_N "checking whether OpenSSL's headers match the library... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5 -echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - -int -main () -{ - - exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - if test "x$openssl_check_nonfatal" = "x"; then - { { echo "$as_me:$LINENO: error: Your OpenSSL headers do not match your - library. Check config.log for details. - If you are sure your installation is consistent, you can disable the check - by running \"./configure --without-openssl-header-check\". - Also see contrib/findssl.sh for help identifying header/library mismatches. - " >&5 -echo "$as_me: error: Your OpenSSL headers do not match your - library. Check config.log for details. - If you are sure your installation is consistent, you can disable the check - by running \"./configure --without-openssl-header-check\". - Also see contrib/findssl.sh for help identifying header/library mismatches. - " >&2;} - { (exit 1); exit 1; }; } - else - { echo "$as_me:$LINENO: WARNING: Your OpenSSL headers do not match your - library. Check config.log for details. - Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 -echo "$as_me: WARNING: Your OpenSSL headers do not match your - library. Check config.log for details. - Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;} - fi - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - - { echo "$as_me:$LINENO: checking if programs using OpenSSL functions will link" >&5 -echo $ECHO_N "checking if programs using OpenSSL functions will link... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - SSLeay_add_all_algorithms(); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - saved_LIBS="$LIBS" - LIBS="$LIBS -ldl" - { echo "$as_me:$LINENO: checking if programs using OpenSSL need -ldl" >&5 -echo $ECHO_N "checking if programs using OpenSSL need -ldl... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - SSLeay_add_all_algorithms(); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - LIBS="$saved_LIBS" - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - - - - - - - - - - -for ac_func in \ - BN_is_prime_ex \ - DSA_generate_parameters_ex \ - EVP_DigestInit_ex \ - EVP_DigestFinal_ex \ - EVP_MD_CTX_init \ - EVP_MD_CTX_cleanup \ - EVP_MD_CTX_copy_ex \ - HMAC_CTX_init \ - RSA_generate_key_ex \ - RSA_get_default_method \ - -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - if test "x$openssl_engine" = "xyes" ; then - { echo "$as_me:$LINENO: checking for OpenSSL ENGINE support" >&5 -echo $ECHO_N "checking for OpenSSL ENGINE support... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - -int -main () -{ - - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define USE_OPENSSL_ENGINE 1 -_ACEOF - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { { echo "$as_me:$LINENO: error: OpenSSL ENGINE support not found" >&5 -echo "$as_me: error: OpenSSL ENGINE support not found" >&2;} - { (exit 1); exit 1; }; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - - # Check for OpenSSL without EVP_aes_{192,256}_cbc - { echo "$as_me:$LINENO: checking whether OpenSSL has crippled AES support" >&5 -echo $ECHO_N "checking whether OpenSSL has crippled AES support... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - -int -main () -{ - - exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_LOBOTOMISED_AES 1 -_ACEOF - - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - # Check for OpenSSL with EVP_aes_*ctr - { echo "$as_me:$LINENO: checking whether OpenSSL has AES CTR via EVP" >&5 -echo $ECHO_N "checking whether OpenSSL has AES CTR via EVP... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - -int -main () -{ - - exit(EVP_aes_128_ctr() == NULL || - EVP_aes_192_cbc() == NULL || - EVP_aes_256_cbc() == NULL); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_HAVE_EVPCTR 1 -_ACEOF - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - # Check for OpenSSL with EVP_aes_*gcm - { echo "$as_me:$LINENO: checking whether OpenSSL has AES GCM via EVP" >&5 -echo $ECHO_N "checking whether OpenSSL has AES GCM via EVP... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - -int -main () -{ - - exit(EVP_aes_128_gcm() == NULL || - EVP_aes_256_gcm() == NULL || - EVP_CTRL_GCM_SET_IV_FIXED == 0 || - EVP_CTRL_GCM_IV_GEN == 0 || - EVP_CTRL_GCM_SET_TAG == 0 || - EVP_CTRL_GCM_GET_TAG == 0 || - EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_HAVE_EVPGCM 1 -_ACEOF - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - unsupported_algorithms="$unsupported_cipers \ - aes128-gcm@openssh.com aes256-gcm@openssh.com" - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - { echo "$as_me:$LINENO: checking for library containing EVP_CIPHER_CTX_ctrl" >&5 -echo $ECHO_N "checking for library containing EVP_CIPHER_CTX_ctrl... $ECHO_C" >&6; } -if test "${ac_cv_search_EVP_CIPHER_CTX_ctrl+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char EVP_CIPHER_CTX_ctrl (); -int -main () -{ -return EVP_CIPHER_CTX_ctrl (); - ; - return 0; -} -_ACEOF -for ac_lib in '' crypto; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_EVP_CIPHER_CTX_ctrl+set}" = set; then - break -fi -done -if test "${ac_cv_search_EVP_CIPHER_CTX_ctrl+set}" = set; then - : -else - ac_cv_search_EVP_CIPHER_CTX_ctrl=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5 -echo "${ECHO_T}$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; } -ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_EVP_CIPHER_CTX_CTRL 1 -_ACEOF - -fi - - - { echo "$as_me:$LINENO: checking if EVP_DigestUpdate returns an int" >&5 -echo $ECHO_N "checking if EVP_DigestUpdate returns an int... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - -int -main () -{ - - if(EVP_DigestUpdate(NULL, NULL,0)) - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_EVP_DIGESTUPDATE_VOID 1 -_ACEOF - - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, - # because the system crypt() is more featureful. - if test "x$check_for_libcrypt_before" = "x1"; then - -{ echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 -echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6; } -if test "${ac_cv_lib_crypt_crypt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char crypt (); -int -main () -{ -return crypt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_crypt_crypt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_crypt_crypt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 -echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6; } -if test $ac_cv_lib_crypt_crypt = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPT 1 -_ACEOF - - LIBS="-lcrypt $LIBS" - -fi - - fi - - # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the - # version in OpenSSL. - if test "x$check_for_libcrypt_later" = "x1"; then - { echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 -echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6; } -if test "${ac_cv_lib_crypt_crypt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char crypt (); -int -main () -{ -return crypt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_crypt_crypt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_crypt_crypt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 -echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6; } -if test $ac_cv_lib_crypt_crypt = yes; then - LIBS="$LIBS -lcrypt" -fi - - fi - - -for ac_func in crypt DES_crypt -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - # Search for SHA256 support in libc and/or OpenSSL - - -for ac_func in SHA256_Update EVP_sha256 -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -else - unsupported_algorithms="$unsupported_algorithms \ - hmac-sha2-256 hmac-sha2-512 \ - diffie-hellman-group-exchange-sha256 \ - hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" - - -fi -done - - # Search for RIPE-MD support in OpenSSL - -for ac_func in EVP_ripemd160 -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -else - unsupported_algorithms="$unsupported_algorithms \ - hmac-ripemd160 - hmac-ripemd160@openssh.com - hmac-ripemd160-etm@openssh.com" - - -fi -done - - - # Check complete ECC support in OpenSSL - { echo "$as_me:$LINENO: checking whether OpenSSL has NID_X9_62_prime256v1" >&5 -echo $ECHO_N "checking whether OpenSSL has NID_X9_62_prime256v1... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #include - #include - #include - #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ - # error "OpenSSL < 0.9.8g has unreliable ECC code" - #endif - -int -main () -{ - - EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - const EVP_MD *m = EVP_sha256(); /* We need this too */ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - enable_nistp256=1 -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - { echo "$as_me:$LINENO: checking whether OpenSSL has NID_secp384r1" >&5 -echo $ECHO_N "checking whether OpenSSL has NID_secp384r1... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #include - #include - #include - #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ - # error "OpenSSL < 0.9.8g has unreliable ECC code" - #endif - -int -main () -{ - - EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); - const EVP_MD *m = EVP_sha384(); /* We need this too */ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - enable_nistp384=1 -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - { echo "$as_me:$LINENO: checking whether OpenSSL has NID_secp521r1" >&5 -echo $ECHO_N "checking whether OpenSSL has NID_secp521r1... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #include - #include - #include - #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ - # error "OpenSSL < 0.9.8g has unreliable ECC code" - #endif - -int -main () -{ - - EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); - const EVP_MD *m = EVP_sha512(); /* We need this too */ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - { echo "$as_me:$LINENO: checking if OpenSSL's NID_secp521r1 is functional" >&5 -echo $ECHO_N "checking if OpenSSL's NID_secp521r1 is functional... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross-compiling: assuming yes" >&5 -echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;} - enable_nistp521=1 - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #include - #include - #include - -int -main () -{ - - EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); - const EVP_MD *m = EVP_sha512(); /* We need this too */ - exit(e == NULL || m == NULL); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - enable_nistp521=1 -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - COMMENT_OUT_ECC="#no ecc#" - TEST_SSH_ECC=no - - if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ - test x$enable_nistp521 = x1; then - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_HAS_ECC 1 -_ACEOF - - fi - if test x$enable_nistp256 = x1; then - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_HAS_NISTP256 1 -_ACEOF - - TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" - else - unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ - ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" - fi - if test x$enable_nistp384 = x1; then - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_HAS_NISTP384 1 -_ACEOF - - TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" - else - unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ - ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" - fi - if test x$enable_nistp521 = x1; then - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_HAS_NISTP521 1 -_ACEOF - - TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" - else - unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ - ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" - fi - - - -else - { echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 -echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6; } -if test "${ac_cv_lib_crypt_crypt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char crypt (); -int -main () -{ -return crypt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_crypt_crypt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_crypt_crypt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 -echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6; } -if test $ac_cv_lib_crypt_crypt = yes; then - LIBS="$LIBS -lcrypt" -fi - - -for ac_func in crypt -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -fi - - - - - -for ac_func in \ - arc4random \ - arc4random_buf \ - arc4random_stir \ - arc4random_uniform \ - -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -saved_LIBS="$LIBS" -{ echo "$as_me:$LINENO: checking for ia_openinfo in -liaf" >&5 -echo $ECHO_N "checking for ia_openinfo in -liaf... $ECHO_C" >&6; } -if test "${ac_cv_lib_iaf_ia_openinfo+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-liaf $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ia_openinfo (); -int -main () -{ -return ia_openinfo (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_iaf_ia_openinfo=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_iaf_ia_openinfo=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_iaf_ia_openinfo" >&5 -echo "${ECHO_T}$ac_cv_lib_iaf_ia_openinfo" >&6; } -if test $ac_cv_lib_iaf_ia_openinfo = yes; then - - LIBS="$LIBS -liaf" - -for ac_func in set_id -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - SSHDLIBS="$SSHDLIBS -liaf" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_LIBIAF 1 -_ACEOF - - -fi -done - - -fi - -LIBS="$saved_LIBS" - -### Configure cryptographic random number support - -# Check wheter OpenSSL seeds itself -if test "x$openssl" = "xyes" ; then - { echo "$as_me:$LINENO: checking whether OpenSSL's PRNG is internally seeded" >&5 -echo $ECHO_N "checking whether OpenSSL's PRNG is internally seeded... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: assuming yes" >&5 -echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} - # This is safe, since we will fatal() at runtime if - # OpenSSL is not seeded correctly. - OPENSSL_SEEDS_ITSELF=yes - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - -int -main () -{ - - exit(RAND_status() == 1 ? 0 : 1); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - OPENSSL_SEEDS_ITSELF=yes - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - -# PRNGD TCP socket - -# Check whether --with-prngd-port was given. -if test "${with_prngd_port+set}" = set; then - withval=$with_prngd_port; - case "$withval" in - no) - withval="" - ;; - [0-9]*) - ;; - *) - { { echo "$as_me:$LINENO: error: You must specify a numeric port number for --with-prngd-port" >&5 -echo "$as_me: error: You must specify a numeric port number for --with-prngd-port" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - if test ! -z "$withval" ; then - PRNGD_PORT="$withval" - -cat >>confdefs.h <<_ACEOF -#define PRNGD_PORT $PRNGD_PORT -_ACEOF - - fi - - -fi - - -# PRNGD Unix domain socket - -# Check whether --with-prngd-socket was given. -if test "${with_prngd_socket+set}" = set; then - withval=$with_prngd_socket; - case "$withval" in - yes) - withval="/var/run/egd-pool" - ;; - no) - withval="" - ;; - /*) - ;; - *) - { { echo "$as_me:$LINENO: error: You must specify an absolute path to the entropy socket" >&5 -echo "$as_me: error: You must specify an absolute path to the entropy socket" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - - if test ! -z "$withval" ; then - if test ! -z "$PRNGD_PORT" ; then - { { echo "$as_me:$LINENO: error: You may not specify both a PRNGD/EGD port and socket" >&5 -echo "$as_me: error: You may not specify both a PRNGD/EGD port and socket" >&2;} - { (exit 1); exit 1; }; } - fi - if test ! -r "$withval" ; then - { echo "$as_me:$LINENO: WARNING: Entropy socket is not readable" >&5 -echo "$as_me: WARNING: Entropy socket is not readable" >&2;} - fi - PRNGD_SOCKET="$withval" - -cat >>confdefs.h <<_ACEOF -#define PRNGD_SOCKET "$PRNGD_SOCKET" -_ACEOF - - fi - -else - - # Check for existing socket only if we don't have a random device already - if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then - { echo "$as_me:$LINENO: checking for PRNGD/EGD socket" >&5 -echo $ECHO_N "checking for PRNGD/EGD socket... $ECHO_C" >&6; } - # Insert other locations here - for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do - if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then - PRNGD_SOCKET="$sock" - cat >>confdefs.h <<_ACEOF -#define PRNGD_SOCKET "$PRNGD_SOCKET" -_ACEOF - - break; - fi - done - if test ! -z "$PRNGD_SOCKET" ; then - { echo "$as_me:$LINENO: result: $PRNGD_SOCKET" >&5 -echo "${ECHO_T}$PRNGD_SOCKET" >&6; } - else - { echo "$as_me:$LINENO: result: not found" >&5 -echo "${ECHO_T}not found" >&6; } - fi - fi - - -fi - - -# Which randomness source do we use? -if test ! -z "$PRNGD_PORT" ; then - RAND_MSG="PRNGd port $PRNGD_PORT" -elif test ! -z "$PRNGD_SOCKET" ; then - RAND_MSG="PRNGd socket $PRNGD_SOCKET" -elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then - -cat >>confdefs.h <<\_ACEOF -#define OPENSSL_PRNG_ONLY 1 -_ACEOF - - RAND_MSG="OpenSSL internal ONLY" -elif test "x$openssl" = "xno" ; then - { echo "$as_me:$LINENO: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&5 -echo "$as_me: WARNING: OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible" >&2;} -else - { { echo "$as_me:$LINENO: error: OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" >&5 -echo "$as_me: error: OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" >&2;} - { (exit 1); exit 1; }; } -fi - -# Check for PAM libs -PAM_MSG="no" - -# Check whether --with-pam was given. -if test "${with_pam+set}" = set; then - withval=$with_pam; - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - { { echo "$as_me:$LINENO: error: PAM headers not found" >&5 -echo "$as_me: error: PAM headers not found" >&2;} - { (exit 1); exit 1; }; } - fi - - saved_LIBS="$LIBS" - -{ echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 -echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6; } -if test "${ac_cv_lib_dl_dlopen+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_dl_dlopen=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_dl_dlopen=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 -echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6; } -if test $ac_cv_lib_dl_dlopen = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDL 1 -_ACEOF - - LIBS="-ldl $LIBS" - -fi - - -{ echo "$as_me:$LINENO: checking for pam_set_item in -lpam" >&5 -echo $ECHO_N "checking for pam_set_item in -lpam... $ECHO_C" >&6; } -if test "${ac_cv_lib_pam_pam_set_item+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lpam $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pam_set_item (); -int -main () -{ -return pam_set_item (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_pam_pam_set_item=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_pam_pam_set_item=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_pam_pam_set_item" >&5 -echo "${ECHO_T}$ac_cv_lib_pam_pam_set_item" >&6; } -if test $ac_cv_lib_pam_pam_set_item = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBPAM 1 -_ACEOF - - LIBS="-lpam $LIBS" - -else - { { echo "$as_me:$LINENO: error: *** libpam missing" >&5 -echo "$as_me: error: *** libpam missing" >&2;} - { (exit 1); exit 1; }; } -fi - - -for ac_func in pam_getenvlist -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -for ac_func in pam_putenv -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - SSHDLIBS="$SSHDLIBS -lpam" - -cat >>confdefs.h <<\_ACEOF -#define USE_PAM 1 -_ACEOF - - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - SSHDLIBS="$SSHDLIBS -ldl" - ;; - esac - fi - fi - - -fi - - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - { echo "$as_me:$LINENO: checking whether pam_strerror takes only one argument" >&5 -echo $ECHO_N "checking whether pam_strerror takes only one argument... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include -#elif defined (HAVE_PAM_PAM_APPL_H) -#include -#endif - -int -main () -{ - -(void)pam_strerror((pam_handle_t *)NULL, -1); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - -cat >>confdefs.h <<\_ACEOF -#define HAVE_OLD_PAM 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - PAM_MSG="yes (old library)" - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -case "$host" in -*-*-cygwin*) - SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER - ;; -*) - SSH_PRIVSEP_USER=sshd - ;; -esac - -# Check whether --with-privsep-user was given. -if test "${with_privsep_user+set}" = set; then - withval=$with_privsep_user; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - SSH_PRIVSEP_USER=$withval - fi - - -fi - -if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then - -cat >>confdefs.h <<_ACEOF -#define SSH_PRIVSEP_USER CYGWIN_SSH_PRIVSEP_USER -_ACEOF - -else - -cat >>confdefs.h <<_ACEOF -#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER" -_ACEOF - -fi - - -if test "x$have_linux_no_new_privs" = "x1" ; then -{ echo "$as_me:$LINENO: checking whether SECCOMP_MODE_FILTER is declared" >&5 -echo $ECHO_N "checking whether SECCOMP_MODE_FILTER is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_SECCOMP_MODE_FILTER+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - - -int -main () -{ -#ifndef SECCOMP_MODE_FILTER - (void) SECCOMP_MODE_FILTER; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_SECCOMP_MODE_FILTER=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_SECCOMP_MODE_FILTER=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_SECCOMP_MODE_FILTER" >&5 -echo "${ECHO_T}$ac_cv_have_decl_SECCOMP_MODE_FILTER" >&6; } -if test $ac_cv_have_decl_SECCOMP_MODE_FILTER = yes; then - have_seccomp_filter=1 -fi - -fi -if test "x$have_seccomp_filter" = "x1" ; then -{ echo "$as_me:$LINENO: checking kernel for seccomp_filter support" >&5 -echo $ECHO_N "checking kernel for seccomp_filter support... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - #include - #include - #include - #include - -int -main () -{ - int i = $seccomp_audit_arch; - errno = 0; - prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); - exit(errno == EFAULT ? 0 : 1); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - # Disable seccomp filter as a target - have_seccomp_filter=0 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi - -# Decide which sandbox style to use -sandbox_arg="" - -# Check whether --with-sandbox was given. -if test "${with_sandbox+set}" = set; then - withval=$with_sandbox; - if test "x$withval" = "xyes" ; then - sandbox_arg="" - else - sandbox_arg="$withval" - fi - - -fi - - -# Some platforms (seems to be the ones that have a kernel poll(2)-type -# function with which they implement select(2)) use an extra file descriptor -# when calling select(2), which means we can't use the rlimit sandbox. -{ echo "$as_me:$LINENO: checking if select works with descriptor rlimit" >&5 -echo $ECHO_N "checking if select works with descriptor rlimit... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: assuming yes" >&5 -echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef HAVE_SYS_TIME_H -# include -#endif -#include -#ifdef HAVE_SYS_SELECT_H -# include -#endif -#include -#include -#include - -int -main () -{ - - struct rlimit rl_zero; - int fd, r; - fd_set fds; - struct timeval tv; - - fd = open("/dev/null", O_RDONLY); - FD_ZERO(&fds); - FD_SET(fd, &fds); - rl_zero.rlim_cur = rl_zero.rlim_max = 0; - setrlimit(RLIMIT_FSIZE, &rl_zero); - setrlimit(RLIMIT_NOFILE, &rl_zero); - tv.tv_sec = 1; - tv.tv_usec = 0; - r = select(fd+1, &fds, NULL, NULL, &tv); - exit (r == -1 ? 1 : 0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - select_works_with_rlimit=yes -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -{ echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - select_works_with_rlimit=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -{ echo "$as_me:$LINENO: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5 -echo $ECHO_N "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: assuming yes" >&5 -echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef HAVE_SYS_TIME_H -# include -#endif -#include -#include -#include - -int -main () -{ - - struct rlimit rl_zero; - int fd, r; - fd_set fds; - - rl_zero.rlim_cur = rl_zero.rlim_max = 0; - r = setrlimit(RLIMIT_NOFILE, &rl_zero); - exit (r == -1 ? 1 : 0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - rlimit_nofile_zero_works=yes -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -{ echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - rlimit_nofile_zero_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -{ echo "$as_me:$LINENO: checking if setrlimit RLIMIT_FSIZE works" >&5 -echo $ECHO_N "checking if setrlimit RLIMIT_FSIZE works... $ECHO_C" >&6; } -if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: assuming yes" >&5 -echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - - struct rlimit rl_zero; - - rl_zero.rlim_cur = rl_zero.rlim_max = 0; - exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -{ echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_SKIP_RLIMIT_FSIZE 1 -_ACEOF - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - -if test "x$sandbox_arg" = "xsystrace" || \ - ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then - test "x$have_systr_policy_kill" != "x1" && \ - { { echo "$as_me:$LINENO: error: systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" >&5 -echo "$as_me: error: systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" >&2;} - { (exit 1); exit 1; }; } - SANDBOX_STYLE="systrace" - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_SYSTRACE 1 -_ACEOF - -elif test "x$sandbox_arg" = "xdarwin" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ - test "x$ac_cv_header_sandbox_h" = "xyes") ; then - test "x$ac_cv_func_sandbox_init" != "xyes" -o \ - "x$ac_cv_header_sandbox_h" != "xyes" && \ - { { echo "$as_me:$LINENO: error: Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" >&5 -echo "$as_me: error: Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" >&2;} - { (exit 1); exit 1; }; } - SANDBOX_STYLE="darwin" - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_DARWIN 1 -_ACEOF - -elif test "x$sandbox_arg" = "xseccomp_filter" || \ - ( test -z "$sandbox_arg" && \ - test "x$have_seccomp_filter" = "x1" && \ - test "x$ac_cv_header_elf_h" = "xyes" && \ - test "x$ac_cv_header_linux_audit_h" = "xyes" && \ - test "x$ac_cv_header_linux_filter_h" = "xyes" && \ - test "x$seccomp_audit_arch" != "x" && \ - test "x$have_linux_no_new_privs" = "x1" && \ - test "x$ac_cv_func_prctl" = "xyes" ) ; then - test "x$seccomp_audit_arch" = "x" && \ - { { echo "$as_me:$LINENO: error: seccomp_filter sandbox not supported on $host" >&5 -echo "$as_me: error: seccomp_filter sandbox not supported on $host" >&2;} - { (exit 1); exit 1; }; } - test "x$have_linux_no_new_privs" != "x1" && \ - { { echo "$as_me:$LINENO: error: seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" >&5 -echo "$as_me: error: seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" >&2;} - { (exit 1); exit 1; }; } - test "x$have_seccomp_filter" != "x1" && \ - { { echo "$as_me:$LINENO: error: seccomp_filter sandbox requires seccomp headers" >&5 -echo "$as_me: error: seccomp_filter sandbox requires seccomp headers" >&2;} - { (exit 1); exit 1; }; } - test "x$ac_cv_func_prctl" != "xyes" && \ - { { echo "$as_me:$LINENO: error: seccomp_filter sandbox requires prctl function" >&5 -echo "$as_me: error: seccomp_filter sandbox requires prctl function" >&2;} - { (exit 1); exit 1; }; } - SANDBOX_STYLE="seccomp_filter" - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_SECCOMP_FILTER 1 -_ACEOF - -elif test "x$sandbox_arg" = "xcapsicum" || \ - ( test -z "$sandbox_arg" && \ - test "x$ac_cv_header_sys_capability_h" = "xyes" && \ - test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then - test "x$ac_cv_header_sys_capability_h" != "xyes" && \ - { { echo "$as_me:$LINENO: error: capsicum sandbox requires sys/capability.h header" >&5 -echo "$as_me: error: capsicum sandbox requires sys/capability.h header" >&2;} - { (exit 1); exit 1; }; } - test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ - { { echo "$as_me:$LINENO: error: capsicum sandbox requires cap_rights_limit function" >&5 -echo "$as_me: error: capsicum sandbox requires cap_rights_limit function" >&2;} - { (exit 1); exit 1; }; } - SANDBOX_STYLE="capsicum" - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_CAPSICUM 1 -_ACEOF - -elif test "x$sandbox_arg" = "xrlimit" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ - test "x$select_works_with_rlimit" = "xyes" && \ - test "x$rlimit_nofile_zero_works" = "xyes" ) ; then - test "x$ac_cv_func_setrlimit" != "xyes" && \ - { { echo "$as_me:$LINENO: error: rlimit sandbox requires setrlimit function" >&5 -echo "$as_me: error: rlimit sandbox requires setrlimit function" >&2;} - { (exit 1); exit 1; }; } - test "x$select_works_with_rlimit" != "xyes" && \ - { { echo "$as_me:$LINENO: error: rlimit sandbox requires select to work with rlimit" >&5 -echo "$as_me: error: rlimit sandbox requires select to work with rlimit" >&2;} - { (exit 1); exit 1; }; } - SANDBOX_STYLE="rlimit" - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_RLIMIT 1 -_ACEOF - -elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ - test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then - SANDBOX_STYLE="none" - -cat >>confdefs.h <<\_ACEOF -#define SANDBOX_NULL 1 -_ACEOF - -else - { { echo "$as_me:$LINENO: error: unsupported --with-sandbox" >&5 -echo "$as_me: error: unsupported --with-sandbox" >&2;} - { (exit 1); exit 1; }; } -fi - -# Cheap hack to ensure NEWS-OS libraries are arranged right. -if test ! -z "$SONY" ; then - LIBS="$LIBS -liberty"; -fi - -# Check for long long datatypes -{ echo "$as_me:$LINENO: checking for long long" >&5 -echo $ECHO_N "checking for long long... $ECHO_C" >&6; } -if test "${ac_cv_type_long_long+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef long long ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_long_long=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_long_long=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5 -echo "${ECHO_T}$ac_cv_type_long_long" >&6; } -if test $ac_cv_type_long_long = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_LONG_LONG 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for unsigned long long" >&5 -echo $ECHO_N "checking for unsigned long long... $ECHO_C" >&6; } -if test "${ac_cv_type_unsigned_long_long+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef unsigned long long ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_unsigned_long_long=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_unsigned_long_long=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_unsigned_long_long" >&5 -echo "${ECHO_T}$ac_cv_type_unsigned_long_long" >&6; } -if test $ac_cv_type_unsigned_long_long = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_UNSIGNED_LONG_LONG 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for long double" >&5 -echo $ECHO_N "checking for long double... $ECHO_C" >&6; } -if test "${ac_cv_type_long_double+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef long double ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_long_double=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_long_double=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_long_double" >&5 -echo "${ECHO_T}$ac_cv_type_long_double" >&6; } -if test $ac_cv_type_long_double = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_LONG_DOUBLE 1 -_ACEOF - - -fi - - -# Check datatype sizes -{ echo "$as_me:$LINENO: checking for short int" >&5 -echo $ECHO_N "checking for short int... $ECHO_C" >&6; } -if test "${ac_cv_type_short_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef short int ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_short_int=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_short_int=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_short_int" >&5 -echo "${ECHO_T}$ac_cv_type_short_int" >&6; } - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ echo "$as_me:$LINENO: checking size of short int" >&5 -echo $ECHO_N "checking size of short int... $ECHO_C" >&6; } -if test "${ac_cv_sizeof_short_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef short int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=0 ac_mid=0 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef short int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr $ac_mid + 1` - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef short int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=-1 ac_mid=-1 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef short int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_hi=`expr '(' $ac_mid ')' - 1` - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo= ac_hi= -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef short int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr '(' $ac_mid ')' + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in -?*) ac_cv_sizeof_short_int=$ac_lo;; -'') if test "$ac_cv_type_short_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (short int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (short int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_short_int=0 - fi ;; -esac -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef short int ac__type_sizeof_; -static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); } -static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); } -#include -#include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (((long int) (sizeof (ac__type_sizeof_))) < 0) - { - long int i = longval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%ld\n", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%lu\n", i); - } - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_sizeof_short_int=`cat conftest.val` -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -if test "$ac_cv_type_short_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (short int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (short int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_short_int=0 - fi -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi -rm -f conftest.val -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_short_int" >&5 -echo "${ECHO_T}$ac_cv_sizeof_short_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int -_ACEOF - - -{ echo "$as_me:$LINENO: checking for int" >&5 -echo $ECHO_N "checking for int... $ECHO_C" >&6; } -if test "${ac_cv_type_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef int ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_int=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_int=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_int" >&5 -echo "${ECHO_T}$ac_cv_type_int" >&6; } - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ echo "$as_me:$LINENO: checking size of int" >&5 -echo $ECHO_N "checking size of int... $ECHO_C" >&6; } -if test "${ac_cv_sizeof_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=0 ac_mid=0 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr $ac_mid + 1` - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=-1 ac_mid=-1 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_hi=`expr '(' $ac_mid ')' - 1` - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo= ac_hi= -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr '(' $ac_mid ')' + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in -?*) ac_cv_sizeof_int=$ac_lo;; -'') if test "$ac_cv_type_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_int=0 - fi ;; -esac -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef int ac__type_sizeof_; -static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); } -static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); } -#include -#include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (((long int) (sizeof (ac__type_sizeof_))) < 0) - { - long int i = longval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%ld\n", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%lu\n", i); - } - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_sizeof_int=`cat conftest.val` -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -if test "$ac_cv_type_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_int=0 - fi -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi -rm -f conftest.val -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_int" >&5 -echo "${ECHO_T}$ac_cv_sizeof_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_INT $ac_cv_sizeof_int -_ACEOF - - -{ echo "$as_me:$LINENO: checking for long int" >&5 -echo $ECHO_N "checking for long int... $ECHO_C" >&6; } -if test "${ac_cv_type_long_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef long int ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_long_int=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_long_int=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_long_int" >&5 -echo "${ECHO_T}$ac_cv_type_long_int" >&6; } - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ echo "$as_me:$LINENO: checking size of long int" >&5 -echo $ECHO_N "checking size of long int... $ECHO_C" >&6; } -if test "${ac_cv_sizeof_long_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=0 ac_mid=0 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr $ac_mid + 1` - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=-1 ac_mid=-1 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_hi=`expr '(' $ac_mid ')' - 1` - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo= ac_hi= -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr '(' $ac_mid ')' + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in -?*) ac_cv_sizeof_long_int=$ac_lo;; -'') if test "$ac_cv_type_long_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (long int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (long int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_long_int=0 - fi ;; -esac -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long int ac__type_sizeof_; -static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); } -static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); } -#include -#include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (((long int) (sizeof (ac__type_sizeof_))) < 0) - { - long int i = longval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%ld\n", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%lu\n", i); - } - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_sizeof_long_int=`cat conftest.val` -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -if test "$ac_cv_type_long_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (long int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (long int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_long_int=0 - fi -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi -rm -f conftest.val -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_int" >&5 -echo "${ECHO_T}$ac_cv_sizeof_long_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int -_ACEOF - - -{ echo "$as_me:$LINENO: checking for long long int" >&5 -echo $ECHO_N "checking for long long int... $ECHO_C" >&6; } -if test "${ac_cv_type_long_long_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef long long int ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_long_long_int=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_long_long_int=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_long_long_int" >&5 -echo "${ECHO_T}$ac_cv_type_long_long_int" >&6; } - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ echo "$as_me:$LINENO: checking size of long long int" >&5 -echo $ECHO_N "checking size of long long int... $ECHO_C" >&6; } -if test "${ac_cv_sizeof_long_long_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=0 ac_mid=0 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr $ac_mid + 1` - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=-1 ac_mid=-1 - while :; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_lo=$ac_mid; break -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_hi=`expr '(' $ac_mid ')' - 1` - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - ac_mid=`expr 2 '*' $ac_mid` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo= ac_hi= -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long long int ac__type_sizeof_; -int -main () -{ -static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)]; -test_array [0] = 0 - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_hi=$ac_mid -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_lo=`expr '(' $ac_mid ')' + 1` -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in -?*) ac_cv_sizeof_long_long_int=$ac_lo;; -'') if test "$ac_cv_type_long_long_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (long long int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_long_long_int=0 - fi ;; -esac -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default - typedef long long int ac__type_sizeof_; -static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); } -static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); } -#include -#include -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (((long int) (sizeof (ac__type_sizeof_))) < 0) - { - long int i = longval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%ld\n", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ((long int) (sizeof (ac__type_sizeof_)))) - return 1; - fprintf (f, "%lu\n", i); - } - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_sizeof_long_long_int=`cat conftest.val` -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -if test "$ac_cv_type_long_long_int" = yes; then - { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long int) -See \`config.log' for more details." >&5 -echo "$as_me: error: cannot compute sizeof (long long int) -See \`config.log' for more details." >&2;} - { (exit 77); exit 77; }; } - else - ac_cv_sizeof_long_long_int=0 - fi -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi -rm -f conftest.val -fi -{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_long_int" >&5 -echo "${ECHO_T}$ac_cv_sizeof_long_long_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int -_ACEOF - - - -# Sanity check long long for some platforms (AIX) -if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then - ac_cv_sizeof_long_long_int=0 -fi - -# compute LLONG_MIN and LLONG_MAX if we don't know them. -if test -z "$have_llong_max"; then - { echo "$as_me:$LINENO: checking for max value of long long" >&5 -echo $ECHO_N "checking for max value of long long... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5 -echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -/* Why is this so damn hard? */ -#ifdef __GNUC__ -# undef __GNUC__ -#endif -#define __USE_ISOC99 -#include -#define DATA "conftest.llminmax" -#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) - -/* - * printf in libc on some platforms (eg old Tru64) does not understand %lld so - * we do this the hard way. - */ -static int -fprint_ll(FILE *f, long long n) -{ - unsigned int i; - int l[sizeof(long long) * 8]; - - if (n < 0) - if (fprintf(f, "-") < 0) - return -1; - for (i = 0; n != 0; i++) { - l[i] = my_abs(n % 10); - n /= 10; - } - do { - if (fprintf(f, "%d", l[--i]) < 0) - return -1; - } while (i != 0); - if (fprintf(f, " ") < 0) - return -1; - return 0; -} - -int -main () -{ - - FILE *f; - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) - exit(1); - -#if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); - llmin = LLONG_MIN; - llmax = LLONG_MAX; -#else - fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); - /* This will work on one's complement and two's complement */ - for (i = 1; i > llmax; i <<= 1, i++) - llmax = i; - llmin = llmax + 1LL; /* wrap */ -#endif - - /* Sanity check */ - if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax || llmin == llmax || llmin == 0 - || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { - fprintf(f, "unknown unknown\n"); - exit(2); - } - - if (fprint_ll(f, llmin) < 0) - exit(3); - if (fprint_ll(f, llmax) < 0) - exit(4); - if (fclose(f) < 0) - exit(5); - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - llong_min=`$AWK '{print $1}' conftest.llminmax` - llong_max=`$AWK '{print $2}' conftest.llminmax` - - { echo "$as_me:$LINENO: result: $llong_max" >&5 -echo "${ECHO_T}$llong_max" >&6; } - -cat >>confdefs.h <<_ACEOF -#define LLONG_MAX ${llong_max}LL -_ACEOF - - { echo "$as_me:$LINENO: checking for min value of long long" >&5 -echo $ECHO_N "checking for min value of long long... $ECHO_C" >&6; } - { echo "$as_me:$LINENO: result: $llong_min" >&5 -echo "${ECHO_T}$llong_min" >&6; } - -cat >>confdefs.h <<_ACEOF -#define LLONG_MIN ${llong_min}LL -_ACEOF - - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - { echo "$as_me:$LINENO: result: not found" >&5 -echo "${ECHO_T}not found" >&6; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - - -# More checks for data types -{ echo "$as_me:$LINENO: checking for u_int type" >&5 -echo $ECHO_N "checking for u_int type... $ECHO_C" >&6; } -if test "${ac_cv_have_u_int+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - u_int a; a = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_u_int="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_u_int="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_u_int" >&5 -echo "${ECHO_T}$ac_cv_have_u_int" >&6; } -if test "x$ac_cv_have_u_int" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INT 1 -_ACEOF - - have_u_int=1 -fi - -{ echo "$as_me:$LINENO: checking for intXX_t types" >&5 -echo $ECHO_N "checking for intXX_t types... $ECHO_C" >&6; } -if test "${ac_cv_have_intxx_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - int8_t a; int16_t b; int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_intxx_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_intxx_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_intxx_t" >&5 -echo "${ECHO_T}$ac_cv_have_intxx_t" >&6; } -if test "x$ac_cv_have_intxx_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_INTXX_T 1 -_ACEOF - - have_intxx_t=1 -fi - -if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") -then - { echo "$as_me:$LINENO: checking for intXX_t types in stdint.h" >&5 -echo $ECHO_N "checking for intXX_t types in stdint.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - int8_t a; int16_t b; int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - cat >>confdefs.h <<\_ACEOF -#define HAVE_INTXX_T 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ echo "$as_me:$LINENO: checking for int64_t type" >&5 -echo $ECHO_N "checking for int64_t type... $ECHO_C" >&6; } -if test "${ac_cv_have_int64_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef HAVE_STDINT_H -# include -#endif -#include -#ifdef HAVE_SYS_BITYPES_H -# include -#endif - -int -main () -{ - -int64_t a; a = 1; - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_int64_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_int64_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_int64_t" >&5 -echo "${ECHO_T}$ac_cv_have_int64_t" >&6; } -if test "x$ac_cv_have_int64_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_INT64_T 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 -echo $ECHO_N "checking for u_intXX_t types... $ECHO_C" >&6; } -if test "${ac_cv_have_u_intxx_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_u_intxx_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_u_intxx_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_u_intxx_t" >&5 -echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6; } -if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INTXX_T 1 -_ACEOF - - have_u_intxx_t=1 -fi - -if test -z "$have_u_intxx_t" ; then - { echo "$as_me:$LINENO: checking for u_intXX_t types in sys/socket.h" >&5 -echo $ECHO_N "checking for u_intXX_t types in sys/socket.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INTXX_T 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ echo "$as_me:$LINENO: checking for u_int64_t types" >&5 -echo $ECHO_N "checking for u_int64_t types... $ECHO_C" >&6; } -if test "${ac_cv_have_u_int64_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - u_int64_t a; a = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_u_int64_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_u_int64_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_u_int64_t" >&5 -echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6; } -if test "x$ac_cv_have_u_int64_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INT64_T 1 -_ACEOF - - have_u_int64_t=1 -fi - -if (test -z "$have_u_int64_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") -then - { echo "$as_me:$LINENO: checking for u_int64_t type in sys/bitypes.h" >&5 -echo $ECHO_N "checking for u_int64_t type in sys/bitypes.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - u_int64_t a; a = 1 - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INT64_T 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if test -z "$have_u_intxx_t" ; then - { echo "$as_me:$LINENO: checking for uintXX_t types" >&5 -echo $ECHO_N "checking for uintXX_t types... $ECHO_C" >&6; } -if test "${ac_cv_have_uintxx_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - -int -main () -{ - - uint8_t a; - uint16_t b; - uint32_t c; - a = b = c = 1; - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_uintxx_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_uintxx_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_uintxx_t" >&5 -echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6; } - if test "x$ac_cv_have_uintxx_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_UINTXX_T 1 -_ACEOF - - fi -fi - -if (test -z "$have_uintxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") -then - { echo "$as_me:$LINENO: checking for uintXX_t types in stdint.h" >&5 -echo $ECHO_N "checking for uintXX_t types in stdint.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - cat >>confdefs.h <<\_ACEOF -#define HAVE_UINTXX_T 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if (test -z "$have_uintxx_t" && \ - test "x$ac_cv_header_inttypes_h" = "xyes") -then - { echo "$as_me:$LINENO: checking for uintXX_t types in inttypes.h" >&5 -echo $ECHO_N "checking for uintXX_t types in inttypes.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - cat >>confdefs.h <<\_ACEOF -#define HAVE_UINTXX_T 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") -then - { echo "$as_me:$LINENO: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 -echo $ECHO_N "checking for intXX_t and u_intXX_t types in sys/bitypes.h... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include - -int -main () -{ - - int8_t a; int16_t b; int32_t c; - u_int8_t e; u_int16_t f; u_int32_t g; - a = b = c = e = f = g = 1; - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - cat >>confdefs.h <<\_ACEOF -#define HAVE_U_INTXX_T 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define HAVE_INTXX_T 1 -_ACEOF - - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - -{ echo "$as_me:$LINENO: checking for u_char" >&5 -echo $ECHO_N "checking for u_char... $ECHO_C" >&6; } -if test "${ac_cv_have_u_char+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - u_char foo; foo = 125; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_u_char="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_u_char="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_u_char" >&5 -echo "${ECHO_T}$ac_cv_have_u_char" >&6; } -if test "x$ac_cv_have_u_char" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_U_CHAR 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for intmax_t" >&5 -echo $ECHO_N "checking for intmax_t... $ECHO_C" >&6; } -if test "${ac_cv_type_intmax_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -typedef intmax_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_intmax_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_intmax_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_intmax_t" >&5 -echo "${ECHO_T}$ac_cv_type_intmax_t" >&6; } -if test $ac_cv_type_intmax_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_INTMAX_T 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for uintmax_t" >&5 -echo $ECHO_N "checking for uintmax_t... $ECHO_C" >&6; } -if test "${ac_cv_type_uintmax_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -typedef uintmax_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_uintmax_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_uintmax_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_uintmax_t" >&5 -echo "${ECHO_T}$ac_cv_type_uintmax_t" >&6; } -if test $ac_cv_type_uintmax_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_UINTMAX_T 1 -_ACEOF - - -fi - - - - { echo "$as_me:$LINENO: checking for socklen_t" >&5 -echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; } -if test "${ac_cv_type_socklen_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include - -typedef socklen_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_socklen_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_socklen_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5 -echo "${ECHO_T}$ac_cv_type_socklen_t" >&6; } -if test $ac_cv_type_socklen_t = yes; then - : -else - - { echo "$as_me:$LINENO: checking for socklen_t equivalent" >&5 -echo $ECHO_N "checking for socklen_t equivalent... $ECHO_C" >&6; } - if test "${curl_cv_socklen_t_equiv+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - # Systems have either "struct sockaddr *" or - # "void *" as the second argument to getpeername - curl_cv_socklen_t_equiv= - for arg2 in "struct sockaddr" void; do - for t in int size_t unsigned long "unsigned long"; do - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - - #include - #include - - int getpeername (int, $arg2 *, $t *); - -int -main () -{ - - $t len; - getpeername(0,0,&len); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - - curl_cv_socklen_t_equiv="$t" - break - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done - done - - if test "x$curl_cv_socklen_t_equiv" = x; then - { { echo "$as_me:$LINENO: error: Cannot find a type to use in place of socklen_t" >&5 -echo "$as_me: error: Cannot find a type to use in place of socklen_t" >&2;} - { (exit 1); exit 1; }; } - fi - -fi - - { echo "$as_me:$LINENO: result: $curl_cv_socklen_t_equiv" >&5 -echo "${ECHO_T}$curl_cv_socklen_t_equiv" >&6; } - -cat >>confdefs.h <<_ACEOF -#define socklen_t $curl_cv_socklen_t_equiv -_ACEOF - -fi - - - -{ echo "$as_me:$LINENO: checking for sig_atomic_t" >&5 -echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6; } -if test "${ac_cv_type_sig_atomic_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -typedef sig_atomic_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_sig_atomic_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_sig_atomic_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5 -echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6; } -if test $ac_cv_type_sig_atomic_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_SIG_ATOMIC_T 1 -_ACEOF - - -fi - -{ echo "$as_me:$LINENO: checking for fsblkcnt_t" >&5 -echo $ECHO_N "checking for fsblkcnt_t... $ECHO_C" >&6; } -if test "${ac_cv_type_fsblkcnt_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef HAVE_SYS_BITYPES_H -#include -#endif -#ifdef HAVE_SYS_STATFS_H -#include -#endif -#ifdef HAVE_SYS_STATVFS_H -#include -#endif - - -typedef fsblkcnt_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_fsblkcnt_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_fsblkcnt_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_fsblkcnt_t" >&5 -echo "${ECHO_T}$ac_cv_type_fsblkcnt_t" >&6; } -if test $ac_cv_type_fsblkcnt_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_FSBLKCNT_T 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for fsfilcnt_t" >&5 -echo $ECHO_N "checking for fsfilcnt_t... $ECHO_C" >&6; } -if test "${ac_cv_type_fsfilcnt_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#ifdef HAVE_SYS_BITYPES_H -#include -#endif -#ifdef HAVE_SYS_STATFS_H -#include -#endif -#ifdef HAVE_SYS_STATVFS_H -#include -#endif - - -typedef fsfilcnt_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_fsfilcnt_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_fsfilcnt_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_fsfilcnt_t" >&5 -echo "${ECHO_T}$ac_cv_type_fsfilcnt_t" >&6; } -if test $ac_cv_type_fsfilcnt_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_FSFILCNT_T 1 -_ACEOF - - -fi - - -{ echo "$as_me:$LINENO: checking for in_addr_t" >&5 -echo $ECHO_N "checking for in_addr_t... $ECHO_C" >&6; } -if test "${ac_cv_type_in_addr_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include - -typedef in_addr_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_in_addr_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_in_addr_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_in_addr_t" >&5 -echo "${ECHO_T}$ac_cv_type_in_addr_t" >&6; } -if test $ac_cv_type_in_addr_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_IN_ADDR_T 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for in_port_t" >&5 -echo $ECHO_N "checking for in_port_t... $ECHO_C" >&6; } -if test "${ac_cv_type_in_port_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -#include - -typedef in_port_t ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_in_port_t=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_in_port_t=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_in_port_t" >&5 -echo "${ECHO_T}$ac_cv_type_in_port_t" >&6; } -if test $ac_cv_type_in_port_t = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_IN_PORT_T 1 -_ACEOF - - -fi - - -{ echo "$as_me:$LINENO: checking for size_t" >&5 -echo $ECHO_N "checking for size_t... $ECHO_C" >&6; } -if test "${ac_cv_have_size_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - size_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_size_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_size_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_size_t" >&5 -echo "${ECHO_T}$ac_cv_have_size_t" >&6; } -if test "x$ac_cv_have_size_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SIZE_T 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for ssize_t" >&5 -echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6; } -if test "${ac_cv_have_ssize_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - ssize_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_ssize_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_ssize_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_ssize_t" >&5 -echo "${ECHO_T}$ac_cv_have_ssize_t" >&6; } -if test "x$ac_cv_have_ssize_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SSIZE_T 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for clock_t" >&5 -echo $ECHO_N "checking for clock_t... $ECHO_C" >&6; } -if test "${ac_cv_have_clock_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - clock_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_clock_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_clock_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_clock_t" >&5 -echo "${ECHO_T}$ac_cv_have_clock_t" >&6; } -if test "x$ac_cv_have_clock_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_CLOCK_T 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for sa_family_t" >&5 -echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6; } -if test "${ac_cv_have_sa_family_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - sa_family_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_sa_family_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - sa_family_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_sa_family_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_sa_family_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_sa_family_t" >&5 -echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6; } -if test "x$ac_cv_have_sa_family_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SA_FAMILY_T 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for pid_t" >&5 -echo $ECHO_N "checking for pid_t... $ECHO_C" >&6; } -if test "${ac_cv_have_pid_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - pid_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_pid_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_pid_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_pid_t" >&5 -echo "${ECHO_T}$ac_cv_have_pid_t" >&6; } -if test "x$ac_cv_have_pid_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_PID_T 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for mode_t" >&5 -echo $ECHO_N "checking for mode_t... $ECHO_C" >&6; } -if test "${ac_cv_have_mode_t+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - mode_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_mode_t="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_mode_t="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_mode_t" >&5 -echo "${ECHO_T}$ac_cv_have_mode_t" >&6; } -if test "x$ac_cv_have_mode_t" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_MODE_T 1 -_ACEOF - -fi - - -{ echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5 -echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6; } -if test "${ac_cv_have_struct_sockaddr_storage+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - struct sockaddr_storage s; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_struct_sockaddr_storage="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_struct_sockaddr_storage="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_storage" >&5 -echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6; } -if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_SOCKADDR_STORAGE 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for struct sockaddr_in6" >&5 -echo $ECHO_N "checking for struct sockaddr_in6... $ECHO_C" >&6; } -if test "${ac_cv_have_struct_sockaddr_in6+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - struct sockaddr_in6 s; s.sin6_family = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_struct_sockaddr_in6="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_struct_sockaddr_in6="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_in6" >&5 -echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6; } -if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_SOCKADDR_IN6 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for struct in6_addr" >&5 -echo $ECHO_N "checking for struct in6_addr... $ECHO_C" >&6; } -if test "${ac_cv_have_struct_in6_addr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - struct in6_addr s; s.s6_addr[0] = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_struct_in6_addr="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_struct_in6_addr="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_struct_in6_addr" >&5 -echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6; } -if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_IN6_ADDR 1 -_ACEOF - - - { echo "$as_me:$LINENO: checking for struct sockaddr_in6.sin6_scope_id" >&5 -echo $ECHO_N "checking for struct sockaddr_in6.sin6_scope_id... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_sockaddr_in6_sin6_scope_id+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include - - -int -main () -{ -static struct sockaddr_in6 ac_aggr; -if (ac_aggr.sin6_scope_id) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#include - - -int -main () -{ -static struct sockaddr_in6 ac_aggr; -if (sizeof ac_aggr.sin6_scope_id) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_sockaddr_in6_sin6_scope_id=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_sockaddr_in6_sin6_scope_id=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&5 -echo "${ECHO_T}$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" >&6; } -if test $ac_cv_member_struct_sockaddr_in6_sin6_scope_id = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 -_ACEOF - - -fi - -fi - -{ echo "$as_me:$LINENO: checking for struct addrinfo" >&5 -echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6; } -if test "${ac_cv_have_struct_addrinfo+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - struct addrinfo s; s.ai_flags = AI_PASSIVE; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_struct_addrinfo="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_struct_addrinfo="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_struct_addrinfo" >&5 -echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6; } -if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_ADDRINFO 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for struct timeval" >&5 -echo $ECHO_N "checking for struct timeval... $ECHO_C" >&6; } -if test "${ac_cv_have_struct_timeval+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - struct timeval tv; tv.tv_sec = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_struct_timeval="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_struct_timeval="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_struct_timeval" >&5 -echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6; } -if test "x$ac_cv_have_struct_timeval" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_STRUCT_TIMEVAL 1 -_ACEOF - - have_struct_timeval=1 -fi - -{ echo "$as_me:$LINENO: checking for struct timespec" >&5 -echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6; } -if test "${ac_cv_type_struct_timespec+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -typedef struct timespec ac__type_new_; -int -main () -{ -if ((ac__type_new_ *) 0) - return 0; -if (sizeof (ac__type_new_)) - return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_type_struct_timespec=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_type_struct_timespec=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_type_struct_timespec" >&5 -echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6; } -if test $ac_cv_type_struct_timespec = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_TIMESPEC 1 -_ACEOF - - -fi - - -# We need int64_t or else certian parts of the compile will fail. -if test "x$ac_cv_have_int64_t" = "xno" && \ - test "x$ac_cv_sizeof_long_int" != "x8" && \ - test "x$ac_cv_sizeof_long_long_int" = "x0" ; then - echo "OpenSSH requires int64_t support. Contact your vendor or install" - echo "an alternative compiler (I.E., GCC) before continuing." - echo "" - exit 1; -else - if test "$cross_compiling" = yes; then - { echo "$as_me:$LINENO: WARNING: cross compiling: Assuming working snprintf()" >&5 -echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_SNPRINTF -main() -{ - char buf[50]; - char expected_out[50]; - int mazsize = 50 ; -#if (SIZEOF_LONG_INT == 8) - long int num = 0x7fffffffffffffff; -#else - long long num = 0x7fffffffffffffffll; -#endif - strcpy(expected_out, "9223372036854775807"); - snprintf(buf, mazsize, "%lld", num); - if(strcmp(buf, expected_out) != 0) - exit(1); - exit(0); -} -#else -main() { exit(0); } -#endif - -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - true -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - cat >>confdefs.h <<\_ACEOF -#define BROKEN_SNPRINTF 1 -_ACEOF - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi - - -# look for field 'ut_host' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - { echo "$as_me:$LINENO: checking for ut_host field in utmp.h" >&5 -echo $ECHO_N "checking for ut_host field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_host" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_HOST_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_host' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - { echo "$as_me:$LINENO: checking for ut_host field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_host field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_host" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_HOST_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'syslen' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"syslen - { echo "$as_me:$LINENO: checking for syslen field in utmpx.h" >&5 -echo $ECHO_N "checking for syslen field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "syslen" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SYSLEN_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_pid' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid - { echo "$as_me:$LINENO: checking for ut_pid field in utmp.h" >&5 -echo $ECHO_N "checking for ut_pid field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_pid" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_PID_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_type' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - { echo "$as_me:$LINENO: checking for ut_type field in utmp.h" >&5 -echo $ECHO_N "checking for ut_type field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_type" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_TYPE_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_type' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - { echo "$as_me:$LINENO: checking for ut_type field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_type field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_type" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_TYPE_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_tv' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - { echo "$as_me:$LINENO: checking for ut_tv field in utmp.h" >&5 -echo $ECHO_N "checking for ut_tv field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_tv" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_TV_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_id' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - { echo "$as_me:$LINENO: checking for ut_id field in utmp.h" >&5 -echo $ECHO_N "checking for ut_id field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_id" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ID_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_id' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - { echo "$as_me:$LINENO: checking for ut_id field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_id field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_id" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ID_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_addr' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - { echo "$as_me:$LINENO: checking for ut_addr field in utmp.h" >&5 -echo $ECHO_N "checking for ut_addr field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ADDR_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_addr' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - { echo "$as_me:$LINENO: checking for ut_addr field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_addr field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ADDR_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_addr_v6' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - { echo "$as_me:$LINENO: checking for ut_addr_v6 field in utmp.h" >&5 -echo $ECHO_N "checking for ut_addr_v6 field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr_v6" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ADDR_V6_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_addr_v6' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - { echo "$as_me:$LINENO: checking for ut_addr_v6 field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_addr_v6 field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr_v6" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ADDR_V6_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_exit' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit - { echo "$as_me:$LINENO: checking for ut_exit field in utmp.h" >&5 -echo $ECHO_N "checking for ut_exit field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_exit" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_EXIT_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_time' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - { echo "$as_me:$LINENO: checking for ut_time field in utmp.h" >&5 -echo $ECHO_N "checking for ut_time field in utmp.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_time" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_TIME_IN_UTMP 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_time' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - { echo "$as_me:$LINENO: checking for ut_time field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_time field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_time" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_TIME_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -# look for field 'ut_tv' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - { echo "$as_me:$LINENO: checking for ut_tv field in utmpx.h" >&5 -echo $ECHO_N "checking for ut_tv field in utmpx.h... $ECHO_C" >&6; } - if { as_var=$ossh_varname; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_tv" >/dev/null 2>&1; then - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { echo "$as_me:$LINENO: result: $ossh_result" >&5 -echo "${ECHO_T}$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_TV_IN_UTMPX 1 -_ACEOF - - fi - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - - -{ echo "$as_me:$LINENO: checking for struct stat.st_blksize" >&5 -echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -static struct stat ac_aggr; -if (ac_aggr.st_blksize) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_stat_st_blksize=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -static struct stat ac_aggr; -if (sizeof ac_aggr.st_blksize) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_stat_st_blksize=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_stat_st_blksize=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_blksize" >&5 -echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6; } -if test $ac_cv_member_struct_stat_st_blksize = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_STAT_ST_BLKSIZE 1 -_ACEOF - - -fi - -{ echo "$as_me:$LINENO: checking for struct passwd.pw_gecos" >&5 -echo $ECHO_N "checking for struct passwd.pw_gecos... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_passwd_pw_gecos+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (ac_aggr.pw_gecos) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_gecos=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (sizeof ac_aggr.pw_gecos) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_gecos=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_passwd_pw_gecos=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_gecos" >&5 -echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_gecos" >&6; } -if test $ac_cv_member_struct_passwd_pw_gecos = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_PASSWD_PW_GECOS 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for struct passwd.pw_class" >&5 -echo $ECHO_N "checking for struct passwd.pw_class... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_passwd_pw_class+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (ac_aggr.pw_class) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_class=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (sizeof ac_aggr.pw_class) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_class=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_passwd_pw_class=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_class" >&5 -echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_class" >&6; } -if test $ac_cv_member_struct_passwd_pw_class = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_PASSWD_PW_CLASS 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for struct passwd.pw_change" >&5 -echo $ECHO_N "checking for struct passwd.pw_change... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_passwd_pw_change+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (ac_aggr.pw_change) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_change=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (sizeof ac_aggr.pw_change) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_change=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_passwd_pw_change=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_change" >&5 -echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_change" >&6; } -if test $ac_cv_member_struct_passwd_pw_change = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_PASSWD_PW_CHANGE 1 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking for struct passwd.pw_expire" >&5 -echo $ECHO_N "checking for struct passwd.pw_expire... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_passwd_pw_expire+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (ac_aggr.pw_expire) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_expire=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - - -int -main () -{ -static struct passwd ac_aggr; -if (sizeof ac_aggr.pw_expire) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_passwd_pw_expire=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_passwd_pw_expire=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_passwd_pw_expire" >&5 -echo "${ECHO_T}$ac_cv_member_struct_passwd_pw_expire" >&6; } -if test $ac_cv_member_struct_passwd_pw_expire = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 -_ACEOF - - -fi - - -{ echo "$as_me:$LINENO: checking for struct __res_state.retrans" >&5 -echo $ECHO_N "checking for struct __res_state.retrans... $ECHO_C" >&6; } -if test "${ac_cv_member_struct___res_state_retrans+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#if HAVE_SYS_TYPES_H -# include -#endif -#include -#include -#include - - -int -main () -{ -static struct __res_state ac_aggr; -if (ac_aggr.retrans) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct___res_state_retrans=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#if HAVE_SYS_TYPES_H -# include -#endif -#include -#include -#include - - -int -main () -{ -static struct __res_state ac_aggr; -if (sizeof ac_aggr.retrans) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct___res_state_retrans=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct___res_state_retrans=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct___res_state_retrans" >&5 -echo "${ECHO_T}$ac_cv_member_struct___res_state_retrans" >&6; } -if test $ac_cv_member_struct___res_state_retrans = yes; then - : -else - -cat >>confdefs.h <<\_ACEOF -#define __res_state state -_ACEOF - -fi - - -{ echo "$as_me:$LINENO: checking for ss_family field in struct sockaddr_storage" >&5 -echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6; } -if test "${ac_cv_have_ss_family_in_struct_ss+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - struct sockaddr_storage s; s.ss_family = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_ss_family_in_struct_ss="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_ss_family_in_struct_ss="no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_ss_family_in_struct_ss" >&5 -echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6; } -if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SS_FAMILY_IN_SS 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for __ss_family field in struct sockaddr_storage" >&5 -echo $ECHO_N "checking for __ss_family field in struct sockaddr_storage... $ECHO_C" >&6; } -if test "${ac_cv_have___ss_family_in_struct_ss+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - struct sockaddr_storage s; s.__ss_family = 1; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have___ss_family_in_struct_ss="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have___ss_family_in_struct_ss="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have___ss_family_in_struct_ss" >&5 -echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6; } -if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE___SS_FAMILY_IN_SS 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking for msg_accrights field in struct msghdr" >&5 -echo $ECHO_N "checking for msg_accrights field in struct msghdr... $ECHO_C" >&6; } -if test "${ac_cv_have_accrights_in_msghdr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - -#ifdef msg_accrights -#error "msg_accrights is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_accrights = 0; -exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_accrights_in_msghdr="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_accrights_in_msghdr="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_accrights_in_msghdr" >&5 -echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6; } -if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ACCRIGHTS_IN_MSGHDR 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking if struct statvfs.f_fsid is integral type" >&5 -echo $ECHO_N "checking if struct statvfs.f_fsid is integral type... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_SYS_TIME_H -# include -#endif -#ifdef HAVE_SYS_MOUNT_H -#include -#endif -#ifdef HAVE_SYS_STATVFS_H -#include -#endif - -int -main () -{ - struct statvfs s; s.f_fsid = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - - { echo "$as_me:$LINENO: checking if fsid_t has member val" >&5 -echo $ECHO_N "checking if fsid_t has member val... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - fsid_t t; t.val[0] = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define FSID_HAS_VAL 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - { echo "$as_me:$LINENO: checking if f_fsid has member __val" >&5 -echo $ECHO_N "checking if f_fsid has member __val... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include - -int -main () -{ - fsid_t t; t.__val[0] = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define FSID_HAS___VAL 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -{ echo "$as_me:$LINENO: checking for msg_control field in struct msghdr" >&5 -echo $ECHO_N "checking for msg_control field in struct msghdr... $ECHO_C" >&6; } -if test "${ac_cv_have_control_in_msghdr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include - -int -main () -{ - -#ifdef msg_control -#error "msg_control is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_control = 0; -exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_control_in_msghdr="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_control_in_msghdr="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_control_in_msghdr" >&5 -echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6; } -if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_CONTROL_IN_MSGHDR 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking if libc defines __progname" >&5 -echo $ECHO_N "checking if libc defines __progname... $ECHO_C" >&6; } -if test "${ac_cv_libc_defines___progname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - extern char *__progname; printf("%s", __progname); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_libc_defines___progname="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_libc_defines___progname="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_libc_defines___progname" >&5 -echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6; } -if test "x$ac_cv_libc_defines___progname" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE___PROGNAME 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking whether $CC implements __FUNCTION__" >&5 -echo $ECHO_N "checking whether $CC implements __FUNCTION__... $ECHO_C" >&6; } -if test "${ac_cv_cc_implements___FUNCTION__+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - printf("%s", __FUNCTION__); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_cc_implements___FUNCTION__="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_cc_implements___FUNCTION__="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_cc_implements___FUNCTION__" >&5 -echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6; } -if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE___FUNCTION__ 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking whether $CC implements __func__" >&5 -echo $ECHO_N "checking whether $CC implements __func__... $ECHO_C" >&6; } -if test "${ac_cv_cc_implements___func__+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - printf("%s", __func__); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_cc_implements___func__="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_cc_implements___func__="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_cc_implements___func__" >&5 -echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6; } -if test "x$ac_cv_cc_implements___func__" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE___func__ 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking whether va_copy exists" >&5 -echo $ECHO_N "checking whether va_copy exists... $ECHO_C" >&6; } -if test "${ac_cv_have_va_copy+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -va_list x,y; - -int -main () -{ - va_copy(x,y); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_have_va_copy="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_va_copy="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_va_copy" >&5 -echo "${ECHO_T}$ac_cv_have_va_copy" >&6; } -if test "x$ac_cv_have_va_copy" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_VA_COPY 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking whether __va_copy exists" >&5 -echo $ECHO_N "checking whether __va_copy exists... $ECHO_C" >&6; } -if test "${ac_cv_have___va_copy+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -va_list x,y; - -int -main () -{ - __va_copy(x,y); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_have___va_copy="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have___va_copy="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have___va_copy" >&5 -echo "${ECHO_T}$ac_cv_have___va_copy" >&6; } -if test "x$ac_cv_have___va_copy" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE___VA_COPY 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking whether getopt has optreset support" >&5 -echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6; } -if test "${ac_cv_have_getopt_optreset+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include -int -main () -{ - extern int optreset; optreset = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_have_getopt_optreset="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_getopt_optreset="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_getopt_optreset" >&5 -echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6; } -if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_GETOPT_OPTRESET 1 -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking if libc defines sys_errlist" >&5 -echo $ECHO_N "checking if libc defines sys_errlist... $ECHO_C" >&6; } -if test "${ac_cv_libc_defines_sys_errlist+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_libc_defines_sys_errlist="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_libc_defines_sys_errlist="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_errlist" >&5 -echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6; } -if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SYS_ERRLIST 1 -_ACEOF - -fi - - -{ echo "$as_me:$LINENO: checking if libc defines sys_nerr" >&5 -echo $ECHO_N "checking if libc defines sys_nerr... $ECHO_C" >&6; } -if test "${ac_cv_libc_defines_sys_nerr+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -int -main () -{ - extern int sys_nerr; printf("%i", sys_nerr); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_libc_defines_sys_nerr="yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_libc_defines_sys_nerr="no" - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_nerr" >&5 -echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6; } -if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_SYS_NERR 1 -_ACEOF - -fi - -# Check libraries needed by DNS fingerprint support -{ echo "$as_me:$LINENO: checking for library containing getrrsetbyname" >&5 -echo $ECHO_N "checking for library containing getrrsetbyname... $ECHO_C" >&6; } -if test "${ac_cv_search_getrrsetbyname+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getrrsetbyname (); -int -main () -{ -return getrrsetbyname (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_getrrsetbyname=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_getrrsetbyname+set}" = set; then - break -fi -done -if test "${ac_cv_search_getrrsetbyname+set}" = set; then - : -else - ac_cv_search_getrrsetbyname=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_getrrsetbyname" >&5 -echo "${ECHO_T}$ac_cv_search_getrrsetbyname" >&6; } -ac_res=$ac_cv_search_getrrsetbyname -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define HAVE_GETRRSETBYNAME 1 -_ACEOF - -else - - # Needed by our getrrsetbyname() - { echo "$as_me:$LINENO: checking for library containing res_query" >&5 -echo $ECHO_N "checking for library containing res_query... $ECHO_C" >&6; } -if test "${ac_cv_search_res_query+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char res_query (); -int -main () -{ -return res_query (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_res_query=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_res_query+set}" = set; then - break -fi -done -if test "${ac_cv_search_res_query+set}" = set; then - : -else - ac_cv_search_res_query=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_res_query" >&5 -echo "${ECHO_T}$ac_cv_search_res_query" >&6; } -ac_res=$ac_cv_search_res_query -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - { echo "$as_me:$LINENO: checking for library containing dn_expand" >&5 -echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6; } -if test "${ac_cv_search_dn_expand+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dn_expand (); -int -main () -{ -return dn_expand (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_dn_expand=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_dn_expand+set}" = set; then - break -fi -done -if test "${ac_cv_search_dn_expand+set}" = set; then - : -else - ac_cv_search_dn_expand=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_dn_expand" >&5 -echo "${ECHO_T}$ac_cv_search_dn_expand" >&6; } -ac_res=$ac_cv_search_dn_expand -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - { echo "$as_me:$LINENO: checking if res_query will link" >&5 -echo $ECHO_N "checking if res_query will link... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include -#include - -int -main () -{ - - res_query (0, 0, 0, 0, 0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - saved_LIBS="$LIBS" - LIBS="$LIBS -lresolv" - { echo "$as_me:$LINENO: checking for res_query in -lresolv" >&5 -echo $ECHO_N "checking for res_query in -lresolv... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#include -#include -#include - -int -main () -{ - - res_query (0, 0, 0, 0, 0); - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - LIBS="$saved_LIBS" - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - - -for ac_func in _getshort _getlong -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - { echo "$as_me:$LINENO: checking whether _getshort is declared" >&5 -echo $ECHO_N "checking whether _getshort is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl__getshort+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - #include - -int -main () -{ -#ifndef _getshort - (void) _getshort; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl__getshort=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl__getshort=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl__getshort" >&5 -echo "${ECHO_T}$ac_cv_have_decl__getshort" >&6; } -if test $ac_cv_have_decl__getshort = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__GETSHORT 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__GETSHORT 0 -_ACEOF - - -fi -{ echo "$as_me:$LINENO: checking whether _getlong is declared" >&5 -echo $ECHO_N "checking whether _getlong is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl__getlong+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - #include - -int -main () -{ -#ifndef _getlong - (void) _getlong; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl__getlong=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl__getlong=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl__getlong" >&5 -echo "${ECHO_T}$ac_cv_have_decl__getlong" >&6; } -if test $ac_cv_have_decl__getlong = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__GETLONG 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__GETLONG 0 -_ACEOF - - -fi - - - { echo "$as_me:$LINENO: checking for HEADER.ad" >&5 -echo $ECHO_N "checking for HEADER.ad... $ECHO_C" >&6; } -if test "${ac_cv_member_HEADER_ad+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -static HEADER ac_aggr; -if (ac_aggr.ad) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_HEADER_ad=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include - -int -main () -{ -static HEADER ac_aggr; -if (sizeof ac_aggr.ad) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_HEADER_ad=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_HEADER_ad=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_HEADER_ad" >&5 -echo "${ECHO_T}$ac_cv_member_HEADER_ad" >&6; } -if test $ac_cv_member_HEADER_ad = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_HEADER_AD 1 -_ACEOF - -fi - - -fi - - -{ echo "$as_me:$LINENO: checking if struct __res_state _res is an extern" >&5 -echo $ECHO_N "checking if struct __res_state _res is an extern... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#if HAVE_SYS_TYPES_H -# include -#endif -#include -#include -#include -extern struct __res_state _res; - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define HAVE__RES_EXTERN 1 -_ACEOF - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext - -# Check whether user wants SELinux support -SELINUX_MSG="no" -LIBSELINUX="" - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then - withval=$with_selinux; if test "x$withval" != "xno" ; then - save_LIBS="$LIBS" - -cat >>confdefs.h <<\_ACEOF -#define WITH_SELINUX 1 -_ACEOF - - SELINUX_MSG="yes" - if test "${ac_cv_header_selinux_selinux_h+set}" = set; then - { echo "$as_me:$LINENO: checking for selinux/selinux.h" >&5 -echo $ECHO_N "checking for selinux/selinux.h... $ECHO_C" >&6; } -if test "${ac_cv_header_selinux_selinux_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_selinux_selinux_h" >&5 -echo "${ECHO_T}$ac_cv_header_selinux_selinux_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking selinux/selinux.h usability" >&5 -echo $ECHO_N "checking selinux/selinux.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking selinux/selinux.h presence" >&5 -echo $ECHO_N "checking selinux/selinux.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: selinux/selinux.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: selinux/selinux.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: selinux/selinux.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: selinux/selinux.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: selinux/selinux.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: selinux/selinux.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: selinux/selinux.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: selinux/selinux.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: selinux/selinux.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for selinux/selinux.h" >&5 -echo $ECHO_N "checking for selinux/selinux.h... $ECHO_C" >&6; } -if test "${ac_cv_header_selinux_selinux_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_selinux_selinux_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_selinux_selinux_h" >&5 -echo "${ECHO_T}$ac_cv_header_selinux_selinux_h" >&6; } - -fi -if test $ac_cv_header_selinux_selinux_h = yes; then - : -else - { { echo "$as_me:$LINENO: error: SELinux support requires selinux.h header" >&5 -echo "$as_me: error: SELinux support requires selinux.h header" >&2;} - { (exit 1); exit 1; }; } -fi - - - { echo "$as_me:$LINENO: checking for setexeccon in -lselinux" >&5 -echo $ECHO_N "checking for setexeccon in -lselinux... $ECHO_C" >&6; } -if test "${ac_cv_lib_selinux_setexeccon+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lselinux $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setexeccon (); -int -main () -{ -return setexeccon (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_selinux_setexeccon=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_selinux_setexeccon=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_setexeccon" >&5 -echo "${ECHO_T}$ac_cv_lib_selinux_setexeccon" >&6; } -if test $ac_cv_lib_selinux_setexeccon = yes; then - LIBSELINUX="-lselinux" - LIBS="$LIBS -lselinux" - -else - { { echo "$as_me:$LINENO: error: SELinux support requires libselinux library" >&5 -echo "$as_me: error: SELinux support requires libselinux library" >&2;} - { (exit 1); exit 1; }; } -fi - - SSHLIBS="$SSHLIBS $LIBSELINUX" - SSHDLIBS="$SSHDLIBS $LIBSELINUX" - - -for ac_func in getseuserbyname get_default_context_with_level -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - LIBS="$save_LIBS" - fi - -fi - - - - -# Check whether user wants Kerberos 5 support -KRB5_MSG="no" - -# Check whether --with-kerberos5 was given. -if test "${with_kerberos5+set}" = set; then - withval=$with_kerberos5; if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi - - -cat >>confdefs.h <<\_ACEOF -#define KRB5 1 -_ACEOF - - KRB5_MSG="yes" - - # Extract the first word of "krb5-config", so it can be a program name with args. -set dummy krb5-config; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_KRB5CONF+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $KRB5CONF in - [\\/]* | ?:[\\/]*) - ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_dummy="$KRB5ROOT/bin:$PATH" -for as_dir in $as_dummy -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - test -z "$ac_cv_path_KRB5CONF" && ac_cv_path_KRB5CONF="$KRB5ROOT/bin/krb5-config" - ;; -esac -fi -KRB5CONF=$ac_cv_path_KRB5CONF -if test -n "$KRB5CONF"; then - { echo "$as_me:$LINENO: result: $KRB5CONF" >&5 -echo "${ECHO_T}$KRB5CONF" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - if test -x $KRB5CONF ; then - K5CFLAGS="`$KRB5CONF --cflags`" - K5LIBS="`$KRB5CONF --libs`" - CPPFLAGS="$CPPFLAGS $K5CFLAGS" - - { echo "$as_me:$LINENO: checking for gssapi support" >&5 -echo $ECHO_N "checking for gssapi support... $ECHO_C" >&6; } - if $KRB5CONF | grep gssapi >/dev/null ; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define GSSAPI 1 -_ACEOF - - GSSCFLAGS="`$KRB5CONF --cflags gssapi`" - GSSLIBS="`$KRB5CONF --libs gssapi`" - CPPFLAGS="$CPPFLAGS $GSSCFLAGS" - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - { echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5 -echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include - -int -main () -{ - char *tmp = heimdal_version; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define HEIMDAL 1 -_ACEOF - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - else - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - { echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5 -echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - #include - -int -main () -{ - char *tmp = heimdal_version; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define HEIMDAL 1 -_ACEOF - - K5LIBS="-lkrb5" - K5LIBS="$K5LIBS -lcom_err -lasn1" - { echo "$as_me:$LINENO: checking for net_write in -lroken" >&5 -echo $ECHO_N "checking for net_write in -lroken... $ECHO_C" >&6; } -if test "${ac_cv_lib_roken_net_write+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lroken $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char net_write (); -int -main () -{ -return net_write (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_roken_net_write=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_roken_net_write=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_roken_net_write" >&5 -echo "${ECHO_T}$ac_cv_lib_roken_net_write" >&6; } -if test $ac_cv_lib_roken_net_write = yes; then - K5LIBS="$K5LIBS -lroken" -fi - - { echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes" >&5 -echo $ECHO_N "checking for des_cbc_encrypt in -ldes... $ECHO_C" >&6; } -if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldes $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char des_cbc_encrypt (); -int -main () -{ -return des_cbc_encrypt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_des_des_cbc_encrypt=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_des_des_cbc_encrypt=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 -echo "${ECHO_T}$ac_cv_lib_des_des_cbc_encrypt" >&6; } -if test $ac_cv_lib_des_des_cbc_encrypt = yes; then - K5LIBS="$K5LIBS -ldes" -fi - - -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { echo "$as_me:$LINENO: checking for library containing dn_expand" >&5 -echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6; } -if test "${ac_cv_search_dn_expand+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dn_expand (); -int -main () -{ -return dn_expand (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_dn_expand=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_dn_expand+set}" = set; then - break -fi -done -if test "${ac_cv_search_dn_expand+set}" = set; then - : -else - ac_cv_search_dn_expand=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_dn_expand" >&5 -echo "${ECHO_T}$ac_cv_search_dn_expand" >&6; } -ac_res=$ac_cv_search_dn_expand -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - - { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgssapi_krb5" >&5 -echo $ECHO_N "checking for gss_init_sec_context in -lgssapi_krb5... $ECHO_C" >&6; } -if test "${ac_cv_lib_gssapi_krb5_gss_init_sec_context+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgssapi_krb5 $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gss_init_sec_context (); -int -main () -{ -return gss_init_sec_context (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_gssapi_krb5_gss_init_sec_context=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 -echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; } -if test $ac_cv_lib_gssapi_krb5_gss_init_sec_context = yes; then - cat >>confdefs.h <<\_ACEOF -#define GSSAPI 1 -_ACEOF - - GSSLIBS="-lgssapi_krb5" -else - { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgssapi" >&5 -echo $ECHO_N "checking for gss_init_sec_context in -lgssapi... $ECHO_C" >&6; } -if test "${ac_cv_lib_gssapi_gss_init_sec_context+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgssapi $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gss_init_sec_context (); -int -main () -{ -return gss_init_sec_context (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_gssapi_gss_init_sec_context=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_gssapi_gss_init_sec_context=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 -echo "${ECHO_T}$ac_cv_lib_gssapi_gss_init_sec_context" >&6; } -if test $ac_cv_lib_gssapi_gss_init_sec_context = yes; then - cat >>confdefs.h <<\_ACEOF -#define GSSAPI 1 -_ACEOF - - GSSLIBS="-lgssapi" -else - { echo "$as_me:$LINENO: checking for gss_init_sec_context in -lgss" >&5 -echo $ECHO_N "checking for gss_init_sec_context in -lgss... $ECHO_C" >&6; } -if test "${ac_cv_lib_gss_gss_init_sec_context+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgss $LIBS" -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gss_init_sec_context (); -int -main () -{ -return gss_init_sec_context (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_lib_gss_gss_init_sec_context=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_lib_gss_gss_init_sec_context=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_lib_gss_gss_init_sec_context" >&5 -echo "${ECHO_T}$ac_cv_lib_gss_gss_init_sec_context" >&6; } -if test $ac_cv_lib_gss_gss_init_sec_context = yes; then - cat >>confdefs.h <<\_ACEOF -#define GSSAPI 1 -_ACEOF - - GSSLIBS="-lgss" -else - { echo "$as_me:$LINENO: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 -echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} -fi - - -fi - - -fi - - - if test "${ac_cv_header_gssapi_h+set}" = set; then - { echo "$as_me:$LINENO: checking for gssapi.h" >&5 -echo $ECHO_N "checking for gssapi.h... $ECHO_C" >&6; } -if test "${ac_cv_header_gssapi_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_h" >&5 -echo "${ECHO_T}$ac_cv_header_gssapi_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking gssapi.h usability" >&5 -echo $ECHO_N "checking gssapi.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking gssapi.h presence" >&5 -echo $ECHO_N "checking gssapi.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: gssapi.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: gssapi.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: gssapi.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: gssapi.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: gssapi.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: gssapi.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: gssapi.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: gssapi.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: gssapi.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: gssapi.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for gssapi.h" >&5 -echo $ECHO_N "checking for gssapi.h... $ECHO_C" >&6; } -if test "${ac_cv_header_gssapi_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_gssapi_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_h" >&5 -echo "${ECHO_T}$ac_cv_header_gssapi_h" >&6; } - -fi -if test $ac_cv_header_gssapi_h = yes; then - : -else - unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - -for ac_header in gssapi.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -else - { echo "$as_me:$LINENO: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 -echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} - -fi - -done - - - -fi - - - - oldCPP="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - if test "${ac_cv_header_gssapi_krb5_h+set}" = set; then - { echo "$as_me:$LINENO: checking for gssapi_krb5.h" >&5 -echo $ECHO_N "checking for gssapi_krb5.h... $ECHO_C" >&6; } -if test "${ac_cv_header_gssapi_krb5_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_krb5_h" >&5 -echo "${ECHO_T}$ac_cv_header_gssapi_krb5_h" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking gssapi_krb5.h usability" >&5 -echo $ECHO_N "checking gssapi_krb5.h usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking gssapi_krb5.h presence" >&5 -echo $ECHO_N "checking gssapi_krb5.h presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: gssapi_krb5.h: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: gssapi_krb5.h: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for gssapi_krb5.h" >&5 -echo $ECHO_N "checking for gssapi_krb5.h... $ECHO_C" >&6; } -if test "${ac_cv_header_gssapi_krb5_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_gssapi_krb5_h=$ac_header_preproc -fi -{ echo "$as_me:$LINENO: result: $ac_cv_header_gssapi_krb5_h" >&5 -echo "${ECHO_T}$ac_cv_header_gssapi_krb5_h" >&6; } - -fi -if test $ac_cv_header_gssapi_krb5_h = yes; then - : -else - CPPFLAGS="$oldCPP" -fi - - - - fi - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi - - - -for ac_header in gssapi.h gssapi/gssapi.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - -for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - -for ac_header in gssapi_generic.h gssapi/gssapi_generic.h -do -as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - { echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -else - # Is the header compilable? -{ echo "$as_me:$LINENO: checking $ac_header usability" >&5 -echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -#include <$ac_header> -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_compiler=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6; } - -# Is the header present? -{ echo "$as_me:$LINENO: checking $ac_header presence" >&5 -echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include <$ac_header> -_ACEOF -if { (ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_header_preproc=no -fi - -rm -f conftest.err conftest.$ac_ext -{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in - yes:no: ) - { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} - ac_header_preproc=yes - ;; - no:yes:* ) - { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} - { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} - ( cat <<\_ASBOX -## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ## -_ASBOX - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac -{ echo "$as_me:$LINENO: checking for $ac_header" >&5 -echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; } -if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - eval "$as_ac_Header=\$ac_header_preproc" -fi -ac_res=`eval echo '${'$as_ac_Header'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } - -fi -if test `eval echo '${'$as_ac_Header'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - { echo "$as_me:$LINENO: checking for library containing k_hasafs" >&5 -echo $ECHO_N "checking for library containing k_hasafs... $ECHO_C" >&6; } -if test "${ac_cv_search_k_hasafs+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_func_search_save_LIBS=$LIBS -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char k_hasafs (); -int -main () -{ -return k_hasafs (); - ; - return 0; -} -_ACEOF -for ac_lib in '' kafs; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - ac_cv_search_k_hasafs=$ac_res -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext - if test "${ac_cv_search_k_hasafs+set}" = set; then - break -fi -done -if test "${ac_cv_search_k_hasafs+set}" = set; then - : -else - ac_cv_search_k_hasafs=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ echo "$as_me:$LINENO: result: $ac_cv_search_k_hasafs" >&5 -echo "${ECHO_T}$ac_cv_search_k_hasafs" >&6; } -ac_res=$ac_cv_search_k_hasafs -if test "$ac_res" != no; then - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -cat >>confdefs.h <<\_ACEOF -#define USE_AFS 1 -_ACEOF - -fi - - - { echo "$as_me:$LINENO: checking whether GSS_C_NT_HOSTBASED_SERVICE is declared" >&5 -echo $ECHO_N "checking whether GSS_C_NT_HOSTBASED_SERVICE is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_GSSAPI_H -# include -#elif defined(HAVE_GSSAPI_GSSAPI_H) -# include -#endif - -#ifdef HAVE_GSSAPI_GENERIC_H -# include -#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) -# include -#endif - - -int -main () -{ -#ifndef GSS_C_NT_HOSTBASED_SERVICE - (void) GSS_C_NT_HOSTBASED_SERVICE; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" >&5 -echo "${ECHO_T}$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" >&6; } -if test $ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE = yes; then - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1 -_ACEOF - - -else - cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 0 -_ACEOF - - -fi - - - saved_LIBS="$LIBS" - LIBS="$LIBS $K5LIBS" - - - -for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -{ echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; } -if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -/* Define $ac_func to an innocuous variant, in case declares $ac_func. - For example, HP-UX 11i declares gettimeofday. */ -#define $ac_func innocuous_$ac_func - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif - -#undef $ac_func - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $ac_func (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$ac_func || defined __stub___$ac_func -choke me -#endif - -int -main () -{ -return $ac_func (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && - $as_test_x conftest$ac_exeext; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - eval "$as_ac_var=no" -fi - -rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -fi -ac_res=`eval echo '${'$as_ac_var'}'` - { echo "$as_me:$LINENO: result: $ac_res" >&5 -echo "${ECHO_T}$ac_res" >&6; } -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - LIBS="$saved_LIBS" - - fi - - -fi - - - - -# Looking for programs, paths and files - -PRIVSEP_PATH=/var/empty - -# Check whether --with-privsep-path was given. -if test "${with_privsep_path+set}" = set; then - withval=$with_privsep_path; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - PRIVSEP_PATH=$withval - fi - - -fi - - - - -# Check whether --with-xauth was given. -if test "${with_xauth+set}" = set; then - withval=$with_xauth; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - xauth_path=$withval - fi - -else - - TestPath="$PATH" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" - # Extract the first word of "xauth", so it can be a program name with args. -set dummy xauth; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_xauth_path+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $xauth_path in - [\\/]* | ?:[\\/]*) - ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $TestPath -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -xauth_path=$ac_cv_path_xauth_path -if test -n "$xauth_path"; then - { echo "$as_me:$LINENO: result: $xauth_path" >&5 -echo "${ECHO_T}$xauth_path" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then - xauth_path="/usr/openwin/bin/xauth" - fi - - -fi - - -STRIP_OPT=-s -# Check whether --enable-strip was given. -if test "${enable_strip+set}" = set; then - enableval=$enable_strip; - if test "x$enableval" = "xno" ; then - STRIP_OPT= - fi - - -fi - - - -if test -z "$xauth_path" ; then - XAUTH_PATH="undefined" - -else - -cat >>confdefs.h <<_ACEOF -#define XAUTH_PATH "$xauth_path" -_ACEOF - - XAUTH_PATH=$xauth_path - -fi - -# Check for mail directory - -# Check whether --with-maildir was given. -if test "${with_maildir+set}" = set; then - withval=$with_maildir; - if test "X$withval" != X && test "x$withval" != xno && \ - test "x${withval}" != xyes; then - -cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "$withval" -_ACEOF - - fi - -else - - if test "X$maildir" != "X"; then - cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "$maildir" -_ACEOF - - else - { echo "$as_me:$LINENO: checking Discovering system mail directory" >&5 -echo $ECHO_N "checking Discovering system mail directory... $ECHO_C" >&6; } - if test "$cross_compiling" = yes; then - - { echo "$as_me:$LINENO: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5 -echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;} - - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_PATHS_H -#include -#endif -#ifdef HAVE_MAILLOCK_H -#include -#endif -#define DATA "conftest.maildir" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - -#if defined (_PATH_MAILDIR) - if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) - exit(1); -#elif defined (MAILDIR) - if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) - exit(1); -#elif defined (_PATH_MAIL) - if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) - exit(1); -#else - exit (2); -#endif - - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - maildir_what=`awk -F: '{print $1}' conftest.maildir` - maildir=`awk -F: '{print $2}' conftest.maildir \ - | sed 's|/$||'` - { echo "$as_me:$LINENO: result: Using: $maildir from $maildir_what" >&5 -echo "${ECHO_T}Using: $maildir from $maildir_what" >&6; } - if test "x$maildir_what" != "x_PATH_MAILDIR"; then - cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "$maildir" -_ACEOF - - fi - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - - if test "X$ac_status" = "X2";then -# our test program didn't find it. Default to /var/spool/mail - { echo "$as_me:$LINENO: result: Using: default value of /var/spool/mail" >&5 -echo "${ECHO_T}Using: default value of /var/spool/mail" >&6; } - cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "/var/spool/mail" -_ACEOF - - else - { echo "$as_me:$LINENO: result: *** not found ***" >&5 -echo "${ECHO_T}*** not found ***" >&6; } - fi - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - - fi - - -fi - # maildir - -if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then - { echo "$as_me:$LINENO: WARNING: cross compiling: Disabling /dev/ptmx test" >&5 -echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;} - disable_ptmx_check=yes -fi -if test -z "$no_dev_ptmx" ; then - if test "x$disable_ptmx_check" != "xyes" ; then - { echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5 -echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6; } -if test "${ac_cv_file___dev_ptmx_+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - test "$cross_compiling" = yes && - { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5 -echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} - { (exit 1); exit 1; }; } -if test -r ""/dev/ptmx""; then - ac_cv_file___dev_ptmx_=yes -else - ac_cv_file___dev_ptmx_=no -fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5 -echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6; } -if test $ac_cv_file___dev_ptmx_ = yes; then - - -cat >>confdefs.h <<_ACEOF -#define HAVE_DEV_PTMX 1 -_ACEOF - - have_dev_ptmx=1 - - -fi - - fi -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then - { echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5 -echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6; } -if test "${ac_cv_file___dev_ptc_+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - test "$cross_compiling" = yes && - { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5 -echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} - { (exit 1); exit 1; }; } -if test -r ""/dev/ptc""; then - ac_cv_file___dev_ptc_=yes -else - ac_cv_file___dev_ptc_=no -fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5 -echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6; } -if test $ac_cv_file___dev_ptc_ = yes; then - - -cat >>confdefs.h <<_ACEOF -#define HAVE_DEV_PTS_AND_PTC 1 -_ACEOF - - have_dev_ptc=1 - - -fi - -else - { echo "$as_me:$LINENO: WARNING: cross compiling: Disabling /dev/ptc test" >&5 -echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;} -fi - -# Options from here on. Some of these are preset by platform above - -# Check whether --with-mantype was given. -if test "${with_mantype+set}" = set; then - withval=$with_mantype; - case "$withval" in - man|cat|doc) - MANTYPE=$withval - ;; - *) - { { echo "$as_me:$LINENO: error: invalid man type: $withval" >&5 -echo "$as_me: error: invalid man type: $withval" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - - -fi - -if test -z "$MANTYPE"; then - TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" - for ac_prog in nroff awf -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_path_NROFF+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - case $NROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $TestPath -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - - ;; -esac -fi -NROFF=$ac_cv_path_NROFF -if test -n "$NROFF"; then - { echo "$as_me:$LINENO: result: $NROFF" >&5 -echo "${ECHO_T}$NROFF" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - test -n "$NROFF" && break -done -test -n "$NROFF" || NROFF="/bin/false" - - if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=doc - elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=man - else - MANTYPE=cat - fi -fi - -if test "$MANTYPE" = "doc"; then - mansubdir=man; -else - mansubdir=$MANTYPE; -fi - - -# Check whether to enable MD5 passwords -MD5_MSG="no" - -# Check whether --with-md5-passwords was given. -if test "${with_md5_passwords+set}" = set; then - withval=$with_md5_passwords; - if test "x$withval" != "xno" ; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_MD5_PASSWORDS 1 -_ACEOF - - MD5_MSG="yes" - fi - - -fi - - -# Whether to disable shadow password support - -# Check whether --with-shadow was given. -if test "${with_shadow+set}" = set; then - withval=$with_shadow; - if test "x$withval" = "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_SHADOW 1 -_ACEOF - - disable_shadow=yes - fi - - -fi - - -if test -z "$disable_shadow" ; then - { echo "$as_me:$LINENO: checking if the systems has expire shadow information" >&5 -echo $ECHO_N "checking if the systems has expire shadow information... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -struct spwd sp; - -int -main () -{ - sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - sp_expire_available=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - if test "x$sp_expire_available" = "xyes" ; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define HAS_SHADOW_EXPIRE 1 -_ACEOF - - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi -fi - -# Use ip address instead of hostname in $DISPLAY -if test ! -z "$IPADDR_IN_DISPLAY" ; then - DISPLAY_HACK_MSG="yes" - -cat >>confdefs.h <<\_ACEOF -#define IPADDR_IN_DISPLAY 1 -_ACEOF - -else - DISPLAY_HACK_MSG="no" - -# Check whether --with-ipaddr-display was given. -if test "${with_ipaddr_display+set}" = set; then - withval=$with_ipaddr_display; - if test "x$withval" != "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define IPADDR_IN_DISPLAY 1 -_ACEOF - - DISPLAY_HACK_MSG="yes" - fi - - -fi - -fi - -# check for /etc/default/login and use it if present. -# Check whether --enable-etc-default-login was given. -if test "${enable_etc_default_login+set}" = set; then - enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then - { echo "$as_me:$LINENO: /etc/default/login handling disabled" >&5 -echo "$as_me: /etc/default/login handling disabled" >&6;} - etc_default_login=no - else - etc_default_login=yes - fi -else - if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; - then - { echo "$as_me:$LINENO: WARNING: cross compiling: not checking /etc/default/login" >&5 -echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;} - etc_default_login=no - else - etc_default_login=yes - fi - -fi - - -if test "x$etc_default_login" != "xno"; then - { echo "$as_me:$LINENO: checking for \"/etc/default/login\"" >&5 -echo $ECHO_N "checking for \"/etc/default/login\"... $ECHO_C" >&6; } -if test "${ac_cv_file___etc_default_login_+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - test "$cross_compiling" = yes && - { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5 -echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} - { (exit 1); exit 1; }; } -if test -r ""/etc/default/login""; then - ac_cv_file___etc_default_login_=yes -else - ac_cv_file___etc_default_login_=no -fi -fi -{ echo "$as_me:$LINENO: result: $ac_cv_file___etc_default_login_" >&5 -echo "${ECHO_T}$ac_cv_file___etc_default_login_" >&6; } -if test $ac_cv_file___etc_default_login_ = yes; then - external_path_file=/etc/default/login -fi - - if test "x$external_path_file" = "x/etc/default/login"; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_ETC_DEFAULT_LOGIN 1 -_ACEOF - - fi -fi - -if test $ac_cv_func_login_getcapbool = "yes" && \ - test $ac_cv_header_login_cap_h = "yes" ; then - external_path_file=/etc/login.conf -fi - -# Whether to mess with the default path -SERVER_PATH_MSG="(default)" - -# Check whether --with-default-path was given. -if test "${with_default_path+set}" = set; then - withval=$with_default_path; - if test "x$external_path_file" = "x/etc/login.conf" ; then - { echo "$as_me:$LINENO: WARNING: ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead." >&5 -echo "$as_me: WARNING: ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead." >&2;} - elif test "x$withval" != "xno" ; then - if test ! -z "$external_path_file" ; then - { echo "$as_me:$LINENO: WARNING: ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file ." >&5 -echo "$as_me: WARNING: ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file ." >&2;} - fi - user_path="$withval" - SERVER_PATH_MSG="$withval" - fi - -else - if test "x$external_path_file" = "x/etc/login.conf" ; then - { echo "$as_me:$LINENO: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 -echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} - else - if test ! -z "$external_path_file" ; then - { echo "$as_me:$LINENO: WARNING: -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work." >&5 -echo "$as_me: WARNING: -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work." >&2;} - fi - if test "$cross_compiling" = yes; then - user_path="/usr/bin:/bin:/usr/sbin:/sbin" - -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -/* find out what STDPATH is */ -#include -#ifdef HAVE_PATHS_H -# include -#endif -#ifndef _PATH_STDPATH -# ifdef _PATH_USERPATH /* Irix */ -# define _PATH_STDPATH _PATH_USERPATH -# else -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" -# endif -#endif -#include -#include -#include -#define DATA "conftest.stdpath" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) - exit(1); - - exit(0); - - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - user_path=`cat conftest.stdpath` -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) - user_path="/usr/bin:/bin:/usr/sbin:/sbin" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -# make sure $bindir is in USER_PATH so scp will work - t_bindir="${bindir}" - while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do - t_bindir=`eval echo ${t_bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; - esac - done - echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - user_path=$user_path:$t_bindir - { echo "$as_me:$LINENO: result: Adding $t_bindir to USER_PATH so scp will work" >&5 -echo "${ECHO_T}Adding $t_bindir to USER_PATH so scp will work" >&6; } - fi - fi - fi - -fi - -if test "x$external_path_file" != "x/etc/login.conf" ; then - -cat >>confdefs.h <<_ACEOF -#define USER_PATH "$user_path" -_ACEOF - - -fi - -# Set superuser path separately to user path - -# Check whether --with-superuser-path was given. -if test "${with_superuser_path+set}" = set; then - withval=$with_superuser_path; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - -cat >>confdefs.h <<_ACEOF -#define SUPERUSER_PATH "$withval" -_ACEOF - - superuser_path=$withval - fi - - -fi - - - -{ echo "$as_me:$LINENO: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 -echo $ECHO_N "checking if we need to convert IPv4 in IPv6-mapped addresses... $ECHO_C" >&6; } -IPV4_IN6_HACK_MSG="no" - -# Check whether --with-4in6 was given. -if test "${with_4in6+set}" = set; then - withval=$with_4in6; - if test "x$withval" != "xno" ; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - -cat >>confdefs.h <<\_ACEOF -#define IPV4_IN_IPV6 1 -_ACEOF - - IPV4_IN6_HACK_MSG="yes" - else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - fi - -else - - if test "x$inet6_default_4in6" = "xyes"; then - { echo "$as_me:$LINENO: result: yes (default)" >&5 -echo "${ECHO_T}yes (default)" >&6; } - cat >>confdefs.h <<\_ACEOF -#define IPV4_IN_IPV6 1 -_ACEOF - - IPV4_IN6_HACK_MSG="yes" - else - { echo "$as_me:$LINENO: result: no (default)" >&5 -echo "${ECHO_T}no (default)" >&6; } - fi - - -fi - - -# Whether to enable BSD auth support -BSD_AUTH_MSG=no - -# Check whether --with-bsd-auth was given. -if test "${with_bsd_auth+set}" = set; then - withval=$with_bsd_auth; - if test "x$withval" != "xno" ; then - -cat >>confdefs.h <<\_ACEOF -#define BSD_AUTH 1 -_ACEOF - - BSD_AUTH_MSG=yes - fi - - -fi - - -# Where to place sshd.pid -piddir=/var/run -# make sure the directory exists -if test ! -d $piddir ; then - piddir=`eval echo ${sysconfdir}` - case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; - esac -fi - - -# Check whether --with-pid-dir was given. -if test "${with_pid_dir+set}" = set; then - withval=$with_pid_dir; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - piddir=$withval - if test ! -d $piddir ; then - { echo "$as_me:$LINENO: WARNING: ** no $piddir directory on this system **" >&5 -echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} - fi - fi - - -fi - - - -cat >>confdefs.h <<_ACEOF -#define _PATH_SSH_PIDDIR "$piddir" -_ACEOF - - - -# Check whether --enable-lastlog was given. -if test "${enable_lastlog+set}" = set; then - enableval=$enable_lastlog; - if test "x$enableval" = "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_LASTLOG 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-utmp was given. -if test "${enable_utmp+set}" = set; then - enableval=$enable_utmp; - if test "x$enableval" = "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMP 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-utmpx was given. -if test "${enable_utmpx+set}" = set; then - enableval=$enable_utmpx; - if test "x$enableval" = "xno" ; then - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMPX 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-wtmp was given. -if test "${enable_wtmp+set}" = set; then - enableval=$enable_wtmp; - if test "x$enableval" = "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMP 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-wtmpx was given. -if test "${enable_wtmpx+set}" = set; then - enableval=$enable_wtmpx; - if test "x$enableval" = "xno" ; then - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMPX 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-libutil was given. -if test "${enable_libutil+set}" = set; then - enableval=$enable_libutil; - if test "x$enableval" = "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_LOGIN 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-pututline was given. -if test "${enable_pututline+set}" = set; then - enableval=$enable_pututline; - if test "x$enableval" = "xno" ; then - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_PUTUTLINE 1 -_ACEOF - - fi - - -fi - -# Check whether --enable-pututxline was given. -if test "${enable_pututxline+set}" = set; then - enableval=$enable_pututxline; - if test "x$enableval" = "xno" ; then - -cat >>confdefs.h <<\_ACEOF -#define DISABLE_PUTUTXLINE 1 -_ACEOF - - fi - - -fi - - -# Check whether --with-lastlog was given. -if test "${with_lastlog+set}" = set; then - withval=$with_lastlog; - if test "x$withval" = "xno" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_LASTLOG 1 -_ACEOF - - elif test -n "$withval" && test "x${withval}" != "xyes"; then - conf_lastlog_location=$withval - fi - - -fi - - - -{ echo "$as_me:$LINENO: checking if your system defines LASTLOG_FILE" >&5 -echo $ECHO_N "checking if your system defines LASTLOG_FILE... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_LASTLOG_H -# include -#endif -#ifdef HAVE_PATHS_H -# include -#endif -#ifdef HAVE_LOGIN_H -# include -#endif - -int -main () -{ - char *lastlog = LASTLOG_FILE; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: checking if your system defines _PATH_LASTLOG" >&5 -echo $ECHO_N "checking if your system defines _PATH_LASTLOG... $ECHO_C" >&6; } - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_LASTLOG_H -# include -#endif -#ifdef HAVE_PATHS_H -# include -#endif - -int -main () -{ - char *lastlog = _PATH_LASTLOG; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - system_lastlog_path=no - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test -z "$conf_lastlog_location"; then - if test x"$system_lastlog_path" = x"no" ; then - for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do - if (test -d "$f" || test -f "$f") ; then - conf_lastlog_location=$f - fi - done - if test -z "$conf_lastlog_location"; then - { echo "$as_me:$LINENO: WARNING: ** Cannot find lastlog **" >&5 -echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} - fi - fi -fi - -if test -n "$conf_lastlog_location"; then - -cat >>confdefs.h <<_ACEOF -#define CONF_LASTLOG_FILE "$conf_lastlog_location" -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking if your system defines UTMP_FILE" >&5 -echo $ECHO_N "checking if your system defines UTMP_FILE... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_PATHS_H -# include -#endif - -int -main () -{ - char *utmp = UTMP_FILE; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - system_utmp_path=no - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_utmp_location"; then - if test x"$system_utmp_path" = x"no" ; then - for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do - if test -f $f ; then - conf_utmp_location=$f - fi - done - if test -z "$conf_utmp_location"; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMP 1 -_ACEOF - - fi - fi -fi -if test -n "$conf_utmp_location"; then - -cat >>confdefs.h <<_ACEOF -#define CONF_UTMP_FILE "$conf_utmp_location" -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking if your system defines WTMP_FILE" >&5 -echo $ECHO_N "checking if your system defines WTMP_FILE... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_PATHS_H -# include -#endif - -int -main () -{ - char *wtmp = WTMP_FILE; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - system_wtmp_path=no - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_wtmp_location"; then - if test x"$system_wtmp_path" = x"no" ; then - for f in /usr/adm/wtmp /var/log/wtmp; do - if test -f $f ; then - conf_wtmp_location=$f - fi - done - if test -z "$conf_wtmp_location"; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMP 1 -_ACEOF - - fi - fi -fi -if test -n "$conf_wtmp_location"; then - -cat >>confdefs.h <<_ACEOF -#define CONF_WTMP_FILE "$conf_wtmp_location" -_ACEOF - -fi - -{ echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5 -echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6; } -cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#include -#include -#ifdef HAVE_UTMPX_H -#include -#endif -#ifdef HAVE_PATHS_H -# include -#endif - -int -main () -{ - char *wtmpx = WTMPX_FILE; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - system_wtmpx_path=no - -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_wtmpx_location"; then - if test x"$system_wtmpx_path" = x"no" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMPX 1 -_ACEOF - - fi -else - -cat >>confdefs.h <<_ACEOF -#define CONF_WTMPX_FILE "$conf_wtmpx_location" -_ACEOF - -fi - - -if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS $blibflags$blibpath" - { echo "$as_me:$LINENO: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 -echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} -fi - -{ echo "$as_me:$LINENO: checking for struct lastlog.ll_line" >&5 -echo $ECHO_N "checking for struct lastlog.ll_line... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_lastlog_ll_line+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_UTMP_H -#include -#endif -#ifdef HAVE_UTMPX_H -#include -#endif -#ifdef HAVE_LASTLOG_H -#include -#endif - - -int -main () -{ -static struct lastlog ac_aggr; -if (ac_aggr.ll_line) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_lastlog_ll_line=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_UTMP_H -#include -#endif -#ifdef HAVE_UTMPX_H -#include -#endif -#ifdef HAVE_LASTLOG_H -#include -#endif - - -int -main () -{ -static struct lastlog ac_aggr; -if (sizeof ac_aggr.ll_line) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_lastlog_ll_line=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_lastlog_ll_line=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_lastlog_ll_line" >&5 -echo "${ECHO_T}$ac_cv_member_struct_lastlog_ll_line" >&6; } -if test $ac_cv_member_struct_lastlog_ll_line = yes; then - : -else - - if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then - cat >>confdefs.h <<\_ACEOF -#define DISABLE_LASTLOG 1 -_ACEOF - - fi - -fi - - -{ echo "$as_me:$LINENO: checking for struct utmp.ut_line" >&5 -echo $ECHO_N "checking for struct utmp.ut_line... $ECHO_C" >&6; } -if test "${ac_cv_member_struct_utmp_ut_line+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_UTMP_H -#include -#endif -#ifdef HAVE_UTMPX_H -#include -#endif -#ifdef HAVE_LASTLOG_H -#include -#endif - - -int -main () -{ -static struct utmp ac_aggr; -if (ac_aggr.ut_line) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_utmp_ut_line=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ - -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_UTMP_H -#include -#endif -#ifdef HAVE_UTMPX_H -#include -#endif -#ifdef HAVE_LASTLOG_H -#include -#endif - - -int -main () -{ -static struct utmp ac_aggr; -if (sizeof ac_aggr.ut_line) -return 0; - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_member_struct_utmp_ut_line=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_member_struct_utmp_ut_line=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_utmp_ut_line" >&5 -echo "${ECHO_T}$ac_cv_member_struct_utmp_ut_line" >&6; } -if test $ac_cv_member_struct_utmp_ut_line = yes; then - : -else - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_UTMP 1 -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define DISABLE_WTMP 1 -_ACEOF - - -fi - - -CFLAGS="$CFLAGS $werror_flags" - -if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then - TEST_SSH_IPV6=no -else - TEST_SSH_IPV6=yes -fi -{ echo "$as_me:$LINENO: checking whether BROKEN_GETADDRINFO is declared" >&5 -echo $ECHO_N "checking whether BROKEN_GETADDRINFO is declared... $ECHO_C" >&6; } -if test "${ac_cv_have_decl_BROKEN_GETADDRINFO+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -#ifndef BROKEN_GETADDRINFO - (void) BROKEN_GETADDRINFO; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext -if { (ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_compile") 2>conftest.er1 - ac_status=$? - grep -v '^ *+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then - ac_cv_have_decl_BROKEN_GETADDRINFO=yes -else - echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_cv_have_decl_BROKEN_GETADDRINFO=no -fi - -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ echo "$as_me:$LINENO: result: $ac_cv_have_decl_BROKEN_GETADDRINFO" >&5 -echo "${ECHO_T}$ac_cv_have_decl_BROKEN_GETADDRINFO" >&6; } -if test $ac_cv_have_decl_BROKEN_GETADDRINFO = yes; then - TEST_SSH_IPV6=no -fi - -TEST_SSH_IPV6=$TEST_SSH_IPV6 - -TEST_MALLOC_OPTIONS=$TEST_MALLOC_OPTIONS - -UNSUPPORTED_ALGORITHMS=$unsupported_algorithms - - - -ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" - -cat >confcache <<\_ACEOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs, see configure's option --config-cache. -# It is not useful on other systems. If it contains results you don't -# want to keep, you may remove or edit it. -# -# config.status only pays attention to the cache file if you give it -# the --recheck option to rerun configure. -# -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the -# following values. - -_ACEOF - -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, we kill variables containing newlines. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -( - for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5 -echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - *) $as_unset $ac_var ;; - esac ;; - esac - done - - (set) 2>&1 | - case $as_nl`(ac_space=' '; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote - # substitution turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - "s/'/'\\\\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" - ;; #( - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) | - sed ' - /^ac_cv_env_/b end - t clear - :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ - t end - s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ - :end' >>confcache -if diff "$cache_file" confcache >/dev/null 2>&1; then :; else - if test -w "$cache_file"; then - test "x$cache_file" != "x/dev/null" && - { echo "$as_me:$LINENO: updating cache $cache_file" >&5 -echo "$as_me: updating cache $cache_file" >&6;} - cat confcache >$cache_file - else - { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5 -echo "$as_me: not updating unwritable cache $cache_file" >&6;} - fi -fi -rm -f confcache - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -DEFS=-DHAVE_CONFIG_H - -ac_libobjs= -ac_ltlibobjs= -for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue - # 1. Remove the extension, and $U if already installed. - ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`echo "$ac_i" | sed "$ac_script"` - # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR - # will be set to the directory where LIBOBJS objects are built. - ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext" - ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo' -done -LIBOBJS=$ac_libobjs - -LTLIBOBJS=$ac_ltlibobjs - - - -: ${CONFIG_STATUS=./config.status} -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 -echo "$as_me: creating $CONFIG_STATUS" >&6;} -cat >$CONFIG_STATUS <<_ACEOF -#! $SHELL -# Generated by $as_me. -# Run this file to recreate the current configuration. -# Compiler output produced by configure, useful for debugging -# configure, is in config.log if it exists. - -debug=false -ac_cs_recheck=false -ac_cs_silent=false -SHELL=\${CONFIG_SHELL-$SHELL} -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF -## --------------------- ## -## M4sh Initialization. ## -## --------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then - emulate sh - NULLCMD=: - # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in - *posix*) set -o posix ;; -esac - -fi - - - - -# PATH needs CR -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - echo "#! /bin/sh" >conf$$.sh - echo "exit 0" >>conf$$.sh - chmod +x conf$$.sh - if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then - PATH_SEPARATOR=';' - else - PATH_SEPARATOR=: - fi - rm -f conf$$.sh -fi - -# Support unset when possible. -if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then - as_unset=unset -else - as_unset=false -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -as_nl=' -' -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -case $0 in - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break -done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - { (exit 1); exit 1; } -fi - -# Work around bugs in pre-3.0 UWIN ksh. -for as_var in ENV MAIL MAILPATH -do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -for as_var in \ - LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ - LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ - LC_TELEPHONE LC_TIME -do - if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then - eval $as_var=C; export $as_var - else - ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var - fi -done - -# Required to use basename. -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - - -# Name of the executable. -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# CDPATH. -$as_unset CDPATH - - - - as_lineno_1=$LINENO - as_lineno_2=$LINENO - test "x$as_lineno_1" != "x$as_lineno_2" && - test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || { - - # Create $as_me.lineno as a copy of $as_myself, but with $LINENO - # uniformly replaced by the line number. The first 'sed' inserts a - # line-number line after each line using $LINENO; the second 'sed' - # does the real work. The second script uses 'N' to pair each - # line-number line with the line containing $LINENO, and appends - # trailing '-' during substitution so that $LINENO is not a special - # case at line end. - # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the - # scripts with optimization help from Paolo Bonzini. Blame Lee - # E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 - { (exit 1); exit 1; }; } - - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in --n*) - case `echo 'x\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - *) ECHO_C='\c';; - esac;; -*) - ECHO_N='-n';; -esac - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir -fi -echo >conf$$.file -if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -p'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -p' -elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln -else - as_ln_s='cp -p' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - -if mkdir -p . 2>/dev/null; then - as_mkdir_p=: -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - -if test -x / >/dev/null 2>&1; then - as_test_x='test -x' -else - if ls -dL / >/dev/null 2>&1; then - as_ls_L_option=L - else - as_ls_L_option= - fi - as_test_x=' - eval sh -c '\'' - if test -d "$1"; then - test -d "$1/."; - else - case $1 in - -*)set "./$1";; - esac; - case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in - ???[sx]*):;;*)false;;esac;fi - '\'' sh - ' -fi -as_executable_p=$as_test_x - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -exec 6>&1 - -# Save the log message, to keep $[0] and so on meaningful, and to -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" -This file was extended by OpenSSH $as_me Portable, which was -generated by GNU Autoconf 2.61. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES - CONFIG_HEADERS = $CONFIG_HEADERS - CONFIG_LINKS = $CONFIG_LINKS - CONFIG_COMMANDS = $CONFIG_COMMANDS - $ $0 $@ - -on `(hostname || uname -n) 2>/dev/null | sed 1q` -" - -_ACEOF - -cat >>$CONFIG_STATUS <<_ACEOF -# Files that config.status was made for. -config_files="$ac_config_files" -config_headers="$ac_config_headers" - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF -ac_cs_usage="\ -\`$as_me' instantiates files from templates according to the -current configuration. - -Usage: $0 [OPTIONS] [FILE]... - - -h, --help print this help, then exit - -V, --version print version number and configuration settings, then exit - -q, --quiet do not print progress messages - -d, --debug don't remove temporary files - --recheck update $as_me by reconfiguring in the same conditions - --file=FILE[:TEMPLATE] - instantiate the configuration file FILE - --header=FILE[:TEMPLATE] - instantiate the configuration header FILE - -Configuration files: -$config_files - -Configuration headers: -$config_headers - -Report bugs to ." - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF -ac_cs_version="\\ -OpenSSH config.status Portable -configured by $0, generated by GNU Autoconf 2.61, - with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" - -Copyright (C) 2006 Free Software Foundation, Inc. -This config.status script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it." - -ac_pwd='$ac_pwd' -srcdir='$srcdir' -INSTALL='$INSTALL' -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF -# If no file are specified by the user, then we need to provide default -# value. By we need to know if files were specified by the user. -ac_need_defaults=: -while test $# != 0 -do - case $1 in - --*=*) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` - ac_shift=: - ;; - *) - ac_option=$1 - ac_optarg=$2 - ac_shift=shift - ;; - esac - - case $ac_option in - # Handling of the options. - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - ac_cs_recheck=: ;; - --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - echo "$ac_cs_version"; exit ;; - --debug | --debu | --deb | --de | --d | -d ) - debug=: ;; - --file | --fil | --fi | --f ) - $ac_shift - CONFIG_FILES="$CONFIG_FILES $ac_optarg" - ac_need_defaults=false;; - --header | --heade | --head | --hea ) - $ac_shift - CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" - ac_need_defaults=false;; - --he | --h) - # Conflict between --help and --header - { echo "$as_me: error: ambiguous option: $1 -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; };; - --help | --hel | -h ) - echo "$ac_cs_usage"; exit ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil | --si | --s) - ac_cs_silent=: ;; - - # This is an error. - -*) { echo "$as_me: error: unrecognized option: $1 -Try \`$0 --help' for more information." >&2 - { (exit 1); exit 1; }; } ;; - - *) ac_config_targets="$ac_config_targets $1" - ac_need_defaults=false ;; - - esac - shift -done - -ac_configure_extra_args= - -if $ac_cs_silent; then - exec 6>/dev/null - ac_configure_extra_args="$ac_configure_extra_args --silent" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF -if \$ac_cs_recheck; then - echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 - CONFIG_SHELL=$SHELL - export CONFIG_SHELL - exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion -fi - -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF -exec 5>>config.log -{ - echo - sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX -## Running $as_me. ## -_ASBOX - echo "$ac_log" -} >&5 - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF - -# Handling of arguments. -for ac_config_target in $ac_config_targets -do - case $ac_config_target in - "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; - "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; - "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;; - "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;; - "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;; - "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;; - "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;; - "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;; - - *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 -echo "$as_me: error: invalid argument: $ac_config_target" >&2;} - { (exit 1); exit 1; }; };; - esac -done - - -# If the user did not use the arguments to specify the items to instantiate, -# then the envvar interface is used. Set only those that are not. -# We use the long form for the default assignment because of an extremely -# bizarre bug on SunOS 4.1.3. -if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers -fi - -# Have a temporary directory for convenience. Make it in the build tree -# simply because there is no reason against having it here, and in addition, -# creating and moving files from /tmp can sometimes cause problems. -# Hook for its removal unless debugging. -# Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. -$debug || -{ - tmp= - trap 'exit_status=$? - { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status -' 0 - trap '{ (exit 1); exit 1; }' 1 2 13 15 -} -# Create a (secure) tmp directory for tmp files. - -{ - tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && - test -n "$tmp" && test -d "$tmp" -} || -{ - tmp=./conf$$-$RANDOM - (umask 077 && mkdir "$tmp") -} || -{ - echo "$me: cannot create a temporary directory in ." >&2 - { (exit 1); exit 1; } -} - -# -# Set up the sed scripts for CONFIG_FILES section. -# - -# No need to generate the scripts if there are no CONFIG_FILES. -# This happens for instance when ./config.status config.h -if test -n "$CONFIG_FILES"; then - -_ACEOF - - - -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - cat >conf$$subs.sed <<_ACEOF -SHELL!$SHELL$ac_delim -PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim -PACKAGE_NAME!$PACKAGE_NAME$ac_delim -PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim -PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim -PACKAGE_STRING!$PACKAGE_STRING$ac_delim -PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim -exec_prefix!$exec_prefix$ac_delim -prefix!$prefix$ac_delim -program_transform_name!$program_transform_name$ac_delim -bindir!$bindir$ac_delim -sbindir!$sbindir$ac_delim -libexecdir!$libexecdir$ac_delim -datarootdir!$datarootdir$ac_delim -datadir!$datadir$ac_delim -sysconfdir!$sysconfdir$ac_delim -sharedstatedir!$sharedstatedir$ac_delim -localstatedir!$localstatedir$ac_delim -includedir!$includedir$ac_delim -oldincludedir!$oldincludedir$ac_delim -docdir!$docdir$ac_delim -infodir!$infodir$ac_delim -htmldir!$htmldir$ac_delim -dvidir!$dvidir$ac_delim -pdfdir!$pdfdir$ac_delim -psdir!$psdir$ac_delim -libdir!$libdir$ac_delim -localedir!$localedir$ac_delim -mandir!$mandir$ac_delim -DEFS!$DEFS$ac_delim -ECHO_C!$ECHO_C$ac_delim -ECHO_N!$ECHO_N$ac_delim -ECHO_T!$ECHO_T$ac_delim -LIBS!$LIBS$ac_delim -build_alias!$build_alias$ac_delim -host_alias!$host_alias$ac_delim -target_alias!$target_alias$ac_delim -CC!$CC$ac_delim -CFLAGS!$CFLAGS$ac_delim -LDFLAGS!$LDFLAGS$ac_delim -CPPFLAGS!$CPPFLAGS$ac_delim -ac_ct_CC!$ac_ct_CC$ac_delim -EXEEXT!$EXEEXT$ac_delim -OBJEXT!$OBJEXT$ac_delim -build!$build$ac_delim -build_cpu!$build_cpu$ac_delim -build_vendor!$build_vendor$ac_delim -build_os!$build_os$ac_delim -host!$host$ac_delim -host_cpu!$host_cpu$ac_delim -host_vendor!$host_vendor$ac_delim -host_os!$host_os$ac_delim -CPP!$CPP$ac_delim -GREP!$GREP$ac_delim -EGREP!$EGREP$ac_delim -AWK!$AWK$ac_delim -RANLIB!$RANLIB$ac_delim -INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim -INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim -INSTALL_DATA!$INSTALL_DATA$ac_delim -AR!$AR$ac_delim -ac_ct_AR!$ac_ct_AR$ac_delim -CAT!$CAT$ac_delim -KILL!$KILL$ac_delim -PERL!$PERL$ac_delim -SED!$SED$ac_delim -ENT!$ENT$ac_delim -TEST_MINUS_S_SH!$TEST_MINUS_S_SH$ac_delim -SH!$SH$ac_delim -GROFF!$GROFF$ac_delim -NROFF!$NROFF$ac_delim -MANDOC!$MANDOC$ac_delim -TEST_SHELL!$TEST_SHELL$ac_delim -MANFMT!$MANFMT$ac_delim -PATH_GROUPADD_PROG!$PATH_GROUPADD_PROG$ac_delim -PATH_USERADD_PROG!$PATH_USERADD_PROG$ac_delim -MAKE_PACKAGE_SUPPORTED!$MAKE_PACKAGE_SUPPORTED$ac_delim -STARTUP_SCRIPT_SHELL!$STARTUP_SCRIPT_SHELL$ac_delim -LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim -PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim -LD!$LD$ac_delim -PKGCONFIG!$PKGCONFIG$ac_delim -LIBEDIT!$LIBEDIT$ac_delim -TEST_SSH_ECC!$TEST_SSH_ECC$ac_delim -COMMENT_OUT_ECC!$COMMENT_OUT_ECC$ac_delim -SSH_PRIVSEP_USER!$SSH_PRIVSEP_USER$ac_delim -SSHLIBS!$SSHLIBS$ac_delim -SSHDLIBS!$SSHDLIBS$ac_delim -KRB5CONF!$KRB5CONF$ac_delim -GSSLIBS!$GSSLIBS$ac_delim -K5LIBS!$K5LIBS$ac_delim -PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim -xauth_path!$xauth_path$ac_delim -STRIP_OPT!$STRIP_OPT$ac_delim -XAUTH_PATH!$XAUTH_PATH$ac_delim -MANTYPE!$MANTYPE$ac_delim -mansubdir!$mansubdir$ac_delim -_ACEOF - - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then - break - elif $ac_last_try; then - { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` -if test -n "$ac_eof"; then - ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` - ac_eof=`expr $ac_eof + 1` -fi - -cat >>$CONFIG_STATUS <<_ACEOF -cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -_ACEOF -sed ' -s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g -s/^/s,@/; s/!/@,|#_!!_#|/ -:n -t n -s/'"$ac_delim"'$/,g/; t -s/$/\\/; p -N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n -' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF -CEOF$ac_eof -_ACEOF - - -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - cat >conf$$subs.sed <<_ACEOF -user_path!$user_path$ac_delim -piddir!$piddir$ac_delim -TEST_SSH_IPV6!$TEST_SSH_IPV6$ac_delim -TEST_MALLOC_OPTIONS!$TEST_MALLOC_OPTIONS$ac_delim -UNSUPPORTED_ALGORITHMS!$UNSUPPORTED_ALGORITHMS$ac_delim -LIBOBJS!$LIBOBJS$ac_delim -LTLIBOBJS!$LTLIBOBJS$ac_delim -_ACEOF - - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 7; then - break - elif $ac_last_try; then - { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 -echo "$as_me: error: could not make $CONFIG_STATUS" >&2;} - { (exit 1); exit 1; }; } - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed` -if test -n "$ac_eof"; then - ac_eof=`echo "$ac_eof" | sort -nru | sed 1q` - ac_eof=`expr $ac_eof + 1` -fi - -cat >>$CONFIG_STATUS <<_ACEOF -cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end -_ACEOF -sed ' -s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g -s/^/s,@/; s/!/@,|#_!!_#|/ -:n -t n -s/'"$ac_delim"'$/,g/; t -s/$/\\/; p -N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n -' >>$CONFIG_STATUS >$CONFIG_STATUS <<_ACEOF -:end -s/|#_!!_#|//g -CEOF$ac_eof -_ACEOF - - -# VPATH may cause trouble with some makes, so we remove $(srcdir), -# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and -# trailing colons and then remove the whole line if VPATH becomes empty -# (actually we leave an empty line to preserve line numbers). -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=/{ -s/:*\$(srcdir):*/:/ -s/:*\${srcdir}:*/:/ -s/:*@srcdir@:*/:/ -s/^\([^=]*=[ ]*\):*/\1/ -s/:*$// -s/^[^=]*=[ ]*$// -}' -fi - -cat >>$CONFIG_STATUS <<\_ACEOF -fi # test -n "$CONFIG_FILES" - - -for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS -do - case $ac_tag in - :[FHLC]) ac_mode=$ac_tag; continue;; - esac - case $ac_mode$ac_tag in - :[FHL]*:*);; - :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5 -echo "$as_me: error: Invalid tag $ac_tag." >&2;} - { (exit 1); exit 1; }; };; - :[FH]-) ac_tag=-:-;; - :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; - esac - ac_save_IFS=$IFS - IFS=: - set x $ac_tag - IFS=$ac_save_IFS - shift - ac_file=$1 - shift - - case $ac_mode in - :L) ac_source=$1;; - :[FH]) - ac_file_inputs= - for ac_f - do - case $ac_f in - -) ac_f="$tmp/stdin";; - *) # Look for the file first in the build tree, then in the source tree - # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. - test -f "$ac_f" || - case $ac_f in - [\\/$]*) false;; - *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; - esac || - { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5 -echo "$as_me: error: cannot find input file: $ac_f" >&2;} - { (exit 1); exit 1; }; };; - esac - ac_file_inputs="$ac_file_inputs $ac_f" - done - - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ - configure_input="Generated from "`IFS=: - echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure." - if test x"$ac_file" != x-; then - configure_input="$ac_file. $configure_input" - { echo "$as_me:$LINENO: creating $ac_file" >&5 -echo "$as_me: creating $ac_file" >&6;} - fi - - case $ac_tag in - *:-:* | *:-) cat >"$tmp/stdin";; - esac - ;; - esac - - ac_dir=`$as_dirname -- "$ac_file" || -$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$ac_file" : 'X\(//\)[^/]' \| \ - X"$ac_file" : 'X\(//\)$' \| \ - X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -echo X"$ac_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - { as_dir="$ac_dir" - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5 -echo "$as_me: error: cannot create directory $as_dir" >&2;} - { (exit 1); exit 1; }; }; } - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - - case $ac_mode in - :F) - # - # CONFIG_FILE - # - - case $INSTALL in - [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; - *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; - esac -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF -# If the template does not know about datarootdir, expand it. -# FIXME: This hack should be removed a few years after 2.60. -ac_datarootdir_hack=; ac_datarootdir_seen= - -case `sed -n '/datarootdir/ { - p - q -} -/@datadir@/p -/@docdir@/p -/@infodir@/p -/@localedir@/p -/@mandir@/p -' $ac_file_inputs` in -*datarootdir*) ac_datarootdir_seen=yes;; -*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF - ac_datarootdir_hack=' - s&@datadir@&$datadir&g - s&@docdir@&$docdir&g - s&@infodir@&$infodir&g - s&@localedir@&$localedir&g - s&@mandir@&$mandir&g - s&\\\${datarootdir}&$datarootdir&g' ;; -esac -_ACEOF - -# Neutralize VPATH when `$srcdir' = `.'. -# Shell code in configure.ac might set extrasub. -# FIXME: do we really want to maintain this feature? -cat >>$CONFIG_STATUS <<_ACEOF - sed "$ac_vpsub -$extrasub -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF -:t -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -s&@configure_input@&$configure_input&;t t -s&@top_builddir@&$ac_top_builddir_sub&;t t -s&@srcdir@&$ac_srcdir&;t t -s&@abs_srcdir@&$ac_abs_srcdir&;t t -s&@top_srcdir@&$ac_top_srcdir&;t t -s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t -s&@builddir@&$ac_builddir&;t t -s&@abs_builddir@&$ac_abs_builddir&;t t -s&@abs_top_builddir@&$ac_abs_top_builddir&;t t -s&@INSTALL@&$ac_INSTALL&;t t -$ac_datarootdir_hack -" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out - -test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && - { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&5 -echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined." >&2;} - - rm -f "$tmp/stdin" - case $ac_file in - -) cat "$tmp/out"; rm -f "$tmp/out";; - *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;; - esac - ;; - :H) - # - # CONFIG_HEADER - # -_ACEOF - -# Transform confdefs.h into a sed script `conftest.defines', that -# substitutes the proper values into config.h.in to produce config.h. -rm -f conftest.defines conftest.tail -# First, append a space to every undef/define line, to ease matching. -echo 's/$/ /' >conftest.defines -# Then, protect against being on the right side of a sed subst, or in -# an unquoted here document, in config.status. If some macros were -# called several times there might be several #defines for the same -# symbol, which is useless. But do not sort them, since the last -# AC_DEFINE must be honored. -ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* -# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where -# NAME is the cpp macro being defined, VALUE is the value it is being given. -# PARAMS is the parameter list in the macro definition--in most cases, it's -# just an empty string. -ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*' -ac_dB='\\)[ (].*,\\1define\\2' -ac_dC=' ' -ac_dD=' ,' - -uniq confdefs.h | - sed -n ' - t rset - :rset - s/^[ ]*#[ ]*define[ ][ ]*// - t ok - d - :ok - s/[\\&,]/\\&/g - s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p - s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p - ' >>conftest.defines - -# Remove the space that was appended to ease matching. -# Then replace #undef with comments. This is necessary, for -# example, in the case of _POSIX_SOURCE, which is predefined and required -# on some systems where configure will not decide to define it. -# (The regexp can be short, since the line contains either #define or #undef.) -echo 's/ $// -s,^[ #]*u.*,/* & */,' >>conftest.defines - -# Break up conftest.defines: -ac_max_sed_lines=50 - -# First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1" -# Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2" -# Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1" -# et cetera. -ac_in='$ac_file_inputs' -ac_out='"$tmp/out1"' -ac_nxt='"$tmp/out2"' - -while : -do - # Write a here document: - cat >>$CONFIG_STATUS <<_ACEOF - # First, check the format of the line: - cat >"\$tmp/defines.sed" <<\\CEOF -/^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def -/^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def -b -:def -_ACEOF - sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS - echo 'CEOF - sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS - ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in - sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail - grep . conftest.tail >/dev/null || break - rm -f conftest.defines - mv conftest.tail conftest.defines -done -rm -f conftest.defines conftest.tail - -echo "ac_result=$ac_in" >>$CONFIG_STATUS -cat >>$CONFIG_STATUS <<\_ACEOF - if test x"$ac_file" != x-; then - echo "/* $configure_input */" >"$tmp/config.h" - cat "$ac_result" >>"$tmp/config.h" - if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then - { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 -echo "$as_me: $ac_file is unchanged" >&6;} - else - rm -f $ac_file - mv "$tmp/config.h" $ac_file - fi - else - echo "/* $configure_input */" - cat "$ac_result" - fi - rm -f "$tmp/out12" - ;; - - - esac - -done # for ac_tag - - -{ (exit 0); exit 0; } -_ACEOF -chmod +x $CONFIG_STATUS -ac_clean_files=$ac_clean_files_save - - -# configure is writing to config.log, and then calls config.status. -# config.status does its own redirection, appending to config.log. -# Unfortunately, on DOS this fails, as config.log is still kept open -# by configure, so config.status won't be able to write to it; its -# output is simply discarded. So we exec the FD to /dev/null, -# effectively closing config.log, so it can be properly (re)opened and -# appended to by config.status. When coming back to configure, we -# need to make the FD available again. -if test "$no_create" != yes; then - ac_cs_success=: - ac_config_status_args= - test "$silent" = yes && - ac_config_status_args="$ac_config_status_args --quiet" - exec 5>/dev/null - $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false - exec 5>>config.log - # Use ||, not &&, to avoid exiting from the if with $? = 1, which - # would make configure fail if this is the last instruction. - $ac_cs_success || { (exit 1); exit 1; } -fi - - -# Print summary of options - -# Someone please show me a better way :) -A=`eval echo ${prefix}` ; A=`eval echo ${A}` -B=`eval echo ${bindir}` ; B=`eval echo ${B}` -C=`eval echo ${sbindir}` ; C=`eval echo ${C}` -D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` -E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` -F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` -G=`eval echo ${piddir}` ; G=`eval echo ${G}` -H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` -I=`eval echo ${user_path}` ; I=`eval echo ${I}` -J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` - -echo "" -echo "OpenSSH has been configured with the following options:" -echo " User binaries: $B" -echo " System binaries: $C" -echo " Configuration files: $D" -echo " Askpass program: $E" -echo " Manual pages: $F" -echo " PID file: $G" -echo " Privilege separation chroot path: $H" -if test "x$external_path_file" = "x/etc/login.conf" ; then -echo " At runtime, sshd will use the path defined in $external_path_file" -echo " Make sure the path to scp is present, otherwise scp will not work" -else -echo " sshd default user PATH: $I" - if test ! -z "$external_path_file"; then -echo " (If PATH is set in $external_path_file it will be used instead. If" -echo " used, ensure the path to scp is present, otherwise scp will not work.)" - fi -fi -if test ! -z "$superuser_path" ; then -echo " sshd superuser user PATH: $J" -fi -echo " Manpage format: $MANTYPE" -echo " PAM support: $PAM_MSG" -echo " OSF SIA support: $SIA_MSG" -echo " KerberosV support: $KRB5_MSG" -echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" -echo " S/KEY support: $SKEY_MSG" -echo " MD5 password support: $MD5_MSG" -echo " libedit support: $LIBEDIT_MSG" -echo " Solaris process contract support: $SPC_MSG" -echo " Solaris project support: $SP_MSG" -echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" -echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" -echo " BSD Auth support: $BSD_AUTH_MSG" -echo " Random number source: $RAND_MSG" -echo " Privsep sandbox style: $SANDBOX_STYLE" - -echo "" - -echo " Host: ${host}" -echo " Compiler: ${CC}" -echo " Compiler flags: ${CFLAGS}" -echo "Preprocessor flags: ${CPPFLAGS}" -echo " Linker flags: ${LDFLAGS}" -echo " Libraries: ${LIBS}" -if test ! -z "${SSHDLIBS}"; then -echo " +for sshd: ${SSHDLIBS}" -fi -if test ! -z "${SSHLIBS}"; then -echo " +for ssh: ${SSHLIBS}" -fi - -echo "" - -if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"" - echo "" -fi - -if test "x$PAM_MSG" = "xyes" ; then - echo "PAM is enabled. You may need to install a PAM control file " - echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " - echo "subdirectory" - echo "" -fi - -if test ! -z "$NO_PEERCHECK" ; then - echo "WARNING: the operating system that you are using does not" - echo "appear to support getpeereid(), getpeerucred() or the" - echo "SO_PEERCRED getsockopt() option. These facilities are used to" - echo "enforce security checks to prevent unauthorised connections to" - echo "ssh-agent. Their absence increases the risk that a malicious" - echo "user can connect to your agent." - echo "" -fi - -if test "$AUDIT_MODULE" = "bsm" ; then - echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." - echo "See the Solaris section in README.platform for details." -fi diff --git a/configure.ac b/configure.ac index 9b05c30..de63a0f 100644 --- a/configure.ac +++ b/configure.ac @@ -140,7 +140,7 @@ else fi AC_ARG_WITH([ssh1], - [ --without-ssh1 Enable support for SSH protocol 1], + [ --with-ssh1 Enable support for SSH protocol 1], [ if test "x$withval" = "xyes" ; then if test "x$openssl" = "xno" ; then @@ -373,6 +373,7 @@ AC_CHECK_HEADERS([ \ dirent.h \ endian.h \ elf.h \ + err.h \ features.h \ fcntl.h \ floatingpoint.h \ @@ -381,6 +382,7 @@ AC_CHECK_HEADERS([ \ ia.h \ iaf.h \ inttypes.h \ + langinfo.h \ limits.h \ locale.h \ login.h \ @@ -433,6 +435,7 @@ AC_CHECK_HEADERS([ \ utmp.h \ utmpx.h \ vis.h \ + wchar.h \ ]) # lastlog.h requires sys/time.h to be included first on Solaris @@ -469,6 +472,11 @@ AC_CHECK_HEADERS([sys/un.h], [], [], [ SIA_MSG="no" SPC_MSG="no" SP_MSG="no" +SPP_MSG="no" + +# Support for Solaris/Illumos privileges (this test is used by both +# the --with-solaris-privs option and --with-sandbox=solaris). +SOLARIS_PRIVS="no" # Check for some target-specific stuff case "$host" in @@ -575,13 +583,12 @@ case "$host" in LIBS="$LIBS /usr/lib/textreadmode.o" AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) + AC_DEFINE([NO_UID_RESTORATION_TEST], [1], + [Define to disable UID restoration test]) AC_DEFINE([DISABLE_SHADOW], [1], [Define if you want to disable shadow passwords]) AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], - [Define if the concept of ports only accessible to - superusers isn't known]) AC_DEFINE([DISABLE_FD_PASSING], [1], [Define if your platform needs to skip post auth file descriptor passing]) @@ -626,7 +633,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) m4_pattern_allow([AU_IPv]) - AC_CHECK_DECL([AU_IPv4], [], + AC_CHECK_DECL([AU_IPv4], [], AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) [#include ] AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], @@ -637,17 +644,20 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) supported by bsd-setproctitle.c]) AC_CHECK_FUNCS([sandbox_init]) AC_CHECK_HEADERS([sandbox.h]) + AC_CHECK_LIB([sandbox], [sandbox_apply], [ + SSHDLIBS="$SSHDLIBS -lsandbox" + ]) ;; *-*-dragonfly*) SSHDLIBS="$SSHDLIBS -lcrypt" TEST_MALLOC_OPTIONS="AFGJPRX" ;; -*-*-haiku*) +*-*-haiku*) LIBS="$LIBS -lbsd " AC_CHECK_LIB([network], [socket]) AC_DEFINE([HAVE_U_INT64_T]) - MANTYPE=man - ;; + MANTYPE=man + ;; *-*-hpux*) # first we define all of the options common to all HP-UX releases CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" @@ -787,6 +797,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) aarch64*-*) seccomp_audit_arch=AUDIT_ARCH_AARCH64 ;; + s390x-*) + seccomp_audit_arch=AUDIT_ARCH_S390X + ;; + s390-*) + seccomp_audit_arch=AUDIT_ARCH_S390 + ;; + powerpc64-*) + seccomp_audit_arch=AUDIT_ARCH_PPC64 + ;; + powerpc64le-*) + seccomp_audit_arch=AUDIT_ARCH_PPC64LE + ;; + mips-*) + seccomp_audit_arch=AUDIT_ARCH_MIPS + ;; + mipsel-*) + seccomp_audit_arch=AUDIT_ARCH_MIPSEL + ;; + mips64-*) + seccomp_audit_arch=AUDIT_ARCH_MIPS64 + ;; + mips64el-*) + seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 + ;; esac if test "x$seccomp_audit_arch" != "x" ; then AC_MSG_RESULT(["$seccomp_audit_arch"]) @@ -805,14 +839,13 @@ mips-sony-bsd|mips-sony-newsos4) if test "x$withval" != "xno" ; then need_dash_r=1 fi + CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) AC_CHECK_HEADER([net/if_tap.h], , AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) TEST_MALLOC_OPTIONS="AJRX" - AC_DEFINE([BROKEN_STRNVIS], [1], - [NetBSD strnvis argument order is swapped compared to OpenBSD]) AC_DEFINE([BROKEN_READ_COMPARISON], [1], [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) ;; @@ -823,8 +856,6 @@ mips-sony-bsd|mips-sony-newsos4) AC_CHECK_HEADER([net/if_tap.h], , AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) - AC_DEFINE([BROKEN_STRNVIS], [1], - [FreeBSD strnvis argument order is swapped compared to OpenBSD]) TEST_MALLOC_OPTIONS="AJRX" # Preauth crypto occasionally uses file descriptors for crypto offload # and will crash if they cannot be opened. @@ -889,13 +920,17 @@ mips-sony-bsd|mips-sony-newsos4) else AC_MSG_RESULT([no]) fi + AC_CHECK_FUNCS([setpflags]) + AC_CHECK_FUNCS([setppriv]) + AC_CHECK_FUNCS([priv_basicset]) + AC_CHECK_HEADERS([priv.h]) AC_ARG_WITH([solaris-contracts], [ --with-solaris-contracts Enable Solaris process contracts (experimental)], [ AC_CHECK_LIB([contract], [ct_tmpl_activate], [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], [Define if you have Solaris process contracts]) - SSHDLIBS="$SSHDLIBS -lcontract" + LIBS="$LIBS -lcontract" SPC_MSG="yes" ], ) ], ) @@ -905,10 +940,29 @@ mips-sony-bsd|mips-sony-newsos4) AC_CHECK_LIB([project], [setproject], [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], [Define if you have Solaris projects]) - SSHDLIBS="$SSHDLIBS -lproject" + LIBS="$LIBS -lproject" SP_MSG="yes" ], ) ], ) + AC_ARG_WITH([solaris-privs], + [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], + [ + AC_MSG_CHECKING([for Solaris/Illumos privilege support]) + if test "x$ac_cv_func_setppriv" = "xyes" -a \ + "x$ac_cv_header_priv_h" = "xyes" ; then + SOLARIS_PRIVS=yes + AC_MSG_RESULT([found]) + AC_DEFINE([NO_UID_RESTORATION_TEST], [1], + [Define to disable UID restoration test]) + AC_DEFINE([USE_SOLARIS_PRIVS], [1], + [Define if you have Solaris privileges]) + SPP_MSG="yes" + else + AC_MSG_RESULT([not found]) + AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) + fi + ], + ) TEST_SHELL=$SHELL # let configure find us a capable shell ;; *-*-sunos4*) @@ -1122,7 +1176,6 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ exit(0); ]])], dnl Checks for header files. # Checks for libraries. -AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) dnl IRIX and Solaris 2.5.1 have dirname() in libgen @@ -1286,8 +1339,10 @@ AC_SEARCH_LIBS([openpty], [util bsd]) AC_SEARCH_LIBS([updwtmp], [util bsd]) AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) -# On some platforms, inet_ntop may be found in libresolv or libnsl. +# On some platforms, inet_ntop and gethostbyname may be found in libresolv +# or libnsl. AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) +AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) AC_FUNC_STRFTIME @@ -1345,6 +1400,9 @@ g.gl_statv = NULL; AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include ]) +AC_CHECK_DECL([VIS_ALL], , + AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include ]) + AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ @@ -1405,7 +1463,7 @@ AC_ARG_WITH([skey], AC_MSG_RESULT([no]) AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) ]) - AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) + AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include @@ -1468,7 +1526,7 @@ AC_ARG_WITH([libedit], AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) if test "x$PKGCONFIG" != "xno"; then AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) - if "$PKGCONFIG" libedit; then + if "$PKGCONFIG" libedit; then AC_MSG_RESULT([yes]) use_pkgconfig_for_libedit=yes else @@ -1539,9 +1597,9 @@ AC_ARG_WITH([audit], AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) if test "$sol2ver" -ge 11; then - SSHDLIBS="$SSHDLIBS -lscf" - AC_DEFINE([BROKEN_BSM_API], [1], - [The system has incomplete BSM API]) + SSHDLIBS="$SSHDLIBS -lscf" + AC_DEFINE([BROKEN_BSM_API], [1], + [The system has incomplete BSM API]) fi ;; linux) @@ -1633,6 +1691,8 @@ AC_CHECK_FUNCS([ \ closefrom \ dirfd \ endgrent \ + err \ + errx \ explicit_bzero \ fchmod \ fchown \ @@ -1659,7 +1719,6 @@ AC_CHECK_FUNCS([ \ inet_ntop \ innetgr \ login_getcapbool \ - mblen \ md5_crypt \ memmove \ memset_s \ @@ -1669,6 +1728,7 @@ AC_CHECK_FUNCS([ \ nsleep \ ogetaddrinfo \ openlog_r \ + pledge \ poll \ prctl \ pstat \ @@ -1723,8 +1783,15 @@ AC_CHECK_FUNCS([ \ vasprintf \ vsnprintf \ waitpid \ + warn \ ]) +dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -D_XOPEN_SOURCE" +AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) +CFLAGS="$saved_CFLAGS" + AC_LINK_IFELSE( [AC_LANG_PROGRAM( [[ #include ]], @@ -1732,8 +1799,18 @@ AC_LINK_IFELSE( [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) ]) +disable_pkcs11= +AC_ARG_ENABLE([pkcs11], + [ --disable-pkcs11 disable PKCS#11 support code [no]], + [ + if test "x$enableval" = "xno" ; then + disable_pkcs11=1 + fi + ] +) + # PKCS11 depends on OpenSSL. -if test "x$openssl" = "xyes" ; then +if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then # PKCS#11 support requires dlopen() and co AC_SEARCH_LIBS([dlopen], [dl], [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] @@ -1948,7 +2025,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then [[ char b[5]; snprintf(b,5,"123456789"); - exit(b[4]!='\0'); + exit(b[4]!='\0'); ]])], [AC_MSG_RESULT([yes])], [ @@ -2252,6 +2329,41 @@ if test "x$check_for_conflicting_getspnam" = "x1"; then ) fi +dnl NetBSD added an strnvis and unfortunately made it incompatible with the +dnl existing one in OpenBSD and Linux's libbsd (the former having existed +dnl for over ten years). Despite this incompatibility being reported during +dnl development (see http://gnats.netbsd.org/44977) they still shipped it. +dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible +dnl implementation. Try to detect this mess, and assume the only safe option +dnl if we're cross compiling. +dnl +dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); +dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); +if test "x$ac_cv_func_strnvis" = "xyes"; then + AC_MSG_CHECKING([for working strnvis]) + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([[ +#include +#include +#include +#include +static void sighandler(int sig) { _exit(1); } + ]], [[ + char dst[16]; + + signal(SIGSEGV, sighandler); + if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) + exit(0); + exit(1) + ]])], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], + [AC_MSG_WARN([cross compiling: assuming broken]) + AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] + ) +fi + AC_FUNC_GETPGRP # Search for OpenSSL @@ -2309,10 +2421,10 @@ openssl_engine=no AC_ARG_WITH([ssl-engine], [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], [ - if test "x$openssl" = "xno" ; then - AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) - fi if test "x$withval" != "xno" ; then + if test "x$openssl" = "xno" ; then + AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) + fi openssl_engine=yes fi ] @@ -2345,6 +2457,7 @@ if test "x$openssl" = "xyes" ; then AC_MSG_CHECKING([OpenSSL header version]) AC_RUN_IFELSE( [AC_LANG_PROGRAM([[ + #include #include #include #include @@ -2357,7 +2470,9 @@ if test "x$openssl" = "xyes" ; then if(fd == NULL) exit(1); - if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) + if ((rc = fprintf(fd, "%08lx (%s)\n", + (unsigned long)OPENSSL_VERSION_NUMBER, + OPENSSL_VERSION_TEXT)) < 0) exit(1); exit(0); @@ -2392,8 +2507,8 @@ if test "x$openssl" = "xyes" ; then if(fd == NULL) exit(1); - if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), - SSLeay_version(SSLEAY_VERSION))) <0) + if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), + SSLeay_version(SSLEAY_VERSION))) < 0) exit(1); exit(0); @@ -2424,6 +2539,7 @@ if test "x$openssl" = "xyes" ; then [AC_LANG_PROGRAM([[ #include #include + #include ]], [[ exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); ]])], @@ -2567,7 +2683,8 @@ if test "x$openssl" = "xyes" ; then [ AC_MSG_RESULT([no]) unsupported_algorithms="$unsupported_cipers \ - aes128-gcm@openssh.com aes256-gcm@openssh.com" + aes128-gcm@openssh.com \ + aes256-gcm@openssh.com" ] ) @@ -2610,16 +2727,18 @@ if test "x$openssl" = "xyes" ; then # Search for SHA256 support in libc and/or OpenSSL AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , [unsupported_algorithms="$unsupported_algorithms \ - hmac-sha2-256 hmac-sha2-512 \ + hmac-sha2-256 \ + hmac-sha2-512 \ diffie-hellman-group-exchange-sha256 \ - hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" + hmac-sha2-256-etm@openssh.com \ + hmac-sha2-512-etm@openssh.com" ] ) # Search for RIPE-MD support in OpenSSL AC_CHECK_FUNCS([EVP_ripemd160], , [unsupported_algorithms="$unsupported_algorithms \ - hmac-ripemd160 - hmac-ripemd160@openssh.com + hmac-ripemd160 \ + hmac-ripemd160@openssh.com \ hmac-ripemd160-etm@openssh.com" ] ) @@ -2720,24 +2839,30 @@ if test "x$openssl" = "xyes" ; then TEST_SSH_ECC=yes COMMENT_OUT_ECC="" else - unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ - ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" + unsupported_algorithms="$unsupported_algorithms \ + ecdsa-sha2-nistp256 \ + ecdh-sha2-nistp256 \ + ecdsa-sha2-nistp256-cert-v01@openssh.com" fi if test x$enable_nistp384 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) TEST_SSH_ECC=yes COMMENT_OUT_ECC="" else - unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ - ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" + unsupported_algorithms="$unsupported_algorithms \ + ecdsa-sha2-nistp384 \ + ecdh-sha2-nistp384 \ + ecdsa-sha2-nistp384-cert-v01@openssh.com" fi if test x$enable_nistp521 = x1; then AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) TEST_SSH_ECC=yes COMMENT_OUT_ECC="" else - unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ - ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" + unsupported_algorithms="$unsupported_algorithms \ + ecdh-sha2-nistp521 \ + ecdsa-sha2-nistp521 \ + ecdsa-sha2-nistp521-cert-v01@openssh.com" fi AC_SUBST([TEST_SSH_ECC]) @@ -2759,7 +2884,7 @@ AC_CHECK_LIB([iaf], [ia_openinfo], [ LIBS="$LIBS -liaf" AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" AC_DEFINE([HAVE_LIBIAF], [1], - [Define if system has libiaf that supports set_id]) + [Define if system has libiaf that supports set_id]) ]) ]) LIBS="$saved_LIBS" @@ -2998,7 +3123,7 @@ fi # Decide which sandbox style to use sandbox_arg="" AC_ARG_WITH([sandbox], - [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], + [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], [ if test "x$withval" = "xyes" ; then sandbox_arg="" @@ -3094,7 +3219,13 @@ AC_RUN_IFELSE( [AC_MSG_WARN([cross compiling: assuming yes])] ) -if test "x$sandbox_arg" = "xsystrace" || \ +if test "x$sandbox_arg" = "xpledge" || \ + ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then + test "x$ac_cv_func_pledge" != "xyes" && \ + AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) + SANDBOX_STYLE="pledge" + AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) +elif test "x$sandbox_arg" = "xsystrace" || \ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then test "x$have_systr_policy_kill" != "x1" && \ AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) @@ -3147,6 +3278,10 @@ elif test "x$sandbox_arg" = "xrlimit" || \ AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) SANDBOX_STYLE="rlimit" AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) +elif test "x$sandbox_arg" = "xsolaris" || \ + ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then + SANDBOX_STYLE="solaris" + AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then SANDBOX_STYLE="none" @@ -3275,7 +3410,7 @@ fi AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ u_int a; a = 1;]])], - [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" + [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" ]) ]) if test "x$ac_cv_have_u_int" = "xyes" ; then @@ -3286,7 +3421,7 @@ fi AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], - [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" + [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" ]) ]) if test "x$ac_cv_have_intxx_t" = "xyes" ; then @@ -3303,7 +3438,7 @@ then [ AC_DEFINE([HAVE_INTXX_T]) AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) + ], [ AC_MSG_RESULT([no]) ]) fi @@ -3320,7 +3455,7 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ ]], [[ int64_t a; a = 1; ]])], - [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" + [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" ]) ]) if test "x$ac_cv_have_int64_t" = "xyes" ; then @@ -3330,7 +3465,7 @@ fi AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], - [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" + [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" ]) ]) if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then @@ -3345,14 +3480,14 @@ if test -z "$have_u_intxx_t" ; then [ AC_DEFINE([HAVE_U_INTXX_T]) AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) + ], [ AC_MSG_RESULT([no]) ]) fi AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ u_int64_t a; a = 1;]])], - [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" + [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" ]) ]) if test "x$ac_cv_have_u_int64_t" = "xyes" ; then @@ -3369,7 +3504,7 @@ then [ AC_DEFINE([HAVE_U_INT64_T]) AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) + ], [ AC_MSG_RESULT([no]) ]) fi @@ -3383,7 +3518,7 @@ if test -z "$have_u_intxx_t" ; then uint32_t c; a = b = c = 1; ]])], - [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" + [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" ]) ]) if test "x$ac_cv_have_uintxx_t" = "xyes" ; then @@ -3401,7 +3536,7 @@ then [ AC_DEFINE([HAVE_UINTXX_T]) AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) + ], [ AC_MSG_RESULT([no]) ]) fi @@ -3414,7 +3549,7 @@ then [ AC_DEFINE([HAVE_UINTXX_T]) AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) + ], [ AC_MSG_RESULT([no]) ]) fi @@ -3441,7 +3576,7 @@ fi AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ u_char foo; foo = 125; ]])], - [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" + [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" ]) ]) if test "x$ac_cv_have_u_char" = "xyes" ; then @@ -3476,7 +3611,7 @@ AC_CHECK_TYPES([in_addr_t, in_port_t], , , AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ size_t foo; foo = 1235; ]])], - [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" + [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" ]) ]) if test "x$ac_cv_have_size_t" = "xyes" ; then @@ -3486,7 +3621,7 @@ fi AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ ssize_t foo; foo = 1235; ]])], - [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" + [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" ]) ]) if test "x$ac_cv_have_ssize_t" = "xyes" ; then @@ -3496,7 +3631,7 @@ fi AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ clock_t foo; foo = 1235; ]])], - [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" + [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" ]) ]) if test "x$ac_cv_have_clock_t" = "xyes" ; then @@ -3527,7 +3662,7 @@ fi AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ pid_t foo; foo = 1235; ]])], - [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" + [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" ]) ]) if test "x$ac_cv_have_pid_t" = "xyes" ; then @@ -3537,7 +3672,7 @@ fi AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ mode_t foo; foo = 1235; ]])], - [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" + [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" ]) ]) if test "x$ac_cv_have_mode_t" = "xyes" ; then @@ -3551,7 +3686,7 @@ AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage #include ]], [[ struct sockaddr_storage s; ]])], [ ac_cv_have_struct_sockaddr_storage="yes" ], - [ ac_cv_have_struct_sockaddr_storage="no" + [ ac_cv_have_struct_sockaddr_storage="no" ]) ]) if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then @@ -3565,7 +3700,7 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ #include ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], [ ac_cv_have_struct_sockaddr_in6="yes" ], - [ ac_cv_have_struct_sockaddr_in6="no" + [ ac_cv_have_struct_sockaddr_in6="no" ]) ]) if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then @@ -3579,7 +3714,7 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ #include ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], [ ac_cv_have_struct_in6_addr="yes" ], - [ ac_cv_have_struct_in6_addr="no" + [ ac_cv_have_struct_in6_addr="no" ]) ]) if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then @@ -3603,7 +3738,7 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ #include ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], [ ac_cv_have_struct_addrinfo="yes" ], - [ ac_cv_have_struct_addrinfo="no" + [ ac_cv_have_struct_addrinfo="no" ]) ]) if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then @@ -3615,7 +3750,7 @@ AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ struct timeval tv; tv.tv_sec = 1;]])], [ ac_cv_have_struct_timeval="yes" ], - [ ac_cv_have_struct_timeval="no" + [ ac_cv_have_struct_timeval="no" ]) ]) if test "x$ac_cv_have_struct_timeval" = "xyes" ; then @@ -3723,7 +3858,7 @@ AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], #include ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], [ ac_cv_have___ss_family_in_struct_ss="yes" ], - [ ac_cv_have___ss_family_in_struct_ss="no" + [ ac_cv_have___ss_family_in_struct_ss="no" ]) ]) if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then @@ -3822,7 +3957,7 @@ AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ extern char *__progname; printf("%s", __progname); ]])], [ ac_cv_libc_defines___progname="yes" ], - [ ac_cv_libc_defines___progname="no" + [ ac_cv_libc_defines___progname="no" ]) ]) if test "x$ac_cv_libc_defines___progname" = "xyes" ; then @@ -3833,7 +3968,7 @@ AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNC AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ printf("%s", __FUNCTION__); ]])], [ ac_cv_cc_implements___FUNCTION__="yes" ], - [ ac_cv_cc_implements___FUNCTION__="no" + [ ac_cv_cc_implements___FUNCTION__="no" ]) ]) if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then @@ -3845,7 +3980,7 @@ AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ printf("%s", __func__); ]])], [ ac_cv_cc_implements___func__="yes" ], - [ ac_cv_cc_implements___func__="no" + [ ac_cv_cc_implements___func__="no" ]) ]) if test "x$ac_cv_cc_implements___func__" = "xyes" ; then @@ -3858,7 +3993,7 @@ AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ va_list x,y; ]], [[ va_copy(x,y); ]])], [ ac_cv_have_va_copy="yes" ], - [ ac_cv_have_va_copy="no" + [ ac_cv_have_va_copy="no" ]) ]) if test "x$ac_cv_have_va_copy" = "xyes" ; then @@ -3870,7 +4005,7 @@ AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ #include va_list x,y; ]], [[ __va_copy(x,y); ]])], - [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" + [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" ]) ]) if test "x$ac_cv_have___va_copy" = "xyes" ; then @@ -3882,7 +4017,7 @@ AC_CACHE_CHECK([whether getopt has optreset support], AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]], [[ extern int optreset; optreset = 0; ]])], [ ac_cv_have_getopt_optreset="yes" ], - [ ac_cv_have_getopt_optreset="no" + [ ac_cv_have_getopt_optreset="no" ]) ]) if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then @@ -3894,7 +4029,7 @@ AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], [ ac_cv_libc_defines_sys_errlist="yes" ], - [ ac_cv_libc_defines_sys_errlist="no" + [ ac_cv_libc_defines_sys_errlist="no" ]) ]) if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then @@ -3907,7 +4042,7 @@ AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ extern int sys_nerr; printf("%i", sys_nerr);]])], [ ac_cv_libc_defines_sys_nerr="yes" ], - [ ac_cv_libc_defines_sys_nerr="no" + [ ac_cv_libc_defines_sys_nerr="no" ]) ]) if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then @@ -3970,7 +4105,10 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include #include extern struct __res_state _res; - ]], [[ ]])], + ]], [[ +struct __res_state *volatile p = &_res; /* force resolution of _res */ +return 0; + ]],)], [AC_MSG_RESULT([yes]) AC_DEFINE([HAVE__RES_EXTERN], [1], [Define if you have struct __res_state _res as an extern]) @@ -4063,7 +4201,6 @@ AC_ARG_WITH([kerberos5], [K5LIBS="$K5LIBS -ldes"]) ], [ AC_MSG_RESULT([no]) K5LIBS="-lkrb5 -lk5crypto -lcom_err" - ]) AC_SEARCH_LIBS([dn_expand], [resolv]) @@ -4246,7 +4383,7 @@ AC_ARG_WITH([maildir], exit(0); ]])], [ - maildir_what=`awk -F: '{print $1}' conftest.maildir` + maildir_what=`awk -F: '{print $1}' conftest.maildir` maildir=`awk -F: '{print $2}' conftest.maildir \ | sed 's|/$||'` AC_MSG_RESULT([Using: $maildir from $maildir_what]) @@ -4591,7 +4728,7 @@ AC_ARG_WITH([pid-dir], ] ) -AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], +AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], [Specify location of ssh.pid]) AC_SUBST([piddir]) @@ -4749,7 +4886,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ char *utmp = UTMP_FILE; ]])], [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) - system_utmp_path=no + system_utmp_path=no ]) if test -z "$conf_utmp_location"; then if test x"$system_utmp_path" = x"no" ; then @@ -4779,7 +4916,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ char *wtmp = WTMP_FILE; ]])], [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) - system_wtmp_path=no + system_wtmp_path=no ]) if test -z "$conf_wtmp_location"; then if test x"$system_wtmp_path" = x"no" ; then @@ -4812,7 +4949,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ char *wtmpx = WTMPX_FILE; ]])], [ AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) - system_wtmpx_path=no + system_wtmpx_path=no ]) if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -4933,6 +5070,7 @@ echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" +echo " Solaris privilege support: $SPP_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/contrib/Makefile b/contrib/Makefile index 8b34eb2..eaf7fe2 100644 --- a/contrib/Makefile +++ b/contrib/Makefile @@ -1,15 +1,17 @@ +PKG_CONFIG = pkg-config + all: @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" gnome-ssh-askpass1: gnome-ssh-askpass1.c - $(CC) `gnome-config --cflags gnome gnomeui` \ + $(CC) $(CFLAGS) `gnome-config --cflags gnome gnomeui` \ gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ `gnome-config --libs gnome gnomeui` gnome-ssh-askpass2: gnome-ssh-askpass2.c - $(CC) `pkg-config --cflags gtk+-2.0` \ + $(CC) $(CFLAGS) `$(PKG_CONFIG) --cflags gtk+-2.0` \ gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ - `pkg-config --libs gtk+-2.0 x11` + `$(PKG_CONFIG) --libs gtk+-2.0 x11` clean: rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass diff --git a/contrib/README b/contrib/README index c002238..60e19ba 100644 --- a/contrib/README +++ b/contrib/README @@ -11,7 +11,7 @@ which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or https CONNECT style proxy server. His page for connect.c has extensive documentation on its use as well as compiled versions for Win32. -http://www.taiyo.co.jp/~gotoh/ssh/connect.html +https://bitbucket.org/gotoh/connect/wiki/Home X11 SSH Askpass: diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec deleted file mode 100644 index 73d441d..0000000 --- a/contrib/caldera/openssh.spec +++ /dev/null @@ -1,366 +0,0 @@ - -# Some of this will need re-evaluation post-LSB. The SVIdir is there -# because the link appeared broken. The rest is for easy compilation, -# the tradeoff open to discussion. (LC957) - -%define SVIdir /etc/rc.d/init.d -%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} -%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} - -%define _mandir %{_prefix}/share/man/en -%define _sysconfdir /etc/ssh -%define _libexecdir %{_libdir}/ssh - -# Do we want to disable root_login? (1=yes 0=no) -%define no_root_login 0 - -#old cvs stuff. please update before use. may be deprecated. -%define use_stable 1 -%define version 5.9p1 -%if %{use_stable} - %define cvs %{nil} - %define release 1 -%else - %define cvs cvs20050315 - %define release 0r1 -%endif -%define xsa x11-ssh-askpass -%define askpass %{xsa}-1.2.4.1 - -# OpenSSH privilege separation requires a user & group ID -%define sshd_uid 67 -%define sshd_gid 67 - -Name : openssh -Version : %{version}%{cvs} -Release : %{release} -Group : System/Network - -Summary : OpenSSH free Secure Shell (SSH) implementation. -Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). -Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). -Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). -Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. -Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). -Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH). - -Copyright : BSD -Packager : Raymund Will -URL : http://www.openssh.com/ - -Obsoletes : ssh, ssh-clients, openssh-clients - -BuildRoot : /tmp/%{name}-%{version} -BuildRequires : XFree86-imake - -# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable -# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs -Source0: see-above:/.../openssh-%{version}.tar.gz -%if %{use_stable} -Source1: see-above:/.../openssh-%{version}.tar.gz.asc -%endif -Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz -Source3: http://www.openssh.com/faq.html - -%Package server -Group : System/Network -Requires : openssh = %{version} -Obsoletes : ssh-server - -Summary : OpenSSH Secure Shell protocol server (sshd). -Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). -Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). -Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). -Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). -Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). -Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). - - -%Package askpass -Group : System/Network -Requires : openssh = %{version} -URL : http://www.jmknoble.net/software/x11-ssh-askpass/ -Obsoletes : ssh-extras - -Summary : OpenSSH X11 pass-phrase dialog. -Summary(de) : OpenSSH X11 Passwort-Dialog. -Summary(es) : Aplicación de petición de frase clave OpenSSH X11. -Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. -Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. -Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. -Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH. - - -%Description -OpenSSH (Secure Shell) provides access to a remote system. It replaces -telnet, rlogin, rexec, and rsh, and provides secure encrypted -communications between two untrusted hosts over an insecure network. -X11 connections and arbitrary TCP/IP ports can also be forwarded over -the secure channel. - -%Description -l de -OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt -telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte -Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres -Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso -über den sicheren Channel weitergeleitet werden. - -%Description -l es -OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a -telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas -entre dos equipos entre los que no se ha establecido confianza a través de una -red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden -ser canalizadas sobre el canal seguro. - -%Description -l fr -OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace -telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées -securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des -connexions X11 et des ports TCP/IP arbitraires peuvent également être -transmis sur le canal sécurisé. - -%Description -l it -OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. -Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure -e crittate tra due host non fidati su una rete non sicura. Le connessioni -X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso -un canale sicuro. - -%Description -l pt -OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o -telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas -entre duas máquinas sem confiança mútua sobre uma rede insegura. -Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados -pelo canal seguro. - -%Description -l pt_BR -O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o -telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas -entre duas máquinas sem confiança mútua sobre uma rede insegura. -Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas -pelo canal seguro. - -%Description server -This package installs the sshd, the server portion of OpenSSH. - -%Description -l de server -Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. - -%Description -l es server -Este paquete instala sshd, la parte servidor de OpenSSH. - -%Description -l fr server -Ce paquetage installe le 'sshd', partie serveur de OpenSSH. - -%Description -l it server -Questo pacchetto installa sshd, il server di OpenSSH. - -%Description -l pt server -Este pacote intala o sshd, o servidor do OpenSSH. - -%Description -l pt_BR server -Este pacote intala o sshd, o servidor do OpenSSH. - -%Description askpass -This package contains an X11-based pass-phrase dialog used per -default by ssh-add(1). It is based on %{askpass} -by Jim Knoble . - - -%Prep -%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 -%if ! %{use_stable} - autoreconf -%endif - - -%Build -CFLAGS="$RPM_OPT_FLAGS" \ -%configure \ - --with-pam \ - --with-tcp-wrappers \ - --with-privsep-path=%{_var}/empty/sshd \ - #leave this line for easy edits. - -%__make - -cd %{askpass} -%configure \ - #leave this line for easy edits. - -xmkmf -%__make includes -%__make - - -%Install -[ %{buildroot} != "/" ] && rm -rf %{buildroot} - -make install DESTDIR=%{buildroot} -%makeinstall -C %{askpass} \ - BINDIR=%{_libexecdir} \ - MANPATH=%{_mandir} \ - DESTDIR=%{buildroot} - -# OpenLinux specific configuration -mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} -mkdir -p %{buildroot}%{_var}/empty/sshd - -# enabling X11 forwarding on the server is convenient and okay, -# on the client side it's a potential security risk! -%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ - %{buildroot}%{_sysconfdir}/sshd_config - -%if %{no_root_login} -%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ - %{buildroot}%{_sysconfdir}/sshd_config -%endif - -install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd -# FIXME: disabled, find out why this doesn't work with nis -%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ - %{buildroot}/etc/pam.d/sshd - -install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd - -# the last one is needless, but more future-proof -find %{buildroot}%{SVIdir} -type f -exec \ - %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ - s:\@sysconfdir\@:%{_sysconfdir}:g; \ - s:/usr/sbin:%{_sbindir}:g'\ - \{\} \; - -cat <<-EoD > %{buildroot}%{SVIcdir}/sshd - IDENT=sshd - DESCRIPTIVE="OpenSSH secure shell daemon" - # This service will be marked as 'skipped' on boot if there - # is no host key. Use ssh-host-keygen to generate one - ONBOOT="yes" - OPTIONS="" -EoD - -SKG=%{buildroot}%{_sbindir}/ssh-host-keygen -install -m 0755 contrib/caldera/ssh-host-keygen $SKG -# Fix up some path names in the keygen toy^Hol - %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ - s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ - %{buildroot}%{_sbindir}/ssh-host-keygen - -# This looks terrible. Expect it to change. -# install remaining docs -DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" -mkdir -p $DocD/%{askpass} -cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD -install -p -m 0444 %{SOURCE3} $DocD/faq.html -cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} -%if %{use_stable} - cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 -%else - cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 - ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 -%endif - -find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf -rm %{buildroot}%{_mandir}/man1/slogin.1 && \ - ln -s %{_mandir}/man1/ssh.1.gz \ - %{buildroot}%{_mandir}/man1/slogin.1.gz - - -%Clean -#%{rmDESTDIR} -[ %{buildroot} != "/" ] && rm -rf %{buildroot} - -%Post -# Generate host key when none is present to get up and running, -# both client and server require this for host-based auth! -# ssh-host-keygen checks for existing keys. -/usr/sbin/ssh-host-keygen -: # to protect the rpm database - -%pre server -%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : -%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ - -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : -: # to protect the rpm database - -%Post server -if [ -x %{LSBinit}-install ]; then - %{LSBinit}-install sshd -else - lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 -fi - -! %{SVIdir}/sshd status || %{SVIdir}/sshd restart -: # to protect the rpm database - - -%PreUn server -[ "$1" = 0 ] || exit 0 -! %{SVIdir}/sshd status || %{SVIdir}/sshd stop -if [ -x %{LSBinit}-remove ]; then - %{LSBinit}-remove sshd -else - lisa --SysV-init remove sshd $1 -fi -: # to protect the rpm database - -%Files -%defattr(-,root,root) -%dir %{_sysconfdir} -%config %{_sysconfdir}/ssh_config -%{_bindir}/scp -%{_bindir}/sftp -%{_bindir}/ssh -%{_bindir}/slogin -%{_bindir}/ssh-add -%attr(2755,root,nobody) %{_bindir}/ssh-agent -%{_bindir}/ssh-keygen -%{_bindir}/ssh-keyscan -%dir %{_libexecdir} -%attr(4711,root,root) %{_libexecdir}/ssh-keysign -%{_libexecdir}/ssh-pkcs11-helper -%{_sbindir}/ssh-host-keygen -%dir %{_defaultdocdir}/%{name}-%{version} -%{_defaultdocdir}/%{name}-%{version}/CREDITS -%{_defaultdocdir}/%{name}-%{version}/ChangeLog -%{_defaultdocdir}/%{name}-%{version}/LICENCE -%{_defaultdocdir}/%{name}-%{version}/OVERVIEW -%{_defaultdocdir}/%{name}-%{version}/README* -%{_defaultdocdir}/%{name}-%{version}/TODO -%{_defaultdocdir}/%{name}-%{version}/faq.html -%{_mandir}/man1/* -%{_mandir}/man8/ssh-keysign.8.gz -%{_mandir}/man8/ssh-pkcs11-helper.8.gz -%{_mandir}/man5/ssh_config.5.gz - -%Files server -%defattr(-,root,root) -%dir %{_var}/empty/sshd -%config %{SVIdir}/sshd -%config /etc/pam.d/sshd -%config %{_sysconfdir}/moduli -%config %{_sysconfdir}/sshd_config -%config %{SVIcdir}/sshd -%{_libexecdir}/sftp-server -%{_sbindir}/sshd -%{_mandir}/man5/moduli.5.gz -%{_mandir}/man5/sshd_config.5.gz -%{_mandir}/man8/sftp-server.8.gz -%{_mandir}/man8/sshd.8.gz - -%Files askpass -%defattr(-,root,root) -%{_libexecdir}/ssh-askpass -%{_libexecdir}/x11-ssh-askpass -%{_defaultdocdir}/%{name}-%{version}/%{askpass} - - -%ChangeLog -* Tue Jan 18 2011 Tim Rice -- Use CFLAGS from Makefile instead of RPM so build completes. -- Signatures were changed to .asc since 4.1p1. - -* Mon Jan 01 1998 ... -Template Version: 1.31 - -$Id: openssh.spec,v 1.75.2.1 2011/09/05 00:28:11 djm Exp $ diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen deleted file mode 100644 index 86382dd..0000000 --- a/contrib/caldera/ssh-host-keygen +++ /dev/null @@ -1,36 +0,0 @@ -#! /bin/sh -# -# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $ -# -# This script is normally run only *once* for a given host -# (in a given period of time) -- on updates/upgrades/recovery -# the ssh_host_key* files _should_ be retained! Otherwise false -# "man-in-the-middle-attack" alerts will frighten unsuspecting -# clients... - -keydir=@sysconfdir@ -keygen=@sshkeygen@ - -if [ -f $keydir/ssh_host_key -o \ - -f $keydir/ssh_host_key.pub ]; then - echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." -else - echo "Generating SSH1 RSA host key." - $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N '' -fi - -if [ -f $keydir/ssh_host_rsa_key -o \ - -f $keydir/ssh_host_rsa_key.pub ]; then - echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." -else - echo "Generating SSH2 RSA host key." - $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' -fi - -if [ -f $keydir/ssh_host_dsa_key -o \ - -f $keydir/ssh_host_dsa_key.pub ]; then - echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." -else - echo "Generating SSH2 DSA host key." - $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N '' -fi diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init deleted file mode 100644 index 983146f..0000000 --- a/contrib/caldera/sshd.init +++ /dev/null @@ -1,125 +0,0 @@ -#! /bin/bash -# -# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $ -# -### BEGIN INIT INFO -# Provides: -# Required-Start: $network -# Required-Stop: -# Default-Start: 3 4 5 -# Default-Stop: 0 1 2 6 -# Description: sshd -# Bring up/down the OpenSSH secure shell daemon. -### END INIT INFO -# -# Written by Miquel van Smoorenburg . -# Modified for Debian GNU/Linux by Ian Murdock . -# Modified for OpenLinux by Raymund Will - -NAME=sshd -DAEMON=/usr/sbin/$NAME -# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem -# created by recent OpenSSH daemon/ssd combinations. See Caldera internal -# PR [linux/8278] for details... -PIDF=/var/run/$NAME.pid -NAME=$DAEMON - -_status() { - [ -z "$1" ] || local pidf="$1" - local ret=-1 - local pid - if [ -n "$pidf" ] && [ -r "$pidf" ]; then - pid=$(head -1 $pidf) - else - pid=$(pidof $NAME) - fi - - if [ ! -e $SVIlock ]; then - # no lock-file => not started == stopped? - ret=3 - elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then - # pid-file given but not present or no pid => died, but was not stopped - ret=2 - elif [ -r /proc/$pid/cmdline ] && - echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then - # pid-file given and present or pid found => check process... - # but don't compare exe, as this will fail after an update! - # compares OK => all's well, that ends well... - ret=0 - else - # no such process or exe does not match => stale pid-file or process died - # just recently... - ret=1 - fi - return $ret -} - -# Source function library (and set vital variables). -. @SVIdir@/functions - -case "$1" in - start) - [ ! -e $SVIlock ] || exit 0 - [ -x $DAEMON ] || exit 5 - SVIemptyConfig @sysconfdir@/sshd_config && exit 6 - - if [ ! \( -f @sysconfdir@/ssh_host_key -a \ - -f @sysconfdir@/ssh_host_key.pub \) -a \ - ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ - -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ - ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ - -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then - - echo "$SVIsubsys: host key not initialized: skipped!" - echo "$SVIsubsys: use ssh-host-keygen to generate one!" - exit 6 - fi - - echo -n "Starting $SVIsubsys services: " - ssd -S -x $DAEMON -n $NAME -- $OPTIONS - ret=$? - - echo "." - touch $SVIlock - ;; - - stop) - [ -e $SVIlock ] || exit 0 - - echo -n "Stopping $SVIsubsys services: " - ssd -K -p $PIDF -n $NAME - ret=$? - - echo "." - rm -f $SVIlock - ;; - - force-reload|reload) - [ -e $SVIlock ] || exit 0 - - echo "Reloading $SVIsubsys configuration files: " - ssd -K --signal 1 -q -p $PIDF -n $NAME - ret=$? - echo "done." - ;; - - restart) - $0 stop - $0 start - ret=$? - ;; - - status) - _status $PIDF - ret=$? - ;; - - *) - echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}" - ret=2 - ;; - -esac - -exit $ret - diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam deleted file mode 100644 index f050a9a..0000000 --- a/contrib/caldera/sshd.pam +++ /dev/null @@ -1,8 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_pwdb.so shadow nodelay -account required /lib/security/pam_nologin.so -account required /lib/security/pam_pwdb.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_pwdb.so shadow nullok use_authtok -session required /lib/security/pam_pwdb.so -session required /lib/security/pam_limits.so diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile index dc857f2..a0261f4 100644 --- a/contrib/cygwin/Makefile +++ b/contrib/cygwin/Makefile @@ -36,21 +36,20 @@ install-inetd-config: install-sshdoc: $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir) - $(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS - $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog - $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE - $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW - $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL - $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent - $(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys - $(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux - $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README - $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns - $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform - $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep - $(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun - $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO - $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG + -$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS + -$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog + -$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE + -$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW + -$(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL + -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent + -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys + -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux + -$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README + -$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns + -$(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform + -$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep + -$(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun + -$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO install-cygwindoc: README $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir) diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 5f911e9..a73a0f6 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -4,115 +4,18 @@ The binary package is usually built for recent Cygwin versions and might not run on older versions. Please check http://cygwin.com/ for information about current Cygwin releases. -Build instructions are at the end of the file. - -=========================================================================== -Important change since 3.7.1p2-2: - -The ssh-host-config file doesn't create the /etc/ssh_config and -/etc/sshd_config files from builtin here-scripts anymore, but it uses -skeleton files installed in /etc/defaults/etc. - -Also it now tries hard to create appropriate permissions on files. -Same applies for ssh-user-config. - -After creating the sshd service with ssh-host-config, it's advisable to -call ssh-user-config for all affected users, also already exising user -configurations. In the latter case, file and directory permissions are -checked and changed, if requireed to match the host configuration. - -Important note for Windows 2003 Server users: ---------------------------------------------- - -2003 Server has a funny new feature. When starting services under SYSTEM -account, these services have nearly all user rights which SYSTEM holds... -except for the "Create a token object" right, which is needed to allow -public key authentication :-( - -There's no way around this, except for creating a substitute account which -has the appropriate privileges. Basically, this account should be member -of the administrators group, plus it should have the following user rights: - - Create a token object - Logon as a service - Replace a process level token - Increase Quota - -The ssh-host-config script asks you, if it should create such an account, -called "sshd_server". If you say "no" here, you're on your own. Please -follow the instruction in ssh-host-config exactly if possible. Note that -ssh-user-config sets the permissions on 2003 Server machines dependent of -whether a sshd_server account exists or not. -=========================================================================== - -=========================================================================== -Important change since 3.4p1-2: - -This version adds privilege separation as default setting, see -/usr/doc/openssh/README.privsep. According to that document the -privsep feature requires a non-privileged account called 'sshd'. - -The new ssh-host-config file which is part of this version asks -to create 'sshd' as local user if you want to use privilege -separation. If you confirm, it creates that NT user and adds -the necessary entry to /etc/passwd. - -On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" -since that feature doesn't make any sense on a system which doesn't -differ between privileged and unprivileged users. - -The new ssh-host-config script also adds the /var/empty directory -needed by privilege separation. When creating the /var/empty directory -by yourself, please note that in contrast to the README.privsep document -the owner sshould not be "root" but the user which is running sshd. So, -in the standard configuration this is SYSTEM. The ssh-host-config script -chowns /var/empty accordingly. -=========================================================================== - -=========================================================================== -Important change since 3.0.1p1-2: - -This version introduces the ability to register sshd as service on -Windows 9x/Me systems. This is done only when the options -D and/or --d are not given. -=========================================================================== - -=========================================================================== -Important change since 2.9p2: - -Since Cygwin is able to switch user context without password beginning -with version 1.3.2, OpenSSH now allows to do so when it's running under -a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to -allow that feature. -=========================================================================== - -=========================================================================== -Important change since 2.3.0p1: - -When using `ntea' or `ntsec' you now have to care for the ownership -and permission bits of your host key files and your private key files. -The host key files have to be owned by the NT account which starts -sshd. The user key files have to be owned by the user. The permission -bits of the private key files (host and user) have to be at least -rw------- (0600)! - -Note that this is forced under `ntsec' only if the files are on a NTFS -filesystem (which is recommended) due to the lack of any basic security -features of the FAT/FAT32 filesystems. -=========================================================================== +================== +Host configuration +================== If you are installing OpenSSH the first time, you can generate global config -files and server keys by running +files and server keys, as well as installing sshd as a service, by running /usr/bin/ssh-host-config Note that this binary archive doesn't contain default config files in /etc. That files are only created if ssh-host-config is started. -If you are updating your installation you may run the above ssh-host-config -as well to move your configuration files to the new location and to -erase the files at the old location. - To support testing and unattended installation ssh-host-config got some options: @@ -122,18 +25,28 @@ Options: --yes -y Answer all questions with "yes" automatically. --no -n Answer all questions with "no" automatically. --cygwin -c Use "options" as value for CYGWIN environment var. + --name -N sshd windows service name. --port -p sshd listens on port n. - --pwd -w Use "pwd" as password for user 'sshd_server'. + --user -u privileged user for service, default 'cyg_server'. + --pwd -w Use "pwd" as password for privileged user. + --privileged On Windows XP, require privileged user + instead of LocalSystem for sshd service. -Additionally ssh-host-config now asks if it should install sshd as a -service when running under NT/W2K. This requires cygrunsrv installed. +Installing sshd as daemon via ssh-host-config is recommended. -You can create the private and public keys for a user now by running +Alternatively you can start sshd via inetd, if you have the inetutils +package installed. Just run ssh-host-config, but answer "no" when asked +to install sshd as service. The ssh-host-config script also adds the +required lines to /etc/inetd.conf and /etc/services. + +================== +User configuration +================== + +Any user can simplify creating the own private and public keys by running /usr/bin/ssh-user-config -under the users account. - To support testing and unattended installation ssh-user-config got some options as well: @@ -144,88 +57,29 @@ Options: --no -n Answer all questions with "no" automatically. --passphrase -p word Use "word" as passphrase automatically. -Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd -(results in very slow deamon startup!) or from the command line (recommended -on 9X/ME). - -If you start sshd as deamon via cygrunsrv.exe you MUST give the -"-D" option to sshd. Otherwise the service can't get started at all. - -If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the -following line to your inetd.conf file: - -ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i - -Moreover you'll have to add the following line to your -${SYSTEMROOT}/system32/drivers/etc/services file: - - ssh 22/tcp #SSH daemon - Please note that OpenSSH does never use the value of $HOME to search for the users configuration files! It always uses the value of the pw_dir field in /etc/passwd as the home directory. If no home diretory is set in /etc/passwd, the root directory is used instead! -You may use all features of the CYGWIN=ntsec setting the same -way as they are used by Cygwin's login(1) port: +================ +Building OpenSSH +================ - The pw_gecos field may contain an additional field, that begins - with (upper case!) "U-", followed by the domain and the username - separated by a backslash. - CAUTION: The SID _must_ remain the _last_ field in pw_gecos! - BTW: The field separator in pw_gecos is the comma. - The username in pw_name itself may be any nice name: +Building from source is easy. Just unpack the source archive, cd to that +directory, and call cygport: - domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... + cygport openssh.cygport all - Now you may use `domuser' as your login name with telnet! - This is possible additionally for local users, if you don't like - your NT login name ;-) You only have to leave out the domain: +You must have installed the following packages to be able to build OpenSSH +with the aforementioned cygport script: - locuser::1104:513:John Doe,U-user,S-1-5-21-... - -Note that the CYGWIN=ntsec setting is required for public key authentication. - -SSH2 server and user keys are generated by the `ssh-*-config' scripts -as well. - -If you want to build from source, the following options to -configure are used for the Cygwin binary distribution: - - --prefix=/usr \ - --sysconfdir=/etc \ - --libexecdir='${sbindir}' \ - --localstatedir=/var \ - --datadir='${prefix}/share' \ - --mandir='${datadir}/man' \ - --infodir='${datadir}/info' - --with-tcp-wrappers - --with-libedit - -If you want to create a Cygwin package, equivalent to the one -in the Cygwin binary distribution, install like this: - - mkdir /tmp/cygwin-ssh - cd ${builddir} - make install DESTDIR=/tmp/cygwin-ssh - cd ${srcdir}/contrib/cygwin - make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh - cd /tmp/cygwin-ssh - find * \! -type d | tar cvjfT my-openssh.tar.bz2 - - -You must have installed the following packages to be able to build OpenSSH: - -- zlib -- openssl-devel - -If you want to build with --with-tcp-wrappers, you also need the package - -- tcp_wrappers - -If you want to build with --with-libedit, you also need the package - -- libedit-devel + zlib + crypt + openssl-devel + libedit-devel + libkrb5-devel Please send requests, error reports etc. to cygwin@cygwin.com. diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 3ac39a6..d934d09 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -1,6 +1,6 @@ #!/bin/bash # -# ssh-host-config, Copyright 2000-2011 Red Hat Inc. +# ssh-host-config, Copyright 2000-2014 Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. # @@ -34,9 +34,9 @@ declare -a csih_required_commands=( /usr/bin/mv coreutils /usr/bin/rm coreutils /usr/bin/cygpath cygwin + /usr/bin/mkpasswd cygwin /usr/bin/mount cygwin /usr/bin/ps cygwin - /usr/bin/setfacl cygwin /usr/bin/umount cygwin /usr/bin/cmp diffutils /usr/bin/grep grep @@ -59,62 +59,16 @@ PREFIX=/usr SYSCONFDIR=/etc LOCALSTATEDIR=/var +sshd_config_configured=no port_number=22 -privsep_configured=no +service_name=sshd +strictmodes=yes privsep_used=yes cygwin_value="" user_account= password_value= opt_force=no -# ====================================================================== -# Routine: create_host_keys -# ====================================================================== -create_host_keys() { - local ret=0 - - if [ ! -f "${SYSCONFDIR}/ssh_host_key" ] - then - csih_inform "Generating ${SYSCONFDIR}/ssh_host_key" - if ! /usr/bin/ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null - then - csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!" - let ++ret - fi - fi - - if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ] - then - csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key" - if ! /usr/bin/ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null - then - csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!" - let ++ret - fi - fi - - if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ] - then - csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key" - if ! /usr/bin/ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null - then - csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!" - let ++ret - fi - fi - - if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ] - then - csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key" - if ! /usr/bin/ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null - then - csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!" - let ++ret - fi - fi - return $ret -} # --- End of create_host_keys --- # - # ====================================================================== # Routine: update_services_file # ====================================================================== @@ -137,28 +91,8 @@ update_services_file() { # Depends on the above mount _wservices=`cygpath -w "${_services}"` - # Remove sshd 22/port from services - if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] - then - /usr/bin/grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" - if [ -f "${_serv_tmp}" ] - then - if /usr/bin/mv "${_serv_tmp}" "${_services}" - then - csih_inform "Removing sshd from ${_wservices}" - else - csih_warning "Removing sshd from ${_wservices} failed!" - let ++ret - fi - /usr/bin/rm -f "${_serv_tmp}" - else - csih_warning "Removing sshd from ${_wservices} failed!" - let ++ret - fi - fi - # Add ssh 22/tcp and ssh 22/udp to services - if [ `/usr/bin/grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] + if [ `/usr/bin/grep -q 'ssh[[:space:]][[:space:]]*22' "${_services}"; echo $?` -ne 0 ] then if /usr/bin/awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" then @@ -179,18 +113,46 @@ update_services_file() { return $ret } # --- End of update_services_file --- # +# ====================================================================== +# Routine: sshd_strictmodes +# MODIFIES: strictmodes +# ====================================================================== +sshd_strictmodes() { + if [ "${sshd_config_configured}" != "yes" ] + then + echo + csih_inform "StrictModes is set to 'yes' by default." + csih_inform "This is the recommended setting, but it requires that the POSIX" + csih_inform "permissions of the user's home directory, the user's .ssh" + csih_inform "directory, and the user's ssh key files are tight so that" + csih_inform "only the user has write permissions." + csih_inform "On the other hand, StrictModes don't work well with default" + csih_inform "Windows permissions of a home directory mounted with the" + csih_inform "'noacl' option, and they don't work at all if the home" + csih_inform "directory is on a FAT or FAT32 partition." + if ! csih_request "Should StrictModes be used?" + then + strictmodes=no + fi + fi + return 0 +} + # ====================================================================== # Routine: sshd_privsep -# MODIFIES: privsep_configured privsep_used +# MODIFIES: privsep_used # ====================================================================== sshd_privsep() { - local sshdconfig_tmp local ret=0 - if [ "${privsep_configured}" != "yes" ] + if [ "${sshd_config_configured}" != "yes" ] then - csih_inform "Privilege separation is set to yes by default since OpenSSH 3.3." - csih_inform "However, this requires a non-privileged account called 'sshd'." + echo + csih_inform "Privilege separation is set to 'sandbox' by default since" + csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" + csih_inform "to 'yes' or 'no'." + csih_inform "However, using privilege separation requires a non-privileged account" + csih_inform "called 'sshd'." csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." if csih_request "Should privilege separation be used?" then @@ -207,36 +169,53 @@ sshd_privsep() { privsep_used=no fi fi + return $ret +} # --- End of sshd_privsep --- # - # Create default sshd_config from skeleton files in /etc/defaults/etc or - # modify to add the missing privsep configuration option - if /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 +# ====================================================================== +# Routine: sshd_config_tweak +# ====================================================================== +sshd_config_tweak() { + local ret=0 + + # Modify sshd_config + csih_inform "Updating ${SYSCONFDIR}/sshd_config file" + if [ "${port_number}" -ne 22 ] then - csih_inform "Updating ${SYSCONFDIR}/sshd_config file" - sshdconfig_tmp=${SYSCONFDIR}/sshd_config.$$ - /usr/bin/sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ - s/^#Port 22/Port ${port_number}/ - s/^#StrictModes yes/StrictModes no/" \ - < ${SYSCONFDIR}/sshd_config \ - > "${sshdconfig_tmp}" - if ! /usr/bin/mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config + /usr/bin/sed -i -e "s/^#\?[[:space:]]*Port[[:space:]].*/Port ${port_number}/" \ + ${SYSCONFDIR}/sshd_config + if [ $? -ne 0 ] then - csih_warning "Setting privilege separation to 'yes' failed!" - csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" - let ++ret + csih_warning "Setting listening port to ${port_number} failed!" + csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" + let ++ret fi - elif [ "${privsep_configured}" != "yes" ] + fi + if [ "${strictmodes}" = "no" ] then - echo >> ${SYSCONFDIR}/sshd_config - if ! echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config + /usr/bin/sed -i -e "s/^#\?[[:space:]]*StrictModes[[:space:]].*/StrictModes no/" \ + ${SYSCONFDIR}/sshd_config + if [ $? -ne 0 ] then - csih_warning "Setting privilege separation to 'yes' failed!" - csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" - let ++ret + csih_warning "Setting StrictModes to 'no' failed!" + csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" + let ++ret + fi + fi + if [ "${sshd_config_configured}" != "yes" ] + then + /usr/bin/sed -i -e " + s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ + ${SYSCONFDIR}/sshd_config + if [ $? -ne 0 ] + then + csih_warning "Setting privilege separation failed!" + csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" + let ++ret fi fi return $ret -} # --- End of sshd_privsep --- # +} # --- End of sshd_config_tweak --- # # ====================================================================== # Routine: update_inetd_conf @@ -255,11 +234,11 @@ update_inetd_conf() { # we have inetutils-1.5 inetd.d support if [ -f "${_inetcnf}" ] then - /usr/bin/grep -q '^[ \t]*ssh' "${_inetcnf}" && _with_comment=0 + /usr/bin/grep -q '^[[:space:]]*ssh' "${_inetcnf}" && _with_comment=0 # check for sshd OR ssh in top-level inetd.conf file, and remove # will be replaced by a file in inetd.d/ - if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ] + if [ $(/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?) -eq 0 ] then /usr/bin/grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}" if [ -f "${_inetcnf_tmp}" ] @@ -284,9 +263,9 @@ update_inetd_conf() { then if [ "${_with_comment}" -eq 0 ] then - /usr/bin/sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" + /usr/bin/sed -e 's/@COMMENT@[[:space:]]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" else - /usr/bin/sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" + /usr/bin/sed -e 's/@COMMENT@[[:space:]]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}" fi if /usr/bin/mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}" then @@ -299,13 +278,13 @@ update_inetd_conf() { elif [ -f "${_inetcnf}" ] then - /usr/bin/grep -q '^[ \t]*sshd' "${_inetcnf}" && _with_comment=0 + /usr/bin/grep -q '^[[:space:]]*sshd' "${_inetcnf}" && _with_comment=0 # check for sshd in top-level inetd.conf file, and remove # will be replaced by a file in inetd.d/ - if [ `/usr/bin/grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] + if [ `/usr/bin/grep -q '^#\?[[:space:]]*sshd' "${_inetcnf}"; echo $?` -eq 0 ] then - /usr/bin/grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" + /usr/bin/grep -v '^#\?[[:space:]]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}" if [ -f "${_inetcnf_tmp}" ] then if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}" @@ -353,24 +332,31 @@ check_service_files_ownership() { if [ -z "${run_service_as}" ] then - accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | /usr/bin/sed -ne 's/^Account *: *//gp') + accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | + /usr/bin/sed -ne 's/^Account *: *//gp') if [ "${accnt_name}" = "LocalSystem" ] then # Convert "LocalSystem" to "SYSTEM" as is the correct account name - accnt_name="SYSTEM:" - elif [[ "${accnt_name}" =~ ^\.\\ ]] - then - # Convert "." domain to local machine name - accnt_name="U-${COMPUTERNAME}${accnt_name#.}," + run_service_as="SYSTEM" + else + dom="${accnt_name%%\\*}" + accnt_name="${accnt_name#*\\}" + if [ "${dom}" = '.' ] + then + # Check local account + run_service_as=$(/usr/bin/mkpasswd -l -u "${accnt_name}" | + /usr/bin/awk -F: '{print $1;}') + else + # Check domain + run_service_as=$(/usr/bin/mkpasswd -d "${dom}" -u "${accnt_name}" | + /usr/bin/awk -F: '{print $1;}') + fi fi - run_service_as=$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr/bin/awk -F: '{print $1;}') if [ -z "${run_service_as}" ] then - csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!" + csih_warning "Couldn't determine name of user running sshd service from account database!" csih_warning "As a result, this script cannot make sure that the files used" csih_warning "by the sshd service belong to the user running the service." - csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd" - csih_warning "file is in a good shape." return 1 fi fi @@ -423,7 +409,7 @@ install_service() { local ret=0 echo - if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1 + if /usr/bin/cygrunsrv -Q ${service_name} >/dev/null 2>&1 then csih_inform "Sshd service is already installed." check_service_files_ownership "" || let ret+=$? @@ -479,7 +465,7 @@ install_service() { fi if [ -z "${password}" ] then - if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \ + if /usr/bin/cygrunsrv -I ${service_name} -d "CYGWIN ${service_name}" -p /usr/sbin/sshd \ -a "-D" -y tcpip "${cygwin_env[@]}" then echo @@ -489,19 +475,20 @@ install_service() { csih_inform "will start automatically after the next reboot." fi else - if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \ + if /usr/bin/cygrunsrv -I ${service_name} -d "CYGWIN ${service_name}" -p /usr/sbin/sshd \ -a "-D" -y tcpip "${cygwin_env[@]}" \ -u "${run_service_as}" -w "${password}" then + /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight echo csih_inform "The sshd service has been installed under the '${run_service_as}'" - csih_inform "account. To start the service now, call \`net start sshd' or" - csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically" + csih_inform "account. To start the service now, call \`net start ${service_name}' or" + csih_inform "\`cygrunsrv -S ${service_name}'. Otherwise, it will start automatically" csih_inform "after the next reboot." fi fi - if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1 + if /usr/bin/cygrunsrv -Q ${service_name} >/dev/null 2>&1 then check_service_files_ownership "${run_service_as}" || let ret+=$? else @@ -575,6 +562,11 @@ do shift ;; + -N | --name ) + service_name=$1 + shift + ;; + -p | --port ) port_number=$1 shift @@ -604,10 +596,11 @@ do echo " --yes -y Answer all questions with \"yes\" automatically." echo " --no -n Answer all questions with \"no\" automatically." echo " --cygwin -c Use \"options\" as value for CYGWIN environment var." + echo " --name -N sshd windows service name." echo " --port -p sshd listens on port n." - echo " --user -u privileged user for service." + echo " --user -u privileged user for service, default 'cyg_server'." echo " --pwd -w Use \"pwd\" as password for privileged user." - echo " --privileged On Windows NT/2k/XP, require privileged user" + echo " --privileged On Windows XP, require privileged user" echo " instead of LocalSystem for sshd service." echo exit 1 @@ -637,10 +630,7 @@ then csih_warning "However, it seems your account does not have these privileges." csih_warning "Here's the list of groups in your user token:" echo - for i in $(/usr/bin/id -G) - do - /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \" \" \$1; }" /etc/group - done + /usr/bin/id -Gnz | xargs -0n1 echo " " echo csih_warning "This usually means you're running this script from a non-admin" csih_warning "desktop session, or in a non-elevated shell under UAC control." @@ -662,32 +652,6 @@ echo warning_cnt=0 -# Check for ${SYSCONFDIR} directory -csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files." -if ! /usr/bin/chmod 775 "${SYSCONFDIR}" >/dev/null 2>&1 -then - csih_warning "Can't set permissions on ${SYSCONFDIR}!" - let ++warning_cnt -fi -if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1 -then - csih_warning "Can't set extended permissions on ${SYSCONFDIR}!" - let ++warning_cnt -fi - -# Check for /var/log directory -csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory." -if ! /usr/bin/chmod 775 "${LOCALSTATEDIR}/log" >/dev/null 2>&1 -then - csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!" - let ++warning_cnt -fi -if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1 -then - csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!" - let ++warning_cnt -fi - # Create /var/log/lastlog if not already exists if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] then @@ -712,14 +676,10 @@ then csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!" let ++warning_cnt fi -if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1 -then - csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!" - let ++warning_cnt -fi -# host keys -create_host_keys || let warning_cnt+=$? +# generate missing host keys +csih_inform "Generating missing SSH host keys" +/usr/bin/ssh-keygen -A || let warning_cnt+=$? # handle ssh_config csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt @@ -737,10 +697,11 @@ fi csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 then - /usr/bin/grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes + sshd_config_configured=yes fi +sshd_strictmodes || let warning_cnt+=$? sshd_privsep || let warning_cnt+=$? - +sshd_config_tweak || let warning_cnt+=$? update_services_file || let warning_cnt+=$? update_inetd_conf || let warning_cnt+=$? install_service || let warning_cnt+=$? diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 027ae60..33dc0cb 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config @@ -1,6 +1,6 @@ #!/bin/bash # -# ssh-user-config, Copyright 2000-2008 Red Hat Inc. +# ssh-user-config, Copyright 2000-2014 Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. # @@ -75,19 +75,18 @@ readonly -f create_identity # pwdhome # ====================================================================== check_user_homedir() { - local uid=$(id -u) - pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd) + pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }') if [ "X${pwdhome}" = "X" ] then csih_error_multi \ - "There is no home directory set for you in ${SYSCONFDIR}/passwd." \ + "There is no home directory set for you in the account database." \ 'Setting $HOME is not sufficient!' fi if [ ! -d "${pwdhome}" ] then csih_error_multi \ - "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \ + "${pwdhome} is set in the account database as your home directory" \ 'but it is not a valid directory. Cannot create user identity files.' fi @@ -96,7 +95,7 @@ check_user_homedir() { if [ "X${pwdhome}" = "X/" ] then # But first raise a warning! - csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" + csih_warning "Your home directory in the account database is set to root (/). This is not recommended!" if csih_request "Would you like to proceed anyway?" then pwdhome='' @@ -106,7 +105,7 @@ check_user_homedir() { fi fi - if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] + if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] then echo csih_warning 'group and other have been revoked write permission to your home' @@ -149,9 +148,10 @@ readonly -f check_user_dot_ssh_dir # pwdhome -- check_user_homedir() # ====================================================================== fix_authorized_keys_perms() { - if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ] + if [ -e "${pwdhome}/.ssh/authorized_keys" ] then - if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" + setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null || echo -n + if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys" then csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" csih_warning "failed. Please care for the correct permissions. The minimum requirement" @@ -222,10 +222,6 @@ do shift ;; - --privileged ) - csih_FORCE_PRIVILEGED_USER=yes - ;; - *) echo "usage: ${PROGNAME} [OPTION]..." echo @@ -236,8 +232,6 @@ do echo " --yes -y Answer all questions with \"yes\" automatically." echo " --no -n Answer all questions with \"no\" automatically." echo " --passphrase -p word Use \"word\" as passphrase automatically." - echo " --privileged On Windows NT/2k/XP, assume privileged user" - echo " instead of LocalSystem for sshd service." echo exit 1 ;; @@ -249,15 +243,6 @@ done # Action! # ====================================================================== -# Check passwd file -if [ ! -f ${SYSCONFDIR}/passwd ] -then - csih_error_multi \ - "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \ - 'first using mkpasswd. Check if it contains an entry for you and' \ - 'please care for the home directory in your entry as well.' -fi - check_user_homedir check_user_dot_ssh_dir create_identity id_rsa rsa "SSH2 RSA" diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index be6de08..fd8678f 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 5.9p1 +%define ver 7.3p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID @@ -86,10 +86,10 @@ PreReq: initscripts >= 5.00 %else Requires: initscripts >= 5.20 %endif -BuildRequires: perl, openssl-devel, tcp_wrappers +BuildRequires: perl, openssl-devel BuildRequires: /bin/login %if ! %{build6x} -BuildPreReq: glibc-devel, pam +BuildRequires: glibc-devel, pam %else BuildRequires: /usr/include/security/pam_appl.h %endif @@ -184,7 +184,7 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS %endif %if %{kerberos5} -K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'` +K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'` echo K5DIR=$K5DIR %endif @@ -192,8 +192,6 @@ echo K5DIR=$K5DIR --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/openssh \ --datadir=%{_datadir}/openssh \ - --with-tcp-wrappers \ - --with-rsh=%{_bindir}/rsh \ --with-default-path=/usr/local/bin:/bin:/usr/bin \ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ --with-privsep-path=%{_var}/empty/sshd \ @@ -335,7 +333,7 @@ fi %files %defattr(-,root,root) -%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING* +%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO %attr(0755,root,root) %{_bindir}/scp %attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0755,root,root) %dir %{_sysconfdir}/ssh @@ -360,8 +358,6 @@ fi %attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0644,root,root) %{_mandir}/man5/ssh_config.5* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config -%attr(-,root,root) %{_bindir}/slogin -%attr(-,root,root) %{_mandir}/man1/slogin.1* %if ! %{rescue} %attr(2755,root,nobody) %{_bindir}/ssh-agent %attr(0755,root,root) %{_bindir}/ssh-add diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index e9a7517..40c8dfd 100644 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init @@ -29,7 +29,7 @@ do_restart_sanity_check() { $SSHD -t RETVAL=$? - if [ ! "$RETVAL" = 0 ]; then + if [ $RETVAL -ne 0 ]; then failure $"Configuration file or keys are invalid" echo fi @@ -49,7 +49,7 @@ start() echo -n $"Starting $prog:" $SSHD $OPTIONS && success || failure RETVAL=$? - [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd echo } @@ -58,7 +58,7 @@ stop() echo -n $"Stopping $prog:" killproc $SSHD -TERM RETVAL=$? - [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd echo } @@ -87,7 +87,7 @@ case "$1" in condrestart) if [ -f /var/lock/subsys/sshd ] ; then do_restart_sanity_check - if [ "$RETVAL" = 0 ] ; then + if [ $RETVAL -eq 0 ] ; then stop # avoid race sleep 3 diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 9451ace..bef5c95 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -1,54 +1,317 @@ #!/bin/sh -# Shell script to install your public key on a remote machine -# Takes the remote machine name as an argument. -# Obviously, the remote machine must accept password authentication, -# or one of the other keys in your ssh-agent, for this to work. +# Copyright (c) 1999-2013 Philip Hands +# 2013 Martin Kletzander +# 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= +# 2010 Eric Moret +# 2009 Xr +# 2007 Justin Pryzby +# 2004 Reini Urban +# 2003 Colin Watson +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -ID_FILE="${HOME}/.ssh/id_rsa.pub" +# Shell script to install your public key(s) on a remote machine +# See the ssh-copy-id(1) man page for details -if [ "-i" = "$1" ]; then - shift - # check if we have 2 parameters left, if so the first is the new ID file - if [ -n "$2" ]; then - if expr "$1" : ".*\.pub" > /dev/null ; then - ID_FILE="$1" - else - ID_FILE="$1.pub" +# check that we have something mildly sane as our shell, or try to find something better +if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0" +then + SANE_SH=${SANE_SH:-/usr/bin/ksh} + if printf 'true ^ false\n' | "$SANE_SH" + then + printf "'%s' seems viable.\n" "$SANE_SH" + exec "$SANE_SH" "$0" "$@" + else + cat <<-EOF + oh dear. + + If you have a more recent shell available, that supports \$(...) etc. + please try setting the environment variable SANE_SH to the path of that + shell, and then retry running this script. If that works, please report + a bug describing your setup, and the shell you used to make it work. + + EOF + printf "%s: ERROR: Less dimwitted shell required.\n" "$0" + exit 1 + fi +fi + +DEFAULT_PUB_ID_FILE="$HOME/$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)" + +usage () { + printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o ] ...] [user@]hostname\n' "$0" >&2 + printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2 + printf '\t-n: dry run -- no keys are actually copied\n' >&2 + printf '\t-h|-?: print this help\n' >&2 + exit 1 +} + +# escape any single quotes in an argument +quote() { + printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g" +} + +use_id_file() { + local L_ID_FILE="$1" + + if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then + PUB_ID_FILE="$L_ID_FILE" + else + PUB_ID_FILE="$L_ID_FILE.pub" + fi + + [ "$FORCED" ] || PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub) + + # check that the files are readable + for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do + ErrMSG=$( { : < "$f" ; } 2>&1 ) || { + local L_PRIVMSG="" + [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)" + printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')" + exit 1 + } + done + printf '%s: INFO: Source of key(s) to be installed: "%s"\n' "$0" "$PUB_ID_FILE" >&2 + GET_ID="cat \"$PUB_ID_FILE\"" +} + +if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then + GET_ID="ssh-add -L" +fi + +while test "$#" -gt 0 +do + [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && { + printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0" + usage + } + + OPT= OPTARG= + # implement something like getopt to avoid Solaris pain + case "$1" in + -i?*|-o?*|-p?*) + OPT="$(printf -- "$1"|cut -c1-2)" + OPTARG="$(printf -- "$1"|cut -c3-)" + shift + ;; + -o|-p) + OPT="$1" + OPTARG="$2" + shift 2 + ;; + -i) + OPT="$1" + test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || { + OPTARG="$2" + shift + } + shift + ;; + -f|-n|-h|-\?) + OPT="$1" + OPTARG= + shift + ;; + --) + shift + while test "$#" -gt 0 + do + SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'" + shift + done + break + ;; + -*) + printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1" + usage + ;; + *) + SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'" + shift + continue + ;; + esac + + case "$OPT" in + -i) + SEEN_OPT_I="yes" + use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}" + ;; + -o|-p) + SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'" + ;; + -f) + FORCED=1 + ;; + -n) + DRY_RUN=1 + ;; + -h|-\?) + usage + ;; + esac +done + +eval set -- "$SAVEARGS" + +if [ $# = 0 ] ; then + usage +fi +if [ $# != 1 ] ; then + printf '%s: ERROR: Too many arguments. Expecting a target hostname, got: %s\n\n' "$0" "$SAVEARGS" >&2 + usage +fi + +# drop trailing colon +USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//') +# tack the hostname onto SSH_OPTS +SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'" +# and populate "$@" for later use (only way to get proper quoting of options) +eval set -- "$SSH_OPTS" + +if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then + use_id_file "$PUB_ID_FILE" +fi + +if [ -z "$(eval $GET_ID)" ] ; then + printf '%s: ERROR: No identities found\n' "$0" >&2 + exit 1 +fi + +# populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...) +# and has the side effect of setting $NEW_IDS +populate_new_ids() { + local L_SUCCESS="$1" + + if [ "$FORCED" ] ; then + NEW_IDS=$(eval $GET_ID) + return + fi + + # repopulate "$@" inside this function + eval set -- "$SSH_OPTS" + + umask 0177 + local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) + if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then + printf '%s: ERROR: mktemp failed\n' "$0" >&2 + exit 1 + fi + local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\"" + trap "$L_CLEANUP" EXIT TERM INT QUIT + printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 + NEW_IDS=$( + eval $GET_ID | { + while read ID || [ "$ID" ] ; do + printf '%s\n' "$ID" > "$L_TMP_ID_FILE" + + # the next line assumes $PRIV_ID_FILE only set if using a single id file - this + # assumption will break if we implement the possibility of multiple -i options. + # The point being that if file based, ssh needs the private key, which it cannot + # find if only given the contents of the .pub file in an unrelated tmpfile + ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \ + -o ControlPath=none \ + -o LogLevel=INFO \ + -o PreferredAuthentications=publickey \ + -o IdentitiesOnly=yes "$@" exit 2>"$L_TMP_ID_FILE.stderr" "$L_TMP_ID_FILE" + else + grep 'Permission denied' "$L_TMP_ID_FILE.stderr" >/dev/null || { + sed -e 's/^/ERROR: /' <"$L_TMP_ID_FILE.stderr" >"$L_TMP_ID_FILE" + cat >/dev/null #consume the other keys, causing loop to end + } + fi + + cat "$L_TMP_ID_FILE" + done + } + ) + eval "$L_CLEANUP" && trap - EXIT TERM INT QUIT + + if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then + printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2 + exit 1 + fi + if [ -z "$NEW_IDS" ] ; then + printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2 + printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2 + exit 0 + fi + printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2 +} + +REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 | + sed -ne 's/.*remote software version //p') + +case "$REMOTE_VERSION" in + NetScreen*) + populate_new_ids 1 + for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do + KEY_NO=$(($KEY_NO + 1)) + printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || { + printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2 + continue + } + [ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | ssh -T "$@" >/dev/null 2>&1 + if [ $? = 255 ] ; then + printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2 + else + ADDED=$(($ADDED + 1)) + fi + done + if [ -z "$ADDED" ] ; then + exit 1 fi - shift # and this should leave $1 as the target name - fi + ;; + *) + # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect + populate_new_ids 0 + # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX; 'cd' to be at $HOME; and all on one line, because tcsh. + [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \ + ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \ + || exit 1 + ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l) + ;; +esac + +if [ "$DRY_RUN" ] ; then + cat <<-EOF + =-=-=-=-=-=-=-= + Would have added the following key(s): + + $NEW_IDS + =-=-=-=-=-=-=-= + EOF else - if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then - GET_ID="$GET_ID ssh-add -L" - fi + cat <<-EOF + + Number of key(s) added: $ADDED + + Now try logging into the machine, with: "ssh $SSH_OPTS" + and check to make sure that only the key(s) you wanted were added. + + EOF fi -if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then - GET_ID="cat \"${ID_FILE}\"" -fi - -if [ -z "`eval $GET_ID`" ]; then - echo "$0: ERROR: No identities found" >&2 - exit 1 -fi - -if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then - echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2 - exit 1 -fi - -# strip any trailing colon -host=`echo $1 | sed 's/:$//'` - -{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 - -cat < +Copyright (c) 1999-2013 hands.com Ltd. -Permission is granted to make and distribute verbatim copies of -this manual provided the copyright notice and this permission notice -are preserved on all copies. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. -Permission is granted to copy and distribute modified versions of this -manual under the conditions for verbatim copying, provided that the -entire resulting derived work is distributed under the terms of a -permission notice identical to this one. - -Permission is granted to copy and distribute translations of this -manual into another language, under the above conditions for modified -versions, except that this permission notice may be included in -translations approved by the Free Software Foundation instead of in -the original English. +THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .. -.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH" -.SH NAME -ssh-copy-id \- install your public key in a remote machine's authorized_keys -.SH SYNOPSIS -.B ssh-copy-id [-i [identity_file]] -.I "[user@]machine" +.Dd $Mdocdate: June 17 2010 $ +.Dt SSH-COPY-ID 1 +.Os +.Sh NAME +.Nm ssh-copy-id +.Nd use locally available keys to authorise logins on a remote machine +.Sh SYNOPSIS +.Nm +.Op Fl f +.Op Fl n +.Op Fl i Op Ar identity_file +.Op Fl p Ar port +.Op Fl o Ar ssh_option +.Op Ar user Ns @ Ns +.Ar hostname +.Nm +.Fl h | Fl ? .br -.SH DESCRIPTION -.BR ssh-copy-id -is a script that uses ssh to log into a remote machine and -append the indicated identity file to that machine's -.B ~/.ssh/authorized_keys -file. -.PP -If the -.B -i -option is given then the identity file (defaults to -.BR ~/.ssh/id_rsa.pub ) -is used, regardless of whether there are any keys in your -.BR ssh-agent . -Otherwise, if this: -.PP -.B " ssh-add -L" -.PP -provides any output, it uses that in preference to the identity file. -.PP -If the -.B -i -option is used, or the -.B ssh-add -produced no output, then it uses the contents of the identity -file. Once it has one or more fingerprints (by whatever means) it -uses ssh to append them to -.B ~/.ssh/authorized_keys -on the remote machine (creating the file, and directory, if necessary.) - -.SH NOTES -This program does not modify the permissions of any -pre-existing files or directories. Therefore, if the remote -.B sshd -has -.B StrictModes -set in its -configuration, then the user's home, -.B ~/.ssh -folder, and -.B ~/.ssh/authorized_keys -file may need to have group writability disabled manually, e.g. via - -.B " chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys" - -on the remote machine. - -.SH "SEE ALSO" -.BR ssh (1), -.BR ssh-agent (1), -.BR sshd (8) +.Sh DESCRIPTION +.Nm +is a script that uses +.Xr ssh 1 +to log into a remote machine (presumably using a login password, +so password authentication should be enabled, unless you've done some +clever use of multiple identities). It assembles a list of one or more +fingerprints (as described below) and tries to log in with each key, to +see if any of them are already installed (of course, if you are not using +.Xr ssh-agent 1 +this may result in you being repeatedly prompted for pass-phrases). +It then assembles a list of those that failed to log in, and using ssh, +enables logins with those keys on the remote server. By default it adds +the keys by appending them to the remote user's +.Pa ~/.ssh/authorized_keys +(creating the file, and directory, if necessary). It is also capable +of detecting if the remote system is a NetScreen, and using its +.Ql set ssh pka-dsa key ... +command instead. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl i Ar identity_file +Use only the key(s) contained in +.Ar identity_file +(rather than looking for identities via +.Xr ssh-add 1 +or in the +.Ic default_ID_file ) . +If the filename does not end in +.Pa .pub +this is added. If the filename is omitted, the +.Ic default_ID_file +is used. +.Pp +Note that this can be used to ensure that the keys copied have the +comment one prefers and/or extra options applied, by ensuring that the +key file has these set as preferred before the copy is attempted. +.It Fl f +Forced mode: doesn't check if the keys are present on the remote server. +This means that it does not need the private key. Of course, this can result +in more than one copy of the key being installed on the remote system. +.It Fl n +do a dry-run. Instead of installing keys on the remote system simply +prints the key(s) that would have been installed. +.It Fl h , Fl ? +Print Usage summary +.It Fl p Ar port , Fl o Ar ssh_option +These two options are simply passed through untouched, along with their +argument, to allow one to set the port or other +.Xr ssh 1 +options, respectively. +.Pp +Rather than specifying these as command line options, it is often better to use (per-host) settings in +.Xr ssh 1 Ns 's +configuration file: +.Xr ssh_config 5 . +.El +.Pp +Default behaviour without +.Fl i , +is to check if +.Ql ssh-add -L +provides any output, and if so those keys are used. Note that this results in +the comment on the key being the filename that was given to +.Xr ssh-add 1 +when the key was loaded into your +.Xr ssh-agent 1 +rather than the comment contained in that file, which is a bit of a shame. +Otherwise, if +.Xr ssh-add 1 +provides no keys contents of the +.Ic default_ID_file +will be used. +.Pp +The +.Ic default_ID_file +is the most recent file that matches: +.Pa ~/.ssh/id*.pub , +(excluding those that match +.Pa ~/.ssh/*-cert.pub ) +so if you create a key that is not the one you want +.Nm +to use, just use +.Xr touch 1 +on your preferred key's +.Pa .pub +file to reinstate it as the most recent. +.Pp +.Sh EXAMPLES +If you have already installed keys from one system on a lot of remote +hosts, and you then create a new key, on a new client machine, say, +it can be difficult to keep track of which systems on which you've +installed the new key. One way of dealing with this is to load both +the new key and old key(s) into your +.Xr ssh-agent 1 . +Load the new key first, without the +.Fl c +option, then load one or more old keys into the agent, possibly by +ssh-ing to the client machine that has that old key, using the +.Fl A +option to allow agent forwarding: +.Pp +.D1 user@newclient$ ssh-add +.D1 user@newclient$ ssh -A old.client +.D1 user@oldl$ ssh-add -c +.D1 No ... prompt for pass-phrase ... +.D1 user@old$ logoff +.D1 user@newclient$ ssh someserver +.Pp +now, if the new key is installed on the server, you'll be allowed in +unprompted, whereas if you only have the old key(s) enabled, you'll be +asked for confirmation, which is your cue to log back out and run +.Pp +.D1 user@newclient$ ssh-copy-id -i someserver +.Pp +The reason you might want to specify the -i option in this case is to +ensure that the comment on the installed key is the one from the +.Pa .pub +file, rather than just the filename that was loaded into you agent. +It also ensures that only the id you intended is installed, rather than +all the keys that you have in your +.Xr ssh-agent 1 . +Of course, you can specify another id, or use the contents of the +.Xr ssh-agent 1 +as you prefer. +.Pp +Having mentioned +.Xr ssh-add 1 Ns 's +.Fl c +option, you might consider using this whenever using agent forwarding +to avoid your key being hijacked, but it is much better to instead use +.Xr ssh 1 Ns 's +.Ar ProxyCommand +and +.Fl W +option, +to bounce through remote servers while always doing direct end-to-end +authentication. This way the middle hop(s) don't get access to your +.Xr ssh-agent 1 . +A web search for +.Ql ssh proxycommand nc +should prove enlightening (N.B. the modern approach is to use the +.Fl W +option, rather than +.Xr nc 1 ) . +.Sh "SEE ALSO" +.Xr ssh 1 , +.Xr ssh-agent 1 , +.Xr sshd 8 diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 3a4dfea..d2b2728 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 5.9p1 +Version: 7.3p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz @@ -28,11 +28,9 @@ Provides: ssh # (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.) # building prerequisites -- stuff for # OpenSSL (openssl-devel), -# TCP Wrappers (tcpd-devel), # and Gnome (glibdev, gtkdev, and gnlibsd) # BuildPrereq: openssl -BuildPrereq: tcpd-devel BuildPrereq: zlib-devel #BuildPrereq: glibdev #BuildPrereq: gtkdev @@ -140,7 +138,6 @@ CFLAGS="$RPM_OPT_FLAGS" \ --mandir=%{_mandir} \ --with-privsep-path=/var/lib/empty \ --with-pam \ - --with-tcp-wrappers \ --libexecdir=%{_libdir}/ssh make @@ -205,7 +202,6 @@ rm -rf $RPM_BUILD_ROOT %attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0755,root,root) %{_bindir}/scp %attr(0755,root,root) %{_bindir}/ssh -%attr(-,root,root) %{_bindir}/slogin %attr(0755,root,root) %{_bindir}/ssh-agent %attr(0755,root,root) %{_bindir}/ssh-add %attr(0755,root,root) %{_bindir}/ssh-keyscan @@ -217,7 +213,6 @@ rm -rf $RPM_BUILD_ROOT %attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper %attr(0644,root,root) %doc %{_mandir}/man1/scp.1* %attr(0644,root,root) %doc %{_mandir}/man1/sftp.1* -%attr(-,root,root) %doc %{_mandir}/man1/slogin.1* %attr(0644,root,root) %doc %{_mandir}/man1/ssh.1* %attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1* %attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1* diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd index 4a3bc41..28f28e4 100644 --- a/contrib/suse/rc.sshd +++ b/contrib/suse/rc.sshd @@ -49,7 +49,7 @@ case "$1" in ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. - startproc -f -p $SSHD_PIDFILE /usr/sbin/sshd $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" + startproc -f -p $SSHD_PIDFILE $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" # Remember status and be verbose rc_status -v @@ -59,7 +59,7 @@ case "$1" in ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -p $SSHD_PIDFILE -TERM /usr/sbin/sshd + killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN # Remember status and be verbose rc_status -v @@ -87,7 +87,7 @@ case "$1" in echo -n "Reload service sshd" - killproc -p $SSHD_PIDFILE -HUP /usr/sbin/sshd + killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN rc_status -v @@ -103,7 +103,7 @@ case "$1" in # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running - checkproc -p $SSHD_PIDFILE /usr/sbin/sshd + checkproc -p $SSHD_PIDFILE $SSHD_BIN rc_status -v ;; diff --git a/contrib/win32/openssh/VSWithBuildTools.xml b/contrib/win32/openssh/VSWithBuildTools.xml new file mode 100644 index 0000000..279fedf --- /dev/null +++ b/contrib/win32/openssh/VSWithBuildTools.xml @@ -0,0 +1,84 @@ + + + + + + + diff --git a/contrib/win32/openssh/Win32-OpenSSH.sln b/contrib/win32/openssh/Win32-OpenSSH.sln index db9117a..95901a8 100644 --- a/contrib/win32/openssh/Win32-OpenSSH.sln +++ b/contrib/win32/openssh/Win32-OpenSSH.sln @@ -67,13 +67,6 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "config", "config.vcxproj", EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-lsa", "ssh-lsa.vcxproj", "{02FB3D98-6516-42C6-9762-98811A99960F}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win32compatUnittests", "win32compatUnittests.vcxproj", "{780CAFE4-4BC5-407B-B3A6-71C4114826A7}" - ProjectSection(ProjectDependencies) = postProject - {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} - {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} - {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "win32iocompat", "win32iocompat.vcxproj", "{0D02F0F0-013B-4EE3-906D-86517F3822C0}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssh-shellhost", "ssh-shellhost.vcxproj", "{C0AE8A30-E4FA-49CE-A2B5-0C072C77EC64}" @@ -104,6 +97,62 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "scp", "scp.vcxproj", "{29B9 {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} EndProjectSection EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-bitmap", "unittest-bitmap.vcxproj", "{D901596E-76C7-4608-9CFA-2B42A9FD7250}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-kex", "unittest-kex.vcxproj", "{8EC56B06-5A9A-4D6D-804D-037FE26FD43E}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-sshbuf", "unittest-sshbuf.vcxproj", "{CD9740CE-C96E-49B3-823F-012E09D17806}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-win32compat", "unittest-win32compat.vcxproj", "{BF295BA9-4BF8-43F8-8CBF-FAE84815466C}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-utf8", "unittest-utf8.vcxproj", "{114CAA59-46C0-4B87-BA86-C1946A68101D}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-hostkeys", "unittest-hostkeys.vcxproj", "{890C6129-286F-4CD8-8252-FB8D3B4E6E1B}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unittest-sshkey", "unittest-sshkey.vcxproj", "{FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}" + ProjectSection(ProjectDependencies) = postProject + {05E1115F-8529-46D0-AAAF-52A404CE79A7} = {05E1115F-8529-46D0-AAAF-52A404CE79A7} + {DD483F7D-C553-4740-BC1A-903805AD0174} = {DD483F7D-C553-4740-BC1A-903805AD0174} + {0D02F0F0-013B-4EE3-906D-86517F3822C0} = {0D02F0F0-013B-4EE3-906D-86517F3822C0} + {8660C2FE-9874-432D-B047-E042BB41DBE0} = {8660C2FE-9874-432D-B047-E042BB41DBE0} + EndProjectSection +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|x64 = Debug|x64 @@ -192,14 +241,6 @@ Global {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x64.Build.0 = Release|x64 {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x86.ActiveCfg = Release|Win32 {02FB3D98-6516-42C6-9762-98811A99960F}.Release|x86.Build.0 = Release|Win32 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Debug|x64.ActiveCfg = Debug|x64 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Debug|x64.Build.0 = Debug|x64 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Debug|x86.ActiveCfg = Debug|Win32 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Debug|x86.Build.0 = Debug|Win32 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Release|x64.ActiveCfg = Release|x64 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Release|x64.Build.0 = Release|x64 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Release|x86.ActiveCfg = Release|Win32 - {780CAFE4-4BC5-407B-B3A6-71C4114826A7}.Release|x86.Build.0 = Release|Win32 {0D02F0F0-013B-4EE3-906D-86517F3822C0}.Debug|x64.ActiveCfg = Debug|x64 {0D02F0F0-013B-4EE3-906D-86517F3822C0}.Debug|x64.Build.0 = Debug|x64 {0D02F0F0-013B-4EE3-906D-86517F3822C0}.Debug|x86.ActiveCfg = Debug|Win32 @@ -240,6 +281,62 @@ Global {29B98ADF-1285-49CE-BF6C-AA92C5D2FB24}.Release|x64.Build.0 = Release|x64 {29B98ADF-1285-49CE-BF6C-AA92C5D2FB24}.Release|x86.ActiveCfg = Release|Win32 {29B98ADF-1285-49CE-BF6C-AA92C5D2FB24}.Release|x86.Build.0 = Release|Win32 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Debug|x64.ActiveCfg = Debug|x64 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Debug|x64.Build.0 = Debug|x64 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Debug|x86.ActiveCfg = Debug|Win32 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Debug|x86.Build.0 = Debug|Win32 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Release|x64.ActiveCfg = Release|x64 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Release|x64.Build.0 = Release|x64 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Release|x86.ActiveCfg = Release|Win32 + {D901596E-76C7-4608-9CFA-2B42A9FD7250}.Release|x86.Build.0 = Release|Win32 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Debug|x64.ActiveCfg = Debug|x64 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Debug|x64.Build.0 = Debug|x64 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Debug|x86.ActiveCfg = Debug|Win32 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Debug|x86.Build.0 = Debug|Win32 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Release|x64.ActiveCfg = Release|x64 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Release|x64.Build.0 = Release|x64 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Release|x86.ActiveCfg = Release|Win32 + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E}.Release|x86.Build.0 = Release|Win32 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Debug|x64.ActiveCfg = Debug|x64 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Debug|x64.Build.0 = Debug|x64 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Debug|x86.ActiveCfg = Debug|Win32 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Debug|x86.Build.0 = Debug|Win32 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Release|x64.ActiveCfg = Release|x64 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Release|x64.Build.0 = Release|x64 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Release|x86.ActiveCfg = Release|Win32 + {CD9740CE-C96E-49B3-823F-012E09D17806}.Release|x86.Build.0 = Release|Win32 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Debug|x64.ActiveCfg = Debug|x64 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Debug|x64.Build.0 = Debug|x64 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Debug|x86.ActiveCfg = Debug|Win32 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Debug|x86.Build.0 = Debug|Win32 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Release|x64.ActiveCfg = Release|x64 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Release|x64.Build.0 = Release|x64 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Release|x86.ActiveCfg = Release|Win32 + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C}.Release|x86.Build.0 = Release|Win32 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Debug|x64.ActiveCfg = Debug|x64 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Debug|x64.Build.0 = Debug|x64 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Debug|x86.ActiveCfg = Debug|Win32 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Debug|x86.Build.0 = Debug|Win32 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Release|x64.ActiveCfg = Release|x64 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Release|x64.Build.0 = Release|x64 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Release|x86.ActiveCfg = Release|Win32 + {114CAA59-46C0-4B87-BA86-C1946A68101D}.Release|x86.Build.0 = Release|Win32 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Debug|x64.ActiveCfg = Debug|x64 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Debug|x64.Build.0 = Debug|x64 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Debug|x86.ActiveCfg = Debug|Win32 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Debug|x86.Build.0 = Debug|Win32 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Release|x64.ActiveCfg = Release|x64 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Release|x64.Build.0 = Release|x64 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Release|x86.ActiveCfg = Release|Win32 + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B}.Release|x86.Build.0 = Release|Win32 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Debug|x64.ActiveCfg = Debug|x64 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Debug|x64.Build.0 = Debug|x64 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Debug|x86.ActiveCfg = Debug|Win32 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Debug|x86.Build.0 = Debug|Win32 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Release|x64.ActiveCfg = Release|x64 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Release|x64.Build.0 = Release|x64 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Release|x86.ActiveCfg = Release|Win32 + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/contrib/win32/openssh/appveyor.psm1 b/contrib/win32/openssh/appveyor.psm1 new file mode 100644 index 0000000..a678fec --- /dev/null +++ b/contrib/win32/openssh/appveyor.psm1 @@ -0,0 +1,619 @@ +$ErrorActionPreference = 'Stop' +Import-Module $PSScriptRoot\build.psm1 +$repoRoot = Get-RepositoryRoot + +# Sets a build variable +Function Set-BuildVariable +{ + param( + [Parameter(Mandatory=$true)] + [string] + $Name, + + [Parameter(Mandatory=$true)] + [string] + $Value + ) + + if($env:AppVeyor) + { + Set-AppveyorBuildVariable @PSBoundParameters + } + else + { + Set-Item env:/$name -Value $Value + } +} + +# Emulates running all of AppVeyor but locally +# should not be used on AppVeyor +function Invoke-AppVeyorFull +{ + param( + [switch] $APPVEYOR_SCHEDULED_BUILD, + [switch] $CleanRepo + ) + if($CleanRepo) + { + Clear-PSRepo + } + + if($env:APPVEYOR) + { + throw "This function is to simulate appveyor, but not to be run from appveyor!" + } + + if($APPVEYOR_SCHEDULED_BUILD) + { + $env:APPVEYOR_SCHEDULED_BUILD = 'True' + } + try { + Invoke-AppVeyorBuild + Install-OpenSSH + Install-TestDependencies + & "$env:ProgramFiles\PowerShell\6.0.0.12\powershell.exe" -Command {Import-Module $($repoRoot.FullName)\contrib\win32\openssh\AppVeyor.psm1;Run-OpenSSHTests -uploadResults} + Run-OpenSSHTests + Publish-Artifact + } + finally { + if($APPVEYOR_SCHEDULED_BUILD -and $env:APPVEYOR_SCHEDULED_BUILD) + { + Remove-Item env:APPVEYOR_SCHEDULED_BUILD + } + } +} + +# Implements the AppVeyor 'build_script' step +function Invoke-AppVeyorBuild +{ + Start-SSHBuild -Configuration Release -NativeHostArch x64 -Verbose + Start-SSHBuild -Configuration Debug -NativeHostArch x64 -Verbose + Start-SSHBuild -Configuration Release -NativeHostArch x86 -Verbose + Start-SSHBuild -Configuration Debug -NativeHostArch x86 -Verbose +} + +<# + .Synopsis + This function invokes msiexec.exe to install PSCore on the AppVeyor build machine +#> +function Invoke-MSIEXEC +{ + [CmdletBinding()] + param( + [Parameter(Mandatory=$true)] + [string] $InstallFile + ) + + Write-Verbose "Installing $InstallFile..." + $arguments = @( + "/i" + "`"$InstallFile`"" + "/qn" + "/norestart" + ) + $process = Start-Process -FilePath msiexec.exe -ArgumentList $arguments -Wait -PassThru + if ($process.ExitCode -eq 0){ + Write-Output "$InstallFile has been successfully installed" + } + else { + Write-Output "installer exit code $($process.ExitCode) for file $($InstallFile)" + } + + return $process.ExitCode +} + +<# + .Synopsis + This function installs PSCore MSI on the AppVeyor build machine +#> +function Install-PSCoreFromGithub +{ + $downloadLocation = Download-PSCoreMSI + + Write-Output "Installing PSCore ..." + if(-not [string]::IsNullOrEmpty($downloadLocation)) + { + $processExitCode = Invoke-MSIEXEC -InstallFile $downloadLocation + Write-Output "Process exitcode: $processExitCode" + } +} + +<# + .Synopsis + Retuns MSI location for PSCore for Win10, Windows 8.1 and 2012 R2 +#> +function Get-PSCoreMSIDownloadURL +{ + $osversion = [String][Environment]::OSVersion.Version + Write-Host "osversion:$osversion" + if($osversion.StartsWith("6")) + { + if ($($env:PROCESSOR_ARCHITECTURE).Contains('64')) + { + return 'https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.12/PowerShell_6.0.0.12-alpha.12-win81-x64.msi' + } + else + { + return '' + } + } + elseif ($osversion.Contains("10.0")) + { + if ($($env:PROCESSOR_ARCHITECTURE).Contains('64')) + { + return 'https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.12/PowerShell_6.0.0.12-alpha.12-win10-x64.msi' + } + else + { + return '' + } + } +} + +<# + .Synopsis + This functions downloads MSI and returns the path where the file is downloaded. +#> +function Download-PSCoreMSI +{ + $url = Get-PSCoreMSIDownloadURL + if([string]::IsNullOrEmpty($url)) + { + Write-Output "url is empty" + return '' + } + $parsed = $url.Substring($url.LastIndexOf("/") + 1) + if(-not (Test-path "$env:SystemDrive\PScore" -PathType Container)) + { + New-Item -ItemType Directory -Force -Path "$env:SystemDrive\PScore" | out-null + } + $downloadLocation = "$env:SystemDrive\PScore\$parsed" + if(-not (Test-path $downloadLocation -PathType Leaf)) + { + Invoke-WebRequest -Uri $url -OutFile $downloadLocation -ErrorVariable v + } + + if ($v) + { + throw "Failed to download PSCore MSI package from $url" + } + else + { + return $downloadLocation + } +} + +<# + .SYNOPSIS + This function installs the tools required by our tests + 1) Pester for running the tests + 2) sysinternals required by the tests on windows. + #> +function Install-TestDependencies +{ + [CmdletBinding()] + param () + + $isModuleAvailable = Get-Module 'Pester' -ListAvailable + if (-not ($isModuleAvailable)) + { + Write-Output 'Installing Pester...' + choco install Pester -y --force + } + + if ( -not (Test-Path "$env:ProgramData\chocolatey\lib\sysinternals\tools" ) ) { + Write-Output "sysinternals not present. Installing sysinternals." + choco install sysinternals -y + } + Write-Output "Installing pscore..." + Install-PSCoreFromGithub +} +<# + .Synopsis + Deploy all required files to a location and install the binaries +#> +function Install-OpenSSH +{ + [CmdletBinding()] + param + ( + [string] $OpenSSHDir = "$env:SystemDrive\OpenSSH", + + [ValidateSet('Debug', 'Release')] + [string]$Configuration = "Debug", + + [ValidateSet('x86', 'x64', '')] + [string]$NativeHostArch = "" + ) + + Build-Win32OpenSSHPackage @PSBoundParameters + + Push-Location $OpenSSHDir + &( "$OpenSSHDir\install-sshd.ps1") + .\ssh-keygen.exe -A + Start-Service ssh-agent + &( "$OpenSSHDir\install-sshlsa.ps1") + + Set-Service sshd -StartupType Automatic + Set-Service ssh-agent -StartupType Automatic + Start-Service sshd + + Pop-Location +} + +<# + .Synopsis + uninstalled sshd and sshla +#> +function UnInstall-OpenSSH +{ + [CmdletBinding()] + param + ( + [string] $OpenSSHDir = "$env:SystemDrive\OpenSSH" + ) + + Push-Location $OpenSSHDir + + Stop-Service sshd + &( "$OpenSSHDir\uninstall-sshd.ps1") + &( "$OpenSSHDir\uninstall-sshlsa.ps1") + Pop-Location +} + +<# + .Synopsis + Deploy all required files to build a package and create zip file. +#> +function Build-Win32OpenSSHPackage +{ + [CmdletBinding()] + param + ( + [string] $OpenSSHDir = "$env:SystemDrive\OpenSSH", + + [ValidateSet('Debug', 'Release')] + [string]$Configuration = "Debug", + + [ValidateSet('x86', 'x64', '')] + [string]$NativeHostArch = "" + ) + + if (-not (Test-Path -Path $OpenSSHDir -PathType Container)) + { + New-Item -Path $OpenSSHDir -ItemType Directory -Force -ErrorAction Stop + } + + [string] $platform = $env:PROCESSOR_ARCHITECTURE + if(-not [String]::IsNullOrEmpty($NativeHostArch)) + { + $folderName = $NativeHostArch + if($NativeHostArch -eq 'x86') + { + $folderName = "Win32" + } + } + else + { + if($platform -ieq "AMD64") + { + $folderName = "x64" + } + else + { + $folderName = "Win32" + } + } + + [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot + $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "bin\$folderName\$Configuration" + Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.exe,*.dll -Exclude *unittest*.* -Force -ErrorAction Stop + $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "contrib\win32\openssh" + Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHDir -Include *.ps1,sshd_config -Exclude AnalyzeCodeDiff.ps1 -Force -ErrorAction Stop + + $packageName = "rktools.2003" + $rktoolsPath = "${env:ProgramFiles(x86)}\Windows Resource Kits\Tools\ntrights.exe" + if (-not (Test-Path -Path $rktoolsPath)) + { + Write-Information -MessageData "$packageName not present. Installing $packageName." + choco install $packageName -y --force + } + + Copy-Item -Path $rktoolsPath -Destination $OpenSSHDir -Force -ErrorAction Stop + + $packageFolder = $env:SystemDrive + if ($env:APPVEYOR_BUILD_FOLDER) + { + $packageFolder = $env:APPVEYOR_BUILD_FOLDER + } + + $package = "$packageFolder\Win32OpenSSH$Configuration$folderName.zip" + $allPackage = "$packageFolder\Win32OpenSSH*.zip" + if (Test-Path $allPackage) + { + Remove-Item -Path $allPackage -Force -ErrorAction SilentlyContinue + } + + Add-Type -assemblyname System.IO.Compression.FileSystem + [System.IO.Compression.ZipFile]::CreateFromDirectory($OpenSSHDir, $package) +} + +<# + .Synopsis + After build and test run completes, upload all artifacts from the build machine. +#> +function Deploy-OpenSSHTests +{ + [CmdletBinding()] + param + ( + [string] $OpenSSHTestDir = "$env:SystemDrive\OpenSSH", + + [ValidateSet('Debug', 'Release')] + [string]$Configuration = "Debug", + + [ValidateSet('x86', 'x64', '')] + [string]$NativeHostArch = "" + ) + + if (-not (Test-Path -Path $OpenSSHTestDir -PathType Container)) + { + New-Item -Path $OpenSSHTestDir -ItemType Directory -Force -ErrorAction Stop + } + + [string] $platform = $env:PROCESSOR_ARCHITECTURE + if(-not [String]::IsNullOrEmpty($NativeHostArch)) + { + $folderName = $NativeHostArch + if($NativeHostArch -eq 'x86') + { + $folderName = "Win32" + } + } + else + { + if($platform -ieq "AMD64") + { + $folderName = "x64" + } + else + { + $folderName = "Win32" + } + } + + + [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot + + $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "regress\pesterTests" + Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHTestDir -Include *.ps1,*.psm1 -Force -ErrorAction Stop + + $sourceDir = Join-Path $repositoryRoot.FullName -ChildPath "bin\$folderName\$Configuration" + Copy-Item -Path "$sourceDir\*" -Destination $OpenSSHTestDir -Exclude ssh-agent.exe, sshd.exe -Force -ErrorAction Stop + +} + + +<# + .Synopsis + Adds a build log to the list of published artifacts. + .Description + If a build log exists, it is renamed to reflect the associated CLR runtime then added to the list of + artifacts to publish. If it doesn't exist, a warning is written and the file is skipped. + The rename is needed since publishing overwrites the artifact if it already exists. + .Parameter artifacts + An array list to add the fully qualified build log path + .Parameter buildLog + The build log file produced by the build. +#> +function Add-BuildLog +{ + param + ( + [ValidateNotNull()] + [System.Collections.ArrayList] $artifacts, + + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $buildLog + ) + + if (Test-Path -Path $buildLog) + { + Write-Output "Adding $buildLog to local artifacts" + $null = $artifacts.Add($buildLog) + Write-Output "Adding $buildLog to local artifacts- completed" + } + else + { + Write-Warning "Skip publishing build log. $buildLog does not exist" + } +} + +<# + .Synopsis + Publishes package build artifacts. + .Parameter artifacts + An array list to add the fully qualified build log path + .Parameter packageFile + Path to the package +#> +function Add-Artifact +{ + param + ( + [ValidateNotNull()] + [System.Collections.ArrayList] $artifacts, + [string] $FileToAdd = "$env:SystemDrive\Win32OpenSSH*.zip" + ) + + $files = Get-ChildItem -Path $FileToAdd -ErrorAction Ignore + if ($files -ne $null) + { + + $files | % { + Write-Output "Adding $($_.FullName) to local artifacts" + $null = $artifacts.Add($_.FullName) + Write-Output "Adding $($_.FullName) to local artifacts- completed" + } + + } + else + { + Write-Warning "Skip publishing package artifacts. $FileToAdd does not exist" + } +} + +<# + .Synopsis + After build and test run completes, upload all artifacts from the build machine. +#> +function Publish-Artifact +{ + Write-Output "Publishing project artifacts" + [System.Collections.ArrayList] $artifacts = [System.Collections.ArrayList]::new() + + $packageFolder = $env:SystemDrive + if ($env:APPVEYOR_BUILD_FOLDER) + { + $packageFolder = $env:APPVEYOR_BUILD_FOLDER + } + + Add-Artifact -artifacts $artifacts -FileToAdd "$packageFolder\Win32OpenSSH*.zip" + Add-Artifact -artifacts $artifacts -FileToAdd "$packageFolder\OpenSSH\UnitTestResults.txt" + + # Get the build.log file for each build configuration + #Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName -Configuration Release -NativeHostArch x86) + #Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName -Configuration Debug -NativeHostArch x86) + #Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName -Configuration Release -NativeHostArch x64) + Add-BuildLog -artifacts $artifacts -buildLog (Get-BuildLogFile -root $repoRoot.FullName -Configuration Debug -NativeHostArch x64) + + foreach ($artifact in $artifacts) + { + Write-Output "Publishing $artifact as Appveyor artifact" + # NOTE: attempt to publish subsequent artifacts even if the current one fails + Push-AppveyorArtifact $artifact -ErrorAction "Continue" + } +} + +<# + .Synopsis + Run OpenSSH pester tests. +#> +function Run-OpenSSHPesterTest +{ + param($testRoot, $outputXml) + + # Discover all CI tests and run them. + Push-Location $testRoot + Write-Output "Running OpenSSH Pester tests..." + $testFolders = Get-ChildItem *.tests.ps1 -Recurse | ForEach-Object{ Split-Path $_.FullName} | Sort-Object -Unique + + Invoke-Pester $testFolders -OutputFormat NUnitXml -OutputFile $outputXml -Tag 'CI' + Pop-Location +} + +<# + .Synopsis + Run unit tests. +#> +function Run-OpenSSHUnitTest +{ + param($testRoot, $unitTestOutputFile) + + # Discover all CI tests and run them. + Push-Location $testRoot + Write-Output "Running OpenSSH unit tests..." + if (Test-Path $unitTestOutputFile) + { + Remove-Item -Path $unitTestOutputFile -Force -ErrorAction SilentlyContinue + } + + $unitTestFiles = Get-ChildItem -Path "$testRoot\unittest*.exe" + $testFailed = $false + if ($unitTestFiles -ne $null) + { + $unitTestFiles | % { + Write-Output "Running OpenSSH unit $($_.FullName)..." + & $_.FullName >> $unitTestOutputFile + $errorCode = $LASTEXITCODE + if ($errorCode -ne 0) + { + $testFailed = $true + Write-Output "$($_.FullName) test failed for OpenSSH.`nExitCode: $error" + } + } + + if($testFailed) + { + throw "SSH unit tests failed" + } + } + + Pop-Location +} + +<# + .Synopsis + Runs the tests for this repo + + .Parameter testResultsFile + The name of the xml file to write pester results. + The default value is '.\testResults.xml' + + .Parameter uploadResults + Uploads the tests results. + + .Example + .\RunTests.ps1 + Runs the tests and creates the default 'testResults.xml' + + .Example + .\RunTests.ps1 -uploadResults + Runs the tests and creates teh default 'testResults.xml' and uploads it to appveyor. + + #> +function Run-OpenSSHTests +{ + [CmdletBinding()] + param + ( + [string] $testResultsFile = "$env:SystemDrive\OpenSSH\TestResults.xml", + [string] $unitTestResultsFile = "$env:SystemDrive\OpenSSH\UnitTestResults.txt", + [string] $testInstallFolder = "$env:SystemDrive\OpenSSH" + ) + + Deploy-OpenSSHTests -OpenSSHTestDir $testInstallFolder + + # Run all pester tests. + Run-OpenSSHPesterTest -testRoot $testInstallFolder -outputXml $testResultsFile + + $xml = [xml](Get-Content -raw $testResultsFile) + if ([int]$xml.'test-results'.failures -gt 0) + { + throw "$($xml.'test-results'.failures) tests in regress\pesterTests failed" + } + + # Writing out warning when the $Error.Count is non-zero. Tests Should clean $Error after success. + if ($Error.Count -gt 0) + { + $Error| Out-File "$env:SystemDrive\OpenSSH\TestError.txt" -Append + } + + Run-OpenSSHUnitTest -testRoot $testInstallFolder -unitTestOutputFile $unitTestResultsFile +} + +function Upload-OpenSSHTestResults +{ + [CmdletBinding()] + param + ( + [string] $testResultsFile = "$env:SystemDrive\OpenSSH\TestResults.xml" + ) + + if ($env:APPVEYOR_JOB_ID) + { + (New-Object 'System.Net.WebClient').UploadFile("https://ci.appveyor.com/api/testresults/nunit/$($env:APPVEYOR_JOB_ID)", (Resolve-Path $testResultsFile)) + } + +} diff --git a/contrib/win32/openssh/build.psm1 b/contrib/win32/openssh/build.psm1 new file mode 100644 index 0000000..0eeff8f --- /dev/null +++ b/contrib/win32/openssh/build.psm1 @@ -0,0 +1,383 @@ + +Set-StrictMode -Version Latest +[string] $script:platform = $env:PROCESSOR_ARCHITECTURE +[string] $script:vcPath = $null +[System.IO.DirectoryInfo] $script:OpenSSHRoot = $null +[bool] $script:Verbose = $false +[string] $script:BuildLogFile = $null + +<# + Called by Write-BuildMsg to write to the build log, if it exists. +#> +function Write-Log +{ + param + ( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $Message + ) + # write it to the log file, if present. + if (-not ([string]::IsNullOrEmpty($script:BuildLogFile))) + { + Add-Content -Path $script:BuildLogFile -Value $Message + } +} + +<# +.Synopsis + Writes a build message. +.Parameter Message + The message to write. +.Parameter AsInfo + Writes a user message using Write-Information. +.Parameter AsVerbose + Writes a message using Write-Verbose and to the build log if -Verbose was specified to Start-DscBuild. +.Parameter AsWarning + Writes a message using Write-Warning and to the build log. +.Parameter AsError + Writes a message using Write-Error and to the build log. +.Parameter Silent + Writes the message only to the log. +.Parameter ErrorAction + Determines if the script is terminated when errors are written. + This parameter is ignored when -Silent is specified. +.Example + Write-BuildMsg -AsInfo 'Starting the build' + Writes an informational message to the log and to the user +.Example + Write-BuildMsg -AsError 'Terminating build' -Silent + Writes an error message only to the log +.Example + Write-BuildMsg -AsError 'Terminating build' -ErrorAction Stop + Writes an error message to the log and the user and terminates the build. +.Example + Write-BuildMsg -AsInfo 'Nuget is already installed' -Silent:(-not $script:Verbose) + Writes an informational message to the log. If -Verbose was specified, also + writes to message to the user. +#> +function Write-BuildMsg +{ + [CmdletBinding()] + param + ( + [Parameter(Mandatory=$true)] + [ValidateNotNullOrEmpty()] + [string] $Message, + + [Parameter(ParameterSetName='Info')] + [switch] $AsInfo, + + [Parameter(ParameterSetName='Verbose')] + [switch] $AsVerbose, + + [Parameter(ParameterSetName='Warning')] + [switch] $AsWarning, + + [Parameter(ParameterSetName='Error')] + [switch] $AsError, + + [switch] $Silent + ) + + if ($AsVerbose) + { + if ($script:Verbose) + { + Write-Log -Message "VERBOSE: $message" + if (-not $Silent) + { + Write-Verbose -Message $message -Verbose + } + } + return + } + + if ($AsInfo) + { + Write-Log -Message "INFO: $message" + if (-not $Silent) + { + Write-Information -MessageData $message -InformationAction Continue + } + return + } + + if ($AsWarning) + { + Write-Log -Message "WARNING: $message" + if (-not $Silent) + { + Write-Warning -Message $message + } + return + } + + if ($AsError) + { + Write-Log -Message "ERROR: $message" + if (-not $Silent) + { + Write-Error -Message $message + } + return + } + + # if we reached here, no output type switch was specified. + Write-BuildMsg -AsError -ErrorAction Stop -Message 'Write-BuildMsg was called without selecting an output type.' +} + +<# +.Synopsis + Verifies all tools and dependencies required for building Open SSH are installed on the machine. +#> +function Start-SSHBootstrap +{ + Set-StrictMode -Version Latest + Write-BuildMsg -AsInfo -Message "Checking tools and dependencies" + + $machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE') + $newMachineEnvironmentPath = $machinePath + + # NOTE: Unless -Verbose is specified, most informational output will only go to the log file. + [bool] $silent = -not $script:Verbose + + # Install chocolatey + $chocolateyPath = "$env:AllUsersProfile\chocolatey\bin" + if(Get-Command "choco" -ErrorAction SilentlyContinue) + { + Write-BuildMsg -AsVerbose -Message "Chocolatey is already installed. Skipping installation." -Silent:$silent + } + else + { + Write-BuildMsg -AsInfo -Message "Chocolatey not present. Installing chocolatey." + Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) + + if (-not ($machinePath.ToLower().Contains($chocolateyPath.ToLower()))) + { + Write-BuildMsg -AsVerbose -Message "Adding $chocolateyPath to Path environment variable" + $newMachineEnvironmentPath += ";$chocolateyPath" + $env:Path += ";$chocolateyPath" + } + else + { + Write-BuildMsg -AsVerbose -Message "$chocolateyPath already present in Path environment variable" + } + } + + # Add git\cmd to the path + $gitCmdPath = "$env:ProgramFiles\git\cmd" + if (-not ($machinePath.ToLower().Contains($gitCmdPath.ToLower()))) + { + Write-BuildMsg -AsVerbose -Message "Adding $gitCmdPath to Path environment variable" + $newMachineEnvironmentPath = "$gitCmdPath;$newMachineEnvironmentPath" + } + else + { + Write-BuildMsg -AsVerbose -Message "$gitCmdPath already present in Path environment variable" -Silent:$silent + } + + $nativeMSBuildPath = "${env:ProgramFiles(x86)}\MSBuild\14.0\bin" + if($script:platform -ieq "AMD64") + { + $nativeMSBuildPath += "\amd64" + } + + if (-not ($machinePath.ToLower().Contains($nativeMSBuildPath.ToLower()))) + { + Write-BuildMsg -AsVerbose -Message "Adding $nativeMSBuildPath to Path environment variable" + $newMachineEnvironmentPath += ";$nativeMSBuildPath" + $env:Path += ";$nativeMSBuildPath" + } + else + { + Write-BuildMsg -AsVerbose -Message "$nativeMSBuildPath already present in Path environment variable" -Silent:$silent + } + + # Update machine environment path + if ($newMachineEnvironmentPath -ne $machinePath) + { + [Environment]::SetEnvironmentVariable('Path', $newMachineEnvironmentPath, 'MACHINE') + } + + # install nasm + $packageName = "nasm" + $nasmPath = "${env:ProgramFiles(x86)}\NASM" + + if (-not (Test-Path -Path $nasmPath -PathType Container)) + { + Write-BuildMsg -AsInfo -Message "$packageName not present. Installing $packageName." + choco install $packageName -y --force --execution-timeout 10000 + } + else + { + Write-BuildMsg -AsVerbose -Message "$packageName present. Skipping installation." -Silent:$silent + } + + # Install Visual Studio 2015 Community + $packageName = "VisualStudio2015Community" + $VSPackageInstalled = Get-ItemProperty "HKLM:\software\WOW6432Node\Microsoft\VisualStudio\14.0\setup\vs" -ErrorAction SilentlyContinue + + if ($null -eq $VSPackageInstalled) + { + Write-BuildMsg -AsInfo -Message "$packageName not present. Installing $packageName." + $adminFilePath = "$script:OpenSSHRoot\contrib\win32\openssh\VSWithBuildTools.xml" + choco install $packageName -packageParameters "--AdminFile $adminFilePath" -y --force --execution-timeout 10000 + } + else + { + Write-BuildMsg -AsVerbose -Message "$packageName present. Skipping installation." -Silent:$silent + } + + # Install Windows 8.1 SDK + $packageName = "windows-sdk-8.1" + $sdkPath = "C:\Program Files (x86)\Windows Kits\8.1\bin\x86\register_app.vbs" + + if (-not (Test-Path -Path $sdkPath)) + { + Write-BuildMsg -AsInfo -Message "Windows 8.1 SDK not present. Installing $packageName." + choco install $packageName -y --force + } + else + { + Write-BuildMsg -AsInfo -Message "$packageName present. Skipping installation." -Silent:$silent + } + + # Require restarting PowerShell session + if ($null -eq $VSPackageInstalled) + { + Write-Host "To apply changes, please close this PowerShell window, open a new one and call Start-SSHBuild or Start-DscBootstrap again." -ForegroundColor Black -BackgroundColor Yellow + Write-Host -NoNewLine 'Press any key to close this PowerShell window...' -ForegroundColor Black -BackgroundColor Yellow + $null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown') + exit + } + + # Ensure the VS C toolset is installed + if ($null -eq $env:VS140COMNTOOLS) + { + Write-BuildMsg -AsError -ErrorAction Stop -Message "Cannot find Visual Studio 2015 Environment variable VS140COMNTOOlS" + } + + $item = Get-Item(Join-Path -Path $env:VS140COMNTOOLS -ChildPath '../../vc') + + $script:vcPath = $item.FullName + Write-BuildMsg -AsVerbose -Message "vcPath: $script:vcPath" + if ((Test-Path -Path "$script:vcPath\vcvarsall.bat") -eq $false) + { + Write-BuildMsg -AsError -ErrorAction Stop -Message "Could not find Visual Studio vcvarsall.bat at" + $script:vcPath + } +} + +function Start-SSHBuild +{ + [CmdletBinding(SupportsShouldProcess=$false)] + param + ( + [ValidateSet('x86', 'x64')] + [string]$NativeHostArch = "x64", + + [ValidateSet('Debug', 'Release', '')] + [string]$Configuration = "Debug" + ) + Set-StrictMode -Version Latest + $script:BuildLogFile = $null + + [System.IO.DirectoryInfo] $repositoryRoot = Get-RepositoryRoot + + # Get openssh-portable root + $script:OpenSSHRoot = Get-Item -Path $repositoryRoot.FullName + + if($PSBoundParameters.ContainsKey("Verbose")) + { + $script:Verbose = ($PSBoundParameters['Verbose']).IsPresent + } + + $script:BuildLogFile = Get-BuildLogFile -root $repositoryRoot.FullName -Configuration $Configuration -NativeHostArch $NativeHostArch + if (Test-Path -Path $script:BuildLogFile) + { + Remove-Item -Path $script:BuildLogFile + } + + Write-BuildMsg -AsInfo -Message "Starting Open SSH build." + Write-BuildMsg -AsInfo -Message "Build Log: $($script:BuildLogFile)" + + Start-SSHBootstrap + $msbuildCmd = "msbuild.exe" + $solutionFile = Get-SolutionFile -root $repositoryRoot.FullName + $cmdMsg = @("${solutionFile}", "/p:Platform=${NativeHostArch}", "/p:Configuration=${Configuration}", "/fl", "/flp:LogFile=${script:BuildLogFile}`;Append`;Verbosity=diagnostic") + + Write-Information -MessageData $msbuildCmd + Write-Information -MessageData $cmdMsg + + & $msbuildCmd $cmdMsg + $errorCode = $LASTEXITCODE + + if ($errorCode -ne 0) + { + Write-BuildMsg -AsError -ErrorAction Stop -Message "Build failed for OpenSSH.`nExitCode: $error" + } + + Write-BuildMsg -AsVerbose -Message "Finished Open SSH build." +} + +function Get-BuildLogFile +{ + param + ( + [Parameter(Mandatory=$true)] + [ValidateNotNull()] + [System.IO.DirectoryInfo] $root, + + [ValidateSet('x86', 'x64')] + [string]$NativeHostArch = "x64", + + [ValidateSet('Debug', 'Release', '')] + [string]$Configuration = "Debug" + + ) + return Join-Path -Path $root -ChildPath "contrib\win32\openssh\OpenSSH$($Configuration)$($NativeHostArch).log" +} + +function Get-SolutionFile +{ + param + ( + [Parameter(Mandatory=$true)] + [ValidateNotNull()] + [System.IO.DirectoryInfo] $root + ) + return Join-Path -Path $root -ChildPath "contrib\win32\openssh\Win32-OpenSSH.sln" +} + +<# +.Synopsis + Finds the root of the git repository + +.Outputs + A System.IO.DirectoryInfo for the location of the root. + +.Inputs + None + +.Notes + FileNotFoundException is thrown if the current directory does not contain a CMakeLists.txt file. +#> +function Get-RepositoryRoot +{ + Set-StrictMode -Version Latest + $currentDir = (Get-Item -Path $PSCommandPath).Directory + + while ($null -ne $currentDir.Parent) + { + $path = Join-Path -Path $currentDir.FullName -ChildPath '.git' + if (Test-Path -Path $path) + { + return $currentDir + } + $currentDir = $currentDir.Parent + } + + throw new-object System.IO.DirectoryNotFoundException("Could not find the root of the GIT repository") +} + +Export-ModuleMember -Function Start-SSHBuild, Get-RepositoryRoot, Get-BuildLogFile \ No newline at end of file diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs index 38b38a8..329d978 100644 --- a/contrib/win32/openssh/config.h.vs +++ b/contrib/win32/openssh/config.h.vs @@ -218,7 +218,8 @@ /* #undef HAVE_B64_PTON */ /* Define if you have the basename function. */ -#define HAVE_BASENAME 1 +/* For Windows, this is defined in dirent.h, but that header is not included in sftp.c */ +/* #define HAVE_BASENAME */ /* Define to 1 if you have the `bcopy' function. */ /* #undef HAVE_BCOPY */ @@ -336,7 +337,7 @@ /* #undef HAVE_DIRFD */ /* Define to 1 if you have the `dirname' function. */ -#define HAVE_DIRNAME 1 +/* #define HAVE_DIRNAME 1 */ /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ #define HAVE_DSA_GENERATE_PARAMETERS_EX 1 @@ -770,7 +771,7 @@ /* #undef HAVE_READPASSPHRASE_H */ /* Define to 1 if you have the `realpath' function. */ -#define HAVE_REALPATH 1 +/* #define HAVE_REALPATH 1 */ /* Define to 1 if you have the `recvmsg' function. */ /* #undef HAVE_RECVMSG */ @@ -1642,13 +1643,12 @@ #undef HAVE_SYS_SYSMACROS_H #undef HAVE_SYS_MMAN_H #undef HAVE_SYS_UN_H +#define _STRUCT_WINSIZE 1 #define HAVE_TCGETPGRP 1 #undef HAVE_TIME -#define HAVE_TRUNCATE 1 - #define HAVE_VIS_H 1 #define MISSING_FD_MASK 1 @@ -1680,14 +1680,6 @@ #define WIN32_ZLIB_NO 1 #define USE_MSCNG 1 -#ifndef ssize_t -#ifdef _WIN64 -typedef __int64 ssize_t; -#else -typedef long ssize_t; -#endif -#endif - #define HAVE_STRTOULL 1 #define HAVE_USLEEP 1 @@ -1704,11 +1696,10 @@ typedef long ssize_t; //#define SHUT_WR 1 //#define SHUT_RD 0 - #define HAVE_EXPLICIT_BZERO #define WIN32_ZLIB_NO 1 - +#define HAVE_MBTOWC 1 #include #include @@ -1724,6 +1715,10 @@ typedef long ssize_t; // works remotely over SSH like they operate in a local machine //#define WIN32_PRAGMA_REMCON +#define umac128_new umac_new +#define umac128_update umac_update +#define umac_final umac128_final +#define umac_delete umac128_delete #define HAVE_MBLEN 1 diff --git a/contrib/win32/openssh/keygen.vcxproj b/contrib/win32/openssh/keygen.vcxproj index 3107d8c..d42cc40 100644 --- a/contrib/win32/openssh/keygen.vcxproj +++ b/contrib/win32/openssh/keygen.vcxproj @@ -150,7 +150,7 @@ Console - No + true true true win32iocompat.lib;bcrypt.lib;Netapi32.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) @@ -173,7 +173,7 @@ Console - No + true true true win32iocompat.lib;bcrypt.lib;Netapi32.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) @@ -183,6 +183,7 @@ + diff --git a/contrib/win32/openssh/keygen.vcxproj.filters b/contrib/win32/openssh/keygen.vcxproj.filters index 232bc8f..dd9dd23 100644 --- a/contrib/win32/openssh/keygen.vcxproj.filters +++ b/contrib/win32/openssh/keygen.vcxproj.filters @@ -18,6 +18,9 @@ Source Files + + Source Files + diff --git a/contrib/win32/openssh/libssh.vcxproj b/contrib/win32/openssh/libssh.vcxproj index f1f1ad7..fa393fe 100644 --- a/contrib/win32/openssh/libssh.vcxproj +++ b/contrib/win32/openssh/libssh.vcxproj @@ -190,8 +190,12 @@ - - + + true + + + true + @@ -203,19 +207,34 @@ - - - - - - - - - + + true + + + true + + + true + + + true + + + true + + + true + + + true + + + true + @@ -233,15 +252,22 @@ - + + true + - - - + + true + + + true + - + + true + @@ -252,20 +278,13 @@ - - UMAC_OUTPUT_LEN=16;umac_new=umac128_new;umac_update=umac128_update;umac_final=umac128_final;umac_delete=umac128_delete;%(PreprocessorDefinitions) - UMAC_OUTPUT_LEN=16;umac_new=umac128_new;umac_update=umac128_update;umac_final=umac128_final;umac_delete=umac128_delete;%(PreprocessorDefinitions) - UMAC_OUTPUT_LEN=16;umac_new=umac128_new;umac_update=umac128_update;umac_final=umac128_final;umac_delete=umac128_delete;%(PreprocessorDefinitions) - UMAC_OUTPUT_LEN=16;umac_new=umac128_new;umac_update=umac128_update;umac_final=umac128_final;umac_delete=umac128_delete;%(PreprocessorDefinitions) - - - - true - - + + + + diff --git a/contrib/win32/openssh/libssh.vcxproj.filters b/contrib/win32/openssh/libssh.vcxproj.filters index 156819e..8c6cf55 100644 --- a/contrib/win32/openssh/libssh.vcxproj.filters +++ b/contrib/win32/openssh/libssh.vcxproj.filters @@ -126,9 +126,6 @@ Source Files - - Source Files - Source Files @@ -222,9 +219,6 @@ Source Files - - Source Files - Source Files @@ -273,9 +267,6 @@ Source Files - - Source Files - Source Files @@ -285,16 +276,22 @@ Source Files - - Source Files - Source Files - + Source Files - + + Source Files + + + Source Files + + + Source Files + + Source Files diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj b/contrib/win32/openssh/openbsd_compat.vcxproj index 610de98..45551a2 100644 --- a/contrib/win32/openssh/openbsd_compat.vcxproj +++ b/contrib/win32/openssh/openbsd_compat.vcxproj @@ -26,7 +26,6 @@ - @@ -47,7 +46,6 @@ - @@ -73,7 +71,6 @@ - @@ -84,6 +81,7 @@ + diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj.filters b/contrib/win32/openssh/openbsd_compat.vcxproj.filters index da78775..fad08eb 100644 --- a/contrib/win32/openssh/openbsd_compat.vcxproj.filters +++ b/contrib/win32/openssh/openbsd_compat.vcxproj.filters @@ -33,9 +33,6 @@ Source Files - - Source Files - Source Files @@ -96,9 +93,6 @@ Source Files - - Source Files - Source Files @@ -174,9 +168,6 @@ Source Files - - Source Files - Source Files @@ -207,6 +198,9 @@ Source Files + + Source Files + diff --git a/contrib/win32/openssh/paths.targets b/contrib/win32/openssh/paths.targets index ec7e86b..5aa3d00 100644 --- a/contrib/win32/openssh/paths.targets +++ b/contrib/win32/openssh/paths.targets @@ -4,10 +4,11 @@ $(SolutionDir)..\..\..\ $(SolutionDir)..\..\..\bin\ $(SolutionDir)lib\ - $(SolutionDir)..\..\..\..\OpenSSL\1.0.2d\VS2015\ - $(SolutionDir)..\..\..\..\OpenSSL\1.0.2d\VS2015\Win32\Release\ - $(SolutionDir)..\..\..\..\OpenSSL\1.0.2d\VS2015\Win32\Debug\ - $(SolutionDir)..\..\..\..\OpenSSL\1.0.2d\VS2015\x64\Release\ - $(SolutionDir)..\..\..\..\OpenSSL\1.0.2d\VS2015\x64\Debug\ + $(SolutionDir)\OpenSSLSDK\1.0.2d + $(SolutionDir)\OpenSSLSDK\1.0.2d\Win32\Release\ + $(SolutionDir)\OpenSSLSDK\1.0.2d\Win32\Debug\ + $(SolutionDir)\OpenSSLSDK\1.0.2d\x64\Release\ + $(SolutionDir)\OpenSSLSDK\1.0.2d\x64\Debug\ + \ No newline at end of file diff --git a/contrib/win32/openssh/scp.vcxproj b/contrib/win32/openssh/scp.vcxproj index 2ec4355..49f2a4a 100644 --- a/contrib/win32/openssh/scp.vcxproj +++ b/contrib/win32/openssh/scp.vcxproj @@ -21,7 +21,7 @@ - + @@ -117,7 +117,6 @@ Console true Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup @@ -137,7 +136,6 @@ Console true Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup @@ -157,11 +155,10 @@ Console - No + true true true Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup @@ -181,11 +178,10 @@ Console - No + true true true Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup diff --git a/contrib/win32/openssh/scp.vcxproj.filters b/contrib/win32/openssh/scp.vcxproj.filters index 7aa9873..fccf50e 100644 --- a/contrib/win32/openssh/scp.vcxproj.filters +++ b/contrib/win32/openssh/scp.vcxproj.filters @@ -18,7 +18,7 @@ Source Files - + Source Files diff --git a/contrib/win32/openssh/sftp-server.vcxproj b/contrib/win32/openssh/sftp-server.vcxproj index 78d5fda..eaabe56 100644 --- a/contrib/win32/openssh/sftp-server.vcxproj +++ b/contrib/win32/openssh/sftp-server.vcxproj @@ -23,7 +23,7 @@ - + @@ -119,8 +119,7 @@ Console true - Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup diff --git a/contrib/win32/openssh/sftp-server.vcxproj.filters b/contrib/win32/openssh/sftp-server.vcxproj.filters index 2179a95..7e84e8c 100644 --- a/contrib/win32/openssh/sftp-server.vcxproj.filters +++ b/contrib/win32/openssh/sftp-server.vcxproj.filters @@ -24,9 +24,6 @@ Source Files - - Source Files - diff --git a/contrib/win32/openssh/sftp.vcxproj b/contrib/win32/openssh/sftp.vcxproj index 079d6f1..62ad9e8 100644 --- a/contrib/win32/openssh/sftp.vcxproj +++ b/contrib/win32/openssh/sftp.vcxproj @@ -25,7 +25,7 @@ - + @@ -121,8 +121,7 @@ Console true - Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup @@ -142,8 +141,7 @@ Console true - Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup @@ -163,11 +161,10 @@ Console - false + true true true - Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup @@ -187,11 +184,10 @@ Console - false + true true true - Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) wmainCRTStartup diff --git a/contrib/win32/openssh/sftp.vcxproj.filters b/contrib/win32/openssh/sftp.vcxproj.filters index 30e54f3..04bc652 100644 --- a/contrib/win32/openssh/sftp.vcxproj.filters +++ b/contrib/win32/openssh/sftp.vcxproj.filters @@ -30,7 +30,7 @@ Source Files - + Source Files diff --git a/contrib/win32/openssh/ssh-add.vcxproj b/contrib/win32/openssh/ssh-add.vcxproj index adcd43e..6b69751 100644 --- a/contrib/win32/openssh/ssh-add.vcxproj +++ b/contrib/win32/openssh/ssh-add.vcxproj @@ -21,6 +21,7 @@ + @@ -159,7 +160,7 @@ Console - No + true true true win32iocompat.lib;Netapi32.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) @@ -182,7 +183,7 @@ Console - No + true true true win32iocompat.lib;Netapi32.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) diff --git a/contrib/win32/openssh/ssh-add.vcxproj.filters b/contrib/win32/openssh/ssh-add.vcxproj.filters index f619dc7..12e01f9 100644 --- a/contrib/win32/openssh/ssh-add.vcxproj.filters +++ b/contrib/win32/openssh/ssh-add.vcxproj.filters @@ -18,6 +18,9 @@ Source Files + + Source Files + diff --git a/contrib/win32/openssh/ssh-agent.vcxproj b/contrib/win32/openssh/ssh-agent.vcxproj index 947c6c0..2fdcb97 100644 --- a/contrib/win32/openssh/ssh-agent.vcxproj +++ b/contrib/win32/openssh/ssh-agent.vcxproj @@ -158,7 +158,7 @@ Console - No + true true true $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) @@ -183,7 +183,7 @@ Console - No + true true true $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) @@ -202,7 +202,6 @@ - diff --git a/contrib/win32/openssh/ssh-lsa.vcxproj b/contrib/win32/openssh/ssh-lsa.vcxproj index 54e7b58..183ee8a 100644 --- a/contrib/win32/openssh/ssh-lsa.vcxproj +++ b/contrib/win32/openssh/ssh-lsa.vcxproj @@ -152,7 +152,7 @@ Console - No + true true true advapi32.lib @@ -175,7 +175,7 @@ Console - No + true true true advapi32.lib diff --git a/contrib/win32/openssh/ssh-shellhost.vcxproj b/contrib/win32/openssh/ssh-shellhost.vcxproj index 2f2a0d6..d2cd415 100644 --- a/contrib/win32/openssh/ssh-shellhost.vcxproj +++ b/contrib/win32/openssh/ssh-shellhost.vcxproj @@ -153,7 +153,7 @@ Console - No + true true true kernel32.lib;user32.lib;%(AdditionalDependencies) @@ -176,7 +176,7 @@ Console - No + true true true kernel32.lib;user32.lib;%(AdditionalDependencies) diff --git a/contrib/win32/openssh/ssh.vcxproj b/contrib/win32/openssh/ssh.vcxproj index 1453a7f..971ba8d 100644 --- a/contrib/win32/openssh/ssh.vcxproj +++ b/contrib/win32/openssh/ssh.vcxproj @@ -160,7 +160,7 @@ Console - No + true true true $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) @@ -186,7 +186,7 @@ Console - No + true true true $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) @@ -288,13 +288,12 @@ + - - diff --git a/contrib/win32/openssh/ssh.vcxproj.filters b/contrib/win32/openssh/ssh.vcxproj.filters index 81077fb..47ffb77 100644 --- a/contrib/win32/openssh/ssh.vcxproj.filters +++ b/contrib/win32/openssh/ssh.vcxproj.filters @@ -296,12 +296,6 @@ Source Files - - Source Files - - - Source Files - Source Files @@ -317,6 +311,9 @@ Source Files + + Source Files + diff --git a/contrib/win32/openssh/sshd.vcxproj b/contrib/win32/openssh/sshd.vcxproj index 273e3b3..f10929a 100644 --- a/contrib/win32/openssh/sshd.vcxproj +++ b/contrib/win32/openssh/sshd.vcxproj @@ -158,7 +158,7 @@ Console - No + true true true Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;Netapi32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) @@ -186,7 +186,7 @@ Console - No + true true true Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;Netapi32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) @@ -235,10 +235,7 @@ - - - @@ -252,6 +249,7 @@ + diff --git a/contrib/win32/openssh/sshd.vcxproj.filters b/contrib/win32/openssh/sshd.vcxproj.filters index 475ec1f..2f30994 100644 --- a/contrib/win32/openssh/sshd.vcxproj.filters +++ b/contrib/win32/openssh/sshd.vcxproj.filters @@ -123,18 +123,9 @@ Source Files - - Source Files - Source Files - - Source Files - - - Source Files - Source Files @@ -174,6 +165,9 @@ Source Files + + Source Files + diff --git a/contrib/win32/openssh/sshd_config b/contrib/win32/openssh/sshd_config new file mode 100644 index 0000000..78ce20a --- /dev/null +++ b/contrib/win32/openssh/sshd_config @@ -0,0 +1,122 @@ +# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp C:/Program Files/OpenSSH/sftp-server.exe + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server +PubkeyAcceptedKeyTypes ssh-ed25519* \ No newline at end of file diff --git a/contrib/win32/openssh/unittest-bitmap.vcxproj b/contrib/win32/openssh/unittest-bitmap.vcxproj new file mode 100644 index 0000000..816fbcb --- /dev/null +++ b/contrib/win32/openssh/unittest-bitmap.vcxproj @@ -0,0 +1,214 @@ + + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {D901596E-76C7-4608-9CFA-2B42A9FD7250} + Win32Proj + Win32OpenSSH + 8.1 + unittest-bitmap + + + + Application + true + v140 + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-bitmap + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-bitmap + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-bitmap + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-bitmap + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + Sync + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + true + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + true + + + true + + + true + + + + + + \ No newline at end of file diff --git a/contrib/win32/openssh/unittest-hostkeys.vcxproj b/contrib/win32/openssh/unittest-hostkeys.vcxproj new file mode 100644 index 0000000..7369d54 --- /dev/null +++ b/contrib/win32/openssh/unittest-hostkeys.vcxproj @@ -0,0 +1,221 @@ + + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {890C6129-286F-4CD8-8252-FB8D3B4E6E1B} + Win32Proj + Win32OpenSSH + 8.1 + unittest-hostkeys + + + + Application + true + v140 + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-hostkeys + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-hostkeys + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-hostkeys + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-hostkeys + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + Sync + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\hostkeys\testdata\* $(OutDir) + + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\hostkeys\testdata\* $(OutDir) + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\hostkeys\testdata\* $(OutDir) + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + true + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\hostkeys\testdata\* $(OutDir) + + + + + + + + + + + + \ No newline at end of file diff --git a/contrib/win32/openssh/unittest-kex.vcxproj b/contrib/win32/openssh/unittest-kex.vcxproj new file mode 100644 index 0000000..2d2c654 --- /dev/null +++ b/contrib/win32/openssh/unittest-kex.vcxproj @@ -0,0 +1,210 @@ + + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {8EC56B06-5A9A-4D6D-804D-037FE26FD43E} + Win32Proj + Win32OpenSSH + 8.1 + unittest-kex + + + + Application + true + v140 + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-kex + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-kex + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-kex + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-kex + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + Sync + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + true + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + + + + + + + + + \ No newline at end of file diff --git a/contrib/win32/openssh/unittest-sshbuf.vcxproj b/contrib/win32/openssh/unittest-sshbuf.vcxproj new file mode 100644 index 0000000..fdf5b04 --- /dev/null +++ b/contrib/win32/openssh/unittest-sshbuf.vcxproj @@ -0,0 +1,220 @@ + + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {CD9740CE-C96E-49B3-823F-012E09D17806} + Win32Proj + Win32OpenSSH + 8.1 + unittest-sshbuf + + + + Application + true + v140 + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshbuf + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshbuf + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshbuf + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshbuf + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + Sync + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + true + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + + + + + + true + + + true + + + + + + + + + + \ No newline at end of file diff --git a/contrib/win32/openssh/unittest-sshkey.vcxproj b/contrib/win32/openssh/unittest-sshkey.vcxproj new file mode 100644 index 0000000..de274c0 --- /dev/null +++ b/contrib/win32/openssh/unittest-sshkey.vcxproj @@ -0,0 +1,225 @@ + + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {FC568FF0-60F2-4B2E-AF62-FD392EDBA1B9} + Win32Proj + Win32OpenSSH + 8.1 + unittest-sshkey + + + + Application + true + v140 + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshkey + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshkey + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshkey + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-sshkey + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + Sync + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\sshkey\testdata\* $(OutDir) + + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\sshkey\testdata\* $(OutDir) + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\sshkey\testdata\* $(OutDir) + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + true + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + copy /Y $(ProjectDir)..\..\..\regress\unittests\sshkey\testdata\* $(OutDir) + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/contrib/win32/openssh/unittest-utf8.vcxproj b/contrib/win32/openssh/unittest-utf8.vcxproj new file mode 100644 index 0000000..a87b983 --- /dev/null +++ b/contrib/win32/openssh/unittest-utf8.vcxproj @@ -0,0 +1,208 @@ + + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + {114CAA59-46C0-4B87-BA86-C1946A68101D} + Win32Proj + Win32OpenSSH + 8.1 + unittest-utf8 + + + + Application + true + v140 + MultiByte + + + Application + true + v140 + MultiByte + + + Application + false + v140 + true + MultiByte + + + Application + false + v140 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-utf8 + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-utf8 + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-utf8 + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + false + $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\$(TargetName)\ + unittest-utf8 + $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + Sync + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + NotUsing + Level1 + Disabled + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + CompileAsC + MultiThreadedDebug + ProgramDatabase + + + Console + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + Level1 + NotUsing + MaxSpeed + true + true + _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + false + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + MultiThreaded + true + + + Console + No + true + true + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup + + + targetos.manifest + + + + + + + + + + + \ No newline at end of file diff --git a/contrib/win32/openssh/win32compatUnittests.vcxproj b/contrib/win32/openssh/unittest-win32compat.vcxproj similarity index 72% rename from contrib/win32/openssh/win32compatUnittests.vcxproj rename to contrib/win32/openssh/unittest-win32compat.vcxproj index 6c70c7d..f33e0e1 100644 --- a/contrib/win32/openssh/win32compatUnittests.vcxproj +++ b/contrib/win32/openssh/unittest-win32compat.vcxproj @@ -19,12 +19,19 @@ x64 + + + + + + + - {780CAFE4-4BC5-407B-B3A6-71C4114826A7} + {BF295BA9-4BF8-43F8-8CBF-FAE84815466C} Win32Proj Win32OpenSSH 8.1 - win32compatUnittests + unittest-win32compat @@ -74,14 +81,14 @@ false $(Platform)\$(Configuration)\$(TargetName)\ - win32compatUnittests + unittest-win32compat $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); false $(Platform)\$(Configuration)\$(TargetName)\ - win32compatUnittests + unittest-win32compat $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); @@ -89,14 +96,14 @@ false $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\$(TargetName)\ - win32compatUnittests + unittest-win32compat $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); false $(OpenSSH-Bin-Path)$(Platform)\$(Configuration)\ $(Platform)\$(Configuration)\$(TargetName)\ - win32compatUnittests + unittest-win32compat $(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(VC_IncludePath);$(WindowsSDK_IncludePath); @@ -106,8 +113,7 @@ Disabled _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) false - - + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug Sync @@ -116,8 +122,9 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) - kernel32.lib;win32iocompat.lib;win32compat.lib;libssh.lib;mswsock.lib;ws2_32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup targetos.manifest @@ -128,10 +135,9 @@ NotUsing Level1 Disabled - _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) + _WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_UNICODE;%(PreprocessorDefinitions) false - - + $(SolutionDir);$(OpenSSL-x64-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) CompileAsC MultiThreadedDebug ProgramDatabase @@ -139,8 +145,9 @@ Console true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) - kernel32.lib;win32iocompat.lib;win32compat.lib;libssh.lib;mswsock.lib;ws2_32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Debug-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup targetos.manifest @@ -155,8 +162,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - - + $(SolutionDir);$(OpenSSL-Win32-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded @@ -164,8 +170,9 @@ No true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) - kernel32.lib;win32iocompat.lib;win32compat.lib;libssh.lib;mswsock.lib;ws2_32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-Win32-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup targetos.manifest @@ -180,8 +187,7 @@ true _WIN32_WINNT=0x600;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) false - - + $(SolutionDir);$(OpenSSL-x64-Release-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) MultiThreaded true @@ -190,19 +196,14 @@ No true true - $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);%(AdditionalLibraryDirectories) - kernel32.lib;win32iocompat.lib;win32compat.lib;libssh.lib;mswsock.lib;ws2_32.lib;%(AdditionalDependencies) + $(OpenSSH-Lib-Path)$(Platform)\$(Configuration);$(OpenSSL-x64-Release-Path)lib;%(AdditionalLibraryDirectories) + Netapi32.lib;win32iocompat.lib;bcrypt.lib;Userenv.lib;Ws2_32.lib;Secur32.lib;Shlwapi.lib;openbsd_compat.lib;libssh.lib;win32compat.lib;libeay32.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) + wmainCRTStartup targetos.manifest - - - - - - diff --git a/contrib/win32/openssh/version.rc b/contrib/win32/openssh/version.rc index ff1bcf5..2efbec4 100644 Binary files a/contrib/win32/openssh/version.rc and b/contrib/win32/openssh/version.rc differ diff --git a/contrib/win32/openssh/win32compat.vcxproj b/contrib/win32/openssh/win32compat.vcxproj index 306eaa5..e38b21e 100644 --- a/contrib/win32/openssh/win32compat.vcxproj +++ b/contrib/win32/openssh/win32compat.vcxproj @@ -105,7 +105,7 @@ Disabled - $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)libkrb;$(OpenSSH-Src-Path)libkrb\libKrb5;%(AdditionalIncludeDirectories) + $(SolutionDir);$(OpenSSL-Win32-Debug-Path)include;$(OpenSSH-Src-Path)includes;$(OpenSSH-Src-Path);$(OpenSSH-Src-Path)contrib\win32\win32compat\inc;$(OpenSSH-Src-Path)contrib\win32\win32compat;$(OpenSSH-Src-Path)contrib\win32\libkrb;$(OpenSSH-Src-Path)contrib\win32\ibkrb\libKrb5;%(AdditionalIncludeDirectories) USE_MSCNG;_WIN32_WINNT=0x600;WIN32;_DEBUG;_LIB;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;%(PreprocessorDefinitions) EnableFastChecks MultiThreadedDebug @@ -142,39 +142,35 @@ - - + + true + + + true + - - - true - true - true - true + true + + + true - - - - - - diff --git a/contrib/win32/openssh/win32compat.vcxproj.filters b/contrib/win32/openssh/win32compat.vcxproj.filters index e8e0df9..2bb98c7 100644 --- a/contrib/win32/openssh/win32compat.vcxproj.filters +++ b/contrib/win32/openssh/win32compat.vcxproj.filters @@ -45,9 +45,6 @@ Source Files - - Source Files - Source Files @@ -57,9 +54,6 @@ Source Files - - Source Files - Source Files @@ -80,24 +74,12 @@ Header Files - - Header Files - - - Header Files - - - Header Files - Header Files Header Files - - Header Files - Header Files @@ -107,9 +89,6 @@ Header Files - - Header Files - Header Files diff --git a/contrib/win32/openssh/win32iocompat.vcxproj b/contrib/win32/openssh/win32iocompat.vcxproj index cb59e6e..e5c6f2d 100644 --- a/contrib/win32/openssh/win32iocompat.vcxproj +++ b/contrib/win32/openssh/win32iocompat.vcxproj @@ -151,7 +151,7 @@ - + @@ -188,6 +188,7 @@ + diff --git a/contrib/win32/openssh/win32iocompat.vcxproj.filters b/contrib/win32/openssh/win32iocompat.vcxproj.filters index 0e7abca..9bb7337 100644 --- a/contrib/win32/openssh/win32iocompat.vcxproj.filters +++ b/contrib/win32/openssh/win32iocompat.vcxproj.filters @@ -11,7 +11,7 @@ - + @@ -108,6 +108,7 @@ inc + diff --git a/contrib/win32/win32compat/ansiprsr.c b/contrib/win32/win32compat/ansiprsr.c index e8174e8..9ebd12d 100644 --- a/contrib/win32/win32compat/ansiprsr.c +++ b/contrib/win32/win32compat/ansiprsr.c @@ -310,11 +310,30 @@ unsigned char* ParseBuffer(unsigned char* pszBuffer, unsigned char* pszBufferEnd unsigned char* pszCurrent = pszBuffer; CurrentX = ConGetCursorX(); + int nCharCount = 0; while ((pszCurrent < pszBufferEnd) && (*pszCurrent != (unsigned char)27) && (*pszCurrent > (unsigned char)15) && (*pszCurrent != (unsigned char)255) - && (CurrentX++ < ScreenX)) - pszCurrent++; + && (CurrentX++ < ScreenX)) { + if (*pszCurrent > 127) { + unsigned char nLead = *pszCurrent; + nCharCount++; + if ((nLead & 128) == 128) { + pszCurrent++; + } + if ((nLead & 192) == 192) { + pszCurrent++; + } + if ((nLead & 224) == 224) { + pszCurrent++; + } + if ((nLead & 240) == 240) { + pszCurrent++; + } + } + else + pszCurrent++; + } if (fShiftOut) memset(pszBuffer, '|', pszCurrent - pszBuffer); diff --git a/contrib/win32/win32compat/cng_dh.c b/contrib/win32/win32compat/cng_dh.c index b2ecab9..7eb6802 100644 --- a/contrib/win32/win32compat/cng_dh.c +++ b/contrib/win32/win32compat/cng_dh.c @@ -4,7 +4,7 @@ #include #include #include -#include "crypto-wrap.h" +#include // CNG Diffie-hellman Kex context diff --git a/contrib/win32/win32compat/cng_digest.c b/contrib/win32/win32compat/cng_digest.c index 257e173..5ee640d 100644 --- a/contrib/win32/win32compat/cng_digest.c +++ b/contrib/win32/win32compat/cng_digest.c @@ -38,7 +38,7 @@ typedef unsigned char u_char; #ifndef __MINGW32__ #define __attribute__(A) -#ifndef define explicit_bzero +#ifndef explicit_bzero #define explicit_bzero(p,l) memset((void *)(p),0,(size_t)(l)) #endif #endif diff --git a/contrib/win32/win32compat/cng_openssl_dh.c b/contrib/win32/win32compat/cng_openssl_dh.c index 97b90a4..e152e16 100644 --- a/contrib/win32/win32compat/cng_openssl_dh.c +++ b/contrib/win32/win32compat/cng_openssl_dh.c @@ -16,7 +16,7 @@ #include "packet.h" #include "ssherr.h" #include -#include "crypto-wrap.h" +#include #include diff --git a/contrib/win32/win32compat/console.c b/contrib/win32/win32compat/console.c index ad0c435..6bb31e0 100644 --- a/contrib/win32/win32compat/console.c +++ b/contrib/win32/win32compat/console.c @@ -95,29 +95,23 @@ int ConInit( DWORD OutputHandle, BOOL fSmartInit ) return dwRet; } - if (!GetConsoleMode(hOutputConsole, &dwSavedAttributes)) { + if (!GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &dwSavedAttributes)) { dwRet = GetLastError(); printf("GetConsoleMode failed with %d\n", GetLastError()); return dwRet; } dwAttributes = dwSavedAttributes; + dwAttributes &= ~(ENABLE_LINE_INPUT | + ENABLE_ECHO_INPUT | ENABLE_PROCESSED_INPUT | ENABLE_MOUSE_INPUT); + dwAttributes |= ENABLE_WINDOW_INPUT; - if ( os.dwPlatformId == VER_PLATFORM_WIN32_NT ) - { - char *term = getenv("TERM"); - dwAttributes = (DWORD)ENABLE_PROCESSED_OUTPUT; // PERFECT in NT + char *term = getenv("TERM"); - if (term != NULL && (_stricmp(term, "ansi") == 0 || _stricmp(term, "passthru"))) - dwAttributes |= (DWORD)ENABLE_VIRTUAL_TERMINAL_PROCESSING; + if (term != NULL && (_stricmp(term, "ansi") == 0 || _stricmp(term, "passthru") == 0)) + dwAttributes |= (DWORD)ENABLE_VIRTUAL_TERMINAL_PROCESSING; - SetConsoleMode(hOutputConsole, dwAttributes); // Windows NT - } - else - { - dwAttributes = (DWORD)ENABLE_WRAP_AT_EOL_OUTPUT; // Doesn't always print last column & doesn't handle CRLF - SetConsoleMode(hOutputConsole, dwAttributes); // Windows 95 - } + SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), dwAttributes); // Windows NT ConSetScreenX(); ConSetScreenY(); @@ -328,6 +322,9 @@ void ConSetAttribute(int *iParam, int iParamCount) break; case ANSI_DIM: break; + case ANSI_NOUNDERSCORE: + iAttr = iAttr & ~COMMON_LVB_UNDERSCORE; + break; case ANSI_UNDERSCORE: iAttr |= COMMON_LVB_UNDERSCORE; break; diff --git a/contrib/win32/win32compat/console.h b/contrib/win32/win32compat/console.h index 899c123..f06143e 100644 --- a/contrib/win32/win32compat/console.h +++ b/contrib/win32/win32compat/console.h @@ -48,6 +48,7 @@ #define ANSI_BLINK 5 #define ANSI_REVERSE 7 #define ANSI_HIDDEN 8 +#define ANSI_NOUNDERSCORE 24 #define ANSI_NOREVERSE 27 #define ANSI_FOREGROUND_BLACK 30 diff --git a/crypto-wrap.h b/contrib/win32/win32compat/inc/crypto-wrap.h similarity index 100% rename from crypto-wrap.h rename to contrib/win32/win32compat/inc/crypto-wrap.h diff --git a/contrib/win32/win32compat/inc/defs.h b/contrib/win32/win32compat/inc/defs.h index 9338000..4ad9217 100644 --- a/contrib/win32/win32compat/inc/defs.h +++ b/contrib/win32/win32compat/inc/defs.h @@ -71,9 +71,19 @@ typedef int sigset_t; typedef unsigned short _mode_t; typedef _mode_t mode_t; +typedef int ssize_t; /* TODO - investigate if it makes sense to make pid_t a DWORD_PTR. * Double check usage of pid_t as int */ typedef int pid_t; /* wait pid options */ -#define WNOHANG 1 \ No newline at end of file +#define WNOHANG 1 + +/*ioctl macros and structs*/ +#define TIOCGWINSZ 1 +struct winsize { + unsigned short ws_row; /* rows, in characters */ + unsigned short ws_col; /* columns, in character */ + unsigned short ws_xpixel; /* horizontal size, pixels */ + unsigned short ws_ypixel; /* vertical size, pixels */ +}; \ No newline at end of file diff --git a/win32_dirent.h b/contrib/win32/win32compat/inc/dirent.h similarity index 82% rename from win32_dirent.h rename to contrib/win32/win32compat/inc/dirent.h index 3859889..182ee3b 100644 --- a/win32_dirent.h +++ b/contrib/win32/win32compat/inc/dirent.h @@ -18,13 +18,7 @@ struct dirent { //unsigned attrib ; // its attributes }; -typedef struct { - intptr_t hFile; - struct _finddata_t c_file; - int bRoot; - int bDrive; - char initName[260]; -} DIR; +typedef struct DIR_ DIR; DIR * opendir(char *name); int closedir(DIR *dirp); diff --git a/contrib/win32/win32compat/inc/sys/ioctl.h b/contrib/win32/win32compat/inc/sys/ioctl.h index 87f47fa..1043e61 100644 --- a/contrib/win32/win32compat/inc/sys/ioctl.h +++ b/contrib/win32/win32compat/inc/sys/ioctl.h @@ -1,6 +1,8 @@ #ifndef COMPAT_IOCTL_H #define COMPAT_IOCTL_H 1 -/* Compatibility header to avoid lots of #ifdef _WIN32's in includes.h */ +#include "..\w32posix.h" + +#define ioctl w32_ioctl #endif diff --git a/contrib/win32/win32compat/inc/sys/stat.h b/contrib/win32/win32compat/inc/sys/stat.h index b8a2521..ec009cc 100644 --- a/contrib/win32/win32compat/inc/sys/stat.h +++ b/contrib/win32/win32compat/inc/sys/stat.h @@ -5,6 +5,7 @@ * instead of the one in Windows SDK. */ #pragma once +#include "..\fcntl.h" /* flags COPIED FROM STAT.H */ @@ -16,7 +17,10 @@ #define _S_IREAD 0x0100 // Read permission, owner #define _S_IWRITE 0x0080 // Write permission, owner #define _S_IEXEC 0x0040 // Execute/search permission, owner +#define _S_IFLNK 0xA000 // symbolic link +#define _S_IFSOCK 0xC000 // socket +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) #define S_IFMT _S_IFMT #define S_IFDIR _S_IFDIR @@ -25,6 +29,9 @@ #define S_IREAD _S_IREAD #define S_IWRITE _S_IWRITE #define S_IEXEC _S_IEXEC +#define S_IFLNK _S_IFLNK +#define S_IFSOCK _S_IFSOCK + #define stat w32_stat #define lstat w32_stat diff --git a/contrib/win32/win32compat/inc/termios.h b/contrib/win32/win32compat/inc/termios.h index ae26a73..9d961db 100644 --- a/contrib/win32/win32compat/inc/termios.h +++ b/contrib/win32/win32compat/inc/termios.h @@ -1,6 +1,74 @@ #ifndef COMPAT_TERMIOS_H #define COMPAT_TERMIOS_H 1 +#define B0 0x00000000 +#define B50 0x00000001 +#define B75 0x00000002 +#define B110 0x00000003 +#define B134 0x00000004 +#define B150 0x00000005 +#define B200 0x00000006 +#define B300 0x00000007 +#define B600 0x00000008 +#define B1200 0x00000009 +#define B1800 0x0000000a +#define B2400 0x0000000b +#define B4800 0x0000000c +#define B9600 0x0000000d +#define B19200 0x0000000e +#define B38400 0x0000000f + +#define BRKINT 0x00000100 +#define ICRNL 0x00000200 +#define IGNBRK 0x00000400 +#define IGNCR 0x00000800 +#define IGNPAR 0x00001000 +#define INLCR 0x00002000 +#define INPCK 0x00004000 +#define ISTRIP 0x00008000 +#define IXOFF 0x00010000 +#define IXON 0x00020000 +#define PARMRK 0x00040000 +#ifndef _POSIX_SOURCE +#define IXANY 0x00000800 /* any char will restart after stop */ +#define IMAXBEL 0x00002000 /* ring bell on input queue full */ +#endif /*_POSIX_SOURCE */ + +#define OPOST 0x00000100 + +#define CLOCAL 0x00000100 +#define CREAD 0x00000200 +#define CS5 0x00000000 +#define CS6 0x00000400 +#define CS7 0x00000800 +#define CS8 0x00000c00 +#define CSIZE 0x00000c00 +#define CSTOPB 0x00001000 +#define HUPCL 0x00002000 +#define PARENB 0x00004000 +#define PARODD 0x00008000 + +#define ECHO 0x00000100 +#define ECHOE 0x00000200 +#define ECHOK 0x00000400 +#define ECHONL 0x00000800 +#define ICANON 0x00001000 +#define IEXTEN 0x00002000 +#define ISIG 0x00004000 +#define NOFLSH 0x00008000 +#define TOSTOP 0x00010000 + +#define TCIFLUSH 1 +#define TCOFLUSH 2 +#define TCIOFLUSH 3 +#define TCOOFF 1 +#define TCOON 2 +#define TCIOFF 3 +#define TCION 4 + +#define TCSADRAIN 1 +#define TCSAFLUSH 2 +#define TCSANOW 3 /* Compatibility header to allow some termios functionality to compile without #ifdefs */ diff --git a/contrib/win32/win32compat/inc/unistd.h b/contrib/win32/win32compat/inc/unistd.h index 0d83b05..26232e8 100644 --- a/contrib/win32/win32compat/inc/unistd.h +++ b/contrib/win32/win32compat/inc/unistd.h @@ -27,6 +27,10 @@ #define getdtablesize() MAX_FDS #define gethostname w32_gethostname +#define fsync(a) w32_fsync((a)) +#define ftruncate(a, b) w32_ftruncate((a), (b)) +#define realpath(a, b) w32_realpath((a),(b)) + int daemon(int nochdir, int noclose); #endif diff --git a/contrib/win32/win32compat/inc/w32posix.h b/contrib/win32/win32compat/inc/w32posix.h index 7fbeeb0..20df0ad 100644 --- a/contrib/win32/win32compat/inc/w32posix.h +++ b/contrib/win32/win32compat/inc/w32posix.h @@ -44,6 +44,9 @@ int w32_send(int fd, const void *buf, size_t len, int flags); int w32_shutdown(int fd, int how); int w32_socketpair(int domain, int type, int protocol, int sv[2]); +char *realpathWin32(const char *path, char resolved[MAX_PATH]); +char *realpathWin32i(const char *path, char resolved[MAX_PATH]); + /*non-network (file) i/o*/ #undef fdopen #define fdopen(a,b) w32_fdopen((a), (b)) @@ -89,7 +92,8 @@ int w32_getaddrinfo(const char *, const char *, FILE* w32_fopen_utf8(const char *, const char *); int w32_ftruncate(int fd, off_t length); char* w32_programdir(); - +int w32_fsync(int fd); +int w32_ioctl(int d, int request, ...); /* Shutdown constants */ #define SHUT_WR SD_SEND diff --git a/contrib/win32/win32compat/kerberos.c b/contrib/win32/win32compat/kerberos.c deleted file mode 100644 index 4298078..0000000 --- a/contrib/win32/win32compat/kerberos.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "kerberos.h" - -/* - * Handles to runtime loaded MIT KfW libraries. - */ - -static HMODULE Krb5_32 = NULL; -static HMODULE Comerr32 = NULL; -static HMODULE Gssapi32 = NULL; - -/* - * Pointers to runtime loaded KfW functions. - */ - -static struct _MitDispatch -{ - /* - * gssapi32.dll. - */ - - gss_indicate_mechs_ptr gss_indicate_mechs; - gss_release_buffer_ptr gss_release_buffer; - gss_display_status_ptr gss_display_status; - gss_delete_sec_context_ptr gss_delete_sec_context; - gss_release_name_ptr gss_release_name; - gss_release_cred_ptr gss_release_cred; - gss_init_sec_context_ptr gss_init_sec_context; - gss_import_name_ptr gss_import_name; - gss_get_mic_ptr gss_get_mic; - - /* - * krb5_32.dll. - */ - - krb5_free_context_ptr krb5_free_context; - krb5_free_principal_ptr krb5_free_principal; - krb5_cc_destroy_ptr krb5_cc_destroy; -} MitDispatch = {0}; - -/* - * This global variable is exported by gssapi32.dll. - */ - -gss_OID gss_nt_service_name; - -/* - * Try loads MIT Kerberos for Windows libraries. This function - * must be called before use Kerberos functions. - * - * RETURNS: 0 if OK. - */ - -int InitMitKerberos() -{ - int exitCode = -1; - - void *serviceNamePtr = NULL; - - - /* - * Load functions from gssapi32.dll. - */ - - debug("Loading gssapi32.dll..."); - - FAIL((Gssapi32 = LoadLibrary("gssapi32.dll")) == NULL); - - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_indicate_mechs)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_release_buffer)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_display_status)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_delete_sec_context)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_release_name)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_release_cred)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_init_sec_context)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_import_name)) == NULL); - FAIL((GET_MIT_FUNCTION(Gssapi32, gss_get_mic)) == NULL); - - /* - * This is global variable exported by gssapi32.dll. - * Note, that we reveive POINTER not VALUE, so we need to - * do memcpy in this case. - */ - - serviceNamePtr = GetProcAddress(Gssapi32, "gss_nt_service_name"); - - FAIL(serviceNamePtr == NULL); - - memcpy(&gss_nt_service_name, serviceNamePtr, sizeof(gss_OID)); - - /* - * Load functions from krb5_32.dll. - */ - - debug("Loading krb5_32.dll..."); - - FAIL((Krb5_32 = (HMODULE) LoadLibrary("krb5_32.dll")) == NULL); - - FAIL((GET_MIT_FUNCTION(Krb5_32, krb5_free_context)) == NULL); - FAIL((GET_MIT_FUNCTION(Krb5_32, krb5_free_principal)) == NULL); - FAIL((GET_MIT_FUNCTION(Krb5_32, krb5_cc_destroy)) == NULL); - - /* - * Error handler. - */ - - exitCode = 0; - - fail: - - if (exitCode) - { - UninitMitKerberos(); - - error("Cannot load MIT KfW libraries. Error code is: %u.\n" - "Please ensure that path to these libraries is properly " - "set in your PATH variable.\n", GetLastError()); - } - - return exitCode; -} - -/* - * Free MIT KfW libraries if loaded before. - */ - -void UninitMitKerberos() -{ - FreeLibrary(Krb5_32); - FreeLibrary(Comerr32); - FreeLibrary(Gssapi32); -} - -/* - * Fake GSSAPI functions. We pass control to runtime loaded - * KfW libs here. - */ - -#ifdef __MINGW32__ -KFW_CALL gss_indicate_mechs(OM_uint32 *a, gss_OID_set *b) -#else -OM_uint32 KRB5_CALLCONV gss_indicate_mechs(OM_uint32 *a, gss_OID_set *b) -#endif -{ - return MitDispatch.gss_indicate_mechs(a, b); -} -#ifdef __MINGW32__ -KFW_CALL gss_release_buffer(OM_uint32 *a, gss_buffer_t b) -#else -OM_uint32 KRB5_CALLCONV gss_release_buffer(OM_uint32 *a, gss_buffer_t b) -#endif -{ - return MitDispatch.gss_release_buffer(a, b); -} -#ifdef __MINGW32__ -KFW_CALL gss_display_status(OM_uint32 *a, OM_uint32 b, int c, gss_OID d, - OM_uint32 *e, gss_buffer_t f) -#else -OM_uint32 KRB5_CALLCONV gss_display_status(OM_uint32 *a, OM_uint32 b, int c, gss_OID d, - OM_uint32 *e, gss_buffer_t f) -#endif -{ - return MitDispatch.gss_display_status(a, b, c, d, e, f); -} -#ifdef __MINGW32__ -KFW_CALL gss_delete_sec_context(OM_uint32 *a, gss_ctx_id_t *b, gss_buffer_t c) -#else -OM_uint32 KRB5_CALLCONV gss_delete_sec_context(OM_uint32 *a, gss_ctx_id_t *b, gss_buffer_t c) -#endif -{ - return MitDispatch.gss_delete_sec_context(a, b, c); -} -#ifdef __MINGW32__ -KFW_CALL gss_release_name(OM_uint32 *a, gss_name_t *b) -#else -OM_uint32 KRB5_CALLCONV gss_release_name(OM_uint32 *a, gss_name_t *b) -#endif -{ - return MitDispatch.gss_release_name(a, b); -} -#ifdef __MINGW32__ -KFW_CALL gss_release_cred(OM_uint32 *a, gss_cred_id_t *b) -#else -OM_uint32 KRB5_CALLCONV gss_release_cred(OM_uint32 *a, gss_cred_id_t *b) -#endif -{ - return MitDispatch.gss_release_cred(a, b); -} -#ifdef __MINGW32__ -KFW_CALL gss_init_sec_context(OM_uint32 *a, gss_cred_id_t b, - gss_ctx_id_t *c, gss_name_t d, - gss_OID e, OM_uint32 f, - OM_uint32 g, gss_channel_bindings_t h, - gss_buffer_t i, gss_OID * j, - gss_buffer_t k, OM_uint32 *l, - OM_uint32 *m) -#else -OM_uint32 KRB5_CALLCONV gss_init_sec_context(OM_uint32 *a, gss_cred_id_t b, - gss_ctx_id_t *c, gss_name_t d, - gss_OID e, OM_uint32 f, - OM_uint32 g, gss_channel_bindings_t h, - gss_buffer_t i, gss_OID * j, - gss_buffer_t k, OM_uint32 *l, - OM_uint32 *m) -#endif -{ - return MitDispatch.gss_init_sec_context(a, b, c, d, e, f, g, h, i, j, k, l, m); -} -#ifdef __MINGW32__ -KFW_CALL gss_import_name(OM_uint32 *a, gss_buffer_t b, gss_OID c, gss_name_t *d) -#else -OM_uint32 KRB5_CALLCONV gss_import_name(OM_uint32 *a, gss_buffer_t b, gss_OID c, gss_name_t *d) -#endif -{ - return MitDispatch.gss_import_name(a, b, c, d); -} -#ifdef __MINGW32__ -KFW_CALL gss_get_mic(OM_uint32 *a, gss_ctx_id_t b, gss_qop_t c, - gss_buffer_t d, gss_buffer_t e) -#else -OM_uint32 KRB5_CALLCONV gss_get_mic(OM_uint32 *a, gss_ctx_id_t b, gss_qop_t c, - gss_buffer_t d, gss_buffer_t e) -#endif -{ - return MitDispatch.gss_get_mic(a, b, c, d, e); -} - -/* - * Fake KRB5 functions. We pass control to runtime loaded - * KfW libs here. - */ - -void KRB5_CALLCONV krb5_free_context(krb5_context a) -{ - MitDispatch.krb5_free_context(a); -} - -void KRB5_CALLCONV krb5_free_principal(krb5_context a, krb5_principal b) -{ - MitDispatch.krb5_free_principal(a, b); -} - -krb5_error_code KRB5_CALLCONV krb5_cc_destroy(krb5_context a, krb5_ccache b) -{ - return MitDispatch.krb5_cc_destroy(a, b); -} diff --git a/contrib/win32/win32compat/kerberos.h b/contrib/win32/win32compat/kerberos.h deleted file mode 100644 index da5889e..0000000 --- a/contrib/win32/win32compat/kerberos.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef Kerberos_H -#define Kerberos_H - -#include "Debug.h" - -#include -#include -#include - -int InitMitKerberos(); -void UninitMitKerberos(); - -/* - * Helper macros for load functions from KfW DLLs and - * put it to MitDispatch table, where we store KfW API functions. - */ - -#define GET_SYM(MODULE, F) (F ## _ptr) GetProcAddress(MODULE, #F) -#define GET_MIT_FUNCTION(MODULE, F) MitDispatch.F = GET_SYM(MODULE, F) - -/* - * Function prototypes for MIT KfW libs. We need it - * for load libs at runtime. Note, we add only functions - * needed by ssh client here. - */ - -#ifdef __MINGW32__ -#define KFW_CALL OM_uint32 KRB5_CALLCONV - -typedef KFW_CALL (*gss_indicate_mechs_ptr)(OM_uint32 *, gss_OID_set *); -typedef KFW_CALL (*gss_release_buffer_ptr)(OM_uint32 *, gss_buffer_t); - -typedef KFW_CALL (*gss_display_status_ptr)(OM_uint32 *, OM_uint32, int, - gss_OID, OM_uint32 *, gss_buffer_t); - -typedef KFW_CALL (*gss_delete_sec_context_ptr)(OM_uint32 *, gss_ctx_id_t *, - gss_buffer_t); - -typedef KFW_CALL (*gss_release_name_ptr)(OM_uint32 *, gss_name_t *); -typedef KFW_CALL (*gss_release_cred_ptr)(OM_uint32 *, gss_cred_id_t *); - -typedef KFW_CALL (*gss_init_sec_context_ptr)(OM_uint32 *, gss_cred_id_t, - gss_ctx_id_t *, gss_name_t, - gss_OID, OM_uint32, OM_uint32, - gss_channel_bindings_t, - gss_buffer_t, gss_OID *, - gss_buffer_t, OM_uint32 *, - OM_uint32 *); - -typedef KFW_CALL (*gss_import_name_ptr)(OM_uint32 *, gss_buffer_t, - gss_OID, gss_name_t *); - -typedef OM_uint32 KRB5_CALLCONV (*gss_get_mic_ptr)(OM_uint32 *, gss_ctx_id_t, - gss_qop_t, gss_buffer_t, - gss_buffer_t); - -typedef void KRB5_CALLCONV (*krb5_free_context_ptr)(krb5_context); - -typedef void KRB5_CALLCONV (*krb5_free_principal_ptr)(krb5_context, - krb5_principal); - -typedef krb5_error_code KRB5_CALLCONV (*krb5_cc_destroy_ptr)(krb5_context, - krb5_ccache); - -#else - -typedef OM_uint32 _stdcall KFW_CALL; - -typedef OM_uint32(KRB5_CALLCONV *gss_indicate_mechs_ptr)(OM_uint32 *, gss_OID_set *); -typedef OM_uint32(KRB5_CALLCONV *gss_release_buffer_ptr)(OM_uint32 *, gss_buffer_t); - -typedef OM_uint32(KRB5_CALLCONV *gss_display_status_ptr)(OM_uint32 *, OM_uint32, int, - gss_OID, OM_uint32 *, gss_buffer_t); - -typedef OM_uint32(KRB5_CALLCONV *gss_delete_sec_context_ptr)(OM_uint32 *, gss_ctx_id_t *, - gss_buffer_t); - -typedef OM_uint32(KRB5_CALLCONV *gss_release_name_ptr)(OM_uint32 *, gss_name_t *); -typedef OM_uint32(KRB5_CALLCONV *gss_release_cred_ptr)(OM_uint32 *, gss_cred_id_t *); - -typedef OM_uint32(KRB5_CALLCONV *gss_init_sec_context_ptr)(OM_uint32 *, gss_cred_id_t, - gss_ctx_id_t *, gss_name_t, - gss_OID, OM_uint32, OM_uint32, - gss_channel_bindings_t, - gss_buffer_t, gss_OID *, - gss_buffer_t, OM_uint32 *, - OM_uint32 *); - -typedef OM_uint32(KRB5_CALLCONV *gss_import_name_ptr)(OM_uint32 *, gss_buffer_t, - gss_OID, gss_name_t *); - -typedef OM_uint32(KRB5_CALLCONV *gss_get_mic_ptr)(OM_uint32 *, gss_ctx_id_t, - gss_qop_t, gss_buffer_t, - gss_buffer_t); - -typedef void (KRB5_CALLCONV *krb5_free_context_ptr)(krb5_context); - -typedef void (KRB5_CALLCONV *krb5_free_principal_ptr)(krb5_context, - krb5_principal); - -typedef krb5_error_code(KRB5_CALLCONV *krb5_cc_destroy_ptr)(krb5_context, - krb5_ccache); -#endif - -#endif diff --git a/contrib/win32/win32compat/misc.c b/contrib/win32/win32compat/misc.c index 566547d..f2969d6 100644 --- a/contrib/win32/win32compat/misc.c +++ b/contrib/win32/win32compat/misc.c @@ -200,8 +200,33 @@ char* w32_programdir() { } -int daemon(int nochdir, int noclose) +int +daemon(int nochdir, int noclose) { FreeConsole(); return 0; +} + +int w32_ioctl(int d, int request, ...) { + va_list valist; + va_start(valist, request); + + switch (request){ + case TIOCGWINSZ: { + struct winsize* wsize = va_arg(valist, struct winsize*); + CONSOLE_SCREEN_BUFFER_INFO c_info; + if (wsize == NULL || !GetConsoleScreenBufferInfo(GetStdHandle(STD_OUTPUT_HANDLE), &c_info)) { + errno = EINVAL; + return -1; + } + wsize->ws_col = c_info.dwSize.X - 5; + wsize->ws_row = c_info.dwSize.Y; + wsize->ws_xpixel = 640; + wsize->ws_ypixel = 480; + return 0; + } + default: + errno = ENOTSUP; + return -1; + } } \ No newline at end of file diff --git a/contrib/win32/win32compat/sfds.c b/contrib/win32/win32compat/sfds.c deleted file mode 100644 index 9d762ab..0000000 --- a/contrib/win32/win32compat/sfds.c +++ /dev/null @@ -1,459 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2012 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include "sfds.h" -#ifndef __MINGW32__ -#include -#endif - -extern void debug(const char *fmt,...); -extern void debug2(const char *fmt,...); -extern void debug3(const char *fmt,...); -extern void error(const char *fmt,...); -extern void fatal(const char *fmt,...); - -/* - * structure to store real file descriptor and type for sfd - */ - -static struct -{ - int fd; - HANDLE handle; - sfd_type type; -} sfd_map[SFD_MAP_SIZE]; - -static int sfd_map_init = 0; -static int sfd_count = 0; -int sfd_start = 0; - -#ifndef __MINGW32__ -void myInvalidParameterHandler(const wchar_t* expression, - const wchar_t* function, - const wchar_t* file, - unsigned int line, - uintptr_t pReserved) -{ - return; -} -#endif - - -/* - * store real fd in map, detect fd type and return sfd number. - */ - -int allocate_sfd(int fd_or_handle) -{ - int slot = SFD_FD_INVALID; - int i; - int real_fd; - - HANDLE real_handle; - - DWORD handle_type; - - /* - * Init the map once - */ - - if (!sfd_map_init) - { - sfd_map_init = 1; - - for (i = 0; i < SFD_MAP_SIZE; ++i) - { - sfd_map[i].fd = SFD_FD_INVALID; - sfd_map[i].type = SFD_TYPE_NONE; - } - } - - /* - * Find an open slot - */ - - for (i = sfd_start; i < SFD_MAP_SIZE; ++i) - { - /* - * Is this slot open? - */ - - if (sfd_map[i].fd == SFD_FD_INVALID) - { - slot = i; - - break; - } - } - - /* - * Bail if no slot found - */ - - if (slot == SFD_FD_INVALID) - { - error("ERROR: Too many connections."); - - return -1; - } - -#if 0 - /* - * Detect and save real fd and real handle - */ - int optVal; - int optLen = sizeof(int); - BOOL bIsSocket = TRUE; - HRESULT hr = S_OK; - int ret = getsockopt(fd_or_handle, - SOL_SOCKET, - SO_DEBUG, - (char*)&optVal, - &optLen); - - if (ret == SOCKET_ERROR && WSAGetLastError() == WSAENOTSOCK) - { - bIsSocket = FALSE; - } - - // if (!bIsSocket && fd_or_handle > 600) - // bIsSocket = TRUE; - - if (bIsSocket == TRUE) - real_handle = (HANDLE)fd_or_handle; - else -#endif - -#ifndef __MINGW32__ - _invalid_parameter_handler oldHandler, newHandler; - newHandler = myInvalidParameterHandler; - oldHandler = _set_invalid_parameter_handler(newHandler); - int iPrev = _CrtSetReportMode(_CRT_ASSERT, 0); -#endif - - - real_handle = (HANDLE)_get_osfhandle(fd_or_handle); -#ifndef __MINGW32__ - _set_invalid_parameter_handler(oldHandler); - _CrtSetReportMode(_CRT_ASSERT, iPrev); -#endif - - if (real_handle == INVALID_HANDLE_VALUE) - { - /* - * fd_or_handle was a handle, we can try to create a fd for it - */ - - real_handle = (HANDLE) fd_or_handle; - - real_fd = _open_osfhandle((long) real_handle, 0); - } - else - { - /* - * fd_or_handle was a fd - */ - - real_fd = fd_or_handle; - } - - debug3("_get_osfhandle() for real_fd [%d] returned [%d]", real_fd, real_handle); - - /* - * Detect and save type - */ - - handle_type = GetFileType(real_handle); - - debug3("GetFileType() for handle [%d] returned [%d]", real_handle, handle_type); - - switch (handle_type) - { - case FILE_TYPE_CHAR: - { - sfd_map[slot].type = SFD_TYPE_CONSOLE; - - break; - } - - case FILE_TYPE_PIPE: - { - int optVal = 0; - int optLen = sizeof(optVal); - - if (getsockopt((SOCKET) real_handle, SOL_SOCKET, - SO_ACCEPTCONN, (char *) &optVal, &optLen)) - { - sfd_map[slot].type = SFD_TYPE_PIPE; - } - else - { - sfd_map[slot].type = SFD_TYPE_SOCKET; - } - - break; - } - - case FILE_TYPE_DISK: - { - sfd_map[slot].type = SFD_TYPE_FD; - - break; - } - - case FILE_TYPE_UNKNOWN: - { - error("unknown type for handle [%d]", real_handle); - - return SFD_FD_INVALID; - - break; - } - - default: - { - error("cannot detect a type for handle [%d]", real_handle); - - return SFD_FD_INVALID; - - break; - } - } - - /* - * Save the fd and handle - */ - - sfd_map[slot].fd = (int) real_fd; - - sfd_map[slot].handle = (HANDLE) real_handle; - - debug("allocating new sfd, sfd [%i] fd [%i] handle [%d] type [%i]", - slot, real_fd, real_handle, sfd_map[slot].type); - - sfd_count++; - - /* - * Return the slot as the sfd - */ - - return (slot); -} - -/* - * For a real fd, get our sfd - */ - -int fd_to_sfd(int real_fd) -{ - int i; - int sfds; - - /* - * Walk the list. - */ - - for (i = 0, sfds = 0; i < SFD_MAP_SIZE && sfds < sfd_count; i++) - { - /* - * Increment the count of sfds that we have encountered in our walk, - */ - - if (sfd_map[i].fd != SFD_FD_INVALID) - { - sfds++; - } - - if (sfd_map[i].fd == real_fd) - { - return i; - } - } - - fatal("cannot convert fd to sfd"); - - return SFD_FD_INVALID; -} - -/* - * For an sfd, get the real descriptor behind it. - */ - -int sfd_to_fd(int sfd) -{ - return sfd_map[sfd].fd; -} - -// set the sfd type to console. GetFileType() in Windows seem to return wrong type for a console returning PIPE (3) in place of CHARTYPE (2) -void sfd_set_to_console(int sfd) -{ - sfd_map[sfd].type = SFD_TYPE_CONSOLE; -} - -/* - * For an sfd, get the real handle behind it - */ - -HANDLE sfd_to_handle(int sfd) -{ - return sfd_map[sfd].handle; -} - -void sfd_replace(int sfd, HANDLE handle, int type) -{ - //_close(sfd_map[sfd].handle); - - sfd_map[sfd].handle = handle; - sfd_map[sfd].type = type; -} - -/* - * For an sfd, get the type - */ - -int get_sfd_type(int sfd) -{ - if(sfd < sizeof(sfd_map) / sizeof(sfd_map[0])) - { - return sfd_map[sfd].type; - } - else - { - return -1; - } -} - -/* - * Free an sfd from the map. - */ - -void free_sfd(int sfd) -{ - if (sfd_map[sfd].type != SFD_TYPE_NONE - && sfd < sizeof(sfd_map) / sizeof(sfd_map[0])) - { - /* - * Blank the slot - */ - - sfd_map[sfd].fd = SFD_FD_INVALID; - sfd_map[sfd].handle = (HANDLE) SFD_HANDLE_INVALID; - sfd_map[sfd].type = SFD_TYPE_NONE; - sfd_count--; - } -} - -/* - * Check if sfd is file. - */ - -int -sfd_is_fd(int sfd) -{ - if (sfd_map[sfd].type == SFD_TYPE_FD) - { - return 1; - } - - return 0; -} - -/* - * Check if sfd is socket. - */ - -int sfd_is_socket(int sfd) -{ - if (sfd_map[sfd].type == SFD_TYPE_SOCKET) - { - return 1; - } - - return 0; -} - -/* - * Check if sfd is pipe. - */ - -int sfd_is_pipe(int sfd) -{ - if (sfd_map[sfd].type == SFD_TYPE_PIPE) - { - return 1; - } - - return 0; -} - -/* - * Check if sfd is console. - */ - -int sfd_is_console(int sfd) -{ - if (sfd_map[sfd].type == SFD_TYPE_CONSOLE) - { - return 1; - } - - return 0; -} - -/* - * Check if sfd is file or console. - */ - -int sfd_is_fd_or_console(int sfd) -{ - if (sfd_is_fd(sfd) || sfd_is_console(sfd)) - { - return 1; - } - - return 0; -} - -/* - * Check if sfd is socket or pipe. - */ - -int sfd_is_socket_or_pipe(int sfd) -{ - if (sfd_is_socket(sfd) || sfd_is_pipe(sfd)) - { - return 1; - } - - return 0; -} diff --git a/contrib/win32/win32compat/sfds.h b/contrib/win32/win32compat/sfds.h deleted file mode 100644 index 88f633a..0000000 --- a/contrib/win32/win32compat/sfds.h +++ /dev/null @@ -1,72 +0,0 @@ -#ifndef _SFDS_H_ -#define _SFDS_H_ 1 - -/* Types */ - -typedef int sfd_type; - -#define SFD_TYPE_NONE 0 -#define SFD_TYPE_FD 1 -#define SFD_TYPE_SOCKET 2 -#define SFD_TYPE_PIPE 3 -#define SFD_TYPE_CONSOLE 4 - -#define SFD_MAP_SIZE 256 -#define SFD_FD_INVALID -1 -#define SFD_HANDLE_INVALID -1 - -/* - * Struct for compatibility with AF_UNIX socket. - * Bind() and connect() should receive pointer to this struct. - */ - -#define UNIX_PATH_LEN 108 - -typedef unsigned short uint16_t; -typedef uint16_t sa_family_t; - -struct sockaddr_un -{ - sa_family_t sun_family; /* address family AF_LOCAL/AF_UNIX */ - char sun_path[UNIX_PATH_LEN]; /* 108 bytes of socket address */ -}; - -/* For a real fd or SOCKET, allocate an sfd */ -int allocate_sfd(int fd_or_handle); - -/* Free an sfd from the map */ -void free_sfd(int sfd); - -/* For a real fd or SOCKET, get our sfd */ -int fd_to_sfd(int fd_or_socket); - -/* For an sfd, get the real fd behind it */ -int sfd_to_fd(int sfd); - -/* For an sfd, get the real handle behind it */ -HANDLE sfd_to_handle(int sfd); - -/* For an sfd, get the type */ -int get_sfd_type(int sfd); - -/* Check if sfd is file */ -int sfd_is_fd(int sfd); - -/* Check if sfd is socket */ -int sfd_is_socket(int sfd); - -/* Check if sfd is pipe */ -int sfd_is_pipe(int sfd); - -/* Check if sfd is console */ -int sfd_is_console(int sfd); - -/* Check if sfd is file or console */ -int sfd_is_fd_or_console(int sfd); - -/* Check if sfd is socket or pipe */ -int sfd_is_socket_or_pipe(int sfd); - -void sfd_replace_handle(int sfd, HANDLE handle); - -#endif diff --git a/contrib/win32/win32compat/shell-host.c b/contrib/win32/win32compat/shell-host.c index bede43b..dfd0529 100644 --- a/contrib/win32/win32compat/shell-host.c +++ b/contrib/win32/win32compat/shell-host.c @@ -38,7 +38,7 @@ #define MAX_CONSOLE_COLUMNS 9999 #define MAX_CONSOLE_ROWS 9999 -#define MAX_CMD_LEN 512 +#define MAX_CMD_LEN 8191 // msdn #define WM_APPEXIT WM_USER+1 #define MAX_EXPECTED_BUFFER_SIZE 1024 @@ -83,6 +83,43 @@ typedef struct consoleEvent { void* next; } consoleEvent; +struct key_translation +{ + char incoming[5]; + int vk; + char outgoing[1]; +} key_translation; + +struct key_translation keys[] = { + { "\x1b", VK_ESCAPE, "\x1b" }, + { "\r", VK_RETURN, "\r" }, + { "\b", VK_BACK, "\b" }, + { "\x7f", VK_BACK, "\x7f" }, + { "\t", VK_TAB, "\t" }, + { "\x1b[A", VK_UP, 0 }, + { "\x1b[B", VK_DOWN, 0 }, + { "\x1b[C", VK_RIGHT, 0 }, + { "\x1b[D", VK_LEFT, 0 }, + { "\x1b[1~", VK_HOME, 0 }, + { "\x1b[2~", VK_INSERT, 0 }, + { "\x1b[3~", VK_DELETE, 0 }, + { "\x1b[4~", VK_END, 0 }, + { "\x1b[5~", VK_PRIOR, 0 }, + { "\x1b[6~", VK_NEXT, 0 }, + { "\x1b[11~", VK_F1, 0 }, + { "\x1b[12~", VK_F2, 0 }, + { "\x1b[13~", VK_F3, 0 }, + { "\x1b[14~", VK_F4, 0 }, + { "\x1b[15~", VK_F5, 0 }, + { "\x1b[17~", VK_F6, 0 }, + { "\x1b[18~", VK_F7, 0 }, + { "\x1b[19~", VK_F8, 0 }, + { "\x1b[20~", VK_F9, 0 }, + { "\x1b[21~", VK_F10, 0 }, + { "\x1b[23~", VK_F11, 0 }, + { "\x1b[24~", VK_F12, 0 } +}; + consoleEvent* head = NULL; consoleEvent* tail = NULL; @@ -165,6 +202,24 @@ void SendKeyStroke(HANDLE hInput, int keyStroke, char character) WriteConsoleInputA(hInput, &ir, 1, &wr); } +void ProcessIncomingKeys(char * ansikey) { + int nKey = 0; + int index = ARRAYSIZE(keys); + + while (nKey < index) { + if (strcmp(ansikey, keys[nKey].incoming) == 0) { + SendKeyStroke(child_in, keys[nKey].vk, keys[nKey].outgoing[0]); + break; + } + else + nKey++; + } + + if (nKey == index) { + SendKeyStroke(child_in, 0, ansikey[0]); + } +} + // VT output routines void SendLF(HANDLE hInput) { DWORD wr = 0; @@ -825,6 +880,8 @@ DWORD WINAPI ProcessPipes(LPVOID p) { /* process data from pipe_in and route appropriately */ while (1) { char buf[128]; + ZeroMemory(buf, 128); + DWORD rd = 0, wr = 0, i = -1; GOTO_CLEANUP_ON_FALSE(ReadFile(pipe_in, buf, 128, &rd, NULL)); @@ -835,10 +892,10 @@ DWORD WINAPI ProcessPipes(LPVOID p) { INPUT_RECORD ir; - if (buf[i] == 3) {/*Ctrl+C - Raise Ctrl+C*/ - GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0); - continue; - } + if (buf[i] == 3) {/*Ctrl+C - Raise Ctrl+C*/ + GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0); + continue; + } if (bAnsi) { ir.EventType = KEY_EVENT; @@ -853,123 +910,10 @@ DWORD WINAPI ProcessPipes(LPVOID p) { ir.Event.KeyEvent.bKeyDown = FALSE; WriteConsoleInputA(child_in, &ir, 1, &wr); } - else - { - if (buf[i] == '\r') - { - SendKeyStroke(child_in, VK_RETURN, buf[0]); - } - else if (buf[i] == '\b' || buf[i] == 127) - { - buf[0] = 8; - SendKeyStroke(child_in, VK_BACK, buf[0]); - } - else if (buf[i] == '\t') - { - SendKeyStroke(child_in, VK_TAB, buf[0]); - } - else if (buf[i] == '\x1b') - { - switch (rd) { - case 1: - SendKeyStroke(child_in, VK_ESCAPE, buf[0]); - break; - case 3: - switch (buf[i + 1]) - { - case '[': - switch (buf[i + 2]) - { - case 'A': - SendKeyStroke(child_in, VK_UP, 0); - i = i + 2; - break; - case 'B': - SendKeyStroke(child_in, VK_DOWN, 0); - i = i + 2; - break; - case 'C': - SendKeyStroke(child_in, VK_RIGHT, 0); - i = i + 2; - break; - case 'D': - SendKeyStroke(child_in, VK_LEFT, 0); - i = i + 2; - break; - default: - break; - } - default: - break; - } - break; - case 4: - switch (buf[i + 1]) { - case '[': - { - switch (buf[i + 2]) { - case '2': - switch (buf[i + 3]) { - case '~': - { - SendKeyStroke(child_in, VK_INSERT, 0); - i = i + 3; - break; - } - default: - break; - } - break; - case '3': - switch (buf[i + 3]) { - case '~': - { - SendKeyStroke(child_in, VK_DELETE, 0); - i = i + 3; - break; - } - default: - break; - } - break; - default: - break; - } - } - default: - break; - } - default: - ir.EventType = KEY_EVENT; - ir.Event.KeyEvent.bKeyDown = TRUE; - ir.Event.KeyEvent.wRepeatCount = 1; - ir.Event.KeyEvent.wVirtualKeyCode = 0; - ir.Event.KeyEvent.wVirtualScanCode = 0; - ir.Event.KeyEvent.uChar.AsciiChar = buf[i]; - ir.Event.KeyEvent.dwControlKeyState = 0; - WriteConsoleInputA(child_in, &ir, 1, &wr); - - ir.Event.KeyEvent.bKeyDown = FALSE; - WriteConsoleInputA(child_in, &ir, 1, &wr); - - break; - } - } - else { - ir.EventType = KEY_EVENT; - ir.Event.KeyEvent.bKeyDown = TRUE; - ir.Event.KeyEvent.wRepeatCount = 1; - ir.Event.KeyEvent.wVirtualKeyCode = 0; - ir.Event.KeyEvent.wVirtualScanCode = 0; - ir.Event.KeyEvent.uChar.AsciiChar = buf[i]; - ir.Event.KeyEvent.dwControlKeyState = 0; - WriteConsoleInputA(child_in, &ir, 1, &wr); - - ir.Event.KeyEvent.bKeyDown = FALSE; - WriteConsoleInputA(child_in, &ir, 1, &wr); - } + else { + ProcessIncomingKeys(buf); + break; } - } } @@ -1060,7 +1004,7 @@ cleanup: int start_with_pty(int ac, wchar_t **av) { STARTUPINFO si; PROCESS_INFORMATION pi; - wchar_t cmd[MAX_PATH]; + wchar_t cmd[MAX_CMD_LEN]; SECURITY_ATTRIBUTES sa; BOOL ret; DWORD dwThreadId; @@ -1069,14 +1013,14 @@ int start_with_pty(int ac, wchar_t **av) { HANDLE hEventHook = NULL; HMODULE hm_kernel32 = NULL, hm_user32 = NULL; - if ((hm_kernel32 = LoadLibraryW(L"kernel32.dll")) == NULL || - (hm_user32 = LoadLibraryW(L"user32.dll")) == NULL || - (__SetCurrentConsoleFontEx = (__t_SetCurrentConsoleFontEx)GetProcAddress(hm_kernel32, "SetCurrentConsoleFontEx")) == NULL || - (__UnhookWinEvent = (__t_UnhookWinEvent)GetProcAddress(hm_user32, "UnhookWinEvent")) == NULL || - (__SetWinEventHook = (__t_SetWinEventHook)GetProcAddress(hm_user32, "SetWinEventHook")) == NULL) { - printf("cannot support a pseudo terminal. \n"); - return -1; - } + if ((hm_kernel32 = LoadLibraryW(L"kernel32.dll")) == NULL || + (hm_user32 = LoadLibraryW(L"user32.dll")) == NULL || + (__SetCurrentConsoleFontEx = (__t_SetCurrentConsoleFontEx)GetProcAddress(hm_kernel32, "SetCurrentConsoleFontEx")) == NULL || + (__UnhookWinEvent = (__t_UnhookWinEvent)GetProcAddress(hm_user32, "UnhookWinEvent")) == NULL || + (__SetWinEventHook = (__t_SetWinEventHook)GetProcAddress(hm_user32, "SetWinEventHook")) == NULL) { + printf("cannot support a pseudo terminal. \n"); + return -1; + } pipe_in = GetStdHandle(STD_INPUT_HANDLE); pipe_out = GetStdHandle(STD_OUTPUT_HANDLE); @@ -1090,6 +1034,10 @@ int start_with_pty(int ac, wchar_t **av) { cp = GetConsoleCP(); + /* Windows PTY sends cursor positions in absolute coordinates starting from <0,0> + * We send a clear screen upfront to simplify client */ + SendClearScreen(pipe_out); + ZeroMemory(&inputSi, sizeof(STARTUPINFO)); GetStartupInfo(&inputSi); @@ -1198,7 +1146,7 @@ DWORD WINAPI MonitorChild_nopty( int start_withno_pty(int ac, wchar_t **av) { STARTUPINFO si; PROCESS_INFORMATION pi; - wchar_t cmd[MAX_PATH]; + wchar_t cmd[MAX_CMD_LEN]; SECURITY_ATTRIBUTES sa; BOOL ret; diff --git a/contrib/win32/win32compat/signal.c b/contrib/win32/win32compat/signal.c index 8c112ca..8a74da9 100644 --- a/contrib/win32/win32compat/signal.c +++ b/contrib/win32/win32compat/signal.c @@ -63,7 +63,7 @@ sigtstp_APCProc( sigaddset(&pending_signals, W32_SIGTSTP); } -static BOOL WINAPI +BOOL WINAPI native_sig_handler(DWORD dwCtrlType) { debug("Native Ctrl+C handler, CtrlType %d", dwCtrlType); diff --git a/contrib/win32/win32compat/ssh-agent/authagent-request.c b/contrib/win32/win32compat/ssh-agent/authagent-request.c index 441af12..1cd8d19 100644 --- a/contrib/win32/win32compat/ssh-agent/authagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/authagent-request.c @@ -204,7 +204,7 @@ generate_user_token(wchar_t* user) { debug("LsaLogonUser failed %d", ret); goto done; } - + debug3("LsaLogonUser succeeded"); done: if (lsa_handle) LsaDeregisterLogonProcess(lsa_handle); diff --git a/contrib/win32/win32compat/ssh-agent/keyagent-request.c b/contrib/win32/win32compat/ssh-agent/keyagent-request.c index 6a34e13..08225ac 100644 --- a/contrib/win32/win32compat/ssh-agent/keyagent-request.c +++ b/contrib/win32/win32compat/ssh-agent/keyagent-request.c @@ -196,7 +196,7 @@ static int sign_blob(const struct sshkey *pubkey, u_char ** sig, size_t *siglen, goto done; if (sshkey_private_deserialize(tmpbuf, &prikey) != 0 || - sshkey_sign(prikey, sig, siglen, blob, blen, 0) != 0) { + sshkey_sign(prikey, sig, siglen, blob, blen, NULL, 0) != 0) { debug("cannot sign using retrieved key"); goto done; } diff --git a/contrib/win32/win32compat/termio.c b/contrib/win32/win32compat/termio.c index 1008caf..1dab39f 100644 --- a/contrib/win32/win32compat/termio.c +++ b/contrib/win32/win32compat/termio.c @@ -123,12 +123,29 @@ static DWORD WINAPI WriteThread( _In_ LPVOID lpParameter ) { struct w32_io* pio = (struct w32_io*)lpParameter; + char *respbuf = NULL; + size_t resplen = 0; + DWORD dwSavedAttributes = ENABLE_PROCESSED_INPUT; debug3("TermWrite thread, io:%p", pio); - if (!WriteFile(WINHANDLE(pio), pio->write_details.buf, write_status.to_transfer, - &write_status.transferred, NULL)) { - write_status.error = GetLastError(); - debug("TermWrite thread - WriteFile failed %d, io:%p", GetLastError(), pio); - } + + /* decide to call parsing engine or directly write to console + * doing the following trick to decide - + * if console in handle is set to process Ctrl+C, then it is likely + * serving a PTY enabled session + */ + GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &dwSavedAttributes); + if (dwSavedAttributes & ENABLE_PROCESSED_INPUT) { + if (!WriteFile(WINHANDLE(pio), pio->write_details.buf, write_status.to_transfer, + &write_status.transferred, NULL)) { + write_status.error = GetLastError(); + debug("TermWrite thread - WriteFile failed %d, io:%p", GetLastError(), pio); + } + } else { + + telProcessNetwork(pio->write_details.buf, write_status.to_transfer, &respbuf, &resplen); + /*TODO - respbuf is not null in some cases, this needs to be returned back via read stream*/ + write_status.transferred = write_status.to_transfer; + } if (0 == QueueUserAPC(WriteAPCProc, main_thread, (ULONG_PTR)pio)) { debug("TermWrite thread - ERROR QueueUserAPC failed %d, io:%p", GetLastError(), pio); diff --git a/contrib/win32/win32compat/tncon.c b/contrib/win32/win32compat/tncon.c index c06fc4d..7df7eb2 100644 --- a/contrib/win32/win32compat/tncon.c +++ b/contrib/win32/win32compat/tncon.c @@ -58,7 +58,24 @@ extern int ScreenX; extern int ScrollTop; extern int ScrollBottom; -TelParams Parameters; +/* terminal global switches*/ +TelParams Parameters = { + 0, // int fLogging; + NULL, //FILE *fplogfile; + NULL, //char *pInputFile; + NULL, // char *szDebugInputFile; + FALSE, //BOOL fDebugWait; + 0, //int timeOut; + 0, //int fLocalEcho; + 0, //int fTreatLFasCRLF; + 0, //int fSendCROnly; + ENUM_LF, //int nReceiveCRLF; + '`', //char sleepChar; + '\035', //char menuChar; // CTRL-] + 0, //SOCKET Socket; + FALSE, //BOOL bVT100Mode; + "\x01", //char *pAltKey; +}; TelParams* pParams = &Parameters; // For our case, in NetWriteString2(), we do not use socket, but write the out going data to @@ -76,44 +93,16 @@ int NetWriteString2(SOCKET sock, char* source, size_t len, int options) return glob_outlen; } -void ConInputInitParams(void) -{ - DWORD dwMode = 0; - - memset(&Parameters, '\0', sizeof(TelParams)); - - // Default values - Parameters.szDebugInputFile = NULL; - Parameters.fDebugWait = FALSE; - Parameters.nReceiveCRLF = ENUM_LF; - Parameters.sleepChar = '`'; - Parameters.menuChar = '\035'; // CTRL-] - Parameters.pAltKey = "\x01"; // default - - HANDLE hInput = GetStdHandle(STD_INPUT_HANDLE); - - if (hInput && hInput != INVALID_HANDLE_VALUE) { - - GetConsoleMode(hInput, &dwMode); - SetConsoleMode(hInput, (dwMode & ~(ENABLE_LINE_INPUT | - ENABLE_ECHO_INPUT | ENABLE_PROCESSED_INPUT | ENABLE_MOUSE_INPUT)) | ENABLE_WINDOW_INPUT); - } -} - BOOL DataAvailable(HANDLE h) { - INPUT_RECORD irec; - DWORD events_read = 0; - - if (!PeekConsoleInput(h, &irec, 1, &events_read)) { - return FALSE; - } - - if (events_read) { + DWORD dwRet = WaitForSingleObject(h, INFINITE); + if(dwRet == WAIT_OBJECT_0) return TRUE; - } - return FALSE; + if(dwRet == WAIT_FAILED) + return FALSE; + + return FALSE; } void queue_terminal_window_change_event(); @@ -150,7 +139,7 @@ int ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) switch (InputRecord.EventType) { case WINDOW_BUFFER_SIZE_EVENT: - queue_terminal_window_change_event(); + queue_terminal_window_change_event(); break; case FOCUS_EVENT: @@ -207,13 +196,39 @@ int ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) case VK_LEFT: NetWriteString2(pParams->Socket, (char *)(gbVTAppMode ? APP_LEFT_ARROW : LEFT_ARROW), 3, 0); break; + case VK_END: + NetWriteString2(pParams->Socket, (char *)SELECT_KEY, 4, 0); + break; + case VK_HOME: + NetWriteString2(pParams->Socket, (char *)FIND_KEY, 4, 0); + break; + case VK_INSERT: + NetWriteString2(pParams->Socket, (char *)INSERT_KEY, 4, 0); + break; + case VK_DELETE: + NetWriteString2(pParams->Socket, (char *)REMOVE_KEY, 4, 0); + break; + case VK_BACK: + NetWriteString2(pParams->Socket, (char *)BACKSPACE_KEY, 1, 0); + break; + case VK_TAB: + if (dwControlKeyState == SHIFT_PRESSED) + NetWriteString2(pParams->Socket, (char *)SHIFT_TAB_KEY, 3, 0); + else + NetWriteString2(pParams->Socket, (char *)octets, n, 0); + break; + case VK_ESCAPE: + NetWriteString2(pParams->Socket, (char *)ESCAPE_KEY, 1, 0); + break; + case VK_SHIFT: + case VK_CONTROL: + case VK_CAPITAL: + // NOP on these + break; case VK_F1: if (dwControlKeyState == 0) { - if (pParams->bVT100Mode) - NetWriteString2(pParams->Socket, (char *)VT100_PF1_KEY, strlen(VT100_PF1_KEY), 0); - else - NetWriteString2(pParams->Socket, (char *)PF1_KEY, strlen(PF1_KEY), 0); + NetWriteString2(pParams->Socket, (char *)PF1_KEY, strlen(PF1_KEY), 0); } else if (dwControlKeyState == SHIFT_PRESSED) NetWriteString2(pParams->Socket, (char *)SHIFT_PF1_KEY, strlen(SHIFT_PF1_KEY), 0); @@ -246,10 +261,7 @@ int ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) case VK_F2: if (dwControlKeyState == 0) { - if (pParams->bVT100Mode) - NetWriteString2(pParams->Socket, (char *)VT100_PF2_KEY, strlen(VT100_PF2_KEY), 0); - else - NetWriteString2(pParams->Socket, (char *)PF2_KEY, strlen(PF2_KEY), 0); + NetWriteString2(pParams->Socket, (char *)PF2_KEY, strlen(PF2_KEY), 0); } else if (dwControlKeyState == SHIFT_PRESSED) NetWriteString2(pParams->Socket, (char *)SHIFT_PF2_KEY, strlen(SHIFT_PF2_KEY), 0); @@ -282,10 +294,7 @@ int ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) case VK_F3: if (dwControlKeyState == 0) { - if (pParams->bVT100Mode) - NetWriteString2(pParams->Socket, (char *)VT100_PF3_KEY, strlen(VT100_PF3_KEY), 0); - else - NetWriteString2(pParams->Socket, (char *)PF3_KEY, strlen(PF3_KEY), 0); + NetWriteString2(pParams->Socket, (char *)PF3_KEY, strlen(PF3_KEY), 0); } else if (dwControlKeyState == SHIFT_PRESSED) NetWriteString2(pParams->Socket, (char *)SHIFT_PF3_KEY, strlen(SHIFT_PF3_KEY), 0); @@ -318,10 +327,7 @@ int ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) case VK_F4: if (dwControlKeyState == 0) { - if (pParams->bVT100Mode) - NetWriteString2(pParams->Socket, (char *)VT100_PF4_KEY, strlen(VT100_PF4_KEY), 0); - else - NetWriteString2(pParams->Socket, (char *)PF4_KEY, strlen(PF4_KEY), 0); + NetWriteString2(pParams->Socket, (char *)PF4_KEY, strlen(PF4_KEY), 0); } else if (dwControlKeyState == SHIFT_PRESSED) NetWriteString2(pParams->Socket, (char *)SHIFT_PF4_KEY, strlen(SHIFT_PF4_KEY), 0); @@ -601,62 +607,6 @@ int ReadConsoleForTermEmul(HANDLE hInput, char *destin, int destinlen) (dwControlKeyState & RIGHT_CTRL_PRESSED))) NetWriteString2(pParams->Socket, (char *)SHIFT_CTRL_PF12_KEY, strlen(SHIFT_CTRL_PF12_KEY), 0); break; - case VK_PRIOR: -#ifdef PHYS_KEY_MAP - NetWriteString2(pParams->Socket, (char *)REMOVE_KEY, 4, 0); -#else - NetWriteString2(pParams->Socket, (char *)PREV_KEY, 4, 0); -#endif - break; - case VK_NEXT: - NetWriteString2(pParams->Socket, (char *)NEXT_KEY, 4, 0); - break; - case VK_END: -#ifdef PHYS_KEY_MAP - NetWriteString2(pParams->Socket, (char *)PREV_KEY, 4, 0); -#else - NetWriteString2(pParams->Socket, (char *)SELECT_KEY, 4, 0); -#endif - break; - - case VK_HOME: -#ifdef PHYS_KEY_MAP - NetWriteString2(pParams->Socket, (char *)INSERT_KEY, 4, 0); -#else - NetWriteString2(pParams->Socket, (char *)FIND_KEY, 4, 0); -#endif - break; - case VK_INSERT: -#ifdef PHYS_KEY_MAP - NetWriteString2(pParams->Socket, (char *)FIND_KEY, 4, 0); -#else - NetWriteString2(pParams->Socket, (char *)INSERT_KEY, 4, 0); -#endif - break; - case VK_DELETE: -#ifdef PHYS_KEY_MAP - NetWriteString2(pParams->Socket, (char *)SELECT_KEY, 4, 0); -#else - NetWriteString2(pParams->Socket, (char *)REMOVE_KEY, 4, 0); -#endif - break; - case VK_BACK: - NetWriteString2(pParams->Socket, (char *)BACKSPACE_KEY, 1, 0); - break; - case VK_TAB: - if (dwControlKeyState == SHIFT_PRESSED) - NetWriteString2(pParams->Socket, (char *)SHIFT_TAB_KEY, 3, 0); - else - NetWriteString2(pParams->Socket, (char *)octets, n, 0); - break; - case VK_ESCAPE: - NetWriteString2(pParams->Socket, (char *)ESCAPE_KEY, 1, 0); - break; - case VK_SHIFT: - case VK_CONTROL: - case VK_CAPITAL: - // NOP on these - break; default: { NetWriteString2(pParams->Socket, (char *)octets, n, 0); diff --git a/contrib/win32/win32compat/tncon.h b/contrib/win32/win32compat/tncon.h index 10e9b18..c36c02b 100644 --- a/contrib/win32/win32compat/tncon.h +++ b/contrib/win32/win32compat/tncon.h @@ -47,6 +47,16 @@ #define APP_RIGHT_ARROW "\x1bOC" #define APP_LEFT_ARROW "\x1bOD" +#define FIND_KEY "\x1b[1~" +#define INSERT_KEY "\x1b[2~" +#define REMOVE_KEY "\x1b[3~" +#define SELECT_KEY "\x1b[4~" +#define PREV_KEY "\x1b[5~" +#define NEXT_KEY "\x1b[6~" +#define SHIFT_TAB_KEY "\x1b[~" +#define ESCAPE_KEY "\x1b" +#define BACKSPACE_KEY "\b" + // VT100 Function Key's #define VT100_PF1_KEY "\x1bO2" #define VT100_PF2_KEY "\x1bO3" @@ -164,16 +174,6 @@ #define SHIFT_ALT_CTRL_PF11_KEY "\x1b[24;8~" #define SHIFT_ALT_CTRL_PF12_KEY "\x1b[25;8~" -#define FIND_KEY "\x1b[1~" -#define INSERT_KEY "\x1b[2~" -#define REMOVE_KEY "\x1b[3~" -#define SELECT_KEY "\x1b[4~" -#define PREV_KEY "\x1b[5~" -#define NEXT_KEY "\x1b[6~" -#define SHIFT_TAB_KEY "\x1b[~" -#define ESCAPE_KEY "\x1b" -#define BACKSPACE_KEY "\b" - #define TERMINAL_ID "\x1b[?1;2c" #define STATUS_REPORT "\x1b[2;5R" #define CURSOR_REPORT_FORMAT_STRING "\x1b[%d;%dR" diff --git a/contrib/win32/win32compat/w32fd.c b/contrib/win32/win32compat/w32fd.c index ec14c93..c4b50da 100644 --- a/contrib/win32/win32compat/w32fd.c +++ b/contrib/win32/win32compat/w32fd.c @@ -125,7 +125,7 @@ w32posix_initialize() { if ((fd_table_initialize() != 0) || (socketio_initialize() != 0)) DebugBreak(); - main_thread = OpenThread(THREAD_SET_CONTEXT, FALSE, GetCurrentThreadId()); + main_thread = OpenThread(THREAD_SET_CONTEXT | SYNCHRONIZE, FALSE, GetCurrentThreadId()); if ((main_thread == NULL) || (sw_initialize() != 0) || w32_programdir() == NULL) { DebugBreak(); fatal("failed to initialize w32posix wrapper"); @@ -486,7 +486,11 @@ int w32_close(int fd) { struct w32_io* pio; - CHECK_FD(fd); + if ((fd < 0) || (fd > MAX_FDS - 1) || fd_table.w32_ios[fd] == NULL) { + errno = EBADF; + return -1; + } + pio = fd_table.w32_ios[fd]; debug("close - io:%p, type:%d, fd:%d, table_index:%d", pio, pio->type, fd, @@ -860,4 +864,11 @@ w32_ftruncate(int fd, off_t length) { return -1; return 0; +} + + +int w32_fsync(int fd) { + CHECK_FD(fd); + + return FlushFileBuffers(w32_fd_to_handle(fd)); } \ No newline at end of file diff --git a/win32_dirent.c b/contrib/win32/win32compat/win32_dirent.c similarity index 91% rename from win32_dirent.c rename to contrib/win32/win32compat/win32_dirent.c index a75ce02..95ed744 100644 --- a/win32_dirent.c +++ b/contrib/win32/win32compat/win32_dirent.c @@ -7,9 +7,17 @@ #include #include #include -#include +#include "inc\utf.h" -#include "win32_dirent.h" +#include "inc\dirent.h" + + +typedef struct DIR_ { + intptr_t hFile; + struct _finddata_t c_file; + char initName[260]; + int first; +}; /* Open a directory stream on NAME. Return a DIR stream on the directory, or NULL if it could not be opened. */ @@ -37,12 +45,14 @@ DIR * opendir(char *name) } else { pdir = (DIR *) malloc( sizeof(DIR) ); + memset(pdir, 0, sizeof(DIR)); pdir->hFile = hFile ; pdir->c_file.attrib = c_file.attrib ; pdir->c_file.size = c_file.size; pdir->c_file.time_access = c_file.time_access; pdir->c_file.time_create = c_file.time_create; pdir->c_file.time_write = c_file.time_write; + pdir->first = 1; if ((tmp = utf16_to_utf8(&(c_file.name))) == NULL) fatal("failed to covert input arguments"); @@ -80,7 +90,8 @@ struct dirent *readdir(void *avp) char *tmp = NULL; for (;;) { - if ( _wfindnext( dirp->hFile, &c_file ) == 0 ) { + if ( dirp->first || _wfindnext( dirp->hFile, &c_file ) == 0 ) { + dirp->first = 0; if ( ( wcscmp (c_file.name, L".") == 0 ) || ( wcscmp (c_file.name, L"..") == 0 ) ) { continue ; diff --git a/contrib/win32/win32compat/win32auth.c b/contrib/win32/win32compat/win32auth.c deleted file mode 100644 index b01fe59..0000000 --- a/contrib/win32/win32compat/win32auth.c +++ /dev/null @@ -1,505 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "win32auth.h" - -/* - * Retrieve Security ID (SID) from username. - * - * psid - output SID (OUT) - * user - username string (IN) - * - * RETURNS: 0 if OK. - */ - -static int GetSidW(PSID *psid, const wchar_t *user) -{ - wchar_t *refDomain = NULL; - - DWORD refDomainSize = 0; - - DWORD sidSize = 0; - - SID_NAME_USE peUse; - - int exitCode = 1; - - /* - * Retrieve SID's size - */ - - LookupAccountNameW(NULL, user, NULL, &sidSize, NULL, &refDomainSize, &peUse); - - FAIL(GetLastError() != ERROR_INSUFFICIENT_BUFFER); - - /* - * Allocate buffer and retrieve SID - */ - - *psid = (PSID) LocalAlloc(LPTR, sidSize); - - refDomain = (wchar_t *) LocalAlloc(LPTR, refDomainSize * sizeof(wchar_t)); - - FAIL(LookupAccountNameW(NULL, user, *psid, &sidSize, - refDomain, &refDomainSize, &peUse) == FALSE); - - exitCode = 0; - -fail: - - /* - * We don't need reference domain. - */ - - if (refDomain) - { - LocalFree(refDomain); - } - - if (exitCode != 0) - { - debug("ERROR. Cannot retrieve SID (%u).", GetLastError()); - } - - return exitCode; -} - - -/* - * Enable or disable privilege for current running process - * - * privName - privilege name (IN) - * enabled - 1 for enabling, 0 for disabling (IN) - * - * RETURNS: 0 if OK. - */ - -int EnablePrivilege(const char *privName, int enabled) -{ - TOKEN_PRIVILEGES tp; - - HANDLE hProcToken = NULL; - - LUID luid; - - int exitCode = 1; - - /* - * Retrievie LUID from privilege name - */ - - FAIL(LookupPrivilegeValue(NULL, privName, &luid) == FALSE); - - /* - * Retrievie token for current running process - */ - - FAIL(OpenProcessToken(GetCurrentProcess(), - TOKEN_ADJUST_PRIVILEGES, &hProcToken) == FALSE); - - /* - * Adjust privilege to current running process - */ - - tp.PrivilegeCount = 1; - tp.Privileges[0].Luid = luid; - tp.Privileges[0].Attributes = enabled ? SE_PRIVILEGE_ENABLED : 0; - - FAIL(AdjustTokenPrivileges(hProcToken, FALSE, &tp, - sizeof(TOKEN_PRIVILEGES), NULL, NULL) == FALSE); - - exitCode = 0; - -fail: - - /* - * Free allocated memory if needed. - */ - - if (hProcToken) - { - CloseHandle(hProcToken); - } - - if (exitCode) - { - DWORD err = GetLastError(); - - debug("ERROR. Cannot enable privilege to current process (%u).", err); - } - - return exitCode; -} - -/* - * This functions allocate and initialize some 'well known' SIDs. - * This SIDs are global uniqualy, i.e. they are the same on all - * machines. - */ - -static PSID LocalSID() -{ - PSID psid = NULL; - - SID_IDENTIFIER_AUTHORITY nt = SECURITY_LOCAL_SID_AUTHORITY; - - AllocateAndInitializeSid(&nt, 1, 0, 0, 0, 0, 0, 0, 0, 0, &psid); - - return psid; -} - -static PSID EveryoneSID() -{ - PSID psid = NULL; - - SID_IDENTIFIER_AUTHORITY nt = SECURITY_WORLD_SID_AUTHORITY; - - AllocateAndInitializeSid(&nt, 1, 0, 0, 0, 0, 0, 0, 0, 0, &psid); - - return psid; -} - -static PSID AuthenticatedUsersSID() -{ - PSID psid = NULL; - - SID_IDENTIFIER_AUTHORITY nt = SECURITY_NT_AUTHORITY; - - AllocateAndInitializeSid(&nt, 1, SECURITY_AUTHENTICATED_USER_RID, - 0, 0, 0, 0, 0, 0, 0, &psid); - - return psid; -} - -static PSID InteractiveSID() -{ - PSID psid = NULL; - - SID_IDENTIFIER_AUTHORITY nt = SECURITY_NT_AUTHORITY; - - AllocateAndInitializeSid(&nt, 1, SECURITY_INTERACTIVE_RID, - 0, 0, 0, 0, 0, 0, 0, &psid); - - return psid; -} - -/* - * Allocate new TOKEN_PRIVILEGES structure and fill it with privileges - * from given user account. - * - * pPrivToken - new, allocated structure (OUT) - * userSid - SID of user (IN) - * - * RETURNS: 0 if OK. - */ - -int SetupTokenPrivileges(PTOKEN_PRIVILEGES *pPrivToken, PSID userSid) -{ - DWORD ntStat = 0; - - int exitCode = 1; - - LSA_OBJECT_ATTRIBUTES lsaOA = {0}; - - PLSA_UNICODE_STRING userRights = NULL; - - ULONG nRights = 0; - - DWORD size; - - int i, j; - - /* - * Open local policy. - */ - - LSA_HANDLE hPolicy; - - lsaOA.Length = sizeof(lsaOA); - - ACCESS_MASK mask = POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES; - - debug("Opening local policy..."); - - ntStat = LsaOpenPolicy(NULL, &lsaOA, mask, &hPolicy); - - FAIL(ntStat); - - /* - * Retrieve user's privileges. - */ - - debug("Retrieving user's privileges list..."); - - ntStat = LsaEnumerateAccountRights(hPolicy, userSid, &userRights, &nRights); - - /* - * This error code means there is no any rights. - * In this case, we should create empty list. - */ - - if (ntStat == STATUS_OBJECT_NAME_NOT_FOUND) - { - nRights = 0; - ntStat = 0; - } - - FAIL(ntStat); - - /* - * FIXME. Now if some privilege name is not recognized by - * LookupPrivilegeName() part of pPrivToken buffer will be - * unused. - */ - - /* - * Allocate buffer for TOKEN_PRIVILEGES. - */ - - debug("Allocating buffer for TOKEN_PRIVILEGES [%u]...", nRights); - - size = sizeof(DWORD) + nRights * sizeof(LUID_AND_ATTRIBUTES); - - (*pPrivToken) = LocalAlloc(LPTR, size); - - FAIL(pPrivToken == NULL); - - /* - * Fill TOKEN_PRIVILEGES with LUIDs of retrieved privileges. - */ - - j = 0; - - for (i = 0; i < nRights; i++) - { - /* - * Retrieve unicode name of privilege. - * Make sure there is a zero word at the end. - */ - - wchar_t privName[128]; - - int len = userRights[i].Length; - - memcpy(privName, userRights[i].Buffer, len * sizeof(wchar_t)); - - privName[len] = 0; - - debug("Adding %ls... ", privName); - - /* - * Retrieve LUID for given privilege name. - */ - - if(LookupPrivilegeValueW(NULL, privName, - &(*pPrivToken) -> Privileges[i].Luid) == FALSE) - { - debug("WARNING. Cannot add privilege to token (%u).", GetLastError()); - } - else - { - (*pPrivToken) -> Privileges[j].Attributes = SE_PRIVILEGE_ENABLED; - - j++; - } - } - - /* - * j = number of privileges, which were recognized by - * LookupPrivilegesValue(). - */ - - (*pPrivToken) -> PrivilegeCount = j; - - exitCode = 0; - -fail: - - /* - * Clenup. - */ - - if (userRights) - { - LsaFreeMemory(userRights); - } - - if (hPolicy) - { - CloseHandle(hPolicy); - } - - if (exitCode) - { - debug("ERROR. Cannot setup TOKEN_PRIVILEGES (err=%u, ntStat=%x).", - GetLastError(), ntStat); - } - - return exitCode; -} - - -/* - * Allocate new TOKEN_GROUPS structure and fill it with groups, which - * given user belong to. - * - * pGroupsToken - new, allocated TOKEN_GROUPS structure (OUT) - * userNameW - wide string with username (IN) - * - * RETURNS: 0 if OK. - */ - -int SetupTokenGroups(PTOKEN_GROUPS *groupsToken, wchar_t *userNameW) -{ - wchar_t **localGroups = NULL; - wchar_t **globalGroups = NULL; - - DWORD nLocalGroups = 0; - DWORD nLocalGroupsTot = 0; - - DWORD nGlobalGroups = 0; - DWORD nGlobalGroupsTot = 0; - - DWORD nGroupsTotal = 0; - - DWORD size; - - int i; - - int exitCode = 1; - - /* - * Retrieve local groups, which user belong to. - */ - - debug("Retrieving local groups list..."); - - FAIL(NetUserGetLocalGroups(NULL, userNameW, 0, - LG_INCLUDE_INDIRECT, - (LPBYTE *) &localGroups, - MAX_PREFERRED_LENGTH, - &nLocalGroups, - &nLocalGroupsTot)); - - debug("Retrieving global groups list..."); - - /* - * Retrieve global groups, which user belong to. - */ - - FAIL(NetUserGetGroups(NULL, userNameW, 0, (LPBYTE *) - &globalGroups, MAX_PREFERRED_LENGTH, - &nGlobalGroups, &nGlobalGroupsTot)); - - - /* - * Allocate buffer for TOKEN_GROUPS struct. - * - * We assume user belong to Everyone, AuthenticatedUsers, Local, Interactive - * and groups retrievied from NetUserGetLocalGroups() and NetUserGetGroups() - * for given user. - */ - - nGroupsTotal = nLocalGroups + nGlobalGroups + 4; - - size = (nGroupsTotal + 1) * sizeof(SID_AND_ATTRIBUTES) + sizeof(DWORD); - - *groupsToken = (TOKEN_GROUPS *) LocalAlloc(LPTR, size); - - (*groupsToken) -> GroupCount = nGroupsTotal; - - /* - * Write SIDs of local groups into TOKEN_GROUPS struct. - */ - - #define INSIDE_GROUP_FLAG SE_GROUP_ENABLED\ - | SE_GROUP_ENABLED_BY_DEFAULT\ - | SE_GROUP_MANDATORY - - int delta = 4; - - for (i = 0; i < nLocalGroups; i++) - { - FAIL(GetSidW(&(*groupsToken) -> Groups[i + delta].Sid, localGroups[i])); - - (*groupsToken) -> Groups[i + delta].Attributes = INSIDE_GROUP_FLAG; - } - - /* - * Write SIDs of global groups into TOKEN_GROUPS struct. - */ - - delta = 4 + nLocalGroups; - - for (i = 0; i < nGlobalGroups; i++) - { - FAIL(GetSidW(&(*groupsToken) -> Groups[delta + i].Sid, globalGroups[i])); - - (*groupsToken) -> Groups[delta + i].Attributes = INSIDE_GROUP_FLAG; - } - - /* - * Write SIDs of Everyone, AuthenticatedUsers, Local and Interactive - * groups into TOKEN_GROUPS struct. - */ - - (*groupsToken) -> Groups[0].Sid = EveryoneSID(); - (*groupsToken) -> Groups[0].Attributes = INSIDE_GROUP_FLAG; - - (*groupsToken) -> Groups[1].Sid = AuthenticatedUsersSID(); - (*groupsToken) -> Groups[1].Attributes = INSIDE_GROUP_FLAG; - - (*groupsToken) -> Groups[2].Sid = LocalSID(); - (*groupsToken) -> Groups[2].Attributes = INSIDE_GROUP_FLAG; - - (*groupsToken) -> Groups[3].Sid = InteractiveSID(); - (*groupsToken) -> Groups[3].Attributes = INSIDE_GROUP_FLAG; - - exitCode = 0; - -fail: - - /* - * Clean up. - */ - - NetApiBufferFree(localGroups); - NetApiBufferFree(globalGroups); - - if (exitCode) - { - debug("ERROR. Failed to setup TOKEN_GROUPS (%u).", GetLastError()); - } - - return exitCode; -} - - diff --git a/contrib/win32/win32compat/win32auth.h b/contrib/win32/win32compat/win32auth.h deleted file mode 100644 index ee72e8c..0000000 --- a/contrib/win32/win32compat/win32auth.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef WIN32AUTH_H -#define WIN32AUTH_H 1 - - -#include -#include -#include -#include -#include -#include -#include -#include -#include "Debug.h" -#ifdef WIN32 -#define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L) -#else -#include -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef _MSC_VER -typedef struct _OBJECT_ATTRIBUTES -{ - ULONG Length; - - HANDLE RootDirectory; - - PUNICODE_STRING ObjectName; - - ULONG Attributes; - - PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR - - PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE -} -OBJECT_ATTRIBUTES; - -typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; -#endif - -#ifndef NYSYSAPI -#define NTSYSAPI DECLSPEC_IMPORT -#endif - -HANDLE CreateUserToken(const char *pUserName, - const char *pDomainName, const char *pSourceName); - -int EnablePrivilege(const char *privName, int enabled); - -#ifdef __cplusplus -}; -#endif - -#endif /* WIN32AUTH_H */ diff --git a/contrib/win32/win32compat/wmain.c b/contrib/win32/win32compat/wmain_common.c similarity index 100% rename from contrib/win32/win32compat/wmain.c rename to contrib/win32/win32compat/wmain_common.c diff --git a/contrib/win32/win32compat/wmain_sshd.c b/contrib/win32/win32compat/wmain_sshd.c new file mode 100644 index 0000000..f2e782a --- /dev/null +++ b/contrib/win32/win32compat/wmain_sshd.c @@ -0,0 +1,133 @@ +/* +* Author: Manoj Ampalam +* +* wmain entry for sshd. +* +* Copyright (c) 2015 Microsoft Corp. +* All rights reserved +* +* Microsoft openssh win32 port +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions +* are met: +* +* 1. Redistributions of source code must retain the above copyright +* notice, this list of conditions and the following disclaimer. +* 2. Redistributions in binary form must reproduce the above copyright +* notice, this list of conditions and the following disclaimer in the +* documentation and/or other materials provided with the distribution. +* +* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#include +#include "inc\utf.h" + +int main(int, char **); +void w32posix_initialize(); +extern HANDLE main_thread; +extern int is_child; + +int scm_start_service(DWORD, LPWSTR*); + +SERVICE_TABLE_ENTRYW dispatch_table[] = +{ + { L"sshd", (LPSERVICE_MAIN_FUNCTIONW)scm_start_service }, + { NULL, NULL } +}; +static SERVICE_STATUS_HANDLE service_status_handle; +static SERVICE_STATUS service_status; + + +static VOID ReportSvcStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint) +{ + service_status.dwCurrentState = dwCurrentState; + service_status.dwWin32ExitCode = dwWin32ExitCode; + service_status.dwWaitHint = dwWaitHint; + + if (dwCurrentState == SERVICE_START_PENDING) + service_status.dwControlsAccepted = 0; + else + service_status.dwControlsAccepted = SERVICE_ACCEPT_STOP; + + if ((dwCurrentState == SERVICE_RUNNING) || (dwCurrentState == SERVICE_STOPPED)) + service_status.dwCheckPoint = 0; + else + service_status.dwCheckPoint = 1; + + SetServiceStatus(service_status_handle, &service_status); +} + +BOOL WINAPI native_sig_handler(DWORD); +static VOID WINAPI service_handler(DWORD dwControl) +{ + switch (dwControl) + { + case SERVICE_CONTROL_STOP: { + ReportSvcStatus(SERVICE_STOP_PENDING, NO_ERROR, 500); + ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, 0); + /* TOTO - GenerateConsoleCtrlEvent(CTRL_C_EVENT, 0); doesn't seem to be invoking + * signal handler (native_sig_handler) when sshd runs as service + * So calling the signal handler directly to interrupt the deamon's main thread + * This is being called after reporting SERVICE_STOPPED because main thread does a exit() + * as part of handling Crtl+c + */ + native_sig_handler(CTRL_C_EVENT); + return; + } + case SERVICE_CONTROL_INTERROGATE: + break; + default: + break; + } + + ReportSvcStatus(service_status.dwCurrentState, NO_ERROR, 0); +} + +int sshd_main(int argc, wchar_t **wargv) { + char** argv = NULL; + int i; + + if (argc) { + if ((argv = malloc(argc * sizeof(char*))) == NULL) + fatal("out of memory"); + for (i = 0; i < argc; i++) + argv[i] = utf16_to_utf8(wargv[i]); + } + + w32posix_initialize(); + if (getenv("SSHD_REMSOC")) + is_child = 1; + return main(argc, argv); +} + +int wmain(int argc, wchar_t **wargv) { + + if (!StartServiceCtrlDispatcherW(dispatch_table)) { + if (GetLastError() != ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) + return -1; + } + + return sshd_main(argc, wargv); +} + +int scm_start_service(DWORD num, LPWSTR* args) { + service_status_handle = RegisterServiceCtrlHandlerW(L"sshd", service_handler); + ZeroMemory(&service_status, sizeof(service_status)); + service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS; + ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 300); + ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0); + return sshd_main(num, args); +} + + diff --git a/defines.h b/defines.h index 2dd7432..dbffaff 100644 --- a/defines.h +++ b/defines.h @@ -42,6 +42,19 @@ enum # define SHUT_RDWR SHUT_RDWR #endif +/* + * Cygwin doesn't really have a notion of reserved ports. It is still + * is useful on the client side so for compatibility it defines as 1024 via + * netinet/in.h inside an enum. We * don't actually want that restriction + * so we want to set that to zero, but we can't do it direct in config.h + * because it'll cause a conflicting definition the first time we include + * netinet/in.h. + */ + +#ifdef HAVE_CYGWIN +#define IPPORT_RESERVED 0 +#endif + /* * Definitions for IP type of service (ip_tos) */ @@ -852,7 +865,13 @@ struct winsize { # endif /* gcc version */ #endif /* __predict_true */ -/* WIN32_FIXME */ +#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ + defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ + defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ + !defined(BROKEN_GLOB) +# define USE_SYSTEM_GLOB +#endif + #ifdef _WIN32 # define CUSTOM_SYS_AUTH_PASSWD 1 #endif diff --git a/dh.c b/dh.c index 1d2a3bc..167d371 100644 --- a/dh.c +++ b/dh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.c,v 1.57 2015/05/27 23:39:18 dtucker Exp $ */ +/* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -41,7 +42,6 @@ #include "log.h" #include "misc.h" #include "ssherr.h" -#include "crypto-wrap.h" static int parse_prime(int linenum, char *line, struct dhgroup *dhg) @@ -50,7 +50,6 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) char *strsize, *gen, *prime; const char *errstr = NULL; long long n; - int r; dhg->p = dhg->g = NULL; cp = line; @@ -111,45 +110,52 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) goto fail; } - if ((r = sshbn_from_hex(gen, &dhg->g)) != 0 || - (r = sshbn_from_hex(prime, &dhg->p)) != 0) - { + if ((dhg->g = BN_new()) == NULL || + (dhg->p = BN_new()) == NULL) { + error("parse_prime: BN_new failed"); goto fail; } - if (sshbn_bits(dhg->p) != dhg->size) { - error("moduli:%d: prime has wrong size: actual %zu listed %zu", - linenum, sshbn_bits(dhg->p), dhg->size - 1); + if (BN_hex2bn(&dhg->g, gen) == 0) { + error("moduli:%d: could not parse generator value", linenum); goto fail; } - - if (sshbn_cmp(dhg->g, sshbn_value_1()) <= 0) { + if (BN_hex2bn(&dhg->p, prime) == 0) { + error("moduli:%d: could not parse prime value", linenum); + goto fail; + } + if (BN_num_bits(dhg->p) != dhg->size) { + error("moduli:%d: prime has wrong size: actual %d listed %d", + linenum, BN_num_bits(dhg->p), dhg->size - 1); + goto fail; + } + if (BN_cmp(dhg->g, BN_value_one()) <= 0) { error("moduli:%d: generator is invalid", linenum); goto fail; } return 1; fail: - sshbn_free(dhg->g); - sshbn_free(dhg->p); + if (dhg->g != NULL) + BN_clear_free(dhg->g); + if (dhg->p != NULL) + BN_clear_free(dhg->p); dhg->g = dhg->p = NULL; return 0; } -struct sshdh * -choose_dh(u_int min, u_int wantbits, u_int max) +DH * +choose_dh(int min, int wantbits, int max) { FILE *f; char line[4096]; - u_int best, bestcount, which, linenum; - int r; + int best, bestcount, which; + int linenum; struct dhgroup dhg; - struct sshdh *dh = NULL; - if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL && - (f = fopen(_PATH_DH_PRIMES, "r")) == NULL) { - logit("WARNING: %s does not exist, using fixed modulus", - _PATH_DH_MODULI); - goto fallback; + if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) { + logit("WARNING: could open open %s (%s), using fixed modulus", + _PATH_DH_MODULI, strerror(errno)); + return (dh_new_group_fallback(max)); } linenum = 0; @@ -158,8 +164,8 @@ choose_dh(u_int min, u_int wantbits, u_int max) linenum++; if (!parse_prime(linenum, line, &dhg)) continue; - sshbn_free(dhg.g); - sshbn_free(dhg.p); + BN_clear_free(dhg.g); + BN_clear_free(dhg.p); if (dhg.size > max || dhg.size < min) continue; @@ -176,8 +182,8 @@ choose_dh(u_int min, u_int wantbits, u_int max) if (bestcount == 0) { fclose(f); - logit("WARNING: no suitable primes in %s", _PATH_DH_PRIMES); - goto fallback; + logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI); + return (dh_new_group_fallback(max)); } linenum = 0; @@ -188,8 +194,8 @@ choose_dh(u_int min, u_int wantbits, u_int max) if ((dhg.size > max || dhg.size < min) || dhg.size != best || linenum++ != which) { - sshbn_free(dhg.g); - sshbn_free(dhg.p); + BN_clear_free(dhg.g); + BN_clear_free(dhg.p); continue; } break; @@ -197,182 +203,258 @@ choose_dh(u_int min, u_int wantbits, u_int max) fclose(f); if (linenum != which+1) { logit("WARNING: line %d disappeared in %s, giving up", - which, _PATH_DH_PRIMES); - fallback: - if ((r = dh_new_group_fallback(max, &dh)) != 0) - fatal("%s: dh_new_group_fallback: %s", - __func__, ssh_err(r)); - return dh; + which, _PATH_DH_MODULI); + return (dh_new_group_fallback(max)); } - return (sshdh_new_group(dhg.g, dhg.p)); + return (dh_new_group(dhg.g, dhg.p)); } /* diffie-hellman-groupN-sha1 */ + int -dh_pub_is_valid(struct sshdh *dh, struct sshbn *dh_pub) +dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) { - size_t i; - size_t n; - int r, freeme = 0, bits_set = 0; - struct sshbn *dh_p = NULL, *tmp = NULL; + int i; + int n = BN_num_bits(dh_pub); + int bits_set = 0; + BIGNUM *tmp; - if (dh_pub == NULL) { - if ((dh_pub = sshdh_pubkey(dh)) == NULL) - return SSH_ERR_ALLOC_FAIL; - freeme = 1; + if (dh_pub->neg) { + logit("invalid public DH value: negative"); + return 0; } - n = sshbn_bits(dh_pub); - if (sshbn_cmp(dh_pub, sshbn_value_1()) != 1) { /* pub_exp <= 1 */ + if (BN_cmp(dh_pub, BN_value_one()) != 1) { /* pub_exp <= 1 */ logit("invalid public DH value: <= 1"); - r = SSH_ERR_INVALID_FORMAT; - goto out; + return 0; } - if ((dh_p = sshdh_p(dh)) == NULL) { - error("%s: sshdh_p failed", __func__); - r = SSH_ERR_ALLOC_FAIL; - goto out; + + if ((tmp = BN_new()) == NULL) { + error("%s: BN_new failed", __func__); + return 0; } - if ((tmp = sshbn_new()) == NULL) { - error("%s: sshbn_new failed", __func__); - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = sshbn_sub(tmp, dh_p, sshbn_value_1())) != 0) { - error("%s: sshbn_sub: %s", __func__, ssh_err(r)); - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshbn_cmp(dh_pub, tmp)) != -1) { /* pub_exp > p-2 */ + if (!BN_sub(tmp, dh->p, BN_value_one()) || + BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ + BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); - r = SSH_ERR_INVALID_FORMAT; - goto out; + return 0; } + BN_clear_free(tmp); + for (i = 0; i <= n; i++) - if (sshbn_is_bit_set(dh_pub, i)) + if (BN_is_bit_set(dh_pub, i)) bits_set++; - debug2("bits set: %d/%zu", bits_set, sshbn_bits(dh_p)); + debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); - /* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ - if (bits_set <= 1) { - logit("invalid public DH value (%d/%zu)", - bits_set, sshbn_bits(dh_p)); - r = SSH_ERR_INVALID_FORMAT; - goto out; + /* + * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial + */ + if (bits_set < 4) { + logit("invalid public DH value (%d/%d)", + bits_set, BN_num_bits(dh->p)); + return 0; } - - /* success */ - r = 0; -out: - sshbn_free(dh_p); - sshbn_free(tmp); - if (freeme) - sshbn_free(dh_pub); - return r; + return 1; } int -dh_gen_key(struct sshdh *dh, u_int need) +dh_gen_key(DH *dh, int need) { - size_t pbits; - struct sshbn *dh_p; - int r; + int pbits; - if ((dh_p = sshdh_p(dh)) == NULL) { - error("%s: sshdh_p failed", __func__); - return 0; - } - if (need == 0 || - (pbits = sshbn_bits(dh_p)) == 0 || - need > INT_MAX / 2 || 2 * need > pbits) { - sshbn_free(dh_p); + if (need < 0 || dh->p == NULL || + (pbits = BN_num_bits(dh->p)) <= 0 || + need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; + if (need < 256) + need = 256; + /* + * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), + * so double requested need here. + */ + dh->length = MIN(need * 2, pbits - 1); + if (DH_generate_key(dh) == 0 || + !dh_pub_is_valid(dh, dh->pub_key)) { + BN_clear_free(dh->priv_key); + return SSH_ERR_LIBCRYPTO_ERROR; } - if ((r = sshdh_generate(dh, MIN(need * 2, pbits - 1))) != 0 || - (r = dh_pub_is_valid(dh, NULL)) != 0) - return r; return 0; } -int -dh_new_group1(struct sshdh **dhp) +DH * +dh_new_group_asc(const char *gen, const char *modulus) +{ + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + if (BN_hex2bn(&dh->p, modulus) == 0 || + BN_hex2bn(&dh->g, gen) == 0) { + DH_free(dh); + return NULL; + } + return (dh); +} + +/* + * This just returns the group, we still need to generate the exchange + * value. + */ + +DH * +dh_new_group(BIGNUM *gen, BIGNUM *modulus) +{ + DH *dh; + + if ((dh = DH_new()) == NULL) + return NULL; + dh->p = modulus; + dh->g = gen; + + return (dh); +} + +/* rfc2409 "Second Oakley Group" (1024 bits) */ +DH * +dh_new_group1(void) { static char *gen = "2", *group1 = - "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" - "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" - "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" - "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" - "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" - "FFFFFFFF" "FFFFFFFF"; + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381" + "FFFFFFFF" "FFFFFFFF"; - return sshdh_new_group_hex(gen, group1, dhp); + return (dh_new_group_asc(gen, group1)); } -int -dh_new_group14(struct sshdh **dhp) +/* rfc3526 group 14 "2048-bit MODP Group" */ +DH * +dh_new_group14(void) { static char *gen = "2", *group14 = - "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" - "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" - "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" - "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" - "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" - "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" - "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" - "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" - "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" - "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" - "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF"; + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AACAA68" "FFFFFFFF" "FFFFFFFF"; - return sshdh_new_group_hex(gen, group14, dhp); + return (dh_new_group_asc(gen, group14)); } -/* -* 4k bit fallback group used by DH-GEX if moduli file cannot be read. -* Source: MODP group 16 from RFC3526. -*/ -int -dh_new_group_fallback(int max, struct sshdh **dhp) +/* rfc3526 group 16 "4096-bit MODP Group" */ +DH * +dh_new_group16(void) { static char *gen = "2", *group16 = - "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" - "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" - "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" - "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" - "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" - "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" - "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" - "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" - "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" - "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" - "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" - "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" - "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" - "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" - "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" - "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" - "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" - "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" - "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" - "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" - "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" - "FFFFFFFF" "FFFFFFFF"; + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" + "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" + "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" + "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" + "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" + "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" + "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" + "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" + "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" + "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" + "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" + "FFFFFFFF" "FFFFFFFF"; - if (max < 4096) { - debug3("requested max size %d, using 2k bit group 14", max); - return dh_new_group14(dhp); + return (dh_new_group_asc(gen, group16)); +} + +/* rfc3526 group 18 "8192-bit MODP Group" */ +DH * +dh_new_group18(void) +{ + static char *gen = "2", *group16 = + "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" + "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" + "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" + "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" + "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" + "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" + "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" + "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" + "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" + "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" + "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" + "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" + "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" + "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" + "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" + "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" + "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" + "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" + "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" + "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" + "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492" + "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD" + "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831" + "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B" + "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF" + "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6" + "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3" + "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA" + "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328" + "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C" + "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE" + "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4" + "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300" + "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568" + "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9" + "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B" + "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A" + "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36" + "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1" + "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92" + "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47" + "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71" + "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF"; + + return (dh_new_group_asc(gen, group16)); +} + +/* Select fallback group used by DH-GEX if moduli file cannot be read. */ +DH * +dh_new_group_fallback(int max) +{ + debug3("%s: requested max size %d", __func__, max); + if (max < 3072) { + debug3("using 2k bit group 14"); + return dh_new_group14(); + } else if (max < 6144) { + debug3("using 4k bit group 16"); + return dh_new_group16(); } - debug3("using 4k bit group 16"); - return sshdh_new_group_hex(gen, group16, dhp); + debug3("using 8k bit group 18"); + return dh_new_group18(); } /* -* Estimates the group order for a Diffie-Hellman group that has an -* attack complexity approximately the same as O(2**bits). -* Values from NIST Special Publication 800-57: Recommendation for Key -* Management Part 1 (rev 3) limited by the recommended maximum value -* from RFC4419 section 3. -*/ + * Estimates the group order for a Diffie-Hellman group that has an + * attack complexity approximately the same as O(2**bits). + * Values from NIST Special Publication 800-57: Recommendation for Key + * Management Part 1 (rev 3) limited by the recommended maximum value + * from RFC4419 section 3. + */ u_int dh_estimate(int bits) { diff --git a/dh.h b/dh.h index bff6720..bcd485c 100644 --- a/dh.h +++ b/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.13 2015/05/27 23:39:18 dtucker Exp $ */ +/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. @@ -26,35 +26,37 @@ #ifndef DH_H #define DH_H -#include - struct dhgroup { - size_t size; - struct sshbn *g; - struct sshbn *p; + int size; + BIGNUM *g; + BIGNUM *p; }; -struct sshdh *choose_dh(u_int, u_int, u_int); -int dh_new_group1(struct sshdh **dhp); -int dh_new_group14(struct sshdh **dhp); -int dh_new_group_fallback(int, struct sshdh **dhp); +DH *choose_dh(int, int, int); +DH *dh_new_group_asc(const char *, const char *); +DH *dh_new_group(BIGNUM *, BIGNUM *); +DH *dh_new_group1(void); +DH *dh_new_group14(void); +DH *dh_new_group16(void); +DH *dh_new_group18(void); +DH *dh_new_group_fallback(int); -int dh_gen_key(struct sshdh *dh, u_int); -int dh_pub_is_valid(struct sshdh *dh, struct sshbn *dh_pub); +int dh_gen_key(DH *, int); +int dh_pub_is_valid(DH *, BIGNUM *); u_int dh_estimate(int); /* -* Max value from RFC4419. -* Miniumum increased in light of DH precomputation attacks. -*/ + * Max value from RFC4419. + * Miniumum increased in light of DH precomputation attacks. + */ #define DH_GRP_MIN 2048 #define DH_GRP_MAX 8192 /* -* Values for "type" field of moduli(5) -* Specifies the internal structure of the prime modulus. -*/ + * Values for "type" field of moduli(5) + * Specifies the internal structure of the prime modulus. + */ #define MODULI_TYPE_UNKNOWN (0) #define MODULI_TYPE_UNSTRUCTURED (1) #define MODULI_TYPE_SAFE (2) @@ -63,10 +65,10 @@ u_int dh_estimate(int); #define MODULI_TYPE_STRONG (5) /* -* Values for "tests" field of moduli(5) -* Specifies the methods used in checking for primality. -* Usually, more than one test is used. -*/ + * Values for "tests" field of moduli(5) + * Specifies the methods used in checking for primality. + * Usually, more than one test is used. + */ #define MODULI_TESTS_UNTESTED (0x00) #define MODULI_TESTS_COMPOSITE (0x01) #define MODULI_TESTS_SIEVE (0x02) @@ -74,4 +76,5 @@ u_int dh_estimate(int); #define MODULI_TESTS_JACOBI (0x08) #define MODULI_TESTS_ELLIPTIC (0x10) + #endif diff --git a/groupaccess.c b/groupaccess.c index 80a0533..a3b0ecd 100644 --- a/groupaccess.c +++ b/groupaccess.c @@ -25,15 +25,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 81de5ec..795992d 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -26,15 +26,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #ifdef GSSAPI #ifdef KRB5 diff --git a/gss-serv.c b/gss-serv.c index 8a832de..53993d6 100644 --- a/gss-serv.c +++ b/gss-serv.c @@ -26,15 +26,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #ifdef GSSAPI #include diff --git a/images/5_9p1_openssh_vs_win32_diff.png b/images/5_9p1_openssh_vs_win32_diff.png deleted file mode 100644 index 6195f82..0000000 Binary files a/images/5_9p1_openssh_vs_win32_diff.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-1.png b/images/eclipse-debug/eclipse-1.png deleted file mode 100644 index 4fc64c2..0000000 Binary files a/images/eclipse-debug/eclipse-1.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-10.png b/images/eclipse-debug/eclipse-10.png deleted file mode 100644 index 6b4d6d3..0000000 Binary files a/images/eclipse-debug/eclipse-10.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-2.png b/images/eclipse-debug/eclipse-2.png deleted file mode 100644 index ed514c5..0000000 Binary files a/images/eclipse-debug/eclipse-2.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-3.png b/images/eclipse-debug/eclipse-3.png deleted file mode 100644 index 3650f84..0000000 Binary files a/images/eclipse-debug/eclipse-3.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-4.png b/images/eclipse-debug/eclipse-4.png deleted file mode 100644 index facc48d..0000000 Binary files a/images/eclipse-debug/eclipse-4.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-5.png b/images/eclipse-debug/eclipse-5.png deleted file mode 100644 index 32c00bf..0000000 Binary files a/images/eclipse-debug/eclipse-5.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-6.png b/images/eclipse-debug/eclipse-6.png deleted file mode 100644 index 947ce76..0000000 Binary files a/images/eclipse-debug/eclipse-6.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-7.png b/images/eclipse-debug/eclipse-7.png deleted file mode 100644 index 446c024..0000000 Binary files a/images/eclipse-debug/eclipse-7.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-8.png b/images/eclipse-debug/eclipse-8.png deleted file mode 100644 index a1e4234..0000000 Binary files a/images/eclipse-debug/eclipse-8.png and /dev/null differ diff --git a/images/eclipse-debug/eclipse-9.png b/images/eclipse-debug/eclipse-9.png deleted file mode 100644 index cbcce99..0000000 Binary files a/images/eclipse-debug/eclipse-9.png and /dev/null differ diff --git a/images/openssh-build-sequence.png b/images/openssh-build-sequence.png deleted file mode 100644 index d87cbc1..0000000 Binary files a/images/openssh-build-sequence.png and /dev/null differ diff --git a/images/test_directory_structure.png b/images/test_directory_structure.png deleted file mode 100644 index e1b19f2..0000000 Binary files a/images/test_directory_structure.png and /dev/null differ diff --git a/includes.h b/includes.h index 2893a54..497a038 100644 --- a/includes.h +++ b/includes.h @@ -32,12 +32,6 @@ #ifdef HAVE_BSTRING_H # include #endif -#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \ - defined(GLOB_HAS_GL_MATCHC) && defined(GLOB_HAS_GL_STATV) && \ - defined(HAVE_DECL_GLOB_NOMATCH) && HAVE_DECL_GLOB_NOMATCH != 0 && \ - !defined(BROKEN_GLOB) -# include -#endif #ifdef HAVE_ENDIAN_H # include #endif diff --git a/jpake.c b/jpake.c deleted file mode 100644 index ac9a4bc..0000000 --- a/jpake.c +++ /dev/null @@ -1,456 +0,0 @@ -/* $OpenBSD: jpake.c,v 1.6 2010/09/20 04:54:07 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Shared components of zero-knowledge password auth using J-PAKE protocol - * as described in: - * - * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", - * 16th Workshop on Security Protocols, Cambridge, April 2008 - * - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include -#include - -#include "xmalloc.h" -#include "ssh2.h" -#include "key.h" -#include "hostfile.h" -#include "auth.h" -#include "buffer.h" -#include "packet.h" -#include "dispatch.h" -#include "log.h" -#include "misc.h" - -#include "jpake.h" -#include "schnorr.h" - -#ifdef JPAKE - -/* RFC3526 group 5, 1536 bits */ -#define JPAKE_GROUP_G "2" -#define JPAKE_GROUP_P \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74" \ - "020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437" \ - "4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05" \ - "98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" \ - "9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" - -struct modp_group * -jpake_default_group(void) -{ - return modp_group_from_g_and_safe_p(JPAKE_GROUP_G, JPAKE_GROUP_P); -} - -struct jpake_ctx * -jpake_new(void) -{ - struct jpake_ctx *ret; - - ret = xcalloc(1, sizeof(*ret)); - - ret->grp = jpake_default_group(); - - ret->s = ret->k = NULL; - ret->x1 = ret->x2 = ret->x3 = ret->x4 = NULL; - ret->g_x1 = ret->g_x2 = ret->g_x3 = ret->g_x4 = NULL; - ret->a = ret->b = NULL; - - ret->client_id = ret->server_id = NULL; - ret->h_k_cid_sessid = ret->h_k_sid_sessid = NULL; - - debug3("%s: alloc %p", __func__, ret); - - return ret; -} - -void -jpake_free(struct jpake_ctx *pctx) -{ - debug3("%s: free %p", __func__, pctx); - -#define JPAKE_BN_CLEAR_FREE(v) \ - do { \ - if ((v) != NULL) { \ - BN_clear_free(v); \ - (v) = NULL; \ - } \ - } while (0) -#define JPAKE_BUF_CLEAR_FREE(v, l) \ - do { \ - if ((v) != NULL) { \ - bzero((v), (l)); \ - xfree(v); \ - (v) = NULL; \ - (l) = 0; \ - } \ - } while (0) - - JPAKE_BN_CLEAR_FREE(pctx->s); - JPAKE_BN_CLEAR_FREE(pctx->k); - JPAKE_BN_CLEAR_FREE(pctx->x1); - JPAKE_BN_CLEAR_FREE(pctx->x2); - JPAKE_BN_CLEAR_FREE(pctx->x3); - JPAKE_BN_CLEAR_FREE(pctx->x4); - JPAKE_BN_CLEAR_FREE(pctx->g_x1); - JPAKE_BN_CLEAR_FREE(pctx->g_x2); - JPAKE_BN_CLEAR_FREE(pctx->g_x3); - JPAKE_BN_CLEAR_FREE(pctx->g_x4); - JPAKE_BN_CLEAR_FREE(pctx->a); - JPAKE_BN_CLEAR_FREE(pctx->b); - - JPAKE_BUF_CLEAR_FREE(pctx->client_id, pctx->client_id_len); - JPAKE_BUF_CLEAR_FREE(pctx->server_id, pctx->server_id_len); - JPAKE_BUF_CLEAR_FREE(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); - JPAKE_BUF_CLEAR_FREE(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - -#undef JPAKE_BN_CLEAR_FREE -#undef JPAKE_BUF_CLEAR_FREE - - bzero(pctx, sizeof(pctx)); - xfree(pctx); -} - -/* dump entire jpake_ctx. NB. includes private values! */ -void -jpake_dump(struct jpake_ctx *pctx, const char *fmt, ...) -{ - char *out; - va_list args; - - out = NULL; - va_start(args, fmt); - vasprintf(&out, fmt, args); - va_end(args); - if (out == NULL) - fatal("%s: vasprintf failed", __func__); - - debug3("%s: %s (ctx at %p)", __func__, out, pctx); - if (pctx == NULL) { - free(out); - return; - } - -#define JPAKE_DUMP_BN(a) do { \ - if ((a) != NULL) \ - JPAKE_DEBUG_BN(((a), "%s = ", #a)); \ - } while (0) -#define JPAKE_DUMP_BUF(a, b) do { \ - if ((a) != NULL) \ - JPAKE_DEBUG_BUF((a, b, "%s", #a)); \ - } while (0) - - JPAKE_DUMP_BN(pctx->s); - JPAKE_DUMP_BN(pctx->k); - JPAKE_DUMP_BN(pctx->x1); - JPAKE_DUMP_BN(pctx->x2); - JPAKE_DUMP_BN(pctx->x3); - JPAKE_DUMP_BN(pctx->x4); - JPAKE_DUMP_BN(pctx->g_x1); - JPAKE_DUMP_BN(pctx->g_x2); - JPAKE_DUMP_BN(pctx->g_x3); - JPAKE_DUMP_BN(pctx->g_x4); - JPAKE_DUMP_BN(pctx->a); - JPAKE_DUMP_BN(pctx->b); - - JPAKE_DUMP_BUF(pctx->client_id, pctx->client_id_len); - JPAKE_DUMP_BUF(pctx->server_id, pctx->server_id_len); - JPAKE_DUMP_BUF(pctx->h_k_cid_sessid, pctx->h_k_cid_sessid_len); - JPAKE_DUMP_BUF(pctx->h_k_sid_sessid, pctx->h_k_sid_sessid_len); - - debug3("%s: %s done", __func__, out); - free(out); -} - -/* Shared parts of step 1 exchange calculation */ -void -jpake_step1(struct modp_group *grp, - u_char **id, u_int *id_len, - BIGNUM **priv1, BIGNUM **priv2, BIGNUM **g_priv1, BIGNUM **g_priv2, - u_char **priv1_proof, u_int *priv1_proof_len, - u_char **priv2_proof, u_int *priv2_proof_len) -{ - BN_CTX *bn_ctx; - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - - /* Random nonce to prevent replay */ - *id = xmalloc(KZP_ID_LEN); - *id_len = KZP_ID_LEN; - arc4random_buf(*id, *id_len); - - /* - * x1/x3 is a random element of Zq - * x2/x4 is a random element of Z*q - * We also exclude [1] from x1/x3 candidates and [0, 1] from - * x2/x4 candiates to avoid possible degeneracy (i.e. g^0, g^1). - */ - if ((*priv1 = bn_rand_range_gt_one(grp->q)) == NULL || - (*priv2 = bn_rand_range_gt_one(grp->q)) == NULL) - fatal("%s: bn_rand_range_gt_one", __func__); - - /* - * client: g_x1 = g^x1 mod p / server: g_x3 = g^x3 mod p - * client: g_x2 = g^x2 mod p / server: g_x4 = g^x4 mod p - */ - if ((*g_priv1 = BN_new()) == NULL || - (*g_priv2 = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - if (BN_mod_exp(*g_priv1, grp->g, *priv1, grp->p, bn_ctx) == -1) - fatal("%s: BN_mod_exp", __func__); - if (BN_mod_exp(*g_priv2, grp->g, *priv2, grp->p, bn_ctx) == -1) - fatal("%s: BN_mod_exp", __func__); - - /* Generate proofs for holding x1/x3 and x2/x4 */ - if (schnorr_sign_buf(grp->p, grp->q, grp->g, - *priv1, *g_priv1, *id, *id_len, - priv1_proof, priv1_proof_len) != 0) - fatal("%s: schnorr_sign", __func__); - if (schnorr_sign_buf(grp->p, grp->q, grp->g, - *priv2, *g_priv2, *id, *id_len, - priv2_proof, priv2_proof_len) != 0) - fatal("%s: schnorr_sign", __func__); - - BN_CTX_free(bn_ctx); -} - -/* Shared parts of step 2 exchange calculation */ -void -jpake_step2(struct modp_group *grp, BIGNUM *s, - BIGNUM *mypub1, BIGNUM *theirpub1, BIGNUM *theirpub2, BIGNUM *mypriv2, - const u_char *theirid, u_int theirid_len, - const u_char *myid, u_int myid_len, - const u_char *theirpub1_proof, u_int theirpub1_proof_len, - const u_char *theirpub2_proof, u_int theirpub2_proof_len, - BIGNUM **newpub, - u_char **newpub_exponent_proof, u_int *newpub_exponent_proof_len) -{ - BN_CTX *bn_ctx; - BIGNUM *tmp, *exponent; - - /* Validate peer's step 1 values */ - if (BN_cmp(theirpub1, BN_value_one()) <= 0) - fatal("%s: theirpub1 <= 1", __func__); - if (BN_cmp(theirpub1, grp->p) >= 0) - fatal("%s: theirpub1 >= p", __func__); - if (BN_cmp(theirpub2, BN_value_one()) <= 0) - fatal("%s: theirpub2 <= 1", __func__); - if (BN_cmp(theirpub2, grp->p) >= 0) - fatal("%s: theirpub2 >= p", __func__); - - if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub1, - theirid, theirid_len, theirpub1_proof, theirpub1_proof_len) != 1) - fatal("%s: schnorr_verify theirpub1 failed", __func__); - if (schnorr_verify_buf(grp->p, grp->q, grp->g, theirpub2, - theirid, theirid_len, theirpub2_proof, theirpub2_proof_len) != 1) - fatal("%s: schnorr_verify theirpub2 failed", __func__); - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - - if ((*newpub = BN_new()) == NULL || - (tmp = BN_new()) == NULL || - (exponent = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* - * client: exponent = x2 * s mod p - * server: exponent = x4 * s mod p - */ - if (BN_mod_mul(exponent, mypriv2, s, grp->q, bn_ctx) != 1) - fatal("%s: BN_mod_mul (exponent = mypriv2 * s mod p)", - __func__); - - /* - * client: tmp = g^(x1 + x3 + x4) mod p - * server: tmp = g^(x1 + x2 + x3) mod p - */ - if (BN_mod_mul(tmp, mypub1, theirpub1, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = mypub1 * theirpub1 mod p)", - __func__); - if (BN_mod_mul(tmp, tmp, theirpub2, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = tmp * theirpub2 mod p)", __func__); - - /* - * client: a = tmp^exponent = g^((x1+x3+x4) * x2 * s) mod p - * server: b = tmp^exponent = g^((x1+x2+x3) * x4 * s) mod p - */ - if (BN_mod_exp(*newpub, tmp, exponent, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (newpub = tmp^exponent mod p)", __func__); - - JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__)); - JPAKE_DEBUG_BN((exponent, "%s: exponent = ", __func__)); - - /* Note the generator here is 'tmp', not g */ - if (schnorr_sign_buf(grp->p, grp->q, tmp, exponent, *newpub, - myid, myid_len, - newpub_exponent_proof, newpub_exponent_proof_len) != 0) - fatal("%s: schnorr_sign newpub", __func__); - - BN_clear_free(tmp); /* XXX stash for later use? */ - BN_clear_free(exponent); /* XXX stash for later use? (yes, in conf) */ - - BN_CTX_free(bn_ctx); -} - -/* Confirmation hash calculation */ -void -jpake_confirm_hash(const BIGNUM *k, - const u_char *endpoint_id, u_int endpoint_id_len, - const u_char *sess_id, u_int sess_id_len, - u_char **confirm_hash, u_int *confirm_hash_len) -{ - Buffer b; - - /* - * Calculate confirmation proof: - * client: H(k || client_id || session_id) - * server: H(k || server_id || session_id) - */ - buffer_init(&b); - buffer_put_bignum2(&b, k); - buffer_put_string(&b, endpoint_id, endpoint_id_len); - buffer_put_string(&b, sess_id, sess_id_len); - if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(), - confirm_hash, confirm_hash_len) != 0) - fatal("%s: hash_buffer", __func__); - buffer_free(&b); -} - -/* Shared parts of key derivation and confirmation calculation */ -void -jpake_key_confirm(struct modp_group *grp, BIGNUM *s, BIGNUM *step2_val, - BIGNUM *mypriv2, BIGNUM *mypub1, BIGNUM *mypub2, - BIGNUM *theirpub1, BIGNUM *theirpub2, - const u_char *my_id, u_int my_id_len, - const u_char *their_id, u_int their_id_len, - const u_char *sess_id, u_int sess_id_len, - const u_char *theirpriv2_s_proof, u_int theirpriv2_s_proof_len, - BIGNUM **k, - u_char **confirm_hash, u_int *confirm_hash_len) -{ - BN_CTX *bn_ctx; - BIGNUM *tmp; - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - if ((tmp = BN_new()) == NULL || - (*k = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - /* Validate step 2 values */ - if (BN_cmp(step2_val, BN_value_one()) <= 0) - fatal("%s: step2_val <= 1", __func__); - if (BN_cmp(step2_val, grp->p) >= 0) - fatal("%s: step2_val >= p", __func__); - - /* - * theirpriv2_s_proof is calculated with a different generator: - * tmp = g^(mypriv1+mypriv2+theirpub1) = g^mypub1*g^mypub2*g^theirpub1 - * Calculate it here so we can check the signature. - */ - if (BN_mod_mul(tmp, mypub1, mypub2, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = mypub1 * mypub2 mod p)", __func__); - if (BN_mod_mul(tmp, tmp, theirpub1, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = tmp * theirpub1 mod p)", __func__); - - JPAKE_DEBUG_BN((tmp, "%s: tmp = ", __func__)); - - if (schnorr_verify_buf(grp->p, grp->q, tmp, step2_val, - their_id, their_id_len, - theirpriv2_s_proof, theirpriv2_s_proof_len) != 1) - fatal("%s: schnorr_verify theirpriv2_s_proof failed", __func__); - - /* - * Derive shared key: - * client: k = (b / g^(x2*x4*s))^x2 = g^((x1+x3)*x2*x4*s) - * server: k = (a / g^(x2*x4*s))^x4 = g^((x1+x3)*x2*x4*s) - * - * Computed as: - * client: k = (g_x4^(q - (x2 * s)) * b)^x2 mod p - * server: k = (g_x2^(q - (x4 * s)) * b)^x4 mod p - */ - if (BN_mul(tmp, mypriv2, s, bn_ctx) != 1) - fatal("%s: BN_mul (tmp = mypriv2 * s)", __func__); - if (BN_mod_sub(tmp, grp->q, tmp, grp->q, bn_ctx) != 1) - fatal("%s: BN_mod_sub (tmp = q - tmp mod q)", __func__); - if (BN_mod_exp(tmp, theirpub2, tmp, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_exp (tmp = theirpub2^tmp) mod p", __func__); - if (BN_mod_mul(tmp, tmp, step2_val, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_mul (tmp = tmp * step2_val) mod p", __func__); - if (BN_mod_exp(*k, tmp, mypriv2, grp->p, bn_ctx) != 1) - fatal("%s: BN_mod_exp (k = tmp^mypriv2) mod p", __func__); - - BN_CTX_free(bn_ctx); - BN_clear_free(tmp); - - jpake_confirm_hash(*k, my_id, my_id_len, sess_id, sess_id_len, - confirm_hash, confirm_hash_len); -} - -/* - * Calculate and check confirmation hash from peer. Returns 1 on success - * 0 on failure/mismatch. - */ -int -jpake_check_confirm(const BIGNUM *k, - const u_char *peer_id, u_int peer_id_len, - const u_char *sess_id, u_int sess_id_len, - const u_char *peer_confirm_hash, u_int peer_confirm_hash_len) -{ - u_char *expected_confirm_hash; - u_int expected_confirm_hash_len; - int success = 0; - - /* Calculate and verify expected confirmation hash */ - jpake_confirm_hash(k, peer_id, peer_id_len, sess_id, sess_id_len, - &expected_confirm_hash, &expected_confirm_hash_len); - - JPAKE_DEBUG_BUF((expected_confirm_hash, expected_confirm_hash_len, - "%s: expected confirm hash", __func__)); - JPAKE_DEBUG_BUF((peer_confirm_hash, peer_confirm_hash_len, - "%s: received confirm hash", __func__)); - - if (peer_confirm_hash_len != expected_confirm_hash_len) - error("%s: confirmation length mismatch (my %u them %u)", - __func__, expected_confirm_hash_len, peer_confirm_hash_len); - else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash, - expected_confirm_hash_len) == 0) - success = 1; - bzero(expected_confirm_hash, expected_confirm_hash_len); - xfree(expected_confirm_hash); - debug3("%s: success = %d", __func__, success); - return success; -} - -/* XXX main() function with tests */ - -#endif /* JPAKE */ - diff --git a/jpake.h b/jpake.h deleted file mode 100644 index a3f2cf0..0000000 --- a/jpake.h +++ /dev/null @@ -1,114 +0,0 @@ -/* $OpenBSD: jpake.h,v 1.2 2009/03/05 07:18:19 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef JPAKE_H -#define JPAKE_H - -#include - -#include - -/* Set JPAKE_DEBUG in CFLAGS for privacy-violating debugging */ -#ifndef JPAKE_DEBUG -# define JPAKE_DEBUG_BN(a) -# define JPAKE_DEBUG_BUF(a) -# define JPAKE_DEBUG_CTX(a) -#else -# define JPAKE_DEBUG_BN(a) debug3_bn a -# define JPAKE_DEBUG_BUF(a) debug3_buf a -# define JPAKE_DEBUG_CTX(a) jpake_dump a -#endif /* JPAKE_DEBUG */ - -#define KZP_ID_LEN 16 /* Length of client and server IDs */ - -struct jpake_ctx { - /* Parameters */ - struct modp_group *grp; - - /* Private values shared by client and server */ - BIGNUM *s; /* Secret (salted, crypted password) */ - BIGNUM *k; /* Derived key */ - - /* Client private values (NULL for server) */ - BIGNUM *x1; /* random in Zq */ - BIGNUM *x2; /* random in Z*q */ - - /* Server private values (NULL for server) */ - BIGNUM *x3; /* random in Zq */ - BIGNUM *x4; /* random in Z*q */ - - /* Step 1: C->S */ - u_char *client_id; /* Anti-replay nonce */ - u_int client_id_len; - BIGNUM *g_x1; /* g^x1 */ - BIGNUM *g_x2; /* g^x2 */ - - /* Step 1: S->C */ - u_char *server_id; /* Anti-replay nonce */ - u_int server_id_len; - BIGNUM *g_x3; /* g^x3 */ - BIGNUM *g_x4; /* g^x4 */ - - /* Step 2: C->S */ - BIGNUM *a; /* g^((x1+x3+x4)*x2*s) */ - - /* Step 2: S->C */ - BIGNUM *b; /* g^((x1+x2+x3)*x4*s) */ - - /* Confirmation: C->S */ - u_char *h_k_cid_sessid; /* H(k || client_id || session_id) */ - u_int h_k_cid_sessid_len; - - /* Confirmation: S->C */ - u_char *h_k_sid_sessid; /* H(k || server_id || session_id) */ - u_int h_k_sid_sessid_len; -}; - -/* jpake.c */ -struct modp_group *jpake_default_group(void); -void jpake_dump(struct jpake_ctx *, const char *, ...) - __attribute__((__nonnull__ (2))) - __attribute__((format(printf, 2, 3))); -struct jpake_ctx *jpake_new(void); -void jpake_free(struct jpake_ctx *); - -void jpake_step1(struct modp_group *, u_char **, u_int *, - BIGNUM **, BIGNUM **, BIGNUM **, BIGNUM **, - u_char **, u_int *, u_char **, u_int *); - -void jpake_step2(struct modp_group *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - const u_char *, u_int, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int, - BIGNUM **, u_char **, u_int *); - -void jpake_confirm_hash(const BIGNUM *, - const u_char *, u_int, - const u_char *, u_int, - u_char **, u_int *); - -void jpake_key_confirm(struct modp_group *, BIGNUM *, BIGNUM *, - BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - const u_char *, u_int, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int, - BIGNUM **, u_char **, u_int *); - -int jpake_check_confirm(const BIGNUM *, const u_char *, u_int, - const u_char *, u_int, const u_char *, u_int); - -#endif /* JPAKE_H */ - diff --git a/kerberos-sspi.c b/kerberos-sspi.c deleted file mode 100644 index 79fae4e..0000000 --- a/kerberos-sspi.c +++ /dev/null @@ -1,863 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#ifdef WIN32_FIXME - -/* - * Includes. - */ - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) -#include -#endif - -#include "openbsd-compat/sys-queue.h" - -#include "xmalloc.h" -#include "ssh.h" -#include "ssh2.h" -#include "buffer.h" -#include "packet.h" -#include "compat.h" -#include "cipher.h" -#include "key.h" -#include "kex.h" -#include "myproposal.h" -#include "sshconnect.h" -#include "authfile.h" -#include "dh.h" -#include "authfd.h" -#include "log.h" -#include "readconf.h" -#include "misc.h" -#include "match.h" -#include "dispatch.h" -#include "canohost.h" -#include "msg.h" -#include "pathnames.h" -#include "uidswap.h" -#include "hostfile.h" -#include "schnorr.h" -#include "jpake.h" -#include "ssh-gss.h" - -#include "kerberos-sspi.h" - -/* - * Defines. - */ - -#define FAIL(X) if (X) goto fail -#define FAILEX(X, ...) if (X) {error(__VA_ARGS__); goto fail;} -#define SSPI_FAIL(X) if ((sspiCode = (X)) != SEC_E_OK) goto fail - -/* - * Structs. - */ - -typedef struct Authctxt Authctxt; -typedef struct Authmethod Authmethod; - -struct Authmethod -{ - char *name; - - void *userauth; - void *cleanup; - - int *enabled; - int *batch_flag; -}; - -struct Authctxt -{ - const char *server_user; - const char *local_user; - const char *host; - const char *service; - - Authmethod *method; - - sig_atomic_t success; - - char *authlist; - - void *keys; - void *agent; - void *sensitive; - - int info_req_seen; - - void *methoddata; -}; - -/* - * Hardcoded, kerberos5 OID in format. - */ - -static unsigned char KRB5_OID[] = -{ - SSH_GSS_OIDTYPE, - 9, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 -}; - -void input_sspi_kerberos_token(int type, u_int32_t plen, void *ctxt); -void input_sspi_kerberos_error(int type, u_int32_t plen, void *ctxt); -void input_sspi_kerberos_errtok(int type, u_int32_t plen, void *ctxt); - -int SspiProcessToken(void *input, int inputSize, Authctxt *auth); - -void input_sspi_kerberos_response(int type, u_int32_t plen, void *ctxt); - -/* - * Convert SECURITY_STATUS code into human readable string. - * - * RETURNS: Human readable string or "UNKNOWN" if unknown code. - */ - -const char *SspiGetCodeName(DWORD code) -{ - struct - { - DWORD code_; - - const char *name_; - } - map[] = - { - {SEC_E_OK, "SEC_E_OK"}, - {SEC_E_CERT_EXPIRED, "SEC_E_CERT_EXPIRED"}, - {SEC_E_INCOMPLETE_MESSAGE, "SEC_E_INCOMPLETE_MESSAGE"}, - {SEC_E_INSUFFICIENT_MEMORY, "SEC_E_INSUFFICIENT_MEMORY"}, - {SEC_E_INTERNAL_ERROR, "SEC_E_INTERNAL_ERROR"}, - {SEC_E_INVALID_HANDLE, "SEC_E_INTERNAL_ERROR"}, - {SEC_E_INVALID_TOKEN, "SEC_E_INTERNAL_ERROR"}, - {SEC_E_LOGON_DENIED, "SEC_E_INTERNAL_ERROR"}, - {SEC_E_NO_AUTHENTICATING_AUTHORITY, "SEC_E_INTERNAL_ERROR"}, - {SEC_E_NO_CREDENTIALS, "SEC_E_INTERNAL_ERROR"}, - {SEC_E_TARGET_UNKNOWN, "SEC_E_TARGET_UNKNOWN"}, - {SEC_E_UNSUPPORTED_FUNCTION, "SEC_E_UNSUPPORTED_FUNCTION"}, - {SEC_E_UNTRUSTED_ROOT, "SEC_E_UNTRUSTED_ROOT"}, - {SEC_E_WRONG_PRINCIPAL, "SEC_E_WRONG_PRINCIPAL"}, - {SEC_E_SECPKG_NOT_FOUND, "SEC_E_SECPKG_NOT_FOUND"}, - {SEC_E_QOP_NOT_SUPPORTED, "SEC_E_QOP_NOT_SUPPORTED"}, - {SEC_E_UNKNOWN_CREDENTIALS, "SEC_E_UNKNOWN_CREDENTIALS"}, - {SEC_E_NOT_OWNER, "SEC_E_NOT_OWNER"}, - {SEC_I_RENEGOTIATE, "SEC_I_RENEGOTIATE"}, - {SEC_I_COMPLETE_AND_CONTINUE, "SEC_I_COMPLETE_AND_CONTINUE"}, - {SEC_I_COMPLETE_NEEDED, "SEC_I_COMPLETE_NEEDED"}, - {SEC_I_CONTINUE_NEEDED, "SEC_I_CONTINUE_NEEDED"}, - {SEC_I_INCOMPLETE_CREDENTIALS, "SEC_I_INCOMPLETE_CREDENTIALS"}, - {0, NULL} - }; - - int i = 0; - - for (i = 0; map[i].name_ != NULL; i++) - { - if (map[i].code_ == code) - { - return map[i].name_; - } - } - - return "UNKNOWN"; -} - -/* - * Free SSPI context allocated in userauth_sspi_kerberos(). - * This struct is stored inside AuthCtx as 'methoddata'. - */ - -void userauth_sspi_kerberos_cleanup(Authctxt *authctxt) -{ - debug3("-> userauth_sspi_kerberos_cleanup()..."); - - if (authctxt != NULL) - { - SspiContext *sspi = authctxt -> methoddata; - - if (sspi != NULL) - { - if (FreeCredentialsHandle(&sspi -> credHandle) != SEC_E_OK) - { - error("WARNING: Cannot free SSPI credentials."); - } - - if (DeleteSecurityContext(&sspi -> context) != SEC_E_OK) - { - error("WARNING: Cannot delete SSPI context."); - } - - if (sspi -> targetName != NULL) - { - free(sspi -> targetName); - } - - if (sspi -> oidOut != NULL) - { - free(sspi -> oidOut); - } - - free(sspi); - - authctxt -> methoddata = NULL; - } - } - - debug3("<- userauth_sspi_kerberos_cleanup()..."); -} - -/* - * Perform Kerberos authentication via native SSPI. - */ - -int userauth_sspi_kerberos(Authctxt *authctxt) -{ - static int alreadyCalled = 0; - - /* - * If this auth was tried before, it means - * one of futher step fails. - * Don't try once again. - */ - - if (alreadyCalled == 1) - { - return 0; - } - - debug3("-> userauth_sspi_kerberos()..."); - - int exitCode = 0; - - SspiContext *sspi = NULL; - - - alreadyCalled = 1; - - /* - * Allocate new SSPI context. - */ - - debug3("Allocating new SSPI auth context..."); - - sspi = calloc(sizeof(SspiContext), 1); - - FAILEX(sspi == NULL, "ERROR: Out of memory."); - - authctxt -> methoddata = sspi; - - debug3("Set auth context to [%p].", sspi); - - /* - * Add 'host/' prefix to server name. - */ - - sspi -> targetName = malloc(sizeof("host/") + strlen(authctxt -> host)); - - FAILEX(sspi -> targetName == NULL, "ERROR: Out of memory"); - - strcpy(sspi -> targetName, "host/"); - strcat(sspi -> targetName, authctxt -> host); - - /* - * Set kerberos5 as outgoing OID. - */ - - debug3("Setting up KRB5 mechanism as outgoing OID..."); - - sspi -> oidOutLen = sizeof(KRB5_OID); - sspi -> oidOut = malloc(sizeof(KRB5_OID)); - - FAILEX(sspi -> oidOut == NULL, "ERROR: Out of memory."); - - memcpy(sspi -> oidOut, KRB5_OID, sizeof(KRB5_OID)); - - /* - * Send SSH2_MSG_USERAUTH_REQUEST packet to server. - * We declare that we want kerberos authentication here. - */ - - debug3("Sending SSH2_MSG_USERAUTH_REQUEST:"); - debug3(" Server user : [%s].", authctxt -> server_user); - debug3(" Service : [%s].", authctxt -> service); - debug3(" Method : [%s].", authctxt -> method -> name); - - packet_start(SSH2_MSG_USERAUTH_REQUEST); - - packet_put_cstring(authctxt -> server_user); - packet_put_cstring(authctxt -> service); - packet_put_cstring(authctxt -> method -> name); - - /* - * Declare 1 Kerberos5 mechanism. - * - * 0 4 number of OIDs (hardcoded to 1) - * 4 4 total len in bytes - * 8 ... OID's data - */ - - packet_put_int(1); - - packet_put_int(sspi -> oidOutLen); - packet_put_raw(sspi -> oidOut, sspi -> oidOutLen); - - packet_send(); - - /* - * Set callbacks to handle auth specific packets. - */ - - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_sspi_kerberos_response); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_sspi_kerberos_token); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_sspi_kerberos_error); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_sspi_kerberos_errtok); - - exitCode = 1; - - /* - * Error handler. - */ - - fail: - - if (exitCode == 0) - { - error("ERROR: Cannot perform kerberos SSPI authentication.\n" - "WINAPI error code is : %u.", GetLastError()); - } - - debug3("<- userauth_sspi_kerberos()..."); - - return exitCode; -} - -/* - * Parse incoming SSH2_MSG_USERAUTH_GSSAPI_TOKEN packet. - * Called as long as handshake process finished. - * - * One incoming SSH2_MSG_USERAUTH_GSSAPI_TOKEN means: - * - * - one outcoming SSH2_MSG_USERAUTH_GSSAPI_TOKEN sent if handshake not - * finished. - * - * - one outcoming SSH2_MSG_USERAUTH_GSSAPI_MIC if handshake finished. - * - * - one outcoming SSH2_MSG_USERAUTH_GSSAPI_ERRTOK if error. - * - * type - UNUSED. - * plen - UNUSED. - * ctxt - User auth context (IN/OUT). - */ - -void input_sspi_kerberos_token(int type, u_int32_t plen, void *ctxt) -{ - debug3("-> input_sspi_kerberos_token()..."); - - Authctxt *auth = ctxt; - - SspiContext *sspi = NULL; - - int exitCode = -1; - - char *buf = NULL; - - int bufLen = 0; - - SECURITY_STATUS sspiCode = SEC_E_OK; - - debug3("Received [SSH2_MSG_USERAUTH_GSSAPI_TOKEN] packet."); - - /* - * Get back SSPI context created in userauth_sspi_kerberos() call. - */ - - FAILEX(auth == NULL, "ERROR: Auth context cannot be NULL in '%s'.", __FUNCTION__); - - sspi = auth -> methoddata; - - FAILEX(sspi == NULL, "ERROR: SSPI context cannot be NULL in '%s'.", __FUNCTION__); - - /* - * Receive token from server. - */ - - buf = packet_get_string(&bufLen); - - debug3("Received [%d] bytes token.", bufLen); - - /* - * Eat remaining packet's data if any. - * Must called to save integrity on incoming network data. - */ - - packet_check_eom(); - - /* - * Process token received from server. - */ - - FAIL(SspiProcessToken(buf, bufLen, auth)); - - /* - * Clean up. - */ - - exitCode = 0; - - fail: - - if (exitCode) - { - error("ERROR: Cannot process SSH2_MSG_USERAUTH_GSSAPI_TOKEN packet."); - } - - free(buf); - - debug3("<- input_sspi_kerberos_token()..."); -} - -/* - * Process server side fault. - * - * type - UNUSED. - * plen - UNUSED. - * ctxt - UNUSED. - */ - -void input_sspi_kerberos_error(int type, u_int32_t plen, void *ctxt) -{ - debug3("-> input_sspi_kerberos_error()..."); - - OM_uint32 maj = 0; - OM_uint32 min = 0; - - char *msg = NULL; - char *lang = NULL; - - maj = packet_get_int(); - min = packet_get_int(); - msg = packet_get_string(NULL); - lang = packet_get_string(NULL); - - error("Server GSSAPI Error:\n%s", msg); - - packet_check_eom(); - - /* - * Eat remaining packet's data if any. - * Must called to save integrity on incoming network data. - */ - - packet_check_eom(); - - free(msg); - free(lang); - - debug3("<- input_sspi_kerberos_error()..."); -} - -void input_sspi_kerberos_errtok(int type, u_int32_t plen, void *ctxt) -{ - debug3("-> input_sspi_kerberos_errtok()..."); - - input_sspi_kerberos_token(type, plen, ctxt); - - debug3("<- input_sspi_kerberos_errtok()..."); -} - -/* - * Process input token (i.e. message, being part of handshake protocol) - * received from server and send answer (outgoing token) back to server - * if needed. - * - * input - input token received from server or NULL if first time - * called (IN). - * - * inputSize - size of input buffer in bytes (IN). - * auth - pointer to authenticate context (IN). - * - * RETURNS: 0 if OK. - */ - -int SspiProcessToken(void *input, int inputSize, Authctxt *auth) -{ - debug3("-> SspiProcessToken()..."); - - int exitCode = -1; - - /* - * Input (received from server) and outgoing - * (going be to send) tokens. - */ - - SecBuffer inpBuf = {inputSize, SECBUFFER_TOKEN, input}; - SecBuffer outBuf = {0, SECBUFFER_TOKEN, NULL}; - - SecBufferDesc inpBufDesc = {SECBUFFER_VERSION, 1, &inpBuf}; - SecBufferDesc outBufDesc = {SECBUFFER_VERSION, 1, &outBuf}; - - /* - * Plain message to sign at the last hanshake step. - * This message is generated on client side and send - * to server after sign. - */ - - Buffer mic; - - /* - * Buffers to sign 'mic' into 'hash'. - * - * hash[0] = input, plain mic. - * hash[1] = output, signed mic. - */ - - SecPkgContext_Sizes contextSizes = {0}; - - SecBuffer hash[2] = {0}; - - SecBufferDesc hashDesc = {SECBUFFER_VERSION, 2, &hash}; - - unsigned long outFlags = 0; - - unsigned long inpFlags = ISC_REQ_MUTUAL_AUTH - | ISC_REQ_REPLAY_DETECT - | ISC_REQ_CONFIDENTIALITY - | ISC_REQ_ALLOCATE_MEMORY - | ISC_REQ_DELEGATE; - - SECURITY_STATUS sspiCode = SEC_E_OK; - - SspiContext *sspi = NULL; - - /* - * Get back SSPI context created in userauth_sspi_kerberos() call. - */ - - FAILEX(auth == NULL, "ERROR: Auth context cannot be NULL in '%s'.", __FUNCTION__); - - sspi = auth -> methoddata; - - FAILEX(sspi == NULL, "ERROR: SSPI context cannot be NULL in '%s'.", __FUNCTION__); - - /* - * Parse input token received from server. - * This function generates output token needed to send back to server. - */ - - debug3("InitializeSecurityContext:"); - debug3(" Credentials Handle : [%p]", &sspi -> credHandle); - debug3(" Security Context : [%p]", sspi -> contextHandle); - debug3(" Target name : [%s]", sspi -> targetName); - debug3(" ContextReq : [%x]", inpFlags); - debug3(" Target Data Repr. : [%x]", SECURITY_NATIVE_DREP); - debug3(" Input buffer len : [%d]", inpBuf.cbBuffer); - debug3(" Input buffer ptr : [%p]", inpBuf.pvBuffer); - debug3(" Output buffer len : [%d]", outBuf.cbBuffer); - debug3(" Output buffer ptr : [%p]", outBuf.pvBuffer); - - sspiCode = InitializeSecurityContextA(&sspi -> credHandle, sspi -> contextHandle, - sspi -> targetName, inpFlags, - 0, SECURITY_NATIVE_DREP, - &inpBufDesc, 0, - &sspi -> context, - &outBufDesc, - &outFlags, - &sspi -> expiry); - - sspi -> contextHandle = &sspi -> context; - - debug3("InitializeSecurityContext finished with code [0x%x][%s].", - sspiCode, SspiGetCodeName(sspiCode)); - - switch(sspiCode) - { - /* - * Handshake completed. - * Prepare MIC, sign it and send to server. - * After server will accept our hash authentication is completed. - */ - - case SEC_E_OK: - { - debug3("[SEC_E_OK]"); - - SSPI_FAIL(QueryContextAttributesA(&sspi -> context, - SECPKG_ATTR_SIZES, &contextSizes)); - - /* - * Build plain message. - */ - - debug3("Building mic..."); - - ssh_gssapi_buildmic(&mic, auth -> server_user, - auth -> service, "gssapi-with-mic"); - - /* - * Sign message into hash. - */ - - debug3("Signing [%d] bytes mic...", buffer_len(&mic)); - - hash[0].BufferType = SECBUFFER_DATA; - hash[0].cbBuffer = buffer_len(&mic); - hash[0].pvBuffer = buffer_ptr(&mic);; - - hash[1].BufferType = SECBUFFER_TOKEN; - hash[1].cbBuffer = contextSizes.cbMaxSignature; - hash[1].pvBuffer = calloc(contextSizes.cbMaxSignature, 1); - - SSPI_FAIL(MakeSignature(&sspi -> context, 0, &hashDesc, 0)); - - /* - * Send signed message (hash) to server. - */ - - debug3("Sending [%d] bytes hash...", hash[1].cbBuffer); - - packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); - - packet_put_string(hash[1].pvBuffer, hash[1].cbBuffer); - - packet_send(); - - buffer_free(&mic); - - break; - } - - /* - * Handshake is in progress. - * Send next partial packet to server. - */ - - case SEC_I_CONTINUE_NEEDED: - { - debug3("[SEC_I_CONTINUE_NEEDED]"); - - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - - debug3("Sending [%d] bytes token...", outBuf.cbBuffer); - - packet_put_string(outBuf.pvBuffer, outBuf.cbBuffer); - - packet_send(); - - break; - } - - /* - * Unexpected code. Treat as error. - * Tell server that something fail. - */ - - default: - { - error("Unhandled code [%x].", sspiCode); - - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - - packet_send(); - - goto fail; - } - } - - /* - * Clean up. - */ - - exitCode = 0; - - fail: - - if (exitCode) - { - error("ERROR: Cannot process SSH2_MSG_USERAUTH_GSSAPI_TOKEN packet.\n" - "SSPI code is : 0x%x / [%s].\nWINAPI code is : %d.", - sspiCode, SspiGetCodeName(sspiCode), GetLastError()); - } - - buffer_free(&mic); - - if (hash[1].pvBuffer) - { - free(hash[1].pvBuffer); - } - - FreeContextBuffer(outBuf.pvBuffer); - - debug3("<- SspiProcessToken()..."); - - return exitCode; -} - -/* - * Process SSH2_MSG_USERAUTH_GSSAPI_RESPONSE packet sent by server - * as response for SSH2_MSG_USERAUTH_REQUEST. - * Shoud called one time. - * - * type - UNUSED. - * plen - UNUSED. - * ctxt - User auth context (IN/OUT). - */ - -void input_sspi_kerberos_response(int type, u_int32_t plen, void *ctxt) -{ - debug3("-> input_sspi_kerberos_response()..."); - - debug3("SSH2_MSG_USERAUTH_REQUEST packet received."); - - Authctxt *auth = ctxt; - - SspiContext *sspi = NULL; - - int oidlen = 0; - - char *oid = NULL; - - int exitCode = -1; - - SECURITY_STATUS sspiCode = SEC_E_OK; - - /* - * Get back SSPI context created in userauth_sspi_kerberos() call. - */ - - sspi = auth -> methoddata; - - FAILEX(sspi == NULL, - "ERROR: SSPI context cannot"" be NULL in '%s'.", - __FUNCTION__); - - /* - * Read OID from server. - */ - - oid = packet_get_string(&oidlen); - - debug3("Received [%d] bytes OID.", oidlen); - - /* - * Verify is OID correct. - * If all ok, server should response the same OID, which - * we sent in userauth_sspi_kerberos() call. - */ - - FAILEX(oidlen <= 2, "ERROR: OID too short."); - - FAILEX(oid[0] != SSH_GSS_OIDTYPE, "ERROR: Wrong OID's type."); - - FAILEX(oid[1] != oidlen - 2, "ERROR: Wrong OID's len field."); - - FAILEX(oidlen != sspi -> oidOutLen, "ERROR: OID's len mismatch."); - - FAILEX(memcmp(oid, sspi -> oidOut, oidlen), "ERROR: OID's data mismatch."); - - /* - * Eat remaining packet's data if any. - * Must called to save integrity on incoming network data. - */ - - packet_check_eom(); - - /* - * Here, we know server knows and accepted request to - * perform kerberos5 auth. - */ - - /* - * Get creadentials ticket from local SSPI/Kerberos cache. - */ - - debug3("Acquiring SSPI/Kerberos credentials..."); - - SSPI_FAIL(AcquireCredentialsHandleA(NULL, "Kerberos", - SECPKG_CRED_OUTBOUND, - NULL, NULL, NULL, NULL, - &sspi -> credHandle, - &sspi -> expiry)); - - debug3("Acquired SSPI/Kerberos creentials [%p].", sspi -> credHandle); - - /* - * Start auth negotiation. - * Get first outgoing packet to set to server from SSPI. - */ - - FAIL(SspiProcessToken(NULL, 0, auth)); - - /* - * Clean up. - */ - - exitCode = 0; - - fail: - - if (exitCode) - { - error("ERROR: Cannot process SSH2_MSG_USERAUTH_GSSAPI_RESPONSE packet.\n" - "SSPI code is : 0x%x / [%s].\nWINAPI code is : %d.", - sspiCode, SspiGetCodeName(sspiCode), GetLastError()); - - /* - * If current method fails, try next one. - */ - - userauth(auth, NULL); - } - - free(oid); - - debug3("<- input_sspi_kerberos_response()..."); -} - -#endif /* WIN32_FIXME */ diff --git a/kerberos-sspi.h b/kerberos-sspi.h deleted file mode 100644 index 6b44729..0000000 --- a/kerberos-sspi.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2009, 2011 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef KerberosSspi_H -#define KerberosSspi_H - -#include "ssh-gss.h" - -#define SECURITY_WIN32 - -#include -#include - -/* - * Auth context for SSPI usage. - */ - -typedef struct SspiContext_t -{ - unsigned char *oidOut; - - int oidOutLen; - - char *targetName; - - CredHandle credHandle; - - CtxtHandle context; - - PCtxtHandle contextHandle; - - TimeStamp expiry; -} -SspiContext; - -#endif /* KerberosSspi_H */ diff --git a/kex.c b/kex.c index 9bd5eb8..50c7a0f 100644 --- a/kex.c +++ b/kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.109 2015/07/30 00:01:34 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -35,6 +35,7 @@ #ifdef WITH_OPENSSL #include +#include #endif #include "ssh2.h" @@ -49,13 +50,20 @@ #include "misc.h" #include "dispatch.h" #include "monitor.h" -#include "roaming.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" - /* prototype */ +#if OPENSSL_VERSION_NUMBER >= 0x00907000L +# if defined(HAVE_EVP_SHA256) +# define evp_ssh_sha256 EVP_sha256 +# else +extern const EVP_MD *evp_ssh_sha256(void); +# endif +#endif + +/* prototype */ static int kex_choose_conf(struct ssh *); static int kex_input_newkeys(int, u_int32_t, void *); @@ -80,19 +88,30 @@ struct kexalg { }; static const struct kexalg kexalgs[] = { #ifdef WITH_OPENSSL -{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, -{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, -{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, -{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, -{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, -NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, -{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, -SSH_DIGEST_SHA384 }, -{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, -SSH_DIGEST_SHA512 }, -#endif -{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, -{ NULL, -1, -1, -1 }, + { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, + { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, + { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, +#ifdef HAVE_EVP_SHA256 + { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 */ +#ifdef OPENSSL_HAS_ECC + { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, + NID_X9_62_prime256v1, SSH_DIGEST_SHA256 }, + { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, + SSH_DIGEST_SHA384 }, +# ifdef OPENSSL_HAS_NISTP521 + { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, + SSH_DIGEST_SHA512 }, +# endif /* OPENSSL_HAS_NISTP521 */ +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ +#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL) + { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, +#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ + { NULL, -1, -1, -1}, }; char * @@ -140,7 +159,7 @@ kex_names_valid(const char *names) if ((s = cp = strdup(names)) == NULL) return 0; for ((p = strsep(&cp, ",")); p && *p != '\0'; - (p = strsep(&cp, ","))) { + (p = strsep(&cp, ","))) { if (kex_alg_by_name(p) == NULL) { error("Unsupported KEX algorithm \"%.100s\"", p); free(s); @@ -153,9 +172,9 @@ kex_names_valid(const char *names) } /* -* Concatenate algorithm names, avoiding duplicates in the process. -* Caller must free returned string. -*/ + * Concatenate algorithm names, avoiding duplicates in the process. + * Caller must free returned string. + */ char * kex_names_cat(const char *a, const char *b) { @@ -166,11 +185,11 @@ kex_names_cat(const char *a, const char *b) return NULL; if (b == NULL || *b == '\0') return strdup(a); - if (strlen(b) > 1024 * 1024) + if (strlen(b) > 1024*1024) return NULL; len = strlen(a) + strlen(b) + 2; if ((tmp = cp = strdup(b)) == NULL || - (ret = calloc(1, len)) == NULL) { + (ret = calloc(1, len)) == NULL) { free(tmp); return NULL; } @@ -179,7 +198,7 @@ kex_names_cat(const char *a, const char *b) if (match_list(ret, p, NULL) != NULL) continue; /* Algorithm already present */ if (strlcat(ret, ",", len) >= len || - strlcat(ret, p, len) >= len) { + strlcat(ret, p, len) >= len) { free(tmp); free(ret); return NULL; /* Shouldn't happen */ @@ -190,10 +209,10 @@ kex_names_cat(const char *a, const char *b) } /* -* Assemble a list of algorithms from a default list and a string from a -* configuration file. The user-provided string may begin with '+' to -* indicate that it should be appended to the default. -*/ + * Assemble a list of algorithms from a default list and a string from a + * configuration file. The user-provided string may begin with '+' to + * indicate that it should be appended to the default. + */ int kex_assemble_names(const char *def, char **list) { @@ -224,9 +243,9 @@ kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) sshbuf_reset(b); /* - * add a dummy cookie, the cookie will be overwritten by - * kex_send_kexinit(), each time a kexinit is set - */ + * add a dummy cookie, the cookie will be overwritten by + * kex_send_kexinit(), each time a kexinit is set + */ for (i = 0; i < KEX_COOKIE_LEN; i++) { if ((r = sshbuf_put_u8(b, 0)) != 0) return r; @@ -236,7 +255,7 @@ kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) return r; } if ((r = sshbuf_put_u8(b, 0)) != 0 || /* first_kex_packet_follows */ - (r = sshbuf_put_u32(b, 0)) != 0) /* uint32 reserved */ + (r = sshbuf_put_u32(b, 0)) != 0) /* uint32 reserved */ return r; return 0; } @@ -267,16 +286,16 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp) debug2("%s: %s", proposal_names[i], proposal[i]); } /* first kex follows / reserved */ - if ((r = sshbuf_get_u8(b, &v)) != 0 || - (r = sshbuf_get_u32(b, &i)) != 0) + if ((r = sshbuf_get_u8(b, &v)) != 0 || /* first_kex_follows */ + (r = sshbuf_get_u32(b, &i)) != 0) /* reserved */ goto out; if (first_kex_follows != NULL) - *first_kex_follows = i; + *first_kex_follows = v; debug2("first_kex_follows %d ", v); debug2("reserved %u ", i); r = 0; *propp = proposal; -out: + out: if (r != 0 && proposal != NULL) kex_prop_free(proposal); sshbuf_free(b); @@ -304,8 +323,8 @@ kex_protocol_error(int type, u_int32_t seq, void *ctxt) error("kex protocol error: type %d seq %u", type, seq); if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || - (r = sshpkt_put_u32(ssh, seq)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_u32(ssh, seq)) != 0 || + (r = sshpkt_send(ssh)) != 0) return r; return 0; } @@ -314,10 +333,24 @@ static void kex_reset_dispatch(struct ssh *ssh) { ssh_dispatch_range(ssh, SSH2_MSG_TRANSPORT_MIN, - SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); + SSH2_MSG_TRANSPORT_MAX, &kex_protocol_error); ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); } +static int +kex_send_ext_info(struct ssh *ssh) +{ + int r; + + if ((r = sshpkt_start(ssh, SSH2_MSG_EXT_INFO)) != 0 || + (r = sshpkt_put_u32(ssh, 1)) != 0 || + (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 || + (r = sshpkt_put_cstring(ssh, "rsa-sha2-256,rsa-sha2-512")) != 0 || + (r = sshpkt_send(ssh)) != 0) + return r; + return 0; +} + int kex_send_newkeys(struct ssh *ssh) { @@ -325,14 +358,56 @@ kex_send_newkeys(struct ssh *ssh) kex_reset_dispatch(ssh); if ((r = sshpkt_start(ssh, SSH2_MSG_NEWKEYS)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) return r; debug("SSH2_MSG_NEWKEYS sent"); debug("expecting SSH2_MSG_NEWKEYS"); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); + if (ssh->kex->ext_info_c) + if ((r = kex_send_ext_info(ssh)) != 0) + return r; return 0; } +int +kex_input_ext_info(int type, u_int32_t seq, void *ctxt) +{ + struct ssh *ssh = ctxt; + struct kex *kex = ssh->kex; + u_int32_t i, ninfo; + char *name, *val, *found; + int r; + + debug("SSH2_MSG_EXT_INFO received"); + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); + if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) + return r; + for (i = 0; i < ninfo; i++) { + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) + return r; + if ((r = sshpkt_get_cstring(ssh, &val, NULL)) != 0) { + free(name); + return r; + } + debug("%s: %s=<%s>", __func__, name, val); + if (strcmp(name, "server-sig-algs") == 0) { + found = match_list("rsa-sha2-256", val, NULL); + if (found) { + kex->rsa_sha2 = 256; + free(found); + } + found = match_list("rsa-sha2-512", val, NULL); + if (found) { + kex->rsa_sha2 = 512; + free(found); + } + } + free(name); + free(val); + } + return sshpkt_get_end(ssh); +} + static int kex_input_newkeys(int type, u_int32_t seq, void *ctxt) { @@ -374,8 +449,8 @@ kex_send_kexinit(struct ssh *ssh) arc4random_buf(cookie, KEX_COOKIE_LEN); if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 || - (r = sshpkt_putb(ssh, kex->my)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_putb(ssh, kex->my)) != 0 || + (r = sshpkt_send(ssh)) != 0) return r; debug("SSH2_MSG_KEXINIT sent"); kex->flags |= KEX_INIT_SENT; @@ -409,19 +484,19 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) return r; /* - * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported - * KEX method has the server move first, but a server might be using - * a custom method or one that we otherwise don't support. We should - * be prepared to remember first_kex_follows here so we can eat a - * packet later. - * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means - * for cases where the server *doesn't* go first. I guess we should - * ignore it when it is set for these cases, which is what we do now. - */ + * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported + * KEX method has the server move first, but a server might be using + * a custom method or one that we otherwise don't support. We should + * be prepared to remember first_kex_follows here so we can eat a + * packet later. + * XXX2 - RFC4253 is kind of ambiguous on what first_kex_follows means + * for cases where the server *doesn't* go first. I guess we should + * ignore it when it is set for these cases, which is what we do now. + */ if ((r = sshpkt_get_u8(ssh, NULL)) != 0 || /* first_kex_follows */ - (r = sshpkt_get_u32(ssh, NULL)) != 0 || /* reserved */ - (r = sshpkt_get_end(ssh)) != 0) - return r; + (r = sshpkt_get_u32(ssh, NULL)) != 0 || /* reserved */ + (r = sshpkt_get_end(ssh)) != 0) + return r; if (!(kex->flags & KEX_INIT_SENT)) if ((r = kex_send_kexinit(ssh)) != 0) @@ -445,7 +520,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) if ((kex = calloc(1, sizeof(*kex))) == NULL) return SSH_ERR_ALLOC_FAIL; if ((kex->peer = sshbuf_new()) == NULL || - (kex->my = sshbuf_new()) == NULL) { + (kex->my = sshbuf_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -455,7 +530,7 @@ kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp) kex_reset_dispatch(ssh); r = 0; *kexp = kex; -out: + out: if (r != 0) kex_free(kex); return r; @@ -498,10 +573,13 @@ kex_free(struct kex *kex) u_int mode; #ifdef WITH_OPENSSL - sshdh_free(kex->dh); + if (kex->dh) + DH_free(kex->dh); +#ifdef OPENSSL_HAS_ECC if (kex->ec_client_key) EC_KEY_free(kex->ec_client_key); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ for (mode = 0; mode < MODE_MAX; mode++) { kex_free_newkeys(kex->newkeys[mode]); kex->newkeys[mode] = NULL; @@ -512,6 +590,8 @@ kex_free(struct kex *kex) free(kex->client_version_string); free(kex->server_version_string); free(kex->failed_choice); + free(kex->hostkey_alg); + free(kex->name); free(kex); } @@ -530,6 +610,25 @@ kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX]) return 0; } +/* + * Request key re-exchange, returns 0 on success or a ssherr.h error + * code otherwise. Must not be called if KEX is incomplete or in-progress. + */ +int +kex_start_rekex(struct ssh *ssh) +{ + if (ssh->kex == NULL) { + error("%s: no kex", __func__); + return SSH_ERR_INTERNAL_ERROR; + } + if (ssh->kex->done == 0) { + error("%s: requested twice", __func__); + return SSH_ERR_INTERNAL_ERROR; + } + ssh->kex->done = 0; + return kex_send_kexinit(ssh); +} + static int choose_enc(struct sshenc *enc, char *client, char *server) { @@ -576,14 +675,11 @@ choose_comp(struct sshcomp *comp, char *client, char *server) return SSH_ERR_NO_COMPRESS_ALG_MATCH; if (strcmp(name, "zlib@openssh.com") == 0) { comp->type = COMP_DELAYED; - } - else if (strcmp(name, "zlib") == 0) { + } else if (strcmp(name, "zlib") == 0) { comp->type = COMP_ZLIB; - } - else if (strcmp(name, "none") == 0) { + } else if (strcmp(name, "none") == 0) { comp->type = COMP_NONE; - } - else { + } else { return SSH_ERR_INTERNAL_ERROR; } comp->name = name; @@ -611,17 +707,16 @@ choose_kex(struct kex *k, char *client, char *server) static int choose_hostkeyalg(struct kex *k, char *client, char *server) { - char *hostkeyalg = match_list(client, server, NULL); + k->hostkey_alg = match_list(client, server, NULL); debug("kex: host key algorithm: %s", - hostkeyalg ? hostkeyalg : "(no match)"); - if (hostkeyalg == NULL) + k->hostkey_alg ? k->hostkey_alg : "(no match)"); + if (k->hostkey_alg == NULL) return SSH_ERR_NO_HOSTKEY_ALG_MATCH; - k->hostkey_type = sshkey_type_from_name(hostkeyalg); + k->hostkey_type = sshkey_type_from_name(k->hostkey_alg); if (k->hostkey_type == KEY_UNSPEC) return SSH_ERR_INTERNAL_ERROR; - k->hostkey_nid = sshkey_ecdsa_nid_from_name(hostkeyalg); - free(hostkeyalg); + k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg); return 0; } @@ -641,7 +736,7 @@ proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) *p = '\0'; if (strcmp(my[*idx], peer[*idx]) != 0) { debug2("proposal mismatch: my %s peer %s", - my[*idx], peer[*idx]); + my[*idx], peer[*idx]); return (0); } } @@ -668,34 +763,33 @@ kex_choose_conf(struct ssh *ssh) goto out; if (kex->server) { - cprop = peer; - sprop = my; - } - else { - cprop = my; - sprop = peer; + cprop=peer; + sprop=my; + } else { + cprop=my; + sprop=peer; } - /* Check whether server offers roaming */ - if (!kex->server) { - char *roaming = match_list(KEX_RESUME, - peer[PROPOSAL_KEX_ALGS], NULL); + /* Check whether client supports ext_info_c */ + if (kex->server) { + char *ext; - if (roaming) { - kex->roaming = 1; - free(roaming); + ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); + if (ext) { + kex->ext_info_c = 1; + free(ext); } } /* Algorithm Negotiation */ if ((r = choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], - sprop[PROPOSAL_KEX_ALGS])) != 0) { + sprop[PROPOSAL_KEX_ALGS])) != 0) { kex->failed_choice = peer[PROPOSAL_KEX_ALGS]; peer[PROPOSAL_KEX_ALGS] = NULL; goto out; } if ((r = choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], - sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { + sprop[PROPOSAL_SERVER_HOST_KEY_ALGS])) != 0) { kex->failed_choice = peer[PROPOSAL_SERVER_HOST_KEY_ALGS]; peer[PROPOSAL_SERVER_HOST_KEY_ALGS] = NULL; goto out; @@ -707,12 +801,12 @@ kex_choose_conf(struct ssh *ssh) } kex->newkeys[mode] = newkeys; ctos = (!kex->server && mode == MODE_OUT) || - (kex->server && mode == MODE_IN); - nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; - nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; + (kex->server && mode == MODE_IN); + nenc = ctos ? PROPOSAL_ENC_ALGS_CTOS : PROPOSAL_ENC_ALGS_STOC; + nmac = ctos ? PROPOSAL_MAC_ALGS_CTOS : PROPOSAL_MAC_ALGS_STOC; ncomp = ctos ? PROPOSAL_COMP_ALGS_CTOS : PROPOSAL_COMP_ALGS_STOC; if ((r = choose_enc(&newkeys->enc, cprop[nenc], - sprop[nenc])) != 0) { + sprop[nenc])) != 0) { kex->failed_choice = peer[nenc]; peer[nenc] = NULL; goto out; @@ -720,23 +814,23 @@ kex_choose_conf(struct ssh *ssh) authlen = cipher_authlen(newkeys->enc.cipher); /* ignore mac for authenticated encryption */ if (authlen == 0 && - (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], - sprop[nmac])) != 0) { + (r = choose_mac(ssh, &newkeys->mac, cprop[nmac], + sprop[nmac])) != 0) { kex->failed_choice = peer[nmac]; peer[nmac] = NULL; goto out; } if ((r = choose_comp(&newkeys->comp, cprop[ncomp], - sprop[ncomp])) != 0) { + sprop[ncomp])) != 0) { kex->failed_choice = peer[ncomp]; peer[ncomp] = NULL; goto out; } debug("kex: %s cipher: %s MAC: %s compression: %s", - ctos ? "client->server" : "server->client", - newkeys->enc.name, - authlen == 0 ? newkeys->mac.name : "", - newkeys->comp.name); + ctos ? "client->server" : "server->client", + newkeys->enc.name, + authlen == 0 ? newkeys->mac.name : "", + newkeys->comp.name); } need = dh_need = 0; for (mode = 0; mode < MODE_MAX; mode++) { @@ -756,10 +850,10 @@ kex_choose_conf(struct ssh *ssh) /* ignore the next message if the proposals do not match */ if (first_kex_follows && !proposals_match(my, peer) && - !(ssh->compat & SSH_BUG_FIRSTKEX)) + !(ssh->compat & SSH_BUG_FIRSTKEX)) ssh->dispatch_skip_packets = 1; r = 0; -out: + out: kex_prop_free(my); kex_prop_free(peer); return r; @@ -767,7 +861,7 @@ out: static int derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, - const struct sshbuf *shared_secret, u_char **keyp) + const struct sshbuf *shared_secret, u_char **keyp) { struct kex *kex = ssh->kex; struct ssh_digest_ctx *hashctx = NULL; @@ -786,12 +880,12 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, /* K1 = HASH(K || H || "A" || session_id) */ if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL || - ssh_digest_update_buffer(hashctx, shared_secret) != 0 || - ssh_digest_update(hashctx, hash, hashlen) != 0 || - ssh_digest_update(hashctx, &c, 1) != 0 || - ssh_digest_update(hashctx, kex->session_id, - kex->session_id_len) != 0 || - ssh_digest_final(hashctx, digest, mdsz) != 0) { + ssh_digest_update_buffer(hashctx, shared_secret) != 0 || + ssh_digest_update(hashctx, hash, hashlen) != 0 || + ssh_digest_update(hashctx, &c, 1) != 0 || + ssh_digest_update(hashctx, kex->session_id, + kex->session_id_len) != 0 || + ssh_digest_final(hashctx, digest, mdsz) != 0) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -799,16 +893,16 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, hashctx = NULL; /* - * expand key: - * Kn = HASH(K || H || K1 || K2 || ... || Kn-1) - * Key = K1 || K2 || ... || Kn - */ + * expand key: + * Kn = HASH(K || H || K1 || K2 || ... || Kn-1) + * Key = K1 || K2 || ... || Kn + */ for (have = mdsz; need > have; have += mdsz) { if ((hashctx = ssh_digest_start(kex->hash_alg)) == NULL || - ssh_digest_update_buffer(hashctx, shared_secret) != 0 || - ssh_digest_update(hashctx, hash, hashlen) != 0 || - ssh_digest_update(hashctx, digest, have) != 0 || - ssh_digest_final(hashctx, digest + have, mdsz) != 0) { + ssh_digest_update_buffer(hashctx, shared_secret) != 0 || + ssh_digest_update(hashctx, hash, hashlen) != 0 || + ssh_digest_update(hashctx, digest, have) != 0 || + ssh_digest_final(hashctx, digest + have, mdsz) != 0) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -822,9 +916,8 @@ derive_key(struct ssh *ssh, int id, u_int need, u_char *hash, u_int hashlen, *keyp = digest; digest = NULL; r = 0; -out: - if (digest) - free(digest); + out: + free(digest); ssh_digest_free(hashctx); return r; } @@ -832,7 +925,7 @@ out: #define NKEYS 6 int kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, - const struct sshbuf *shared_secret) + const struct sshbuf *shared_secret) { struct kex *kex = ssh->kex; u_char *keys[NKEYS]; @@ -840,8 +933,8 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, int r; for (i = 0; i < NKEYS; i++) { - if ((r = derive_key(ssh, 'A' + i, kex->we_need, hash, hashlen, - shared_secret, &keys[i])) != 0) { + if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen, + shared_secret, &keys[i])) != 0) { for (j = 0; j < i; j++) free(keys[j]); return r; @@ -849,8 +942,8 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, } for (mode = 0; mode < MODE_MAX; mode++) { ctos = (!kex->server && mode == MODE_OUT) || - (kex->server && mode == MODE_IN); - kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1]; + (kex->server && mode == MODE_IN); + kex->newkeys[mode]->enc.iv = keys[ctos ? 0 : 1]; kex->newkeys[mode]->enc.key = keys[ctos ? 2 : 3]; kex->newkeys[mode]->mac.key = keys[ctos ? 4 : 5]; } @@ -860,14 +953,14 @@ kex_derive_keys(struct ssh *ssh, u_char *hash, u_int hashlen, #ifdef WITH_OPENSSL int kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, - const struct sshbn *secret) + const BIGNUM *secret) { struct sshbuf *shared_secret; int r; if ((shared_secret = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_bignum2_wrap(shared_secret, secret)) == 0) + if ((r = sshbuf_put_bignum2(shared_secret, secret)) == 0) r = kex_derive_keys(ssh, hash, hashlen, shared_secret); sshbuf_free(shared_secret); return r; @@ -877,7 +970,7 @@ kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen, #ifdef WITH_SSH1 int derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, - u_int8_t cookie[8], u_int8_t id[16]) + u_int8_t cookie[8], u_int8_t id[16]) { u_int8_t hbuf[2048], sbuf[2048], obuf[SSH_DIGEST_MAX_LENGTH]; struct ssh_digest_ctx *hashctx = NULL; @@ -887,10 +980,10 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, hlen = BN_num_bytes(host_modulus); slen = BN_num_bytes(server_modulus); if (hlen < (512 / 8) || (u_int)hlen > sizeof(hbuf) || - slen < (512 / 8) || (u_int)slen > sizeof(sbuf)) + slen < (512 / 8) || (u_int)slen > sizeof(sbuf)) return SSH_ERR_KEY_BITS_MISMATCH; if (BN_bn2bin(host_modulus, hbuf) <= 0 || - BN_bn2bin(server_modulus, sbuf) <= 0) { + BN_bn2bin(server_modulus, sbuf) <= 0) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -899,15 +992,15 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus, goto out; } if (ssh_digest_update(hashctx, hbuf, hlen) != 0 || - ssh_digest_update(hashctx, sbuf, slen) != 0 || - ssh_digest_update(hashctx, cookie, 8) != 0 || - ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) { + ssh_digest_update(hashctx, sbuf, slen) != 0 || + ssh_digest_update(hashctx, cookie, 8) != 0 || + ssh_digest_final(hashctx, obuf, sizeof(obuf)) != 0) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } memcpy(id, obuf, ssh_digest_bytes(SSH_DIGEST_MD5)); r = 0; -out: + out: ssh_digest_free(hashctx); explicit_bzero(hbuf, sizeof(hbuf)); explicit_bzero(sbuf, sizeof(sbuf)); diff --git a/kex.h b/kex.h index 43e8b9f..c351955 100644 --- a/kex.h +++ b/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.73 2015/07/30 00:01:34 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -29,19 +29,34 @@ #include "mac.h" #include "buffer.h" /* XXX for typedef */ #include "key.h" /* XXX for typedef */ -#include "crypto-wrap.h" #ifdef WITH_LEAKMALLOC #include "leakmalloc.h" #endif +#ifdef WITH_OPENSSL +# ifdef OPENSSL_HAS_ECC +# include +# else /* OPENSSL_HAS_ECC */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +# endif /* OPENSSL_HAS_ECC */ +#else /* WITH_OPENSSL */ +# define EC_KEY void +# define EC_GROUP void +# define EC_POINT void +#endif /* WITH_OPENSSL */ + #define KEX_COOKIE_LEN 16 #define KEX_DH1 "diffie-hellman-group1-sha1" -#define KEX_DH14 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA1 "diffie-hellman-group14-sha1" +#define KEX_DH14_SHA256 "diffie-hellman-group14-sha256" +#define KEX_DH16_SHA512 "diffie-hellman-group16-sha512" +#define KEX_DH18_SHA512 "diffie-hellman-group18-sha512" #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" -#define KEX_RESUME "resume@appgate.com" #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" @@ -76,6 +91,9 @@ enum kex_modes { enum kex_exchange { KEX_DH_GRP1_SHA1, KEX_DH_GRP14_SHA1, + KEX_DH_GRP14_SHA256, + KEX_DH_GRP16_SHA512, + KEX_DH_GRP18_SHA512, KEX_DH_GEX_SHA1, KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, @@ -116,10 +134,12 @@ struct kex { u_int dh_need; int server; char *name; + char *hostkey_alg; int hostkey_type; int hostkey_nid; u_int kex_type; - int roaming; + int rsa_sha2; + int ext_info_c; struct sshbuf *my; struct sshbuf *peer; sig_atomic_t done; @@ -129,15 +149,15 @@ struct kex { char *client_version_string; char *server_version_string; char *failed_choice; - int(*verify_host_key)(struct sshkey *, struct ssh *); + int (*verify_host_key)(struct sshkey *, struct ssh *); struct sshkey *(*load_host_public_key)(int, int, struct ssh *); struct sshkey *(*load_host_private_key)(int, int, struct ssh *); - int(*host_key_index)(struct sshkey *, int, struct ssh *); - int(*sign)(struct sshkey *, struct sshkey *, - u_char **, size_t *, const u_char *, size_t, u_int); - int(*kex[KEX_MAX])(struct ssh *); + int (*host_key_index)(struct sshkey *, int, struct ssh *); + int (*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, u_int); + int (*kex[KEX_MAX])(struct ssh *); /* kex specific state */ - struct sshdh *dh; /* DH */ + DH *dh; /* DH */ u_int min, max, nbits; /* GEX */ EC_KEY *ec_client_key; /* ECDH */ const EC_GROUP *ec_group; /* ECDH */ @@ -161,10 +181,11 @@ void kex_prop_free(char **); int kex_send_kexinit(struct ssh *); int kex_input_kexinit(int, u_int32_t, void *); +int kex_input_ext_info(int, u_int32_t, void *); int kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *); -int kex_derive_keys_bn(struct ssh *, u_char *, u_int, - const struct sshbn *); +int kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *); int kex_send_newkeys(struct ssh *); +int kex_start_rekex(struct ssh *); int kexdh_client(struct ssh *); int kexdh_server(struct ssh *); @@ -175,31 +196,31 @@ int kexecdh_server(struct ssh *); int kexc25519_client(struct ssh *); int kexc25519_server(struct ssh *); -int kex_dh_hash(const char *, const char *, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - const struct sshbn *, const struct sshbn *, - const struct sshbn *, u_char *, size_t *); +int kex_dh_hash(int, const char *, const char *, + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); int kexgex_hash(int, const char *, const char *, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - int, int, int, - const struct sshbn *, const struct sshbn *, const struct sshbn *, - const struct sshbn *, const struct sshbn *, - u_char *, size_t *); + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + int, int, int, + const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, + u_char *, size_t *); int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *, - const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, - const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *); -int kex_c25519_hash(int, const char *, const char *, const char *, size_t, - const char *, size_t, const u_char *, size_t, const u_char *, const u_char *, - const u_char *, size_t, u_char *, size_t *); +int kex_c25519_hash(int, const char *, const char *, + const u_char *, size_t, const u_char *, size_t, + const u_char *, size_t, const u_char *, const u_char *, + const u_char *, size_t, u_char *, size_t *); void kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE]) -__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) -__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); + __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) + __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); int kexc25519_shared_key(const u_char key[CURVE25519_SIZE], - const u_char pub[CURVE25519_SIZE], struct sshbuf *out) + const u_char pub[CURVE25519_SIZE], struct sshbuf *out) __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); @@ -210,4 +231,10 @@ derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); void dump_digest(char *, u_char *, int); #endif +#if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC) +# undef EC_KEY +# undef EC_GROUP +# undef EC_POINT +#endif + #endif diff --git a/kexc25519.c b/kexc25519.c index 8d8cd4a..0897b8c 100644 --- a/kexc25519.c +++ b/kexc25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519.c,v 1.9 2015/03/26 07:00:04 djm Exp $ */ +/* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2001, 2013 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -86,8 +86,8 @@ kex_c25519_hash( int hash_alg, const char *client_version_string, const char *server_version_string, - const char *ckexinit, size_t ckexinitlen, - const char *skexinit, size_t skexinitlen, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, const u_char *serverhostkeyblob, size_t sbloblen, const u_char client_dh_pub[CURVE25519_SIZE], const u_char server_dh_pub[CURVE25519_SIZE], diff --git a/kexc25519s.c b/kexc25519s.c index 2402725..4e77622 100644 --- a/kexc25519s.c +++ b/kexc25519s.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexc25519s.c,v 1.9 2015/04/27 00:37:53 dtucker Exp $ */ +/* $OpenBSD: kexc25519s.c,v 1.10 2015/12/04 16:41:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -134,8 +134,8 @@ input_kex_c25519_init(int type, u_int32_t seq, void *ctxt) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, - &signature, &slen, hash, hashlen, ssh->compat)) < 0) + if ((r = kex->sign(server_host_private, server_host_public, &signature, + &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) goto out; /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ diff --git a/kexdh.c b/kexdh.c index d368fca..0bf0dc1 100644 --- a/kexdh.c +++ b/kexdh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ +/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,7 @@ #include "includes.h" +#ifdef WITH_OPENSSL #include @@ -42,50 +43,52 @@ int kex_dh_hash( - const char *client_version_string, - const char *server_version_string, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - const struct sshbn *client_dh_pub, - const struct sshbn *server_dh_pub, - const struct sshbn *shared_secret, - u_char *hash, size_t *hashlen) + int hash_alg, + const char *client_version_string, + const char *server_version_string, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + const BIGNUM *client_dh_pub, + const BIGNUM *server_dh_pub, + const BIGNUM *shared_secret, + u_char *hash, size_t *hashlen) { struct sshbuf *b; int r; - if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) + if (*hashlen < ssh_digest_bytes(hash_alg)) return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || - (r = sshbuf_put_cstring(b, server_version_string)) != 0 || - /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen + 1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen + 1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, client_dh_pub)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, server_dh_pub)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, shared_secret)) != 0) { + (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { sshbuf_free(b); return r; } #ifdef DEBUG_KEX sshbuf_dump(b, stderr); #endif - if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { + if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { sshbuf_free(b); return SSH_ERR_LIBCRYPTO_ERROR; } sshbuf_free(b); - *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); + *hashlen = ssh_digest_bytes(hash_alg); #ifdef DEBUG_KEX dump_digest("hash", hash, *hashlen); #endif return 0; } +#endif /* WITH_OPENSSL */ diff --git a/kexdhc.c b/kexdhc.c index 4a174b6..ad3975f 100644 --- a/kexdhc.c +++ b/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,7 @@ #include "includes.h" +#ifdef WITH_OPENSSL #include @@ -54,18 +55,22 @@ int kexdh_client(struct ssh *ssh) { struct kex *kex = ssh->kex; - struct sshbn *dh_client_pub = NULL; int r; /* generate and send 'e', client DH public key */ switch (kex->kex_type) { case KEX_DH_GRP1_SHA1: - if ((r = dh_new_group1(&kex->dh)) != 0) - return r; + kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: - if ((r = dh_new_group14(&kex->dh)) != 0) - return r; + case KEX_DH_GRP14_SHA256: + kex->dh = dh_new_group14(); + break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); break; default: r = SSH_ERR_INVALID_ARGUMENT; @@ -75,25 +80,22 @@ kexdh_client(struct ssh *ssh) r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - goto out; - if ((dh_client_pub = sshdh_pubkey(kex->dh)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } debug("sending SSH2_MSG_KEXDH_INIT"); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || - (r = sshpkt_put_bignum2_wrap(ssh, dh_client_pub)) != 0 || - (r = sshpkt_send(ssh)) != 0) + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || + (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || + (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; #ifdef DEBUG_KEXDH - sshdh_dump(kex->dh); + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, kex->dh->pub_key); + fprintf(stderr, "\n"); #endif debug("expecting SSH2_MSG_KEXDH_REPLY"); ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh); r = 0; -out: - sshbn_free(dh_client_pub); + out: return r; } @@ -102,14 +104,12 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) { struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; - struct sshbn *dh_client_pub = NULL; - struct sshbn *dh_server_pub = NULL; - struct sshbn *shared_secret = NULL; + BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; struct sshkey *server_host_key = NULL; - u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; - int r; + size_t klen = 0, slen, sbloblen, hashlen; + int kout, r; if (kex->verify_host_key == NULL) { r = SSH_ERR_INVALID_ARGUMENT; @@ -117,13 +117,13 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) } /* key, cert */ if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) goto out; if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { r = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } @@ -132,14 +132,14 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) goto out; } /* DH parameter f, server public DH key */ - if ((dh_server_pub = sshbn_new()) == NULL) { + if ((dh_server_pub = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } /* signed H */ - if ((r = sshpkt_get_bignum2_wrap(ssh, dh_server_pub)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 || + (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; #ifdef DEBUG_KEXDH fprintf(stderr, "dh_server_pub= "); @@ -147,17 +147,23 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) fprintf(stderr, "\n"); debug("bits %d", BN_num_bits(dh_server_pub)); #endif - if ((r = dh_pub_is_valid(kex->dh, dh_server_pub)) != 0) { + if (!dh_pub_is_valid(kex->dh, dh_server_pub)) { sshpkt_disconnect(ssh, "bad server public DH value"); + r = SSH_ERR_MESSAGE_INCOMPLETE; goto out; } - if ((dh_client_pub = sshdh_pubkey(kex->dh)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; + + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshdh_compute_key(kex->dh, dh_server_pub, - &shared_secret)) != 0) + if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; + } #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif @@ -165,19 +171,20 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) /* calc and verify H */ hashlen = sizeof(hash); if ((r = kex_dh_hash( - kex->client_version_string, - kex->server_version_string, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - dh_client_pub, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) + kex->hash_alg, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex->dh->pub_key, + dh_server_pub, + shared_secret, + hash, &hashlen)) != 0) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - ssh->compat)) != 0) + ssh->compat)) != 0) goto out; /* save session id */ @@ -193,15 +200,21 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -out: + out: explicit_bzero(hash, sizeof(hash)); - sshkey_free(server_host_key); - sshbn_free(shared_secret); - sshbn_free(dh_server_pub); - sshbn_free(dh_client_pub); - sshdh_free(kex->dh); + DH_free(kex->dh); kex->dh = NULL; + if (dh_server_pub) + BN_clear_free(dh_server_pub); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); + sshkey_free(server_host_key); free(server_host_key_blob); free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/kexdhs.c b/kexdhs.c index cf402c9..108f664 100644 --- a/kexdhs.c +++ b/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.22 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,10 +25,7 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - +#ifdef WITH_OPENSSL #include @@ -63,24 +60,34 @@ kexdh_server(struct ssh *ssh) /* generate server DH public key */ switch (kex->kex_type) { case KEX_DH_GRP1_SHA1: - if ((r = dh_new_group1(&kex->dh)) != 0) - return r; + kex->dh = dh_new_group1(); break; case KEX_DH_GRP14_SHA1: - if ((r = dh_new_group14(&kex->dh)) != 0) - return r; + case KEX_DH_GRP14_SHA256: + kex->dh = dh_new_group14(); + break; + case KEX_DH_GRP16_SHA512: + kex->dh = dh_new_group16(); + break; + case KEX_DH_GRP18_SHA512: + kex->dh = dh_new_group18(); break; default: - return SSH_ERR_INVALID_ARGUMENT; + r = SSH_ERR_INVALID_ARGUMENT; + goto out; + } + if (kex->dh == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; } - if (kex->dh == NULL) - return SSH_ERR_ALLOC_FAIL; if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - return r; + goto out; debug("expecting SSH2_MSG_KEXDH_INIT"); ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - return 0; + r = 0; + out: + return r; } int @@ -88,37 +95,35 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) { struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; - struct sshbn *dh_client_pub = NULL; - struct sshbn *dh_server_pub = NULL; - struct sshbn *shared_secret = NULL; + BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; struct sshkey *server_host_public, *server_host_private; - u_char *signature = NULL, *server_host_key_blob = NULL; + u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; size_t sbloblen, slen; - size_t hashlen; - int r; + size_t klen = 0, hashlen; + int kout, r; if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { + kex->load_host_private_key == NULL) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); + kex->hostkey_nid, ssh); server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); + kex->hostkey_nid, ssh); if (server_host_public == NULL) { r = SSH_ERR_NO_HOSTKEY_LOADED; goto out; } /* key, cert */ - if ((dh_client_pub = sshbn_new()) == NULL) { + if ((dh_client_pub = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshpkt_get_bignum2_wrap(ssh, dh_client_pub)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; #ifdef DEBUG_KEXDH @@ -129,37 +134,47 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) #endif #ifdef DEBUG_KEXDH - sshdh_dump(kex->dh); + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, kex->dh->pub_key); + fprintf(stderr, "\n"); #endif - if ((r = dh_pub_is_valid(kex->dh, dh_client_pub)) != 0) { + if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { sshpkt_disconnect(ssh, "bad client public DH value"); + r = SSH_ERR_MESSAGE_INCOMPLETE; goto out; } - if ((dh_server_pub = sshdh_pubkey(kex->dh)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; + + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshdh_compute_key(kex->dh, dh_client_pub, - &shared_secret)) != 0) + if ((kout = DH_compute_key(kbuf, dh_client_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; + } #ifdef DEBUG_KEXDH - dump_digest("shared secret", kbuf, klen); + dump_digest("shared secret", kbuf, kout); #endif if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) + &sbloblen)) != 0) goto out; /* calc H */ hashlen = sizeof(hash); if ((r = kex_dh_hash( - kex->client_version_string, - kex->server_version_string, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - dh_client_pub, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) + kex->hash_alg, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + dh_client_pub, + kex->dh->pub_key, + shared_secret, + hash, &hashlen)) != 0) goto out; /* save session id := H */ @@ -174,30 +189,36 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, - &signature, &slen, hash, hashlen, ssh->compat)) < 0) + if ((r = kex->sign(server_host_private, server_host_public, &signature, + &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) goto out; /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2_wrap(ssh, dh_server_pub)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -out: + out: explicit_bzero(hash, sizeof(hash)); - sshbn_free(shared_secret); - sshbn_free(dh_client_pub); - sshbn_free(dh_server_pub); - sshdh_free(kex->dh); + DH_free(kex->dh); kex->dh = NULL; + if (dh_client_pub) + BN_clear_free(dh_client_pub); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); free(server_host_key_blob); free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/kexecdhc.c b/kexecdhc.c index 4c1865f..90220ce 100644 --- a/kexecdhc.c +++ b/kexecdhc.c @@ -26,6 +26,8 @@ #include "includes.h" +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) + #include #include @@ -70,8 +72,8 @@ kexecdh_client(struct ssh *ssh) public_key = EC_KEY_get0_public_key(client_key); if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 || - (r = sshpkt_put_ec(ssh, public_key, group)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_ec(ssh, public_key, group)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; debug("sending SSH2_MSG_KEX_ECDH_INIT"); @@ -86,7 +88,7 @@ kexecdh_client(struct ssh *ssh) debug("expecting SSH2_MSG_KEX_ECDH_REPLY"); ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply); r = 0; -out: + out: if (client_key) EC_KEY_free(client_key); return r; @@ -101,7 +103,6 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) EC_POINT *server_public = NULL; EC_KEY *client_key; BIGNUM *shared_secret = NULL; - struct sshbn *xxx_shared_secret = NULL; struct sshkey *server_host_key = NULL; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf = NULL; @@ -119,13 +120,13 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) /* hostkey */ if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) goto out; if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { r = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } @@ -141,8 +142,8 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) goto out; } if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; #ifdef DEBUG_KEXECDH @@ -157,13 +158,13 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) klen = (EC_GROUP_get_degree(group) + 7) / 8; if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { + (shared_secret = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if (ECDH_compute_key(kbuf, klen, server_public, - client_key, NULL) != (int)klen || - BN_bin2bn(kbuf, klen, shared_secret) == NULL) { + client_key, NULL) != (int)klen || + BN_bin2bn(kbuf, klen, shared_secret) == NULL) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -174,21 +175,21 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) /* calc and verify H */ hashlen = sizeof(hash); if ((r = kex_ecdh_hash( - kex->hash_alg, - group, - kex->client_version_string, - kex->server_version_string, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - EC_KEY_get0_public_key(client_key), - server_public, - shared_secret, - hash, &hashlen)) != 0) + kex->hash_alg, + group, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + EC_KEY_get0_public_key(client_key), + server_public, + shared_secret, + hash, &hashlen)) != 0) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, ssh->compat)) != 0) + hashlen, ssh->compat)) != 0) goto out; /* save session id */ @@ -202,15 +203,9 @@ input_kex_ecdh_reply(int type, u_int32_t seq, void *ctxt) memcpy(kex->session_id, hash, kex->session_id_len); } - /* XXX */ - if ((xxx_shared_secret = sshbn_from_bignum(shared_secret)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, - xxx_shared_secret)) == 0) + if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -out: + out: explicit_bzero(hash, sizeof(hash)); if (kex->ec_client_key) { EC_KEY_free(kex->ec_client_key); @@ -224,9 +219,10 @@ out: } if (shared_secret) BN_clear_free(shared_secret); - sshbn_free(xxx_shared_secret); sshkey_free(server_host_key); free(server_host_key_blob); free(signature); return r; } +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + diff --git a/kexecdhs.c b/kexecdhs.c index 98d66cc..ccdbf70 100644 --- a/kexecdhs.c +++ b/kexecdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexecdhs.c,v 1.14 2015/01/26 06:10:03 djm Exp $ */ +/* $OpenBSD: kexecdhs.c,v 1.15 2015/12/04 16:41:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -26,7 +26,7 @@ #include "includes.h" - +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) #include #include @@ -67,7 +67,6 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) const EC_GROUP *group; const EC_POINT *public_key; BIGNUM *shared_secret = NULL; - struct sshbn *xxx_shared_secret = NULL; struct sshkey *server_host_private, *server_host_public; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf = NULL; @@ -92,14 +91,14 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) #endif if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { + kex->load_host_private_key == NULL) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); + kex->hostkey_nid, ssh); server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); + kex->hostkey_nid, ssh); if (server_host_public == NULL) { r = SSH_ERR_NO_HOSTKEY_LOADED; goto out; @@ -109,7 +108,7 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) goto out; } if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + (r = sshpkt_get_end(ssh)) != 0) goto out; #ifdef DEBUG_KEXECDH @@ -125,13 +124,13 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) /* Calculate shared_secret */ klen = (EC_GROUP_get_degree(group) + 7) / 8; if ((kbuf = malloc(klen)) == NULL || - (shared_secret = BN_new()) == NULL) { + (shared_secret = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } if (ECDH_compute_key(kbuf, klen, client_public, - server_key, NULL) != (int)klen || - BN_bin2bn(kbuf, klen, shared_secret) == NULL) { + server_key, NULL) != (int)klen || + BN_bin2bn(kbuf, klen, shared_secret) == NULL) { r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -141,21 +140,21 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) #endif /* calc H */ if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) + &sbloblen)) != 0) goto out; hashlen = sizeof(hash); if ((r = kex_ecdh_hash( - kex->hash_alg, - group, - kex->client_version_string, - kex->server_version_string, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - client_public, - EC_KEY_get0_public_key(server_key), - shared_secret, - hash, &hashlen)) != 0) + kex->hash_alg, + group, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + client_public, + EC_KEY_get0_public_key(server_key), + shared_secret, + hash, &hashlen)) != 0) goto out; /* save session id := H */ @@ -170,8 +169,8 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, - &signature, &slen, hash, hashlen, ssh->compat)) < 0) + if ((r = kex->sign(server_host_private, server_host_public, &signature, + &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) goto out; /* destroy_sensitive_data(); */ @@ -179,20 +178,15 @@ input_kex_ecdh_init(int type, u_int32_t seq, void *ctxt) public_key = EC_KEY_get0_public_key(server_key); /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_ec(ssh, public_key, group)) != 0 || - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_ec(ssh, public_key, group)) != 0 || + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; - /* XXX */ - if ((xxx_shared_secret = sshbn_from_bignum(shared_secret)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - if ((r = kex_derive_keys_bn(ssh, hash, hashlen, - xxx_shared_secret)) == 0) + + if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -out: + out: explicit_bzero(hash, sizeof(hash)); if (kex->ec_client_key) { EC_KEY_free(kex->ec_client_key); @@ -206,8 +200,9 @@ out: } if (shared_secret) BN_clear_free(shared_secret); - sshbn_free(xxx_shared_secret); free(server_host_key_blob); free(signature); return r; } +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ + diff --git a/kexgex.c b/kexgex.c index f036231..8b0d833 100644 --- a/kexgex.c +++ b/kexgex.c @@ -26,9 +26,7 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ +#ifdef WITH_OPENSSL #include @@ -42,23 +40,22 @@ #include "ssherr.h" #include "sshbuf.h" #include "digest.h" -#include "crypto-wrap.h" int kexgex_hash( - int hash_alg, - const char *client_version_string, - const char *server_version_string, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - int min, int wantbits, int max, - const struct sshbn *prime, - const struct sshbn *gen, - const struct sshbn *client_dh_pub, - const struct sshbn *server_dh_pub, - const struct sshbn *shared_secret, - u_char *hash, size_t *hashlen) + int hash_alg, + const char *client_version_string, + const char *server_version_string, + const u_char *ckexinit, size_t ckexinitlen, + const u_char *skexinit, size_t skexinitlen, + const u_char *serverhostkeyblob, size_t sbloblen, + int min, int wantbits, int max, + const BIGNUM *prime, + const BIGNUM *gen, + const BIGNUM *client_dh_pub, + const BIGNUM *server_dh_pub, + const BIGNUM *shared_secret, + u_char *hash, size_t *hashlen) { struct sshbuf *b; int r; @@ -68,23 +65,23 @@ kexgex_hash( if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || - (r = sshbuf_put_cstring(b, server_version_string)) != 0 || - /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen + 1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen + 1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) || - (r = sshbuf_put_u32(b, wantbits)) != 0 || - (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) || - (r = sshbuf_put_bignum2_wrap(b, prime)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, gen)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, client_dh_pub)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, server_dh_pub)) != 0 || - (r = sshbuf_put_bignum2_wrap(b, shared_secret)) != 0) { + (r = sshbuf_put_cstring(b, server_version_string)) != 0 || + /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ + (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || + (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 || + (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || + (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || + (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || + (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) || + (r = sshbuf_put_u32(b, wantbits)) != 0 || + (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) || + (r = sshbuf_put_bignum2(b, prime)) != 0 || + (r = sshbuf_put_bignum2(b, gen)) != 0 || + (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || + (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { sshbuf_free(b); return r; } @@ -102,63 +99,4 @@ kexgex_hash( #endif return 0; } - - -int -kexgex_hash_old( - int hash_alg, - const char *client_version_string, - const char *server_version_string, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - int min, int wantbits, int max, - const BIGNUM *prime, - const BIGNUM *gen, - const BIGNUM *client_dh_pub, - const BIGNUM *server_dh_pub, - const BIGNUM *shared_secret, - u_char *hash, size_t *hashlen) -{ - struct sshbuf *b; - int r; - - if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) - return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 || - (r = sshbuf_put_cstring(b, server_version_string)) != 0 || - /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */ - (r = sshbuf_put_u32(b, ckexinitlen + 1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 || - (r = sshbuf_put_u32(b, skexinitlen + 1)) != 0 || - (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 || - (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 || - (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 || - (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) || - (r = sshbuf_put_u32(b, wantbits)) != 0 || - (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) || - (r = sshbuf_put_bignum2(b, prime)) != 0 || - (r = sshbuf_put_bignum2(b, gen)) != 0 || - (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 || - (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 || - (r = sshbuf_put_bignum2(b, shared_secret)) != 0) { - sshbuf_free(b); - return r; - } -#ifdef DEBUG_KEXDH - sshbuf_dump(b, stderr); -#endif - if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { - sshbuf_free(b); - return SSH_ERR_LIBCRYPTO_ERROR; - } - sshbuf_free(b); - *hashlen = ssh_digest_bytes(hash_alg); -#ifdef DEBUG_KEXDH - dump_digest("hash", hash, *hashlen); -#endif - return 0; -} \ No newline at end of file +#endif /* WITH_OPENSSL */ diff --git a/kexgexc.c b/kexgexc.c index e18e9b3..71ff133 100644 --- a/kexgexc.c +++ b/kexgexc.c @@ -26,11 +26,14 @@ #include "includes.h" +#ifdef WITH_OPENSSL + #include #include #include +#include #include #include #include @@ -51,23 +54,6 @@ static int input_kex_dh_gex_group(int, u_int32_t, void *); static int input_kex_dh_gex_reply(int, u_int32_t, void *); -int -kexgex_hash_old( - int hash_alg, - const char *client_version_string, - const char *server_version_string, - const u_char *ckexinit, size_t ckexinitlen, - const u_char *skexinit, size_t skexinitlen, - const u_char *serverhostkeyblob, size_t sbloblen, - int min, int wantbits, int max, - const BIGNUM *prime, - const BIGNUM *gen, - const BIGNUM *client_dh_pub, - const BIGNUM *server_dh_pub, - const BIGNUM *shared_secret, - u_char *hash, size_t *hashlen); - - int kexgex_client(struct ssh *ssh) { @@ -84,21 +70,21 @@ kexgex_client(struct ssh *ssh) kex->nbits = MIN(kex->nbits, 4096); /* New GEX request */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 || - (r = sshpkt_put_u32(ssh, kex->min)) != 0 || - (r = sshpkt_put_u32(ssh, kex->nbits)) != 0 || - (r = sshpkt_put_u32(ssh, kex->max)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_u32(ssh, kex->min)) != 0 || + (r = sshpkt_put_u32(ssh, kex->nbits)) != 0 || + (r = sshpkt_put_u32(ssh, kex->max)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent", - kex->min, kex->nbits, kex->max); + kex->min, kex->nbits, kex->max); #ifdef DEBUG_KEXDH fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", - kex->min, kex->nbits, kex->max); + kex->min, kex->nbits, kex->max); #endif ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, - &input_kex_dh_gex_group); + &input_kex_dh_gex_group); r = 0; -out: + out: return r; } @@ -107,55 +93,52 @@ input_kex_dh_gex_group(int type, u_int32_t seq, void *ctxt) { struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; - struct sshbn *dh_client_pub = NULL; - struct sshbn *dh_g = NULL, *dh_p = NULL; - int r; - size_t bits; + BIGNUM *p = NULL, *g = NULL; + int r, bits; debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); - if ((dh_p = sshbn_new()) == NULL || - (dh_g = sshbn_new()) == NULL) { + if ((p = BN_new()) == NULL || + (g = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshpkt_get_bignum2_wrap(ssh, dh_p)) != 0 || - (r = sshpkt_get_bignum2_wrap(ssh, dh_g)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + if ((r = sshpkt_get_bignum2(ssh, p)) != 0 || + (r = sshpkt_get_bignum2(ssh, g)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; - if ((bits = sshbn_bits(dh_p)) == 0 || - bits < kex->min || bits > kex->max) { + if ((bits = BN_num_bits(p)) < 0 || + (u_int)bits < kex->min || (u_int)bits > kex->max) { r = SSH_ERR_DH_GEX_OUT_OF_RANGE; goto out; } - if ((kex->dh = sshdh_new_group(dh_g, dh_p)) == NULL) { + if ((kex->dh = dh_new_group(g, p)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - dh_p = dh_g = NULL; /* belong to kex->dh now */ + p = g = NULL; /* belong to kex->dh now */ - /* generate and send 'e', client DH public key */ - if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) - goto out; - if ((dh_client_pub = sshdh_pubkey(kex->dh)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || - (r = sshpkt_put_bignum2_wrap(ssh, dh_client_pub)) != 0 || - (r = sshpkt_send(ssh)) != 0) + /* generate and send 'e', client DH public key */ + if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || + (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || + (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); #ifdef DEBUG_KEXDH - sshdh_dump(kex->dh); + DHparams_print_fp(stderr, kex->dh); + fprintf(stderr, "pub= "); + BN_print_fp(stderr, kex->dh->pub_key); + fprintf(stderr, "\n"); #endif ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); r = 0; out: - sshbn_free(dh_p); - sshbn_free(dh_g); - sshbn_free(dh_client_pub); + if (p) + BN_clear_free(p); + if (g) + BN_clear_free(g); return r; } @@ -164,15 +147,12 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) { struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; - struct sshbn *dh_g = NULL, *dh_p = NULL; - struct sshbn *dh_client_pub = NULL; - struct sshbn *dh_server_pub = NULL; - struct sshbn *shared_secret = NULL; + BIGNUM *dh_server_pub = NULL, *shared_secret = NULL; struct sshkey *server_host_key = NULL; - u_char *signature = NULL, *server_host_key_blob = NULL; + u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t slen, sbloblen, hashlen; - int r; + size_t klen = 0, slen, sbloblen, hashlen; + int kout, r; debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); if (kex->verify_host_key == NULL) { @@ -181,17 +161,17 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) } /* key, cert */ if ((r = sshpkt_get_string(ssh, &server_host_key_blob, - &sbloblen)) != 0 || - (r = sshkey_from_blob(server_host_key_blob, sbloblen, - &server_host_key)) != 0) + &sbloblen)) != 0 || + (r = sshkey_from_blob(server_host_key_blob, sbloblen, + &server_host_key)) != 0) goto out; if (server_host_key->type != kex->hostkey_type) { r = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } if (server_host_key->type != kex->hostkey_type || - (kex->hostkey_type == KEY_ECDSA && - server_host_key->ecdsa_nid != kex->hostkey_nid)) { + (kex->hostkey_type == KEY_ECDSA && + server_host_key->ecdsa_nid != kex->hostkey_nid)) { r = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } @@ -200,14 +180,14 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) goto out; } /* DH parameter f, server public DH key */ - if ((dh_server_pub = sshbn_new()) == NULL) { + if ((dh_server_pub = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } /* signed H */ - if ((r = sshpkt_get_bignum2_wrap(ssh, dh_server_pub)) != 0 || - (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 || + (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; #ifdef DEBUG_KEXDH fprintf(stderr, "dh_server_pub= "); @@ -215,19 +195,23 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) fprintf(stderr, "\n"); debug("bits %d", BN_num_bits(dh_server_pub)); #endif - if ((r = dh_pub_is_valid(kex->dh, dh_server_pub)) != 0) { + if (!dh_pub_is_valid(kex->dh, dh_server_pub)) { sshpkt_disconnect(ssh, "bad server public DH value"); + r = SSH_ERR_MESSAGE_INCOMPLETE; goto out; } - if ((dh_client_pub = sshdh_pubkey(kex->dh)) == NULL || - (dh_p = sshdh_p(kex->dh)) == NULL || - (dh_g = sshdh_g(kex->dh)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; + + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshdh_compute_key(kex->dh, dh_server_pub, - &shared_secret)) != 0) + if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; + } #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif @@ -237,22 +221,22 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) /* calc and verify H */ hashlen = sizeof(hash); if ((r = kexgex_hash( - kex->hash_alg, - kex->client_version_string, - kex->server_version_string, - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, - dh_p, dh_g, - dh_client_pub, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) + kex->hash_alg, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + server_host_key_blob, sbloblen, + kex->min, kex->nbits, kex->max, + kex->dh->p, kex->dh->g, + kex->dh->pub_key, + dh_server_pub, + shared_secret, + hash, &hashlen)) != 0) goto out; if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, ssh->compat)) != 0) + hashlen, ssh->compat)) != 0) goto out; /* save session id */ @@ -268,16 +252,21 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -out: + out: explicit_bzero(hash, sizeof(hash)); - sshbn_free(dh_p); - sshbn_free(dh_g); - sshbn_free(shared_secret); - sshbn_free(dh_client_pub); - sshbn_free(dh_server_pub); - sshdh_free(kex->dh); + DH_free(kex->dh); kex->dh = NULL; + if (dh_server_pub) + BN_clear_free(dh_server_pub); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); + sshkey_free(server_host_key); free(server_host_key_blob); free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/kexgexs.c b/kexgexs.c index dddc2bc..f4400dc 100644 --- a/kexgexs.c +++ b/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.25 2015/04/13 02:04:08 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.29 2016/06/08 02:13:01 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,12 +26,11 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ +#ifdef WITH_OPENSSL #include /* MIN MAX */ +#include #include #include #include @@ -62,7 +61,7 @@ int kexgex_server(struct ssh *ssh) { ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, - &input_kex_dh_gex_request); + &input_kex_dh_gex_request); debug("expecting SSH2_MSG_KEX_DH_GEX_REQUEST"); return 0; } @@ -72,15 +71,14 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) { struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; - struct sshbn *dh_g = NULL, *dh_p = NULL; int r; u_int min = 0, max = 0, nbits = 0; debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); if ((r = sshpkt_get_u32(ssh, &min)) != 0 || - (r = sshpkt_get_u32(ssh, &nbits)) != 0 || - (r = sshpkt_get_u32(ssh, &max)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + (r = sshpkt_get_u32(ssh, &nbits)) != 0 || + (r = sshpkt_get_u32(ssh, &max)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; kex->nbits = nbits; kex->min = min; @@ -91,7 +89,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) nbits = MIN(DH_GRP_MAX, nbits); if (kex->max < kex->min || kex->nbits < kex->min || - kex->max < kex->nbits) { + kex->max < kex->nbits || kex->max < DH_GRP_MIN) { r = SSH_ERR_DH_GEX_OUT_OF_RANGE; goto out; } @@ -103,16 +101,11 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((dh_p = sshdh_p(kex->dh)) == NULL || - (dh_g = sshdh_g(kex->dh)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; - goto out; - } debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || - (r = sshpkt_put_bignum2_wrap(ssh, dh_p)) != 0 || - (r = sshpkt_put_bignum2_wrap(ssh, dh_g)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || + (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; /* Compute our exchange value in parallel with the client */ @@ -122,9 +115,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) debug("expecting SSH2_MSG_KEX_DH_GEX_INIT"); ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); r = 0; -out: - sshbn_free(dh_g); - sshbn_free(dh_p); + out: return r; } @@ -133,37 +124,35 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) { struct ssh *ssh = ctxt; struct kex *kex = ssh->kex; - struct sshbn *dh_g = NULL, *dh_p = NULL; - struct sshbn *dh_client_pub = NULL; - struct sshbn *dh_server_pub = NULL; - struct sshbn *shared_secret = NULL; + BIGNUM *shared_secret = NULL, *dh_client_pub = NULL; struct sshkey *server_host_public, *server_host_private; - u_char *signature = NULL, *server_host_key_blob = NULL; + u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL; u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t sbloblen, slen, hashlen; - int r; + size_t sbloblen, slen; + size_t klen = 0, hashlen; + int kout, r; if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { + kex->load_host_private_key == NULL) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } server_host_public = kex->load_host_public_key(kex->hostkey_type, - kex->hostkey_nid, ssh); + kex->hostkey_nid, ssh); server_host_private = kex->load_host_private_key(kex->hostkey_type, - kex->hostkey_nid, ssh); + kex->hostkey_nid, ssh); if (server_host_public == NULL) { r = SSH_ERR_NO_HOSTKEY_LOADED; goto out; } /* key, cert */ - if ((dh_client_pub = sshbn_new()) == NULL) { + if ((dh_client_pub = BN_new()) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshpkt_get_bignum2_wrap(ssh, dh_client_pub)) != 0 || - (r = sshpkt_get_end(ssh)) != 0) + if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 || + (r = sshpkt_get_end(ssh)) != 0) goto out; #ifdef DEBUG_KEXDH @@ -179,40 +168,44 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) BN_print_fp(stderr, kex->dh->pub_key); fprintf(stderr, "\n"); #endif - if ((r = dh_pub_is_valid(kex->dh, dh_client_pub)) != 0) { + if (!dh_pub_is_valid(kex->dh, dh_client_pub)) { sshpkt_disconnect(ssh, "bad client public DH value"); + r = SSH_ERR_MESSAGE_INCOMPLETE; goto out; } - if ((dh_server_pub = sshdh_pubkey(kex->dh)) == NULL || - (dh_p = sshdh_p(kex->dh)) == NULL || - (dh_g = sshdh_g(kex->dh)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; + + klen = DH_size(kex->dh); + if ((kbuf = malloc(klen)) == NULL || + (shared_secret = BN_new()) == NULL) { + r = SSH_ERR_ALLOC_FAIL; goto out; } - if ((r = sshdh_compute_key(kex->dh, dh_client_pub, - &shared_secret)) != 0) + if ((kout = DH_compute_key(kbuf, dh_client_pub, kex->dh)) < 0 || + BN_bin2bn(kbuf, kout, shared_secret) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; + } #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob, - &sbloblen)) != 0) + &sbloblen)) != 0) goto out; /* calc H */ hashlen = sizeof(hash); if ((r = kexgex_hash( - kex->hash_alg, - kex->client_version_string, - kex->server_version_string, - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, - dh_p, dh_g, - dh_client_pub, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) + kex->hash_alg, + kex->client_version_string, + kex->server_version_string, + sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), + sshbuf_ptr(kex->my), sshbuf_len(kex->my), + server_host_key_blob, sbloblen, + kex->min, kex->nbits, kex->max, + kex->dh->p, kex->dh->g, + dh_client_pub, + kex->dh->pub_key, + shared_secret, + hash, &hashlen)) != 0) goto out; /* save session id := H */ @@ -227,32 +220,35 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) } /* sign H */ - if ((r = kex->sign(server_host_private, server_host_public, - &signature, &slen, hash, hashlen, ssh->compat)) < 0) + if ((r = kex->sign(server_host_private, server_host_public, &signature, + &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0) goto out; /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || - (r = sshpkt_put_bignum2_wrap(ssh, dh_server_pub)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) + (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || + (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_string(ssh, signature, slen)) != 0 || + (r = sshpkt_send(ssh)) != 0) goto out; if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -out: - explicit_bzero(hash, sizeof(hash)); - sshbn_free(dh_p); - sshbn_free(dh_g); - sshbn_free(shared_secret); - sshbn_free(dh_client_pub); - sshbn_free(dh_server_pub); - sshdh_free(kex->dh); + out: + DH_free(kex->dh); kex->dh = NULL; + if (dh_client_pub) + BN_clear_free(dh_client_pub); + if (kbuf) { + explicit_bzero(kbuf, klen); + free(kbuf); + } + if (shared_secret) + BN_clear_free(shared_secret); free(server_host_key_blob); free(signature); return r; } +#endif /* WITH_OPENSSL */ diff --git a/key.c b/key.c index 0ba98b6..93f4ccb 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.128 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: key.c,v 1.130 2016/05/02 09:36:42 djm Exp $ */ /* * placed in the public domain */ @@ -132,7 +132,7 @@ key_to_blob(const Key *key, u_char **blobp, u_int *lenp) int key_sign(const Key *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen) + const u_char *data, u_int datalen, const char *alg) { int r; u_char *sig; @@ -143,7 +143,7 @@ key_sign(const Key *key, u_char **sigp, u_int *lenp, if (lenp != NULL) *lenp = 0; if ((r = sshkey_sign(key, &sig, &siglen, - data, datalen, datafellows)) != 0) { + data, datalen, alg, datafellows)) != 0) { fatal_on_fatal_errors(r, __func__, 0); error("%s: %s", __func__, ssh_err(r)); return -1; @@ -214,7 +214,7 @@ key_certify(Key *k, Key *ca) { int r; - if ((r = sshkey_certify(k, ca)) != 0) { + if ((r = sshkey_certify(k, ca, NULL)) != 0) { fatal_on_fatal_errors(r, __func__, 0); error("%s: %s", __func__, ssh_err(r)); return -1; diff --git a/key.h b/key.h index 903bdf6..34c992b 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.48 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: key.h,v 1.49 2015/12/04 16:41:28 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -84,7 +84,8 @@ int key_ec_validate_private(const EC_KEY *); Key *key_from_blob(const u_char *, u_int); int key_to_blob(const Key *, u_char **, u_int *); -int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int, + const char *); int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); void key_private_serialize(const Key *, struct sshbuf *); diff --git a/krl.c b/krl.c index 4075df8..fff1a3f 100644 --- a/krl.c +++ b/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.33 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.37 2015/12/31 00:33:52 djm Exp $ */ #include "includes.h" @@ -723,7 +723,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, if ((r = sshbuf_put(buf, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0 || (r = sshbuf_put_u32(buf, KRL_FORMAT_VERSION)) != 0 || (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || - (r = sshbuf_put_u64(buf, krl->generated_date) != 0) || + (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 || (r = sshbuf_put_u64(buf, krl->flags)) != 0 || (r = sshbuf_put_string(buf, NULL, 0)) != 0 || (r = sshbuf_put_cstring(buf, krl->comment)) != 0) @@ -772,7 +772,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, goto out; if ((r = sshkey_sign(sign_keys[i], &sblob, &slen, - sshbuf_ptr(buf), sshbuf_len(buf), 0)) != 0) + sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0) goto out; KRL_DBG(("%s: signature sig len %zu", __func__, slen)); if ((r = sshbuf_put_string(buf, sblob, slen)) != 0) @@ -826,10 +826,8 @@ parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) goto out; while (sshbuf_len(buf) > 0) { - if (subsect != NULL) { - sshbuf_free(subsect); - subsect = NULL; - } + sshbuf_free(subsect); + subsect = NULL; if ((r = sshbuf_get_u8(buf, &type)) != 0 || (r = sshbuf_froms(buf, &subsect)) != 0) goto out; @@ -1017,7 +1015,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, } /* Check signature over entire KRL up to this point */ if ((r = sshkey_verify(key, blob, blen, - sshbuf_ptr(buf), sshbuf_len(buf) - sig_off, 0)) != 0) + sshbuf_ptr(buf), sig_off, 0)) != 0) goto out; /* Check if this key has already signed this KRL */ for (i = 0; i < nca_used; i++) { @@ -1038,7 +1036,6 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, ca_used = tmp_ca_used; ca_used[nca_used++] = key; key = NULL; - break; } if (sshbuf_len(copy) != 0) { @@ -1059,10 +1056,8 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, if ((r = sshbuf_consume(copy, sects_off)) != 0) goto out; while (sshbuf_len(copy) > 0) { - if (sect != NULL) { - sshbuf_free(sect); - sect = NULL; - } + sshbuf_free(sect); + sect = NULL; if ((r = sshbuf_get_u8(copy, &type)) != 0 || (r = sshbuf_froms(copy, §)) != 0) goto out; @@ -1105,7 +1100,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, r = SSH_ERR_INVALID_FORMAT; goto out; } - if (sshbuf_len(sect) > 0) { + if (sect != NULL && sshbuf_len(sect) > 0) { error("KRL section contains unparsed data"); r = SSH_ERR_INVALID_FORMAT; goto out; diff --git a/krl.h b/krl.h index 4e12bef..675496c 100644 --- a/krl.h +++ b/krl.h @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.h,v 1.4 2015/01/13 19:06:49 djm Exp $ */ +/* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */ #ifndef _KRL_H #define _KRL_H @@ -43,7 +43,6 @@ struct ssh_krl; struct ssh_krl *ssh_krl_init(void); void ssh_krl_free(struct ssh_krl *krl); void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); -void ssh_krl_set_sign_key(struct ssh_krl *krl, const struct sshkey *sign_key); int ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key, u_int64_t serial); diff --git a/libkrb/KerberosIV/des.h b/libkrb/KerberosIV/des.h deleted file mode 100644 index 0835224..0000000 --- a/libkrb/KerberosIV/des.h +++ /dev/null @@ -1,237 +0,0 @@ -/* - * include/kerberosIV/des.h - * - * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Data Encryption Standard library. - */ - -#if defined(__MACH__) && defined(__APPLE__) -#include -#include -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#ifdef AVAILABLE_MAC_OS_X_VERSION_10_2_AND_LATER_BUT_DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#define KRB5INT_DES_DEPRECATED AVAILABLE_MAC_OS_X_VERSION_10_2_AND_LATER_BUT_DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to DES types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_DES_DEPRECATED -#define KRB5INT_DES_DEPRECATED -#endif - -#ifdef __cplusplus -#ifndef KRBINT_BEGIN_DECLS -#define KRBINT_BEGIN_DECLS extern "C" { -#define KRBINT_END_DECLS } -#endif -#else -#define KRBINT_BEGIN_DECLS -#define KRBINT_END_DECLS -#endif - -#ifndef KRB5INT_DES_TYPES_DEFINED -#define KRB5INT_DES_TYPES_DEFINED - -#include - -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -#if UINT_MAX >= 0xFFFFFFFFUL -#define DES_INT32 int -#define DES_UINT32 unsigned int -#else -#define DES_INT32 long -#define DES_UINT32 unsigned long -#endif - -typedef unsigned char des_cblock[8] /* crypto-block size */ -KRB5INT_DES_DEPRECATED; - -/* - * Key schedule. - * - * This used to be - * - * typedef struct des_ks_struct { - * union { DES_INT32 pad; des_cblock _;} __; - * } des_key_schedule[16]; - * - * but it would cause trouble if DES_INT32 were ever more than 4 - * bytes. The reason is that all the encryption functions cast it to - * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If - * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the - * caller-allocated des_key_schedule will be overflowed by the key - * scheduling functions. We can't assume that every platform will - * have an exact 32-bit int, and nothing should be looking inside a - * des_key_schedule anyway. - */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] -KRB5INT_DES_DEPRECATED; - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB5INT_DES_TYPES_DEFINED */ - -/* only do the whole thing once */ -#ifndef DES_DEFS -/* - * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily - * to avoid including the defintions and declarations below. The - * reason that the crypto library needs to include this file is that - * it needs to have its types aligned with krb4's types. - */ -#ifndef KRB5INT_CRYPTO_DES_INT -#define DES_DEFS - -#if defined(_WIN32) -#ifndef KRB4 -#define KRB4 1 -#endif -#include -#endif -#include /* need FILE for des_cblock_print_file */ - -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -/* Windows declarations */ -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif - -#define DES_KEY_SZ (sizeof(des_cblock)) -#define DES_ENCRYPT 1 -#define DES_DECRYPT 0 - -#ifndef NCOMPAT -#define C_Block des_cblock -#define Key_schedule des_key_schedule -#define ENCRYPT DES_ENCRYPT -#define DECRYPT DES_DECRYPT -#define KEY_SZ DES_KEY_SZ -#define string_to_key des_string_to_key -#define read_pw_string des_read_pw_string -#define random_key des_random_key -#define pcbc_encrypt des_pcbc_encrypt -#define key_sched des_key_sched -#define cbc_encrypt des_cbc_encrypt -#define cbc_cksum des_cbc_cksum -#define C_Block_print des_cblock_print -#define quad_cksum des_quad_cksum -typedef struct des_ks_struct bit_64; -#endif - -#define des_cblock_print(x) des_cblock_print_file(x, stdout) - -/* - * Function Prototypes - */ - -int KRB5_CALLCONV des_key_sched (C_Block, Key_schedule) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV -des_pcbc_encrypt (C_Block *in, C_Block *out, long length, - const des_key_schedule schedule, C_Block *ivec, - int enc) -KRB5INT_DES_DEPRECATED; - -unsigned long KRB5_CALLCONV -des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out, - long length, int out_count, C_Block *seed) -KRB5INT_DES_DEPRECATED; - -/* - * XXX ABI change: used to return void; also, cns/kfm have signed long - * instead of unsigned long length. - */ -unsigned long KRB5_CALLCONV -des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long, - const des_key_schedule, const des_cblock *) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_string_to_key (const char *, C_Block) -KRB5INT_DES_DEPRECATED; - -void afs_string_to_key(char *, char *, des_cblock) -KRB5INT_DES_DEPRECATED; - -/* XXX ABI change: used to return krb5_error_code */ -int KRB5_CALLCONV des_read_password(des_cblock *, char *, int) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *, - const des_key_schedule, int) -KRB5INT_DES_DEPRECATED; - -/* XXX kfm/cns have signed long length */ -int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long, - const des_key_schedule, const des_cblock *, int) -KRB5INT_DES_DEPRECATED; - -void des_fixup_key_parity(des_cblock) -KRB5INT_DES_DEPRECATED; - -int des_check_key_parity(des_cblock) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_new_random_key(des_cblock) -KRB5INT_DES_DEPRECATED; - -void des_init_random_number_generator(des_cblock) -KRB5INT_DES_DEPRECATED; - -int des_random_key(des_cblock *) -KRB5INT_DES_DEPRECATED; - -int des_is_weak_key(des_cblock) -KRB5INT_DES_DEPRECATED; - -void des_cblock_print_file(des_cblock *, FILE *fp) -KRB5INT_DES_DEPRECATED; - - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB5INT_CRYPTO_DES_INT */ -#endif /* DES_DEFS */ diff --git a/libkrb/KerberosIV/kadm_err.h b/libkrb/KerberosIV/kadm_err.h deleted file mode 100644 index c7b54b9..0000000 --- a/libkrb/KerberosIV/kadm_err.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * include//kerberosIV/kadm_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define KADM_RCSID (-1783126272L) -#define KADM_NO_REALM (-1783126271L) -#define KADM_NO_CRED (-1783126270L) -#define KADM_BAD_KEY (-1783126269L) -#define KADM_NO_ENCRYPT (-1783126268L) -#define KADM_NO_AUTH (-1783126267L) -#define KADM_WRONG_REALM (-1783126266L) -#define KADM_NO_ROOM (-1783126265L) -#define KADM_BAD_VER (-1783126264L) -#define KADM_BAD_CHK (-1783126263L) -#define KADM_NO_READ (-1783126262L) -#define KADM_NO_OPCODE (-1783126261L) -#define KADM_NO_HOST (-1783126260L) -#define KADM_UNK_HOST (-1783126259L) -#define KADM_NO_SERV (-1783126258L) -#define KADM_NO_SOCK (-1783126257L) -#define KADM_NO_CONN (-1783126256L) -#define KADM_NO_HERE (-1783126255L) -#define KADM_NO_MAST (-1783126254L) -#define KADM_NO_VERI (-1783126253L) -#define KADM_INUSE (-1783126252L) -#define KADM_UK_SERROR (-1783126251L) -#define KADM_UK_RERROR (-1783126250L) -#define KADM_UNAUTH (-1783126249L) -#define KADM_DATA (-1783126248L) -#define KADM_NOENTRY (-1783126247L) -#define KADM_NOMEM (-1783126246L) -#define KADM_NO_HOSTNAME (-1783126245L) -#define KADM_NO_BIND (-1783126244L) -#define KADM_LENGTH_ERROR (-1783126243L) -#define KADM_ILL_WILDCARD (-1783126242L) -#define KADM_DB_INUSE (-1783126241L) -#define KADM_INSECURE_PW (-1783126240L) -#define KADM_PW_MISMATCH (-1783126239L) -#define KADM_NOT_SERV_PRINC (-1783126238L) -#define KADM_REALM_TOO_LONG (-1783126237L) -#define ERROR_TABLE_BASE_kadm (-1783126272L) - -extern const struct error_table et_kadm_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_kadm_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_kadm_error_table() -#endif - -#if !defined(_WIN32) -#define init_kadm_err_tbl initialize_kadm_error_table -#define kadm_err_base ERROR_TABLE_BASE_kadm -#endif diff --git a/libkrb/KerberosIV/krb.h b/libkrb/KerberosIV/krb.h deleted file mode 100644 index 054acc5..0000000 --- a/libkrb/KerberosIV/krb.h +++ /dev/null @@ -1,924 +0,0 @@ -/* - * include/kerberosIV/krb.h - * - * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Kerberos V4 library. - */ - -/* Only one time, please */ -#ifndef KRB_DEFS -#define KRB_DEFS - -/* - * For MacOS, don't expose prototypes of various private functions. - * Unfortuantely, they've leaked out everywhere else. - */ -#if defined(__MACH__) && defined(__APPLE__) -#include -#include -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#ifndef KRB_PRIVATE -#define KRB_PRIVATE 0 -#endif -#ifdef DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#define KRB5INT_KRB4_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#else -#ifndef KRB_PRIVATE -#define KRB_PRIVATE 1 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to KRB4 types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_KRB4_DEPRECATED -#define KRB5INT_KRB4_DEPRECATED -#endif - -/* Define u_char, u_short, u_int, and u_long. */ -/* XXX these typdef names are not standardized! */ -#include - -/* Need some defs from des.h */ -#include -#include -#include - -#ifdef _WIN32 -#include -#endif /* _WIN32 */ - -#ifdef __cplusplus -#ifndef KRBINT_BEGIN_DECLS -#define KRBINT_BEGIN_DECLS extern "C" { -#define KRBINT_END_DECLS } -#endif -#else -#define KRBINT_BEGIN_DECLS -#define KRBINT_END_DECLS -#endif -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -#define KRB4_32 DES_INT32 -#define KRB_INT32 DES_INT32 -#define KRB_UINT32 DES_UINT32 - -#define MAX_KRB_ERRORS 256 - -#if TARGET_OS_MAC -/* ABI divergence on Mac for backwards compatibility. */ -extern const char * const * const krb_err_txt -KRB5INT_KRB4_DEPRECATED; -#else -extern const char * const krb_err_txt[MAX_KRB_ERRORS] -KRB5INT_KRB4_DEPRECATED; -#endif - -/* General definitions */ -#define KSUCCESS 0 -#define KFAILURE 255 - -/* - * Kerberos specific definitions - * - * KRBLOG is the log file for the kerberos master server. KRB_CONF is - * the configuration file where different host machines running master - * and slave servers can be found. KRB_MASTER is the name of the - * machine with the master database. The admin_server runs on this - * machine, and all changes to the db (as opposed to read-only - * requests, which can go to slaves) must go to it. KRB_HOST is the - * default machine * when looking for a kerberos slave server. Other - * possibilities are * in the KRB_CONF file. KRB_REALM is the name of - * the realm. - */ - -#define KRB_CONF "/etc/krb.conf" -#define KRB_RLM_TRANS "/etc/krb.realms" -#define KRB_MASTER "kerberos" -#define KRB_HOST KRB_MASTER -#define KRB_REALM "ATHENA.MIT.EDU" - -/* The maximum sizes for aname, realm, sname, and instance +1 */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 -#define ADDR_SZ 40 -/* - * NB: This overcounts due to NULs. - */ -/* include space for '.' and '@' */ -#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) -#define KKEY_SZ 100 -#define VERSION_SZ 1 -#define MSG_TYPE_SZ 1 -#define DATE_SZ 26 /* RTI date output */ - -#define MAX_HSTNM 100 - -#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ -#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */ -#endif - -#define KRB_TICKET_GRANTING_TICKET "krbtgt" - -/* Definition of text structure used to pass text around */ -#define MAX_KTXT_LEN 1250 - -struct ktext { - int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - unsigned long mbz; /* zero to catch runaway strings */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct ktext *KTEXT KRB5INT_KRB4_DEPRECATED; -typedef struct ktext KTEXT_ST KRB5INT_KRB4_DEPRECATED; - - -/* Definitions for send_to_kdc */ -#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ -#define CLIENT_KRB_RETRY 5 /* retry this many times */ -#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ - -/* Definitions for ticket file utilities */ -#define R_TKT_FIL 0 -#define W_TKT_FIL 1 - -/* Definitions for cl_get_tgt */ -#ifdef PC -#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" -#else -#define CL_GTGT_INIT_FILE "/etc/k_in_tkts" -#endif /* PC */ - -/* Parameters for rd_ap_req */ -/* Maximum allowable clock skew in seconds */ -#define CLOCK_SKEW 5*60 -/* Filename for readservkey */ -#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab")) - -/* Structure definition for rd_ap_req */ - -struct auth_dat { - unsigned char k_flags; /* Flags from ticket */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* His Instance */ - char prealm[REALM_SZ]; /* His Realm */ - unsigned KRB4_32 checksum; /* Data checksum (opt) */ - C_Block session; /* Session Key */ - int life; /* Life of ticket */ - unsigned KRB4_32 time_sec; /* Time ticket issued */ - unsigned KRB4_32 address; /* Address in ticket */ - KTEXT_ST reply; /* Auth reply (opt) */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct auth_dat AUTH_DAT KRB5INT_KRB4_DEPRECATED; - -/* Structure definition for credentials returned by get_cred */ - -struct credentials { - char service[ANAME_SZ]; /* Service name */ - char instance[INST_SZ]; /* Instance */ - char realm[REALM_SZ]; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT_ST ticket_st; /* The ticket itself */ - KRB4_32 issue_date; /* The issue time */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* Principal's instance */ -#if TARGET_OS_MAC - KRB_UINT32 address; /* Address in ticket */ - KRB_UINT32 stk_type; /* string_to_key function needed */ -#endif -#ifdef _WIN32 - char address[ADDR_SZ]; /* Address in ticket */ -#endif -} KRB5INT_KRB4_DEPRECATED; - -typedef struct credentials CREDENTIALS KRB5INT_KRB4_DEPRECATED; - -/* Structure definition for rd_private_msg and rd_safe_msg */ - -struct msg_dat { - unsigned char *app_data; /* pointer to appl data */ - unsigned KRB4_32 app_length; /* length of appl data */ - unsigned KRB4_32 hash; /* hash to lookup replay */ - int swap; /* swap bytes? */ - KRB4_32 time_sec; /* msg timestamp seconds */ - unsigned char time_5ms; /* msg timestamp 5ms units */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct msg_dat MSG_DAT KRB5INT_KRB4_DEPRECATED; - - -/* Location of ticket file for save_cred and get_cred */ -#ifdef _WIN32 -#define TKT_FILE "\\kerberos\\ticket.ses" -#else -#define TKT_FILE tkt_string() -#define TKT_ROOT "/tmp/tkt" -#endif /* _WIN32 */ - -/* - * Error codes are now defined as offsets from com_err (krb_err.et) - * values. - */ -#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb) - -/* Error codes returned from the KDC */ -#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */ -#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */ -#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */ -#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */ -#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */ -#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */ -#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */ -#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */ -#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */ -#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */ -#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */ -#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */ - -/* Values returned by get_credentials */ -#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ -#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ -#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ -#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ -#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ -#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ - -/* Values returned by mk_ap_req */ -#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */ -#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */ - -/* Values returned by rd_ap_req */ -#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */ -#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */ -#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */ -#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */ -#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */ -#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */ -#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */ -#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */ -#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */ -#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */ -#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */ -#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */ -#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */ -#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */ - -/* Values returned by get_pw_tkt */ -#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */ -#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ -#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */ -#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */ -#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */ -#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */ - -/* Values returned by send_to_kdc */ -#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */ -#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */ -#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */ - -/* - * Values returned by get_intkt - * (can also return SKDC_* and KDC errors) - */ - -#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */ -#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ -#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */ -#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */ -#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */ -#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */ - -/* Values returned by get_adtkt */ -#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */ -#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */ - -/* Error codes returned by ticket file utilities */ -#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */ -#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */ -#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */ -#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */ -#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */ - -/* Error code returned by kparse_name */ -#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */ - -/* Error code returned by krb_mk_safe */ -#define SAFE_PRIV_ERROR (-1) /* syscall error */ - -/* Kerberos ticket flag field bit definitions */ -#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ -#define K_FLAG_1 /* reserved */ -#define K_FLAG_2 /* reserved */ -#define K_FLAG_3 /* reserved */ -#define K_FLAG_4 /* reserved */ -#define K_FLAG_5 /* reserved */ -#define K_FLAG_6 /* reserved */ -#define K_FLAG_7 /* reserved, bit 7 --> msb */ - -/* Are these needed anymore? */ -#ifdef OLDNAMES -#define krb_mk_req mk_ap_req -#define krb_rd_req rd_ap_req -#define krb_kntoln an_to_ln -#define krb_set_key set_serv_key -#define krb_get_cred get_credentials -#define krb_mk_priv mk_private_msg -#define krb_rd_priv rd_private_msg -#define krb_mk_safe mk_safe_msg -#define krb_rd_safe rd_safe_msg -#define krb_mk_err mk_appl_err_msg -#define krb_rd_err rd_appl_err_msg -#define krb_ck_repl check_replay -#define krb_get_pw_in_tkt get_in_tkt -#define krb_get_svc_in_tkt get_svc_in_tkt -#define krb_get_pw_tkt get_pw_tkt -#define krb_realmofhost krb_getrealm -#define krb_get_phost get_phost -#define krb_get_krbhst get_krbhst -#define krb_get_lrealm get_krbrlm -#endif /* OLDNAMES */ - -/* Defines for krb_sendauth and krb_recvauth */ - -#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ -#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ -#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */ - -#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ - -#ifdef ATHENA_COMPAT -#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ -#endif /* ATHENA_COMPAT */ - - -#ifdef _WIN32 -#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0) -#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us)) -#define CONVERT_TIME_EPOCH win_time_get_epoch() -#else -/* until we do V4 compat under DOS, just turn this off */ -#define _fmemcpy memcpy -#define _fstrncpy strncpy -#define far_fputs fputs -/* and likewise, just drag in the unix time interface */ -#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0) -#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us)) -#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */ -#endif /* _WIN32 */ - -/* Constants for KerberosProfileLib */ -#define REALMS_V4_PROF_REALMS_SECTION "v4 realms" -#define REALMS_V4_PROF_KDC "kdc" -#define REALMS_V4_PROF_ADMIN_KDC "admin_server" -#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server" -#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm" -#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults" -#define REALMS_V4_PROF_LOCAL_REALM "default_realm" -#define REALMS_V4_PROF_STK "string_to_key_type" -#define REALMS_V4_MIT_STK "mit_string_to_key" -#define REALMS_V4_AFS_STK "afs_string_to_key" -#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key" -#define REALMS_V4_DEFAULT_REALM "default_realm" -#define REALMS_V4_NO_ADDRESSES "noaddresses" - -/* ask to disable IP address checking in the library */ -extern int krb_ignore_ip_address; - -/* Debugging printfs shouldn't even be compiled on many systems that don't - support printf! Use it like DEB (("Oops - %s\n", string)); */ - -#ifdef DEBUG -#define DEB(x) if (krb_debug) printf x -extern int krb_debug; -#else -#define DEB(x) /* nothing */ -#endif - -/* Define a couple of function types including parameters. These - are needed on MS-Windows to convert arguments of the function pointers - to the proper types during calls. */ - -typedef int (KRB5_CALLCONV *key_proc_type) - (char *, char *, char *, - char *, C_Block) -KRB5INT_KRB4_DEPRECATED; - -#define KEY_PROC_TYPE_DEFINED - -typedef int (KRB5_CALLCONV *decrypt_tkt_type) - (char *, char *, char *, - char *, key_proc_type, KTEXT *) -KRB5INT_KRB4_DEPRECATED; - -#define DECRYPT_TKT_TYPE_DEFINED - -extern struct _krb5_context * krb5__krb4_context; - -/* - * Function Prototypes for Kerberos V4. - */ - -struct sockaddr_in; - -/* dest_tkt.c */ -int KRB5_CALLCONV dest_tkt - (void) -KRB5INT_KRB4_DEPRECATED; - -/* err_txt.c */ -const char * KRB5_CALLCONV krb_get_err_text - (int errnum) -KRB5INT_KRB4_DEPRECATED; - -/* g_ad_tkt.c */ -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV get_ad_tkt - (char *service, char *sinst, char *realm, int lifetime) -KRB5INT_KRB4_DEPRECATED; - -/* g_admhst.c */ -int KRB5_CALLCONV krb_get_admhst - (char *host, char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_cred.c */ -int KRB5_CALLCONV krb_get_cred - (char *service, char *instance, char *realm, - CREDENTIALS *c) -KRB5INT_KRB4_DEPRECATED; - -/* g_in_tkt.c */ -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV krb_get_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinst, int life, - key_proc_type, decrypt_tkt_type, char *arg) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV krb_get_in_tkt_preauth - (char *k_user, char *instance, char *realm, - char *service, char *sinst, int life, - key_proc_type, decrypt_tkt_type, char *arg, - char *preauth_p, int preauth_len) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* From KfM */ -int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *, - int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *) -KRB5INT_KRB4_DEPRECATED; - - -/* g_krbhst.c */ -int KRB5_CALLCONV krb_get_krbhst - (char *host, const char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_krbrlm.c */ -int KRB5_CALLCONV krb_get_lrealm - (char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_phost.c */ -char * KRB5_CALLCONV krb_get_phost - (char * alias) -KRB5INT_KRB4_DEPRECATED; - -/* get_pw_tkt */ -int KRB5_CALLCONV get_pw_tkt - (char *, char *, char *, char *) -KRB5INT_KRB4_DEPRECATED; - -/* g_pw_in_tkt.c */ -int KRB5_CALLCONV krb_get_pw_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *password) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -int KRB5_CALLCONV krb_get_pw_in_tkt_preauth - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *password) -KRB5INT_KRB4_DEPRECATED; -#endif - -int KRB5_CALLCONV -krb_get_pw_in_tkt_creds(char *, char *, char *, - char *, char *, int, char *, CREDENTIALS *) -KRB5INT_KRB4_DEPRECATED; - -/* g_svc_in_tkt.c */ -int KRB5_CALLCONV krb_get_svc_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *srvtab) -KRB5INT_KRB4_DEPRECATED; - -/* g_tf_fname.c */ -int KRB5_CALLCONV krb_get_tf_fullname - (const char *ticket_file, char *name, char *inst, char *realm) -KRB5INT_KRB4_DEPRECATED; - -/* g_tf_realm.c */ -int KRB5_CALLCONV krb_get_tf_realm - (const char *ticket_file, char *realm) -KRB5INT_KRB4_DEPRECATED; - -/* g_tkt_svc.c */ -int KRB5_CALLCONV krb_get_ticket_for_service - (char *serviceName, - char *buf, unsigned KRB4_32 *buflen, - int checksum, des_cblock, Key_schedule, - char *version, int includeVersion) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* in_tkt.c */ -int KRB5_CALLCONV in_tkt - (char *name, char *inst) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_in_tkt - (char *pname, char *pinst, char *realm) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* kname_parse.c */ -int KRB5_CALLCONV kname_parse - (char *name, char *inst, char *realm, - char *fullname) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV kname_unparse - (char *, const char *, const char *, const char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isname - (char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isinst - (char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isrealm - (char *) -KRB5INT_KRB4_DEPRECATED; - - -/* kuserok.c */ -int KRB5_CALLCONV kuserok - (AUTH_DAT *kdata, char *luser) -KRB5INT_KRB4_DEPRECATED; - -/* lifetime.c */ -KRB4_32 KRB5_CALLCONV krb_life_to_time - (KRB4_32 start, int life) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_time_to_life - (KRB4_32 start, KRB4_32 end) -KRB5INT_KRB4_DEPRECATED; - -/* mk_auth.c */ -int KRB5_CALLCONV krb_check_auth - (KTEXT, unsigned KRB4_32 cksum, MSG_DAT *, - C_Block, Key_schedule, - struct sockaddr_in * local_addr, - struct sockaddr_in * foreign_addr) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_mk_auth - (long k4_options, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, char *version, KTEXT buf) -KRB5INT_KRB4_DEPRECATED; - -/* mk_err.c */ -long KRB5_CALLCONV krb_mk_err - (u_char *out, KRB4_32 k4_code, char *text) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* mk_preauth.c */ -int krb_mk_preauth - (char **preauth_p, int *preauth_len, key_proc_type, - char *name, char *inst, char *realm, char *password, - C_Block) -KRB5INT_KRB4_DEPRECATED; - -void krb_free_preauth - (char * preauth_p, int len) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* mk_priv.c */ -long KRB5_CALLCONV krb_mk_priv - (u_char *in, u_char *out, - unsigned KRB4_32 length, - Key_schedule, C_Block *, - struct sockaddr_in * sender, - struct sockaddr_in * receiver) -KRB5INT_KRB4_DEPRECATED; - -/* mk_req.c */ -int KRB5_CALLCONV krb_mk_req - (KTEXT authent, - char *service, char *instance, char *realm, - KRB4_32 checksum) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32) -KRB5INT_KRB4_DEPRECATED; - -/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */ -int KRB5_CALLCONV krb_set_lifetime(int newval) -KRB5INT_KRB4_DEPRECATED; - -/* mk_safe.c */ -long KRB5_CALLCONV krb_mk_safe - (u_char *in, u_char *out, unsigned KRB4_32 length, - C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* netread.c */ -int krb_net_read - (int fd, char *buf, int len) -KRB5INT_KRB4_DEPRECATED; - -/* netwrite.c */ -int krb_net_write - (int fd, char *buf, int len) -KRB5INT_KRB4_DEPRECATED; - -/* pkt_clen.c */ -int pkt_clen - (KTEXT) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* put_svc_key.c */ -int KRB5_CALLCONV put_svc_key - (char *sfile, - char *name, char *inst, char *realm, - int newvno, char *key) -KRB5INT_KRB4_DEPRECATED; - -/* rd_err.c */ -int KRB5_CALLCONV krb_rd_err - (u_char *in, u_long in_length, - long *k4_code, MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_priv.c */ -long KRB5_CALLCONV krb_rd_priv - (u_char *in,unsigned KRB4_32 in_length, - Key_schedule, C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver, - MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_req.c */ -int KRB5_CALLCONV krb_rd_req - (KTEXT, char *service, char *inst, - unsigned KRB4_32 from_addr, AUTH_DAT *, - char *srvtab) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV -krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block) -KRB5INT_KRB4_DEPRECATED; - -/* rd_safe.c */ -long KRB5_CALLCONV krb_rd_safe - (u_char *in, unsigned KRB4_32 in_length, - C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver, - MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_svc_key.c */ -int KRB5_CALLCONV read_service_key - (char *service, char *instance, char *realm, - int kvno, char *file, char *key) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV get_service_key - (char *service, char *instance, char *realm, - int *kvno, char *file, char *key) -KRB5INT_KRB4_DEPRECATED; - -/* realmofhost.c */ -char * KRB5_CALLCONV krb_realmofhost - (char *host) -KRB5INT_KRB4_DEPRECATED; - -/* recvauth.c */ -int KRB5_CALLCONV krb_recvauth - (long k4_options, int fd, KTEXT ticket, - char *service, char *instance, - struct sockaddr_in *foreign_addr, - struct sockaddr_in *local_addr, - AUTH_DAT *kdata, char *srvtab, - Key_schedule schedule, char *version) -KRB5INT_KRB4_DEPRECATED; - -/* sendauth.c */ -int KRB5_CALLCONV krb_sendauth - (long k4_options, int fd, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, MSG_DAT *msg_data, - CREDENTIALS *cred, Key_schedule schedule, - struct sockaddr_in *laddr, struct sockaddr_in *faddr, - char *version) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* save_creds.c */ -int KRB5_CALLCONV krb_save_credentials - (char *service, char *instance, char *realm, - C_Block session, int lifetime, int kvno, - KTEXT ticket, long issue_date) -KRB5INT_KRB4_DEPRECATED; - -/* send_to_kdc.c */ -/* XXX PRIVATE? KfM doesn't export. */ -int send_to_kdc - (KTEXT pkt, KTEXT rpkt, char *realm) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* tkt_string.c */ -/* Used to return pointer to non-const char */ -const char * KRB5_CALLCONV tkt_string - (void) -KRB5INT_KRB4_DEPRECATED; - -/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */ -void KRB5_CALLCONV krb_set_tkt_string - (const char *) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* tf_util.c */ -int KRB5_CALLCONV tf_init (const char *tf_name, int rw) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_pname (char *p) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_pinst (char *p) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c) -KRB5INT_KRB4_DEPRECATED; - -void KRB5_CALLCONV tf_close (void) -KRB5INT_KRB4_DEPRECATED; -#endif - -#if KRB_PRIVATE -/* unix_time.c */ -unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec - (unsigned KRB4_32 *) -KRB5INT_KRB4_DEPRECATED; - -/* - * Internal prototypes - */ -extern int krb_set_key - (char *key, int cvt) -KRB5INT_KRB4_DEPRECATED; - -/* This is exported by KfM. It was previously not KRB5_CALLCONV. */ -extern int KRB5_CALLCONV decomp_ticket - (KTEXT tkt, unsigned char *flags, char *pname, - char *pinstance, char *prealm, unsigned KRB4_32 *paddress, - C_Block session, int *life, unsigned KRB4_32 *time_sec, - char *sname, char *sinstance, C_Block, - Key_schedule key_s) -KRB5INT_KRB4_DEPRECATED; - - -extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, - u_long time_ws, u_long e, char *e_string) -KRB5INT_KRB4_DEPRECATED; - -extern int create_ciph(KTEXT c, C_Block session, char *service, - char *instance, char *realm, unsigned long life, - int kvno, KTEXT tkt, unsigned long kdc_time, - C_Block key) -KRB5INT_KRB4_DEPRECATED; - - -extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance, C_Block key) -KRB5INT_KRB4_DEPRECATED; - -#endif /* KRB_PRIVATE */ - -/* This function is used by KEYFILE above. Do not call it directly */ -extern char * krb__get_srvtabname(const char *) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE - -extern int krb_kntoln(AUTH_DAT *, char *) -KRB5INT_KRB4_DEPRECATED; - -#ifdef KRB5_GENERAL__ -extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance, - krb5_keyblock *k5key) -KRB5INT_KRB4_DEPRECATED; - -extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key) -KRB5INT_KRB4_DEPRECATED; - -#endif - -#endif /* KRB_PRIVATE */ - -/* - * krb_change_password -- merged from KfM - */ -/* change_password.c */ -int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *) -KRB5INT_KRB4_DEPRECATED; - -/* - * RealmsConfig-glue.c -- merged from KfM - */ -int KRB5_CALLCONV krb_get_profile(profile_t *) -KRB5INT_KRB4_DEPRECATED; - -#ifdef _WIN32 -HINSTANCE get_lib_instance(void) -KRB5INT_KRB4_DEPRECATED; -unsigned int krb_get_notification_message(void) -KRB5INT_KRB4_DEPRECATED; -char * KRB5_CALLCONV krb_get_default_user(void) -KRB5INT_KRB4_DEPRECATED; -int KRB5_CALLCONV krb_set_default_user(char *) -KRB5INT_KRB4_DEPRECATED; -unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *) -KRB5INT_KRB4_DEPRECATED; -long win_time_get_epoch(void) -KRB5INT_KRB4_DEPRECATED; -#endif - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB_DEFS */ diff --git a/libkrb/KerberosIV/krb_err.h b/libkrb/KerberosIV/krb_err.h deleted file mode 100644 index 5415227..0000000 --- a/libkrb/KerberosIV/krb_err.h +++ /dev/null @@ -1,278 +0,0 @@ -/* - * include//kerberosIV/krb_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define KRBET_KSUCCESS (39525376L) -#define KRBET_KDC_NAME_EXP (39525377L) -#define KRBET_KDC_SERVICE_EXP (39525378L) -#define KRBET_KDC_AUTH_EXP (39525379L) -#define KRBET_KDC_PKT_VER (39525380L) -#define KRBET_KDC_P_MKEY_VER (39525381L) -#define KRBET_KDC_S_MKEY_VER (39525382L) -#define KRBET_KDC_BYTE_ORDER (39525383L) -#define KRBET_KDC_PR_UNKNOWN (39525384L) -#define KRBET_KDC_PR_N_UNIQUE (39525385L) -#define KRBET_KDC_NULL_KEY (39525386L) -#define KRBET_KRB_RES11 (39525387L) -#define KRBET_KRB_RES12 (39525388L) -#define KRBET_KRB_RES13 (39525389L) -#define KRBET_KRB_RES14 (39525390L) -#define KRBET_KRB_RES15 (39525391L) -#define KRBET_KRB_RES16 (39525392L) -#define KRBET_KRB_RES17 (39525393L) -#define KRBET_KRB_RES18 (39525394L) -#define KRBET_KRB_RES19 (39525395L) -#define KRBET_KDC_GEN_ERR (39525396L) -#define KRBET_GC_TKFIL (39525397L) -#define KRBET_GC_NOTKT (39525398L) -#define KRBET_KRB_RES23 (39525399L) -#define KRBET_KRB_RES24 (39525400L) -#define KRBET_KRB_RES25 (39525401L) -#define KRBET_MK_AP_TGTEXP (39525402L) -#define KRBET_KRB_RES27 (39525403L) -#define KRBET_KRB_RES28 (39525404L) -#define KRBET_KRB_RES29 (39525405L) -#define KRBET_KRB_RES30 (39525406L) -#define KRBET_RD_AP_UNDEC (39525407L) -#define KRBET_RD_AP_EXP (39525408L) -#define KRBET_RD_AP_NYV (39525409L) -#define KRBET_RD_AP_REPEAT (39525410L) -#define KRBET_RD_AP_NOT_US (39525411L) -#define KRBET_RD_AP_INCON (39525412L) -#define KRBET_RD_AP_TIME (39525413L) -#define KRBET_RD_AP_BADD (39525414L) -#define KRBET_RD_AP_VERSION (39525415L) -#define KRBET_RD_AP_MSG_TYPE (39525416L) -#define KRBET_RD_AP_MODIFIED (39525417L) -#define KRBET_RD_AP_ORDER (39525418L) -#define KRBET_RD_AP_UNAUTHOR (39525419L) -#define KRBET_KRB_RES44 (39525420L) -#define KRBET_KRB_RES45 (39525421L) -#define KRBET_KRB_RES46 (39525422L) -#define KRBET_KRB_RES47 (39525423L) -#define KRBET_KRB_RES48 (39525424L) -#define KRBET_KRB_RES49 (39525425L) -#define KRBET_KRB_RES50 (39525426L) -#define KRBET_GT_PW_NULL (39525427L) -#define KRBET_GT_PW_BADPW (39525428L) -#define KRBET_GT_PW_PROT (39525429L) -#define KRBET_GT_PW_KDCERR (39525430L) -#define KRBET_GT_PW_NULLTKT (39525431L) -#define KRBET_SKDC_RETRY (39525432L) -#define KRBET_SKDC_CANT (39525433L) -#define KRBET_KRB_RES58 (39525434L) -#define KRBET_KRB_RES59 (39525435L) -#define KRBET_KRB_RES60 (39525436L) -#define KRBET_INTK_W_NOTALL (39525437L) -#define KRBET_INTK_BADPW (39525438L) -#define KRBET_INTK_PROT (39525439L) -#define KRBET_KRB_RES64 (39525440L) -#define KRBET_KRB_RES65 (39525441L) -#define KRBET_KRB_RES66 (39525442L) -#define KRBET_KRB_RES67 (39525443L) -#define KRBET_KRB_RES68 (39525444L) -#define KRBET_KRB_RES69 (39525445L) -#define KRBET_INTK_ERR (39525446L) -#define KRBET_AD_NOTGT (39525447L) -#define KRBET_KRB_RES72 (39525448L) -#define KRBET_KRB_RES73 (39525449L) -#define KRBET_KRB_RES74 (39525450L) -#define KRBET_KRB_RES75 (39525451L) -#define KRBET_NO_TKT_FIL (39525452L) -#define KRBET_TKT_FIL_ACC (39525453L) -#define KRBET_TKT_FIL_LCK (39525454L) -#define KRBET_TKT_FIL_FMT (39525455L) -#define KRBET_TKT_FIL_INI (39525456L) -#define KRBET_KNAME_FMT (39525457L) -#define KRBET_RES82 (39525458L) -#define KRBET_RES83 (39525459L) -#define KRBET_RES84 (39525460L) -#define KRBET_RES85 (39525461L) -#define KRBET_RES86 (39525462L) -#define KRBET_RES87 (39525463L) -#define KRBET_RES88 (39525464L) -#define KRBET_RES89 (39525465L) -#define KRBET_RES90 (39525466L) -#define KRBET_RES91 (39525467L) -#define KRBET_RES92 (39525468L) -#define KRBET_RES93 (39525469L) -#define KRBET_RES94 (39525470L) -#define KRBET_RES95 (39525471L) -#define KRBET_RES96 (39525472L) -#define KRBET_RES97 (39525473L) -#define KRBET_RES98 (39525474L) -#define KRBET_RES99 (39525475L) -#define KRBET_RES100 (39525476L) -#define KRBET_RES101 (39525477L) -#define KRBET_RES102 (39525478L) -#define KRBET_RES103 (39525479L) -#define KRBET_RES104 (39525480L) -#define KRBET_RES105 (39525481L) -#define KRBET_RES106 (39525482L) -#define KRBET_RES107 (39525483L) -#define KRBET_RES108 (39525484L) -#define KRBET_RES109 (39525485L) -#define KRBET_RES110 (39525486L) -#define KRBET_RES111 (39525487L) -#define KRBET_RES112 (39525488L) -#define KRBET_RES113 (39525489L) -#define KRBET_RES114 (39525490L) -#define KRBET_RES115 (39525491L) -#define KRBET_RES116 (39525492L) -#define KRBET_RES117 (39525493L) -#define KRBET_RES118 (39525494L) -#define KRBET_RES119 (39525495L) -#define KRBET_RES120 (39525496L) -#define KRBET_RES121 (39525497L) -#define KRBET_RES122 (39525498L) -#define KRBET_RES123 (39525499L) -#define KRBET_RES124 (39525500L) -#define KRBET_RES125 (39525501L) -#define KRBET_RES126 (39525502L) -#define KRBET_RES127 (39525503L) -#define KRBET_RES128 (39525504L) -#define KRBET_RES129 (39525505L) -#define KRBET_RES130 (39525506L) -#define KRBET_RES131 (39525507L) -#define KRBET_RES132 (39525508L) -#define KRBET_RES133 (39525509L) -#define KRBET_RES134 (39525510L) -#define KRBET_RES135 (39525511L) -#define KRBET_RES136 (39525512L) -#define KRBET_RES137 (39525513L) -#define KRBET_RES138 (39525514L) -#define KRBET_RES139 (39525515L) -#define KRBET_RES140 (39525516L) -#define KRBET_RES141 (39525517L) -#define KRBET_RES142 (39525518L) -#define KRBET_RES143 (39525519L) -#define KRBET_RES144 (39525520L) -#define KRBET_RES145 (39525521L) -#define KRBET_RES146 (39525522L) -#define KRBET_RES147 (39525523L) -#define KRBET_RES148 (39525524L) -#define KRBET_RES149 (39525525L) -#define KRBET_RES150 (39525526L) -#define KRBET_RES151 (39525527L) -#define KRBET_RES152 (39525528L) -#define KRBET_RES153 (39525529L) -#define KRBET_RES154 (39525530L) -#define KRBET_RES155 (39525531L) -#define KRBET_RES156 (39525532L) -#define KRBET_RES157 (39525533L) -#define KRBET_RES158 (39525534L) -#define KRBET_RES159 (39525535L) -#define KRBET_RES160 (39525536L) -#define KRBET_RES161 (39525537L) -#define KRBET_RES162 (39525538L) -#define KRBET_RES163 (39525539L) -#define KRBET_RES164 (39525540L) -#define KRBET_RES165 (39525541L) -#define KRBET_RES166 (39525542L) -#define KRBET_RES167 (39525543L) -#define KRBET_RES168 (39525544L) -#define KRBET_RES169 (39525545L) -#define KRBET_RES170 (39525546L) -#define KRBET_RES171 (39525547L) -#define KRBET_RES172 (39525548L) -#define KRBET_RES173 (39525549L) -#define KRBET_RES174 (39525550L) -#define KRBET_RES175 (39525551L) -#define KRBET_RES176 (39525552L) -#define KRBET_RES177 (39525553L) -#define KRBET_RES178 (39525554L) -#define KRBET_RES179 (39525555L) -#define KRBET_RES180 (39525556L) -#define KRBET_RES181 (39525557L) -#define KRBET_RES182 (39525558L) -#define KRBET_RES183 (39525559L) -#define KRBET_RES184 (39525560L) -#define KRBET_RES185 (39525561L) -#define KRBET_RES186 (39525562L) -#define KRBET_RES187 (39525563L) -#define KRBET_RES188 (39525564L) -#define KRBET_RES189 (39525565L) -#define KRBET_RES190 (39525566L) -#define KRBET_RES191 (39525567L) -#define KRBET_RES192 (39525568L) -#define KRBET_RES193 (39525569L) -#define KRBET_RES194 (39525570L) -#define KRBET_RES195 (39525571L) -#define KRBET_RES196 (39525572L) -#define KRBET_RES197 (39525573L) -#define KRBET_RES198 (39525574L) -#define KRBET_RES199 (39525575L) -#define KRBET_RES200 (39525576L) -#define KRBET_RES201 (39525577L) -#define KRBET_RES202 (39525578L) -#define KRBET_RES203 (39525579L) -#define KRBET_RES204 (39525580L) -#define KRBET_RES205 (39525581L) -#define KRBET_RES206 (39525582L) -#define KRBET_RES207 (39525583L) -#define KRBET_RES208 (39525584L) -#define KRBET_RES209 (39525585L) -#define KRBET_RES210 (39525586L) -#define KRBET_RES211 (39525587L) -#define KRBET_RES212 (39525588L) -#define KRBET_RES213 (39525589L) -#define KRBET_RES214 (39525590L) -#define KRBET_RES215 (39525591L) -#define KRBET_RES216 (39525592L) -#define KRBET_RES217 (39525593L) -#define KRBET_RES218 (39525594L) -#define KRBET_RES219 (39525595L) -#define KRBET_RES220 (39525596L) -#define KRBET_RES221 (39525597L) -#define KRBET_RES222 (39525598L) -#define KRBET_RES223 (39525599L) -#define KRBET_RES224 (39525600L) -#define KRBET_RES225 (39525601L) -#define KRBET_RES226 (39525602L) -#define KRBET_RES227 (39525603L) -#define KRBET_RES228 (39525604L) -#define KRBET_RES229 (39525605L) -#define KRBET_RES230 (39525606L) -#define KRBET_RES231 (39525607L) -#define KRBET_RES232 (39525608L) -#define KRBET_RES233 (39525609L) -#define KRBET_RES234 (39525610L) -#define KRBET_RES235 (39525611L) -#define KRBET_RES236 (39525612L) -#define KRBET_RES237 (39525613L) -#define KRBET_RES238 (39525614L) -#define KRBET_RES239 (39525615L) -#define KRBET_RES240 (39525616L) -#define KRBET_RES241 (39525617L) -#define KRBET_RES242 (39525618L) -#define KRBET_RES243 (39525619L) -#define KRBET_RES244 (39525620L) -#define KRBET_RES245 (39525621L) -#define KRBET_RES246 (39525622L) -#define KRBET_RES247 (39525623L) -#define KRBET_RES248 (39525624L) -#define KRBET_RES249 (39525625L) -#define KRBET_RES250 (39525626L) -#define KRBET_RES251 (39525627L) -#define KRBET_RES252 (39525628L) -#define KRBET_RES253 (39525629L) -#define KRBET_RES254 (39525630L) -#define KRBET_KFAILURE (39525631L) -#define ERROR_TABLE_BASE_krb (39525376L) - -extern const struct error_table et_krb_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_krb_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_krb_error_table() -#endif - -#if !defined(_WIN32) -#define init_krb_err_tbl initialize_krb_error_table -#define krb_err_base ERROR_TABLE_BASE_krb -#endif diff --git a/libkrb/KerberosIV/mit-copyright.h b/libkrb/KerberosIV/mit-copyright.h deleted file mode 100644 index e008657..0000000 --- a/libkrb/KerberosIV/mit-copyright.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - Copyright (C) 1989 by the Massachusetts Institute of Technology - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, Permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Furthermore if you modify this software you must label -your software as modified software and not distribute it in such a -fashion that it might be confused with the original M.I.T. software. -M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - - */ diff --git a/libkrb/com_err.h b/libkrb/com_err.h deleted file mode 100644 index 042a9bd..0000000 --- a/libkrb/com_err.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Header file for common error description library. - * - * Copyright 1988, Student Information Processing Board of the - * Massachusetts Institute of Technology. - * - * Copyright 1995 by Cygnus Support. - * - * For copyright and distribution info, see the documentation supplied - * with this package. - */ - -#ifndef __COM_ERR_H - -#if defined(_WIN32) -#include -#endif - -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif - -#include - -typedef long errcode_t; -typedef void (*et_old_error_hook_func) (const char *, errcode_t, - const char *, va_list ap); - -struct error_table { - /*@shared@*/ char const * const * msgs; - long base; - unsigned int n_msgs; -}; - -#ifdef __cplusplus -extern "C" { -#endif - -/* Public interfaces */ -extern void KRB5_CALLCONV_C com_err - (const char *, errcode_t, const char *, ...); -extern void KRB5_CALLCONV com_err_va - (const char *whoami, errcode_t code, const char *fmt, - va_list ap); -extern /*@observer@*//*@dependent@*/ const char * KRB5_CALLCONV error_message - (errcode_t) - /*@modifies internalState@*/; -extern errcode_t KRB5_CALLCONV add_error_table - (/*@dependent@*/ const struct error_table *) - /*@modifies internalState@*/; -extern errcode_t KRB5_CALLCONV remove_error_table - (const struct error_table *) - /*@modifies internalState@*/; - -#if !defined(_WIN32) -/* - * The display routine should be application specific. A global hook, - * may cause inappropriate display procedures to be called between - * applications under non-Unix environments. - */ - -extern et_old_error_hook_func set_com_err_hook (et_old_error_hook_func); -extern et_old_error_hook_func reset_com_err_hook (void); -#endif - -#ifdef __cplusplus -} -#endif - -#define __COM_ERR_H -#endif /* ! defined(__COM_ERR_H) */ diff --git a/libkrb/gssapi/gssapi.h b/libkrb/gssapi/gssapi.h deleted file mode 100644 index 2873b57..0000000 --- a/libkrb/gssapi/gssapi.h +++ /dev/null @@ -1,790 +0,0 @@ -/* - * Copyright 1993 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _GSSAPI_H_ -#define _GSSAPI_H_ - -/* - * Determine platform-dependent configuration. - */ - -#if defined(__MACH__) && defined(__APPLE__) -# include -# if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." -# endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -#if TARGET_OS_MAC -# pragma options align=mac68k -#endif - -#if defined(_MSDOS) || defined(_WIN32) -#include -#endif - -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif - -/* - * First, include stddef.h to get size_t defined. - */ -#include - -/* - * POSIX says that sys/types.h is where size_t is defined. - */ -#include - -/* - * $Id: gssapi.hin 18396 2006-07-25 20:29:43Z lxs $ - */ - -/* - * First, define the three platform-dependent pointer types. - */ - -struct gss_name_struct; -typedef struct gss_name_struct * gss_name_t; - -struct gss_cred_id_struct; -typedef struct gss_cred_id_struct * gss_cred_id_t; - -struct gss_ctx_id_struct; -typedef struct gss_ctx_id_struct * gss_ctx_id_t; - -/* - * The following type must be defined as the smallest natural unsigned integer - * supported by the platform that has at least 32 bits of precision. - */ -typedef uint32_t gss_uint32; -typedef int32_t gss_int32; - -#ifdef OM_STRING -/* - * We have included the xom.h header file. Use the definition for - * OM_object identifier. - */ -typedef OM_object_identifier gss_OID_desc, *gss_OID; -#else /* OM_STRING */ -/* - * We can't use X/Open definitions, so roll our own. - */ -typedef gss_uint32 OM_uint32; - -typedef struct gss_OID_desc_struct { - OM_uint32 length; - void *elements; -} gss_OID_desc, *gss_OID; -#endif /* OM_STRING */ - -typedef struct gss_OID_set_desc_struct { - size_t count; - gss_OID elements; -} gss_OID_set_desc, *gss_OID_set; - -typedef struct gss_buffer_desc_struct { - size_t length; - void *value; -} gss_buffer_desc, *gss_buffer_t; - -typedef struct gss_channel_bindings_struct { - OM_uint32 initiator_addrtype; - gss_buffer_desc initiator_address; - OM_uint32 acceptor_addrtype; - gss_buffer_desc acceptor_address; - gss_buffer_desc application_data; -} *gss_channel_bindings_t; - -/* - * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing - * discussions). - */ -typedef OM_uint32 gss_qop_t; -typedef int gss_cred_usage_t; - -/* - * Flag bits for context-level services. - */ -#define GSS_C_DELEG_FLAG 1 -#define GSS_C_MUTUAL_FLAG 2 -#define GSS_C_REPLAY_FLAG 4 -#define GSS_C_SEQUENCE_FLAG 8 -#define GSS_C_CONF_FLAG 16 -#define GSS_C_INTEG_FLAG 32 -#define GSS_C_ANON_FLAG 64 -#define GSS_C_PROT_READY_FLAG 128 -#define GSS_C_TRANS_FLAG 256 - -/* - * Credential usage options - */ -#define GSS_C_BOTH 0 -#define GSS_C_INITIATE 1 -#define GSS_C_ACCEPT 2 - -/* - * Status code types for gss_display_status - */ -#define GSS_C_GSS_CODE 1 -#define GSS_C_MECH_CODE 2 - -/* - * The constant definitions for channel-bindings address families - */ -#define GSS_C_AF_UNSPEC 0 -#define GSS_C_AF_LOCAL 1 -#define GSS_C_AF_INET 2 -#define GSS_C_AF_IMPLINK 3 -#define GSS_C_AF_PUP 4 -#define GSS_C_AF_CHAOS 5 -#define GSS_C_AF_NS 6 -#define GSS_C_AF_NBS 7 -#define GSS_C_AF_ECMA 8 -#define GSS_C_AF_DATAKIT 9 -#define GSS_C_AF_CCITT 10 -#define GSS_C_AF_SNA 11 -#define GSS_C_AF_DECnet 12 -#define GSS_C_AF_DLI 13 -#define GSS_C_AF_LAT 14 -#define GSS_C_AF_HYLINK 15 -#define GSS_C_AF_APPLETALK 16 -#define GSS_C_AF_BSC 17 -#define GSS_C_AF_DSS 18 -#define GSS_C_AF_OSI 19 -#define GSS_C_AF_X25 21 - -#define GSS_C_AF_NULLADDR 255 - -/* - * Various Null values. - */ -#define GSS_C_NO_NAME ((gss_name_t) 0) -#define GSS_C_NO_BUFFER ((gss_buffer_t) 0) -#define GSS_C_NO_OID ((gss_OID) 0) -#define GSS_C_NO_OID_SET ((gss_OID_set) 0) -#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0) -#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0) -#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0) -#define GSS_C_EMPTY_BUFFER {0, NULL} - -/* - * Some alternate names for a couple of the above values. These are defined - * for V1 compatibility. - */ -#define GSS_C_NULL_OID GSS_C_NO_OID -#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET - -/* - * Define the default Quality of Protection for per-message services. Note - * that an implementation that offers multiple levels of QOP may either reserve - * a value (for example zero, as assumed here) to mean "default protection", or - * alternatively may simply equate GSS_C_QOP_DEFAULT to a specific explicit - * QOP value. However a value of 0 should always be interpreted by a GSSAPI - * implementation as a request for the default protection level. - */ -#define GSS_C_QOP_DEFAULT 0 - -/* - * Expiration time of 2^32-1 seconds means infinite lifetime for a - * credential or security context - */ -#define GSS_C_INDEFINITE ((OM_uint32) 0xfffffffful) - - -/* Major status codes */ - -#define GSS_S_COMPLETE 0 - -/* - * Some "helper" definitions to make the status code macros obvious. - */ -#define GSS_C_CALLING_ERROR_OFFSET 24 -#define GSS_C_ROUTINE_ERROR_OFFSET 16 -#define GSS_C_SUPPLEMENTARY_OFFSET 0 -#define GSS_C_CALLING_ERROR_MASK ((OM_uint32) 0377ul) -#define GSS_C_ROUTINE_ERROR_MASK ((OM_uint32) 0377ul) -#define GSS_C_SUPPLEMENTARY_MASK ((OM_uint32) 0177777ul) - -/* - * The macros that test status codes for error conditions. Note that the - * GSS_ERROR() macro has changed slightly from the V1 GSSAPI so that it now - * evaluates its argument only once. - */ -#define GSS_CALLING_ERROR(x) \ - ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET)) -#define GSS_ROUTINE_ERROR(x) \ - ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET)) -#define GSS_SUPPLEMENTARY_INFO(x) \ - ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) -#define GSS_ERROR(x) \ - ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ - (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) - -/* - * Now the actual status code definitions - */ - -/* - * Calling errors: - */ -#define GSS_S_CALL_INACCESSIBLE_READ \ - (((OM_uint32) 1ul) << GSS_C_CALLING_ERROR_OFFSET) -#define GSS_S_CALL_INACCESSIBLE_WRITE \ - (((OM_uint32) 2ul) << GSS_C_CALLING_ERROR_OFFSET) -#define GSS_S_CALL_BAD_STRUCTURE \ - (((OM_uint32) 3ul) << GSS_C_CALLING_ERROR_OFFSET) - -/* - * Routine errors: - */ -#define GSS_S_BAD_MECH (((OM_uint32) 1ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_NAME (((OM_uint32) 2ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_NAMETYPE (((OM_uint32) 3ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_BINDINGS (((OM_uint32) 4ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_STATUS (((OM_uint32) 5ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_SIG (((OM_uint32) 6ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NO_CRED (((OM_uint32) 7ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NO_CONTEXT (((OM_uint32) 8ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DEFECTIVE_TOKEN (((OM_uint32) 9ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DEFECTIVE_CREDENTIAL \ - (((OM_uint32) 10ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_CREDENTIALS_EXPIRED \ - (((OM_uint32) 11ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_CONTEXT_EXPIRED \ - (((OM_uint32) 12ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_FAILURE (((OM_uint32) 13ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_BAD_QOP (((OM_uint32) 14ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_UNAUTHORIZED (((OM_uint32) 15ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_UNAVAILABLE (((OM_uint32) 16ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_DUPLICATE_ELEMENT \ - (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET) -#define GSS_S_NAME_NOT_MN \ - (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET) - -/* - * Supplementary info bits: - */ -#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0)) -#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1)) -#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2)) -#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3)) -#define GSS_S_GAP_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4)) - - -/* - * Finally, function prototypes for the GSSAPI routines. - */ - -#if defined (_WIN32) && defined (_MSC_VER) -# ifdef GSS_DLL_FILE -# define GSS_DLLIMP __declspec(dllexport) -# else -# define GSS_DLLIMP __declspec(dllimport) -# endif -#else -# define GSS_DLLIMP -#endif - -/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. - * - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_USER_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_MACHINE_UID_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, - * corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_STRING_UID_NAME; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, - * corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2)). The constant - * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point - * to that gss_OID_desc. This is a deprecated OID value, and - * implementations wishing to support hostbased-service names - * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, - * defined below, to identify such names; - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API - * implementations - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE_X; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" - * "\x01\x02\x01\x04"}, corresponding to an - * object-identifier value of {iso(1) member-body(2) - * Unites States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized - * to point to that gss_OID_desc. - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_HOSTBASED_SERVICE; - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, - * corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point - * to that gss_OID_desc. - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_ANONYMOUS; - - -/* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value - * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, - * corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant - * GSS_C_NT_EXPORT_NAME should be initialized to point - * to that gss_OID_desc. - */ -GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME; - -/* Function Prototypes */ - -OM_uint32 KRB5_CALLCONV gss_acquire_cred -(OM_uint32 *, /* minor_status */ - gss_name_t, /* desired_name */ - OM_uint32, /* time_req */ - gss_OID_set, /* desired_mechs */ - gss_cred_usage_t, /* cred_usage */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 * /* time_rec */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t * /* cred_handle */ - ); - -OM_uint32 KRB5_CALLCONV gss_init_sec_context -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* claimant_cred_handle */ - gss_ctx_id_t *, /* context_handle */ - gss_name_t, /* target_name */ - gss_OID, /* mech_type (used to be const) */ - OM_uint32, /* req_flags */ - OM_uint32, /* time_req */ - gss_channel_bindings_t, /* input_chan_bindings */ - gss_buffer_t, /* input_token */ - gss_OID *, /* actual_mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32 *, /* ret_flags */ - OM_uint32 * /* time_rec */ - ); - -OM_uint32 KRB5_CALLCONV gss_accept_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_cred_id_t, /* acceptor_cred_handle */ - gss_buffer_t, /* input_token_buffer */ - gss_channel_bindings_t, /* input_chan_bindings */ - gss_name_t *, /* src_name */ - gss_OID *, /* mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32 *, /* ret_flags */ - OM_uint32 *, /* time_rec */ - gss_cred_id_t * /* delegated_cred_handle */ - ); - -OM_uint32 KRB5_CALLCONV gss_process_context_token -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t /* token_buffer */ - ); - -OM_uint32 KRB5_CALLCONV gss_delete_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_buffer_t /* output_token */ - ); - -OM_uint32 KRB5_CALLCONV gss_context_time -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - OM_uint32 * /* time_rec */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_get_mic -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_verify_mic -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* message_token */ - gss_qop_t * /* qop_state */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_wrap -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int *, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_unwrap -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int *, /* conf_state */ - gss_qop_t * /* qop_state */ - ); - -OM_uint32 KRB5_CALLCONV gss_display_status -(OM_uint32 *, /* minor_status */ - OM_uint32, /* status_value */ - int, /* status_type */ - gss_OID, /* mech_type (used to be const) */ - OM_uint32 *, /* message_context */ - gss_buffer_t /* status_string */ - ); - -OM_uint32 KRB5_CALLCONV gss_indicate_mechs -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* mech_set */ - ); - -OM_uint32 KRB5_CALLCONV gss_compare_name -(OM_uint32 *, /* minor_status */ - gss_name_t, /* name1 */ - gss_name_t, /* name2 */ - int * /* name_equal */ - ); - -OM_uint32 KRB5_CALLCONV gss_display_name -(OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ - gss_buffer_t, /* output_name_buffer */ - gss_OID * /* output_name_type */ - ); - -OM_uint32 KRB5_CALLCONV gss_import_name -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* input_name_buffer */ - gss_OID, /* input_name_type(used to be const) */ - gss_name_t * /* output_name */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_name -(OM_uint32 *, /* minor_status */ - gss_name_t * /* input_name */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_buffer -(OM_uint32 *, /* minor_status */ - gss_buffer_t /* buffer */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_oid_set -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* set */ - ); - -OM_uint32 KRB5_CALLCONV gss_inquire_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_name_t *, /* name */ - OM_uint32 *, /* lifetime */ - gss_cred_usage_t *, /* cred_usage */ - gss_OID_set * /* mechanisms */ - ); - -/* Last argument new for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_name_t *, /* src_name */ - gss_name_t *, /* targ_name */ - OM_uint32 *, /* lifetime_rec */ - gss_OID *, /* mech_type */ - OM_uint32 *, /* ctx_flags */ - int *, /* locally_initiated */ - int * /* open */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_wrap_size_limit -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - OM_uint32, /* req_output_size */ - OM_uint32 * /* max_input_size */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_import_name_object -(OM_uint32 *, /* minor_status */ - void *, /* input_name */ - gss_OID, /* input_name_type */ - gss_name_t * /* output_name */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_export_name_object -(OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ - gss_OID, /* desired_name_type */ - void ** /* output_name */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_add_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* input_cred_handle */ - gss_name_t, /* desired_name */ - gss_OID, /* desired_mech */ - gss_cred_usage_t, /* cred_usage */ - OM_uint32, /* initiator_time_req */ - OM_uint32, /* acceptor_time_req */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 *, /* initiator_time_rec */ - OM_uint32 * /* acceptor_time_rec */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_mech -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_OID, /* mech_type */ - gss_name_t *, /* name */ - OM_uint32 *, /* initiator_lifetime */ - OM_uint32 *, /* acceptor_lifetime */ - gss_cred_usage_t * /* cred_usage */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_export_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_buffer_t /* interprocess_token */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_import_sec_context -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* interprocess_token */ - gss_ctx_id_t * /* context_handle */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_release_oid -(OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_create_empty_oid_set -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* oid_set */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_add_oid_set_member -(OM_uint32 *, /* minor_status */ - gss_OID, /* member_oid */ - gss_OID_set * /* oid_set */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_test_oid_set_member -(OM_uint32 *, /* minor_status */ - gss_OID, /* member */ - gss_OID_set, /* set */ - int * /* present */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_str_to_oid -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* oid_str */ - gss_OID * /* oid */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_oid_to_str -(OM_uint32 *, /* minor_status */ - gss_OID, /* oid */ - gss_buffer_t /* oid_str */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_names_for_mech -(OM_uint32 *, /* minor_status */ - gss_OID, /* mechanism */ - gss_OID_set * /* name_types */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name( - OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_OID_set * /* mech_types */ -); - -/* - * The following routines are obsolete variants of gss_get_mic, gss_wrap, - * gss_verify_mic and gss_unwrap. They should be provided by GSSAPI V2 - * implementations for backwards compatibility with V1 applications. Distinct - * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI - * V1 applications to link against GSSAPI V2 implementations. - */ -OM_uint32 KRB5_CALLCONV gss_sign -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); - -OM_uint32 KRB5_CALLCONV gss_verify -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* token_buffer */ - int * /* qop_state */ - ); - -OM_uint32 KRB5_CALLCONV gss_seal -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - int, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int *, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); - -OM_uint32 KRB5_CALLCONV gss_unseal -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int *, /* conf_state */ - int * /* qop_state */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_export_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_buffer_t /* exported_name */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_duplicate_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_name_t * /* dest_name */ - ); - -/* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_canonicalize_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - const gss_OID, /* mech_type */ - gss_name_t * /* output_name */ - ); - -#if TARGET_OS_MAC -# pragma options align=reset -#endif - -#ifdef __cplusplus -} -#endif - -/* XXXX these are not part of the GSSAPI C bindings! (but should be) */ - -#define GSS_CALLING_ERROR_FIELD(x) \ - (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK) -#define GSS_ROUTINE_ERROR_FIELD(x) \ - (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK) -#define GSS_SUPPLEMENTARY_INFO_FIELD(x) \ - (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK) - -/* XXXX This is a necessary evil until the spec is fixed */ -#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE - -#endif /* _GSSAPI_H_ */ diff --git a/libkrb/gssapi/gssapi_generic.h b/libkrb/gssapi/gssapi_generic.h deleted file mode 100644 index 1f479b3..0000000 --- a/libkrb/gssapi/gssapi_generic.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 1993 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _GSSAPI_GENERIC_H_ -#define _GSSAPI_GENERIC_H_ - -/* - * $Id: gssapi_generic.h 15252 2003-03-06 20:26:39Z lxs $ - */ - -#include - -#if defined(__cplusplus) && !defined(GSSAPIGENERIC_BEGIN_DECLS) -#define GSSAPIGENERIC_BEGIN_DECLS extern "C" { -#define GSSAPIGENERIC_END_DECLS } -#else -#define GSSAPIGENERIC_BEGIN_DECLS -#define GSSAPIGENERIC_END_DECLS -#endif - -GSSAPIGENERIC_BEGIN_DECLS - -/* Deprecated MIT krb5 oid names provided for compatibility. - * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744 - * are defined in gssapi.h. */ - -GSS_DLLIMP extern gss_OID gss_nt_user_name; -GSS_DLLIMP extern gss_OID gss_nt_machine_uid_name; -GSS_DLLIMP extern gss_OID gss_nt_string_uid_name; -extern gss_OID gss_nt_service_name_v2; -GSS_DLLIMP extern gss_OID gss_nt_service_name; -extern gss_OID gss_nt_exported_name; - -GSSAPIGENERIC_END_DECLS - -#endif /* _GSSAPI_GENERIC_H_ */ diff --git a/libkrb/gssapi/gssapi_krb5.h b/libkrb/gssapi/gssapi_krb5.h deleted file mode 100644 index 647d14e..0000000 --- a/libkrb/gssapi/gssapi_krb5.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - * Copyright 1993 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _GSSAPI_KRB5_H_ -#define _GSSAPI_KRB5_H_ - -#include -#include - -/* C++ friendlyness */ -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -/* Reserved static storage for GSS_oids. See rfc 1964 for more details. */ - -/* 2.1.1. Kerberos Principal Name Form: */ -GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME; -/* This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) krb5_name(1)}. The recommended symbolic name for this type - * is "GSS_KRB5_NT_PRINCIPAL_NAME". */ - -/* 2.1.2. Host-Based Service Name Form */ -#define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE -/* This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) service_name(4)}. The previously recommended symbolic - * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME". The - * currently preferred symbolic name for this type is - * "GSS_C_NT_HOSTBASED_SERVICE". */ - -/* 2.2.1. User Name Form */ -#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME -/* This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". */ - -/* 2.2.2. Machine UID Form */ -#define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME -/* This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */ - -/* 2.2.3. String UID Form */ -#define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME -/* This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ - -GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5; -GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_old; -GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_wrong; -GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5; -GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5_old; -GSS_DLLIMP extern const gss_OID_set_desc * const gss_mech_set_krb5_both; - -GSS_DLLIMP extern const gss_OID_desc * const gss_nt_krb5_name; -GSS_DLLIMP extern const gss_OID_desc * const gss_nt_krb5_principal; - -GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[]; - -#define gss_krb5_nt_general_name gss_nt_krb5_name -#define gss_krb5_nt_principal gss_nt_krb5_principal -#define gss_krb5_nt_service_name gss_nt_service_name -#define gss_krb5_nt_user_name gss_nt_user_name -#define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name -#define gss_krb5_nt_string_uid_name gss_nt_string_uid_name - - -#if defined(_WIN32) -typedef unsigned __int64 gss_uint64; -#else /*windows*/ -#include -typedef uint64_t gss_uint64; -#endif - - -typedef struct gss_krb5_lucid_key { - OM_uint32 type; /* key encryption type */ - OM_uint32 length; /* length of key data */ - void * data; /* actual key data */ -} gss_krb5_lucid_key_t; - -typedef struct gss_krb5_rfc1964_keydata { - OM_uint32 sign_alg; /* signing algorthm */ - OM_uint32 seal_alg; /* seal/encrypt algorthm */ - gss_krb5_lucid_key_t ctx_key; - /* Context key - (Kerberos session key or subkey) */ -} gss_krb5_rfc1964_keydata_t; - -typedef struct gss_krb5_cfx_keydata { - OM_uint32 have_acceptor_subkey; - /* 1 if there is an acceptor_subkey - present, 0 otherwise */ - gss_krb5_lucid_key_t ctx_key; - /* Context key - (Kerberos session key or subkey) */ - gss_krb5_lucid_key_t acceptor_subkey; - /* acceptor-asserted subkey or - 0's if no acceptor subkey */ -} gss_krb5_cfx_keydata_t; - -typedef struct gss_krb5_lucid_context_v1 { - OM_uint32 version; /* Structure version number (1) - MUST be at beginning of struct! */ - OM_uint32 initiate; /* Are we the initiator? */ - OM_uint32 endtime; /* expiration time of context */ - gss_uint64 send_seq; /* sender sequence number */ - gss_uint64 recv_seq; /* receive sequence number */ - OM_uint32 protocol; /* 0: rfc1964, - 1: draft-ietf-krb-wg-gssapi-cfx-07 */ - /* - * if (protocol == 0) rfc1964_kd should be used - * and cfx_kd contents are invalid and should be zero - * if (protocol == 1) cfx_kd should be used - * and rfc1964_kd contents are invalid and should be zero - */ - gss_krb5_rfc1964_keydata_t rfc1964_kd; - gss_krb5_cfx_keydata_t cfx_kd; -} gss_krb5_lucid_context_v1_t; - -/* - * Mask for determining the returned structure version. - * See example below for usage. - */ -typedef struct gss_krb5_lucid_context_version { - OM_uint32 version; /* Structure version number */ -} gss_krb5_lucid_context_version_t; - - - - -/* Alias for Heimdal compat. */ -#define gsskrb5_register_acceptor_identity krb5_gss_register_acceptor_identity - -OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *); - -OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags - (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_flags *ticket_flags); - -OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache - (OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - krb5_ccache out_ccache); - -OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name - (OM_uint32 *minor_status, const char *name, - const char **out_name); - -/* - * gss_krb5_set_allowable_enctypes - * - * This function may be called by a context initiator after calling - * gss_acquire_cred(), but before calling gss_init_sec_context(), - * to restrict the set of enctypes which will be negotiated during - * context establishment to those in the provided array. - * - * 'cred' must be a valid credential handle obtained via - * gss_acquire_cred(). It may not be GSS_C_NO_CREDENTIAL. - * gss_acquire_cred() may have been called to get a handle to - * the default credential. - * - * The purpose of this function is to limit the keys that may - * be exported via gss_krb5_export_lucid_sec_context(); thus it - * should limit the enctypes of all keys that will be needed - * after the security context has been established. - * (i.e. context establishment may use a session key with a - * stronger enctype than in the provided array, however a - * subkey must be established within the enctype limits - * established by this function.) - * - */ -OM_uint32 KRB5_CALLCONV -gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, - gss_cred_id_t cred, - OM_uint32 num_ktypes, - krb5_enctype *ktypes); - -/* - * Returns a non-opaque (lucid) version of the internal context - * information. - * - * Note that context_handle must not be used again by the caller - * after this call. The GSS implementation is free to release any - * resources associated with the original context. It is up to the - * GSS implementation whether it returns pointers to existing data, - * or copies of the data. The caller should treat the returned - * lucid context as read-only. - * - * The caller must call gss_krb5_free_lucid_context() to free - * the context and allocated resources when it is finished with it. - * - * 'version' is an integer indicating the highest version of lucid - * context understood by the caller. The highest version - * understood by both the caller and the GSS implementation must - * be returned. The caller can determine which version of the - * structure was actually returned by examining the version field - * of the returned structure. gss_krb5_lucid_context_version_t - * may be used as a mask to examine the returned structure version. - * - * If there are no common versions, an error should be returned. - * (XXX Need error definition(s)) - * - * For example: - * void *return_ctx; - * gss_krb5_lucid_context_v1_t *ctx; - * OM_uint32 min_stat, maj_stat; - * OM_uint32 vers; - * gss_ctx_id_t *ctx_handle; - * - * maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, - * ctx_handle, 1, &return_ctx); - * // Verify success - * - * vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version; - * switch (vers) { - * case 1: - * ctx = (gss_krb5_lucid_context_v1_t *) return_ctx; - * break; - * default: - * // Error, unknown version returned - * break; - * } - * - */ - -OM_uint32 KRB5_CALLCONV -gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - OM_uint32 version, - void **kctx); - -/* - * Frees the allocated storage associated with an - * exported struct gss_krb5_lucid_context. - */ -OM_uint32 KRB5_CALLCONV -gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, - void *kctx); - - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* _GSSAPI_KRB5_H_ */ diff --git a/libkrb/krb5.h b/libkrb/krb5.h deleted file mode 100644 index d689651..0000000 --- a/libkrb/krb5.h +++ /dev/null @@ -1,7 +0,0 @@ -/* The MIT Kerberos header file krb5.h used to live here. - - As of the 1.5 release, we're installing multiple Kerberos headers, - so they're all moving to a krb5/ subdirectory. This file is - present just to keep old software still compiling. Please update - your code to use the new path for the header. */ -#include diff --git a/libkrb/krb5/krb5.h b/libkrb/krb5/krb5.h deleted file mode 100644 index 039e0d0..0000000 --- a/libkrb/krb5/krb5.h +++ /dev/null @@ -1,3168 +0,0 @@ -/* - * include/krb5.h - * - * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * General definitions for Kerberos version 5. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef KRB5_GENERAL__ -#define KRB5_GENERAL__ - -/* By default, do not expose deprecated interfaces. */ -#ifndef KRB5_DEPRECATED -#define KRB5_DEPRECATED 0 -#endif -/* Do not expose private interfaces. Build system will override. */ -#ifndef KRB5_PRIVATE -#define KRB5_PRIVATE 0 -#endif - -#if defined(__MACH__) && defined(__APPLE__) -# include -# if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." -# endif -#endif - -#if defined(_MSDOS) || defined(_WIN32) -#include -#endif - -#ifndef KRB5_CONFIG__ -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif /* !KRB5_CALLCONV */ -#endif /* !KRB5_CONFIG__ */ - -#ifndef KRB5_CALLCONV_WRONG -#define KRB5_CALLCONV_WRONG -#endif - -#ifndef THREEPARAMOPEN -#define THREEPARAMOPEN(x,y,z) open(x,y,z) -#endif - -#define KRB5_OLD_CRYPTO - -#include -#include /* for *_MAX */ - -#ifndef KRB5INT_BEGIN_DECLS -#if defined(__cplusplus) -#define KRB5INT_BEGIN_DECLS extern "C" { -#define KRB5INT_END_DECLS } -#else -#define KRB5INT_BEGIN_DECLS -#define KRB5INT_END_DECLS -#endif -#endif - -KRB5INT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -/* from profile.h */ -struct _profile_t; -/* typedef struct _profile_t *profile_t; */ - -/* - * begin wordsize.h - */ - -/* - * Word-size related definition. - */ - -typedef unsigned char krb5_octet; - -#if INT_MAX == 0x7fff -typedef int krb5_int16; -typedef unsigned int krb5_ui_2; -#elif SHRT_MAX == 0x7fff -typedef short krb5_int16; -typedef unsigned short krb5_ui_2; -#else -#error undefined 16 bit type -#endif - -#if INT_MAX == 0x7fffffffL -typedef int krb5_int32; -typedef unsigned int krb5_ui_4; -#elif LONG_MAX == 0x7fffffffL -typedef long krb5_int32; -typedef unsigned long krb5_ui_4; -#elif SHRT_MAX == 0x7fffffffL -typedef short krb5_int32; -typedef unsigned short krb5_ui_4; -#else -#error: undefined 32 bit type -#endif - -#define VALID_INT_BITS INT_MAX -#define VALID_UINT_BITS UINT_MAX - -#define KRB5_INT32_MAX 2147483647 -/* this strange form is necessary since - is a unary operator, not a sign - indicator */ -#define KRB5_INT32_MIN (-KRB5_INT32_MAX-1) - -#define KRB5_INT16_MAX 65535 -/* this strange form is necessary since - is a unary operator, not a sign - indicator */ -#define KRB5_INT16_MIN (-KRB5_INT16_MAX-1) - -/* - * end wordsize.h - */ - -/* - * begin "base-defs.h" - */ - -/* - * Basic definitions for Kerberos V5 library - */ - -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -#define TRUE 1 -#endif - -typedef unsigned int krb5_boolean; -typedef unsigned int krb5_msgtype; -typedef unsigned int krb5_kvno; - -typedef krb5_int32 krb5_addrtype; -typedef krb5_int32 krb5_enctype; -typedef krb5_int32 krb5_cksumtype; -typedef krb5_int32 krb5_authdatatype; -typedef krb5_int32 krb5_keyusage; - -typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ -typedef krb5_int32 krb5_flags; -typedef krb5_int32 krb5_timestamp; -typedef krb5_int32 krb5_error_code; -typedef krb5_int32 krb5_deltat; - -typedef krb5_error_code krb5_magic; - -typedef struct _krb5_data { - krb5_magic magic; - unsigned int length; - char *data; -} krb5_data; - -typedef struct _krb5_octet_data { - krb5_magic magic; - unsigned int length; - krb5_octet *data; -} krb5_octet_data; - -/* - * Hack length for crypto library to use the afs_string_to_key It is - * equivalent to -1 without possible sign extension - * We also overload for an unset salt type length - which is also -1, but - * hey, why not.... -*/ -#define SALT_TYPE_AFS_LENGTH UINT_MAX -#define SALT_TYPE_NO_LENGTH UINT_MAX - -typedef void * krb5_pointer; -typedef void const * krb5_const_pointer; - -typedef struct krb5_principal_data { - krb5_magic magic; - krb5_data realm; - krb5_data *data; /* An array of strings */ - krb5_int32 length; - krb5_int32 type; -} krb5_principal_data; - -typedef krb5_principal_data * krb5_principal; - -/* - * Per V5 spec on definition of principal types - */ - -/* Name type not known */ -#define KRB5_NT_UNKNOWN 0 -/* Just the name of the principal as in DCE, or for users */ -#define KRB5_NT_PRINCIPAL 1 -/* Service and other unique instance (krbtgt) */ -#define KRB5_NT_SRV_INST 2 -/* Service with host name as instance (telnet, rcommands) */ -#define KRB5_NT_SRV_HST 3 -/* Service with host as remaining components */ -#define KRB5_NT_SRV_XHST 4 -/* Unique ID */ -#define KRB5_NT_UID 5 - -/* constant version thereof: */ -typedef const krb5_principal_data *krb5_const_principal; - -#define krb5_princ_realm(context, princ) (&(princ)->realm) -#define krb5_princ_set_realm(context, princ,value) ((princ)->realm = *(value)) -#define krb5_princ_set_realm_length(context, princ,value) (princ)->realm.length = (value) -#define krb5_princ_set_realm_data(context, princ,value) (princ)->realm.data = (value) -#define krb5_princ_size(context, princ) (princ)->length -#define krb5_princ_type(context, princ) (princ)->type -#define krb5_princ_name(context, princ) (princ)->data -#define krb5_princ_component(context, princ,i) \ - (((i) < krb5_princ_size(context, princ)) \ - ? (princ)->data + (i) \ - : NULL) - -/* - * Constants for realm referrals. - */ -#define KRB5_REFERRAL_REALM "" - -/* - * Referral-specific functions. - */ -krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *); - -/* - * end "base-defs.h" - */ - -/* - * begin "hostaddr.h" - */ - -/* structure for address */ -typedef struct _krb5_address { - krb5_magic magic; - krb5_addrtype addrtype; - unsigned int length; - krb5_octet *contents; -} krb5_address; - -/* per Kerberos v5 protocol spec */ -#define ADDRTYPE_INET 0x0002 -#define ADDRTYPE_CHAOS 0x0005 -#define ADDRTYPE_XNS 0x0006 -#define ADDRTYPE_ISO 0x0007 -#define ADDRTYPE_DDP 0x0010 -#define ADDRTYPE_INET6 0x0018 -/* not yet in the spec... */ -#define ADDRTYPE_ADDRPORT 0x0100 -#define ADDRTYPE_IPPORT 0x0101 - -/* macros to determine if a type is a local type */ -#define ADDRTYPE_IS_LOCAL(addrtype) (addrtype & 0x8000) - -/* - * end "hostaddr.h" - */ - - -struct _krb5_context; -typedef struct _krb5_context * krb5_context; - -struct _krb5_auth_context; -typedef struct _krb5_auth_context * krb5_auth_context; - -struct _krb5_cryptosystem_entry; - -/* - * begin "encryption.h" - */ - -typedef struct _krb5_keyblock { - krb5_magic magic; - krb5_enctype enctype; - unsigned int length; - krb5_octet *contents; -} krb5_keyblock; - -#ifdef KRB5_OLD_CRYPTO -typedef struct _krb5_encrypt_block { - krb5_magic magic; - krb5_enctype crypto_entry; /* to call krb5_encrypt_size, you need - this. it was a pointer, but it - doesn't have to be. gross. */ - krb5_keyblock *key; -} krb5_encrypt_block; -#endif - -typedef struct _krb5_checksum { - krb5_magic magic; - krb5_cksumtype checksum_type; /* checksum type */ - unsigned int length; - krb5_octet *contents; -} krb5_checksum; - -typedef struct _krb5_enc_data { - krb5_magic magic; - krb5_enctype enctype; - krb5_kvno kvno; - krb5_data ciphertext; -} krb5_enc_data; - -/* per Kerberos v5 protocol spec */ -#define ENCTYPE_NULL 0x0000 -#define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ -#define ENCTYPE_DES_CBC_MD4 0x0002 /* DES cbc mode with RSA-MD4 */ -#define ENCTYPE_DES_CBC_MD5 0x0003 /* DES cbc mode with RSA-MD5 */ -#define ENCTYPE_DES_CBC_RAW 0x0004 /* DES cbc mode raw */ -/* XXX deprecated? */ -#define ENCTYPE_DES3_CBC_SHA 0x0005 /* DES-3 cbc mode with NIST-SHA */ -#define ENCTYPE_DES3_CBC_RAW 0x0006 /* DES-3 cbc mode raw */ -#define ENCTYPE_DES_HMAC_SHA1 0x0008 -#define ENCTYPE_DES3_CBC_SHA1 0x0010 -#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011 -#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 -#define ENCTYPE_ARCFOUR_HMAC 0x0017 -#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 -#define ENCTYPE_UNKNOWN 0x01ff - -#define CKSUMTYPE_CRC32 0x0001 -#define CKSUMTYPE_RSA_MD4 0x0002 -#define CKSUMTYPE_RSA_MD4_DES 0x0003 -#define CKSUMTYPE_DESCBC 0x0004 -/* des-mac-k */ -/* rsa-md4-des-k */ -#define CKSUMTYPE_RSA_MD5 0x0007 -#define CKSUMTYPE_RSA_MD5_DES 0x0008 -#define CKSUMTYPE_NIST_SHA 0x0009 -#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c -#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f -#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 -#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ - -/* The following are entropy source designations. Whenever - * krb5_C_random_add_entropy is called, one of these source ids is passed - * in. This allows the library to better estimate bits of - * entropy in the sample and to keep track of what sources of entropy have - * contributed enough entropy. Sources marked internal MUST NOT be - * used by applications outside the Kerberos library -*/ - -enum { - KRB5_C_RANDSOURCE_OLDAPI = 0, /*calls to krb5_C_RANDOM_SEED (INTERNAL)*/ - KRB5_C_RANDSOURCE_OSRAND = 1, /* /dev/random or equivalent (internal)*/ - KRB5_C_RANDSOURCE_TRUSTEDPARTY = 2, /* From KDC or other trusted party*/ - /*This source should be used carefully; data in this category - * should be from a third party trusted to give random bits - * For example keys issued by the KDC in the application server. - */ - KRB5_C_RANDSOURCE_TIMING = 3, /* Timing of operations*/ - KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL = 4, /*Protocol data possibly from attacker*/ - KRB5_C_RANDSOURCE_MAX = 5 /*Do not use; maximum source ID*/ -}; - -#ifndef krb5_roundup -/* round x up to nearest multiple of y */ -#define krb5_roundup(x, y) ((((x) + (y) - 1)/(y))*(y)) -#endif /* roundup */ - -/* macro function definitions to help clean up code */ - -#if 1 -#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) -#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) -#else -#define krb5_x(ptr,args) ((*(ptr)) args) -#define krb5_xc(ptr,args) ((*(ptr)) args) -#endif - -krb5_error_code KRB5_CALLCONV - krb5_c_encrypt - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - const krb5_data *input, krb5_enc_data *output); - -krb5_error_code KRB5_CALLCONV - krb5_c_decrypt - (krb5_context context, const krb5_keyblock *key, - krb5_keyusage usage, const krb5_data *cipher_state, - const krb5_enc_data *input, krb5_data *output); - -krb5_error_code KRB5_CALLCONV - krb5_c_encrypt_length - (krb5_context context, krb5_enctype enctype, - size_t inputlen, size_t *length); - -krb5_error_code KRB5_CALLCONV - krb5_c_block_size - (krb5_context context, krb5_enctype enctype, - size_t *blocksize); - -krb5_error_code KRB5_CALLCONV - krb5_c_keylengths - (krb5_context context, krb5_enctype enctype, - size_t *keybytes, size_t *keylength); - -krb5_error_code KRB5_CALLCONV - krb5_c_init_state -(krb5_context context, -const krb5_keyblock *key, krb5_keyusage usage, -krb5_data *new_state); - -krb5_error_code KRB5_CALLCONV - krb5_c_free_state -(krb5_context context, const krb5_keyblock *key, krb5_data *state); - -krb5_error_code KRB5_CALLCONV - krb5_c_prf (krb5_context, const krb5_keyblock *, - krb5_data *in, krb5_data *out); - -krb5_error_code KRB5_CALLCONV - krb5_c_prf_length (krb5_context, krb5_enctype, size_t *outlen); - -krb5_error_code KRB5_CALLCONV - krb5_c_make_random_key - (krb5_context context, krb5_enctype enctype, - krb5_keyblock *k5_random_key); - -krb5_error_code KRB5_CALLCONV - krb5_c_random_to_key - (krb5_context context, krb5_enctype enctype, - krb5_data *random_data, krb5_keyblock *k5_random_key); - -/* Register a new entropy sample with the PRNG. may cause -* the PRNG to be reseeded, although this is not guaranteed. See previous randsource definitions -* for information on how each source should be used. -*/ -krb5_error_code KRB5_CALLCONV - krb5_c_random_add_entropy -(krb5_context context, unsigned int randsource_id, const krb5_data *data); - - -krb5_error_code KRB5_CALLCONV - krb5_c_random_make_octets - (krb5_context context, krb5_data *data); - -/* -* Collect entropy from the OS if possible. strong requests that as strong -* of a source of entropy as available be used. Setting strong may -* increase the probability of blocking and should not be used for normal -* applications. Good uses include seeding the PRNG for kadmind -* and realm setup. -* If successful is non-null, then successful is set to 1 if the OS provided -* entropy else zero. -*/ -krb5_error_code KRB5_CALLCONV -krb5_c_random_os_entropy -(krb5_context context, int strong, int *success); - -/*deprecated*/ krb5_error_code KRB5_CALLCONV - krb5_c_random_seed - (krb5_context context, krb5_data *data); - -krb5_error_code KRB5_CALLCONV - krb5_c_string_to_key - (krb5_context context, krb5_enctype enctype, - const krb5_data *string, const krb5_data *salt, - krb5_keyblock *key); -krb5_error_code KRB5_CALLCONV -krb5_c_string_to_key_with_params(krb5_context context, - krb5_enctype enctype, - const krb5_data *string, - const krb5_data *salt, - const krb5_data *params, - krb5_keyblock *key); - -krb5_error_code KRB5_CALLCONV - krb5_c_enctype_compare - (krb5_context context, krb5_enctype e1, krb5_enctype e2, - krb5_boolean *similar); - -krb5_error_code KRB5_CALLCONV - krb5_c_make_checksum - (krb5_context context, krb5_cksumtype cksumtype, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *input, krb5_checksum *cksum); - -krb5_error_code KRB5_CALLCONV - krb5_c_verify_checksum - (krb5_context context, - const krb5_keyblock *key, krb5_keyusage usage, - const krb5_data *data, - const krb5_checksum *cksum, - krb5_boolean *valid); - -krb5_error_code KRB5_CALLCONV - krb5_c_checksum_length - (krb5_context context, krb5_cksumtype cksumtype, - size_t *length); - -krb5_error_code KRB5_CALLCONV - krb5_c_keyed_checksum_types - (krb5_context context, krb5_enctype enctype, - unsigned int *count, krb5_cksumtype **cksumtypes); - -#define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS 1 -#define KRB5_KEYUSAGE_KDC_REP_TICKET 2 -#define KRB5_KEYUSAGE_AS_REP_ENCPART 3 -#define KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY 4 -#define KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY 5 -#define KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM 6 -#define KRB5_KEYUSAGE_TGS_REQ_AUTH 7 -#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY 8 -#define KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY 9 -#define KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM 10 -#define KRB5_KEYUSAGE_AP_REQ_AUTH 11 -#define KRB5_KEYUSAGE_AP_REP_ENCPART 12 -#define KRB5_KEYUSAGE_KRB_PRIV_ENCPART 13 -#define KRB5_KEYUSAGE_KRB_CRED_ENCPART 14 -#define KRB5_KEYUSAGE_KRB_SAFE_CKSUM 15 -#define KRB5_KEYUSAGE_APP_DATA_ENCRYPT 16 -#define KRB5_KEYUSAGE_APP_DATA_CKSUM 17 -#define KRB5_KEYUSAGE_KRB_ERROR_CKSUM 18 -#define KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM 19 -#define KRB5_KEYUSAGE_AD_MTE 20 -#define KRB5_KEYUSAGE_AD_ITE 21 - -/* XXX need to register these */ - -#define KRB5_KEYUSAGE_GSS_TOK_MIC 22 -#define KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG 23 -#define KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV 24 - -/* Defined in hardware preauth draft */ - -#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM 25 -#define KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID 26 -#define KRB5_KEYUSAGE_PA_SAM_RESPONSE 27 - -/* Defined in KDC referrals draft */ -#define KRB5_KEYUSAGE_PA_REFERRAL 26 /* XXX note conflict with above */ - -krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype - (krb5_enctype ktype); -krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum - (krb5_cksumtype ctype); - -#if KRB5_PRIVATE -/* Use the above four instead. */ -krb5_boolean KRB5_CALLCONV valid_enctype - (krb5_enctype ktype); -krb5_boolean KRB5_CALLCONV valid_cksumtype - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV is_coll_proof_cksum - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV is_keyed_cksum - (krb5_cksumtype ctype); -#endif - -#ifdef KRB5_OLD_CRYPTO -/* - * old cryptosystem routine prototypes. These are now layered - * on top of the functions above. - */ -krb5_error_code KRB5_CALLCONV krb5_encrypt - (krb5_context context, - krb5_const_pointer inptr, - krb5_pointer outptr, - size_t size, - krb5_encrypt_block * eblock, - krb5_pointer ivec); -krb5_error_code KRB5_CALLCONV krb5_decrypt - (krb5_context context, - krb5_const_pointer inptr, - krb5_pointer outptr, - size_t size, - krb5_encrypt_block * eblock, - krb5_pointer ivec); -krb5_error_code KRB5_CALLCONV krb5_process_key - (krb5_context context, - krb5_encrypt_block * eblock, - const krb5_keyblock * key); -krb5_error_code KRB5_CALLCONV krb5_finish_key - (krb5_context context, - krb5_encrypt_block * eblock); -krb5_error_code KRB5_CALLCONV krb5_string_to_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_keyblock * keyblock, - const krb5_data * data, - const krb5_data * salt); -krb5_error_code KRB5_CALLCONV krb5_init_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - const krb5_keyblock * keyblock, - krb5_pointer * ptr); -krb5_error_code KRB5_CALLCONV krb5_finish_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_pointer * ptr); -krb5_error_code KRB5_CALLCONV krb5_random_key - (krb5_context context, - const krb5_encrypt_block * eblock, - krb5_pointer ptr, - krb5_keyblock ** keyblock); -krb5_enctype KRB5_CALLCONV krb5_eblock_enctype - (krb5_context context, - const krb5_encrypt_block * eblock); -krb5_error_code KRB5_CALLCONV krb5_use_enctype - (krb5_context context, - krb5_encrypt_block * eblock, - krb5_enctype enctype); -size_t KRB5_CALLCONV krb5_encrypt_size - (size_t length, - krb5_enctype crypto); -size_t KRB5_CALLCONV krb5_checksum_size - (krb5_context context, - krb5_cksumtype ctype); -krb5_error_code KRB5_CALLCONV krb5_calculate_checksum - (krb5_context context, - krb5_cksumtype ctype, - krb5_const_pointer in, size_t in_length, - krb5_const_pointer seed, size_t seed_length, - krb5_checksum * outcksum); -krb5_error_code KRB5_CALLCONV krb5_verify_checksum - (krb5_context context, - krb5_cksumtype ctype, - const krb5_checksum * cksum, - krb5_const_pointer in, size_t in_length, - krb5_const_pointer seed, size_t seed_length); - -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_random_confounder - (size_t, krb5_pointer); - -krb5_error_code krb5_encrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_data *data, - krb5_enc_data *enc_data); - -krb5_error_code krb5_decrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_enc_data *data, - krb5_data *enc_data); -#endif - -#endif /* KRB5_OLD_CRYPTO */ - -/* - * end "encryption.h" - */ - -/* - * begin "fieldbits.h" - */ - -/* kdc_options for kdc_request */ -/* options is 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -/* #define KDC_OPT_RESERVED 0x80000000 */ -#define KDC_OPT_FORWARDABLE 0x40000000 -#define KDC_OPT_FORWARDED 0x20000000 -#define KDC_OPT_PROXIABLE 0x10000000 -#define KDC_OPT_PROXY 0x08000000 -#define KDC_OPT_ALLOW_POSTDATE 0x04000000 -#define KDC_OPT_POSTDATED 0x02000000 -/* #define KDC_OPT_UNUSED 0x01000000 */ -#define KDC_OPT_RENEWABLE 0x00800000 -/* #define KDC_OPT_UNUSED 0x00400000 */ -/* #define KDC_OPT_RESERVED 0x00200000 */ -/* #define KDC_OPT_RESERVED 0x00100000 */ -/* #define KDC_OPT_RESERVED 0x00080000 */ -/* #define KDC_OPT_RESERVED 0x00040000 */ -#define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 -#define KDC_OPT_CANONICALIZE 0x00010000 -/* #define KDC_OPT_RESERVED 0x00008000 */ -/* #define KDC_OPT_RESERVED 0x00004000 */ -/* #define KDC_OPT_RESERVED 0x00002000 */ -/* #define KDC_OPT_RESERVED 0x00001000 */ -/* #define KDC_OPT_RESERVED 0x00000800 */ -/* #define KDC_OPT_RESERVED 0x00000400 */ -/* #define KDC_OPT_RESERVED 0x00000200 */ -/* #define KDC_OPT_RESERVED 0x00000100 */ -/* #define KDC_OPT_RESERVED 0x00000080 */ -/* #define KDC_OPT_RESERVED 0x00000040 */ -#define KDC_OPT_DISABLE_TRANSITED_CHECK 0x00000020 -#define KDC_OPT_RENEWABLE_OK 0x00000010 -#define KDC_OPT_ENC_TKT_IN_SKEY 0x00000008 -/* #define KDC_OPT_UNUSED 0x00000004 */ -#define KDC_OPT_RENEW 0x00000002 -#define KDC_OPT_VALIDATE 0x00000001 - -/* - * Mask of ticket flags in the TGT which should be converted into KDC - * options when using the TGT to get derivitive tickets. - * - * New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE | - * KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE - */ -#define KDC_TKT_COMMON_MASK 0x54800000 - -/* definitions for ap_options fields */ -/* ap_options are 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -#define AP_OPTS_RESERVED 0x80000000 -#define AP_OPTS_USE_SESSION_KEY 0x40000000 -#define AP_OPTS_MUTUAL_REQUIRED 0x20000000 -/* #define AP_OPTS_RESERVED 0x10000000 */ -/* #define AP_OPTS_RESERVED 0x08000000 */ -/* #define AP_OPTS_RESERVED 0x04000000 */ -/* #define AP_OPTS_RESERVED 0x02000000 */ -/* #define AP_OPTS_RESERVED 0x01000000 */ -/* #define AP_OPTS_RESERVED 0x00800000 */ -/* #define AP_OPTS_RESERVED 0x00400000 */ -/* #define AP_OPTS_RESERVED 0x00200000 */ -/* #define AP_OPTS_RESERVED 0x00100000 */ -/* #define AP_OPTS_RESERVED 0x00080000 */ -/* #define AP_OPTS_RESERVED 0x00040000 */ -/* #define AP_OPTS_RESERVED 0x00020000 */ -/* #define AP_OPTS_RESERVED 0x00010000 */ -/* #define AP_OPTS_RESERVED 0x00008000 */ -/* #define AP_OPTS_RESERVED 0x00004000 */ -/* #define AP_OPTS_RESERVED 0x00002000 */ -/* #define AP_OPTS_RESERVED 0x00001000 */ -/* #define AP_OPTS_RESERVED 0x00000800 */ -/* #define AP_OPTS_RESERVED 0x00000400 */ -/* #define AP_OPTS_RESERVED 0x00000200 */ -/* #define AP_OPTS_RESERVED 0x00000100 */ -/* #define AP_OPTS_RESERVED 0x00000080 */ -/* #define AP_OPTS_RESERVED 0x00000040 */ -/* #define AP_OPTS_RESERVED 0x00000020 */ -/* #define AP_OPTS_RESERVED 0x00000010 */ -/* #define AP_OPTS_RESERVED 0x00000008 */ -/* #define AP_OPTS_RESERVED 0x00000004 */ -/* #define AP_OPTS_RESERVED 0x00000002 */ -#define AP_OPTS_USE_SUBKEY 0x00000001 - -#define AP_OPTS_WIRE_MASK 0xfffffff0 - -/* definitions for ad_type fields. */ -#define AD_TYPE_RESERVED 0x8000 -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff - -/* Ticket flags */ -/* flags are 32 bits; each host is responsible to put the 4 bytes - representing these bits into net order before transmission */ -/* #define TKT_FLG_RESERVED 0x80000000 */ -#define TKT_FLG_FORWARDABLE 0x40000000 -#define TKT_FLG_FORWARDED 0x20000000 -#define TKT_FLG_PROXIABLE 0x10000000 -#define TKT_FLG_PROXY 0x08000000 -#define TKT_FLG_MAY_POSTDATE 0x04000000 -#define TKT_FLG_POSTDATED 0x02000000 -#define TKT_FLG_INVALID 0x01000000 -#define TKT_FLG_RENEWABLE 0x00800000 -#define TKT_FLG_INITIAL 0x00400000 -#define TKT_FLG_PRE_AUTH 0x00200000 -#define TKT_FLG_HW_AUTH 0x00100000 -#define TKT_FLG_TRANSIT_POLICY_CHECKED 0x00080000 -#define TKT_FLG_OK_AS_DELEGATE 0x00040000 -#define TKT_FLG_ANONYMOUS 0x00020000 -/* #define TKT_FLG_RESERVED 0x00010000 */ -/* #define TKT_FLG_RESERVED 0x00008000 */ -/* #define TKT_FLG_RESERVED 0x00004000 */ -/* #define TKT_FLG_RESERVED 0x00002000 */ -/* #define TKT_FLG_RESERVED 0x00001000 */ -/* #define TKT_FLG_RESERVED 0x00000800 */ -/* #define TKT_FLG_RESERVED 0x00000400 */ -/* #define TKT_FLG_RESERVED 0x00000200 */ -/* #define TKT_FLG_RESERVED 0x00000100 */ -/* #define TKT_FLG_RESERVED 0x00000080 */ -/* #define TKT_FLG_RESERVED 0x00000040 */ -/* #define TKT_FLG_RESERVED 0x00000020 */ -/* #define TKT_FLG_RESERVED 0x00000010 */ -/* #define TKT_FLG_RESERVED 0x00000008 */ -/* #define TKT_FLG_RESERVED 0x00000004 */ -/* #define TKT_FLG_RESERVED 0x00000002 */ -/* #define TKT_FLG_RESERVED 0x00000001 */ - -/* definitions for lr_type fields. */ -#define LR_TYPE_THIS_SERVER_ONLY 0x8000 - -#define LR_TYPE_INTERPRETATION_MASK 0x7fff - -/* definitions for ad_type fields. */ -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff -#define AD_TYPE_INTERNAL_MASK 0x3fff - -/* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ -#define MSEC_DIRBIT 0x8000 -#define MSEC_VAL_MASK 0x7fff - -/* - * end "fieldbits.h" - */ - -/* - * begin "proto.h" - */ - -/* Protocol version number */ -#define KRB5_PVNO 5 - -/* Message types */ - -#define KRB5_AS_REQ ((krb5_msgtype)10) /* Req for initial authentication */ -#define KRB5_AS_REP ((krb5_msgtype)11) /* Response to KRB_AS_REQ request */ -#define KRB5_TGS_REQ ((krb5_msgtype)12) /* TGS request to server */ -#define KRB5_TGS_REP ((krb5_msgtype)13) /* Response to KRB_TGS_REQ req */ -#define KRB5_AP_REQ ((krb5_msgtype)14) /* application request to server */ -#define KRB5_AP_REP ((krb5_msgtype)15) /* Response to KRB_AP_REQ_MUTUAL */ -#define KRB5_SAFE ((krb5_msgtype)20) /* Safe application message */ -#define KRB5_PRIV ((krb5_msgtype)21) /* Private application message */ -#define KRB5_CRED ((krb5_msgtype)22) /* Credential forwarding message */ -#define KRB5_ERROR ((krb5_msgtype)30) /* Error response */ - -/* LastReq types */ -#define KRB5_LRQ_NONE 0 -#define KRB5_LRQ_ALL_LAST_TGT 1 -#define KRB5_LRQ_ONE_LAST_TGT (-1) -#define KRB5_LRQ_ALL_LAST_INITIAL 2 -#define KRB5_LRQ_ONE_LAST_INITIAL (-2) -#define KRB5_LRQ_ALL_LAST_TGT_ISSUED 3 -#define KRB5_LRQ_ONE_LAST_TGT_ISSUED (-3) -#define KRB5_LRQ_ALL_LAST_RENEWAL 4 -#define KRB5_LRQ_ONE_LAST_RENEWAL (-4) -#define KRB5_LRQ_ALL_LAST_REQ 5 -#define KRB5_LRQ_ONE_LAST_REQ (-5) -#define KRB5_LRQ_ALL_PW_EXPTIME 6 -#define KRB5_LRQ_ONE_PW_EXPTIME (-6) - -/* PADATA types */ -#define KRB5_PADATA_NONE 0 -#define KRB5_PADATA_AP_REQ 1 -#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ -#define KRB5_PADATA_ENC_TIMESTAMP 2 -#define KRB5_PADATA_PW_SALT 3 -#if 0 /* Not used */ -#define KRB5_PADATA_ENC_ENCKEY 4 /* Key encrypted within itself */ -#endif -#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */ -#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */ -#define KRB5_PADATA_SESAME 7 /* Sesame project */ -#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */ -#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */ -#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */ -#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */ -#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */ -#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */ -#define KRB5_PADATA_PK_AS_REQ_OLD 14 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REP_OLD 15 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REQ 16 /* PKINIT */ -#define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */ -#define KRB5_PADATA_ETYPE_INFO2 19 -#define KRB5_PADATA_USE_SPECIFIED_KVNO 20 -#define KRB5_PADATA_SAM_REDIRECT 21 -#define KRB5_PADATA_GET_FROM_TYPED_DATA 22 -#define KRB5_PADATA_REFERRAL 25 /* draft referral system */ -#define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ -#define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ - -#define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 -#define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 -#define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ - -/* Reserved for SPX pre-authentication. */ -#define KRB5_PADATA_DASS 16 - -/* Transited encoding types */ -#define KRB5_DOMAIN_X500_COMPRESS 1 - -/* alternate authentication types */ -#define KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE 64 - -/* authorization data types */ -#define KRB5_AUTHDATA_IF_RELEVANT 1 -#define KRB5_AUTHDATA_KDC_ISSUED 4 -#define KRB5_AUTHDATA_AND_OR 5 -#define KRB5_AUTHDATA_MANDATORY_FOR_KDC 8 -#define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9 -#define KRB5_AUTHDATA_OSF_DCE 64 -#define KRB5_AUTHDATA_SESAME 65 - -/* password change constants */ - -#define KRB5_KPASSWD_SUCCESS 0 -#define KRB5_KPASSWD_MALFORMED 1 -#define KRB5_KPASSWD_HARDERROR 2 -#define KRB5_KPASSWD_AUTHERROR 3 -#define KRB5_KPASSWD_SOFTERROR 4 -/* These are Microsoft's extensions in RFC 3244, and it looks like - they'll become standardized, possibly with other additions. */ -#define KRB5_KPASSWD_ACCESSDENIED 5 /* unused */ -#define KRB5_KPASSWD_BAD_VERSION 6 -#define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7 /* unused */ - -/* - * end "proto.h" - */ - -/* Time set */ -typedef struct _krb5_ticket_times { - krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime - in ticket? otherwise client can't get this */ - krb5_timestamp starttime; /* optional in ticket, if not present, - use authtime */ - krb5_timestamp endtime; - krb5_timestamp renew_till; -} krb5_ticket_times; - -/* structure for auth data */ -typedef struct _krb5_authdata { - krb5_magic magic; - krb5_authdatatype ad_type; - unsigned int length; - krb5_octet *contents; -} krb5_authdata; - -/* structure for transited encoding */ -typedef struct _krb5_transited { - krb5_magic magic; - krb5_octet tr_type; - krb5_data tr_contents; -} krb5_transited; - -typedef struct _krb5_enc_tkt_part { - krb5_magic magic; - /* to-be-encrypted portion */ - krb5_flags flags; /* flags */ - krb5_keyblock *session; /* session key: includes enctype */ - krb5_principal client; /* client name/realm */ - krb5_transited transited; /* list of transited realms */ - krb5_ticket_times times; /* auth, start, end, renew_till */ - krb5_address **caddrs; /* array of ptrs to addresses */ - krb5_authdata **authorization_data; /* auth data */ -} krb5_enc_tkt_part; - -typedef struct _krb5_ticket { - krb5_magic magic; - /* cleartext portion */ - krb5_principal server; /* server name/realm */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_tkt_part *enc_part2; /* ptr to decrypted version, if - available */ -} krb5_ticket; - -/* the unencrypted version */ -typedef struct _krb5_authenticator { - krb5_magic magic; - krb5_principal client; /* client name/realm */ - krb5_checksum *checksum; /* checksum, includes type, optional */ - krb5_int32 cusec; /* client usec portion */ - krb5_timestamp ctime; /* client sec portion */ - krb5_keyblock *subkey; /* true session key, optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ - krb5_authdata **authorization_data; /* New add by Ari, auth data */ -} krb5_authenticator; - -typedef struct _krb5_tkt_authent { - krb5_magic magic; - krb5_ticket *ticket; - krb5_authenticator *authenticator; - krb5_flags ap_options; -} krb5_tkt_authent; - -/* credentials: Ticket, session key, etc. */ -typedef struct _krb5_creds { - krb5_magic magic; - krb5_principal client; /* client's principal identifier */ - krb5_principal server; /* server's principal identifier */ - krb5_keyblock keyblock; /* session encryption key info */ - krb5_ticket_times times; /* lifetime info */ - krb5_boolean is_skey; /* true if ticket is encrypted in - another ticket's skey */ - krb5_flags ticket_flags; /* flags in ticket */ - krb5_address **addresses; /* addrs in ticket */ - krb5_data ticket; /* ticket string itself */ - krb5_data second_ticket; /* second ticket, if related to - ticket (via DUPLICATE-SKEY or - ENC-TKT-IN-SKEY) */ - krb5_authdata **authdata; /* authorization data */ -} krb5_creds; - -/* Last request fields */ -typedef struct _krb5_last_req_entry { - krb5_magic magic; - krb5_int32 lr_type; - krb5_timestamp value; -} krb5_last_req_entry; - -/* pre-authentication data */ -typedef struct _krb5_pa_data { - krb5_magic magic; - krb5_preauthtype pa_type; - unsigned int length; - krb5_octet *contents; -} krb5_pa_data; - -typedef struct _krb5_kdc_req { - krb5_magic magic; - krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ - krb5_pa_data **padata; /* e.g. encoded AP_REQ */ - /* real body */ - krb5_flags kdc_options; /* requested options */ - krb5_principal client; /* includes realm; optional */ - krb5_principal server; /* includes realm (only used if no - client) */ - krb5_timestamp from; /* requested starttime */ - krb5_timestamp till; /* requested endtime */ - krb5_timestamp rtime; /* (optional) requested renew_till */ - krb5_int32 nonce; /* nonce to match request/response */ - int nktypes; /* # of ktypes, must be positive */ - krb5_enctype *ktype; /* requested enctype(s) */ - krb5_address **addresses; /* requested addresses, optional */ - krb5_enc_data authorization_data; /* encrypted auth data; OPTIONAL */ - krb5_authdata **unenc_authdata; /* unencrypted auth data, - if available */ - krb5_ticket **second_ticket;/* second ticket array; OPTIONAL */ -} krb5_kdc_req; - -typedef struct _krb5_enc_kdc_rep_part { - krb5_magic magic; - /* encrypted part: */ - krb5_msgtype msg_type; /* krb5 message type */ - krb5_keyblock *session; /* session key */ - krb5_last_req_entry **last_req; /* array of ptrs to entries */ - krb5_int32 nonce; /* nonce from request */ - krb5_timestamp key_exp; /* expiration date */ - krb5_flags flags; /* ticket flags */ - krb5_ticket_times times; /* lifetime info */ - krb5_principal server; /* server's principal identifier */ - krb5_address **caddrs; /* array of ptrs to addresses, - optional */ -} krb5_enc_kdc_rep_part; - -typedef struct _krb5_kdc_rep { - krb5_magic magic; - /* cleartext part: */ - krb5_msgtype msg_type; /* AS_REP or KDC_REP? */ - krb5_pa_data **padata; /* preauthentication data from KDC */ - krb5_principal client; /* client's principal identifier */ - krb5_ticket *ticket; /* ticket */ - krb5_enc_data enc_part; /* encryption type, kvno, encrypted - encoding */ - krb5_enc_kdc_rep_part *enc_part2;/* unencrypted version, if available */ -} krb5_kdc_rep; - -/* error message structure */ -typedef struct _krb5_error { - krb5_magic magic; - /* some of these may be meaningless in certain contexts */ - krb5_timestamp ctime; /* client sec portion; optional */ - krb5_int32 cusec; /* client usec portion; optional */ - krb5_int32 susec; /* server usec portion */ - krb5_timestamp stime; /* server sec portion */ - krb5_ui_4 error; /* error code (protocol error #'s) */ - krb5_principal client; /* client's principal identifier; - optional */ - krb5_principal server; /* server's principal identifier */ - krb5_data text; /* descriptive text */ - krb5_data e_data; /* additional error-describing data */ -} krb5_error; - -typedef struct _krb5_ap_req { - krb5_magic magic; - krb5_flags ap_options; /* requested options */ - krb5_ticket *ticket; /* ticket */ - krb5_enc_data authenticator; /* authenticator (already encrypted) */ -} krb5_ap_req; - -typedef struct _krb5_ap_rep { - krb5_magic magic; - krb5_enc_data enc_part; -} krb5_ap_rep; - -typedef struct _krb5_ap_rep_enc_part { - krb5_magic magic; - krb5_timestamp ctime; /* client time, seconds portion */ - krb5_int32 cusec; /* client time, microseconds portion */ - krb5_keyblock *subkey; /* true session key, optional */ - krb5_ui_4 seq_number; /* sequence #, optional */ -} krb5_ap_rep_enc_part; - -typedef struct _krb5_response { - krb5_magic magic; - krb5_octet message_type; - krb5_data response; - krb5_int32 expected_nonce; /* The expected nonce for KDC_REP messages */ - krb5_timestamp request_time; /* When we made the request */ -} krb5_response; - -typedef struct _krb5_cred_info { - krb5_magic magic; - krb5_keyblock *session; /* session key used to encrypt */ - /* ticket */ - krb5_principal client; /* client name/realm, optional */ - krb5_principal server; /* server name/realm, optional */ - krb5_flags flags; /* ticket flags, optional */ - krb5_ticket_times times; /* auth, start, end, renew_till, */ - /* optional */ - krb5_address **caddrs; /* array of ptrs to addresses */ -} krb5_cred_info; - -typedef struct _krb5_cred_enc_part { - krb5_magic magic; - krb5_int32 nonce; /* nonce, optional */ - krb5_timestamp timestamp; /* client time */ - krb5_int32 usec; /* microsecond portion of time */ - krb5_address *s_address; /* sender address, optional */ - krb5_address *r_address; /* recipient address, optional */ - krb5_cred_info **ticket_info; -} krb5_cred_enc_part; - -typedef struct _krb5_cred { - krb5_magic magic; - krb5_ticket **tickets; /* tickets */ - krb5_enc_data enc_part; /* encrypted part */ - krb5_cred_enc_part *enc_part2; /* unencrypted version, if available*/ -} krb5_cred; - -/* Sandia password generation structures */ -typedef struct _passwd_phrase_element { - krb5_magic magic; - krb5_data *passwd; - krb5_data *phrase; -} passwd_phrase_element; - -typedef struct _krb5_pwd_data { - krb5_magic magic; - int sequence_count; - passwd_phrase_element **element; -} krb5_pwd_data; - -/* these need to be here so the typedefs are available for the prototypes */ - -/* - * begin "safepriv.h" - */ - -#define KRB5_AUTH_CONTEXT_DO_TIME 0x00000001 -#define KRB5_AUTH_CONTEXT_RET_TIME 0x00000002 -#define KRB5_AUTH_CONTEXT_DO_SEQUENCE 0x00000004 -#define KRB5_AUTH_CONTEXT_RET_SEQUENCE 0x00000008 -#define KRB5_AUTH_CONTEXT_PERMIT_ALL 0x00000010 -#define KRB5_AUTH_CONTEXT_USE_SUBKEY 0x00000020 - -typedef struct krb5_replay_data { - krb5_timestamp timestamp; - krb5_int32 usec; - krb5_ui_4 seq; -} krb5_replay_data; - -/* flags for krb5_auth_con_genaddrs() */ -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR 0x00000001 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR 0x00000002 -#define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 -#define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 - -/* type of function used as a callback to generate checksum data for - * mk_req */ - -typedef krb5_error_code -(KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, - krb5_data **); - -/* - * end "safepriv.h" - */ - - -/* - * begin "ccache.h" - */ - -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ - -struct _krb5_ccache; -typedef struct _krb5_ccache *krb5_ccache; -struct _krb5_cc_ops; -typedef struct _krb5_cc_ops krb5_cc_ops; - -/* - * Cursor for iterating over all ccaches - */ -struct _krb5_cccol_cursor; -typedef struct _krb5_cccol_cursor *krb5_cccol_cursor; - -/* for retrieve_cred */ -#define KRB5_TC_MATCH_TIMES 0x00000001 -#define KRB5_TC_MATCH_IS_SKEY 0x00000002 -#define KRB5_TC_MATCH_FLAGS 0x00000004 -#define KRB5_TC_MATCH_TIMES_EXACT 0x00000008 -#define KRB5_TC_MATCH_FLAGS_EXACT 0x00000010 -#define KRB5_TC_MATCH_AUTHDATA 0x00000020 -#define KRB5_TC_MATCH_SRV_NAMEONLY 0x00000040 -#define KRB5_TC_MATCH_2ND_TKT 0x00000080 -#define KRB5_TC_MATCH_KTYPE 0x00000100 -#define KRB5_TC_SUPPORTED_KTYPES 0x00000200 - -/* for set_flags and other functions */ -#define KRB5_TC_OPENCLOSE 0x00000001 -#define KRB5_TC_NOTICKET 0x00000002 - -const char * KRB5_CALLCONV -krb5_cc_get_name (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_gen_new (krb5_context context, krb5_ccache *cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_initialize(krb5_context context, krb5_ccache cache, - krb5_principal principal); - -krb5_error_code KRB5_CALLCONV -krb5_cc_destroy (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_close (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cc_store_cred (krb5_context context, krb5_ccache cache, - krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, - krb5_flags flags, krb5_creds *mcreds, - krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_get_principal (krb5_context context, krb5_ccache cache, - krb5_principal *principal); - -krb5_error_code KRB5_CALLCONV -krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor); - -krb5_error_code KRB5_CALLCONV -krb5_cc_next_cred (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor, krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, - krb5_cc_cursor *cursor); - -krb5_error_code KRB5_CALLCONV -krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, - krb5_creds *creds); - -krb5_error_code KRB5_CALLCONV -krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags); - -krb5_error_code KRB5_CALLCONV -krb5_cc_get_flags (krb5_context context, krb5_ccache cache, krb5_flags *flags); - -const char * KRB5_CALLCONV -krb5_cc_get_type (krb5_context context, krb5_ccache cache); - -krb5_error_code KRB5_CALLCONV -krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor); - -krb5_error_code KRB5_CALLCONV -krb5_cccol_cursor_next( - krb5_context context, - krb5_cccol_cursor cursor, - krb5_ccache *ccache); - -krb5_error_code KRB5_CALLCONV -krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor); - -krb5_error_code KRB5_CALLCONV -krb5_cc_new_unique( - krb5_context context, - const char *type, - const char *hint, - krb5_ccache *id); - -/* - * end "ccache.h" - */ - -/* - * begin "rcache.h" - */ - -struct krb5_rc_st; -typedef struct krb5_rc_st *krb5_rcache; - -/* - * end "rcache.h" - */ - -/* - * begin "keytab.h" - */ - - -/* XXX */ -#define MAX_KEYTAB_NAME_LEN 1100 /* Long enough for MAXPATHLEN + some extra */ - -typedef krb5_pointer krb5_kt_cursor; /* XXX */ - -typedef struct krb5_keytab_entry_st { - krb5_magic magic; - krb5_principal principal; /* principal of this key */ - krb5_timestamp timestamp; /* time entry written to keytable */ - krb5_kvno vno; /* key version number */ - krb5_keyblock key; /* the secret key */ -} krb5_keytab_entry; - -#if KRB5_PRIVATE -struct _krb5_kt_ops; -typedef struct _krb5_kt { /* should move into k5-int.h */ - krb5_magic magic; - const struct _krb5_kt_ops *ops; - krb5_pointer data; -} *krb5_keytab; -#else -struct _krb5_kt; -typedef struct _krb5_kt *krb5_keytab; -#endif - -char * KRB5_CALLCONV -krb5_kt_get_type (krb5_context, krb5_keytab keytab); -krb5_error_code KRB5_CALLCONV -krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, - unsigned int namelen); -krb5_error_code KRB5_CALLCONV -krb5_kt_close(krb5_context context, krb5_keytab keytab); -krb5_error_code KRB5_CALLCONV -krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry); -krb5_error_code KRB5_CALLCONV -krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor); -krb5_error_code KRB5_CALLCONV -krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, - krb5_keytab_entry *entry, krb5_kt_cursor *cursor); -krb5_error_code KRB5_CALLCONV -krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, - krb5_kt_cursor *cursor); - -/* - * end "keytab.h" - */ - -/* - * begin "func-proto.h" - */ - -krb5_error_code KRB5_CALLCONV krb5_init_context - (krb5_context *); -krb5_error_code KRB5_CALLCONV krb5_init_secure_context - (krb5_context *); -void KRB5_CALLCONV krb5_free_context - (krb5_context); -krb5_error_code KRB5_CALLCONV krb5_copy_context - (krb5_context, krb5_context *); - -#if KRB5_PRIVATE -krb5_error_code krb5_set_default_in_tkt_ktypes - (krb5_context, - const krb5_enctype *); -krb5_error_code krb5_get_default_in_tkt_ktypes - (krb5_context, - krb5_enctype **); - -krb5_error_code krb5_set_default_tgs_ktypes - (krb5_context, - const krb5_enctype *); -#endif - -krb5_error_code KRB5_CALLCONV -krb5_set_default_tgs_enctypes - (krb5_context, - const krb5_enctype *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes - (krb5_context, - krb5_const_principal, - krb5_enctype **); -#endif - -krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes - (krb5_context, krb5_enctype **); - -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_ktypes - (krb5_context, krb5_enctype *); - -krb5_boolean krb5_is_permitted_enctype - (krb5_context, krb5_enctype); -#endif - -krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void); - -/* libkrb.spec */ -#if KRB5_PRIVATE -krb5_error_code krb5_kdc_rep_decrypt_proc - (krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ); -krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part - (krb5_context, - const krb5_keyblock *, - krb5_ticket * ); -krb5_error_code krb5_get_cred_from_kdc - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_validate - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_renew - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); - -krb5_error_code KRB5_CALLCONV -krb5int_server_decrypt_ticket_keyblock - (krb5_context context, - const krb5_keyblock *key, - krb5_ticket *ticket); -#endif - -krb5_error_code KRB5_CALLCONV -krb5_server_decrypt_ticket_keytab - (krb5_context context, - const krb5_keytab kt, - krb5_ticket *ticket); - -void KRB5_CALLCONV krb5_free_tgt_creds - (krb5_context, - krb5_creds **); /* XXX too hard to do with const */ - -#define KRB5_GC_USER_USER 1 /* want user-user ticket */ -#define KRB5_GC_CACHED 2 /* want cached ticket only */ - -krb5_error_code KRB5_CALLCONV krb5_get_credentials - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_get_credentials_validate - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew - (krb5_context, - krb5_flags, - krb5_ccache, - krb5_creds *, - krb5_creds **); -#if KRB5_PRIVATE -krb5_error_code krb5_get_cred_via_tkt - (krb5_context, - krb5_creds *, - krb5_flags, - krb5_address * const *, - krb5_creds *, - krb5_creds **); -#endif -krb5_error_code KRB5_CALLCONV krb5_mk_req - (krb5_context, - krb5_auth_context *, - krb5_flags, - char *, - char *, - krb5_data *, - krb5_ccache, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_mk_req_extended - (krb5_context, - krb5_auth_context *, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_mk_rep - (krb5_context, - krb5_auth_context, - krb5_data *); -krb5_error_code KRB5_CALLCONV krb5_rd_rep - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_ap_rep_enc_part **); -krb5_error_code KRB5_CALLCONV krb5_mk_error - (krb5_context, - const krb5_error *, - krb5_data * ); -krb5_error_code KRB5_CALLCONV krb5_rd_error - (krb5_context, - const krb5_data *, - krb5_error ** ); -krb5_error_code KRB5_CALLCONV krb5_rd_safe - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_rd_priv - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_parse_name - (krb5_context, - const char *, - krb5_principal * ); -krb5_error_code KRB5_CALLCONV krb5_unparse_name - (krb5_context, - krb5_const_principal, - char ** ); -krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext - (krb5_context, - krb5_const_principal, - char **, - unsigned int *); - -krb5_error_code KRB5_CALLCONV krb5_set_principal_realm - (krb5_context, krb5_principal, const char *); - -krb5_boolean KRB5_CALLCONV_WRONG krb5_address_search - (krb5_context, - const krb5_address *, - krb5_address * const *); -krb5_boolean KRB5_CALLCONV krb5_address_compare - (krb5_context, - const krb5_address *, - const krb5_address *); -int KRB5_CALLCONV krb5_address_order - (krb5_context, - const krb5_address *, - const krb5_address *); -krb5_boolean KRB5_CALLCONV krb5_realm_compare - (krb5_context, - krb5_const_principal, - krb5_const_principal); -krb5_boolean KRB5_CALLCONV krb5_principal_compare - (krb5_context, - krb5_const_principal, - krb5_const_principal); -krb5_error_code KRB5_CALLCONV krb5_init_keyblock - (krb5_context, krb5_enctype enctype, - size_t length, krb5_keyblock **out); - /* Initialize a new keyblock and allocate storage - * for the contents of the key, which will be freed along - * with the keyblock when krb5_free_keyblock is called. - * It is legal to pass in a length of 0, in which - * case contents are left unallocated. - */ -krb5_error_code KRB5_CALLCONV krb5_copy_keyblock - (krb5_context, - const krb5_keyblock *, - krb5_keyblock **); -krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents - (krb5_context, - const krb5_keyblock *, - krb5_keyblock *); -krb5_error_code KRB5_CALLCONV krb5_copy_creds - (krb5_context, - const krb5_creds *, - krb5_creds **); -krb5_error_code KRB5_CALLCONV krb5_copy_data - (krb5_context, - const krb5_data *, - krb5_data **); -krb5_error_code KRB5_CALLCONV krb5_copy_principal - (krb5_context, - krb5_const_principal, - krb5_principal *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_copy_addr - (krb5_context, - const krb5_address *, - krb5_address **); -#endif -krb5_error_code KRB5_CALLCONV krb5_copy_addresses - (krb5_context, - krb5_address * const *, - krb5_address ***); -krb5_error_code KRB5_CALLCONV krb5_copy_ticket - (krb5_context, - const krb5_ticket *, - krb5_ticket **); -krb5_error_code KRB5_CALLCONV krb5_copy_authdata - (krb5_context, - krb5_authdata * const *, - krb5_authdata ***); -krb5_error_code KRB5_CALLCONV krb5_copy_authenticator - (krb5_context, - const krb5_authenticator *, - krb5_authenticator **); -krb5_error_code KRB5_CALLCONV krb5_copy_checksum - (krb5_context, - const krb5_checksum *, - krb5_checksum **); -#if KRB5_PRIVATE -void krb5_init_ets - (krb5_context); -void krb5_free_ets - (krb5_context); -krb5_error_code krb5_generate_subkey - (krb5_context, - const krb5_keyblock *, krb5_keyblock **); -krb5_error_code krb5_generate_seq_number - (krb5_context, - const krb5_keyblock *, krb5_ui_4 *); -#endif -krb5_error_code KRB5_CALLCONV krb5_get_server_rcache - (krb5_context, - const krb5_data *, krb5_rcache *); -krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext - (krb5_context, krb5_principal *, unsigned int, const char *, ...); -krb5_error_code KRB5_CALLCONV_C krb5_build_principal - (krb5_context, krb5_principal *, unsigned int, const char *, ...); -#ifdef va_start -/* XXX depending on varargs include file defining va_start... */ -krb5_error_code KRB5_CALLCONV krb5_build_principal_va - (krb5_context, - krb5_principal, unsigned int, const char *, va_list); -#endif - -krb5_error_code KRB5_CALLCONV krb5_425_conv_principal - (krb5_context, - const char *name, - const char *instance, const char *realm, - krb5_principal *princ); - -krb5_error_code KRB5_CALLCONV krb5_524_conv_principal - (krb5_context context, krb5_const_principal princ, - char *name, char *inst, char *realm); - -struct credentials; -int KRB5_CALLCONV krb5_524_convert_creds - (krb5_context context, krb5_creds *v5creds, - struct credentials *v4creds); -#if KRB5_DEPRECATED -#define krb524_convert_creds_kdc krb5_524_convert_creds -#define krb524_init_ets(x) (0) -#endif - -/* libkt.spec */ -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_kt_register - (krb5_context, - const struct _krb5_kt_ops * ); -#endif - -krb5_error_code KRB5_CALLCONV krb5_kt_resolve - (krb5_context, - const char *, - krb5_keytab * ); -krb5_error_code KRB5_CALLCONV krb5_kt_default_name - (krb5_context, - char *, - int ); -krb5_error_code KRB5_CALLCONV krb5_kt_default - (krb5_context, - krb5_keytab * ); -krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents - (krb5_context, - krb5_keytab_entry * ); -#if KRB5_PRIVATE -/* use krb5_free_keytab_entry_contents instead */ -krb5_error_code KRB5_CALLCONV krb5_kt_free_entry - (krb5_context, - krb5_keytab_entry * ); -#endif -/* remove and add are functions, so that they can return NOWRITE - if not a writable keytab */ -krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); -krb5_error_code KRB5_CALLCONV krb5_kt_add_entry - (krb5_context, - krb5_keytab, - krb5_keytab_entry * ); -krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt - (krb5_context, - krb5_const_principal, krb5_data *); -#if KRB5_PRIVATE -krb5_error_code krb5_principal2salt_norealm - (krb5_context, - krb5_const_principal, krb5_data *); -#endif -/* librc.spec--see rcache.h */ - -/* libcc.spec */ -krb5_error_code KRB5_CALLCONV krb5_cc_resolve - (krb5_context, - const char *, - krb5_ccache * ); -const char * KRB5_CALLCONV krb5_cc_default_name - (krb5_context); -krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name - (krb5_context, const char *); -krb5_error_code KRB5_CALLCONV krb5_cc_default - (krb5_context, - krb5_ccache *); -#if KRB5_PRIVATE -unsigned int KRB5_CALLCONV krb5_get_notification_message - (void); -#endif - -krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds - (krb5_context context, - krb5_ccache incc, - krb5_ccache outcc); - - -/* chk_trans.c */ -#if KRB5_PRIVATE -krb5_error_code krb5_check_transited_list - (krb5_context, const krb5_data *trans, - const krb5_data *realm1, const krb5_data *realm2); -#endif - -/* free_rtree.c */ -#if KRB5_PRIVATE -void krb5_free_realm_tree - (krb5_context, - krb5_principal *); -#endif - -/* krb5_free.c */ -void KRB5_CALLCONV krb5_free_principal - (krb5_context, krb5_principal ); -void KRB5_CALLCONV krb5_free_authenticator - (krb5_context, krb5_authenticator * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_authenticator_contents - (krb5_context, krb5_authenticator * ); -#endif -void KRB5_CALLCONV krb5_free_addresses - (krb5_context, krb5_address ** ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_address - (krb5_context, krb5_address * ); -#endif -void KRB5_CALLCONV krb5_free_authdata - (krb5_context, krb5_authdata ** ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_enc_tkt_part - (krb5_context, krb5_enc_tkt_part * ); -#endif -void KRB5_CALLCONV krb5_free_ticket - (krb5_context, krb5_ticket * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_tickets - (krb5_context, krb5_ticket ** ); -void KRB5_CALLCONV krb5_free_kdc_req - (krb5_context, krb5_kdc_req * ); -void KRB5_CALLCONV krb5_free_kdc_rep - (krb5_context, krb5_kdc_rep * ); -void KRB5_CALLCONV krb5_free_last_req - (krb5_context, krb5_last_req_entry ** ); -void KRB5_CALLCONV krb5_free_enc_kdc_rep_part - (krb5_context, krb5_enc_kdc_rep_part * ); -#endif -void KRB5_CALLCONV krb5_free_error - (krb5_context, krb5_error * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_ap_req - (krb5_context, krb5_ap_req * ); -void KRB5_CALLCONV krb5_free_ap_rep - (krb5_context, krb5_ap_rep * ); -void KRB5_CALLCONV krb5_free_cred - (krb5_context, krb5_cred *); -#endif -void KRB5_CALLCONV krb5_free_creds - (krb5_context, krb5_creds *); -void KRB5_CALLCONV krb5_free_cred_contents - (krb5_context, krb5_creds *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_cred_enc_part - (krb5_context, krb5_cred_enc_part *); -#endif -void KRB5_CALLCONV krb5_free_checksum - (krb5_context, krb5_checksum *); -void KRB5_CALLCONV krb5_free_checksum_contents - (krb5_context, krb5_checksum *); -void KRB5_CALLCONV krb5_free_keyblock - (krb5_context, krb5_keyblock *); -void KRB5_CALLCONV krb5_free_keyblock_contents - (krb5_context, krb5_keyblock *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_pa_data - (krb5_context, krb5_pa_data **); -#endif -void KRB5_CALLCONV krb5_free_ap_rep_enc_part - (krb5_context, krb5_ap_rep_enc_part *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_tkt_authent - (krb5_context, krb5_tkt_authent *); -void KRB5_CALLCONV krb5_free_pwd_data - (krb5_context, krb5_pwd_data *); -void KRB5_CALLCONV krb5_free_pwd_sequences - (krb5_context, passwd_phrase_element **); -#endif -void KRB5_CALLCONV krb5_free_data - (krb5_context, krb5_data *); -void KRB5_CALLCONV krb5_free_data_contents - (krb5_context, krb5_data *); -void KRB5_CALLCONV krb5_free_unparsed_name - (krb5_context, char *); -void KRB5_CALLCONV krb5_free_cksumtypes - (krb5_context, krb5_cksumtype *); - -/* From krb5/os but needed but by the outside world */ -krb5_error_code KRB5_CALLCONV krb5_us_timeofday - (krb5_context, - krb5_timestamp *, - krb5_int32 * ); -krb5_error_code KRB5_CALLCONV krb5_timeofday - (krb5_context, - krb5_timestamp * ); - /* get all the addresses of this host */ -krb5_error_code KRB5_CALLCONV krb5_os_localaddr - (krb5_context, - krb5_address ***); -krb5_error_code KRB5_CALLCONV krb5_get_default_realm - (krb5_context, - char ** ); -krb5_error_code KRB5_CALLCONV krb5_set_default_realm - (krb5_context, - const char * ); -void KRB5_CALLCONV krb5_free_default_realm - (krb5_context, - char * ); -krb5_error_code KRB5_CALLCONV krb5_sname_to_principal - (krb5_context, - const char *, - const char *, - krb5_int32, - krb5_principal *); -krb5_error_code KRB5_CALLCONV -krb5_change_password - (krb5_context context, krb5_creds *creds, char *newpw, - int *result_code, krb5_data *result_code_string, - krb5_data *result_string); -krb5_error_code KRB5_CALLCONV -krb5_set_password - (krb5_context context, krb5_creds *creds, char *newpw, krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string); -krb5_error_code KRB5_CALLCONV -krb5_set_password_using_ccache - (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, - int *result_code, krb5_data *result_code_string, krb5_data *result_string); - -#if KRB5_PRIVATE -krb5_error_code krb5_set_config_files - (krb5_context, const char **); - -krb5_error_code KRB5_CALLCONV krb5_get_default_config_files - (char ***filenames); - -void KRB5_CALLCONV krb5_free_config_files - (char **filenames); -#endif - -krb5_error_code KRB5_CALLCONV -krb5_get_profile - (krb5_context, struct _profile_t * /* profile_t */ *); - -#if KRB5_PRIVATE -krb5_error_code krb5_send_tgs - (krb5_context, - krb5_flags, - const krb5_ticket_times *, - const krb5_enctype *, - krb5_const_principal, - krb5_address * const *, - krb5_authdata * const *, - krb5_pa_data * const *, - const krb5_data *, - krb5_creds *, - krb5_response * ); -#endif - -#if KRB5_DEPRECATED -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_error_code ( * )(krb5_context, - krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **), - krb5_const_pointer, - krb5_error_code ( * )(krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ), - krb5_const_pointer, - krb5_creds *, - krb5_ccache, - krb5_kdc_rep ** ); - -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - const char *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); - -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_skey - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - const krb5_keyblock *, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); - -krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab - (krb5_context, - krb5_flags, - krb5_address * const *, - krb5_enctype *, - krb5_preauthtype *, - krb5_keytab, - krb5_ccache, - krb5_creds *, - krb5_kdc_rep ** ); -#endif /* KRB5_DEPRECATED */ - -#if KRB5_PRIVATE -krb5_error_code krb5_decode_kdc_rep - (krb5_context, - krb5_data *, - const krb5_keyblock *, - krb5_kdc_rep ** ); -#endif - -krb5_error_code KRB5_CALLCONV krb5_rd_req - (krb5_context, - krb5_auth_context *, - const krb5_data *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -#if KRB5_PRIVATE -krb5_error_code krb5_rd_req_decoded - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -krb5_error_code krb5_rd_req_decoded_anyflag - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); -#endif - -krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key - (krb5_context, - krb5_pointer, - krb5_principal, - krb5_kvno, - krb5_enctype, - krb5_keyblock **); -krb5_error_code KRB5_CALLCONV krb5_mk_safe - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -krb5_error_code KRB5_CALLCONV krb5_mk_priv - (krb5_context, - krb5_auth_context, - const krb5_data *, - krb5_data *, - krb5_replay_data *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_cc_register - (krb5_context, - krb5_cc_ops *, - krb5_boolean ); -#endif - -krb5_error_code KRB5_CALLCONV krb5_sendauth - (krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_principal, - krb5_flags, - krb5_data *, - krb5_creds *, - krb5_ccache, - krb5_error **, - krb5_ap_rep_enc_part **, - krb5_creds **); - -krb5_error_code KRB5_CALLCONV krb5_recvauth - (krb5_context, - krb5_auth_context *, - krb5_pointer, - char *, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **); -krb5_error_code KRB5_CALLCONV krb5_recvauth_version - (krb5_context, - krb5_auth_context *, - krb5_pointer, - krb5_principal, - krb5_int32, - krb5_keytab, - krb5_ticket **, - krb5_data *); - -#if KRB5_PRIVATE -krb5_error_code krb5_walk_realm_tree - (krb5_context, - const krb5_data *, - const krb5_data *, - krb5_principal **, - int); -#endif - -krb5_error_code KRB5_CALLCONV krb5_mk_ncred - (krb5_context, - krb5_auth_context, - krb5_creds **, - krb5_data **, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_mk_1cred - (krb5_context, - krb5_auth_context, - krb5_creds *, - krb5_data **, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_rd_cred - (krb5_context, - krb5_auth_context, - krb5_data *, - krb5_creds ***, - krb5_replay_data *); - -krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds - (krb5_context, - krb5_auth_context, - char *, - krb5_principal, - krb5_principal, - krb5_ccache, - int forwardable, - krb5_data *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_init - (krb5_context, - krb5_auth_context *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_free - (krb5_context, - krb5_auth_context); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setflags - (krb5_context, - krb5_auth_context, - krb5_int32); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -krb5_error_code KRB5_CALLCONV -krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context, - krb5_mk_req_checksum_func, void *); - -krb5_error_code KRB5_CALLCONV -krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context, - krb5_mk_req_checksum_func *, void **); - -krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs - (krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getaddrs - (krb5_context, - krb5_auth_context, - krb5_address **, - krb5_address **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setports - (krb5_context, - krb5_auth_context, - krb5_address *, - krb5_address *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setuseruserkey - (krb5_context, - krb5_auth_context, - krb5_keyblock *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getsendsubkey( - krb5_context, krb5_auth_context, krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getrecvsubkey( - krb5_context, krb5_auth_context, krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setsendsubkey( - krb5_context, krb5_auth_context, krb5_keyblock *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setrecvsubkey( - krb5_context, krb5_auth_context, krb5_keyblock *); - -#if KRB5_DEPRECATED -krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalsubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey - (krb5_context, - krb5_auth_context, - krb5_keyblock **); -#endif - -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); - -krb5_error_code krb5_auth_con_set_safe_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); -#endif - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber - (krb5_context, - krb5_auth_context, - krb5_int32 *); - -#if KRB5_DEPRECATED -krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector - (krb5_context, - krb5_auth_context); -#endif - -#if KRB5_PRIVATE -krb5_error_code krb5_auth_con_setivector - (krb5_context, - krb5_auth_context, - krb5_pointer); - -krb5_error_code krb5_auth_con_getivector - (krb5_context, - krb5_auth_context, - krb5_pointer *); -#endif - -krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache - (krb5_context, - krb5_auth_context, - krb5_rcache); - -krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache - (krb5_context, - krb5_auth_context, - krb5_rcache *); - -#if KRB5_PRIVATE -krb5_error_code krb5_auth_con_setpermetypes - (krb5_context, - krb5_auth_context, - const krb5_enctype *); - -krb5_error_code krb5_auth_con_getpermetypes - (krb5_context, - krb5_auth_context, - krb5_enctype **); -#endif - -krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator - (krb5_context, - krb5_auth_context, - krb5_authenticator **); - -#define KRB5_REALM_BRANCH_CHAR '.' - -/* - * end "func-proto.h" - */ - -/* - * begin stuff from libos.h - */ - -#if KRB5_PRIVATE -krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *); -krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *); -int krb5_net_read (krb5_context, int , char *, int); -int krb5_net_write (krb5_context, int , const char *, int); -#endif - -krb5_error_code KRB5_CALLCONV krb5_read_password - (krb5_context, - const char *, - const char *, - char *, - unsigned int * ); -krb5_error_code KRB5_CALLCONV krb5_aname_to_localname - (krb5_context, - krb5_const_principal, - int, - char * ); -krb5_error_code KRB5_CALLCONV krb5_get_host_realm - (krb5_context, - const char *, - char *** ); -krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm - (krb5_context, - krb5_data *, - char *** ); -krb5_error_code KRB5_CALLCONV krb5_free_host_realm - (krb5_context, - char * const * ); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_get_realm_domain - (krb5_context, - const char *, - char ** ); -#endif -krb5_boolean KRB5_CALLCONV krb5_kuserok - (krb5_context, - krb5_principal, const char *); -krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs - (krb5_context, - krb5_auth_context, - int, int); -#if KRB5_PRIVATE -krb5_error_code krb5_gen_portaddr - (krb5_context, - const krb5_address *, - krb5_const_pointer, - krb5_address **); -krb5_error_code krb5_gen_replay_name - (krb5_context, - const krb5_address *, - const char *, - char **); -krb5_error_code krb5_make_fulladdr - (krb5_context, - krb5_address *, - krb5_address *, - krb5_address *); -#endif - -krb5_error_code KRB5_CALLCONV krb5_set_real_time - (krb5_context, krb5_timestamp, krb5_int32); - -#if KRB5_PRIVATE -krb5_error_code krb5_set_debugging_time - (krb5_context, krb5_timestamp, krb5_int32); -krb5_error_code krb5_use_natural_time - (krb5_context); -#endif -krb5_error_code KRB5_CALLCONV krb5_get_time_offsets - (krb5_context, krb5_timestamp *, krb5_int32 *); -#if KRB5_PRIVATE -krb5_error_code krb5_set_time_offsets - (krb5_context, krb5_timestamp, krb5_int32); -#endif - -/* str_conv.c */ -krb5_error_code KRB5_CALLCONV krb5_string_to_enctype - (char *, krb5_enctype *); -krb5_error_code KRB5_CALLCONV krb5_string_to_salttype - (char *, krb5_int32 *); -krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype - (char *, krb5_cksumtype *); -krb5_error_code KRB5_CALLCONV krb5_string_to_timestamp - (char *, krb5_timestamp *); -krb5_error_code KRB5_CALLCONV krb5_string_to_deltat - (char *, krb5_deltat *); -krb5_error_code KRB5_CALLCONV krb5_enctype_to_string - (krb5_enctype, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_salttype_to_string - (krb5_int32, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_cksumtype_to_string - (krb5_cksumtype, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_timestamp_to_string - (krb5_timestamp, char *, size_t); -krb5_error_code KRB5_CALLCONV krb5_timestamp_to_sfstring - (krb5_timestamp, char *, size_t, char *); -krb5_error_code KRB5_CALLCONV krb5_deltat_to_string - (krb5_deltat, char *, size_t); - - - -/* The name of the Kerberos ticket granting service... and its size */ -#define KRB5_TGS_NAME "krbtgt" -#define KRB5_TGS_NAME_SIZE 6 - -/* flags for recvauth */ -#define KRB5_RECVAUTH_SKIP_VERSION 0x0001 -#define KRB5_RECVAUTH_BADAUTHVERS 0x0002 -/* initial ticket api functions */ - -typedef struct _krb5_prompt { - char *prompt; - int hidden; - krb5_data *reply; -} krb5_prompt; - -typedef krb5_error_code (KRB5_CALLCONV *krb5_prompter_fct)(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); - - -krb5_error_code KRB5_CALLCONV -krb5_prompter_posix (krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); - -typedef struct _krb5_get_init_creds_opt { - krb5_flags flags; - krb5_deltat tkt_life; - krb5_deltat renew_life; - int forwardable; - int proxiable; - krb5_enctype *etype_list; - int etype_list_length; - krb5_address **address_list; - krb5_preauthtype *preauth_list; - int preauth_list_length; - krb5_data *salt; -} krb5_get_init_creds_opt; - -#define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001 -#define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002 -#define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004 -#define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008 -#define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010 -#define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020 -#define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 -#define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 -#define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 - -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_alloc -(krb5_context context, - krb5_get_init_creds_opt **opt); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_free -(krb5_context context, - krb5_get_init_creds_opt *opt); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_init -(krb5_get_init_creds_opt *opt); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_tkt_life -(krb5_get_init_creds_opt *opt, - krb5_deltat tkt_life); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_renew_life -(krb5_get_init_creds_opt *opt, - krb5_deltat renew_life); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_forwardable -(krb5_get_init_creds_opt *opt, - int forwardable); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_proxiable -(krb5_get_init_creds_opt *opt, - int proxiable); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_etype_list -(krb5_get_init_creds_opt *opt, - krb5_enctype *etype_list, - int etype_list_length); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_address_list -(krb5_get_init_creds_opt *opt, - krb5_address **addresses); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_preauth_list -(krb5_get_init_creds_opt *opt, - krb5_preauthtype *preauth_list, - int preauth_list_length); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_salt -(krb5_get_init_creds_opt *opt, - krb5_data *salt); - -void KRB5_CALLCONV -krb5_get_init_creds_opt_set_change_password_prompt -(krb5_get_init_creds_opt *opt, - int prompt); - -/* Generic preauth option attribute/value pairs */ -typedef struct _krb5_gic_opt_pa_data { - char *attr; - char *value; -} krb5_gic_opt_pa_data; - -/* - * This function allows the caller to supply options to preauth - * plugins. Preauth plugin modules are given a chance to look - * at each option at the time this function is called in ordre - * to check the validity of the option. - * The 'opt' pointer supplied to this function must have been - * obtained using krb5_get_init_creds_opt_alloc() - */ -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_opt_set_pa - (krb5_context context, - krb5_get_init_creds_opt *opt, - const char *attr, - const char *value); - -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_password -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - char *password, - krb5_prompter_fct prompter, - void *data, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *k5_gic_options); - -krb5_error_code KRB5_CALLCONV -krb5_get_init_creds_keytab -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_keytab arg_keytab, - krb5_deltat start_time, - char *in_tkt_service, - krb5_get_init_creds_opt *k5_gic_options); - -typedef struct _krb5_verify_init_creds_opt { - krb5_flags flags; - int ap_req_nofail; -} krb5_verify_init_creds_opt; - -#define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001 - -void KRB5_CALLCONV -krb5_verify_init_creds_opt_init -(krb5_verify_init_creds_opt *k5_vic_options); -void KRB5_CALLCONV -krb5_verify_init_creds_opt_set_ap_req_nofail -(krb5_verify_init_creds_opt *k5_vic_options, - int ap_req_nofail); - -krb5_error_code KRB5_CALLCONV -krb5_verify_init_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal ap_req_server, - krb5_keytab ap_req_keytab, - krb5_ccache *ccache, - krb5_verify_init_creds_opt *k5_vic_options); - -krb5_error_code KRB5_CALLCONV -krb5_get_validated_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_ccache ccache, - char *in_tkt_service); - -krb5_error_code KRB5_CALLCONV -krb5_get_renewed_creds -(krb5_context context, - krb5_creds *creds, - krb5_principal client, - krb5_ccache ccache, - char *in_tkt_service); - -krb5_error_code KRB5_CALLCONV -krb5_decode_ticket -(const krb5_data *code, - krb5_ticket **rep); - -void KRB5_CALLCONV -krb5_appdefault_string -(krb5_context context, - const char *appname, - const krb5_data *realm, - const char *option, - const char *default_value, - char ** ret_value); - -void KRB5_CALLCONV -krb5_appdefault_boolean -(krb5_context context, - const char *appname, - const krb5_data *realm, - const char *option, - int default_value, - int *ret_value); - -#if KRB5_PRIVATE -/* - * The realm iterator functions - */ - -krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create - (krb5_context context, void **iter_p); - -krb5_error_code KRB5_CALLCONV krb5_realm_iterator - (krb5_context context, void **iter_p, char **ret_realm); - -void KRB5_CALLCONV krb5_realm_iterator_free - (krb5_context context, void **iter_p); - -void KRB5_CALLCONV krb5_free_realm_string - (krb5_context context, char *str); -#endif - -/* - * Prompter enhancements - */ - -#define KRB5_PROMPT_TYPE_PASSWORD 0x1 -#define KRB5_PROMPT_TYPE_NEW_PASSWORD 0x2 -#define KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN 0x3 -#define KRB5_PROMPT_TYPE_PREAUTH 0x4 - -typedef krb5_int32 krb5_prompt_type; - -krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types - (krb5_context context); - -/* Error reporting */ -void KRB5_CALLCONV_C -krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...); -#ifdef va_start -void KRB5_CALLCONV -krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list); -#endif -/* - * The behavior of krb5_get_error_message is only defined the first - * time it is called after a failed call to a krb5 function using the - * same context, and only when the error code passed in is the same as - * that returned by the krb5 function. Future versions may return the - * same string for the second and following calls. - * - * The string returned by this function must be freed using - * krb5_free_error_message. - */ -const char * KRB5_CALLCONV -krb5_get_error_message (krb5_context, krb5_error_code); -void KRB5_CALLCONV -krb5_free_error_message (krb5_context, const char *); -void KRB5_CALLCONV -krb5_clear_error_message (krb5_context); - - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRB5INT_END_DECLS - -/* Don't use this! We're going to phase it out. It's just here to keep - applications from breaking right away. */ -#define krb5_const const - -#endif /* KRB5_GENERAL__ */ - -/* - * include/krb5_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define KRB5KDC_ERR_NONE (-1765328384L) -#define KRB5KDC_ERR_NAME_EXP (-1765328383L) -#define KRB5KDC_ERR_SERVICE_EXP (-1765328382L) -#define KRB5KDC_ERR_BAD_PVNO (-1765328381L) -#define KRB5KDC_ERR_C_OLD_MAST_KVNO (-1765328380L) -#define KRB5KDC_ERR_S_OLD_MAST_KVNO (-1765328379L) -#define KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378L) -#define KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (-1765328377L) -#define KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE (-1765328376L) -#define KRB5KDC_ERR_NULL_KEY (-1765328375L) -#define KRB5KDC_ERR_CANNOT_POSTDATE (-1765328374L) -#define KRB5KDC_ERR_NEVER_VALID (-1765328373L) -#define KRB5KDC_ERR_POLICY (-1765328372L) -#define KRB5KDC_ERR_BADOPTION (-1765328371L) -#define KRB5KDC_ERR_ETYPE_NOSUPP (-1765328370L) -#define KRB5KDC_ERR_SUMTYPE_NOSUPP (-1765328369L) -#define KRB5KDC_ERR_PADATA_TYPE_NOSUPP (-1765328368L) -#define KRB5KDC_ERR_TRTYPE_NOSUPP (-1765328367L) -#define KRB5KDC_ERR_CLIENT_REVOKED (-1765328366L) -#define KRB5KDC_ERR_SERVICE_REVOKED (-1765328365L) -#define KRB5KDC_ERR_TGT_REVOKED (-1765328364L) -#define KRB5KDC_ERR_CLIENT_NOTYET (-1765328363L) -#define KRB5KDC_ERR_SERVICE_NOTYET (-1765328362L) -#define KRB5KDC_ERR_KEY_EXP (-1765328361L) -#define KRB5KDC_ERR_PREAUTH_FAILED (-1765328360L) -#define KRB5KDC_ERR_PREAUTH_REQUIRED (-1765328359L) -#define KRB5KDC_ERR_SERVER_NOMATCH (-1765328358L) -#define KRB5PLACEHOLD_27 (-1765328357L) -#define KRB5PLACEHOLD_28 (-1765328356L) -#define KRB5KDC_ERR_SVC_UNAVAILABLE (-1765328355L) -#define KRB5PLACEHOLD_30 (-1765328354L) -#define KRB5KRB_AP_ERR_BAD_INTEGRITY (-1765328353L) -#define KRB5KRB_AP_ERR_TKT_EXPIRED (-1765328352L) -#define KRB5KRB_AP_ERR_TKT_NYV (-1765328351L) -#define KRB5KRB_AP_ERR_REPEAT (-1765328350L) -#define KRB5KRB_AP_ERR_NOT_US (-1765328349L) -#define KRB5KRB_AP_ERR_BADMATCH (-1765328348L) -#define KRB5KRB_AP_ERR_SKEW (-1765328347L) -#define KRB5KRB_AP_ERR_BADADDR (-1765328346L) -#define KRB5KRB_AP_ERR_BADVERSION (-1765328345L) -#define KRB5KRB_AP_ERR_MSG_TYPE (-1765328344L) -#define KRB5KRB_AP_ERR_MODIFIED (-1765328343L) -#define KRB5KRB_AP_ERR_BADORDER (-1765328342L) -#define KRB5KRB_AP_ERR_ILL_CR_TKT (-1765328341L) -#define KRB5KRB_AP_ERR_BADKEYVER (-1765328340L) -#define KRB5KRB_AP_ERR_NOKEY (-1765328339L) -#define KRB5KRB_AP_ERR_MUT_FAIL (-1765328338L) -#define KRB5KRB_AP_ERR_BADDIRECTION (-1765328337L) -#define KRB5KRB_AP_ERR_METHOD (-1765328336L) -#define KRB5KRB_AP_ERR_BADSEQ (-1765328335L) -#define KRB5KRB_AP_ERR_INAPP_CKSUM (-1765328334L) -#define KRB5KRB_AP_PATH_NOT_ACCEPTED (-1765328333L) -#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) -#define KRB5PLACEHOLD_53 (-1765328331L) -#define KRB5PLACEHOLD_54 (-1765328330L) -#define KRB5PLACEHOLD_55 (-1765328329L) -#define KRB5PLACEHOLD_56 (-1765328328L) -#define KRB5PLACEHOLD_57 (-1765328327L) -#define KRB5PLACEHOLD_58 (-1765328326L) -#define KRB5PLACEHOLD_59 (-1765328325L) -#define KRB5KRB_ERR_GENERIC (-1765328324L) -#define KRB5KRB_ERR_FIELD_TOOLONG (-1765328323L) -#define KRB5KDC_ERR_CLIENT_NOT_TRUSTED (-1765328322L) -#define KRB5KDC_ERR_KDC_NOT_TRUSTED (-1765328321L) -#define KRB5KDC_ERR_INVALID_SIG (-1765328320L) -#define KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED (-1765328319L) -#define KRB5KDC_ERR_CERTIFICATE_MISMATCH (-1765328318L) -#define KRB5PLACEHOLD_67 (-1765328317L) -#define KRB5PLACEHOLD_68 (-1765328316L) -#define KRB5PLACEHOLD_69 (-1765328315L) -#define KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE (-1765328314L) -#define KRB5KDC_ERR_INVALID_CERTIFICATE (-1765328313L) -#define KRB5KDC_ERR_REVOKED_CERTIFICATE (-1765328312L) -#define KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN (-1765328311L) -#define KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE (-1765328310L) -#define KRB5KDC_ERR_CLIENT_NAME_MISMATCH (-1765328309L) -#define KRB5KDC_ERR_KDC_NAME_MISMATCH (-1765328308L) -#define KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE (-1765328307L) -#define KRB5KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED (-1765328306L) -#define KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED (-1765328305L) -#define KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED (-1765328304L) -#define KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED (-1765328303L) -#define KRB5PLACEHOLD_82 (-1765328302L) -#define KRB5PLACEHOLD_83 (-1765328301L) -#define KRB5PLACEHOLD_84 (-1765328300L) -#define KRB5PLACEHOLD_85 (-1765328299L) -#define KRB5PLACEHOLD_86 (-1765328298L) -#define KRB5PLACEHOLD_87 (-1765328297L) -#define KRB5PLACEHOLD_88 (-1765328296L) -#define KRB5PLACEHOLD_89 (-1765328295L) -#define KRB5PLACEHOLD_90 (-1765328294L) -#define KRB5PLACEHOLD_91 (-1765328293L) -#define KRB5PLACEHOLD_92 (-1765328292L) -#define KRB5PLACEHOLD_93 (-1765328291L) -#define KRB5PLACEHOLD_94 (-1765328290L) -#define KRB5PLACEHOLD_95 (-1765328289L) -#define KRB5PLACEHOLD_96 (-1765328288L) -#define KRB5PLACEHOLD_97 (-1765328287L) -#define KRB5PLACEHOLD_98 (-1765328286L) -#define KRB5PLACEHOLD_99 (-1765328285L) -#define KRB5PLACEHOLD_100 (-1765328284L) -#define KRB5PLACEHOLD_101 (-1765328283L) -#define KRB5PLACEHOLD_102 (-1765328282L) -#define KRB5PLACEHOLD_103 (-1765328281L) -#define KRB5PLACEHOLD_104 (-1765328280L) -#define KRB5PLACEHOLD_105 (-1765328279L) -#define KRB5PLACEHOLD_106 (-1765328278L) -#define KRB5PLACEHOLD_107 (-1765328277L) -#define KRB5PLACEHOLD_108 (-1765328276L) -#define KRB5PLACEHOLD_109 (-1765328275L) -#define KRB5PLACEHOLD_110 (-1765328274L) -#define KRB5PLACEHOLD_111 (-1765328273L) -#define KRB5PLACEHOLD_112 (-1765328272L) -#define KRB5PLACEHOLD_113 (-1765328271L) -#define KRB5PLACEHOLD_114 (-1765328270L) -#define KRB5PLACEHOLD_115 (-1765328269L) -#define KRB5PLACEHOLD_116 (-1765328268L) -#define KRB5PLACEHOLD_117 (-1765328267L) -#define KRB5PLACEHOLD_118 (-1765328266L) -#define KRB5PLACEHOLD_119 (-1765328265L) -#define KRB5PLACEHOLD_120 (-1765328264L) -#define KRB5PLACEHOLD_121 (-1765328263L) -#define KRB5PLACEHOLD_122 (-1765328262L) -#define KRB5PLACEHOLD_123 (-1765328261L) -#define KRB5PLACEHOLD_124 (-1765328260L) -#define KRB5PLACEHOLD_125 (-1765328259L) -#define KRB5PLACEHOLD_126 (-1765328258L) -#define KRB5PLACEHOLD_127 (-1765328257L) -#define KRB5_ERR_RCSID (-1765328256L) -#define KRB5_LIBOS_BADLOCKFLAG (-1765328255L) -#define KRB5_LIBOS_CANTREADPWD (-1765328254L) -#define KRB5_LIBOS_BADPWDMATCH (-1765328253L) -#define KRB5_LIBOS_PWDINTR (-1765328252L) -#define KRB5_PARSE_ILLCHAR (-1765328251L) -#define KRB5_PARSE_MALFORMED (-1765328250L) -#define KRB5_CONFIG_CANTOPEN (-1765328249L) -#define KRB5_CONFIG_BADFORMAT (-1765328248L) -#define KRB5_CONFIG_NOTENUFSPACE (-1765328247L) -#define KRB5_BADMSGTYPE (-1765328246L) -#define KRB5_CC_BADNAME (-1765328245L) -#define KRB5_CC_UNKNOWN_TYPE (-1765328244L) -#define KRB5_CC_NOTFOUND (-1765328243L) -#define KRB5_CC_END (-1765328242L) -#define KRB5_NO_TKT_SUPPLIED (-1765328241L) -#define KRB5KRB_AP_WRONG_PRINC (-1765328240L) -#define KRB5KRB_AP_ERR_TKT_INVALID (-1765328239L) -#define KRB5_PRINC_NOMATCH (-1765328238L) -#define KRB5_KDCREP_MODIFIED (-1765328237L) -#define KRB5_KDCREP_SKEW (-1765328236L) -#define KRB5_IN_TKT_REALM_MISMATCH (-1765328235L) -#define KRB5_PROG_ETYPE_NOSUPP (-1765328234L) -#define KRB5_PROG_KEYTYPE_NOSUPP (-1765328233L) -#define KRB5_WRONG_ETYPE (-1765328232L) -#define KRB5_PROG_SUMTYPE_NOSUPP (-1765328231L) -#define KRB5_REALM_UNKNOWN (-1765328230L) -#define KRB5_SERVICE_UNKNOWN (-1765328229L) -#define KRB5_KDC_UNREACH (-1765328228L) -#define KRB5_NO_LOCALNAME (-1765328227L) -#define KRB5_MUTUAL_FAILED (-1765328226L) -#define KRB5_RC_TYPE_EXISTS (-1765328225L) -#define KRB5_RC_MALLOC (-1765328224L) -#define KRB5_RC_TYPE_NOTFOUND (-1765328223L) -#define KRB5_RC_UNKNOWN (-1765328222L) -#define KRB5_RC_REPLAY (-1765328221L) -#define KRB5_RC_IO (-1765328220L) -#define KRB5_RC_NOIO (-1765328219L) -#define KRB5_RC_PARSE (-1765328218L) -#define KRB5_RC_IO_EOF (-1765328217L) -#define KRB5_RC_IO_MALLOC (-1765328216L) -#define KRB5_RC_IO_PERM (-1765328215L) -#define KRB5_RC_IO_IO (-1765328214L) -#define KRB5_RC_IO_UNKNOWN (-1765328213L) -#define KRB5_RC_IO_SPACE (-1765328212L) -#define KRB5_TRANS_CANTOPEN (-1765328211L) -#define KRB5_TRANS_BADFORMAT (-1765328210L) -#define KRB5_LNAME_CANTOPEN (-1765328209L) -#define KRB5_LNAME_NOTRANS (-1765328208L) -#define KRB5_LNAME_BADFORMAT (-1765328207L) -#define KRB5_CRYPTO_INTERNAL (-1765328206L) -#define KRB5_KT_BADNAME (-1765328205L) -#define KRB5_KT_UNKNOWN_TYPE (-1765328204L) -#define KRB5_KT_NOTFOUND (-1765328203L) -#define KRB5_KT_END (-1765328202L) -#define KRB5_KT_NOWRITE (-1765328201L) -#define KRB5_KT_IOERR (-1765328200L) -#define KRB5_NO_TKT_IN_RLM (-1765328199L) -#define KRB5DES_BAD_KEYPAR (-1765328198L) -#define KRB5DES_WEAK_KEY (-1765328197L) -#define KRB5_BAD_ENCTYPE (-1765328196L) -#define KRB5_BAD_KEYSIZE (-1765328195L) -#define KRB5_BAD_MSIZE (-1765328194L) -#define KRB5_CC_TYPE_EXISTS (-1765328193L) -#define KRB5_KT_TYPE_EXISTS (-1765328192L) -#define KRB5_CC_IO (-1765328191L) -#define KRB5_FCC_PERM (-1765328190L) -#define KRB5_FCC_NOFILE (-1765328189L) -#define KRB5_FCC_INTERNAL (-1765328188L) -#define KRB5_CC_WRITE (-1765328187L) -#define KRB5_CC_NOMEM (-1765328186L) -#define KRB5_CC_FORMAT (-1765328185L) -#define KRB5_CC_NOT_KTYPE (-1765328184L) -#define KRB5_INVALID_FLAGS (-1765328183L) -#define KRB5_NO_2ND_TKT (-1765328182L) -#define KRB5_NOCREDS_SUPPLIED (-1765328181L) -#define KRB5_SENDAUTH_BADAUTHVERS (-1765328180L) -#define KRB5_SENDAUTH_BADAPPLVERS (-1765328179L) -#define KRB5_SENDAUTH_BADRESPONSE (-1765328178L) -#define KRB5_SENDAUTH_REJECTED (-1765328177L) -#define KRB5_PREAUTH_BAD_TYPE (-1765328176L) -#define KRB5_PREAUTH_NO_KEY (-1765328175L) -#define KRB5_PREAUTH_FAILED (-1765328174L) -#define KRB5_RCACHE_BADVNO (-1765328173L) -#define KRB5_CCACHE_BADVNO (-1765328172L) -#define KRB5_KEYTAB_BADVNO (-1765328171L) -#define KRB5_PROG_ATYPE_NOSUPP (-1765328170L) -#define KRB5_RC_REQUIRED (-1765328169L) -#define KRB5_ERR_BAD_HOSTNAME (-1765328168L) -#define KRB5_ERR_HOST_REALM_UNKNOWN (-1765328167L) -#define KRB5_SNAME_UNSUPP_NAMETYPE (-1765328166L) -#define KRB5KRB_AP_ERR_V4_REPLY (-1765328165L) -#define KRB5_REALM_CANT_RESOLVE (-1765328164L) -#define KRB5_TKT_NOT_FORWARDABLE (-1765328163L) -#define KRB5_FWD_BAD_PRINCIPAL (-1765328162L) -#define KRB5_GET_IN_TKT_LOOP (-1765328161L) -#define KRB5_CONFIG_NODEFREALM (-1765328160L) -#define KRB5_SAM_UNSUPPORTED (-1765328159L) -#define KRB5_SAM_INVALID_ETYPE (-1765328158L) -#define KRB5_SAM_NO_CHECKSUM (-1765328157L) -#define KRB5_SAM_BAD_CHECKSUM (-1765328156L) -#define KRB5_KT_NAME_TOOLONG (-1765328155L) -#define KRB5_KT_KVNONOTFOUND (-1765328154L) -#define KRB5_APPL_EXPIRED (-1765328153L) -#define KRB5_LIB_EXPIRED (-1765328152L) -#define KRB5_CHPW_PWDNULL (-1765328151L) -#define KRB5_CHPW_FAIL (-1765328150L) -#define KRB5_KT_FORMAT (-1765328149L) -#define KRB5_NOPERM_ETYPE (-1765328148L) -#define KRB5_CONFIG_ETYPE_NOSUPP (-1765328147L) -#define KRB5_OBSOLETE_FN (-1765328146L) -#define KRB5_EAI_FAIL (-1765328145L) -#define KRB5_EAI_NODATA (-1765328144L) -#define KRB5_EAI_NONAME (-1765328143L) -#define KRB5_EAI_SERVICE (-1765328142L) -#define KRB5_ERR_NUMERIC_REALM (-1765328141L) -#define KRB5_ERR_BAD_S2K_PARAMS (-1765328140L) -#define KRB5_ERR_NO_SERVICE (-1765328139L) -#define KRB5_CC_READONLY (-1765328138L) -#define KRB5_CC_NOSUPP (-1765328137L) -#define KRB5_DELTAT_BADFORMAT (-1765328136L) -#define KRB5_PLUGIN_NO_HANDLE (-1765328135L) -#define KRB5_PLUGIN_OP_NOTSUPP (-1765328134L) -#define ERROR_TABLE_BASE_krb5 (-1765328384L) - -extern const struct error_table et_krb5_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_krb5_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_krb5_error_table() -#endif - -#if !defined(_WIN32) -#define init_krb5_err_tbl initialize_krb5_error_table -#define krb5_err_base ERROR_TABLE_BASE_krb5 -#endif -/* - * include/kdb5_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define KRB5_KDB_RCSID (-1780008448L) -#define KRB5_KDB_INUSE (-1780008447L) -#define KRB5_KDB_UK_SERROR (-1780008446L) -#define KRB5_KDB_UK_RERROR (-1780008445L) -#define KRB5_KDB_UNAUTH (-1780008444L) -#define KRB5_KDB_NOENTRY (-1780008443L) -#define KRB5_KDB_ILL_WILDCARD (-1780008442L) -#define KRB5_KDB_DB_INUSE (-1780008441L) -#define KRB5_KDB_DB_CHANGED (-1780008440L) -#define KRB5_KDB_TRUNCATED_RECORD (-1780008439L) -#define KRB5_KDB_RECURSIVELOCK (-1780008438L) -#define KRB5_KDB_NOTLOCKED (-1780008437L) -#define KRB5_KDB_BADLOCKMODE (-1780008436L) -#define KRB5_KDB_DBNOTINITED (-1780008435L) -#define KRB5_KDB_DBINITED (-1780008434L) -#define KRB5_KDB_ILLDIRECTION (-1780008433L) -#define KRB5_KDB_NOMASTERKEY (-1780008432L) -#define KRB5_KDB_BADMASTERKEY (-1780008431L) -#define KRB5_KDB_INVALIDKEYSIZE (-1780008430L) -#define KRB5_KDB_CANTREAD_STORED (-1780008429L) -#define KRB5_KDB_BADSTORED_MKEY (-1780008428L) -#define KRB5_KDB_CANTLOCK_DB (-1780008427L) -#define KRB5_KDB_DB_CORRUPT (-1780008426L) -#define KRB5_KDB_BAD_VERSION (-1780008425L) -#define KRB5_KDB_BAD_SALTTYPE (-1780008424L) -#define KRB5_KDB_BAD_ENCTYPE (-1780008423L) -#define KRB5_KDB_BAD_CREATEFLAGS (-1780008422L) -#define KRB5_KDB_NO_PERMITTED_KEY (-1780008421L) -#define KRB5_KDB_NO_MATCHING_KEY (-1780008420L) -#define KRB5_KDB_DBTYPE_NOTFOUND (-1780008419L) -#define KRB5_KDB_DBTYPE_NOSUP (-1780008418L) -#define KRB5_KDB_DBTYPE_INIT (-1780008417L) -#define KRB5_KDB_SERVER_INTERNAL_ERR (-1780008416L) -#define KRB5_KDB_ACCESS_ERROR (-1780008415L) -#define KRB5_KDB_INTERNAL_ERROR (-1780008414L) -#define KRB5_KDB_CONSTRAINT_VIOLATION (-1780008413L) -#define ERROR_TABLE_BASE_kdb5 (-1780008448L) - -extern const struct error_table et_kdb5_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_kdb5_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_kdb5_error_table() -#endif - -#if !defined(_WIN32) -#define init_kdb5_err_tbl initialize_kdb5_error_table -#define kdb5_err_base ERROR_TABLE_BASE_kdb5 -#endif -/* - * include/kv5m_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define KV5M_NONE (-1760647424L) -#define KV5M_PRINCIPAL (-1760647423L) -#define KV5M_DATA (-1760647422L) -#define KV5M_KEYBLOCK (-1760647421L) -#define KV5M_CHECKSUM (-1760647420L) -#define KV5M_ENCRYPT_BLOCK (-1760647419L) -#define KV5M_ENC_DATA (-1760647418L) -#define KV5M_CRYPTOSYSTEM_ENTRY (-1760647417L) -#define KV5M_CS_TABLE_ENTRY (-1760647416L) -#define KV5M_CHECKSUM_ENTRY (-1760647415L) -#define KV5M_AUTHDATA (-1760647414L) -#define KV5M_TRANSITED (-1760647413L) -#define KV5M_ENC_TKT_PART (-1760647412L) -#define KV5M_TICKET (-1760647411L) -#define KV5M_AUTHENTICATOR (-1760647410L) -#define KV5M_TKT_AUTHENT (-1760647409L) -#define KV5M_CREDS (-1760647408L) -#define KV5M_LAST_REQ_ENTRY (-1760647407L) -#define KV5M_PA_DATA (-1760647406L) -#define KV5M_KDC_REQ (-1760647405L) -#define KV5M_ENC_KDC_REP_PART (-1760647404L) -#define KV5M_KDC_REP (-1760647403L) -#define KV5M_ERROR (-1760647402L) -#define KV5M_AP_REQ (-1760647401L) -#define KV5M_AP_REP (-1760647400L) -#define KV5M_AP_REP_ENC_PART (-1760647399L) -#define KV5M_RESPONSE (-1760647398L) -#define KV5M_SAFE (-1760647397L) -#define KV5M_PRIV (-1760647396L) -#define KV5M_PRIV_ENC_PART (-1760647395L) -#define KV5M_CRED (-1760647394L) -#define KV5M_CRED_INFO (-1760647393L) -#define KV5M_CRED_ENC_PART (-1760647392L) -#define KV5M_PWD_DATA (-1760647391L) -#define KV5M_ADDRESS (-1760647390L) -#define KV5M_KEYTAB_ENTRY (-1760647389L) -#define KV5M_CONTEXT (-1760647388L) -#define KV5M_OS_CONTEXT (-1760647387L) -#define KV5M_ALT_METHOD (-1760647386L) -#define KV5M_ETYPE_INFO_ENTRY (-1760647385L) -#define KV5M_DB_CONTEXT (-1760647384L) -#define KV5M_AUTH_CONTEXT (-1760647383L) -#define KV5M_KEYTAB (-1760647382L) -#define KV5M_RCACHE (-1760647381L) -#define KV5M_CCACHE (-1760647380L) -#define KV5M_PREAUTH_OPS (-1760647379L) -#define KV5M_SAM_CHALLENGE (-1760647378L) -#define KV5M_SAM_CHALLENGE_2 (-1760647377L) -#define KV5M_SAM_KEY (-1760647376L) -#define KV5M_ENC_SAM_RESPONSE_ENC (-1760647375L) -#define KV5M_ENC_SAM_RESPONSE_ENC_2 (-1760647374L) -#define KV5M_SAM_RESPONSE (-1760647373L) -#define KV5M_SAM_RESPONSE_2 (-1760647372L) -#define KV5M_PREDICTED_SAM_RESPONSE (-1760647371L) -#define KV5M_PASSWD_PHRASE_ELEMENT (-1760647370L) -#define KV5M_GSS_OID (-1760647369L) -#define KV5M_GSS_QUEUE (-1760647368L) -#define ERROR_TABLE_BASE_kv5m (-1760647424L) - -extern const struct error_table et_kv5m_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_kv5m_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_kv5m_error_table() -#endif - -#if !defined(_WIN32) -#define init_kv5m_err_tbl initialize_kv5m_error_table -#define kv5m_err_base ERROR_TABLE_BASE_kv5m -#endif -/* - * include/krb524_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define KRB524_BADKEY (-1750206208L) -#define KRB524_BADADDR (-1750206207L) -#define KRB524_BADPRINC (-1750206206L) -#define KRB524_BADREALM (-1750206205L) -#define KRB524_V4ERR (-1750206204L) -#define KRB524_ENCFULL (-1750206203L) -#define KRB524_DECEMPTY (-1750206202L) -#define KRB524_NOTRESP (-1750206201L) -#define KRB524_KRB4_DISABLED (-1750206200L) -#define ERROR_TABLE_BASE_k524 (-1750206208L) - -extern const struct error_table et_k524_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_k524_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_k524_error_table() -#endif - -#if !defined(_WIN32) -#define init_k524_err_tbl initialize_k524_error_table -#define k524_err_base ERROR_TABLE_BASE_k524 -#endif -/* - * include/asn1_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define ASN1_BAD_TIMEFORMAT (1859794432L) -#define ASN1_MISSING_FIELD (1859794433L) -#define ASN1_MISPLACED_FIELD (1859794434L) -#define ASN1_TYPE_MISMATCH (1859794435L) -#define ASN1_OVERFLOW (1859794436L) -#define ASN1_OVERRUN (1859794437L) -#define ASN1_BAD_ID (1859794438L) -#define ASN1_BAD_LENGTH (1859794439L) -#define ASN1_BAD_FORMAT (1859794440L) -#define ASN1_PARSE_ERROR (1859794441L) -#define ASN1_BAD_GMTIME (1859794442L) -#define ASN1_MISMATCH_INDEF (1859794443L) -#define ASN1_MISSING_EOC (1859794444L) -#define ERROR_TABLE_BASE_asn1 (1859794432L) - -extern const struct error_table et_asn1_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_asn1_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_asn1_error_table() -#endif - -#if !defined(_WIN32) -#define init_asn1_err_tbl initialize_asn1_error_table -#define asn1_err_base ERROR_TABLE_BASE_asn1 -#endif diff --git a/libkrb/profile.h b/libkrb/profile.h deleted file mode 100644 index 1118a2b..0000000 --- a/libkrb/profile.h +++ /dev/null @@ -1,178 +0,0 @@ -/* - * profile.h - */ - -#ifndef _KRB5_PROFILE_H -#define _KRB5_PROFILE_H - -#if defined(_WIN32) -#include -#endif - -#if defined(__MACH__) && defined(__APPLE__) -# include -# if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." -# endif -#endif - -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif - -typedef struct _profile_t *profile_t; - -/* - * Used by the profile iterator in prof_get.c - */ -#define PROFILE_ITER_LIST_SECTION 0x0001 -#define PROFILE_ITER_SECTIONS_ONLY 0x0002 -#define PROFILE_ITER_RELATIONS_ONLY 0x0004 - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -typedef char* profile_filespec_t; /* path as C string */ -typedef char* profile_filespec_list_t; /* list of : separated paths, C string */ -typedef const char * const_profile_filespec_t; /* path as C string */ -typedef const char * const_profile_filespec_list_t; /* list of : separated paths, C string */ - -long KRB5_CALLCONV profile_init - (const_profile_filespec_t *files, profile_t *ret_profile); - -long KRB5_CALLCONV profile_init_path - (const_profile_filespec_list_t filelist, profile_t *ret_profile); - -long KRB5_CALLCONV profile_flush - (profile_t profile); -long KRB5_CALLCONV profile_flush_to_file - (profile_t profile, const_profile_filespec_t outfile); -long KRB5_CALLCONV profile_flush_to_buffer - (profile_t profile, char **bufp); -void KRB5_CALLCONV profile_free_buffer - (profile_t profile, char *buf); - -long KRB5_CALLCONV profile_is_writable - (profile_t profile, int *writable); -long KRB5_CALLCONV profile_is_modified - (profile_t profile, int *modified); - -void KRB5_CALLCONV profile_abandon - (profile_t profile); - -void KRB5_CALLCONV profile_release - (profile_t profile); - -long KRB5_CALLCONV profile_get_values - (profile_t profile, const char *const *names, char ***ret_values); - -void KRB5_CALLCONV profile_free_list - (char **list); - -long KRB5_CALLCONV profile_get_string - (profile_t profile, const char *name, const char *subname, - const char *subsubname, const char *def_val, - char **ret_string); -long KRB5_CALLCONV profile_get_integer - (profile_t profile, const char *name, const char *subname, - const char *subsubname, int def_val, - int *ret_default); - -long KRB5_CALLCONV profile_get_boolean - (profile_t profile, const char *name, const char *subname, - const char *subsubname, int def_val, - int *ret_default); - -long KRB5_CALLCONV profile_get_relation_names - (profile_t profile, const char **names, char ***ret_names); - -long KRB5_CALLCONV profile_get_subsection_names - (profile_t profile, const char **names, char ***ret_names); - -long KRB5_CALLCONV profile_iterator_create - (profile_t profile, const char *const *names, - int flags, void **ret_iter); - -void KRB5_CALLCONV profile_iterator_free - (void **iter_p); - -long KRB5_CALLCONV profile_iterator - (void **iter_p, char **ret_name, char **ret_value); - -void KRB5_CALLCONV profile_release_string (char *str); - -long KRB5_CALLCONV profile_update_relation - (profile_t profile, const char **names, - const char *old_value, const char *new_value); - -long KRB5_CALLCONV profile_clear_relation - (profile_t profile, const char **names); - -long KRB5_CALLCONV profile_rename_section - (profile_t profile, const char **names, - const char *new_name); - -long KRB5_CALLCONV profile_add_relation - (profile_t profile, const char **names, - const char *new_value); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* _KRB5_PROFILE_H */ -/* - * util/profile/prof_err.h: - * This file is automatically generated; please do not edit it. - */ - -#include - -#define PROF_VERSION (-1429577728L) -#define PROF_MAGIC_NODE (-1429577727L) -#define PROF_NO_SECTION (-1429577726L) -#define PROF_NO_RELATION (-1429577725L) -#define PROF_ADD_NOT_SECTION (-1429577724L) -#define PROF_SECTION_WITH_VALUE (-1429577723L) -#define PROF_BAD_LINK_LIST (-1429577722L) -#define PROF_BAD_GROUP_LVL (-1429577721L) -#define PROF_BAD_PARENT_PTR (-1429577720L) -#define PROF_MAGIC_ITERATOR (-1429577719L) -#define PROF_SET_SECTION_VALUE (-1429577718L) -#define PROF_EINVAL (-1429577717L) -#define PROF_READ_ONLY (-1429577716L) -#define PROF_SECTION_NOTOP (-1429577715L) -#define PROF_SECTION_SYNTAX (-1429577714L) -#define PROF_RELATION_SYNTAX (-1429577713L) -#define PROF_EXTRA_CBRACE (-1429577712L) -#define PROF_MISSING_OBRACE (-1429577711L) -#define PROF_MAGIC_PROFILE (-1429577710L) -#define PROF_MAGIC_SECTION (-1429577709L) -#define PROF_TOPSECTION_ITER_NOSUPP (-1429577708L) -#define PROF_INVALID_SECTION (-1429577707L) -#define PROF_END_OF_SECTIONS (-1429577706L) -#define PROF_BAD_NAMESET (-1429577705L) -#define PROF_NO_PROFILE (-1429577704L) -#define PROF_MAGIC_FILE (-1429577703L) -#define PROF_FAIL_OPEN (-1429577702L) -#define PROF_EXISTS (-1429577701L) -#define PROF_BAD_BOOLEAN (-1429577700L) -#define PROF_BAD_INTEGER (-1429577699L) -#define PROF_MAGIC_FILE_DATA (-1429577698L) -#define ERROR_TABLE_BASE_prof (-1429577728L) - -extern const struct error_table et_prof_error_table; - -#if !defined(_WIN32) -/* for compatibility with older versions... */ -extern void initialize_prof_error_table (void) /*@modifies internalState@*/; -#else -#define initialize_prof_error_table() -#endif - -#if !defined(_WIN32) -#define init_prof_err_tbl initialize_prof_error_table -#define prof_err_base ERROR_TABLE_BASE_prof -#endif diff --git a/libkrb/win-mac.h b/libkrb/win-mac.h deleted file mode 100644 index ce50c71..0000000 --- a/libkrb/win-mac.h +++ /dev/null @@ -1,274 +0,0 @@ -/* - * This file is now only used on Windows - */ - -/* - * type functions split out of here to make things look nicer in the - * various include files which need these definitions, as well as in - * the util/ directories. - */ - -#ifndef _KRB5_WIN_MAC_H -#define _KRB5_WIN_MAC_H - -#ifdef _WIN32 - -#define ID_READ_PWD_DIALOG 10000 -#define ID_READ_PWD_PROMPT 10001 -#define ID_READ_PWD_PROMPT2 10002 -#define ID_READ_PWD_PWD 10003 - -#ifdef RES_ONLY - -#define APSTUDIO_HIDDEN_SYMBOLS -#include - -#else /* ! RES_ONLY */ - -/* To ensure backward compatibility of the ABI use 32-bit time_t on - * 32-bit Windows. - */ -#ifdef _KRB5_INT_H -#ifdef KRB5_GENERAL__ -#error krb5.h included before k5-int.h -#endif /* KRB5_GENERAL__ */ -#if _INTEGRAL_MAX_BITS >= 64 && _MSC_VER >= 1400 && !defined(_WIN64) && !defined(_USE_32BIT_TIME_T) -#if defined(_TIME_T_DEFINED) || defined(_INC_IO) || defined(_INC_TIME) || defined(_INC_WCHAR) -#error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform. -#endif /* _TIME_T_DEFINED */ -#define _USE_32BIT_TIME_T -#endif -#endif - -#define SIZEOF_INT 4 -#define SIZEOF_SHORT 2 -#define SIZEOF_LONG 4 - -#include -#include - -#ifndef SIZE_MAX /* in case Microsoft defines max size of size_t */ -#ifdef MAX_SIZE /* Microsoft defines MAX_SIZE as max size of size_t */ -#define SIZE_MAX MAX_SIZE -#else -#define SIZE_MAX UINT_MAX -#endif -#endif - -#ifndef KRB5_CALLCONV -# define KRB5_CALLCONV __stdcall -# define KRB5_CALLCONV_C __cdecl - -/* - * Use this to mark an incorrect calling convention that has been - * "immortalized" because it was incorrectly exported in a previous - * release. - */ - -# define KRB5_CALLCONV_WRONG KRB5_CALLCONV_C - -#endif /* !KRB5_CALLCONV */ - -#ifndef KRB5_SYSTYPES__ -#define KRB5_SYSTYPES__ -#include -typedef unsigned long u_long; /* Not part of sys/types.h on the pc */ -typedef unsigned int u_int; -typedef unsigned short u_short; -typedef unsigned char u_char; -typedef unsigned int uint32_t; -typedef int int32_t; -#if _INTEGRAL_MAX_BITS >= 64 -typedef unsigned __int64 uint64_t; -typedef __int64 int64_t; -#endif -#ifndef SSIZE_T_DEFINED -#ifdef ssize_t -#undef ssize_t -#endif -#ifdef _WIN64 -typedef __int64 ssize_t; -//#else -//typedef _W64 int ssize_t; -#endif -#define SSIZE_T_DEFINED -#endif -#endif /* KRB5_SYSTYPES__ */ - -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 512 -#endif - -#ifndef MAXPATHLEN -#define MAXPATHLEN 256 /* Also for Windows temp files */ -#endif - -#ifndef HAVE_NETINET_IN_H -#define HAVE_NETINET_IN_H -#endif - -#ifndef MSDOS_FILESYSTEM -#define MSDOS_FILESYSTEM -#endif - -#ifndef HAVE_STRING_H -#define HAVE_STRING_H -#endif - -#ifndef HAVE_SRAND -#define HAVE_SRAND -#endif - -#ifndef HAVE_ERRNO -#define HAVE_ERRNO -#endif - -#ifndef HAVE_STRDUP -#define HAVE_STRDUP -#endif - -#ifndef HAVE_GETADDRINFO -#define HAVE_GETADDRINFO -#endif - -#ifndef HAVE_GETNAMEINFO -#define HAVE_GETNAMEINFO -#endif - -#ifndef NO_USERID -#define NO_USERID -#endif - -#ifndef NO_PASSWORD -#define NO_PASSWORD -#endif - -#ifndef HAVE_STRERROR -#define HAVE_STRERROR -#endif - -#ifndef SYS_ERRLIST_DECLARED -#define SYS_ERRLIST_DECLARED -#endif - -/* if __STDC_VERSION__ >= 199901L this shouldn't be needed */ -#define inline __inline -#define KRB5_USE_INET6 -#define NEED_INSIXADDR_ANY -#define ENABLE_THREADS - -#define WM_KERBEROS5_CHANGED "Kerberos5 Changed" -#ifdef KRB4 -#define WM_KERBEROS_CHANGED "Kerberos Changed" -#endif - -/* Kerberos Windows initialization file */ -#define KERBEROS_INI "kerberos.ini" -#ifdef CYGNUS -#define KERBEROS_HLP "kerbnet.hlp" -#else -#define KERBEROS_HLP "krb5clnt.hlp" -#endif -#define INI_DEFAULTS "Defaults" -#define INI_USER "User" /* Default user */ -#define INI_INSTANCE "Instance" /* Default instance */ -#define INI_REALM "Realm" /* Default realm */ -#define INI_POSITION "Position" -#define INI_OPTIONS "Options" -#define INI_DURATION "Duration" /* Ticket duration in minutes */ -#define INI_EXPIRATION "Expiration" /* Action on expiration (alert or beep) */ -#define INI_ALERT "Alert" -#define INI_BEEP "Beep" -#define INI_FILES "Files" -#ifdef KRB4 -#define INI_KRB_CONF "krb.conf" /* Location of krb.conf file */ -#define DEF_KRB_CONF "krb.conf" /* Default name for krb.conf file */ -#else -#define INI_KRB5_CONF "krb5.ini" /* From k5-config.h */ -#define INI_KRB_CONF INI_KRB5_CONF /* Location of krb.conf file */ -#define DEF_KRB_CONF INI_KRB5_CONF /* Default name for krb.conf file */ -#define INI_TICKETOPTS "TicketOptions" /* Ticket options */ -#define INI_FORWARDABLE "Forwardable" /* get forwardable tickets */ -#define INI_KRB_CCACHE "krb5cc" /* From k5-config.h */ -#endif -#define INI_KRB_REALMS "krb.realms" /* Location of krb.realms file */ -#define DEF_KRB_REALMS "krb.realms" /* Default name for krb.realms file */ -#define INI_RECENT_LOGINS "Recent Logins" -#define INI_LOGIN "Login" - -#ifndef HAS_VOID_TYPE -#define HAS_VOID_TYPE -#endif - -#ifndef HAVE_STDARG_H -#define HAVE_STDARG_H -#endif - -#ifndef HAVE_SYS_TYPES_H -#define HAVE_SYS_TYPES_H -#endif - -#ifndef HAVE_STDLIB_H -#define HAVE_STDLIB_H -#endif - -/* This controls which encryption routines libcrypto will provide */ -#define PROVIDE_DES_CBC_MD5 -#define PROVIDE_DES_CBC_CRC -#define PROVIDE_DES_CBC_RAW -#define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_CRC32 -#define PROVIDE_RSA_MD4 -#define PROVIDE_RSA_MD5 -/* #define PROVIDE_DES3_CBC_SHA */ -/* #define PROVIDE_DES3_CBC_RAW */ -/* #define PROVIDE_NIST_SHA */ - -/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o - * routines directly. Rather, they only export the _ version. - * The following defines works around this problem. - */ -#include -#include -#include -#include -//#include - -#ifdef NEED_SYSERROR -/* Only needed by util/et/error_message.c but let's keep the source clean */ -#define sys_nerr _sys_nerr -#define sys_errlist _sys_errlist -#endif - -/* - * Functions with slightly different names on the PC - */ -#ifndef strcasecmp -#define strcasecmp stricmp -#endif -#ifndef strncasecmp -#define strncasecmp strnicmp -#endif - -HINSTANCE get_lib_instance(void); - -#define GETSOCKNAME_ARG2_TYPE struct sockaddr -#define GETSOCKNAME_ARG3_TYPE size_t -#define GETPEERNAME_ARG2_TYPE GETSOCKNAME_ARG2_TYPE -#define GETPEERNAME_ARG3_TYPE GETSOCKNAME_ARG3_TYPE - -#endif /* !RES_ONLY */ - -#endif /* _WIN32 */ - -#define THREEPARAMOPEN(x,y,z) open(x,y,z) - -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#endif - -#ifndef KRB5_CALLCONV_C -#define KRB5_CALLCONV_C -#endif - -#endif /* _KRB5_WIN_MAC_H */ diff --git a/log.c b/log.c index 10e3160..2b25b38 100644 --- a/log.c +++ b/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.46 2015/07/08 19:04:21 markus Exp $ */ +/* $OpenBSD: log.c,v 1.48 2016/07/15 05:01:58 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -176,6 +176,16 @@ sigdie(const char *fmt,...) _exit(1); } +void +logdie(const char *fmt,...) +{ + va_list args; + + va_start(args, fmt); + do_log(SYSLOG_LEVEL_INFO, fmt, args); + va_end(args); + cleanup_exit(255); +} /* Log this message (information that usually should go to the log). */ @@ -342,7 +352,7 @@ log_change_level(LogLevel new_log_level) int log_is_on_stderr(void) { - return log_on_stderr; + return log_on_stderr && log_stderr_fd == STDERR_FILENO; } /* redirect what would usually get written to stderr to specified file */ @@ -447,7 +457,7 @@ do_log(LogLevel level, const char *fmt, va_list args) log_handler = NULL; tmp_handler(level, fmtbuf, log_handler_ctx); log_handler = tmp_handler; - } else if (log_on_stderr) { + } else if (log_on_stderr) { snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); #ifdef WIN32_FIXME//N _write(STDERR_FILENO, msgbuf, strlen(msgbuf)); diff --git a/log.h b/log.h index ae7df25..434b7c8 100644 --- a/log.h +++ b/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ +/* $OpenBSD: log.h,v 1.21 2016/07/15 05:01:58 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -63,6 +63,8 @@ void fatal(const char *, ...) __attribute__((noreturn)) void error(const char *, ...) __attribute__((format(printf, 1, 2))); void sigdie(const char *, ...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2))); +void logdie(const char *, ...) __attribute__((noreturn)) + __attribute__((format(printf, 1, 2))); void logit(const char *, ...) __attribute__((format(printf, 1, 2))); void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); void debug(const char *, ...) __attribute__((format(printf, 1, 2))); diff --git a/loginrec.c b/loginrec.c index 7e361bb..b1c27eb 100644 --- a/loginrec.c +++ b/loginrec.c @@ -150,6 +150,9 @@ #include #include #include +#ifdef HAVE_SYS_TIME_H +# include +#endif #include diff --git a/mac.c b/mac.c index f63fbff..6b12cd1 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.32 2015/01/15 18:32:54 naddy Exp $ */ +/* $OpenBSD: mac.c,v 1.33 2016/07/08 03:44:42 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -167,7 +167,8 @@ mac_init(struct sshmac *mac) } int -mac_compute(struct sshmac *mac, u_int32_t seqno, const u_char *data, int datalen, +mac_compute(struct sshmac *mac, u_int32_t seqno, + const u_char *data, int datalen, u_char *digest, size_t dlen) { static union { @@ -211,6 +212,24 @@ mac_compute(struct sshmac *mac, u_int32_t seqno, const u_char *data, int datalen return 0; } +int +mac_check(struct sshmac *mac, u_int32_t seqno, + const u_char *data, size_t dlen, + const u_char *theirmac, size_t mlen) +{ + u_char ourmac[SSH_DIGEST_MAX_LENGTH]; + int r; + + if (mac->mac_len > mlen) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = mac_compute(mac, seqno, data, dlen, + ourmac, sizeof(ourmac))) != 0) + return r; + if (timingsafe_bcmp(ourmac, theirmac, mac->mac_len) != 0) + return SSH_ERR_MAC_INVALID; + return 0; +} + void mac_clear(struct sshmac *mac) { diff --git a/mac.h b/mac.h index e5f6b84..0b119d7 100644 --- a/mac.h +++ b/mac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.h,v 1.9 2015/01/13 19:31:40 markus Exp $ */ +/* $OpenBSD: mac.h,v 1.10 2016/07/08 03:44:42 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -46,6 +46,8 @@ int mac_setup(struct sshmac *, char *); int mac_init(struct sshmac *); int mac_compute(struct sshmac *, u_int32_t, const u_char *, int, u_char *, size_t); +int mac_check(struct sshmac *, u_int32_t, const u_char *, size_t, + const u_char *, size_t); void mac_clear(struct sshmac *); #endif /* SSHMAC_H */ diff --git a/misc.c b/misc.c index 02a4d55..6a08ed4 100644 --- a/misc.c +++ b/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */ +/* $OpenBSD: misc.c,v 1.105 2016/07/15 00:24:30 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -83,9 +84,9 @@ set_nonblock(int fd) { int val; - val = fcntl(fd, F_GETFL, 0); + val = fcntl(fd, F_GETFL); if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); + error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } if (val & O_NONBLOCK) { @@ -107,9 +108,9 @@ unset_nonblock(int fd) { int val; - val = fcntl(fd, F_GETFL, 0); + val = fcntl(fd, F_GETFL); if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); + error("fcntl(%d, F_GETFL): %s", fd, strerror(errno)); return (-1); } if (!(val & O_NONBLOCK)) { @@ -222,8 +223,6 @@ pwcopy(struct passwd *pw) #ifdef HAVE_STRUCT_PASSWD_PW_CLASS copy->pw_class = xstrdup(pw->pw_class); #endif - - copy->pw_dir = xstrdup(pw->pw_dir); copy->pw_shell = xstrdup(pw->pw_shell); return copy; @@ -474,10 +473,71 @@ colon(char *cp) if (*cp == '/') return NULL; } - return NULL; + return NULL; #endif } +/* + * Parse a [user@]host[:port] string. + * Caller must free returned user and host. + * Any of the pointer return arguments may be NULL (useful for syntax checking). + * If user was not specified then *userp will be set to NULL. + * If port was not specified then *portp will be -1. + * Returns 0 on success, -1 on failure. + */ +int +parse_user_host_port(const char *s, char **userp, char **hostp, int *portp) +{ + char *sdup, *cp, *tmp; + char *user = NULL, *host = NULL; + int port = -1, ret = -1; + + if (userp != NULL) + *userp = NULL; + if (hostp != NULL) + *hostp = NULL; + if (portp != NULL) + *portp = -1; + + if ((sdup = tmp = strdup(s)) == NULL) + return -1; + /* Extract optional username */ + if ((cp = strchr(tmp, '@')) != NULL) { + *cp = '\0'; + if (*tmp == '\0') + goto out; + if ((user = strdup(tmp)) == NULL) + goto out; + tmp = cp + 1; + } + /* Extract mandatory hostname */ + if ((cp = hpdelim(&tmp)) == NULL || *cp == '\0') + goto out; + host = xstrdup(cleanhostname(cp)); + /* Convert and verify optional port */ + if (tmp != NULL && *tmp != '\0') { + if ((port = a2port(tmp)) <= 0) + goto out; + } + /* Success */ + if (userp != NULL) { + *userp = user; + user = NULL; + } + if (hostp != NULL) { + *hostp = host; + host = NULL; + } + if (portp != NULL) + *portp = port; + ret = 0; + out: + free(sdup); + free(user); + free(host); + return ret; +} + /* function to assist building execv() arguments */ void addargs(arglist *args, char *fmt, ...) @@ -548,11 +608,7 @@ char * tilde_expand_filename(const char *filename, uid_t uid) { const char *path, *sep; -#ifdef WIN32_FIXME - char user[128], ret[MAXPATHLEN], *ret2; -#else char user[128], *ret; -#endif struct passwd *pw; u_int len, slash; @@ -572,44 +628,20 @@ tilde_expand_filename(const char *filename, uid_t uid) } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ fatal("tilde_expand_filename: No such uid %ld", (long)uid); -#ifdef WIN32_FIXME - - // - // Catch case when, homedir is unknown or doesn't exist - // e.g. for SYSTEM user. Then, redirect path to NUL. - // - - if (wcslen((wchar_t*)pw -> pw_dir) == 0) - { - snprintf(ret, sizeof(ret), "NUL"); - } - - else if (snprintf(ret, sizeof(ret), "%ls", (wchar_t*)pw -> pw_dir) <= 0) -#endif /* Make sure directory has a trailing '/' */ -#ifndef WIN32_FIXME len = strlen(pw->pw_dir); if (len == 0 || pw->pw_dir[len - 1] != '/') sep = "/"; else sep = ""; -#endif /* Skip leading '/' from specified path */ if (path != NULL) filename = path + 1; -#ifndef WIN32_FIXME if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) -#else - if (xasprintf(&ret2, "%s%s", ret, filename) >= PATH_MAX) -#endif fatal("tilde_expand_filename: Path too long"); -#ifdef WIN32_FIXME - return (ret2); -#else return (ret); -#endif } /* @@ -659,6 +691,8 @@ percent_expand(const char *string, ...) /* %% case */ if (*string == '%') goto append; + if (*string == '\0') + fatal("%s: invalid format", __func__); for (j = 0; j < num_keys; j++) { if (strchr(keys[j].key, *string) != NULL) { i = strlcat(buf, keys[j].repl, sizeof(buf)); @@ -708,62 +742,63 @@ tun_open(int tun, int mode) struct ifreq ifr; char name[100]; int fd = -1, sock; + const char *tunbase = "tun"; + + if (mode == SSH_TUNMODE_ETHERNET) + tunbase = "tap"; /* Open the tunnel device */ if (tun <= SSH_TUNID_MAX) { - snprintf(name, sizeof(name), "/dev/tun%d", tun); + snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun); fd = open(name, O_RDWR); } else if (tun == SSH_TUNID_ANY) { for (tun = 100; tun >= 0; tun--) { - snprintf(name, sizeof(name), "/dev/tun%d", tun); + snprintf(name, sizeof(name), "/dev/%s%d", + tunbase, tun); if ((fd = open(name, O_RDWR)) >= 0) break; } } else { debug("%s: invalid tunnel %u", __func__, tun); - return (-1); + return -1; } if (fd < 0) { - debug("%s: %s open failed: %s", __func__, name, strerror(errno)); - return (-1); + debug("%s: %s open: %s", __func__, name, strerror(errno)); + return -1; } debug("%s: %s mode %d fd %d", __func__, name, mode, fd); - /* Set the tunnel device operation mode */ - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); + /* Bring interface up if it is not already */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun); if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) goto failed; - if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) + if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) { + debug("%s: get interface %s flags: %s", __func__, + ifr.ifr_name, strerror(errno)); goto failed; + } - /* Set interface mode */ - ifr.ifr_flags &= ~IFF_UP; - if (mode == SSH_TUNMODE_ETHERNET) - ifr.ifr_flags |= IFF_LINK0; - else - ifr.ifr_flags &= ~IFF_LINK0; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - - /* Bring interface up */ - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; + if (!(ifr.ifr_flags & IFF_UP)) { + ifr.ifr_flags |= IFF_UP; + if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) { + debug("%s: activate interface %s: %s", __func__, + ifr.ifr_name, strerror(errno)); + goto failed; + } + } close(sock); - return (fd); + return fd; failed: if (fd >= 0) close(fd); if (sock >= 0) close(sock); - debug("%s: failed to set %s mode %d: %s", __func__, name, - mode, strerror(errno)); - return (-1); + return -1; #else error("Tunnel interfaces are not supported on this platform"); return (-1); @@ -781,16 +816,16 @@ sanitise_stdfd(void) strerror(errno)); exit(1); } - while (++dupfd <= 2) { - /* Only clobber closed fds */ - if (fcntl(dupfd, F_GETFL, 0) >= 0) - continue; - if (dup2(nullfd, dupfd) == -1) { - fprintf(stderr, "dup2: %s\n", strerror(errno)); - exit(1); + while (++dupfd <= STDERR_FILENO) { + /* Only populate closed fds. */ + if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) { + if (dup2(nullfd, dupfd) == -1) { + fprintf(stderr, "dup2: %s\n", strerror(errno)); + exit(1); + } } } - if (nullfd > 2) + if (nullfd > STDERR_FILENO) close(nullfd); #endif } @@ -962,6 +997,31 @@ monotime(void) return time(NULL); } +double +monotime_double(void) +{ +#if defined(HAVE_CLOCK_GETTIME) && \ + (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) + struct timespec ts; + static int gettime_failed = 0; + + if (!gettime_failed) { +#if defined(CLOCK_BOOTTIME) + if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) + return (ts.tv_sec + (double)ts.tv_nsec / 1000000000); +#endif +#if defined(CLOCK_MONOTONIC) + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + return (ts.tv_sec + (double)ts.tv_nsec / 1000000000); +#endif + debug3("clock_gettime: %s", strerror(errno)); + gettime_failed = 1; + } +#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ + + return (double)time(NULL); +} + void bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) { @@ -1166,7 +1226,7 @@ unix_listener(const char *path, int backlog, int unlink_first) void sock_set_v6only(int s) { -#ifdef IPV6_V6ONLY +#if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) int on = 1; debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); @@ -1174,3 +1234,41 @@ sock_set_v6only(int s) error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); #endif } + +/* + * Compares two strings that maybe be NULL. Returns non-zero if strings + * are both NULL or are identical, returns zero otherwise. + */ +static int +strcmp_maybe_null(const char *a, const char *b) +{ + if ((a == NULL && b != NULL) || (a != NULL && b == NULL)) + return 0; + if (a != NULL && strcmp(a, b) != 0) + return 0; + return 1; +} + +/* + * Compare two forwards, returning non-zero if they are identical or + * zero otherwise. + */ +int +forward_equals(const struct Forward *a, const struct Forward *b) +{ + if (strcmp_maybe_null(a->listen_host, b->listen_host) == 0) + return 0; + if (a->listen_port != b->listen_port) + return 0; + if (strcmp_maybe_null(a->listen_path, b->listen_path) == 0) + return 0; + if (strcmp_maybe_null(a->connect_host, b->connect_host) == 0) + return 0; + if (a->connect_port != b->connect_port) + return 0; + if (strcmp_maybe_null(a->connect_path, b->connect_path) == 0) + return 0; + /* allocated_port and handle are not checked */ + return 1; +} + diff --git a/misc.c.orig b/misc.c.orig deleted file mode 100644 index af1e625..0000000 --- a/misc.c.orig +++ /dev/null @@ -1,1225 +0,0 @@ -/* $OpenBSD: misc.c,v 1.97 2015/04/24 01:36:00 deraadt Exp $ */ -/* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2005,2006 Damien Miller. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "includes.h" - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#ifdef HAVE_PATHS_H -# include -#include -#endif -#ifdef SSH_TUN_OPENBSD -#include -#endif - -#include "xmalloc.h" -#include "misc.h" -#include "log.h" -#include "ssh.h" - -/* remove newline at end of string */ -char * -chop(char *s) -{ - char *t = s; - while (*t) { - if (*t == '\n' || *t == '\r') { - *t = '\0'; - return s; - } - t++; - } - return s; - -} - -/* set/unset filedescriptor to non-blocking */ -int -set_nonblock(int fd) -{ -#ifdef WIN32_FIXME - - int on = 1; - - ioctlsocket(fd, FIONBIO, &on); - - return 0; - -#else - int val; - - val = fcntl(fd, F_GETFL, 0); - if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return (-1); - } - if (val & O_NONBLOCK) { - debug3("fd %d is O_NONBLOCK", fd); - return (0); - } - debug2("fd %d setting O_NONBLOCK", fd); - val |= O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) { - debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, - strerror(errno)); - return (-1); - } - return (0); -#endif /* else WIN32_FIXME */ -} - -int -unset_nonblock(int fd) -{ -#ifdef WIN32_FIXME - - int on = 0; - - ioctlsocket(fd, FIONBIO, &on); - - return 0; - -#else - int val; - - val = fcntl(fd, F_GETFL, 0); - if (val < 0) { - error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); - return (-1); - } - if (!(val & O_NONBLOCK)) { - debug3("fd %d is not O_NONBLOCK", fd); - return (0); - } - debug("fd %d clearing O_NONBLOCK", fd); - val &= ~O_NONBLOCK; - if (fcntl(fd, F_SETFL, val) == -1) { - debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", - fd, strerror(errno)); - return (-1); - } - return (0); -#endif -} - -const char * -ssh_gai_strerror(int gaierr) -{ - if (gaierr == EAI_SYSTEM && errno != 0) - return strerror(errno); - return gai_strerror(gaierr); -} - -/* disable nagle on socket */ -void -set_nodelay(int fd) -{ - int opt; - socklen_t optlen; - - optlen = sizeof opt; - if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { - debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); - return; - } - if (opt == 1) { - debug2("fd %d is TCP_NODELAY", fd); - return; - } - opt = 1; - debug2("fd %d setting TCP_NODELAY", fd); - if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) - error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); -} - -/* Characters considered whitespace in strsep calls. */ -#define WHITESPACE " \t\r\n" -#define QUOTE "\"" - -/* return next token in configuration line */ -char * -strdelim(char **s) -{ - char *old; - int wspace = 0; - - if (*s == NULL) - return NULL; - - old = *s; - - *s = strpbrk(*s, WHITESPACE QUOTE "="); - if (*s == NULL) - return (old); - - if (*s[0] == '\"') { - memmove(*s, *s + 1, strlen(*s)); /* move nul too */ - /* Find matching quote */ - if ((*s = strpbrk(*s, QUOTE)) == NULL) { - return (NULL); /* no matching quote */ - } else { - *s[0] = '\0'; - *s += strspn(*s + 1, WHITESPACE) + 1; - return (old); - } - } - - /* Allow only one '=' to be skipped */ - if (*s[0] == '=') - wspace = 1; - *s[0] = '\0'; - - /* Skip any extra whitespace after first token */ - *s += strspn(*s + 1, WHITESPACE) + 1; - if (*s[0] == '=' && !wspace) - *s += strspn(*s + 1, WHITESPACE) + 1; - - return (old); -} - -struct passwd * -pwcopy(struct passwd *pw) -{ - struct passwd *copy = xcalloc(1, sizeof(*copy)); - - copy->pw_name = xstrdup(pw->pw_name); - copy->pw_passwd = xstrdup(pw->pw_passwd); -#ifdef HAVE_STRUCT_PASSWD_PW_GECOS - copy->pw_gecos = xstrdup(pw->pw_gecos); -#endif - copy->pw_uid = pw->pw_uid; - copy->pw_gid = pw->pw_gid; -#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE - copy->pw_expire = pw->pw_expire; -#endif -#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE - copy->pw_change = pw->pw_change; -#endif -#ifdef HAVE_STRUCT_PASSWD_PW_CLASS - copy->pw_class = xstrdup(pw->pw_class); -#endif - -#ifdef WIN32_FIXME - copy -> pw_dir = _wcsdup(pw -> pw_dir); -#else - copy->pw_dir = xstrdup(pw->pw_dir); -#endif - copy->pw_shell = xstrdup(pw->pw_shell); - return copy; -} - -/* - * Convert ASCII string to TCP/IP port number. - * Port must be >=0 and <=65535. - * Return -1 if invalid. - */ -int -a2port(const char *s) -{ - long long port; - const char *errstr; - - port = strtonum(s, 0, 65535, &errstr); - if (errstr != NULL) - return -1; - return (int)port; -} - -int -a2tun(const char *s, int *remote) -{ - const char *errstr = NULL; - char *sp, *ep; - int tun; - - if (remote != NULL) { - *remote = SSH_TUNID_ANY; - sp = xstrdup(s); - if ((ep = strchr(sp, ':')) == NULL) { - free(sp); - return (a2tun(s, NULL)); - } - ep[0] = '\0'; ep++; - *remote = a2tun(ep, NULL); - tun = a2tun(sp, NULL); - free(sp); - return (*remote == SSH_TUNID_ERR ? *remote : tun); - } - - if (strcasecmp(s, "any") == 0) - return (SSH_TUNID_ANY); - - tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr); - if (errstr != NULL) - return (SSH_TUNID_ERR); - - return (tun); -} - -#define SECONDS 1 -#define MINUTES (SECONDS * 60) -#define HOURS (MINUTES * 60) -#define DAYS (HOURS * 24) -#define WEEKS (DAYS * 7) - -/* - * Convert a time string into seconds; format is - * a sequence of: - * time[qualifier] - * - * Valid time qualifiers are: - * seconds - * s|S seconds - * m|M minutes - * h|H hours - * d|D days - * w|W weeks - * - * Examples: - * 90m 90 minutes - * 1h30m 90 minutes - * 2d 2 days - * 1w 1 week - * - * Return -1 if time string is invalid. - */ -long -convtime(const char *s) -{ - long total, secs; - const char *p; - char *endp; - - errno = 0; - total = 0; - p = s; - - if (p == NULL || *p == '\0') - return -1; - - while (*p) { - secs = strtol(p, &endp, 10); - if (p == endp || - (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) || - secs < 0) - return -1; - - switch (*endp++) { - case '\0': - endp--; - break; - case 's': - case 'S': - break; - case 'm': - case 'M': - secs *= MINUTES; - break; - case 'h': - case 'H': - secs *= HOURS; - break; - case 'd': - case 'D': - secs *= DAYS; - break; - case 'w': - case 'W': - secs *= WEEKS; - break; - default: - return -1; - } - total += secs; - if (total < 0) - return -1; - p = endp; - } - - return total; -} - -/* - * Returns a standardized host+port identifier string. - * Caller must free returned string. - */ -char * -put_host_port(const char *host, u_short port) -{ - char *hoststr; - - if (port == 0 || port == SSH_DEFAULT_PORT) - return(xstrdup(host)); - if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) - fatal("put_host_port: asprintf: %s", strerror(errno)); - debug3("put_host_port: %s", hoststr); - return hoststr; -} - -/* - * Search for next delimiter between hostnames/addresses and ports. - * Argument may be modified (for termination). - * Returns *cp if parsing succeeds. - * *cp is set to the start of the next delimiter, if one was found. - * If this is the last field, *cp is set to NULL. - */ -char * -hpdelim(char **cp) -{ - char *s, *old; - - if (cp == NULL || *cp == NULL) - return NULL; - - old = s = *cp; - if (*s == '[') { - if ((s = strchr(s, ']')) == NULL) - return NULL; - else - s++; - } else if ((s = strpbrk(s, ":/")) == NULL) - s = *cp + strlen(*cp); /* skip to end (see first case below) */ - - switch (*s) { - case '\0': - *cp = NULL; /* no more fields*/ - break; - - case ':': - case '/': - *s = '\0'; /* terminate */ - *cp = s + 1; - break; - - default: - return NULL; - } - - return old; -} - -char * -cleanhostname(char *host) -{ - if (*host == '[' && host[strlen(host) - 1] == ']') { - host[strlen(host) - 1] = '\0'; - return (host + 1); - } else - return host; -} - -char * -colon(char *cp) -{ - int flag = 0; - - if (*cp == ':') /* Leading colon is part of file name. */ - return NULL; - if (*cp == '[') - flag = 1; - - for (; *cp; ++cp) { - if (*cp == '@' && *(cp+1) == '[') - flag = 1; - if (*cp == ']' && *(cp+1) == ':' && flag) - return (cp+1); - if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return NULL; - } - return NULL; -} - -/* function to assist building execv() arguments */ -void -addargs(arglist *args, char *fmt, ...) -{ - va_list ap; - char *cp; - u_int nalloc; - int r; - - va_start(ap, fmt); - r = vasprintf(&cp, fmt, ap); - va_end(ap); - if (r == -1) - fatal("addargs: argument too long"); - - nalloc = args->nalloc; - if (args->list == NULL) { - nalloc = 32; - args->num = 0; - } else if (args->num+2 >= nalloc) - nalloc *= 2; - - args->list = xreallocarray(args->list, nalloc, sizeof(char *)); - args->nalloc = nalloc; - args->list[args->num++] = cp; - args->list[args->num] = NULL; -} - -void -replacearg(arglist *args, u_int which, char *fmt, ...) -{ - va_list ap; - char *cp; - int r; - - va_start(ap, fmt); - r = vasprintf(&cp, fmt, ap); - va_end(ap); - if (r == -1) - fatal("replacearg: argument too long"); - - if (which >= args->num) - fatal("replacearg: tried to replace invalid arg %d >= %d", - which, args->num); - free(args->list[which]); - args->list[which] = cp; -} - -void -freeargs(arglist *args) -{ - u_int i; - - if (args->list != NULL) { - for (i = 0; i < args->num; i++) - free(args->list[i]); - free(args->list); - args->nalloc = args->num = 0; - args->list = NULL; - } -} - -/* - * Expands tildes in the file name. Returns data allocated by xmalloc. - * Warning: this calls getpw*. - */ -char * -tilde_expand_filename(const char *filename, uid_t uid) -{ - const char *path, *sep; - char user[128], *ret; - struct passwd *pw; - u_int len, slash; - - if (*filename != '~') - return (xstrdup(filename)); - filename++; - - path = strchr(filename, '/'); - if (path != NULL && path > filename) { /* ~user/path */ - slash = path - filename; - if (slash > sizeof(user) - 1) - fatal("tilde_expand_filename: ~username too long"); - memcpy(user, filename, slash); - user[slash] = '\0'; - if ((pw = getpwnam(user)) == NULL) - fatal("tilde_expand_filename: No such user %s", user); - } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ - fatal("tilde_expand_filename: No such uid %ld", (long)uid); - -#ifdef WIN32_FIXME - - // - // Catch case when, homedir is unknown or doesn't exist - // e.g. for SYSTEM user. Then, redirect path to NUL. - // - - if (wcslen(pw -> pw_dir) == 0) - { - snprintf(ret, sizeof(ret), "NUL"); - } - - else if (/*snprintf(ret, sizeof(ret), "%ls", pw -> pw_dir) <= 0*/ 1) -#else - if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) -#endif - /* Make sure directory has a trailing '/' */ -#ifdef WIN32_FIXME - len = strlen(ret); - if ((len == 0 || ret[len - 1] != '/') && - strlcat(ret, "/", sizeof(ret)) >= sizeof(ret)) -#else - len = strlen(pw->pw_dir); - if (len == 0 || pw->pw_dir[len - 1] != '/') - sep = "/"; - else - sep = ""; -#endif - - /* Skip leading '/' from specified path */ - if (path != NULL) - filename = path + 1; - - if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) - fatal("tilde_expand_filename: Path too long"); - - return (ret); -} - -/* - * Expand a string with a set of %[char] escapes. A number of escapes may be - * specified as (char *escape_chars, char *replacement) pairs. The list must - * be terminated by a NULL escape_char. Returns replaced string in memory - * allocated by xmalloc. - */ -char * -percent_expand(const char *string, ...) -{ -#define EXPAND_MAX_KEYS 16 - u_int num_keys, i, j; - struct { - const char *key; - const char *repl; - } keys[EXPAND_MAX_KEYS]; - char buf[4096]; - va_list ap; - - /* Gather keys */ - va_start(ap, string); - for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { - keys[num_keys].key = va_arg(ap, char *); - if (keys[num_keys].key == NULL) - break; - keys[num_keys].repl = va_arg(ap, char *); - if (keys[num_keys].repl == NULL) - fatal("%s: NULL replacement", __func__); - } - if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL) - fatal("%s: too many keys", __func__); - va_end(ap); - - /* Expand string */ - *buf = '\0'; - for (i = 0; *string != '\0'; string++) { - if (*string != '%') { - append: - buf[i++] = *string; - if (i >= sizeof(buf)) - fatal("%s: string too long", __func__); - buf[i] = '\0'; - continue; - } - string++; - /* %% case */ - if (*string == '%') - goto append; - for (j = 0; j < num_keys; j++) { - if (strchr(keys[j].key, *string) != NULL) { - i = strlcat(buf, keys[j].repl, sizeof(buf)); - if (i >= sizeof(buf)) - fatal("%s: string too long", __func__); - break; - } - } - if (j >= num_keys) - fatal("%s: unknown key %%%c", __func__, *string); - } - return (xstrdup(buf)); -#undef EXPAND_MAX_KEYS -} - -#ifdef WIN32_FIXME -wchar_t *percent_expand_w(const wchar_t *string, ...) -{ -#define EXPAND_MAX_KEYS 16 - u_int num_keys, i, j; - struct { - const wchar_t *key; - const wchar_t *repl; - } keys[EXPAND_MAX_KEYS]; - wchar_t buf[4096]; - va_list ap; - - /* Gather keys */ - va_start(ap, string); - for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) { - keys[num_keys].key = va_arg(ap, wchar_t *); - if (keys[num_keys].key == NULL) - break; - keys[num_keys].repl = va_arg(ap, wchar_t *); - if (keys[num_keys].repl == NULL) - fatal("%s: NULL replacement", __func__); - } - if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, wchar_t *) != NULL) - fatal("%s: too many keys", __func__); - va_end(ap); - - /* Expand string */ - *buf = L'\0'; - for (i = 0; *string != L'\0'; string++) { - if (*string != L'%') { - append: - buf[i++] = *string; - if (i >= sizeof(buf)) - fatal("%s: string too long", __func__); - buf[i] = L'\0'; - continue; - } - string++; - /* %% case */ - if (*string == L'%') - goto append; - for (j = 0; j < num_keys; j++) { - if (wcschr(keys[j].key, *string) != NULL) { - i = wcsncat(buf, keys[j].repl, sizeof(buf)); - buf[sizeof(buf)-1] = 0; - if (i >= sizeof(buf)) - fatal("%s: string too long", __func__); - break; - } - } - if (j >= num_keys) - fatal("%s: unknown key %%%c", __func__, *string); - } - return (_wcsdup(buf)); -#undef EXPAND_MAX_KEYS -} -#endif -/* - * Read an entire line from a public key file into a static buffer, discarding - * lines that exceed the buffer size. Returns 0 on success, -1 on failure. - */ -int -read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, - u_long *lineno) -{ - while (fgets(buf, bufsz, f) != NULL) { - if (buf[0] == '\0') - continue; - (*lineno)++; - if (buf[strlen(buf) - 1] == '\n' || feof(f)) { - return 0; - } else { - debug("%s: %s line %lu exceeds size limit", __func__, - filename, *lineno); - /* discard remainder of line */ - while (fgetc(f) != '\n' && !feof(f)) - ; /* nothing */ - } - } - return -1; -} - -int -tun_open(int tun, int mode) -{ -#if defined(CUSTOM_SYS_TUN_OPEN) - return (sys_tun_open(tun, mode)); -#elif defined(SSH_TUN_OPENBSD) - struct ifreq ifr; - char name[100]; - int fd = -1, sock; - - /* Open the tunnel device */ - if (tun <= SSH_TUNID_MAX) { - snprintf(name, sizeof(name), "/dev/tun%d", tun); - fd = open(name, O_RDWR); - } else if (tun == SSH_TUNID_ANY) { - for (tun = 100; tun >= 0; tun--) { - snprintf(name, sizeof(name), "/dev/tun%d", tun); - if ((fd = open(name, O_RDWR)) >= 0) - break; - } - } else { - debug("%s: invalid tunnel %u", __func__, tun); - return (-1); - } - - if (fd < 0) { - debug("%s: %s open failed: %s", __func__, name, strerror(errno)); - return (-1); - } - - debug("%s: %s mode %d fd %d", __func__, name, mode, fd); - - /* Set the tunnel device operation mode */ - snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); - if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1) - goto failed; - - if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) - goto failed; - - /* Set interface mode */ - ifr.ifr_flags &= ~IFF_UP; - if (mode == SSH_TUNMODE_ETHERNET) - ifr.ifr_flags |= IFF_LINK0; - else - ifr.ifr_flags &= ~IFF_LINK0; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - - /* Bring interface up */ - ifr.ifr_flags |= IFF_UP; - if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) - goto failed; - - close(sock); - return (fd); - - failed: - if (fd >= 0) - close(fd); - if (sock >= 0) - close(sock); - debug("%s: failed to set %s mode %d: %s", __func__, name, - mode, strerror(errno)); - return (-1); -#else - error("Tunnel interfaces are not supported on this platform"); - return (-1); -#endif -} - -void -sanitise_stdfd(void) -{ -#ifndef WIN32_FIXME - int nullfd, dupfd; - - if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { - fprintf(stderr, "Couldn't open /dev/null: %s\n", - strerror(errno)); - exit(1); - } - while (++dupfd <= 2) { - /* Only clobber closed fds */ - if (fcntl(dupfd, F_GETFL, 0) >= 0) - continue; - if (dup2(nullfd, dupfd) == -1) { - fprintf(stderr, "dup2: %s\n", strerror(errno)); - exit(1); - } - } - if (nullfd > 2) - close(nullfd); -#endif -} - -char * -tohex(const void *vp, size_t l) -{ - const u_char *p = (const u_char *)vp; - char b[3], *r; - size_t i, hl; - - if (l > 65536) - return xstrdup("tohex: length > 65536"); - - hl = l * 2 + 1; - r = xcalloc(1, hl); - for (i = 0; i < l; i++) { - snprintf(b, sizeof(b), "%02x", p[i]); - strlcat(r, b, hl); - } - return (r); -} - -u_int64_t -get_u64(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int64_t v; - - v = (u_int64_t)p[0] << 56; - v |= (u_int64_t)p[1] << 48; - v |= (u_int64_t)p[2] << 40; - v |= (u_int64_t)p[3] << 32; - v |= (u_int64_t)p[4] << 24; - v |= (u_int64_t)p[5] << 16; - v |= (u_int64_t)p[6] << 8; - v |= (u_int64_t)p[7]; - - return (v); -} - -u_int32_t -get_u32(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int32_t v; - - v = (u_int32_t)p[0] << 24; - v |= (u_int32_t)p[1] << 16; - v |= (u_int32_t)p[2] << 8; - v |= (u_int32_t)p[3]; - - return (v); -} - -u_int32_t -get_u32_le(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int32_t v; - - v = (u_int32_t)p[0]; - v |= (u_int32_t)p[1] << 8; - v |= (u_int32_t)p[2] << 16; - v |= (u_int32_t)p[3] << 24; - - return (v); -} - -u_int16_t -get_u16(const void *vp) -{ - const u_char *p = (const u_char *)vp; - u_int16_t v; - - v = (u_int16_t)p[0] << 8; - v |= (u_int16_t)p[1]; - - return (v); -} - -void -put_u64(void *vp, u_int64_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)(v >> 56) & 0xff; - p[1] = (u_char)(v >> 48) & 0xff; - p[2] = (u_char)(v >> 40) & 0xff; - p[3] = (u_char)(v >> 32) & 0xff; - p[4] = (u_char)(v >> 24) & 0xff; - p[5] = (u_char)(v >> 16) & 0xff; - p[6] = (u_char)(v >> 8) & 0xff; - p[7] = (u_char)v & 0xff; -} - -void -put_u32(void *vp, u_int32_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)(v >> 24) & 0xff; - p[1] = (u_char)(v >> 16) & 0xff; - p[2] = (u_char)(v >> 8) & 0xff; - p[3] = (u_char)v & 0xff; -} - -void -put_u32_le(void *vp, u_int32_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)v & 0xff; - p[1] = (u_char)(v >> 8) & 0xff; - p[2] = (u_char)(v >> 16) & 0xff; - p[3] = (u_char)(v >> 24) & 0xff; -} - -void -put_u16(void *vp, u_int16_t v) -{ - u_char *p = (u_char *)vp; - - p[0] = (u_char)(v >> 8) & 0xff; - p[1] = (u_char)v & 0xff; -} - -void -ms_subtract_diff(struct timeval *start, int *ms) -{ - struct timeval diff, finish; - - gettimeofday(&finish, NULL); - timersub(&finish, start, &diff); - *ms -= (diff.tv_sec * 1000) + (diff.tv_usec / 1000); -} - -void -ms_to_timeval(struct timeval *tv, int ms) -{ - if (ms < 0) - ms = 0; - tv->tv_sec = ms / 1000; - tv->tv_usec = (ms % 1000) * 1000; -} - -time_t -monotime(void) -{ -#if defined(HAVE_CLOCK_GETTIME) && \ - (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME)) - struct timespec ts; - static int gettime_failed = 0; - - if (!gettime_failed) { -#if defined(CLOCK_BOOTTIME) - if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) - return (ts.tv_sec); -#endif -#if defined(CLOCK_MONOTONIC) - if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) - return (ts.tv_sec); -#endif - debug3("clock_gettime: %s", strerror(errno)); - gettime_failed = 1; - } -#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */ - - return time(NULL); -} - -void -bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) -{ - bw->buflen = buflen; - bw->rate = kbps; - bw->thresh = bw->rate; - bw->lamt = 0; - timerclear(&bw->bwstart); - timerclear(&bw->bwend); -} - -/* Callback from read/write loop to insert bandwidth-limiting delays */ -void -bandwidth_limit(struct bwlimit *bw, size_t read_len) -{ -#ifndef WIN32_FIXME - u_int64_t waitlen; - struct timespec ts, rm; - - if (!timerisset(&bw->bwstart)) { - gettimeofday(&bw->bwstart, NULL); - return; - } - - bw->lamt += read_len; - if (bw->lamt < bw->thresh) - return; - - gettimeofday(&bw->bwend, NULL); - timersub(&bw->bwend, &bw->bwstart, &bw->bwend); - if (!timerisset(&bw->bwend)) - return; - - bw->lamt *= 8; - waitlen = (double)1000000L * bw->lamt / bw->rate; - - bw->bwstart.tv_sec = waitlen / 1000000L; - bw->bwstart.tv_usec = waitlen % 1000000L; - - if (timercmp(&bw->bwstart, &bw->bwend, >)) { - timersub(&bw->bwstart, &bw->bwend, &bw->bwend); - - /* Adjust the wait time */ - if (bw->bwend.tv_sec) { - bw->thresh /= 2; - if (bw->thresh < bw->buflen / 4) - bw->thresh = bw->buflen / 4; - } else if (bw->bwend.tv_usec < 10000) { - bw->thresh *= 2; - if (bw->thresh > bw->buflen * 8) - bw->thresh = bw->buflen * 8; - } - - TIMEVAL_TO_TIMESPEC(&bw->bwend, &ts); - while (nanosleep(&ts, &rm) == -1) { - if (errno != EINTR) - break; - ts = rm; - } - } - - bw->lamt = 0; - gettimeofday(&bw->bwstart, NULL); -#endif -} - -/* Make a template filename for mk[sd]temp() */ -void -mktemp_proto(char *s, size_t len) -{ - const char *tmpdir; - int r; - - if ((tmpdir = getenv("TMPDIR")) != NULL) { - r = snprintf(s, len, "%s/ssh-XXXXXXXXXXXX", tmpdir); - if (r > 0 && (size_t)r < len) - return; - } - r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX"); - if (r < 0 || (size_t)r >= len) - fatal("%s: template string too short", __func__); -} - -static const struct { - const char *name; - int value; -} ipqos[] = { - { "af11", IPTOS_DSCP_AF11 }, - { "af12", IPTOS_DSCP_AF12 }, - { "af13", IPTOS_DSCP_AF13 }, - { "af21", IPTOS_DSCP_AF21 }, - { "af22", IPTOS_DSCP_AF22 }, - { "af23", IPTOS_DSCP_AF23 }, - { "af31", IPTOS_DSCP_AF31 }, - { "af32", IPTOS_DSCP_AF32 }, - { "af33", IPTOS_DSCP_AF33 }, - { "af41", IPTOS_DSCP_AF41 }, - { "af42", IPTOS_DSCP_AF42 }, - { "af43", IPTOS_DSCP_AF43 }, - { "cs0", IPTOS_DSCP_CS0 }, - { "cs1", IPTOS_DSCP_CS1 }, - { "cs2", IPTOS_DSCP_CS2 }, - { "cs3", IPTOS_DSCP_CS3 }, - { "cs4", IPTOS_DSCP_CS4 }, - { "cs5", IPTOS_DSCP_CS5 }, - { "cs6", IPTOS_DSCP_CS6 }, - { "cs7", IPTOS_DSCP_CS7 }, - { "ef", IPTOS_DSCP_EF }, - { "lowdelay", IPTOS_LOWDELAY }, - { "throughput", IPTOS_THROUGHPUT }, - { "reliability", IPTOS_RELIABILITY }, - { NULL, -1 } -}; - -int -parse_ipqos(const char *cp) -{ - u_int i; - char *ep; - long val; - - if (cp == NULL) - return -1; - for (i = 0; ipqos[i].name != NULL; i++) { - if (strcasecmp(cp, ipqos[i].name) == 0) - return ipqos[i].value; - } - /* Try parsing as an integer */ - val = strtol(cp, &ep, 0); - if (*cp == '\0' || *ep != '\0' || val < 0 || val > 255) - return -1; - return val; -} - -const char * -iptos2str(int iptos) -{ - int i; - static char iptos_str[sizeof "0xff"]; - - for (i = 0; ipqos[i].name != NULL; i++) { - if (ipqos[i].value == iptos) - return ipqos[i].name; - } - snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); - return iptos_str; -} - -void -lowercase(char *s) -{ - for (; *s; s++) - *s = tolower((u_char)*s); -} - -int -unix_listener(const char *path, int backlog, int unlink_first) -{ - struct sockaddr_un sunaddr; - int saved_errno, sock; - - memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - if (strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) { - error("%s: \"%s\" too long for Unix domain socket", __func__, - path); - errno = ENAMETOOLONG; - return -1; - } - - sock = socket(PF_UNIX, SOCK_STREAM, 0); - if (sock < 0) { - saved_errno = errno; - error("socket: %.100s", strerror(errno)); - errno = saved_errno; - return -1; - } - if (unlink_first == 1) { - if (unlink(path) != 0 && errno != ENOENT) - error("unlink(%s): %.100s", path, strerror(errno)); - } - if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) { - saved_errno = errno; - error("bind: %.100s", strerror(errno)); - close(sock); - error("%s: cannot bind to path: %s", __func__, path); - errno = saved_errno; - return -1; - } - if (listen(sock, backlog) < 0) { - saved_errno = errno; - error("listen: %.100s", strerror(errno)); - close(sock); - unlink(path); - error("%s: cannot listen on path: %s", __func__, path); - errno = saved_errno; - return -1; - } - return sock; -} - -void -sock_set_v6only(int s) -{ -#ifdef IPV6_V6ONLY - int on = 1; - - debug3("%s: set socket %d IPV6_V6ONLY", __func__, s); - if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1) - error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); -#endif -} diff --git a/misc.h b/misc.h index 374c33c..7c76a6a 100644 --- a/misc.h +++ b/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.54 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: misc.h,v 1.57 2016/07/15 00:24:30 djm Exp $ */ /* * Author: Tatu Ylonen @@ -27,6 +27,8 @@ struct Forward { int handle; /* Handle for dynamic listen ports */ }; +int forward_equals(const struct Forward *, const struct Forward *); + /* Common server and client forwarding options. */ struct ForwardOptions { int gateway_ports; /* Allow remote connects to forwarded ports. */ @@ -47,6 +49,7 @@ char *put_host_port(const char *, u_short); char *hpdelim(char **); char *cleanhostname(char *); char *colon(char *); +int parse_user_host_port(const char *, char **, char **, int *); long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); @@ -55,6 +58,7 @@ void sanitise_stdfd(void); void ms_subtract_diff(struct timeval *, int *); void ms_to_timeval(struct timeval *, int); time_t monotime(void); +double monotime_double(void); void lowercase(char *s); int unix_listener(const char *, int, int); diff --git a/moduli b/moduli index 426a58f..d4c9a70 100644 --- a/moduli +++ b/moduli @@ -1,268 +1,208 @@ -# $OpenBSD: moduli,v 1.14 2015/07/22 02:34:59 dtucker Exp $ +# $OpenBSD: moduli,v 1.17 2016/03/01 04:23:08 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20150522025931 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD18DA1F -20150522025936 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD3763B3 -20150522025942 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD702B8B -20150522025943 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD77C283 -20150522025947 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAD96C25B -20150522025953 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADD9B3DB -20150522025956 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADE84F07 -20150522025957 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DADEC1DB3 -20150522030001 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE0E297F -20150522030004 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE2A1E23 -20150522030005 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE2ADE53 -20150522030008 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE47B9F7 -20150522030009 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE4E1343 -20150522030014 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE715CBB -20150522030016 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE7BC9EF -20150522030018 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE84579B -20150522030019 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAE8A564B -20150522030023 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAEAF7AD7 -20150522030025 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAEB9DC53 -20150522030027 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAECD976F -20150522030034 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF07F063 -20150522030034 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF08ACBB -20150522030037 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF192C07 -20150522030039 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF241333 -20150522030040 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF255B3B -20150522030044 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF3DEC37 -20150522030048 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF60F05B -20150522030049 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF6255DF -20150522030055 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAF8EE01F -20150522030059 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFAD237B -20150522030104 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFD13587 -20150522030105 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFD2BE6F -20150522030108 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFECF32F -20150522030112 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DAFFDEED7 -20150522030115 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB01CAA63 -20150522030116 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB01F3647 -20150522030119 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB034B30F -20150522030122 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB04822EF -20150522030124 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0528867 -20150522030131 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB08D3CAB -20150522030136 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0B10C6F -20150522030138 2 6 100 1535 5 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0C688A7 -20150522030140 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0CCDF9B -20150522030141 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0CFD81B -20150522030145 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB0F59763 -20150522030148 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB10339FB -20150522030149 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB10E3ACB -20150522030150 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB11127F3 -20150522030159 2 6 100 1535 2 F4EE15F22E5F49997A027769656DF0240598C9470C7D67A7D7DA2777883C1C243A6F3D04E1CFA6A0350B165ECABE89A684C11ABB7E5B93B54FD6EAC85BBA9F23C6306E485BB9AC5515ABC739CE9B1A79F7DEF6D00B643856DB903E23E7F985EDCAFF867FE15498E7EF6A91057DE337A9AAEDE941C934E65243AC7888A33C78FB2490BBA2BA06F18ECC51DE9AA54BADD061CC5BE1EA060CC3217CA11E26772BD088898D2882CB49A9FF40168E49AE6A90EE1F61132E1B6E4E7F99797DB15B8BDB -20150522030634 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8ADB54257 -20150522030715 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AE6EF847 -20150522030737 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AEC5D76B -20150522030739 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECB604F -20150522030742 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AECF538B -20150522030756 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF04851B -20150522030828 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8AF867683 -20150522030905 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B01F7E27 -20150522030909 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B02AFB8F -20150522030918 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B048739F -20150522030930 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B07661CB -20150522030938 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B091EC43 -20150522030955 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B0D50D0F -20150522031007 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1023673 -20150522031015 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B119500F -20150522031036 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B177EE9F -20150522031056 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1D0030B -20150522031103 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B1ECC193 -20150522031125 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B24C9CF7 -20150522031136 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2774773 -20150522031208 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B2FC9617 -20150522031220 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B32FE6CF -20150522031228 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B345AC93 -20150522031248 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B392E18F -20150522031256 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3B32FCF -20150522031300 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3BF5B2B -20150522031311 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3E840CB -20150522031316 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B3F5F9D7 -20150522031334 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B439F28B -20150522031337 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B44025D3 -20150522031339 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B442AC0B -20150522031353 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4788613 -20150522031356 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B47F8FDB -20150522031401 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B48EAEFB -20150522031407 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4A1CE0B -20150522031420 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4D73D93 -20150522031425 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4E9937F -20150522031428 2 6 100 2047 5 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B4EFD4BF -20150522031436 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B507149B -20150522031452 2 6 100 2047 2 DB36277B45EA5615C782C08BF6A290A3D61E6B9690E4A147042113FC1BFC0AEEC5FB0FF82FC1FEA86E273F667EC387FEF3421FFFC617A70C34B1987986C6B35C715713914AB75932A3D1942ECC0F324D81BF00D59916B3BFDC7BA432AF5C5DFCF30BF4A2C80B8CA52A9B80E989D3A852BD81A8BD3ADC97497F43C6F0A90882D9CFA165CF1F735C96428BF9BC32A58B71CF1D4FD48A6D2C616E91BB6E07C5CB0DF0C59DAF79D659C6E53007843497BBEE5B341D27DE2E2543B8DFEB4DDAE6328EAD441C3F36509C1FA689FE494B0426ADCAF9E567A1C5A3301689C5CCC55EC4002FAA5D254C2F3C0F8636BEA7019D1CD212B74EE4F273E0B9997720E8B54A3243 -20150522032348 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98368C951B -20150522033023 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9838C4B4F7 -20150522033224 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9839729F67 -20150522033330 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9839CF938B -20150522033506 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983A5AA27B -20150522033539 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983A849987 -20150522033610 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983AAC8A5F -20150522033839 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983B7F9067 -20150522033952 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983BE385D7 -20150522034001 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983BEA4367 -20150522034055 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C305BC3 -20150522034123 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C516EB3 -20150522034146 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983C6D1017 -20150522034241 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983CB6A553 -20150522034528 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983DA8F54F -20150522034544 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983DB92AEB -20150522034719 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983E32A87B -20150522034748 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983E589F5B -20150522035227 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF983FE4EA2B -20150522035328 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9840340683 -20150522035522 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9840D77183 -20150522035721 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98417632BF -20150522035808 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9841B795AB -20150522035847 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9841E9F357 -20150522040046 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842863803 -20150522040057 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98428F98CF -20150522040128 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842B68EA3 -20150522040136 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9842BA209B -20150522040232 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984303E883 -20150522040546 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9844117EF3 -20150522040607 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9844276407 -20150522040733 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984499981B -20150522040850 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF984502ECCF -20150522041059 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9845BB3AD7 -20150522041141 2 6 100 3071 5 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF9845F34747 -20150522041538 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98473F522B -20150522041645 2 6 100 3071 2 E409DD3E1471472B9A1A2C64FDDC0EB822C4485590288E209141916DF6C51125FCF17ED5F4226F63928FD7E9C60DEC3B0A82C6DF10C33E0CDA2E200004C3B89C7BD872CF9572374C7590F8960C97E1A995319ECABF60C00DAC39A8A4A4196638FB338F47445310F2424518C4ED9C789D17D591DF7B2CB11FC320AD7C84376EF838077C5C81BBEE2BDF38F8716E94F756919654AD5BC8FDF9CD644F0B1F604DFB7CF28B8AD55576458DB547348E74101FA39ADD0D5675E2BA2FA074C2BEC53DCA68A1F49E3F5EBBE9069C7BB20A0ED4217C8D8FE99DC3DDAC05172EB056C6173306F604B90079CEAD87AA170EA89E38C07128067C48695040F766131E9E8459FB71ED94BE176C9F827BBAB219E1BD7A4C7ED9FE7FF62E844B0915C9ACD5B17FDE866EC34C44C348C23CC303D6E7AFDC55AAAC007BF3C67280C13C9801D2D8E0739680257CE5CEBD5CA0CF24D2CA6A354D5D132A72D2ABB2E50D257B5A6DAA038683C1A433861204570824D0734402498259C171BB58DA074D22B1DF98479B35EB -20150522043157 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379177A90103 -20150522044043 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379178F7604B -20150522044434 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917986809B -20150522044641 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379179D34D9F -20150522045152 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917A93F48B -20150522045648 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917B4FEA03 -20150522051224 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917DA8111B -20150522051844 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917E9226DB -20150522052054 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917EDC16FB -20150522052204 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917F0058A7 -20150522052248 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917F16842F -20150522052650 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917FA2234F -20150522052821 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37917FD2EA1B -20150522054416 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791823EE827 -20150522054652 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182978693 -20150522054912 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182E6E57B -20150522054941 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182F0448B -20150522055008 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379182FA0E27 -20150522060835 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379185801F93 -20150522062202 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379187943813 -20150522062512 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791880945B7 -20150522063933 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918A32FF83 -20150522064222 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918A910AB3 -20150522064452 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918AE83E73 -20150522065035 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918BBA1623 -20150522065634 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918C920633 -20150522070134 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D471AAB -20150522070306 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D7B1063 -20150522070332 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918D838D0B -20150522070807 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918E2B8B67 -20150522071420 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F0C3653 -20150522071508 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F1EFFFB -20150522071555 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918F35E697 -20150522071903 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37918FA47DEB -20150522074443 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F37919363872B -20150522075339 2 6 100 4095 2 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379194BA4383 -20150522080128 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F379195DB3C5F -20150522080506 2 6 100 4095 5 DDE41D7021F9DF8240D0BD8E14CE1E374A4FFDD073767E84C8C347B6F832731277F9D333B8BC7CD96ED164DF5C6F26E46E4BAF0AA7C87B26CE3E11042C1BDDF76095E50D7772E5DC0C48EBA0E41EC92EAFA655DA1B6C614E1F0F9AD815BD7505AA9B8A265D13956B5A26141EE812404DE13B821C9B7BCA9982B8CF7D862F8E8A373FEFEE4AE46EC2122519A2AD896ED18CAECEF314D1B98C83358B6E9D2F3BC58C1688F162E3CF1FF58E57E7B9E14BB37C9C9E9692E57C42937141C226E84C35B42DED9055A7F366A61C3CB4899B499278ED4C729CC1DE54827E882290F9FC13F7F1488F897698EA62A99468D6F3ED0561816C39B8279154FC7A8E453CCC4EB1ABC777A397B694E1B9866C2495489F94721A3351B252D05FE6C7857929B34C19A8EB42ABED88FA370DABCA83A245DC35CFB399824D127507AD540054C647F61C6BD11CAFC3FE5277A1014DF6B538BC8BFE009315BCD60E020DAB840B8A4219EBA4E349680BC7CA3A9BC36164A3D36E325C530B178747814F575899126B307EB63F910DDE0F09E5056B2F9F7E230A42C11DDD34A9B23A64090C2FF9C7F3DD696E6828613E74A64CFC4046ECFA997BE84981430D8A7F8AEC63001E50AF9F556567A0065A9A013A66A2737CEEE468D6A15002358AC648D862B0618E6DD6A98BBBE9E68174D9C9FE4568BB2D12083CF6892B6B8D58307944955A987F3791965094C7 -20150522083733 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C514C4F88F -20150522093608 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C517A26827 -20150522094040 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C517D03757 -20150522095314 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C518686A8B -20150522101845 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C519A641F3 -20150522103233 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51A4A87B7 -20150522111208 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51C3A7B9B -20150522120305 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51EB16CF7 -20150522122813 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C51FE5C353 -20150522132032 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5226F04CB -20150522141054 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C524EBC207 -20150522153656 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C529553A9F -20150522154114 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5298632F7 -20150522154826 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C529DCC5D7 -20150522163842 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52C78C8C3 -20150522165625 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52D5A1C27 -20150522172408 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52EBD88E3 -20150522173745 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C52F69630B -20150522184340 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5327AFF1B -20150522190348 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5336CDC63 -20150522200705 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5366C1207 -20150522201200 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5369D0A6B -20150522202855 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5375B287F -20150522204401 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5380EDB4B -20150522205115 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5385D084B -20150522210056 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C538CEBB3B -20150522212110 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C539B27FE3 -20150522215602 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53B4E825B -20150522222840 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53CD37713 -20150522224719 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C53DAAAE07 -20150523005800 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C543D2802B -20150523110456 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C549CAF02F -20150523111755 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C54A5BCB0B -20150523135850 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C551C0E2B7 -20150523140345 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C551F4D6B3 -20150523153045 2 6 100 6143 2 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C5561141EB -20150523170349 2 6 100 6143 5 E49C8871D7F1191BFDDF2C21369599F9E9F57F502A68C5AA4B87527B218B90EB8F33F3D6B4E379A17BA18BDDA81F2DE8B15EABBF424BDEF329D792093D88EB5536D5F165F767F08AD2220E0005162BB37BE7F45B2574F2BE5BFE4262623C8895A803F747E3BCB0DD396DED524EE1E9B9EEE82C741A1F8ACA2E6DB05CC1FE8C2A7DC50F1F019FD74FC6FFBF38ADA2D36A7CC8DB2C7961C154A74BF0086C173AC7A22B266BBE9974459A7EFDC2F0CDB2F9E288527FD356017FDE01AE17A954561197E18E4AADAF0643860328FC9A2D8A5073348DAD615ADF1AE4AD5BA1630437AB4F7948FCB3D33CD225AA6661DD2AAFFE774CA01F0BF8A2DB168D8FFF3A223E3A60B039E9ABAE8E4B6A37B7E8F77A3EC2D1714B79DEC2ED2BCFB39A4FAAB8913D421099623BCD1DE50B419173236D91E09CFCF544161EB4CA8A45295D812708E349D2118EFA3EDC0F86D3300A80C36D77CEE41441F84BBE663413378F2CAA58F6915B5B3CD799541AD5CCC74B76A59555EDC3B6ABD77318E0A9E6450277DF93A882C6F3D2E13E3BBE361BBB2813A2A269324D7FD2D9437AD065CF3CE698BE08857E5E22800CDBC0235AEB364301AF3170C24B8A68B7B038499F788040E86376DA7DB517751F4FC6D1D3E1C3FE8DDA27B69D1281A18D6D2DC92C2E471A4B577F789E5D397C68B738DBEA06FF55AC1D1C177E3A51D136055E379CF68C27DBB6D66771D9ADFD846CBFF9EFF5B0BDC9EA16A8817243451A93545D19DCFB3DE1E50936A62CD98379ED37C13BE8D71DE48E4115DD309E67F676B0CE88B60BDCD0CAB98878A17E67E20723DE50DB3599485E25687005AB55407632E12AD919498F562D2871A55FEDB76F113D1E92AD5E4D342B45611D9F844BED39B36E5225147D3F6BFEC6C6CA88C423ED62781E29EA9A9418500E7419922E51210FA767153619573EEB19609C77212D6A9724295FBF0A1915F33074D5225E9BD0C6105DA28F1B0E5F43EECBE67B18D5FE74FE60CF87800C623B13FD6152CA913F91ABC5113FF0CCFE362C30DF8F369E08DE8D57222DDF659AE2458C7B4225AE583E178328C55A59DCDF -20150523191201 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB470CDA3203 -20150523215157 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4711A72AAB -20150523231527 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47141BE273 -20150523235422 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47153C4A8F -20150524010823 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47174C4663 -20150524013736 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471810100B -20150524040115 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471BEA9823 -20150524051719 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471DEF42C3 -20150524055417 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB471EE81B27 -20150524104925 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4726B43323 -20150524105636 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4726DBBBDF -20150524130121 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472A1294AB -20150524163025 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472FBAE453 -20150524163715 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB472FE1144B -20150524173410 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47315B458F -20150524181655 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473268D4BB -20150524223625 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473917D17B -20150525001303 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473B95BAC3 -20150525011252 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473D16F0B3 -20150525020522 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB473E60DDB7 -20150525061910 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4744D20B9F -20150525092924 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47499CAF77 -20150525124039 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB474E6A2CEB -20150525132602 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB474F854D7B -20150525170642 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4755495933 -20150525201019 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4759D07FB7 -20150525223942 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475D6E1C07 -20150525230547 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475E0B3487 -20150525234905 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475F115D93 -20150526002510 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB475FE94D13 -20150526014857 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4761E82A83 -20150526045853 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB47667CBC4F -20150605090211 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB476DA5F0B7 -20150605145212 2 6 100 7679 5 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB4776229827 -20150605174343 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB477A770453 -20150605182015 2 6 100 7679 2 F829F98FA9F017F2B534A1ADF10BFE7F46E24D09A1EA89D3BB00CC679F6CDF5107A8AAF6F1AC8581E5D52174BA79E05DC2D61FE0B3F10B52520086FF4BE33841858D569DEFF006D6145E062E37CB2A225BAC5207DBC87BBCBE31A12678F8BD3E64FAFD7DA004CA67EED97A92C511BBDB5CAE7D563758EA45BD2280A91209C417093F079E901E48C80702D0B5420C21A571B133299B590EB3ADD67CB1538D85F03C2EBF2A0E1B64C3CCB55CAE257C3939E2A48DDB50B557BFCFFA891EA55D2CE29ADF58D94887170E2EF8EEA14D83117793B2EBEBAA5DAF26F118C53F3F50EF50ACF4BE634C4714F05F198D0A10C91C789C08F9CE84CE238FDFAA6368A1D971450D3A05B279DC0DB0BE57E7B36ED42FC2DE0989CBF4881F59E1C3EB80C8BFA7A9B4493246AB0977F26E368179D4269DF732C935A7901E34042CEBA93FA7B5F2BE7765D1568F83A82D0A556F973DEE714AE348EC6EE73D06E5746D7CA7A2172053350FF03E2B2483F6F5CC20CE2FD44CF81187EE3A28073C4360432BA958FC71C6B4609208610001B762042C20951BB46D484A4D018134E581BAD41EABE16721DB572B76921A6FDA278B4DBCD6E479D89D8F076A3DF39BBF6A81A1529BBDB06A75792E3CC2AE7047533465FB0C4BB6F0B16A2FB13B5812E5AFA8BC06184CB8620700602A9F3D1194EC7F98FF6858CFB26161FA3903301F7F54E8946C688B91631BF8B2452255F7EA8BC66FA9CB2D12BFE8437330956902B5D04469F45AEBEF0CC2F49791EE958B7FC791ACC0BC6A0DAAA8BFB2A5EB49628051F42A0CF1FA0EA33E9EFC8DED03407EA35D1D6E7F09D278793C9E446F99E3A9D6EB93A07FFFA8A16CA1417D776A3DC2D621F3D49A7DED7FC3274228EA72E2BECFBB071B8F1EEC99F04E62DBE9D6F781B3E4078EE28596222A387E87FC7213BB49AFDB79E549B5533877A8FAAD0A86F34AB36B26A48E544F5175EA498E57E6CC8B72924F2DC0B4C4A6364E667B11E49AEF39CE132086650954863BA4BB734A8A13945901802072BF924A6B38BC81E10E3EB74330411F10E259D58C9C4C5F1B4F40E85F11D12D0A5D4F896E24ABBD91E80EBCF0446B189705C133E113699D589068FD67D1993917B9349D380BAAAC594824051275D3AFA8BD3434AAB6C30CC9B6E687AD41A20DBDB890D36571726BCDA2B7051E1BC227480C83F2352A9DF08EBCDEF39936BC26553279246E536F26FFBB65176F4FE67B21658DF22C344A260B4AA8A09F354ECF50B8505F2F6AE4F99F6549CA139B730DC3618E6B5B70966A4276848266CBF23F0FEE469EAF298932EFBBA50E719BFF2259504A6D23938DAD104016FA91EB477B32F0B3 -20150526114135 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95C238093 -20150526114600 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95C32EEF7 -20150526134901 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE95F067BA3 -20150526153127 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE96179B9CB -20150526164245 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE96332D5AF -20150526174513 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9649A719B -20150527035812 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE97262B7F7 -20150527075726 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE977B43343 -20150527112120 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE97C1F6EA7 -20150528010450 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE98E4FBCCB -20150528020450 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE98F884B93 -20150528024708 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE990692277 -20150605205801 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE994DC793F -20150606012116 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE99A681C6B -20150606055158 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A0264EE7 -20150606071549 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A1DB0223 -20150606132241 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9A644DC6B -20150606164856 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9AAAAEE73 -20150606183208 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9ACEEACDB -20150607015742 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9B6ADF38F -20150607022317 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9B733A2AB -20150607051100 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9BAB79D47 -20150607064815 2 6 100 8191 5 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9BCBC8A17 -20150607120629 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C355FA5B -20150607121012 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C3600A83 -20150607123508 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C3DCB093 -20150607144400 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C680E5AB -20150607145646 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9C6BC5BC3 -20150607201140 2 6 100 8191 2 C64DCFC087E26CA2C02394329FAB07FECC446B77A6190D0FFB4326006E0F6D755C35C82228750F80F466E5E6C6FD70A6D4398BBF24C8B4D4B27A38125ADA4D087A7051B2FFCDF675AB1AD9A3A4EE3071B75A8DBEDD879C1B4D396FDF862B2C192B5EB832FA23EAA10DFE795435545882854A0F3BEB476B865E6ED98E43E49950F2FDB00A0E177FAAA3162AE6F513DAFC9A55676C0BC5B87A1C79F98C1A93035F3B39BB24C2C398DA1AADCC16EBB918407579D24ADB3826725E2B4BE73129F28181BD3A1CFCA78712592F8C58E8AF3BA7D7DFFB538AA2476467AC75BFD4C884949C58A0BC8D820E0AE5E0280E083401D239F63649845FEB53444126D137B3A80D4EBF5839263C302FFC3CA5F653B2D93C4AC474D489ADC4E1379BB7FD72950B57EF30FF579917AC9999B4136C030FDCB6121E6F7222227206EBA69DEA5E7DDC7F4718E24E3E4D6D17A81F18E0D376292ED3BB744C66B9ED4BC90F6A04E953B952F794F01372FA88558228C70C97C01D5350EDEE0BEBC99BBD696AE2EFAAB1A0767DCAB15C52821B3243388CE729957668B385A050651F38702C5301A92180A8B84FDF30A74A23E34D9690EEC35A4B644B97DD1558933D7D3DAFF826C942882E223C79EEAE9835F972C273139C396E519D124B6ABBE233548EE1B00B87F7791611DF2E47343368D333C071E231F82914AAE51CEAE790410A6D11D6B82067A9847C945E0BB32310F8370C81636FF68BE65137C3FA912E4C1147F49946C198E1E15E04B8FC7AFFC8465A182E81976C5ED5C2D07F3F6AA25ED27FAC527D6126213BCABC49E102D35AF81E2A694AF0EF83DF6A687E8F3DEEC076BE08A7CD1A3B81C4997136880DB4E7E37B56082F10702F0BB646C7C8A760E297E2A39129BC4A3D0EFB9C3FA2611F5E545F2DC52E013FC49353553F46DEBB59817E18B701689B7A755E609A1B521D72DAE5CBCCE7059E8DA977C97CC87ED8118A2A0011B5ECCCB53785EBDD8986B0A3B36538BBCF4C27DCA06A4B35A9F9920439A35445A0703B34269EB2652999D041912810C06C5742B2AC9B23522D6A2AA3F38A699170B90EAE64509BBD00306C6AFB78AF35EE0D0B504500D5A2AECC0170C2B97620B4796CF538B6D867297F8EC1B08B2F4AFD3534FD9775200BAC298A216AA2553964B7A259D738C84A4035A2BAD35F2AA67CA197D9BB0658ABAB4AF6261C74F18D3D98A5B22C24476FAA8DB9F4FF2621CA01F27C8AB6157F6A1E7F0900CB3F2EEE44D77AAEDC77F24B0E2288340E9A371ACB021407C3E089F61FF0F8469EC9FDFC53892B47CDD0E63748DFE8F814AF7755E6B08491B0CBF8A3A847A922798D28FC72CC9AF8F9299D7B59E1AD1054A98488DB158D471A2D66053FD017238A9B9114393CB4BFD48B8FAABF7E4139E62F533CCCFDD9189E2FFBBB8E488B25B13B17BBEDE9CD3C4A03 +20150520235007 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031E9A9C5F7 +20150520235015 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031E9CBB21F +20150520235039 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EA2E9623 +20150520235043 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EA33E3DF +20150520235057 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EA68038B +20150520235114 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EAAB0717 +20150520235122 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EAC2A7FB +20150520235125 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EAC82DD3 +20150520235154 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EB40583F +20150520235214 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EB94F247 +20150520235218 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EB9DF49F +20150520235239 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EBF7BE27 +20150520235244 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC0B4F4F +20150520235250 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC21070F +20150520235256 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC36541F +20150520235307 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EC5FE22B +20150520235322 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ECA1FB57 +20150520235331 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ECC3C823 +20150520235349 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED035187 +20150520235400 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED2F07DB +20150520235407 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED4620CF +20150520235422 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED86D39F +20150520235424 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED86E683 +20150520235427 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031ED8C3073 +20150520235443 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDCB1F63 +20150520235450 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDE00B77 +20150520235452 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDE42247 +20150520235458 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EDF8F493 +20150520235503 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE04D69F +20150520235508 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE14B92B +20150520235510 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE167933 +20150520235517 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE2DC63B +20150520235527 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE52259F +20150520235539 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EE829247 +20150520235557 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EED044BF +20150520235608 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EEFD34CF +20150520235614 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF0F709F +20150520235616 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF12110B +20150520235622 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF25FE1F +20150520235637 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EF6BF4D3 +20150520235654 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFAF28BF +20150520235701 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFBFB8BB +20150520235704 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFC7A62F +20150520235710 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031EFD79323 +20150520235725 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0158F1F +20150520235728 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F01A9E6B +20150520235743 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F055798B +20150520235752 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0730BC3 +20150520235757 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F08283FF +20150520235825 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0F451E3 +20150520235830 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F0FDEFB7 +20150520235901 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F1828ECF +20150521000008 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F185D7BF +20150521000011 2 6 100 2047 2 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F18C58FB +20150521000014 2 6 100 2047 5 F7360753237CF1837003CDFE89D99C8149BE6C4B4CCD9D09D834FF137878C452FB4FAB5CA51BE6619BC6FEC4184FA9A96D21FDE83505B67262EEA4870FD709F4DD3A2EC36E5746ED80D762467E794FE524992EAC42D2F0F391A63E027F24411B231D25AEFE60C9329CE8FFB61A8A123C74F6755211C8CFD59915CE0DE28579B66CB426D111F90B19A5BD83AB8C2CAB09FB1F09509B029883BD154B82418B4F3A9EE4564E5F344D5B911C10829C1E975817EB2DFF49F34D95277897A7198C9C4921037B8AA091C380663A6D5260F98FA784565DE2D977C50A1079B485F4BE63B4E3D6A63FD8DD59704116A41CB1C7C2AAA449071BFBAFB0F867FCC031F191F757 +20150521000841 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CC7F06BB +20150521001025 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CD1057AB +20150521001131 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CD717D6F +20150521001248 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CDDA85F7 +20150521001453 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CE8959BF +20150521001510 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CE98227B +20150521001623 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CEF967BF +20150521001651 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CF18156B +20150521001758 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CF717197 +20150521001924 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622CFE1507B +20150521002244 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D0F75427 +20150521002509 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D1BD2823 +20150521002808 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D2B4950F +20150521002846 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D2E6D6D7 +20150521003203 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D3F5D0D3 +20150521003322 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D45851E3 +20150521003430 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D4AEE517 +20150521003629 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D5538E0B +20150521003714 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D58BAFCF +20150521003722 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D5916FC7 +20150521003739 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D5A378F7 +20150521004506 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D82B5113 +20150521004613 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D880CB43 +20150521004753 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D909305B +20150521004802 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D90DBDC3 +20150521005025 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D9CBF44F +20150521005051 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622D9E89DA7 +20150521005252 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DA8BA403 +20150521005347 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DAD07F73 +20150521005825 2 6 100 3071 2 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DC5CE5A3 +20150521005858 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DC84A597 +20150521010014 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DCE62957 +20150521010219 2 6 100 3071 5 E0C2D7F7B6E4C69A3B6632FC77BED88CAC663CE39D91DDF017816529795F33B591F80F445BE16F8FB51D11861682154B904AE2282FA0462EB6C508FD7B7AEC551A6C630FE9CC7E17E660377558E4F841CD77AABD81E6A0988823047B3A00C2E50C33035987D6EA42C65FD776051F5D43045848D4385FB37482DC9E5133D1B75E34CC81C2B87C9530F5229FF2154604A286C2E257D3A89CF330AEDBA16288E852277C5D7C6AA947B4510625312DF982A30A4D75679F707EB325CD4DF65C7A58154C6C05E28545DE69673B3EA9CCD41529A7CCEB49A3392D23E9AB083148DD956F8CA9B8CDD76496FF95B5782EE888C40EF1201EB3A52CAE1A635BBF82CD479B38DABD6DEE7A2844F8C614215B04CEBDD41039C2DC2D1CF00AFC78C0363E548FAE1DE8A7B535CC41CED767BE05F300F50C59307061ADE1CAA4614F8FEFAECE8F8C5DB3F425B348A206B0E95703EEA8785768CDB53972422C75B58A7AEA2AD9E2546EA991466E6AFE1FA157D75D3F6616DB715D10CCD6B71C73051FE622DD9517D7 +20150521011229 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F951FEB83 +20150521011834 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F960399B7 +20150521012438 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F96EE7973 +20150521014010 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F99453213 +20150521015607 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9B549727 +20150521015640 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9B600A7B +20150521020946 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9D5299DF +20150521021536 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9E2793D3 +20150521022706 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877F9FE131CB +20150521023922 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA1BAC073 +20150521025234 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA3BC9483 +20150521025424 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA3FB3513 +20150521032445 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA87E0FAB +20150521032932 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA929F00F +20150521032947 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA92B272B +20150521033245 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FA9953D0B +20150521034828 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FABDD4AEF +20150521035044 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAC298C7F +20150521035111 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAC31F17B +20150521035749 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAD250357 +20150521040009 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAD788A73 +20150521040220 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FADC5F173 +20150521040316 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FADDFFC03 +20150521041042 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAEEBDEB3 +20150521041443 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FAF7AD7BB +20150521041831 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB007D653 +20150521041928 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB025C91B +20150521042301 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB0A4C143 +20150521042631 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB12009F7 +20150521042740 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB145360F +20150521043358 2 6 100 4095 2 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB22FAE93 +20150521044013 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB31527AF +20150521044543 2 6 100 4095 5 C8BCE52E2AE7AE1EC20056B2D0764047C92392C9DF75C3A57EB8AF1062A809E6EA975D9910AA5C55833CC47D4DA76E92BF63FEBB289E5FE2ED729429DE9567D0A489FA27B41810066B96602B2E555B34628A37C4CE04984D15C36F1EAD09081D2CB2147D5F0B7E8BCF0774FFCF5F649E0CB797DD23D0801C153B6B8480828CF165C7ED3181F316F371C6EC0B6EF6B8CBE36E5A4E8C070854668AF07FE6C73C3EB817CD0E8C7F264546A1B0402AC0FCEBA5032EBA2323769CC401D262971F4B44FC1151EC4F6E761709FD6ABDC84D9C36046811F54DC86D293D16D235DC712BF7346CDAC005AE5C0DCD96480C9BD0CF7C4BD50026553E27F957B6640BA6A87C6642FF3D97A3E63DA468276E3A22C0C3F2A1CFFB4F190D5E23700BB468EA31FD3EB87B44B51BDABDB0667FCFB618CECFB2BC440A5F2E237E93A6DFF96AB3561AF5EE1BDA21720129FF2123F7038C70B4CADF1BC70B2EF5EBC264E1E3B2A4B3780D4A11507D03A498A556A923B0EFAF90D024341A47818F03D5ADD961086C2573DABF02C4E2F303817D323E1D8D88EFBE3F5E0D6688593C65254907745CA6176C8ED7D6B830875A0BA8FFEEB1882742A4553E4E55A93A7AD4F3224B7BFA03E29C77DB0FCCE0E37E6D3A64C5555ED9555FA1E2C34EC04DA3B6E0AAA7BF64879BC4724859FE806E7DC49A5394AD3D01492F05AE69CF10C67B18BDFF8E877FB3DDFBB7 +20150521004745 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F52665F2B +20150521003352 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F57C7B577 +20150521005557 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F591BBC57 +20150521014228 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5BDF5CE7 +20150521015455 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5C9CFD1F +20150521001701 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5CF6FF9B +20150521002558 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5D7C4FE3 +20150521003319 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5DE41DFB +20150521003721 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F5E1B5FAF +20150521010943 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F600B866F +20150521014141 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F61F01EC3 +20150521010312 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F65EAB753 +20150521002914 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F69FD9357 +20150521011058 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6C6B8513 +20150521013628 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6DE7D9EF +20150521015040 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6EB0C897 +20150521001307 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F6F15473B +20150521012712 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7377044B +20150521005218 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7767DEA3 +20150521003512 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7C5546F7 +20150521005420 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7D68EDC3 +20150521011347 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F7E859CF3 +20150521002429 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F819A93E7 +20150521004826 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F88D91A57 +20150521010541 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F89D29B9F +20150521012418 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8ADC38F7 +20150521015506 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8C91980B +20150521004000 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8E369B97 +20150521005659 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8F2B1BEB +20150521010328 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8F7DD1D3 +20150521011152 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F8FF052BB +20150521001457 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F92940463 +20150521011129 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F95C47DCB +20150521013515 2 6 100 6143 2 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F9710A103 +20150521013841 2 6 100 6143 5 D9F2DC4F4AB3E451AB7781730AE26AE5AB1927A8F93D05C7765C4F23947CBAD218690437DDE587137100CA657CB902597743E8B05CB9B821A48E081C451227F5E42404534A28EE1D0A52FA903FBB15B79139D130420B8C7BD2477CDF0C06CF4C9943DF76A74C3B503B2229A5628E13983B0426A10FD164A720488DE3A1639D004B694ADB5216C21F481519865529CE6E3C9C8B89AC00FBF2B4C1F0B0033AC2A5072A157B5D4346950917B055227557FF1EB5F0873D75E648BEE4B6F88D4B228CB89C7602E34F85BF86DDBD09CA39993C73FF59B0310754F0D24740316F7D8D21D67EC65C8715B7130EBC8E19EB712990BBB30D650ACB0B7864B632ABBC2AEE7221393A5C74B043568043480DB41821A0CE1E6D271456C2FDC243D39868FB0D7BDA3FAD5894F7DCBBC5751B77B3DF99F6E8A5BD7A5B82F594E3E0CA2BBF7DA74312227B323652E6856B597326206CAFF2380C23CF94B8CD3EAA56BE60F8C372887CD37A62FC6F5FD467ED96E7CD9C285E75C2C353E520DFB3F39FE7B8E35FFB485B1B043F52321675EDF4848266997D059810F71D21E9DB3E3AB1BCE3713DB67155F41B7C21939B285AB63DBF1770228E4EE36314310D89200F132E8ECF2968CDA0E57DBBCE589E4DDBAD009994A817032EFA52F0659A319FBD813901BF5847EC2D7979CBA5870F3DA25BE09673952628E1EA70C82EC0BE67B402E48DF85C5983516BBEEAB811D1ECAB02928D4087B826139D073501149D47B3339CDA763840E4492661FFEF96C81C816B862EEE820019CD83C93BF9DFF8EC8C59331780D5D86B164EC12BBE59F4C9E62FD7819A941D10AFE32179B2361A17618FA84864F58C09AECB817E67BC352371BB7D7F8209E4EB9002013A585092D4721B1CB464A8480CC76173989144EF51692E373E9CCEAC9807EF190D6BBDD3BB0D16CA87DC6A54890D6F074ABD83E3CF077F2F592C0745BE15D7D6871552BB6139E5CF70D684C6D1D0C4516733E0639BBEC847313BE3D1D923B6A5FAF43A5341DD8C0779881BEB92736BA4F18BD6CDC1FC922B3809ED244748101A6C7E30DDE0C232FA3F9733A497 +20150521041810 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7BE934407F +20150521070624 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7BEEB1E407 +20150521051555 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7BF50EEEC3 +20150521061258 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C00AF225F +20150521034225 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C058D5963 +20150521035956 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C0616723F +20150521054248 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C12F16C3F +20150521060112 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C1379EA23 +20150521023340 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C165F2773 +20150521043505 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C1A3EC717 +20150521024626 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C202ABED3 +20150521064303 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C27790087 +20150521060604 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C2F9DF583 +20150521062143 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C3003EEAB +20150521044311 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C363D0A77 +20150521053731 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C37D6EFCF +20150521065640 2 6 100 7679 5 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C3A20A2DF +20150521044717 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C3F622E8B +20150521065426 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C430ED7CB +20150521023632 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C445E575B +20150521032945 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C45EEE643 +20150521054538 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C49FB77CB +20150521024620 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C4D86D0FB +20150521042108 2 6 100 7679 2 D67DA234F46097F7EE3B230456E7C895BCA86395DF43D60D9D587C64EA4525FBCAD22442143068578CE8ECC8280B2D81F747B484AA668FFCDBEB067EB824B42E5FA1A40BC08EE8CC4A064298CB31C36340951EC7A006878C79C80068196180DA31E1DEF79A72B2D059203DDE461485D1B9783AF79E981CDAEF88589D8343E5B52D96FE90EA13194AFAF7459B17B80971720357ABD09CFE992966FFC1C239821C910F55D69E44277E5DE9841F4E5B2D25D6A265D321059B762F7D6AC5F0E260DEEB628D32940002B219B354486CC5BBF6390F19899EA5E145A28487029DF0517564A81FA10FA60AFA04CE77794775392829DB636E7F5EE00868D5027A6BA75CA922CEF3CA78683D14AB2E58439789033ACF441236F5E3C7849E3662B5123304F82D0061EA9C18EA1676A736FFD628AE982CCEAB8979568C43FB34207E0DEC7D8A6AA391846C910F77771ECF2D0531A234D3798BC1B1433091A895E23A77792F4BE403D526F1D260A3627F2E80E863A204A774F58D7DE2C5C4A7E463A46BC436F0B7AF07179EC334D31073BF035FD94454ECD54146473F786EA15A1CEBB3B9C0D282195AD612D33B31F5528DAB5231CB17A3DE9AB5C8BD7BF8F773C255845BC9B70A1E53A50E5AEA801FFE604A2B2C1FBE86A2A883632E7AE75ADA007FB6AB1AA529DE3151CAA8D1D07FA19EFF5679398340E720CF2CFC4E1AEDD73C44983CC8E610DD419AE2E88206573837D6E44018D9498B62F9C0B8EA7741450FC7DBFF7C546D3CBCBA5B9123577FD5531880A18F1275F9181A922803D8F03512C58B5FBBC41CE8095EDD920A3E36CEB6EDB56900E6CEC2928288909D61B3B426EBC54F0A69C261A848B358C3A8E332567B9FFC1A7A07E9414BB1F75DE0795CF87632F5D6A87A246FD4E98E70489F779FE99C5BC4DB24BFA860C3551888FC721CDBC6AB5783B02BEF893E0984B6FDB5142A1AFD3277FE8F36B87849BC00B3FB3ADAFE4EDAE4839B83894C27FEF93514D7E3FFB7A30E99C6875D96C582E81D45FB463DC37B8791FC28A759301FC2F9879960C82BC7C427382A41B9AEFAC0051A2C653E55A47B48860CDA32812A192C1508A6C012C7E4BBAB1619B7926549FD8CE27928618F035BE31D56CBC9586D88E00DA69341F6F01554E205344E49E8871CCF80F9FF5CB54479AFA66806DD02FAFEE7D43572B3AA22742635FE65BFC8004960DC679FC7F8C0E5B50B3CE1E446B7A5E189BB9AAFA06FEC472D6E67EA4905373A01A2B662F534131405FBAB9BBAE892F0C265439EA1ABC91B186B5AC1E53A0C786607B1069BC026359955CFD614D7F80DF416A08AB18991A0398A83DF3CF2D65D7C505E524B +20150521041835 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD3703FA7 +20150521051726 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD4CEF96F +20150521074626 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD86439C3 +20150521082439 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CD947F7F3 +20150521012012 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CE0694343 +20150521073153 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CE93D436F +20150521094433 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CEC4EE993 +20150521074128 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354CFA190CE3 +20150521014004 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D0235296F +20150521014736 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D025961EB +20150521065737 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D0961218F +20150521043653 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D163706C7 +20150521085322 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D1BC6858F +20150521093922 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D1CC27FE3 +20150521120407 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D1FE2874F +20150521124157 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D20A8A19B +20150521035417 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D24E0665B +20150521062806 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D2828F7AB +20150521074218 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D29B42017 +20150521114937 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D2F027D3F +20150521073847 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D3905A9FF +20150521024512 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D41DB2FFB +20150521024827 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D41E2852F +20150521042402 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D43D9B0E3 +20150521083756 2 6 100 8191 5 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D491D852F +20150521113241 2 6 100 8191 2 D7182545CB6AFDA1CCF5BB87F606DDD1CD25D4BAF110D7CCCC0BC78929189C09DC69308FBF76A16338AB8351B974081AEFE6F68B9DD0B3F661ED84DAF8736BF328122D00A803AD05DDB334CF5C98B2670F0B2ED0E2FA602CE2F6157A2A8E649A546957CE4F723C84B6AC46D64C5B329304181F2B70F48D15181C38777F4E18BB0344F5DAE703CC3A46B670713A7B99E536D30F92D1E5E683F2C5540105F425E01234968D1A63E0220A02721183E30302F029E4D0E0664E30329B730D99D03E53D67793F31BBA6C4274FB2ACA9181655B766246C598E4CD402737B682232B8534BE43A790ED6C04EF8047E1796048099B65EF415375D87BC7A01CB6086C9E23B667D22F52F5F44D6960601C15515D14F7D6A6BF6D7F6B1D834866ADF9FCFA1CDE00EF04C05591B05D4752471F124406D034BC8E6D71E03880BD3E7A77FD22E7D90B90A491E528EDE2E4B6FCF7C638883A4CDE80AF2C839569A4FB641C7B8948200DB0F51CA9B2613966C51F026A007D0696D14A4E4897556C7BB0E60A407B7B8C57643F278A47CC8089E24D38BAC1350A0E6D19FE540A773B8E90A6312D4B038C643B03ADDC741BDD3012F7714863BB63688E6145D47A6F40D15D6485E5AC278E229EA800FE705FEBEB2183CEF7C55DB952B627D4890B45441B3D4CF03BF0D132A7042C24447518B14956C11703131981CD69D7B6BA2A9F8C62057FE3A4319D17739DE0BBDAC9600E4809CD856E5F41C580863D93C251F0A31BA1CBCCAA499FEB79184E165C436A3B2FA9791C4526B47B0D1F6FE3BDE2730421E5DCA10483D91AA873ABD1236674EBE3A0D134C685CCE9D632280AE11C0D9CF7275517C1F14BCB81F2B23860D86F5028B21DF85868972EDF70A0704B3853EB1B16970834C661BC65693D38368DDB0D6E781DD2F52AE279913304601F5709E1C4B1A12B0FFDA93369001186FE8716027667F4B816E927A9977D3030CE211F4BE8B6F48836EABF4D8457FC5CFE39DF5BE96146D3B8C5BA11C3D75D252B0C190DEA5757049DE6BA89249166D60163ADDD38EAE171B53D44E135973AA05293AA7407693AE5478F480A3BE97BACBD8C7DE6EDF39EFB8BDDF8B0A2169228FD98A863C450129C8BA561A1D0F29C4EC75060A27E028E1321BCF7ADCB34B2C2B037E2C6B705F74002E0C844092025A630CFB2105F04D40135794DDF30C7E19187AE2AB8E6296C9EACFF43279F0ABE6E1150ABC2C3C8A6C4B95A7AA18CFBF953BF7662C16A0FE26D9EE7CF62BA16AA87B06373082E7551F42B8BE57BE19A50B059DC652BA46157FB7CC29AC1BF2834E668443637F87B2B12FD338706D69935D2C6348CF72F568B89B66345BF42209AA6D898F4388A54B4CFFD735EAF987CD6B738B401A14FACDAC97F63529118ED56DFB7DAC4967FFA252D185DBC29652E3F62A45D6BF990FB354D4CAD7D8B diff --git a/moduli.0 b/moduli.0 deleted file mode 100644 index 087e596..0000000 --- a/moduli.0 +++ /dev/null @@ -1,74 +0,0 @@ -MODULI(5) File Formats Manual MODULI(5) - -NAME - moduli M-bM-^@M-^S Diffie-Hellman moduli - -DESCRIPTION - The /etc/moduli file contains prime numbers and generators for use by - sshd(8) in the Diffie-Hellman Group Exchange key exchange method. - - New moduli may be generated with ssh-keygen(1) using a two-step process. - An initial candidate generation pass, using ssh-keygen -G, calculates - numbers that are likely to be useful. A second primality testing pass, - using ssh-keygen -T, provides a high degree of assurance that the numbers - are prime and are safe for use in Diffie-Hellman operations by sshd(8). - This moduli format is used as the output from each pass. - - The file consists of newline-separated records, one per modulus, - containing seven space-separated fields. These fields are as follows: - - timestamp The time that the modulus was last processed as - YYYYMMDDHHMMSS. - - type Decimal number specifying the internal structure of - the prime modulus. Supported types are: - - 0 Unknown, not tested. - 2 "Safe" prime; (p-1)/2 is also prime. - 4 Sophie Germain; 2p+1 is also prime. - - Moduli candidates initially produced by ssh-keygen(1) - are Sophie Germain primes (type 4). Further primality - testing with ssh-keygen(1) produces safe prime moduli - (type 2) that are ready for use in sshd(8). Other - types are not used by OpenSSH. - - tests Decimal number indicating the type of primality tests - that the number has been subjected to represented as a - bitmask of the following values: - - 0x00 Not tested. - 0x01 Composite number M-bM-^@M-^S not prime. - 0x02 Sieve of Eratosthenes. - 0x04 Probabilistic Miller-Rabin primality tests. - - The ssh-keygen(1) moduli candidate generation uses the - Sieve of Eratosthenes (flag 0x02). Subsequent - ssh-keygen(1) primality tests are Miller-Rabin tests - (flag 0x04). - - trials Decimal number indicating the number of primality - trials that have been performed on the modulus. - - size Decimal number indicating the size of the prime in - bits. - - generator The recommended generator for use with this modulus - (hexadecimal). - - modulus The modulus itself in hexadecimal. - - When performing Diffie-Hellman Group Exchange, sshd(8) first estimates - the size of the modulus required to produce enough Diffie-Hellman output - to sufficiently key the selected symmetric cipher. sshd(8) then randomly - selects a modulus from /etc/moduli that best meets the size requirement. - -SEE ALSO - ssh-keygen(1), sshd(8) - -STANDARDS - M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for - the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, - 2006. - -OpenBSD 5.8 September 26, 2012 OpenBSD 5.8 diff --git a/monitor.c b/monitor.c index 95d96f7..e50b0fc 100644 --- a/monitor.c +++ b/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.150 2015/06/22 23:42:16 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.161 2016/07/22 03:39:13 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -27,15 +27,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include #include "openbsd-compat/sys-tree.h" @@ -43,6 +34,7 @@ #include #include +#include #ifdef HAVE_PATHS_H #include #endif @@ -83,6 +75,7 @@ #include "cipher.h" #include "kex.h" #include "dh.h" +#include "auth-pam.h" #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ #undef TARGET_OS_MAC #include "zlib.h" @@ -111,7 +104,6 @@ #include "monitor_fdpass.h" #include "compat.h" #include "ssh2.h" -#include "roaming.h" #include "authfd.h" #include "match.h" #include "ssherr.h" @@ -500,15 +492,10 @@ monitor_sync(struct monitor *pmonitor) static void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { - size_t len = (size_t) size * ncount; - void *address; - - if (len == 0 || ncount > SIZE_MAX / size) + if (size == 0 || ncount == 0 || ncount > SIZE_MAX / size) fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); - address = mm_malloc(mm, len); - - return (address); + return mm_malloc(mm, size * ncount); } static void @@ -664,11 +651,8 @@ monitor_reset_key_state(void) int mm_answer_moduli(int sock, Buffer *m) { - struct sshdh *dh; + DH *dh; int min, want, max; - struct sshbn * dh_p = NULL; - struct sshbn * dh_g = NULL; - int ret = 0; min = buffer_get_int(m); want = buffer_get_int(m); @@ -684,25 +668,18 @@ mm_answer_moduli(int sock, Buffer *m) buffer_clear(m); dh = choose_dh(min, want, max); - - if (dh == NULL) { buffer_put_char(m, 0); return (0); } else { - if ((dh_p = sshdh_p(dh)) != NULL && - (dh_g = sshdh_g(dh)) != NULL) { + /* Send first bignum */ + buffer_put_char(m, 1); + buffer_put_bignum2(m, dh->p); + buffer_put_bignum2(m, dh->g); - /* Send first bignum */ - buffer_put_char(m, 1); - sshbuf_put_bignum2_wrap(m, dh_p); - sshbuf_put_bignum2_wrap(m, dh_g); - mm_request_send(sock, MONITOR_ANS_MODULI, m); - } - sshdh_free(dh); - sshbn_free(dh_p); - sshbn_free(dh_g); + DH_free(dh); } + mm_request_send(sock, MONITOR_ANS_MODULI, m); return (0); } #endif @@ -713,18 +690,22 @@ mm_answer_sign(int sock, Buffer *m) struct ssh *ssh = active_state; /* XXX */ extern int auth_sock; /* XXX move to state struct? */ struct sshkey *key; - struct sshbuf *sigbuf; - u_char *p; - u_char *signature; - size_t datlen, siglen; - int r, keyid, is_proof = 0; + struct sshbuf *sigbuf = NULL; + u_char *p = NULL, *signature = NULL; + char *alg = NULL; + size_t datlen, siglen, alglen; + int r, is_proof = 0; + u_int keyid; const char proof_req[] = "hostkeys-prove-00@openssh.com"; debug3("%s", __func__); if ((r = sshbuf_get_u32(m, &keyid)) != 0 || - (r = sshbuf_get_string(m, &p, &datlen)) != 0) + (r = sshbuf_get_string(m, &p, &datlen)) != 0 || + (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (keyid > INT_MAX) + fatal("%s: invalid key ID", __func__); /* * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes), @@ -750,7 +731,7 @@ mm_answer_sign(int sock, Buffer *m) fatal("%s: sshbuf_new", __func__); if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 || (r = sshbuf_put_string(sigbuf, session_id2, - session_id2_len) != 0) || + session_id2_len)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0) fatal("%s: couldn't prepare private key " "proof buffer: %s", __func__, ssh_err(r)); @@ -770,14 +751,14 @@ mm_answer_sign(int sock, Buffer *m) } if ((key = get_hostkey_by_index(keyid)) != NULL) { - if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, + if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg, datafellows)) != 0) fatal("%s: sshkey_sign failed: %s", __func__, ssh_err(r)); } else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL && auth_sock > 0) { if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen, - p, datlen, datafellows)) != 0) { + p, datlen, alg, datafellows)) != 0) { fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r)); } @@ -791,6 +772,7 @@ mm_answer_sign(int sock, Buffer *m) if ((r = sshbuf_put_string(m, signature, siglen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + free(alg); free(p); free(signature); @@ -943,6 +925,9 @@ mm_answer_authpassword(int sock, Buffer *m) buffer_clear(m); buffer_put_int(m, authenticated); +#ifdef USE_PAM + buffer_put_int(m, sshpam_get_maxtries_reached()); +#endif debug3("%s: sending result %d", __func__, authenticated); mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m); @@ -994,7 +979,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) char *response; int authok; - if (authctxt->as == 0) + if (authctxt->as == NULL) fatal("%s: no bsd auth session", __func__); response = buffer_get_string(m, NULL); @@ -1063,7 +1048,8 @@ mm_answer_skeyrespond(int sock, Buffer *m) debug3("%s: sending authenticated: %d", __func__, authok); mm_request_send(sock, MONITOR_ANS_SKEYRESPOND, m); - auth_method = "skey"; + auth_method = "keyboard-interactive"; + auth_submethod = "skey"; return (authok != 0); } @@ -1141,6 +1127,7 @@ mm_answer_pam_query(int sock, Buffer *m) free(name); buffer_put_cstring(m, info); free(info); + buffer_put_int(m, sshpam_get_maxtries_reached()); buffer_put_int(m, num); for (i = 0; i < num; ++i) { buffer_put_cstring(m, prompts[i]); @@ -1275,6 +1262,10 @@ mm_answer_keyallowed(int sock, Buffer *m) break; } } + + debug3("%s: key %p is %s", + __func__, key, allowed ? "allowed" : "not allowed"); + if (key != NULL) key_free(key); @@ -1296,9 +1287,6 @@ mm_answer_keyallowed(int sock, Buffer *m) free(chost); } - debug3("%s: key %p is %s", - __func__, key, allowed ? "allowed" : "not allowed"); - buffer_clear(m); buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL); @@ -1315,7 +1303,8 @@ static int monitor_valid_userblob(u_char *data, u_int datalen) { Buffer b; - char *p, *userstyle; + u_char *p; + char *userstyle, *cp; u_int len; int fail = 0; @@ -1340,26 +1329,26 @@ monitor_valid_userblob(u_char *data, u_int datalen) } if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) fail++; - p = buffer_get_cstring(&b, NULL); + cp = buffer_get_cstring(&b, NULL); xasprintf(&userstyle, "%s%s%s", authctxt->user, authctxt->style ? ":" : "", authctxt->style ? authctxt->style : ""); - if (strcmp(userstyle, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - userstyle, p); + if (strcmp(userstyle, cp) != 0) { + logit("wrong user name passed to monitor: " + "expected %s != %.100s", userstyle, cp); fail++; } free(userstyle); - free(p); + free(cp); buffer_skip_string(&b); if (datafellows & SSH_BUG_PKAUTH) { if (!buffer_get_char(&b)) fail++; } else { - p = buffer_get_cstring(&b, NULL); - if (strcmp("publickey", p) != 0) + cp = buffer_get_cstring(&b, NULL); + if (strcmp("publickey", cp) != 0) fail++; - free(p); + free(cp); if (!buffer_get_char(&b)) fail++; buffer_skip_string(&b); @@ -1472,7 +1461,7 @@ mm_answer_keyverify(int sock, Buffer *m) __func__, key, (verified == 1) ? "verified" : "unverified"); /* If auth was successful then record key to ensure it isn't reused */ - if (verified == 1) + if (verified == 1 && key_blobtype == MM_USERKEY) auth2_record_userkey(authctxt, key); else key_free(key); @@ -1495,6 +1484,7 @@ mm_answer_keyverify(int sock, Buffer *m) static void mm_record_login(Session *s, struct passwd *pw) { + struct ssh *ssh = active_state; /* XXX */ socklen_t fromlen; struct sockaddr_storage from; @@ -1516,7 +1506,7 @@ mm_record_login(Session *s, struct passwd *pw) } /* Record that there was a login on that tty from the remote host. */ record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, - get_remote_name_or_ip(utmp_len, options.use_dns), + session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen); } @@ -1879,11 +1869,14 @@ monitor_apply_keystate(struct monitor *pmonitor) sshbuf_free(child_state); child_state = NULL; - if ((kex = ssh->kex) != 0) { + if ((kex = ssh->kex) != NULL) { /* XXX set callbacks */ #ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 2ddd807..d766edc 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.c,v 1.20 2015/02/25 23:05:47 djm Exp $ */ +/* $OpenBSD: monitor_fdpass.c,v 1.21 2016/02/29 20:22:36 jca Exp $ */ /* * Copyright 2001 Niels Provos * All rights reserved. @@ -99,8 +99,7 @@ mm_send_fd(int sock, int fd) } if (n != 1) { - error("%s: sendmsg: expected sent 1 got %ld", - __func__, (long)n); + error("%s: sendmsg: expected sent 1 got %zd", __func__, n); return -1; } return 0; @@ -155,8 +154,7 @@ mm_receive_fd(int sock) } if (n != 1) { - error("%s: recvmsg: expected received 1 got %ld", - __func__, (long)n); + error("%s: recvmsg: expected received 1 got %zd", __func__, n); return -1; } diff --git a/monitor_wrap.c b/monitor_wrap.c index 2a56fc5..55752aa 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.85 2015/05/01 03:23:51 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.88 2016/03/07 19:02:43 djm Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -27,15 +27,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include #include @@ -69,6 +60,7 @@ #include "packet.h" #include "mac.h" #include "log.h" +#include "auth-pam.h" #ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ #undef TARGET_OS_MAC #include "zlib.h" @@ -91,10 +83,8 @@ #include "channels.h" #include "session.h" #include "servconf.h" -#include "roaming.h" #include "ssherr.h" -#include "crypto-wrap.h" /* Imports */ extern int compat20; @@ -117,17 +107,17 @@ mm_log_handler(LogLevel level, const char *msg, void *ctx) buffer_init(&log_msg); /* - * Placeholder for packet length. Will be filled in with the actual - * packet length once the packet has been constucted. This saves - * fragile math. - */ + * Placeholder for packet length. Will be filled in with the actual + * packet length once the packet has been constucted. This saves + * fragile math. + */ buffer_put_int(&log_msg, 0); buffer_put_int(&log_msg, level); buffer_put_cstring(&log_msg, msg); put_u32(buffer_ptr(&log_msg), buffer_len(&log_msg) - 4); if (atomicio(vwrite, mon->m_log_sendfd, buffer_ptr(&log_msg), - buffer_len(&log_msg)) != buffer_len(&log_msg)) + buffer_len(&log_msg)) != buffer_len(&log_msg)) fatal("%s: write: %s", __func__, strerror(errno)); buffer_free(&log_msg); } @@ -136,9 +126,9 @@ int mm_is_monitor(void) { /* - * m_pid is only set in the privileged part, and - * points to the unprivileged child. - */ + * m_pid is only set in the privileged part, and + * points to the unprivileged child. + */ return (pmonitor && pmonitor->m_pid > 0); } @@ -151,7 +141,7 @@ mm_request_send(int sock, enum monitor_reqtype type, Buffer *m) debug3("%s entering: type %d", __func__, type); put_u32(buf, mlen + 1); - buf[4] = (u_char)type; /* 1st byte of payload is mesg-type */ + buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) fatal("%s: write: %s", __func__, strerror(errno)); if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen) @@ -191,15 +181,15 @@ mm_request_receive_expect(int sock, enum monitor_reqtype type, Buffer *m) rtype = buffer_get_char(m); if (rtype != type) fatal("%s: read: rtype %d != type %d", __func__, - rtype, type); + rtype, type); } #ifdef WITH_OPENSSL -struct sshdh * - mm_choose_dh(int min, int nbits, int max) +DH * +mm_choose_dh(int min, int nbits, int max) { - struct sshbn *p, *g; - int r, success = 0; + BIGNUM *p, *g; + int success = 0; Buffer m; buffer_init(&m); @@ -216,22 +206,23 @@ struct sshdh * if (success == 0) fatal("%s: MONITOR_ANS_MODULI failed", __func__); - if ((p = sshbn_new()) == NULL || (g = sshbn_new()) == NULL) + if ((p = BN_new()) == NULL) fatal("%s: BN_new failed", __func__); - if ((r = sshbuf_get_bignum2_wrap(&m, p)) != 0 || - (r = sshbuf_get_bignum2_wrap(&m, g)) != 0) - fatal("%s: sshbuf_get_bignum2_wrap: %s", __func__, ssh_err(r)); + if ((g = BN_new()) == NULL) + fatal("%s: BN_new failed", __func__); + buffer_get_bignum2(&m, p); + buffer_get_bignum2(&m, g); debug3("%s: remaining %d", __func__, buffer_len(&m)); buffer_free(&m); - return (sshdh_new_group(g, p)); + return (dh_new_group(g, p)); } #endif int mm_key_sign(Key *key, u_char **sigp, u_int *lenp, - const u_char *data, u_int datalen) + const u_char *data, u_int datalen, const char *hostkey_alg) { struct kex *kex = *pmonitor->m_pkex; Buffer m; @@ -241,19 +232,20 @@ mm_key_sign(Key *key, u_char **sigp, u_int *lenp, buffer_init(&m); buffer_put_int(&m, kex->host_key_index(key, 0, active_state)); buffer_put_string(&m, data, datalen); + buffer_put_cstring(&m, hostkey_alg); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, &m); debug3("%s: waiting for MONITOR_ANS_SIGN", __func__); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, &m); - *sigp = buffer_get_string(&m, lenp); + *sigp = buffer_get_string(&m, lenp); buffer_free(&m); return (0); } struct passwd * - mm_getpwnamallow(const char *username) +mm_getpwnamallow(const char *username) { Buffer m; struct passwd *pw; @@ -279,8 +271,12 @@ struct passwd * fatal("%s: struct passwd size mismatch", __func__); pw->pw_name = buffer_get_string(&m, NULL); pw->pw_passwd = buffer_get_string(&m, NULL); +#ifdef HAVE_STRUCT_PASSWD_PW_GECOS pw->pw_gecos = buffer_get_string(&m, NULL); -// pw->pw_class = buffer_get_string(&m, NULL); +#endif +#ifdef HAVE_STRUCT_PASSWD_PW_CLASS + pw->pw_class = buffer_get_string(&m, NULL); +#endif pw->pw_dir = buffer_get_string(&m, NULL); pw->pw_shell = buffer_get_string(&m, NULL); @@ -324,7 +320,7 @@ mm_auth2_read_banner(void) buffer_clear(&m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_AUTH2_READ_BANNER, &m); + MONITOR_ANS_AUTH2_READ_BANNER, &m); banner = buffer_get_string(&m, NULL); buffer_free(&m); @@ -371,11 +367,14 @@ mm_auth_password(Authctxt *authctxt, char *password) mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTHPASSWORD, &m); authenticated = buffer_get_int(&m); +#ifdef USE_PAM + sshpam_set_maxtries_reached(buffer_get_int(&m)); +#endif buffer_free(&m); debug3("%s: user %sauthenticated", - __func__, authenticated ? "" : "not "); + __func__, authenticated ? "" : "not "); return (authenticated); } @@ -383,19 +382,19 @@ int mm_user_key_allowed(struct passwd *pw, Key *key, int pubkey_auth_attempt) { return (mm_key_allowed(MM_USERKEY, NULL, NULL, key, - pubkey_auth_attempt)); + pubkey_auth_attempt)); } int -mm_hostbased_key_allowed(struct passwd *pw, char *user, char *host, - Key *key) +mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host, + Key *key) { return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0)); } int -mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, - char *host, Key *key) +mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, const char *user, + const char *host, Key *key) { int ret; @@ -406,8 +405,8 @@ mm_auth_rhosts_rsa_key_allowed(struct passwd *pw, char *user, } int -mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key, - int pubkey_auth_attempt) +mm_key_allowed(enum mm_keytype type, const char *user, const char *host, + Key *key, int pubkey_auth_attempt) { Buffer m; u_char *blob; @@ -446,10 +445,10 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key, } /* -* This key verify needs to send the key type along, because the -* privileged parent makes the decision if the key is allowed -* for authentication. -*/ + * This key verify needs to send the key type along, because the + * privileged parent makes the decision if the key is allowed + * for authentication. + */ int mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) @@ -494,7 +493,7 @@ mm_send_keystate(struct monitor *monitor) fatal("%s: sshbuf_new failed", __func__); if ((r = ssh_packet_get_state(ssh, m)) != 0) fatal("%s: get_state failed: %s", - __func__, ssh_err(r)); + __func__, ssh_err(r)); mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m); debug3("%s: Finished sending state", __func__); sshbuf_free(m); @@ -509,7 +508,7 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) /* Kludge: ensure there are fds free to receive the pty/tty */ if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || - (tmp2 = dup(pmonitor->m_recvfd)) == -1) { + (tmp2 = dup(pmonitor->m_recvfd)) == -1) { error("%s: cannot allocate fds for pty", __func__); if (tmp1 > 0) close(tmp1); @@ -543,7 +542,7 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) free(msg); if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || - (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) + (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) fatal("%s: receive fds failed", __func__); /* Success */ @@ -565,12 +564,144 @@ mm_session_pty_cleanup2(Session *s) /* closed dup'ed master */ if (s->ptymaster != -1 && close(s->ptymaster) < 0) error("close(s->ptymaster/%d): %s", - s->ptymaster, strerror(errno)); + s->ptymaster, strerror(errno)); /* unlink pty from session */ s->ttyfd = -1; } +#ifdef USE_PAM +void +mm_start_pam(Authctxt *authctxt) +{ + Buffer m; + + debug3("%s entering", __func__); + if (!options.use_pam) + fatal("UsePAM=no, but ended up in %s anyway", __func__); + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); + + buffer_free(&m); +} + +u_int +mm_do_pam_account(void) +{ + Buffer m; + u_int ret; + char *msg; + + debug3("%s entering", __func__); + if (!options.use_pam) + fatal("UsePAM=no, but ended up in %s anyway", __func__); + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); + + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_PAM_ACCOUNT, &m); + ret = buffer_get_int(&m); + msg = buffer_get_string(&m, NULL); + buffer_append(&loginmsg, msg, strlen(msg)); + free(msg); + + buffer_free(&m); + + debug3("%s returning %d", __func__, ret); + + return (ret); +} + +void * +mm_sshpam_init_ctx(Authctxt *authctxt) +{ + Buffer m; + int success; + + debug3("%s", __func__); + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m); + debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m); + success = buffer_get_int(&m); + if (success == 0) { + debug3("%s: pam_init_ctx failed", __func__); + buffer_free(&m); + return (NULL); + } + buffer_free(&m); + return (authctxt); +} + +int +mm_sshpam_query(void *ctx, char **name, char **info, + u_int *num, char ***prompts, u_int **echo_on) +{ + Buffer m; + u_int i; + int ret; + + debug3("%s", __func__); + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m); + debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m); + ret = buffer_get_int(&m); + debug3("%s: pam_query returned %d", __func__, ret); + *name = buffer_get_string(&m, NULL); + *info = buffer_get_string(&m, NULL); + sshpam_set_maxtries_reached(buffer_get_int(&m)); + *num = buffer_get_int(&m); + if (*num > PAM_MAX_NUM_MSG) + fatal("%s: recieved %u PAM messages, expected <= %u", + __func__, *num, PAM_MAX_NUM_MSG); + *prompts = xcalloc((*num + 1), sizeof(char *)); + *echo_on = xcalloc((*num + 1), sizeof(u_int)); + for (i = 0; i < *num; ++i) { + (*prompts)[i] = buffer_get_string(&m, NULL); + (*echo_on)[i] = buffer_get_int(&m); + } + buffer_free(&m); + return (ret); +} + +int +mm_sshpam_respond(void *ctx, u_int num, char **resp) +{ + Buffer m; + u_int i; + int ret; + + debug3("%s", __func__); + buffer_init(&m); + buffer_put_int(&m, num); + for (i = 0; i < num; ++i) + buffer_put_cstring(&m, resp[i]); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m); + debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m); + ret = buffer_get_int(&m); + debug3("%s: pam_respond returned %d", __func__, ret); + buffer_free(&m); + return (ret); +} + +void +mm_sshpam_free_ctx(void *ctxtp) +{ + Buffer m; + + debug3("%s", __func__); + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m); + debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m); + buffer_free(&m); +} +#endif /* USE_PAM */ + /* Request process termination */ void @@ -607,7 +738,7 @@ mm_ssh1_session_key(BIGNUM *num) static void mm_chall_setup(char **name, char **infotxt, u_int *numprompts, - char ***prompts, u_int **echo_on) + char ***prompts, u_int **echo_on) { *name = xstrdup(""); *infotxt = xstrdup(""); @@ -619,7 +750,7 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, int mm_bsdauth_query(void *ctx, char **name, char **infotxt, - u_int *numprompts, char ***prompts, u_int **echo_on) + u_int *numprompts, char ***prompts, u_int **echo_on) { Buffer m; u_int success; @@ -631,7 +762,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, &m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY, - &m); + &m); success = buffer_get_int(&m); if (success == 0) { debug3("%s: no challenge", __func__); @@ -640,7 +771,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt, } /* Get the challenge, and format the response */ - challenge = buffer_get_string(&m, NULL); + challenge = buffer_get_string(&m, NULL); buffer_free(&m); mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); @@ -666,7 +797,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, &m); mm_request_receive_expect(pmonitor->m_recvfd, - MONITOR_ANS_BSDAUTHRESPOND, &m); + MONITOR_ANS_BSDAUTHRESPOND, &m); authok = buffer_get_int(&m); buffer_free(&m); @@ -674,6 +805,66 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) return ((authok == 0) ? -1 : 0); } +#ifdef SKEY +int +mm_skey_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + u_int success; + char *challenge; + + debug3("%s: entering", __func__); + + buffer_init(&m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYQUERY, &m); + + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY, + &m); + success = buffer_get_int(&m); + if (success == 0) { + debug3("%s: no challenge", __func__); + buffer_free(&m); + return (-1); + } + + /* Get the challenge, and format the response */ + challenge = buffer_get_string(&m, NULL); + buffer_free(&m); + + debug3("%s: received challenge: %s", __func__, challenge); + + mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); + + xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); + free(challenge); + + return (0); +} + +int +mm_skey_respond(void *ctx, u_int numresponses, char **responses) +{ + Buffer m; + int authok; + + debug3("%s: entering", __func__); + if (numresponses != 1) + return (-1); + + buffer_init(&m); + buffer_put_cstring(&m, responses[0]); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SKEYRESPOND, &m); + + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_SKEYRESPOND, &m); + + authok = buffer_get_int(&m); + buffer_free(&m); + + return ((authok == 0) ? -1 : 0); +} +#endif /* SKEY */ void mm_ssh1_session_id(u_char session_id[16]) @@ -789,6 +980,36 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) } #endif +#ifdef SSH_AUDIT_EVENTS +void +mm_audit_event(ssh_audit_event_t event) +{ + Buffer m; + + debug3("%s entering", __func__); + + buffer_init(&m); + buffer_put_int(&m, event); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); + buffer_free(&m); +} + +void +mm_audit_run_command(const char *command) +{ + Buffer m; + + debug3("%s entering command %s", __func__, command); + + buffer_init(&m); + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); + buffer_free(&m); +} +#endif /* SSH_AUDIT_EVENTS */ + #ifdef GSSAPI OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) @@ -813,7 +1034,7 @@ mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid) OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, - gss_buffer_desc *out, OM_uint32 *flags) + gss_buffer_desc *out, OM_uint32 *flags) { Buffer m; OM_uint32 major; @@ -848,7 +1069,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, - &m); + &m); major = buffer_get_int(&m); buffer_free(&m); @@ -865,12 +1086,12 @@ mm_ssh_gssapi_userok(char *user) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m); mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK, - &m); + &m); authenticated = buffer_get_int(&m); buffer_free(&m); - debug3("%s: user %sauthenticated", __func__, authenticated ? "" : "not "); + debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); return (authenticated); } #endif /* GSSAPI */ diff --git a/monitor_wrap.h b/monitor_wrap.h index 95741f7..9fd02b3 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.27 2015/05/01 03:23:51 djm Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.30 2016/03/07 19:02:43 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -39,16 +39,18 @@ struct Authctxt; void mm_log_handler(LogLevel, const char *, void *); int mm_is_monitor(void); -struct sshdh *mm_choose_dh(int, int, int); -int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int); +DH *mm_choose_dh(int, int, int); +int mm_key_sign(Key *, u_char **, u_int *, const u_char *, u_int, const char *); void mm_inform_authserv(char *, char *); struct passwd *mm_getpwnamallow(const char *); char *mm_auth2_read_banner(void); int mm_auth_password(struct Authctxt *, char *); -int mm_key_allowed(enum mm_keytype, char *, char *, Key *, int); +int mm_key_allowed(enum mm_keytype, const char *, const char *, Key *, int); int mm_user_key_allowed(struct passwd *, Key *, int); -int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); -int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); +int mm_hostbased_key_allowed(struct passwd *, const char *, + const char *, Key *); +int mm_auth_rhosts_rsa_key_allowed(struct passwd *, const char *, + const char *, Key *); int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); diff --git a/mux.c b/mux.c index 9da630d..b83faa6 100644 --- a/mux.c +++ b/mux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.60 2016/06/03 03:14:41 dtucker Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller * @@ -88,8 +88,6 @@ extern char *host; extern int subsystem_flag; extern Buffer command; extern volatile sig_atomic_t quit_pending; -extern char *stdio_forward_host; -extern int stdio_forward_port; /* Context for session open confirmation callback */ struct mux_session_confirm_ctx { @@ -1321,7 +1319,7 @@ muxserver_listen(void) /* Now atomically "move" the mux socket into position */ if (link(options.control_path, orig_control_path) != 0) { if (errno != EEXIST) { - fatal("%s: link mux listener %s => %s: %s", __func__, + fatal("%s: link mux listener %s => %s: %s", __func__, options.control_path, orig_control_path, strerror(errno)); } @@ -1379,16 +1377,18 @@ mux_session_confirm(int id, int success, void *arg) char *proto, *data; /* Get reasonable local authentication information. */ - client_x11_get_proto(display, options.xauth_location, + if (client_x11_get_proto(display, options.xauth_location, options.forward_x11_trusted, options.forward_x11_timeout, - &proto, &data); - /* Request forwarding with authentication spoofing. */ - debug("Requesting X11 forwarding with authentication " - "spoofing."); - x11_request_forwarding_with_spoofing(id, display, proto, - data, 1); - client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN); - /* XXX exit_on_forward_failure */ + &proto, &data) == 0) { + /* Request forwarding with authentication spoofing. */ + debug("Requesting X11 forwarding with authentication " + "spoofing."); + x11_request_forwarding_with_spoofing(id, display, proto, + data, 1); + /* XXX exit_on_forward_failure */ + client_expect_confirm(id, "X11 forwarding", + CONFIRM_WARN); + } } if (cctx->want_agent_fwd && options.forward_agent) { @@ -1771,7 +1771,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd) fwd->connect_host ? fwd->connect_host : "", fwd->connect_port); if (muxclient_command == SSHMUX_COMMAND_FORWARD) - fprintf(stdout, "%u\n", fwd->allocated_port); + fprintf(stdout, "%i\n", fwd->allocated_port); break; case MUX_S_PERMISSION_DENIED: e = buffer_get_string(&m, NULL); @@ -1919,6 +1919,10 @@ mux_client_request_session(int fd) } muxclient_request_id++; + if (pledge("stdio proc tty", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + platform_pledge_mux(); + signal(SIGHUP, control_client_sighandler); signal(SIGINT, control_client_sighandler); signal(SIGTERM, control_client_sighandler); @@ -2015,8 +2019,8 @@ mux_client_request_stdio_fwd(int fd) buffer_put_int(&m, MUX_C_NEW_STDIO_FWD); buffer_put_int(&m, muxclient_request_id); buffer_put_cstring(&m, ""); /* reserved */ - buffer_put_cstring(&m, stdio_forward_host); - buffer_put_int(&m, stdio_forward_port); + buffer_put_cstring(&m, options.stdio_forward_host); + buffer_put_int(&m, options.stdio_forward_port); if (mux_client_write_packet(fd, &m) != 0) fatal("%s: write packet: %s", __func__, strerror(errno)); @@ -2026,6 +2030,10 @@ mux_client_request_stdio_fwd(int fd) mm_send_fd(fd, STDOUT_FILENO) == -1) fatal("%s: send fds failed", __func__); + if (pledge("stdio proc tty", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + platform_pledge_mux(); + debug3("%s: stdio forward request sent", __func__); /* Read their reply */ @@ -2136,7 +2144,7 @@ muxclient(const char *path) u_int pid; if (muxclient_command == 0) { - if (stdio_forward_host != NULL) + if (options.stdio_forward_host != NULL) muxclient_command = SSHMUX_COMMAND_STDIO_FWD; else muxclient_command = SSHMUX_COMMAND_OPEN; @@ -2199,7 +2207,7 @@ muxclient(const char *path) case SSHMUX_COMMAND_ALIVE_CHECK: if ((pid = mux_client_request_alive(sock)) == 0) fatal("%s: master alive check failed", __func__); - fprintf(stderr, "Master running (pid=%d)\r\n", pid); + fprintf(stderr, "Master running (pid=%u)\r\n", pid); exit(0); case SSHMUX_COMMAND_TERMINATE: mux_client_request_terminate(sock); diff --git a/myproposal.h b/myproposal.h index 46e5b98..5970901 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.50 2016/02/09 05:30:04 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -67,13 +67,18 @@ #endif #ifdef HAVE_EVP_SHA256 -# define KEX_SHA256_METHODS \ - "diffie-hellman-group-exchange-sha256," +# define KEX_SHA2_METHODS \ + "diffie-hellman-group-exchange-sha256," \ + "diffie-hellman-group16-sha512," \ + "diffie-hellman-group18-sha512," +# define KEX_SHA2_GROUP14 \ + "diffie-hellman-group14-sha256," #define SHA2_HMAC_MODES \ "hmac-sha2-256," \ "hmac-sha2-512," #else -# define KEX_SHA256_METHODS +# define KEX_SHA2_METHODS +# define KEX_SHA2_GROUP14 # define SHA2_HMAC_MODES #endif @@ -86,13 +91,15 @@ #define KEX_COMMON_KEX \ KEX_CURVE25519_METHODS \ KEX_ECDH_METHODS \ - KEX_SHA256_METHODS + KEX_SHA2_METHODS #define KEX_SERVER_KEX KEX_COMMON_KEX \ + KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" \ #define KEX_CLIENT_KEX KEX_COMMON_KEX \ "diffie-hellman-group-exchange-sha1," \ + KEX_SHA2_GROUP14 \ "diffie-hellman-group14-sha1" #define KEX_DEFAULT_PK_ALG \ @@ -101,7 +108,9 @@ "ssh-rsa-cert-v01@openssh.com," \ HOSTKEY_ECDSA_METHODS \ "ssh-ed25519," \ - "ssh-rsa" \ + "rsa-sha2-512," \ + "rsa-sha2-256," \ + "ssh-rsa" /* the actual algorithms */ @@ -111,9 +120,7 @@ AESGCM_CIPHER_MODES #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ - "arcfour256,arcfour128," \ - "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ - "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" + "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc" #define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ @@ -127,18 +134,9 @@ "hmac-sha2-512," \ "hmac-sha1" -#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ - "hmac-md5-etm@openssh.com," \ - "hmac-ripemd160-etm@openssh.com," \ - "hmac-sha1-96-etm@openssh.com," \ - "hmac-md5-96-etm@openssh.com," \ - "hmac-md5," \ - "hmac-ripemd160," \ - "hmac-ripemd160@openssh.com," \ - "hmac-sha1-96," \ - "hmac-md5-96" +#define KEX_CLIENT_MAC KEX_SERVER_MAC -#else +#else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ "curve25519-sha256@libssh.org" diff --git a/nchan.c b/nchan.c index 35fdd81..20f6a2f 100644 --- a/nchan.c +++ b/nchan.c @@ -74,7 +74,6 @@ /* * ACTIONS: should never update the channel states */ - static void chan_send_ieof1(Channel *); static void chan_send_oclose1(Channel *); static void chan_send_close2(Channel *); @@ -115,7 +114,6 @@ static void chan_rcvd_oclose1(Channel *c) { debug2("channel %d: rcvd oclose", c->self); - switch (c->istate) { case CHAN_INPUT_WAIT_OCLOSE: chan_set_istate(c, CHAN_INPUT_CLOSED); @@ -163,24 +161,8 @@ chan_ibuf_empty(Channel *c) switch (c->istate) { case CHAN_INPUT_WAIT_DRAIN: if (compat20) { - if (!(c->flags & (CHAN_CLOSE_SENT | CHAN_LOCAL))) { - #ifdef WIN32_FIXME//N - // reset the other side if tty to be how it was before - if (c->isatty) { - char *inittermseq = - "\033[?7h" // end-of-line autowrap ON mode - "\033[20l"; // force NewLineMode off - - buffer_append(&c->input, inittermseq, strlen(inittermseq)); - int state = c->istate; - c->istate = CHAN_INPUT_WAIT_DRAIN; - channel_output_poll(); - packet_write_poll(); // packet_write_wait(); - c->istate = state; - } - #endif + if (!(c->flags & (CHAN_CLOSE_SENT|CHAN_LOCAL))) chan_send_eof2(c); - } chan_set_istate(c, CHAN_INPUT_CLOSED); } else { chan_send_ieof1(c); diff --git a/opacket.c b/opacket.c index b9160d5..5970dd3 100644 --- a/opacket.c +++ b/opacket.c @@ -235,18 +235,6 @@ packet_set_connection(int fd_in, int fd_out) fatal("%s: ssh_packet_set_connection failed", __func__); } -void -packet_backup_state(void) -{ - ssh_packet_backup_state(active_state, backup_state); -} - -void -packet_restore_state(void) -{ - ssh_packet_restore_state(active_state, backup_state); -} - u_int packet_get_char(void) { diff --git a/opacket.h b/opacket.h index a0a60e5..16322ec 100644 --- a/opacket.h +++ b/opacket.h @@ -39,8 +39,6 @@ do { \ void packet_close(void); u_int packet_get_char(void); u_int packet_get_int(void); -void packet_backup_state(void); -void packet_restore_state(void); void packet_set_connection(int, int); int packet_read_seqnr(u_int32_t *); int packet_read_poll_seqnr(u_int32_t *); @@ -127,8 +125,6 @@ void packet_disconnect(const char *, ...) sshpkt_add_padding(active_state, (pad)) #define packet_send_ignore(nbytes) \ ssh_packet_send_ignore(active_state, (nbytes)) -#define packet_need_rekeying() \ - ssh_packet_need_rekeying(active_state) #define packet_set_server() \ ssh_packet_set_server(active_state) #define packet_set_authenticated() \ @@ -148,10 +144,6 @@ void packet_disconnect(const char *, ...) ssh_packet_get_state(active_state, m) #define packet_set_state(m) \ ssh_packet_set_state(active_state, m) -#if 0 -#define get_remote_ipaddr() \ - ssh_remote_ipaddr(active_state) -#endif #define packet_get_raw(lenp) \ sshpkt_ptr(active_state, lenp) #define packet_get_ecpoint(c,p) \ diff --git a/openbsd-compat/.cvsignore b/openbsd-compat/.cvsignore deleted file mode 100644 index f3c7a7c..0000000 --- a/openbsd-compat/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3c5e3b7..aca9eba 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c index 046f57e..e25b859 100644 --- a/openbsd-compat/arc4random.c +++ b/openbsd-compat/arc4random.c @@ -110,10 +110,16 @@ _rs_stir(void) #ifdef WITH_OPENSSL if (RAND_bytes(rnd, sizeof(rnd)) <= 0) - fatal("Couldn't obtain random bytes (error %ld)", - ERR_get_error()); + fatal("Couldn't obtain random bytes (error 0x%lx)", + (unsigned long)ERR_get_error()); +#else +#ifdef WINDOWS + /* TODO - replace rand() with a more secure generator */ + for(int i =0;i - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include - -#include -#include -#include - -#include "log.h" - -#ifndef HAVE_ARC4RANDOM - -#include -#include -#include - -/* Size of key to use */ -#define SEED_SIZE 20 - -/* Number of bytes to reseed after */ -#define REKEY_BYTES (1 << 24) - -static int rc4_ready = 0; -static RC4_KEY rc4; - -unsigned int -arc4random(void) -{ - unsigned int r = 0; - static int first_time = 1; - - if (rc4_ready <= 0) { - if (first_time) - seed_rng(); - first_time = 0; - arc4random_stir(); - } - - RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); - - rc4_ready -= sizeof(r); - - return(r); -} - -void -arc4random_stir(void) -{ - unsigned char rand_buf[SEED_SIZE]; - int i; - - memset(&rc4, 0, sizeof(rc4)); - if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) - fatal("Couldn't obtain random bytes (error %ld)", - ERR_get_error()); - RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); - - /* - * Discard early keystream, as per recommendations in: - * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps - */ - for(i = 0; i <= 256; i += sizeof(rand_buf)) - RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf); - - memset(rand_buf, 0, sizeof(rand_buf)); - - rc4_ready = REKEY_BYTES; -} -#endif /* !HAVE_ARC4RANDOM */ - -#ifndef HAVE_ARC4RANDOM_BUF -void -arc4random_buf(void *_buf, size_t n) -{ - size_t i; - u_int32_t r = 0; - char *buf = (char *)_buf; - - for (i = 0; i < n; i++) { - if (i % 4 == 0) - r = arc4random(); - buf[i] = r & 0xff; - r >>= 8; - } - i = r = 0; -} -#endif /* !HAVE_ARC4RANDOM_BUF */ - -#ifndef HAVE_ARC4RANDOM_UNIFORM -/* - * Calculate a uniformly distributed random number less than upper_bound - * avoiding "modulo bias". - * - * Uniformity is achieved by generating new random numbers until the one - * returned is outside the range [0, 2**32 % upper_bound). This - * guarantees the selected random number will be inside - * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) - * after reduction modulo upper_bound. - */ -u_int32_t -arc4random_uniform(u_int32_t upper_bound) -{ - u_int32_t r, min; - - if (upper_bound < 2) - return 0; - -#if (ULONG_MAX > 0xffffffffUL) - min = 0x100000000UL % upper_bound; -#else - /* Calculate (2**32 % upper_bound) avoiding 64-bit math */ - if (upper_bound > 0x80000000) - min = 1 + ~upper_bound; /* 2**32 - upper_bound */ - else { - /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */ - min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound; - } -#endif - - /* - * This could theoretically loop forever but each retry has - * p > 0.5 (worst case, usually far better) of selecting a - * number inside the range we need, so it should rarely need - * to re-roll. - */ - for (;;) { - r = arc4random(); - if (r >= min) - break; - } - - return r % upper_bound; -} -#endif /* !HAVE_ARC4RANDOM_UNIFORM */ diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c index 3368195..7b83448 100644 --- a/openbsd-compat/bsd-asprintf.c +++ b/openbsd-compat/bsd-asprintf.c @@ -25,18 +25,6 @@ #include #include -#ifndef VA_COPY -# ifdef HAVE_VA_COPY -# define VA_COPY(dest, src) va_copy(dest, src) -# else -# ifdef HAVE___VA_COPY -# define VA_COPY(dest, src) __va_copy(dest, src) -# else -# define VA_COPY(dest, src) (dest) = (src) -# endif -# endif -#endif - #define INIT_SZ 128 int diff --git a/contrib/win32/win32compat/homedirhelp.h b/openbsd-compat/bsd-err.c similarity index 50% rename from contrib/win32/win32compat/homedirhelp.h rename to openbsd-compat/bsd-err.c index d3c2636..ab10646 100644 --- a/contrib/win32/win32compat/homedirhelp.h +++ b/openbsd-compat/bsd-err.c @@ -1,21 +1,17 @@ /* - * Author: NoMachine - * - * Copyright (c) 2009, 2010 NoMachine - * All rights reserved - * - * Support functions and system calls' replacements needed to let the - * software run on Win32 based operating systems. + * Copyright (c) 2015 Tim Rice * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES @@ -29,19 +25,47 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef HOMEDIRHELP_H -#define HOMEDIRHELP_H 1 +#include "includes.h" -#ifdef __cplusplus -extern "C" { +#ifndef HAVE_ERR +void +err(int r, const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + fprintf(stderr, "%s: ", strerror(errno)); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(r); +} #endif -wchar_t *gethomedir_w(const char *pUserName, const char *pDomainName); +#ifndef HAVE_ERRX +void +errx(int r, const char *fmt, ...) +{ + va_list args; -int GetRootBaseDir(char *buffer, int bufSize); - -#ifdef __cplusplus -}; + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(r); +} #endif +#ifndef HAVE_WARN +void +warn(const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + fprintf(stderr, "%s: ", strerror(errno)); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); +} #endif diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 717dad0..6104522 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -105,8 +105,6 @@ const char *strerror(int e) #endif #ifndef HAVE_UTIMES - - int utimes(char *filename, struct timeval *tvp) { struct utimbuf ub; @@ -280,3 +278,30 @@ getpgid(pid_t pid) return -1; } #endif + +#ifndef HAVE_PLEDGE +int +pledge(const char *promises, const char *paths[]) +{ + return 0; +} +#endif + +#ifndef WINDOWS +#ifndef HAVE_MBTOWC +/* a mbtowc that only supports ASCII */ +int +mbtowc(wchar_t *pwc, const char *s, size_t n) +{ + if (s == NULL || *s == '\0') + return 0; /* ASCII is not state-dependent */ + if (*s < 0 || *s > 0x7f || n < 1) { + errno = EOPNOTSUPP; + return -1; + } + if (pwc != NULL) + *pwc = *s; + return 1; +} +#endif +#endif \ No newline at end of file diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index bbc6441..66cef31 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -124,4 +124,19 @@ pid_t getpgid(pid_t); # define krb5_free_error_message(a,b) do { } while(0) #endif +#ifndef HAVE_PLEDGE +int pledge(const char *promises, const char *paths[]); +#endif + +/* bsd-err.h */ +#ifndef HAVE_ERR +void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); +#endif +#ifndef HAVE_ERRX +void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); +#endif +#ifndef HAVE_WARN +void warn(const char *, ...) __attribute__((format(printf, 1, 2))); +#endif + #endif /* _BSD_MISC_H */ diff --git a/openbsd-compat/bsd-poll.c b/openbsd-compat/bsd-poll.c index a06016b..73a8524 100644 --- a/openbsd-compat/bsd-poll.c +++ b/openbsd-compat/bsd-poll.c @@ -20,8 +20,7 @@ #if !defined(HAVE_POLL) #include -/*#include */ -#include +#include #ifdef HAVE_SYS_SELECT_H # include #endif diff --git a/openbsd-compat/bsd-poll.h b/openbsd-compat/bsd-poll.h index dcbb9ca..17945f5 100644 --- a/openbsd-compat/bsd-poll.h +++ b/openbsd-compat/bsd-poll.h @@ -42,11 +42,11 @@ typedef unsigned int nfds_t; #define POLLIN 0x0001 #define POLLOUT 0x0004 #define POLLERR 0x0008 +#define POLLHUP 0x0010 +#define POLLNVAL 0x0020 #if 0 /* the following are currently not implemented */ #define POLLPRI 0x0002 -#define POLLHUP 0x0010 -#define POLLNVAL 0x0020 #define POLLRDNORM 0x0040 #define POLLNORM POLLRDNORM #define POLLWRNORM POLLOUT diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c index 23a6359..d95b6a4 100644 --- a/openbsd-compat/bsd-snprintf.c +++ b/openbsd-compat/bsd-snprintf.c @@ -99,18 +99,6 @@ # undef HAVE_VSNPRINTF #endif -#ifndef VA_COPY -# ifdef HAVE_VA_COPY -# define VA_COPY(dest, src) va_copy(dest, src) -# else -# ifdef HAVE___VA_COPY -# define VA_COPY(dest, src) __va_copy(dest, src) -# else -# define VA_COPY(dest, src) (dest) = (src) -# endif -# endif -#endif - #if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) #include diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c index 5540b69..2b1da80 100644 --- a/openbsd-compat/bsd-statvfs.c +++ b/openbsd-compat/bsd-statvfs.c @@ -30,7 +30,6 @@ static void copy_statfs_to_statvfs(struct statvfs *to, struct statfs *from) { - to->f_bsize = from->f_bsize; to->f_frsize = from->f_bsize; /* no exact equivalent */ to->f_blocks = from->f_blocks; diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c deleted file mode 100644 index 5450e43..0000000 --- a/openbsd-compat/getopt.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright (c) 1987, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */ - -#include "includes.h" -#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include - -int BSDopterr = 1, /* if error message should be printed */ - BSDoptind = 1, /* index into parent argv vector */ - BSDoptopt, /* character checked for validity */ - BSDoptreset; /* reset getopt */ -char *BSDoptarg; /* argument associated with option */ - -#define BADCH (int)'?' -#define BADARG (int)':' -#define EMSG "" - -/* - * getopt -- - * Parse argc/argv argument vector. - */ -int -BSDgetopt(nargc, nargv, ostr) - int nargc; - char * const *nargv; - const char *ostr; -{ - extern char *__progname; - static char *place = EMSG; /* option letter processing */ - char *oli; /* option letter list index */ - - if (ostr == NULL) - return (-1); - - if (BSDoptreset || !*place) { /* update scanning pointer */ - BSDoptreset = 0; - if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { - place = EMSG; - return (-1); - } - if (place[1] && *++place == '-') { /* found "--" */ - ++BSDoptind; - place = EMSG; - return (-1); - } - } /* option letter okay? */ - if ((BSDoptopt = (int)*place++) == (int)':' || - !(oli = strchr(ostr, BSDoptopt))) { - /* - * if the user didn't specify '-' as an option, - * assume it means -1. - */ - if (BSDoptopt == (int)'-') - return (-1); - if (!*place) - ++BSDoptind; - if (BSDopterr && *ostr != ':') - (void)fprintf(stderr, - "%s: illegal option -- %c\n", __progname, BSDoptopt); - return (BADCH); - } - if (*++oli != ':') { /* don't need argument */ - BSDoptarg = NULL; - if (!*place) - ++BSDoptind; - } - else { /* need an argument */ - if (*place) /* no white space */ - BSDoptarg = place; - else if (nargc <= ++BSDoptind) { /* no arg */ - place = EMSG; - if (*ostr == ':') - return (BADARG); - if (BSDopterr) - (void)fprintf(stderr, - "%s: option requires an argument -- %c\n", - __progname, BSDoptopt); - return (BADCH); - } - else /* white space */ - BSDoptarg = nargv[BSDoptind]; - place = EMSG; - ++BSDoptind; - } - return (BSDoptopt); /* dump back option letter */ -} - -#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 05e7a84..dc6fe05 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -608,4 +608,3 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) } #endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */ - diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 742b4b9..7c97e67 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c @@ -59,6 +59,7 @@ */ #include "includes.h" +#include "glob.h" #include #include diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index 54a581f..f069a05 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h @@ -37,22 +37,20 @@ /* OPENBSD ORIGINAL: include/glob.h */ -// Undef GLOB_H for MinGW32 target -#ifdef WIN32 -#undef HAVE_GLOB_H -#endif - - #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ defined(BROKEN_GLOB) -#ifndef _GLOB_H_ -#define _GLOB_H_ +#ifndef _COMPAT_GLOB_H_ +#define _COMPAT_GLOB_H_ #include +# define glob_t _ssh_compat_glob_t +# define glob(a, b, c, d) _ssh__compat_glob(a, b, c, d) +# define globfree(a) _ssh__compat_globfree(a) + struct stat; typedef struct { int gl_pathc; /* Count of total paths so far. */ diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c index 130597e..093a172 100644 --- a/openbsd-compat/inet_aton.c +++ b/openbsd-compat/inet_aton.c @@ -3,7 +3,7 @@ /* * Copyright (c) 1983, 1990, 1993 * The Regents of the University of California. All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -15,7 +15,7 @@ * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -29,14 +29,14 @@ * SUCH DAMAGE. * - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * + * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. - * + * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT @@ -77,7 +77,7 @@ inet_addr(const char *cp) } #endif -/* +/* * Check whether "cp" is a valid ascii representation * of an Internet address and convert to a binary address. * Returns 1 if the address is valid, 0 if not. diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 1e69891..d5280dc 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,4 +1,4 @@ -/* $Id: openbsd-compat.h,v 1.51 2010/10/07 10:25:29 djm Exp $ */ +/* $Id: openbsd-compat.h,v 1.62 2014/09/30 23:43:08 djm Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -36,10 +36,11 @@ #include +#include /* for wchar_t */ + /* OpenBSD function replacements */ #include "base64.h" #include "sigact.h" -#include "glob.h" #include "readpassphrase.h" #include "vis.h" #include "getrrsetbyname.h" @@ -244,20 +245,21 @@ long long strtonum(const char *, long long, long long, const char **); # define nl_langinfo(x) "" #endif +#ifndef WINDOWS #ifndef HAVE_MBTOWC int mbtowc(wchar_t *, const char*, size_t); #endif - +#endif #if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) # include #endif /* -* Some platforms unconditionally undefine va_copy() so we define VA_COPY() -* instead. This is known to be the case on at least some configurations of -* AIX with the xlc compiler. -*/ + * Some platforms unconditionally undefine va_copy() so we define VA_COPY() + * instead. This is known to be the case on at least some configurations of + * AIX with the xlc compiler. + */ #ifndef VA_COPY # ifdef HAVE_VA_COPY # define VA_COPY(dest, src) va_copy(dest, src) @@ -270,7 +272,6 @@ int mbtowc(wchar_t *, const char*, size_t); # endif #endif - #ifndef HAVE_VASPRINTF int vasprintf(char **, const char *, va_list); #endif diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 9ca562f..8da367d 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -470,4 +470,3 @@ out: # endif /* USE_GETGRSET */ #endif /* _AIX */ - diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c index 25382f1..e36e412 100644 --- a/openbsd-compat/port-solaris.c +++ b/openbsd-compat/port-solaris.c @@ -227,3 +227,139 @@ solaris_set_default_project(struct passwd *pw) } } #endif /* USE_SOLARIS_PROJECTS */ + +#ifdef USE_SOLARIS_PRIVS +# ifdef HAVE_PRIV_H +# include +# endif + +priv_set_t * +solaris_basic_privset(void) +{ + priv_set_t *pset; + +#ifdef HAVE_PRIV_BASICSET + if ((pset = priv_allocset()) == NULL) { + error("priv_allocset: %s", strerror(errno)); + return NULL; + } + priv_basicset(pset); +#else + if ((pset = priv_str_to_set("basic", ",", NULL)) == NULL) { + error("priv_str_to_set: %s", strerror(errno)); + return NULL; + } +#endif + return pset; +} + +void +solaris_drop_privs_pinfo_net_fork_exec(void) +{ + priv_set_t *pset = NULL, *npset = NULL; + + /* + * Note: this variant avoids dropping DAC filesystem rights, in case + * the process calling it is running as root and should have the + * ability to read/write/chown any file on the system. + * + * We start with the basic set, then *add* the DAC rights to it while + * taking away other parts of BASIC we don't need. Then we intersect + * this with our existing PERMITTED set. In this way we keep any + * DAC rights we had before, while otherwise reducing ourselves to + * the minimum set of privileges we need to proceed. + * + * This also means we drop any other parts of "root" that we don't + * need (e.g. the ability to kill any process, create new device nodes + * etc etc). + */ + + if ((pset = priv_allocset()) == NULL) + fatal("priv_allocset: %s", strerror(errno)); + if ((npset = solaris_basic_privset()) == NULL) + fatal("solaris_basic_privset: %s", strerror(errno)); + + if (priv_addset(npset, PRIV_FILE_CHOWN) != 0 || + priv_addset(npset, PRIV_FILE_DAC_READ) != 0 || + priv_addset(npset, PRIV_FILE_DAC_SEARCH) != 0 || + priv_addset(npset, PRIV_FILE_DAC_WRITE) != 0 || + priv_addset(npset, PRIV_FILE_OWNER) != 0) + fatal("priv_addset: %s", strerror(errno)); + + if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 || +#ifdef PRIV_NET_ACCESS + priv_delset(npset, PRIV_NET_ACCESS) != 0 || +#endif + priv_delset(npset, PRIV_PROC_EXEC) != 0 || + priv_delset(npset, PRIV_PROC_FORK) != 0 || + priv_delset(npset, PRIV_PROC_INFO) != 0 || + priv_delset(npset, PRIV_PROC_SESSION) != 0) + fatal("priv_delset: %s", strerror(errno)); + + if (getppriv(PRIV_PERMITTED, pset) != 0) + fatal("getppriv: %s", strerror(errno)); + + priv_intersect(pset, npset); + + if (setppriv(PRIV_SET, PRIV_PERMITTED, npset) != 0 || + setppriv(PRIV_SET, PRIV_LIMIT, npset) != 0 || + setppriv(PRIV_SET, PRIV_INHERITABLE, npset) != 0) + fatal("setppriv: %s", strerror(errno)); + + priv_freeset(pset); + priv_freeset(npset); +} + +void +solaris_drop_privs_root_pinfo_net(void) +{ + priv_set_t *pset = NULL; + + /* Start with "basic" and drop everything we don't need. */ + if ((pset = solaris_basic_privset()) == NULL) + fatal("solaris_basic_privset: %s", strerror(errno)); + + if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || +#ifdef PRIV_NET_ACCESS + priv_delset(pset, PRIV_NET_ACCESS) != 0 || +#endif + priv_delset(pset, PRIV_PROC_INFO) != 0 || + priv_delset(pset, PRIV_PROC_SESSION) != 0) + fatal("priv_delset: %s", strerror(errno)); + + if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || + setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || + setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) + fatal("setppriv: %s", strerror(errno)); + + priv_freeset(pset); +} + +void +solaris_drop_privs_root_pinfo_net_exec(void) +{ + priv_set_t *pset = NULL; + + + /* Start with "basic" and drop everything we don't need. */ + if ((pset = solaris_basic_privset()) == NULL) + fatal("solaris_basic_privset: %s", strerror(errno)); + + if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || +#ifdef PRIV_NET_ACCESS + priv_delset(pset, PRIV_NET_ACCESS) != 0 || +#endif + priv_delset(pset, PRIV_PROC_EXEC) != 0 || + priv_delset(pset, PRIV_PROC_INFO) != 0 || + priv_delset(pset, PRIV_PROC_SESSION) != 0) + fatal("priv_delset: %s", strerror(errno)); + + if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 || + setppriv(PRIV_SET, PRIV_LIMIT, pset) != 0 || + setppriv(PRIV_SET, PRIV_INHERITABLE, pset) != 0) + fatal("setppriv: %s", strerror(errno)); + + priv_freeset(pset); +} + +#endif diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h index cd442e7..a7cb5eb 100644 --- a/openbsd-compat/port-solaris.h +++ b/openbsd-compat/port-solaris.h @@ -26,5 +26,12 @@ void solaris_contract_pre_fork(void); void solaris_contract_post_fork_child(void); void solaris_contract_post_fork_parent(pid_t pid); void solaris_set_default_project(struct passwd *); +# ifdef USE_SOLARIS_PRIVS +#include +priv_set_t *solaris_basic_privset(void); +void solaris_drop_privs_pinfo_net_fork_exec(void); +void solaris_drop_privs_root_pinfo_net(void); +void solaris_drop_privs_root_pinfo_net_exec(void); +# endif /* USE_SOLARIS_PRIVS */ #endif diff --git a/openbsd-compat/pwcache.c b/openbsd-compat/pwcache.c index fa7caa9..5a8b788 100644 --- a/openbsd-compat/pwcache.c +++ b/openbsd-compat/pwcache.c @@ -110,13 +110,5 @@ group_from_gid(gid_t gid, int nogroup) cp->name = strdup(gr ? gr->gr_name : nbuf); } return (cp->name); -#else - - /* - * Not implemented on Win32. - */ - - return NULL; - } #endif diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index be4e9c5..a2f090e 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -1,4 +1,4 @@ -/* $OpenBSD: realpath.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: realpath.c,v 1.20 2015/10/13 20:55:37 millert Exp $ */ /* * Copyright (c) 2003 Constantin S. Svintsoff * @@ -42,6 +42,13 @@ #include #include #include +#include + +#ifndef SYMLOOP_MAX +# define SYMLOOP_MAX 32 +#endif + +/* A slightly modified copy of this file exists in libexec/ld.so */ /* * char *realpath(const char *path, char resolved[PATH_MAX]); @@ -51,16 +58,30 @@ * in which case the path which caused trouble is left in (resolved). */ char * -realpath(const char *path, char resolved[PATH_MAX]) +realpath(const char *path, char *resolved) { struct stat sb; char *p, *q, *s; size_t left_len, resolved_len; unsigned symlinks; - int serrno, slen; + int serrno, slen, mem_allocated; char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; + if (path[0] == '\0') { + errno = ENOENT; + return (NULL); + } + serrno = errno; + + if (resolved == NULL) { + resolved = malloc(PATH_MAX); + if (resolved == NULL) + return (NULL); + mem_allocated = 1; + } else + mem_allocated = 0; + symlinks = 0; if (path[0] == '/') { resolved[0] = '/'; @@ -71,7 +92,10 @@ realpath(const char *path, char resolved[PATH_MAX]) left_len = strlcpy(left, path + 1, sizeof(left)); } else { if (getcwd(resolved, PATH_MAX) == NULL) { - strlcpy(resolved, ".", PATH_MAX); + if (mem_allocated) + free(resolved); + else + strlcpy(resolved, ".", PATH_MAX); return (NULL); } resolved_len = strlen(resolved); @@ -79,7 +103,7 @@ realpath(const char *path, char resolved[PATH_MAX]) } if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; - return (NULL); + goto err; } /* @@ -94,7 +118,7 @@ realpath(const char *path, char resolved[PATH_MAX]) s = p ? p : left + left_len; if (s - left >= (ptrdiff_t)sizeof(next_token)) { errno = ENAMETOOLONG; - return (NULL); + goto err; } memcpy(next_token, left, s - left); next_token[s - left] = '\0'; @@ -104,7 +128,7 @@ realpath(const char *path, char resolved[PATH_MAX]) if (resolved[resolved_len - 1] != '/') { if (resolved_len + 1 >= PATH_MAX) { errno = ENAMETOOLONG; - return (NULL); + goto err; } resolved[resolved_len++] = '/'; resolved[resolved_len] = '\0'; @@ -135,23 +159,23 @@ realpath(const char *path, char resolved[PATH_MAX]) resolved_len = strlcat(resolved, next_token, PATH_MAX); if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; - return (NULL); + goto err; } if (lstat(resolved, &sb) != 0) { if (errno == ENOENT && p == NULL) { errno = serrno; return (resolved); } - return (NULL); + goto err; } if (S_ISLNK(sb.st_mode)) { - if (symlinks++ > MAXSYMLINKS) { + if (symlinks++ > SYMLOOP_MAX) { errno = ELOOP; - return (NULL); + goto err; } slen = readlink(resolved, symlink, sizeof(symlink) - 1); if (slen < 0) - return (NULL); + goto err; symlink[slen] = '\0'; if (symlink[0] == '/') { resolved[1] = 0; @@ -174,15 +198,15 @@ realpath(const char *path, char resolved[PATH_MAX]) if (slen + 1 >= (ptrdiff_t)sizeof(symlink)) { errno = ENAMETOOLONG; - return (NULL); + goto err; } symlink[slen] = '/'; symlink[slen + 1] = 0; } - left_len = strlcat(symlink, left, sizeof(left)); - if (left_len >= sizeof(left)) { + left_len = strlcat(symlink, left, sizeof(symlink)); + if (left_len >= sizeof(symlink)) { errno = ENAMETOOLONG; - return (NULL); + goto err; } } left_len = strlcpy(left, symlink, sizeof(left)); @@ -196,5 +220,10 @@ realpath(const char *path, char resolved[PATH_MAX]) if (resolved_len > 1 && resolved[resolved_len - 1] == '/') resolved[resolved_len - 1] = '\0'; return (resolved); + +err: + if (mem_allocated) + free(resolved); + return (NULL); } -#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ \ No newline at end of file +#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ diff --git a/openbsd-compat/regress/.cvsignore b/openbsd-compat/regress/.cvsignore deleted file mode 100644 index 33074f4..0000000 --- a/openbsd-compat/regress/.cvsignore +++ /dev/null @@ -1,6 +0,0 @@ -Makefile -snprintftest -strduptest -strtonumtest -closefromtest -opensslvertest diff --git a/openbsd-compat/regress/Makefile b/openbsd-compat/regress/Makefile deleted file mode 100644 index 0ae9270..0000000 --- a/openbsd-compat/regress/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -# $Id: Makefile.in,v 1.5 2014/06/17 13:06:08 dtucker Exp $ - -sysconfdir=${prefix}/etc -piddir=/var/run -srcdir=. -top_srcdir=../.. - - -CC=i686-pc-mingw32-gcc -LD=i686-pc-mingw32-gcc -CFLAGS=-g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -fno-builtin-memset -I/cygdrive/c/openssh/Win32-OpenSSH/contrib/win32/win32compat/includes -I/cygdrive/c/openssh/Win32-OpenSSH/openbsd-compat -I/cygdrive/c/openssh/Win32-OpenSSH/contrib/win32/win32compat/includes -I/cygdrive/c/openssh/Win32-OpenSSH/libkrb -I/usr/local -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. -I/cygdrive/c/openssh/Win32-OpenSSH/../openssl-1.0.2d/include -DHAVE_CONFIG_H -EXEEXT=.exe -LIBCOMPAT=../libopenbsd-compat.a -LIBS=-lcrypto -lz -lws2_32 -lgdi32 -lNetAPI32 -luserenv -lsecur32 -lshlwapi -LDFLAGS=-L/cygdrive/c/openssh/Win32-OpenSSH/../openssl-1.0.2d $(LIBCOMPAT) - -TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ - strtonumtest$(EXEEXT) opensslvertest$(EXEEXT) - -all: t-exec ${OTHERTESTS} - -%$(EXEEXT): %.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) - -t-exec: $(TESTPROGS) - @echo running compat regress tests - @for TEST in ""$?; do \ - echo "run test $${TEST}" ... 1>&2; \ - ./$${TEST}$(EXEEXT) || exit $$? ; \ - done - @echo finished compat regress tests - -clean: - rm -f *.o *.a core $(TESTPROGS) valid.out - -distclean: clean - rm -f Makefile *~ diff --git a/openbsd-compat/strtoull.c b/openbsd-compat/strtoull.c index ed8e4c5..f7c818c 100644 --- a/openbsd-compat/strtoull.c +++ b/openbsd-compat/strtoull.c @@ -102,7 +102,7 @@ strtoull(const char *nptr, char **endptr, int base) } } if (neg && any > 0) - acc = (~acc + 1u); + acc = -acc; if (endptr != 0) *endptr = (char *) (any ? s - 1 : nptr); return (acc); diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c index f6f5665..3cef6ba 100644 --- a/openbsd-compat/vis.c +++ b/openbsd-compat/vis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */ +/* $OpenBSD: vis.c,v 1.25 2015/09/13 11:32:51 guenther Exp $ */ /*- * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. @@ -33,13 +33,24 @@ #include "includes.h" #if !defined(HAVE_STRNVIS) || defined(BROKEN_STRNVIS) +/* + * We want these to override in the BROKEN_STRNVIS case. TO avoid future sync + * problems no-op out the weak symbol definition rather than remove it. + */ +#define DEF_WEAK(x) + +#include +#include #include +#include #include +#include #include "vis.h" #define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') -#define isvisible(c) \ +#define isvisible(c,flag) \ + (((c) == '\\' || (flag & VIS_ALL) == 0) && \ (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \ (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \ @@ -48,7 +59,7 @@ ((flag & VIS_NL) == 0 && (c) == '\n') || \ ((flag & VIS_SAFE) && ((c) == '\b' || \ (c) == '\007' || (c) == '\r' || \ - isgraph((u_char)(c))))) + isgraph((u_char)(c)))))) /* * vis - visually encode characters @@ -56,10 +67,11 @@ char * vis(char *dst, int c, int flag, int nextc) { - if (isvisible(c)) { - *dst++ = c; - if (c == '\\' && (flag & VIS_NOSLASH) == 0) + if (isvisible(c, flag)) { + if ((c == '"' && (flag & VIS_DQ) != 0) || + (c == '\\' && (flag & VIS_NOSLASH) == 0)) *dst++ = '\\'; + *dst++ = c; *dst = '\0'; return (dst); } @@ -136,6 +148,7 @@ done: *dst = '\0'; return (dst); } +DEF_WEAK(vis); /* * strvis, strnvis, strvisx - visually encode characters from src into dst @@ -161,6 +174,7 @@ strvis(char *dst, const char *src, int flag) *dst = '\0'; return (dst - start); } +DEF_WEAK(strvis); int strnvis(char *dst, const char *src, size_t siz, int flag) @@ -171,19 +185,18 @@ strnvis(char *dst, const char *src, size_t siz, int flag) i = 0; for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { - if (isvisible(c)) { - i = 1; - *dst++ = c; - if (c == '\\' && (flag & VIS_NOSLASH) == 0) { + if (isvisible(c, flag)) { + if ((c == '"' && (flag & VIS_DQ) != 0) || + (c == '\\' && (flag & VIS_NOSLASH) == 0)) { /* need space for the extra '\\' */ - if (dst < end) - *dst++ = '\\'; - else { - dst--; + if (dst + 1 >= end) { i = 2; break; } + *dst++ = '\\'; } + i = 1; + *dst++ = c; src++; } else { i = vis(tbuf, c, flag, *++src) - tbuf; @@ -206,6 +219,25 @@ strnvis(char *dst, const char *src, size_t siz, int flag) return (dst - start); } +int +stravis(char **outp, const char *src, int flag) +{ + char *buf; + int len, serrno; + + buf = reallocarray(NULL, 4, strlen(src) + 1); + if (buf == NULL) + return -1; + len = strvis(buf, src, flag); + serrno = errno; + *outp = realloc(buf, len + 1); + if (*outp == NULL) { + *outp = buf; + errno = serrno; + } + return (len); +} + int strvisx(char *dst, const char *src, size_t len, int flag) { diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h index b6ee6ec..baf581f 100644 --- a/openbsd-compat/vis.h +++ b/openbsd-compat/vis.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */ +/* $OpenBSD: vis.h,v 1.15 2015/07/20 01:52:27 millert Exp $ */ /* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ /*- @@ -48,8 +48,8 @@ */ #define VIS_OCTAL 0x01 /* use octal \ddd format */ #define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */ -#define VIS_ALL 0x400 /* encode all characters */ -/* + + /* * to alter set of characters encoded (default is to encode all * non-graphic except space, tab, and newline). */ @@ -58,6 +58,8 @@ #define VIS_NL 0x10 /* also encode newline */ #define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL) #define VIS_SAFE 0x20 /* only encode "unsafe" characters */ +#define VIS_DQ 0x200 /* backslash-escape double quotes */ +#define VIS_ALL 0x400 /* encode all characters */ /* * other @@ -81,6 +83,7 @@ char *vis(char *, int, int, int); int strvis(char *, const char *, int); +int stravis(char **, const char *, int); int strnvis(char *, const char *, size_t, int) __attribute__ ((__bounded__(__string__,1,3))); int strvisx(char *, const char *, size_t, int) diff --git a/openbsd-compat/win32_Makefile.in b/openbsd-compat/win32_Makefile.in deleted file mode 100644 index 3c5e3b7..0000000 --- a/openbsd-compat/win32_Makefile.in +++ /dev/null @@ -1,42 +0,0 @@ -# $Id: Makefile.in,v 1.56 2014/09/30 23:43:08 djm Exp $ - -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -VPATH=@srcdir@ -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -LIBS=@LIBS@ -AR=@AR@ -RANLIB=@RANLIB@ -INSTALL=@INSTALL@ -LDFLAGS=-L. @LDFLAGS@ - -OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o - -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o kludge-fd_set.o - -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o - -.c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - -all: libopenbsd-compat.a - -$(COMPAT): ../config.h -$(OPENBSD): ../config.h -$(PORTS): ../config.h - -libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) - $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) - $(RANLIB) $@ - -clean: - rm -f *.o *.a core - -distclean: clean - rm -f Makefile *~ diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 8577cbd..cf6a9b9 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c @@ -25,6 +25,7 @@ #include "includes.h" #include +#include #include #include @@ -62,11 +63,50 @@ # define crypt DES_crypt # endif +/* + * Pick an appropriate password encryption type and salt for the running + * system by searching through accounts until we find one that has a valid + * salt. Usually this will be root unless the root account is locked out. + * If we don't find one we return a traditional DES-based salt. + */ +static const char * +pick_salt(void) +{ + struct passwd *pw; + char *passwd, *p; + size_t typelen; + static char salt[32]; + + if (salt[0] != '\0') + return salt; + strlcpy(salt, "xx", sizeof(salt)); + setpwent(); + while ((pw = getpwent()) != NULL) { + passwd = shadow_pw(pw); + if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) { + typelen = p - passwd + 1; + strlcpy(salt, passwd, MIN(typelen, sizeof(salt))); + explicit_bzero(passwd, strlen(passwd)); + goto out; + } + } + out: + endpwent(); + return salt; +} + char * xcrypt(const char *password, const char *salt) { char *crypted; + /* + * If we don't have a salt we are encrypting a fake password for + * for timing purposes. Pick an appropriate salt. + */ + if (salt == NULL) + salt = pick_salt(); + # ifdef HAVE_MD5_PASSWORDS if (is_md5_salt(salt)) crypted = md5_crypt(password, salt); diff --git a/openssl-bn.c b/openssl-bn.c deleted file mode 100644 index b80ef1e..0000000 --- a/openssl-bn.c +++ /dev/null @@ -1,214 +0,0 @@ -/* -* Copyright (c) 2015 Damien Miller -* -* Permission to use, copy, modify, and distribute this software for any -* purpose with or without fee is hereby granted, provided that the above -* copyright notice and this permission notice appear in all copies. -* -* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -*/ - -#include - - -#include -#include -#include -#include -#include - - -#include - - -#include "sshbuf.h" -#include "packet.h" -#include "ssherr.h" -#include "crypto-wrap.h" - -struct sshbn { - BIGNUM *bn; -}; - - -static struct sshbn * -bnwrap(BIGNUM *bn) -{ - struct sshbn *ret; - - if (bn == NULL) - return NULL; - - if ((ret = calloc(1, sizeof(*ret))) == NULL) - return NULL; - if ((ret->bn = BN_dup(bn)) == NULL) { - free(ret); - return NULL; - } - return ret; -} - -struct sshbn * - sshbn_new(void) -{ - return bnwrap(BN_new()); -} - -void -sshbn_free(struct sshbn *bn) -{ - if (bn != NULL) { - if (bn->bn != NULL) - BN_clear_free(bn->bn); - explicit_bzero(bn, sizeof(*bn)); - free(bn); - } -} - -int -sshbn_from(const void *d, size_t l, struct sshbn **retp) -{ - struct sshbn *ret; - const u_char *dd = (const u_char *)d; - - *retp = NULL; - if (l > INT_MAX) - return SSH_ERR_INVALID_ARGUMENT; - if ((ret = sshbn_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (BN_bin2bn(dd, (int)l, ret->bn) == NULL) { - sshbn_free(ret); - return SSH_ERR_LIBCRYPTO_ERROR; - } - *retp = ret; - return 0; -} - -int -sshbn_from_hex(const char *hex, struct sshbn **retp) -{ - struct sshbn *ret; - - *retp = NULL; - if ((ret = sshbn_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - - if (BN_hex2bn(&ret->bn, hex) <= 0) { - sshbn_free(ret); - return SSH_ERR_LIBCRYPTO_ERROR; - } - *retp = ret; - return 0; -} - -int sshbn_to(const struct sshbn *a, unsigned char *to) -{ - - return BN_bn2bin(sshbn_bignum(a), to); -} - -size_t -sshbn_bytes(const struct sshbn *bn) -{ - int bytes = BN_num_bytes(bn->bn); - - return bytes < 0 ? 0 : (size_t)bytes; -} - -size_t -sshbn_bits(const struct sshbn *bn) -{ - int bits = BN_num_bits(bn->bn); - - return bits < 0 ? 0 : (size_t)bits; -} - -const struct sshbn * -sshbn_value_0(void) -{ - static struct sshbn *ret; - - if (ret == NULL) - sshbn_from_hex("0", &ret); - return ret; -} - -const struct sshbn * -sshbn_value_1(void) -{ - static struct sshbn *ret; - - if (ret == NULL) - sshbn_from_hex("1", &ret); - return ret; -} - - - -int -sshbn_cmp(const struct sshbn *a, const struct sshbn *b) -{ - return BN_cmp(a->bn, b->bn); -} - -int -sshbn_sub(struct sshbn *r, const struct sshbn *a, const struct sshbn *b) -{ - if (BN_sub(r->bn, a->bn, b->bn) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; -} - -int -sshbn_is_bit_set(const struct sshbn *bn, size_t i) -{ - if (i > INT_MAX) - return 0; - return BN_is_bit_set(bn->bn, (int)i); -} - -/* XXX move to sshbuf.h */ -int -sshbuf_get_bignum2_wrap(struct sshbuf *buf, struct sshbn *bn) -{ - return sshbuf_get_bignum2(buf, bn->bn); -} - -int -sshbuf_put_bignum2_wrap(struct sshbuf *buf, const struct sshbn *bn) -{ - return sshbuf_put_bignum2(buf, bn->bn); -} - -int -sshpkt_get_bignum2_wrap(struct ssh *ssh, struct sshbn *bn) -{ - return sshpkt_get_bignum2(ssh, bn->bn); -} - -int -sshpkt_put_bignum2_wrap(struct ssh *ssh, const struct sshbn *bn) -{ - return sshpkt_put_bignum2(ssh, bn->bn); -} - -/* bridge to unwrapped OpenSSL APIs; XXX remove later */ -BIGNUM * -sshbn_bignum(struct sshbn *bn) -{ - return bn->bn; -} - - -struct sshbn * - sshbn_from_bignum(BIGNUM *bn) -{ - return bnwrap(bn); -} - diff --git a/openssl-dh.c b/openssl-dh.c deleted file mode 100644 index 319f92d..0000000 --- a/openssl-dh.c +++ /dev/null @@ -1,199 +0,0 @@ -/* -* Copyright (c) 2015 Damien Miller -* -* Permission to use, copy, modify, and distribute this software for any -* purpose with or without fee is hereby granted, provided that the above -* copyright notice and this permission notice appear in all copies. -* -* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -*/ - -#include - - -#include -#include -#include -#include -#include - -#include -#include - -#include "sshbuf.h" -#include "packet.h" -#include "ssherr.h" -#include "crypto-wrap.h" - -struct sshdh { - DH *dh; -}; -struct sshbn { - BIGNUM *bn; -}; - - -static struct sshbn * -bnwrap(BIGNUM *bn) -{ - struct sshbn *ret; - - if (bn == NULL) - return NULL; - - if ((ret = calloc(1, sizeof(*ret))) == NULL) - return NULL; - if ((ret->bn = BN_dup(bn)) == NULL) { - free(ret); - return NULL; - } - return ret; -} - -/* DH wrappers */ - -struct sshdh * - sshdh_new(void) -{ - struct sshdh *ret; - - if ((ret = calloc(1, sizeof(*ret))) == NULL) - return NULL; - if ((ret->dh = DH_new()) == NULL) { - free(ret); - return NULL; - } - return ret; -} - -void -sshdh_free(struct sshdh *dh) -{ - if (dh != NULL) { - if (dh->dh != NULL) - DH_free(dh->dh); - explicit_bzero(dh, sizeof(*dh)); - free(dh); - } -} - -struct sshbn * - sshdh_pubkey(struct sshdh *dh) -{ - return bnwrap(dh->dh->pub_key); -} - -struct sshbn * - sshdh_p(struct sshdh *dh) -{ - return bnwrap(dh->dh->p); -} - -struct sshbn * - sshdh_g(struct sshdh *dh) -{ - return bnwrap(dh->dh->g); -} - -void -sshdh_dump(struct sshdh *dh) -{ - DHparams_print_fp(stderr, dh->dh); - fprintf(stderr, "pub= "); - BN_print_fp(stderr, dh->dh->pub_key); - fprintf(stderr, "\n"); -} - -// XXX needed? -size_t -sshdh_shared_key_size(struct sshdh *dh) -{ - int sz; - - if (dh == NULL || dh->dh == NULL || (sz = DH_size(dh->dh)) < 0) - return 0; - return (size_t)sz; -} - -int sshdh_compute_key(struct sshdh *dh, struct sshbn *pubkey, -struct sshbn **shared_secretp) -{ - u_char *sbuf; - int r, slen; - - *shared_secretp = NULL; - if ((slen = DH_size(dh->dh)) <= 0) - return SSH_ERR_INVALID_ARGUMENT; - if ((sbuf = calloc(1, slen)) == NULL) - return SSH_ERR_ALLOC_FAIL; - if ((r = DH_compute_key(sbuf, pubkey->bn, dh->dh)) < 0 || - r != slen) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - if ((r = sshbn_from(sbuf, slen, shared_secretp)) != 0) - goto out; - /* success */ - r = 0; -out: - explicit_bzero(sbuf, slen); - free(sbuf); - return r; -} - -int -sshdh_generate(struct sshdh *dh, size_t len) -{ - if (len > INT_MAX) - return SSH_ERR_INVALID_ARGUMENT; - if (len != 0) - dh->dh->length = (int)len; - if (DH_generate_key(dh->dh) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; -} - -int -sshdh_new_group_hex(const char *gen, const char *modulus, struct sshdh **dhp) -{ - struct sshdh *ret; - - *dhp = NULL; - if ((ret = sshdh_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; - if (BN_hex2bn(&ret->dh->p, modulus) == 0 || - BN_hex2bn(&ret->dh->g, gen) == 0) { - sshdh_free(ret); - return SSH_ERR_LIBCRYPTO_ERROR; - } - *dhp = ret; - return 0; -} - -/* XXX transfers ownership of gen, modulus */ -struct sshdh * - sshdh_new_group(struct sshbn *gen, struct sshbn *modulus) -{ - struct sshdh *dh; - - if ((dh = sshdh_new()) == NULL) - return NULL; - dh->dh->p = modulus->bn; - dh->dh->g = gen->bn; - modulus->bn = gen->bn = NULL; - sshbn_free(gen); - sshbn_free(modulus); - return (dh); -} - - -DH *sshdh_dh(struct sshdh *dh) -{ - return dh->dh; -} \ No newline at end of file diff --git a/openssl-epoint.c b/openssl-epoint.c deleted file mode 100644 index 62f7fdb..0000000 --- a/openssl-epoint.c +++ /dev/null @@ -1,151 +0,0 @@ -/* -* Copyright (c) 2015 Damien Miller -* -* Permission to use, copy, modify, and distribute this software for any -* purpose with or without fee is hereby granted, provided that the above -* copyright notice and this permission notice appear in all copies. -* -* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -*/ - -#include - - -#include -#include -#include -#include -#include - - -#include -#include - - -#include "sshbuf.h" -#include "packet.h" -#include "ssherr.h" -#include "crypto-wrap.h" - -struct sshepoint { - EC_POINT *pt; - EC_GROUP *gp; -}; - -struct sshecurve { - EC_GROUP *gp; -}; - - -struct sshepoint * - sshepoint_new(void) -{ - return malloc(sizeof(struct sshepoint)); -} - -void -sshepoint_free(struct sshepoint *pt) -{ - if (pt != NULL) { - if (pt->pt != NULL) - EC_POINT_free(pt->pt); - if (pt->gp != NULL) - EC_GROUP_free(pt->gp); - explicit_bzero(pt, sizeof(*pt)); - free(pt); - } -} - - -int sshepoint_from(struct sshbn * x, struct sshbn * y, struct sshecurve * curve, struct sshepoint **retp) -{ - struct sshepoint *ret = NULL; - - - *retp = NULL; - if ((ret = sshepoint_new()) == NULL) - { - return SSH_ERR_ALLOC_FAIL; - } - if ((ret->pt = EC_POINT_new(curve->gp)) == NULL) - { - sshepoint_free(ret); - return SSH_ERR_LIBCRYPTO_ERROR; - } - ret->gp = curve->gp; - if (EC_POINT_set_affine_corrdinates_GFp(curve->gp, ret->pt, x, y)) { - sshepoint_free(ret); - return SSH_ERR_LIBCRYPTO_ERROR; - } - *retp = ret; - return 0; -} -int sshepoint_to(struct sshepoint * pt, struct sshbn **retx, struct sshbn **rety, struct sshecurve ** retcurve) -{ - struct sshbn * x = NULL; - struct sshbn * y = NULL; - struct sshecurve * curve = NULL; - - if (((x = sshbn_new()) == NULL) || - ((y = sshbn_new()) == NULL) || - ((curve = sshecurve_new()) == NULL)) - { - sshbn_free(x); - sshbn_free(y); - sshecurve_free(curve); - return SSH_ERR_ALLOC_FAIL; - } - - curve->gp = pt->gp; - if (EC_POINT_get_affine_coordinates_GFp(pt->gp, pt->pt, sshbn_bignum(x), sshbn_bignum(y), NULL)) - { - sshecurve_free(curve); - sshbn_free(x); - sshbn_free(y); - return SSH_ERR_LIBCRYPTO_ERROR; - } - *retcurve = curve; - *retx = x; - *rety = y; - - return 0; -} - -struct sshecurve * sshecurve_new(void) -{ - struct sshecurve * curve = NULL; - - curve = (struct sshecurve *)malloc(sizeof(struct sshecurve)); - memset(curve, 0, sizeof(struct sshecurve)); - - return curve; -} - -void sshecurve_free(struct sshecurve * curve) -{ - if (curve != NULL) { - if (curve->gp != NULL) - EC_GROUP_free(curve->gp); - explicit_bzero(curve, sizeof(*curve)); - free(curve); - } -} - -struct sshecurve * sshecurve_new_curve(int nid) -{ - struct sshecurve * ret; - - if ((ret = sshecurve_new()) == NULL) - return NULL; - ret->gp = EC_GROUP_new_by_curve_name(nid); - - return ret; - - -} \ No newline at end of file diff --git a/packet.c b/packet.c index b8bba2b..c047678 100644 --- a/packet.c +++ b/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: packet.c,v 1.234 2016/07/18 11:35:33 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -52,6 +52,7 @@ #include #include +#include #include #include #include @@ -85,7 +86,6 @@ #include "channels.h" #include "ssh.h" #include "packet.h" -#include "roaming.h" #include "ssherr.h" #include "sshbuf.h" @@ -185,8 +185,7 @@ struct session_state { struct packet_state p_read, p_send; /* Volume-based rekeying */ - u_int64_t max_blocks_in, max_blocks_out; - u_int32_t rekey_limit; + u_int64_t max_blocks_in, max_blocks_out, rekey_limit; /* Time-based rekeying */ u_int32_t rekey_interval; /* how often in seconds */ @@ -201,6 +200,7 @@ struct session_state { /* XXX discard incoming data after MAC error */ u_int packet_discard; + size_t packet_discard_mac_already; struct sshmac *packet_discard_mac; /* Used in packet_read_poll2() */ @@ -265,6 +265,14 @@ ssh_alloc_session_state(void) return NULL; } +/* Returns nonzero if rekeying is in progress */ +int +ssh_packet_is_rekeying(struct ssh *ssh) +{ + return compat20 && + (ssh->state->rekeying || (ssh->kex != NULL && ssh->kex->done == 0)); +} + /* * Sets the descriptors used for communication. Disables encryption until * packet_set_encryption_key is called. @@ -294,7 +302,7 @@ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) (r = cipher_init(&state->receive_context, none, (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) { error("%s: cipher_init failed: %s", __func__, ssh_err(r)); - free(ssh); + free(ssh); /* XXX need ssh_free_session_state? */ return NULL; } state->newkeys[MODE_IN] = state->newkeys[MODE_OUT] = NULL; @@ -330,25 +338,28 @@ ssh_packet_stop_discard(struct ssh *ssh) if (state->packet_discard_mac) { char buf[1024]; + size_t dlen = PACKET_MAX_SIZE; + if (dlen > state->packet_discard_mac_already) + dlen -= state->packet_discard_mac_already; memset(buf, 'a', sizeof(buf)); - while (sshbuf_len(state->incoming_packet) < - PACKET_MAX_SIZE) + while (sshbuf_len(state->incoming_packet) < dlen) if ((r = sshbuf_put(state->incoming_packet, buf, sizeof(buf))) != 0) return r; (void) mac_compute(state->packet_discard_mac, state->p_read.seqnr, - sshbuf_ptr(state->incoming_packet), PACKET_MAX_SIZE, + sshbuf_ptr(state->incoming_packet), dlen, NULL, 0); } - logit("Finished discarding for %.200s", ssh_remote_ipaddr(ssh)); + logit("Finished discarding for %.200s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return SSH_ERR_MAC_INVALID; } static int ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc, - struct sshmac *mac, u_int packet_length, u_int discard) + struct sshmac *mac, size_t mac_already, u_int discard) { struct session_state *state = ssh->state; int r; @@ -358,11 +369,16 @@ ssh_packet_start_discard(struct ssh *ssh, struct sshenc *enc, return r; return SSH_ERR_MAC_INVALID; } - if (packet_length != PACKET_MAX_SIZE && mac && mac->enabled) + /* + * Record number of bytes over which the mac has already + * been computed in order to minimize timing attacks. + */ + if (mac && mac->enabled) { state->packet_discard_mac = mac; - if (sshbuf_len(state->input) >= discard && - (r = ssh_packet_stop_discard(ssh)) != 0) - return r; + state->packet_discard_mac_already = mac_already; + } + if (sshbuf_len(state->input) >= discard) + return ssh_packet_stop_discard(ssh); state->packet_discard = discard - sshbuf_len(state->input); return 0; } @@ -376,6 +392,9 @@ ssh_packet_connection_is_on_socket(struct ssh *ssh) struct sockaddr_storage from, to; socklen_t fromlen, tolen; + if (state->connection_in == -1 || state->connection_out == -1) + return 0; + /* filedescriptors in and out are the same, so it's a socket */ if (state->connection_in == state->connection_out) return 1; @@ -463,16 +482,55 @@ ssh_packet_get_connection_out(struct ssh *ssh) const char * ssh_remote_ipaddr(struct ssh *ssh) { + const int sock = ssh->state->connection_in; + /* Check whether we have cached the ipaddr. */ - if (ssh->remote_ipaddr == NULL) - ssh->remote_ipaddr = ssh_packet_connection_is_on_socket(ssh) ? - get_peer_ipaddr(ssh->state->connection_in) : - strdup("UNKNOWN"); - if (ssh->remote_ipaddr == NULL) - return "UNKNOWN"; + if (ssh->remote_ipaddr == NULL) { + if (ssh_packet_connection_is_on_socket(ssh)) { + ssh->remote_ipaddr = get_peer_ipaddr(sock); + ssh->remote_port = get_peer_port(sock); + ssh->local_ipaddr = get_local_ipaddr(sock); + ssh->local_port = get_local_port(sock); + } else { + ssh->remote_ipaddr = strdup("UNKNOWN"); + ssh->remote_port = 65535; + ssh->local_ipaddr = strdup("UNKNOWN"); + ssh->local_port = 65535; + } + } return ssh->remote_ipaddr; } +/* Returns the port number of the remote host. */ + +int +ssh_remote_port(struct ssh *ssh) +{ + (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ + return ssh->remote_port; +} + +/* + * Returns the IP-address of the local host as a string. The returned + * string must not be freed. + */ + +const char * +ssh_local_ipaddr(struct ssh *ssh) +{ + (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ + return ssh->local_ipaddr; +} + +/* Returns the port number of the local host. */ + +int +ssh_local_port(struct ssh *ssh) +{ + (void)ssh_remote_ipaddr(ssh); /* Will lookup and cache. */ + return ssh->local_port; +} + /* Closes the connection and clears and frees internal data structures. */ void @@ -529,15 +587,12 @@ ssh_packet_close(struct ssh *ssh) error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); if ((r = cipher_cleanup(&state->receive_context)) != 0) error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); - if (ssh->remote_ipaddr) { - free(ssh->remote_ipaddr); - ssh->remote_ipaddr = NULL; - } + free(ssh->remote_ipaddr); + ssh->remote_ipaddr = NULL; free(ssh->state); ssh->state = NULL; } - /* Sets remote side protocol flags. */ void @@ -974,7 +1029,12 @@ ssh_set_newkeys(struct ssh *ssh, int mode) max_blocks = &state->max_blocks_in; } if (state->newkeys[mode] != NULL) { - debug("set_newkeys: rekeying"); + debug("set_newkeys: rekeying, input %llu bytes %llu blocks, " + "output %llu bytes %llu blocks", + (unsigned long long)state->p_read.bytes, + (unsigned long long)state->p_read.blocks, + (unsigned long long)state->p_send.bytes, + (unsigned long long)state->p_send.blocks); if ((r = cipher_cleanup(cc)) != 0) return r; enc = &state->newkeys[mode]->enc; @@ -1046,9 +1106,55 @@ ssh_set_newkeys(struct ssh *ssh, int mode) if (state->rekey_limit) *max_blocks = MIN(*max_blocks, state->rekey_limit / enc->block_size); + debug("rekey after %llu blocks", (unsigned long long)*max_blocks); return 0; } +#define MAX_PACKETS (1U<<31) +static int +ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +{ + struct session_state *state = ssh->state; + u_int32_t out_blocks; + + /* XXX client can't cope with rekeying pre-auth */ + if (!state->after_authentication) + return 0; + + /* Haven't keyed yet or KEX in progress. */ + if (ssh->kex == NULL || ssh_packet_is_rekeying(ssh)) + return 0; + + /* Peer can't rekey */ + if (ssh->compat & SSH_BUG_NOREKEY) + return 0; + + /* + * Permit one packet in or out per rekey - this allows us to + * make progress when rekey limits are very small. + */ + if (state->p_send.packets == 0 && state->p_read.packets == 0) + return 0; + + /* Time-based rekeying */ + if (state->rekey_interval != 0 && + state->rekey_time + state->rekey_interval <= monotime()) + return 1; + + /* Always rekey when MAX_PACKETS sent in either direction */ + if (state->p_send.packets > MAX_PACKETS || + state->p_read.packets > MAX_PACKETS) + return 1; + + /* Rekey after (cipher-specific) maxiumum blocks */ + out_blocks = roundup(outbound_packet_len, + state->newkeys[MODE_OUT]->enc.block_size); + return (state->max_blocks_out && + (state->p_send.blocks + out_blocks > state->max_blocks_out)) || + (state->max_blocks_in && + (state->p_read.blocks > state->max_blocks_in)); +} + /* * Delayed compression for SSH2 is enabled after authentication: * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, @@ -1091,6 +1197,20 @@ ssh_packet_enable_delayed_compress(struct ssh *ssh) return 0; } +/* Used to mute debug logging for noisy packet types */ +static int +ssh_packet_log_type(u_char type) +{ + switch (type) { + case SSH2_MSG_CHANNEL_DATA: + case SSH2_MSG_CHANNEL_EXTENDED_DATA: + case SSH2_MSG_CHANNEL_WINDOW_ADJUST: + return 0; + default: + return 1; + } +} + /* * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) */ @@ -1099,7 +1219,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh) { struct session_state *state = ssh->state; u_char type, *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; - u_char padlen, pad = 0; + u_char tmp, padlen, pad = 0; u_int authlen = 0, aadlen = 0; u_int len; struct sshenc *enc = NULL; @@ -1119,7 +1239,8 @@ ssh_packet_send2_wrapped(struct ssh *ssh) aadlen = (mac && mac->enabled && mac->etm) || authlen ? 4 : 0; type = (sshbuf_ptr(state->outgoing_packet))[5]; - + if (ssh_packet_log_type(type)) + debug3("send packet: type %u", type); #ifdef PACKET_DEBUG fprintf(stderr, "plain: "); sshbuf_dump(state->outgoing_packet, stderr); @@ -1158,14 +1279,24 @@ ssh_packet_send2_wrapped(struct ssh *ssh) if (padlen < 4) padlen += block_size; if (state->extra_pad) { - /* will wrap if extra_pad+padlen > 255 */ + tmp = state->extra_pad; state->extra_pad = roundup(state->extra_pad, block_size); - pad = state->extra_pad - - ((len + padlen) % state->extra_pad); + /* check if roundup overflowed */ + if (state->extra_pad < tmp) + return SSH_ERR_INVALID_ARGUMENT; + tmp = (len + padlen) % state->extra_pad; + /* Check whether pad calculation below will underflow */ + if (tmp > state->extra_pad) + return SSH_ERR_INVALID_ARGUMENT; + pad = state->extra_pad - tmp; DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)", __func__, pad, len, padlen, state->extra_pad)); + tmp = padlen; padlen += pad; + /* Check whether padlen calculation overflowed */ + if (padlen < tmp) + return SSH_ERR_INVALID_ARGUMENT; /* overflow */ state->extra_pad = 0; } if ((r = sshbuf_reserve(state->outgoing_packet, padlen, &cp)) != 0) @@ -1243,34 +1374,58 @@ ssh_packet_send2_wrapped(struct ssh *ssh) return r; } +/* returns non-zero if the specified packet type is usec by KEX */ +static int +ssh_packet_type_is_kex(u_char type) +{ + return + type >= SSH2_MSG_TRANSPORT_MIN && + type <= SSH2_MSG_TRANSPORT_MAX && + type != SSH2_MSG_SERVICE_REQUEST && + type != SSH2_MSG_SERVICE_ACCEPT && + type != SSH2_MSG_EXT_INFO; +} + int ssh_packet_send2(struct ssh *ssh) { struct session_state *state = ssh->state; struct packet *p; u_char type; - int r; + int r, need_rekey; + if (sshbuf_len(state->outgoing_packet) < 6) + return SSH_ERR_INTERNAL_ERROR; type = sshbuf_ptr(state->outgoing_packet)[5]; + need_rekey = !ssh_packet_type_is_kex(type) && + ssh_packet_need_rekeying(ssh, sshbuf_len(state->outgoing_packet)); - /* during rekeying we can only send key exchange messages */ - if (state->rekeying) { - if ((type < SSH2_MSG_TRANSPORT_MIN) || - (type > SSH2_MSG_TRANSPORT_MAX) || - (type == SSH2_MSG_SERVICE_REQUEST) || - (type == SSH2_MSG_SERVICE_ACCEPT)) { - debug("enqueue packet: %u", type); - p = calloc(1, sizeof(*p)); - if (p == NULL) - return SSH_ERR_ALLOC_FAIL; - p->type = type; - p->payload = state->outgoing_packet; - TAILQ_INSERT_TAIL(&state->outgoing, p, next); - state->outgoing_packet = sshbuf_new(); - if (state->outgoing_packet == NULL) - return SSH_ERR_ALLOC_FAIL; - return 0; + /* + * During rekeying we can only send key exchange messages. + * Queue everything else. + */ + if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) { + if (need_rekey) + debug3("%s: rekex triggered", __func__); + debug("enqueue packet: %u", type); + p = calloc(1, sizeof(*p)); + if (p == NULL) + return SSH_ERR_ALLOC_FAIL; + p->type = type; + p->payload = state->outgoing_packet; + TAILQ_INSERT_TAIL(&state->outgoing, p, next); + state->outgoing_packet = sshbuf_new(); + if (state->outgoing_packet == NULL) + return SSH_ERR_ALLOC_FAIL; + if (need_rekey) { + /* + * This packet triggered a rekey, so send the + * KEXINIT now. + * NB. reenters this function via kex_start_rekex(). + */ + return kex_start_rekex(ssh); } + return 0; } /* rekeying starts with sending KEXINIT */ @@ -1286,10 +1441,22 @@ ssh_packet_send2(struct ssh *ssh) state->rekey_time = monotime(); while ((p = TAILQ_FIRST(&state->outgoing))) { type = p->type; + /* + * If this packet triggers a rekex, then skip the + * remaining packets in the queue for now. + * NB. re-enters this function via kex_start_rekex. + */ + if (ssh_packet_need_rekeying(ssh, + sshbuf_len(p->payload))) { + debug3("%s: queued packet triggered rekex", + __func__); + return kex_start_rekex(ssh); + } debug("dequeue packet: %u", type); sshbuf_free(state->outgoing_packet); state->outgoing_packet = p->payload; TAILQ_REMOVE(&state->outgoing, p, next); + memset(p, 0, sizeof(*p)); free(p); if ((r = ssh_packet_send2_wrapped(ssh)) != 0) return r; @@ -1308,17 +1475,15 @@ int ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; - int len, r, ms_remain, cont; + int len, r, ms_remain; fd_set *setp; char buf[8192]; struct timeval timeout, start, *timeoutp = NULL; DBG(debug("packet_read()")); - int d = howmany(state->connection_in + 1, NFDBITS); - d = sizeof(fd_mask); + setp = calloc(howmany(state->connection_in + 1, NFDBITS), sizeof(fd_mask)); - if (setp == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1351,7 +1516,6 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) */ memset(setp, 0, howmany(state->connection_in + 1, NFDBITS) * sizeof(fd_mask)); - FD_SET(state->connection_in, setp); if (state->packet_timeout_ms > 0) { @@ -1381,11 +1545,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (r == 0) return SSH_ERR_CONN_TIMEOUT; /* Read data from the socket. */ - do { - cont = 0; - len = roaming_read(state->connection_in, buf, - sizeof(buf), &cont); - } while (len == 0 && cont); + len = read(state->connection_in, buf, sizeof(buf)); if (len == 0) { r = SSH_ERR_CONN_CLOSED; goto out; @@ -1592,7 +1752,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; u_int padlen, need; - u_char *cp, macbuf[SSH_DIGEST_MAX_LENGTH]; + u_char *cp; u_int maclen, aadlen = 0, authlen = 0, block_size; struct sshenc *enc = NULL; struct sshmac *mac = NULL; @@ -1629,6 +1789,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) logit("Bad packet length %u.", state->packlen); if ((r = sshpkt_disconnect(ssh, "Packet corrupt")) != 0) return r; + return SSH_ERR_CONN_CORRUPT; } sshbuf_reset(state->incoming_packet); } else if (state->packlen == 0) { @@ -1656,8 +1817,8 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) sshbuf_dump(state->incoming_packet, stderr); #endif logit("Bad packet length %u.", state->packlen); - return ssh_packet_start_discard(ssh, enc, mac, - state->packlen, PACKET_MAX_SIZE); + return ssh_packet_start_discard(ssh, enc, mac, 0, + PACKET_MAX_SIZE); } if ((r = sshbuf_consume(state->input, block_size)) != 0) goto out; @@ -1679,8 +1840,8 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if (need % block_size != 0) { logit("padding error: need %d block %d mod %d", need, block_size, need % block_size); - return ssh_packet_start_discard(ssh, enc, mac, - state->packlen, PACKET_MAX_SIZE - block_size); + return ssh_packet_start_discard(ssh, enc, mac, 0, + PACKET_MAX_SIZE - block_size); } /* * check if the entire packet has been received and @@ -1691,17 +1852,21 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) * 'maclen' bytes of message authentication code. */ if (sshbuf_len(state->input) < aadlen + need + authlen + maclen) - return 0; + return 0; /* packet is incomplete */ #ifdef PACKET_DEBUG fprintf(stderr, "read_poll enc/full: "); sshbuf_dump(state->input, stderr); #endif - /* EtM: compute mac over encrypted input */ + /* EtM: check mac over encrypted input */ if (mac && mac->enabled && mac->etm) { - if ((r = mac_compute(mac, state->p_read.seqnr, + if ((r = mac_check(mac, state->p_read.seqnr, sshbuf_ptr(state->input), aadlen + need, - macbuf, sizeof(macbuf))) != 0) + sshbuf_ptr(state->input) + aadlen + need + authlen, + maclen)) != 0) { + if (r == SSH_ERR_MAC_INVALID) + logit("Corrupted MAC on input."); goto out; + } } if ((r = sshbuf_reserve(state->incoming_packet, aadlen + need, &cp)) != 0) @@ -1711,26 +1876,22 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) goto out; if ((r = sshbuf_consume(state->input, aadlen + need + authlen)) != 0) goto out; - /* - * compute MAC over seqnr and packet, - * increment sequence number for incoming packet - */ if (mac && mac->enabled) { - if (!mac->etm) - if ((r = mac_compute(mac, state->p_read.seqnr, - sshbuf_ptr(state->incoming_packet), - sshbuf_len(state->incoming_packet), - macbuf, sizeof(macbuf))) != 0) + /* Not EtM: check MAC over cleartext */ + if (!mac->etm && (r = mac_check(mac, state->p_read.seqnr, + sshbuf_ptr(state->incoming_packet), + sshbuf_len(state->incoming_packet), + sshbuf_ptr(state->input), maclen)) != 0) { + if (r != SSH_ERR_MAC_INVALID) goto out; - if (timingsafe_bcmp(macbuf, sshbuf_ptr(state->input), - mac->mac_len) != 0) { logit("Corrupted MAC on input."); if (need > PACKET_MAX_SIZE) return SSH_ERR_INTERNAL_ERROR; return ssh_packet_start_discard(ssh, enc, mac, - state->packlen, PACKET_MAX_SIZE - need); + sshbuf_len(state->incoming_packet), + PACKET_MAX_SIZE - need); } - + /* Remove MAC from input buffer */ DBG(debug("MAC #%d ok", state->p_read.seqnr)); if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0) goto out; @@ -1783,6 +1944,8 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) */ if ((r = sshbuf_get_u8(state->incoming_packet, typep)) != 0) goto out; + if (ssh_packet_log_type(*typep)) + debug3("receive packet: type %u", *typep); if (*typep < SSH2_MSG_MIN || *typep >= SSH2_MSG_LOCAL_MIN) { if ((r = sshpkt_disconnect(ssh, "Invalid ssh2 packet type: %d", *typep)) != 0 || @@ -1802,6 +1965,13 @@ ssh_packet_read_poll2(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) #endif /* reset for next packet */ state->packlen = 0; + + /* do we need to rekey? */ + if (ssh_packet_need_rekeying(ssh, 0)) { + debug3("%s: rekex triggered", __func__); + if ((r = kex_start_rekex(ssh)) != 0) + return r; + } out: return r; } @@ -1832,8 +2002,7 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) if ((r = sshpkt_get_u8(ssh, NULL)) != 0 || (r = sshpkt_get_string(ssh, &msg, NULL)) != 0 || (r = sshpkt_get_string(ssh, NULL, NULL)) != 0) { - if (msg) - free(msg); + free(msg); return r; } debug("Remote: %.900s", msg); @@ -1847,8 +2016,9 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) do_log2(ssh->state->server_side && reason == SSH2_DISCONNECT_BY_APPLICATION ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, - "Received disconnect from %s: %u: %.400s", - ssh_remote_ipaddr(ssh), reason, msg); + "Received disconnect from %s port %d:" + "%u: %.400s", ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), reason, msg); free(msg); return SSH_ERR_DISCONNECTED; case SSH2_MSG_UNIMPLEMENTED: @@ -1876,8 +2046,9 @@ ssh_packet_read_poll_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) case SSH_MSG_DISCONNECT: if ((r = sshpkt_get_string(ssh, &msg, NULL)) != 0) return r; - error("Received disconnect from %s: %.400s", - ssh_remote_ipaddr(ssh), msg); + error("Received disconnect from %s port %d: " + "%.400s", ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), msg); free(msg); return SSH_ERR_DISCONNECTED; default: @@ -1967,21 +2138,19 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) { switch (r) { case SSH_ERR_CONN_CLOSED: - logit("Connection closed by %.200s", ssh_remote_ipaddr(ssh)); - cleanup_exit(255); + logdie("Connection closed by %.200s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); case SSH_ERR_CONN_TIMEOUT: - logit("Connection to %.200s timed out", ssh_remote_ipaddr(ssh)); - cleanup_exit(255); + logdie("Connection %s %.200s port %d timed out", + ssh->state->server_side ? "from" : "to", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); case SSH_ERR_DISCONNECTED: - logit("Disconnected from %.200s", - ssh_remote_ipaddr(ssh)); - cleanup_exit(255); + logdie("Disconnected from %.200s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); case SSH_ERR_SYSTEM_ERROR: - if (errno == ECONNRESET) { - logit("Connection reset by %.200s", - ssh_remote_ipaddr(ssh)); - cleanup_exit(255); - } + if (errno == ECONNRESET) + logdie("Connection reset by %.200s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); /* FALLTHROUGH */ case SSH_ERR_NO_CIPHER_ALG_MATCH: case SSH_ERR_NO_MAC_ALG_MATCH: @@ -1989,15 +2158,17 @@ sshpkt_fatal(struct ssh *ssh, const char *tag, int r) case SSH_ERR_NO_KEX_ALG_MATCH: case SSH_ERR_NO_HOSTKEY_ALG_MATCH: if (ssh && ssh->kex && ssh->kex->failed_choice) { - fatal("Unable to negotiate with %.200s: %s. " + logdie("Unable to negotiate with %.200s port %d: %s. " "Their offer: %s", ssh_remote_ipaddr(ssh), - ssh_err(r), ssh->kex->failed_choice); + ssh_remote_port(ssh), ssh_err(r), + ssh->kex->failed_choice); } /* FALLTHROUGH */ default: - fatal("%s%sConnection to %.200s: %s", + logdie("%s%sConnection %s %.200s port %d: %s", tag != NULL ? tag : "", tag != NULL ? ": " : "", - ssh_remote_ipaddr(ssh), ssh_err(r)); + ssh->state->server_side ? "from" : "to", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), ssh_err(r)); } } @@ -2054,19 +2225,18 @@ ssh_packet_write_poll(struct ssh *ssh) { struct session_state *state = ssh->state; int len = sshbuf_len(state->output); - int cont, r; + int r; if (len > 0) { - cont = 0; - len = roaming_write(state->connection_out, - sshbuf_ptr(state->output), len, &cont); + len = write(state->connection_out, + sshbuf_ptr(state->output), len); if (len == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) return 0; return SSH_ERR_SYSTEM_ERROR; } - if (len == 0 && !cont) + if (len == 0) return SSH_ERR_CONN_CLOSED; if ((r = sshbuf_consume(state->output, len)) != 0) return r; @@ -2088,14 +2258,15 @@ ssh_packet_write_wait(struct ssh *ssh) setp = calloc(howmany(state->connection_out + 1, NFDBITS), sizeof(fd_mask)); - if (setp == NULL) return SSH_ERR_ALLOC_FAIL; - ssh_packet_write_poll(ssh); + if ((r = ssh_packet_write_poll(ssh)) != 0) { + free(setp); + return r; + } while (ssh_packet_have_data_to_write(ssh)) { memset(setp, 0, howmany(state->connection_out + 1, NFDBITS) * sizeof(fd_mask)); - FD_SET(state->connection_out, setp); if (state->packet_timeout_ms > 0) { @@ -2280,29 +2451,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes) } } -#define MAX_PACKETS (1U<<31) -int -ssh_packet_need_rekeying(struct ssh *ssh) -{ - struct session_state *state = ssh->state; - - if (ssh->compat & SSH_BUG_NOREKEY) - return 0; - return - (state->p_send.packets > MAX_PACKETS) || - (state->p_read.packets > MAX_PACKETS) || - (state->max_blocks_out && - (state->p_send.blocks > state->max_blocks_out)) || - (state->max_blocks_in && - (state->p_read.blocks > state->max_blocks_in)) || - (state->rekey_interval != 0 && state->rekey_time + - state->rekey_interval <= monotime()); -} - void -ssh_packet_set_rekey_limits(struct ssh *ssh, u_int32_t bytes, time_t seconds) +ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds) { - debug3("rekey after %lld bytes, %d seconds", (long long)bytes, + debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes, (int)seconds); ssh->state->rekey_limit = bytes; ssh->state->rekey_interval = seconds; @@ -2342,58 +2494,6 @@ ssh_packet_get_output(struct ssh *ssh) return (void *)ssh->state->output; } -/* XXX TODO update roaming to new API (does not work anyway) */ -/* - * Save the state for the real connection, and use a separate state when - * resuming a suspended connection. - */ -void -ssh_packet_backup_state(struct ssh *ssh, - struct ssh *backup_state) -{ - struct ssh *tmp; - - close(ssh->state->connection_in); - ssh->state->connection_in = -1; - close(ssh->state->connection_out); - ssh->state->connection_out = -1; - if (backup_state) - tmp = backup_state; - else - tmp = ssh_alloc_session_state(); - backup_state = ssh; - ssh = tmp; -} - -/* XXX FIXME FIXME FIXME */ -/* - * Swap in the old state when resuming a connecion. - */ -void -ssh_packet_restore_state(struct ssh *ssh, - struct ssh *backup_state) -{ - struct ssh *tmp; - u_int len; - int r; - - tmp = backup_state; - backup_state = ssh; - ssh = tmp; - ssh->state->connection_in = backup_state->state->connection_in; - backup_state->state->connection_in = -1; - ssh->state->connection_out = backup_state->state->connection_out; - backup_state->state->connection_out = -1; - len = sshbuf_len(backup_state->state->input); - if (len > 0) { - if ((r = sshbuf_putb(ssh->state->input, - backup_state->state->input)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); - sshbuf_reset(backup_state->state->input); - add_recv_bytes(len); - } -} - /* Reset after_authentication and reset compression in post-auth privsep */ static int ssh_packet_set_postauth(struct ssh *ssh) @@ -2481,8 +2581,7 @@ newkeys_to_blob(struct sshbuf *m, struct ssh *ssh, int mode) goto out; r = sshbuf_put_stringb(m, b); out: - if (b != NULL) - sshbuf_free(b); + sshbuf_free(b); return r; } @@ -2513,7 +2612,7 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) if ((r = kex_to_blob(m, ssh->kex)) != 0 || (r = newkeys_to_blob(m, ssh, MODE_OUT)) != 0 || (r = newkeys_to_blob(m, ssh, MODE_IN)) != 0 || - (r = sshbuf_put_u32(m, state->rekey_limit)) != 0 || + (r = sshbuf_put_u64(m, state->rekey_limit)) != 0 || (r = sshbuf_put_u32(m, state->rekey_interval)) != 0 || (r = sshbuf_put_u32(m, state->p_send.seqnr)) != 0 || (r = sshbuf_put_u64(m, state->p_send.blocks)) != 0 || @@ -2547,11 +2646,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) (r = sshbuf_put_stringb(m, state->output)) != 0) return r; - if (compat20) { - if ((r = sshbuf_put_u64(m, get_sent_bytes())) != 0 || - (r = sshbuf_put_u64(m, get_recv_bytes())) != 0) - return r; - } return 0; } @@ -2620,10 +2714,8 @@ newkeys_from_blob(struct sshbuf *m, struct ssh *ssh, int mode) newkey = NULL; r = 0; out: - if (newkey != NULL) - free(newkey); - if (b != NULL) - sshbuf_free(b); + free(newkey); + sshbuf_free(b); return r; } @@ -2656,10 +2748,8 @@ kex_from_blob(struct sshbuf *m, struct kex **kexp) out: if (r != 0 || kexp == NULL) { if (kex != NULL) { - if (kex->my != NULL) - sshbuf_free(kex->my); - if (kex->peer != NULL) - sshbuf_free(kex->peer); + sshbuf_free(kex->my); + sshbuf_free(kex->peer); free(kex); } if (kexp != NULL) @@ -2682,7 +2772,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) size_t ssh1keylen, rlen, slen, ilen, olen; int r; u_int ssh1cipher = 0; - u_int64_t sent_bytes = 0, recv_bytes = 0; if (!compat20) { if ((r = sshbuf_get_u32(m, &state->remote_protocol_flags)) != 0 || @@ -2705,7 +2794,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) if ((r = kex_from_blob(m, &ssh->kex)) != 0 || (r = newkeys_from_blob(m, ssh, MODE_OUT)) != 0 || (r = newkeys_from_blob(m, ssh, MODE_IN)) != 0 || - (r = sshbuf_get_u32(m, &state->rekey_limit)) != 0 || + (r = sshbuf_get_u64(m, &state->rekey_limit)) != 0 || (r = sshbuf_get_u32(m, &state->rekey_interval)) != 0 || (r = sshbuf_get_u32(m, &state->p_send.seqnr)) != 0 || (r = sshbuf_get_u64(m, &state->p_send.blocks)) != 0 || @@ -2750,12 +2839,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) (r = sshbuf_put(state->output, output, olen)) != 0) return r; - if (compat20) { - if ((r = sshbuf_get_u64(m, &sent_bytes)) != 0 || - (r = sshbuf_get_u64(m, &recv_bytes)) != 0) - return r; - roam_set_bytes(sent_bytes, recv_bytes); - } if (sshbuf_len(m)) return SSH_ERR_INVALID_FORMAT; debug3("%s: done", __func__); diff --git a/packet.h b/packet.h index 7b06544..464d83b 100644 --- a/packet.h +++ b/packet.h @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.h,v 1.66 2015/01/30 01:13:33 djm Exp $ */ +/* $OpenBSD: packet.h,v 1.71 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen @@ -56,9 +56,11 @@ struct ssh { /* Key exchange */ struct kex *kex; - /* cached remote ip address and port*/ + /* cached local and remote ip addresses and ports */ char *remote_ipaddr; int remote_port; + char *local_ipaddr; + int local_port; /* Dispatcher table */ dispatch_fn *dispatch[DISPATCH_MAX]; @@ -86,6 +88,7 @@ int ssh_packet_get_connection_in(struct ssh *); int ssh_packet_get_connection_out(struct ssh *); void ssh_packet_close(struct ssh *); void ssh_packet_set_encryption_key(struct ssh *, const u_char *, u_int, int); +int ssh_packet_is_rekeying(struct ssh *); void ssh_packet_set_protocol_flags(struct ssh *, u_int); u_int ssh_packet_get_protocol_flags(struct ssh *); int ssh_packet_start_compression(struct ssh *, int); @@ -143,15 +146,13 @@ int ssh_packet_get_state(struct ssh *, struct sshbuf *); int ssh_packet_set_state(struct ssh *, struct sshbuf *); const char *ssh_remote_ipaddr(struct ssh *); +int ssh_remote_port(struct ssh *); +const char *ssh_local_ipaddr(struct ssh *); +int ssh_local_port(struct ssh *); -int ssh_packet_need_rekeying(struct ssh *); -void ssh_packet_set_rekey_limits(struct ssh *, u_int32_t, time_t); +void ssh_packet_set_rekey_limits(struct ssh *, u_int64_t, time_t); time_t ssh_packet_get_rekey_timeout(struct ssh *); -/* XXX FIXME */ -void ssh_packet_backup_state(struct ssh *, struct ssh *); -void ssh_packet_restore_state(struct ssh *, struct ssh *); - void *ssh_packet_get_input(struct ssh *); void *ssh_packet_get_output(struct ssh *); diff --git a/pam.c b/pam.c deleted file mode 100644 index 64dcc56..0000000 --- a/pam.c +++ /dev/null @@ -1,303 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2012, 2012 NoMachine - * All rights reserved - * - * Support functions for versatile PAM authentication. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifdef RUNTIME_LIBPAM - -#include -#include -#include - -#include "includes.h" -#include "log.h" - -#include "pam.h" - - -static PamDispatch _PamDispatch = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - -static void *_hLibrary = NULL; - -static int symbolLoadFailed() -{ - char* serror = dlerror(); - - if(serror) - { - error("Load PAM library: %s", serror); - - unloadPAM(); - - return 1; - } - - return 0; -} - - -int initPAM(const char *path) -{ - /* - * Default paths if not specified. - */ - - #ifdef __linux__ - char libpath[64] = "/usr/lib/libpam.so"; - #elif __APPLE__ - char libpath[64] = "/usr/lib/libpam.dylib"; - #endif - - if (path != NULL) - { - if (strlen(path) > 63) - { - error("invalid library path: the path is to long (>63)!"); - - return 0; - } - else - { - strcpy(libpath, path); - } - } - - _hLibrary = dlopen(libpath, RTLD_LAZY); - - if (!_hLibrary) - { - error("%s", dlerror()); - - return 0; - } - - debug("PAM library loaded!"); - - _PamDispatch.pam_start = dlsym(_hLibrary, "pam_start"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_end = dlsym(_hLibrary, "pam_end"); - - if (symbolLoadFailed()) - { - return 0; - } - debug("symbol loaded!"); - - _PamDispatch.pam_setcred = dlsym(_hLibrary, "pam_setcred"); - - if (symbolLoadFailed()) - { - return 0; - } - debug("symbol loaded!"); - - _PamDispatch.pam_strerror = dlsym(_hLibrary, "pam_strerror"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_set_item = dlsym(_hLibrary, "pam_set_item"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_authenticate = dlsym(_hLibrary, "pam_authenticate"); - - if (symbolLoadFailed()) - { - return 0; - } - debug("symbol loaded!"); - - _PamDispatch.pam_chauthtok = dlsym(_hLibrary, "pam_chauthtok"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_getenvlist = dlsym(_hLibrary, "pam_getenvlist"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_close_session = dlsym(_hLibrary, "pam_close_session"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_putenv = dlsym(_hLibrary, "pam_putenv"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_acct_mgmt = dlsym(_hLibrary, "pam_acct_mgmt"); - - if (symbolLoadFailed()) - { - return 0; - } - debug("symbol loaded!"); - - _PamDispatch.pam_get_item = dlsym(_hLibrary, "pam_get_item"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - _PamDispatch.pam_open_session = dlsym(_hLibrary, "pam_open_session"); - - if (symbolLoadFailed()) - { - return 0; - } - - debug("symbol loaded!"); - - - return 1; -} - -void unloadPAM() -{ - if(_hLibrary) - { - dlclose(_hLibrary); - - _hLibrary = NULL; - - debug("libpam unloaded!"); - } -} - -// -// Wrapper functions for libpam symbols -// - -const char* pam_strerror(pam_handle_t *pamh, int errnum) -{ - return _PamDispatch.pam_strerror(pamh,errnum); -} - -int PAM_NONNULL((1,3,4)) pam_start(const char *service_name,const char *user, - const struct pam_conv *pam_conversation, - pam_handle_t **pamh) -{ - return _PamDispatch.pam_start(service_name,user,pam_conversation,pamh); -} - -int PAM_NONNULL((1)) pam_end(pam_handle_t *pamh, int pam_status) -{ - return _PamDispatch.pam_end(pamh,pam_status); -} - -int PAM_NONNULL((1)) pam_setcred(pam_handle_t *pamh, int flags) -{ - return _PamDispatch.pam_setcred(pamh,flags); -} - -int PAM_NONNULL((1)) pam_set_item(pam_handle_t *pamh,int item_type, - const void *item) -{ - return _PamDispatch.pam_set_item(pamh,item_type,item); -} - -int PAM_NONNULL((1)) pam_authenticate(pam_handle_t *pamh, int flags) -{ - return _PamDispatch.pam_authenticate(pamh,flags); -} - -int PAM_NONNULL((1)) pam_chauthtok(pam_handle_t *pamh, int flags) -{ - return _PamDispatch.pam_chauthtok(pamh,flags); -} - -char** PAM_NONNULL((1)) pam_getenvlist(pam_handle_t *pamh) -{ - return _PamDispatch.pam_getenvlist(pamh); -} - -int PAM_NONNULL((1)) pam_close_session(pam_handle_t *pamh, int flags) -{ - return _PamDispatch.pam_close_session(pamh,flags); -} - -int PAM_NONNULL((1,2)) pam_putenv(pam_handle_t *pamh, const char *name_value) -{ - return _PamDispatch.pam_putenv(pamh,name_value); -} - -int PAM_NONNULL((1)) pam_acct_mgmt(pam_handle_t *pamh, int flags) -{ - return _PamDispatch.pam_acct_mgmt(pamh,flags); -} - -int PAM_NONNULL((1)) pam_get_item(const pam_handle_t *pamh,int item_type, - const void **item) -{ - return _PamDispatch.pam_get_item(pamh,item_type,item); -} - -int PAM_NONNULL((1)) pam_open_session(pam_handle_t *pamh, int flags) -{ - return _PamDispatch.pam_open_session(pamh,flags); -} - -#endif /* RUNTIME_LIBPAM */ diff --git a/pam.h b/pam.h deleted file mode 100644 index 7381446..0000000 --- a/pam.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Author: NoMachine - * - * Copyright (c) 2012, 2012 NoMachine - * All rights reserved - * - * Support functions for versatile PAM authentication. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifdef RUNTIME_LIBPAM - -#ifndef PAM_H -#define PAM_H - -#include -#include - - -int initPAM(const char* path); -void unloadPAM(); - - -typedef const char* (*pam_strerror_ptr)(pam_handle_t *pamh, int errnum); - - -typedef int PAM_NONNULL((1,3,4)) (*pam_start_ptr) - (const char *service_name, - const char *user, - const struct pam_conv *pam_conversation, - pam_handle_t **pamh); - -typedef int PAM_NONNULL((1)) (*pam_end_ptr)(pam_handle_t *pamh, int pam_status); - -typedef int PAM_NONNULL((1)) (*pam_setcred_ptr)(pam_handle_t *pamh, int flags); - -typedef int PAM_NONNULL((1)) (*pam_set_item_ptr)(pam_handle_t *pamh, - int item_type, - const void *item); - -typedef int PAM_NONNULL((1)) (*pam_authenticate_ptr)(pam_handle_t *pamh, int flags); - -typedef int PAM_NONNULL((1)) (*pam_chauthtok_ptr)(pam_handle_t *pamh, int flags); - -typedef char** PAM_NONNULL((1)) (*pam_getenvlist_ptr)(pam_handle_t *pamh); - -typedef int PAM_NONNULL((1)) (*pam_close_session_ptr)(pam_handle_t *pamh, - int flags); - -typedef int PAM_NONNULL((1,2)) (*pam_putenv_ptr)(pam_handle_t *pamh, - const char *name_value); - -typedef int PAM_NONNULL((1)) (*pam_acct_mgmt_ptr)(pam_handle_t *pamh, int flags); - -typedef int PAM_NONNULL((1)) (*pam_get_item_ptr)(const pam_handle_t *pamh, - int item_type, - const void **item); - -typedef int PAM_NONNULL((1)) (*pam_open_session_ptr)(pam_handle_t *pamh, int flags); - - - -typedef struct -{ - pam_start_ptr pam_start; - pam_end_ptr pam_end; - pam_setcred_ptr pam_setcred; - pam_strerror_ptr pam_strerror; - pam_set_item_ptr pam_set_item; - pam_authenticate_ptr pam_authenticate; - pam_chauthtok_ptr pam_chauthtok; - pam_getenvlist_ptr pam_getenvlist; - pam_close_session_ptr pam_close_session; - pam_putenv_ptr pam_putenv; - pam_acct_mgmt_ptr pam_acct_mgmt; - pam_get_item_ptr pam_get_item; - pam_open_session_ptr pam_open_session; -} PamDispatch; - - -#endif // PAM_H - -#endif /* RUNTIME_LIBPAM */ diff --git a/pathnames.h b/pathnames.h index 0ec283a..f5e11ab 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.24 2013/12/06 13:39:49 markus Exp $ */ +/* $OpenBSD: pathnames.h,v 1.25 2016/03/31 05:24:06 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -34,7 +34,6 @@ * Of these, ssh_host_key must be readable only by root, whereas ssh_config * should be world-readable. */ - #define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config" #define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config" #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" @@ -43,8 +42,6 @@ #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" #define _PATH_DH_MODULI SSHDIR "/moduli" -/* Backwards compatibility */ -#define _PATH_DH_PRIMES SSHDIR "/primes" #ifndef _PATH_SSH_PROGRAM #define _PATH_SSH_PROGRAM "/usr/bin/ssh" @@ -140,8 +137,6 @@ #define _PATH_XAUTH "/usr/X11R6/bin/xauth" #endif - - /* UNIX domain socket for X11 server; displaynum will replace %u */ #ifndef _PATH_UNIX_X #define _PATH_UNIX_X "/tmp/.X11-unix/X%u" diff --git a/platform-pledge.c b/platform-pledge.c new file mode 100644 index 0000000..4a6ec15 --- /dev/null +++ b/platform-pledge.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2015 Joyent, Inc + * Author: Alex Wilson + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#include + +#include +#include + +#include "platform.h" + +#include "openbsd-compat/openbsd-compat.h" + +/* + * Drop any fine-grained privileges that are not needed for post-startup + * operation of ssh-agent + * + * Should be as close as possible to pledge("stdio cpath unix id proc exec", ...) + */ +void +platform_pledge_agent(void) +{ +#ifdef USE_SOLARIS_PRIVS + /* + * Note: Solaris priv dropping is closer to tame() than pledge(), but + * we will use what we have. + */ + solaris_drop_privs_root_pinfo_net(); +#endif +} + +/* + * Drop any fine-grained privileges that are not needed for post-startup + * operation of sftp-server + */ +void +platform_pledge_sftp_server(void) +{ +#ifdef USE_SOLARIS_PRIVS + solaris_drop_privs_pinfo_net_fork_exec(); +#endif +} + +/* + * Drop any fine-grained privileges that are not needed for the post-startup + * operation of the SSH client mux + * + * Should be as close as possible to pledge("stdio proc tty", ...) + */ +void +platform_pledge_mux(void) +{ +#ifdef USE_SOLARIS_PRIVS + solaris_drop_privs_root_pinfo_net_exec(); +#endif +} diff --git a/roaming_dummy.c b/platform-tracing.c similarity index 51% rename from roaming_dummy.c rename to platform-tracing.c index 837de69..81020e7 100644 --- a/roaming_dummy.c +++ b/platform-tracing.c @@ -1,6 +1,5 @@ -/* $OpenBSD: roaming_dummy.c,v 1.4 2015/01/19 19:52:16 markus Exp $ */ /* - * Copyright (c) 2004-2009 AppGate Network Security AB + * Copyright (c) 2016 Darren Tucker. All rights reserved. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -15,58 +14,30 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* - * This file is included in the client programs which should not - * support roaming. - */ - #include "includes.h" #include -#include +#if defined(HAVE_SYS_PRCTL_H) +#include /* For prctl() and PR_SET_DUMPABLE */ +#endif +#ifdef HAVE_PRIV_H +#include /* For setpflags() and __PROC_PROTECT */ +#endif +#include -#include "roaming.h" - -int resume_in_progress = 0; - -u_int64_t -get_recv_bytes(void) -{ - return 0; -} - -u_int64_t -get_sent_bytes(void) -{ - return 0; -} +#include "log.h" void -roam_set_bytes(u_int64_t sent, u_int64_t recvd) +platform_disable_tracing(int strict) { -} - -ssize_t -roaming_write(int fd, const void *buf, size_t count, int *cont) -{ - return write(fd, buf, count); -} - -ssize_t -roaming_read(int fd, void *buf, size_t count, int *cont) -{ - if (cont) - *cont = 0; - return read(fd, buf, count); -} - -void -add_recv_bytes(u_int64_t num) -{ -} - -int -resume_kex(void) -{ - return 1; +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Disable ptrace on Linux without sgid bit */ + if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) + fatal("unable to make the process undumpable"); +#endif +#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT) + /* On Solaris, we should make this process untraceable */ + if (setpflags(__PROC_PROTECT, 1) != 0 && strict) + fatal("unable to make the process untraceable"); +#endif } diff --git a/platform.c b/platform.c index ee313da..acf8554 100644 --- a/platform.c +++ b/platform.c @@ -18,8 +18,6 @@ #include "includes.h" -#include - #include #include @@ -107,8 +105,12 @@ platform_setusercontext(struct passwd *pw) #endif #ifdef USE_SOLARIS_PROJECTS - /* if solaris projects were detected, set the default now */ - if (getuid() == 0 || geteuid() == 0) + /* + * If solaris projects were detected, set the default now, unless + * we are using PAM in which case it is the responsibility of the + * PAM stack. + */ + if (!options.use_pam && (getuid() == 0 || geteuid() == 0)) solaris_set_default_project(pw); #endif diff --git a/platform.h b/platform.h index 1c7a45d..e97ecd9 100644 --- a/platform.h +++ b/platform.h @@ -31,3 +31,9 @@ void platform_setusercontext_post_groups(struct passwd *); char *platform_get_krb5_client(const char *); char *platform_krb5_get_principal_name(const char *); int platform_sys_dir_uid(uid_t); +void platform_disable_tracing(int); + +/* in platform-pledge.c */ +void platform_pledge_agent(void); +void platform_pledge_sftp_server(void); +void platform_pledge_mux(void); diff --git a/progressmeter.c b/progressmeter.c index 2bd1795..452ae21 100644 --- a/progressmeter.c +++ b/progressmeter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.41 2015/01/14 13:54:13 djm Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -63,8 +63,8 @@ void refresh_progress_meter(void); /* signal handler for updating the progress meter */ static void update_progress_meter(int); -static time_t start; /* start progress */ -static time_t last_update; /* last progress update */ +static double start; /* start progress */ +static double last_update; /* last progress update */ static const char *file; /* name of the file being transferred */ static off_t start_pos; /* initial position of transfer */ static off_t end_pos; /* ending position of transfer */ @@ -89,7 +89,7 @@ can_output(void) return (getpgrp() == tcgetpgrp(STDOUT_FILENO)); #else DWORD dwProcessId = -1; - if (GetWindowThreadProcessId(GetStdHandle(STD_OUTPUT_HANDLE), &dwProcessId)) { + if (GetWindowThreadProcessId(STDOUT_FILENO, &dwProcessId)) { return(GetCurrentProcess() == dwProcessId); } else { @@ -134,9 +134,8 @@ void refresh_progress_meter(void) { char buf[MAX_WINSIZE + 1]; - time_t now; off_t transferred; - double elapsed; + double elapsed, now; int percent; off_t bytes_left; int cur_speed; @@ -146,7 +145,7 @@ refresh_progress_meter(void) transferred = *counter - (cur_pos ? cur_pos : start_pos); cur_pos = *counter; - now = monotime(); + now = monotime_double(); bytes_left = end_pos - cur_pos; if (bytes_left > 0) @@ -186,10 +185,10 @@ refresh_progress_meter(void) } /* percent of transfer done */ - if (end_pos != 0) - percent = ((float)cur_pos / end_pos) * 100; - else + if (end_pos == 0 || cur_pos == end_pos) percent = 100; + else + percent = ((float)cur_pos / end_pos) * 100; snprintf(buf + strlen(buf), win_size - strlen(buf), " %3d%% ", percent); @@ -238,8 +237,8 @@ refresh_progress_meter(void) } #ifdef WINDOWS - wchar_t* wtmp = utf8_to_utf16(buf); - WriteConsoleW(GetStdHandle(STD_OUTPUT_HANDLE), wtmp, wcslen(wtmp), 0, 0); + wchar_t* wtmp = utf8_to_utf16(buf); + WriteConsoleW(GetStdHandle(STD_OUTPUT_HANDLE), wtmp, wcslen(wtmp), 0, 0); free(wtmp); #else atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); @@ -270,7 +269,7 @@ update_progress_meter(int ignore) void start_progress_meter(const char *f, off_t filesize, off_t *ctr) { - start = last_update = monotime(); + start = last_update = monotime_double(); file = f; start_pos = *ctr; end_pos = filesize; @@ -283,7 +282,6 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) if (can_output()) refresh_progress_meter(); - signal(SIGALRM, update_progress_meter); signal(SIGWINCH, sig_winch); alarm(UPDATE_INTERVAL); @@ -301,7 +299,11 @@ stop_progress_meter(void) if (cur_pos != end_pos) refresh_progress_meter(); - atomicio(vwrite, STDOUT_FILENO, "\n", 1); +#ifdef WINDOWS + WriteConsoleW(GetStdHandle(STD_OUTPUT_HANDLE), L"\n", 1, 0, 0); +#else + atomicio(vwrite, STDOUT_FILENO, "\n", 1); +#endif } /*ARGSUSED*/ @@ -314,19 +316,16 @@ sig_winch(int sig) static void setscreensize(void) { -#ifndef WINDOWS - struct winsize winsize; + struct winsize winsize; - if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 && - winsize.ws_col != 0) { - if (winsize.ws_col > MAX_WINSIZE) - win_size = MAX_WINSIZE; - else - win_size = winsize.ws_col; - } else - win_size = DEFAULT_WINSIZE; - win_size += 1; /* trailing \0 */ -#else - win_size = ConScreenSizeX() + 1; -#endif + if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 && + winsize.ws_col != 0) { + if (winsize.ws_col > MAX_WINSIZE) + win_size = MAX_WINSIZE; + else + win_size = winsize.ws_col; + } + else + win_size = DEFAULT_WINSIZE; + win_size += 1; /* trailing \0 */ } diff --git a/readconf.c b/readconf.c index 0894cd3..be74889 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.239 2015/07/30 00:01:34 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.259 2016/07/22 03:35:11 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -39,6 +39,11 @@ #include #include #include +#ifdef USE_SYSTEM_GLOB +# include +#else +# include "openbsd-compat/glob.h" +#endif #ifdef HAVE_UTIL_H #include #endif @@ -125,16 +130,24 @@ */ +static int read_config_file_depth(const char *filename, struct passwd *pw, + const char *host, const char *original_host, Options *options, + int flags, int *activep, int depth); +static int process_config_line_depth(Options *options, struct passwd *pw, + const char *host, const char *original_host, char *line, + const char *filename, int linenum, int *activep, int flags, int depth); + /* Keyword tokens. */ typedef enum { oBadOption, - oHost, oMatch, + oHost, oMatch, oInclude, oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout, oGatewayPorts, oExitOnForwardFailure, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, + oCertificateFile, oAddKeysToAgent, oIdentityAgent, oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, @@ -151,15 +164,14 @@ typedef enum { oSendEnv, oControlPath, oControlMaster, oControlPersist, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, - oVisualHostKey, oUseRoaming, + oVisualHostKey, oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, - oPubkeyAcceptedKeyTypes, - oIgnoredUnknownOption, - oDeprecated, oUnsupported + oPubkeyAcceptedKeyTypes, oProxyJump, + oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; /* Textual representations of the tokens. */ @@ -203,6 +215,9 @@ static struct { { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* obsolete */ { "identitiesonly", oIdentitiesOnly }, + { "certificatefile", oCertificateFile }, + { "addkeystoagent", oAddKeysToAgent }, + { "identityagent", oIdentityAgent }, { "hostname", oHostName }, { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, @@ -256,12 +271,13 @@ static struct { { "controlmaster", oControlMaster }, { "controlpersist", oControlPersist }, { "hashknownhosts", oHashKnownHosts }, + { "include", oInclude }, { "tunnel", oTunnel }, { "tunneldevice", oTunnelDevice }, { "localcommand", oLocalCommand }, { "permitlocalcommand", oPermitLocalCommand }, { "visualhostkey", oVisualHostKey }, - { "useroaming", oUseRoaming }, + { "useroaming", oDeprecated }, { "kexalgorithms", oKexAlgorithms }, { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, @@ -279,14 +295,11 @@ static struct { { "hostbasedkeytypes", oHostbasedKeyTypes }, { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, { "ignoreunknown", oIgnoreUnknown }, + { "proxyjump", oProxyJump }, + { NULL, oBadOption } }; -#ifdef WIN32_FIXME -char user_hostfile_name[MAX_PATH] ; // full path of "known_hosts" -char user_hostfile_name2[MAX_PATH] ; // full path of "known_hosts2" -#endif - /* * Adds a local TCP/IP port forward to options. Never returns if there is an * error. @@ -296,12 +309,17 @@ void add_local_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; -#ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; + int i; + if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); -#endif + /* Don't add duplicates */ + for (i = 0; i < options->num_local_forwards; i++) { + if (forward_equals(newfwd, options->local_forwards + i)) + return; + } options->local_forwards = xreallocarray(options->local_forwards, options->num_local_forwards + 1, sizeof(*options->local_forwards)); @@ -324,7 +342,13 @@ void add_remote_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; + int i; + /* Don't add duplicates */ + for (i = 0; i < options->num_remote_forwards; i++) { + if (forward_equals(newfwd, options->remote_forwards + i)) + return; + } options->remote_forwards = xreallocarray(options->remote_forwards, options->num_remote_forwards + 1, sizeof(*options->remote_forwards)); @@ -370,15 +394,33 @@ clear_forwardings(Options *options) options->tun_open = SSH_TUNMODE_NO; } -#ifdef WIN32_FIXME void -add_identity_file(Options *options, const char *dir, const char *filename, - int userprovided, struct passwd *pw) -#else +add_certificate_file(Options *options, const char *path, int userprovided) +{ + int i; + + if (options->num_certificate_files >= SSH_MAX_CERTIFICATE_FILES) + fatal("Too many certificate files specified (max %d)", + SSH_MAX_CERTIFICATE_FILES); + + /* Avoid registering duplicates */ + for (i = 0; i < options->num_certificate_files; i++) { + if (options->certificate_file_userprovided[i] == userprovided && + strcmp(options->certificate_files[i], path) == 0) { + debug2("%s: ignoring duplicate key %s", __func__, path); + return; + } + } + + options->certificate_file_userprovided[options->num_certificate_files] = + userprovided; + options->certificate_files[options->num_certificate_files++] = + xstrdup(path); +} + void add_identity_file(Options *options, const char *dir, const char *filename, int userprovided) -#endif { char *path; int i; @@ -390,12 +432,7 @@ add_identity_file(Options *options, const char *dir, const char *filename, if (dir == NULL) /* no dir, filename is absolute */ path = xstrdup(filename); else - #ifndef WIN32_FIXME (void)xasprintf(&path, "%.100s%.100s", dir, filename); - #else - if ( strcmp(dir, "~/") == 0) - (void)xasprintf(&path, "%.100s\\%.100s", pw->pw_dir, filename); - #endif /* Avoid registering duplicates */ for (i = 0; i < options->num_identity_files; i++) { @@ -445,12 +482,6 @@ execute_in_shell(const char *cmd) if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; - /* - * Use "exec" to avoid "sh -c" processes on some platforms - * (e.g. Solaris) - */ - xasprintf(&command_string, "exec %s", cmd); - /* Need this to redirect subprocess stdin/out */ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) fatal("open(/dev/null): %s", strerror(errno)); @@ -475,7 +506,7 @@ execute_in_shell(const char *cmd) argv[0] = shell; argv[1] = "-c"; - argv[2] = command_string; + argv[2] = xstrdup(cmd); argv[3] = NULL; execv(argv[0], argv); @@ -490,7 +521,6 @@ execute_in_shell(const char *cmd) fatal("%s: fork: %.100s", __func__, strerror(errno)); close(devnull); - free(command_string); while (waitpid(pid, &status, 0) == -1) { if (errno != EINTR && errno != EAGAIN) @@ -524,12 +554,15 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, */ port = options->port <= 0 ? default_ssh_port() : options->port; ruser = options->user == NULL ? pw->pw_name : options->user; - if (options->hostname != NULL) { + if (post_canon) { + host = xstrdup(options->hostname); + } else if (options->hostname != NULL) { /* NB. Please keep in sync with ssh.c:main() */ host = percent_expand(options->hostname, "h", host_arg, (char *)NULL); - } else + } else { host = xstrdup(host_arg); + } debug2("checking match for '%s' host %s originally %s", cp, host, original_host); @@ -715,6 +748,15 @@ static const struct multistate multistate_yesnoask[] = { { "ask", 2 }, { NULL, -1 } }; +static const struct multistate multistate_yesnoaskconfirm[] = { + { "true", 1 }, + { "false", 0 }, + { "yes", 1 }, + { "no", 0 }, + { "ask", 2 }, + { "confirm", 3 }, + { NULL, -1 } +}; static const struct multistate multistate_addressfamily[] = { { "inet", AF_INET }, { "inet6", AF_INET6 }, @@ -762,22 +804,32 @@ static const struct multistate multistate_canonicalizehostname[] = { * Processes a single option line as used in the configuration files. This * only sets those values that have not already been set. */ -#define WHITESPACE " \t\r\n" int process_config_line(Options *options, struct passwd *pw, const char *host, const char *original_host, char *line, const char *filename, int linenum, int *activep, int flags) +{ + return process_config_line_depth(options, pw, host, original_host, + line, filename, linenum, activep, flags, 0); +} + +#define WHITESPACE " \t\r\n" +static int +process_config_line_depth(Options *options, struct passwd *pw, const char *host, + const char *original_host, char *line, const char *filename, + int linenum, int *activep, int flags, int depth) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; char **cpptr, fwdarg[256]; u_int i, *uintptr, max_entries = 0; - int negated, opcode, *intptr, value, value2, cmdline = 0; + int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; LogLevel *log_level_ptr; long long val64; size_t len; struct Forward fwd; const struct multistate *multistate_ptr; struct allowed_cname *cname; + glob_t gl; if (activep == NULL) { /* We are processing a command line directive */ cmdline = 1; @@ -969,16 +1021,12 @@ parse_time: if (scan_scaled(arg, &val64) == -1) fatal("%.200s line %d: Bad number '%s': %s", filename, linenum, arg, strerror(errno)); - /* check for too-large or too-small limits */ - if (val64 > UINT_MAX) - fatal("%.200s line %d: RekeyLimit too large", - filename, linenum); if (val64 != 0 && val64 < 16) fatal("%.200s line %d: RekeyLimit too small", filename, linenum); } if (*activep && options->rekey_limit == -1) - options->rekey_limit = (u_int32_t)val64; + options->rekey_limit = val64; if (s != NULL) { /* optional rekey interval present */ if (strcmp(s, "none") == 0) { (void)strdelim(&s); /* discard */ @@ -998,13 +1046,26 @@ parse_time: if (*intptr >= SSH_MAX_IDENTITY_FILES) fatal("%.200s line %d: Too many identity files specified (max %d).", filename, linenum, SSH_MAX_IDENTITY_FILES); -#ifdef WIN32_FIXME - add_identity_file(options, NULL, - arg, flags & SSHCONF_USERCONF, pw); -#else - add_identity_file(options, NULL, + add_identity_file(options, NULL, arg, flags & SSHCONF_USERCONF); -#endif + } + break; + + case oCertificateFile: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing argument.", + filename, linenum); + if (*activep) { + intptr = &options->num_certificate_files; + if (*intptr >= SSH_MAX_CERTIFICATE_FILES) { + fatal("%.200s line %d: Too many certificate " + "files specified (max %d).", + filename, linenum, + SSH_MAX_CERTIFICATE_FILES); + } + add_certificate_file(options, arg, + flags & SSHCONF_USERCONF); } break; @@ -1067,6 +1128,9 @@ parse_char_array: case oProxyCommand: charptr = &options->proxy_command; + /* Ignore ProxyCommand if ProxyJump already specified */ + if (options->jump_host != NULL) + charptr = &options->jump_host; /* Skip below */ parse_command: if (s == NULL) fatal("%.200s line %d: Missing argument.", filename, linenum); @@ -1075,6 +1139,18 @@ parse_command: *charptr = xstrdup(s + len); return 0; + case oProxyJump: + if (s == NULL) { + fatal("%.200s line %d: Missing argument.", + filename, linenum); + } + len = strspn(s, WHITESPACE "="); + if (parse_jump(s + len, options, *activep) == -1) { + fatal("%.200s line %d: Invalid ProxyJump \"%s\"", + filename, linenum, s + len); + } + return 0; + case oPort: intptr = &options->port; parse_int: @@ -1228,6 +1304,8 @@ parse_keytypes: *activep = 0; arg2 = NULL; while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + if ((flags & SSHCONF_NEVERMATCH) != 0) + break; negated = *arg == '!'; if (negated) arg++; @@ -1260,7 +1338,7 @@ parse_keytypes: if (value < 0) fatal("%.200s line %d: Bad Match condition", filename, linenum); - *activep = value; + *activep = (flags & SSHCONF_NEVERMATCH) ? 0 : value; break; case oEscapeChar: @@ -1388,6 +1466,63 @@ parse_keytypes: intptr = &options->visual_host_key; goto parse_flag; + case oInclude: + if (cmdline) + fatal("Include directive not supported as a " + "command-line option"); + value = 0; + while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + /* + * Ensure all paths are anchored. User configuration + * files may begin with '~/' but system configurations + * must not. If the path is relative, then treat it + * as living in ~/.ssh for user configurations or + * /etc/ssh for system ones. + */ + if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0) + fatal("%.200s line %d: bad include path %s.", + filename, linenum, arg); + if (*arg != '/' && *arg != '~') { + xasprintf(&arg2, "%s/%s", + (flags & SSHCONF_USERCONF) ? + "~/" _PATH_SSH_USER_DIR : SSHDIR, arg); + } else + arg2 = xstrdup(arg); + memset(&gl, 0, sizeof(gl)); + r = glob(arg2, GLOB_TILDE, NULL, &gl); + if (r == GLOB_NOMATCH) { + debug("%.200s line %d: include %s matched no " + "files",filename, linenum, arg2); + continue; + } else if (r != 0 || gl.gl_pathc < 0) + fatal("%.200s line %d: glob failed for %s.", + filename, linenum, arg2); + free(arg2); + oactive = *activep; + for (i = 0; i < (u_int)gl.gl_pathc; i++) { + debug3("%.200s line %d: Including file %s " + "depth %d%s", filename, linenum, + gl.gl_pathv[i], depth, + oactive ? "" : " (parse only)"); + r = read_config_file_depth(gl.gl_pathv[i], + pw, host, original_host, options, + flags | SSHCONF_CHECKPERM | + (oactive ? 0 : SSHCONF_NEVERMATCH), + activep, depth + 1); + /* + * don't let Match in includes clobber the + * containing file's Match state. + */ + *activep = oactive; + if (r != 1) + value = -1; + } + globfree(&gl); + } + if (value != 0) + return value; + break; + case oIPQoS: arg = strdelim(&s); if ((value = parse_ipqos(arg)) == -1) @@ -1405,10 +1540,6 @@ parse_keytypes: } break; - case oUseRoaming: - intptr = &options->use_roaming; - goto parse_flag; - case oRequestTTY: intptr = &options->request_tty; multistate_ptr = multistate_requesttty; @@ -1521,7 +1652,16 @@ parse_keytypes: case oPubkeyAcceptedKeyTypes: charptr = &options->pubkey_key_types; - goto parse_keytypes; + goto parse_keytypes; + + case oAddKeysToAgent: + intptr = &options->add_keys_to_agent; + multistate_ptr = multistate_yesnoaskconfirm; + goto parse_multistate; + + case oIdentityAgent: + charptr = &options->identity_agent; + goto parse_string; case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", @@ -1545,22 +1685,35 @@ parse_keytypes: return 0; } - /* * Reads the config file and modifies the options accordingly. Options * should already be initialized before this call. This never returns if * there is an error. If the file does not exist, this returns 0. */ - int read_config_file(const char *filename, struct passwd *pw, const char *host, const char *original_host, Options *options, int flags) +{ + int active = 1; + + return read_config_file_depth(filename, pw, host, original_host, + options, flags, &active, 0); +} + +#define READCONF_MAX_DEPTH 16 +static int +read_config_file_depth(const char *filename, struct passwd *pw, + const char *host, const char *original_host, Options *options, + int flags, int *activep, int depth) { FILE *f; char line[1024]; - int active, linenum; + int linenum; int bad_options = 0; + if (depth < 0 || depth > READCONF_MAX_DEPTH) + fatal("Too many recursive configuration includes"); + if ((f = fopen(filename, "r")) == NULL) return 0; @@ -1570,7 +1723,6 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, if (fstat(fileno(f), &sb) == -1) fatal("fstat %s: %s", filename, strerror(errno)); - if (((sb.st_uid != 0 && sb.st_uid != getuid()) || (sb.st_mode & 022) != 0)) fatal("Bad owner or permissions on %s", filename); @@ -1582,13 +1734,12 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, * Mark that we are now processing the options. This flag is turned * on/off by Host specifications. */ - active = 1; linenum = 0; while (fgets(line, sizeof(line), f)) { /* Update line number counter. */ linenum++; - if (process_config_line(options, pw, host, original_host, - line, filename, linenum, &active, flags) != 0) + if (process_config_line_depth(options, pw, host, original_host, + line, filename, linenum, activep, flags, depth) != 0) bad_options++; } fclose(f); @@ -1620,6 +1771,9 @@ initialize_options(Options * options) options->forward_x11 = -1; options->forward_x11_trusted = -1; options->forward_x11_timeout = -1; + options->stdio_forward_host = NULL; + options->stdio_forward_port = 0; + options->clear_forwardings = -1; options->exit_on_forward_failure = -1; options->xauth_location = NULL; options->fwd_opts.gateway_ports = -1; @@ -1654,9 +1808,14 @@ initialize_options(Options * options) options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; + options->num_certificate_files = 0; options->hostname = NULL; options->host_key_alias = NULL; options->proxy_command = NULL; + options->jump_user = NULL; + options->jump_host = NULL; + options->jump_port = -1; + options->jump_extra = NULL; options->user = NULL; options->escape_char = -1; options->num_system_hostfiles = 0; @@ -1665,7 +1824,6 @@ initialize_options(Options * options) options->num_local_forwards = 0; options->remote_forwards = NULL; options->num_remote_forwards = 0; - options->clear_forwardings = -1; options->log_level = SYSLOG_LEVEL_NOT_SET; options->preferred_authentications = NULL; options->bind_address = NULL; @@ -1689,7 +1847,8 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; - options->use_roaming = 0; + options->add_keys_to_agent = -1; + options->identity_agent = NULL; options->visual_host_key = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; @@ -1727,18 +1886,9 @@ fill_default_options_for_canonicalization(Options *options) * Called after processing other sources of option data, this fills those * options for which no value has been specified with their default values. */ -#ifndef WIN32_FIXME void fill_default_options(Options * options) -#else -void fill_default_options(Options * options, struct passwd *pw) -#endif { - #ifdef WIN32_FIXME - sprintf(user_hostfile_name,"%s\\%s\\known_hosts", pw->pw_dir, _PATH_SSH_USER_DIR );// SSH_USER_HOSTFILE2; - sprintf(user_hostfile_name2,"%s\\%s\\known_hosts2", pw->pw_dir, _PATH_SSH_USER_DIR );// SSH_USER_HOSTFILE2; - #endif - if (options->forward_agent == -1) options->forward_agent = 0; if (options->forward_x11 == -1) @@ -1747,8 +1897,19 @@ void fill_default_options(Options * options, struct passwd *pw) options->forward_x11_trusted = 0; if (options->forward_x11_timeout == -1) options->forward_x11_timeout = 1200; + /* + * stdio forwarding (-W) changes the default for these but we defer + * setting the values so they can be overridden. + */ if (options->exit_on_forward_failure == -1) - options->exit_on_forward_failure = 0; + options->exit_on_forward_failure = + options->stdio_forward_host != NULL ? 1 : 0; + if (options->clear_forwardings == -1) + options->clear_forwardings = + options->stdio_forward_host != NULL ? 1 : 0; + if (options->clear_forwardings == 1) + clear_forwardings(options); + if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->fwd_opts.gateway_ports == -1) @@ -1803,43 +1964,25 @@ void fill_default_options(Options * options, struct passwd *pw) /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_2; + if (options->add_keys_to_agent == -1) + options->add_keys_to_agent = 0; if (options->num_identity_files == 0) { if (options->protocol & SSH_PROTO_1) { add_identity_file(options, "~/", -#ifdef WIN32_FIXME - _PATH_SSH_CLIENT_IDENTITY, 0, pw); -#else _PATH_SSH_CLIENT_IDENTITY, 0); -#endif } if (options->protocol & SSH_PROTO_2) { add_identity_file(options, "~/", -#ifdef WIN32_FIXME - _PATH_SSH_CLIENT_ID_RSA, 0, pw); -#else _PATH_SSH_CLIENT_ID_RSA, 0); -#endif add_identity_file(options, "~/", -#ifdef WIN32_FIXME - _PATH_SSH_CLIENT_ID_DSA, 0, pw); -#else _PATH_SSH_CLIENT_ID_DSA, 0); -#endif #ifdef OPENSSL_HAS_ECC add_identity_file(options, "~/", -#ifdef WIN32_FIXME - _PATH_SSH_CLIENT_ID_ECDSA, 0, pw); -#else _PATH_SSH_CLIENT_ID_ECDSA, 0); -#endif #endif add_identity_file(options, "~/", -#ifdef WIN32_FIXME - _PATH_SSH_CLIENT_ID_ED25519, 0, pw); -#else _PATH_SSH_CLIENT_ID_ED25519, 0); -#endif } } if (options->escape_char == -1) @@ -1852,22 +1995,12 @@ void fill_default_options(Options * options, struct passwd *pw) } if (options->num_user_hostfiles == 0) { options->user_hostfiles[options->num_user_hostfiles++] = - #ifdef WIN32_FIXME - xstrdup(user_hostfile_name); - #else xstrdup(_PATH_SSH_USER_HOSTFILE); - #endif options->user_hostfiles[options->num_user_hostfiles++] = - #ifdef WIN32_FIXME - xstrdup(user_hostfile_name2); - #else xstrdup(_PATH_SSH_USER_HOSTFILE2); - #endif } if (options->log_level == SYSLOG_LEVEL_NOT_SET) options->log_level = SYSLOG_LEVEL_INFO; - if (options->clear_forwardings == 1) - clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; if (options->identities_only == -1) @@ -1900,7 +2033,6 @@ void fill_default_options(Options * options, struct passwd *pw) options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; - options->use_roaming = 0; if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) @@ -1941,6 +2073,7 @@ void fill_default_options(Options * options, struct passwd *pw) CLEAR_ON_NONE(options->proxy_command); CLEAR_ON_NONE(options->control_path); CLEAR_ON_NONE(options->revoked_host_keys); + /* options->identity_agent distinguishes NULL from 'none' */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ @@ -2156,6 +2289,54 @@ parse_forward(struct Forward *fwd, const char *fwdspec, int dynamicfwd, int remo return (0); } +int +parse_jump(const char *s, Options *o, int active) +{ + char *orig, *sdup, *cp; + char *host = NULL, *user = NULL; + int ret = -1, port = -1, first; + + active &= o->proxy_command == NULL && o->jump_host == NULL; + + orig = sdup = xstrdup(s); + first = active; + do { + if ((cp = strrchr(sdup, ',')) == NULL) + cp = sdup; /* last */ + else + *cp++ = '\0'; + + if (first) { + /* First argument and configuration is active */ + if (parse_user_host_port(cp, &user, &host, &port) != 0) + goto out; + } else { + /* Subsequent argument or inactive configuration */ + if (parse_user_host_port(cp, NULL, NULL, NULL) != 0) + goto out; + } + first = 0; /* only check syntax for subsequent hosts */ + } while (cp != sdup); + /* success */ + if (active) { + o->jump_user = user; + o->jump_host = host; + o->jump_port = port; + o->proxy_command = xstrdup("none"); + user = host = NULL; + if ((cp = strrchr(s, ',')) != NULL && cp != s) { + o->jump_extra = xstrdup(s); + o->jump_extra[cp - s] = '\0'; + } + } + ret = 0; + out: + free(orig); + free(user); + free(host); + return ret; +} + /* XXX the following is a near-vebatim copy from servconf.c; refactor */ static const char * fmt_multistate_int(int val, const struct multistate *m) @@ -2307,7 +2488,11 @@ void dump_client_config(Options *o, const char *host) { int i; - char vbuf[5]; + char buf[8]; + + /* This is normally prepared in ssh_kex2 */ + if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0) + fatal("%s: kex_assemble_names failed", __func__); /* Most interesting options first: user, host, port */ dump_cfg_string(oUser, o->user); @@ -2324,6 +2509,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_fmtint(oCompression, o->compression); dump_cfg_fmtint(oControlMaster, o->control_master); dump_cfg_fmtint(oEnableSSHKeysign, o->enable_ssh_keysign); + dump_cfg_fmtint(oClearAllForwardings, o->clear_forwardings); dump_cfg_fmtint(oExitOnForwardFailure, o->exit_on_forward_failure); dump_cfg_fmtint(oFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(oForwardAgent, o->forward_agent); @@ -2369,9 +2555,10 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oBindAddress, o->bind_address); dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); dump_cfg_string(oControlPath, o->control_path); - dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); + dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); dump_cfg_string(oHostKeyAlias, o->host_key_alias); dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); + dump_cfg_string(oIdentityAgent, o->identity_agent); dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); dump_cfg_string(oKexAlgorithms, o->kex_algorithms ? o->kex_algorithms : KEX_CLIENT_KEX); dump_cfg_string(oLocalCommand, o->local_command); @@ -2379,7 +2566,7 @@ dump_client_config(Options *o, const char *host) dump_cfg_string(oMacs, o->macs ? o->macs : KEX_CLIENT_MAC); dump_cfg_string(oPKCS11Provider, o->pkcs11_provider); dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); - dump_cfg_string(oProxyCommand, o->proxy_command); + dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); dump_cfg_string(oXAuthLocation, o->xauth_location); @@ -2439,8 +2626,8 @@ dump_client_config(Options *o, const char *host) if (o->escape_char == SSH_ESCAPECHAR_NONE) printf("escapechar none\n"); else { - vis(vbuf, o->escape_char, VIS_WHITE, 0); - printf("escapechar %s\n", vbuf); + vis(buf, o->escape_char, VIS_WHITE, 0); + printf("escapechar %s\n", buf); } /* oIPQoS */ @@ -2448,10 +2635,36 @@ dump_client_config(Options *o, const char *host) printf("%s\n", iptos2str(o->ip_qos_bulk)); /* oRekeyLimit */ - printf("rekeylimit %lld %d\n", - (long long)o->rekey_limit, o->rekey_interval); + printf("rekeylimit %llu %d\n", + (unsigned long long)o->rekey_limit, o->rekey_interval); /* oStreamLocalBindMask */ printf("streamlocalbindmask 0%o\n", o->fwd_opts.streamlocal_bind_mask); + + /* oProxyCommand / oProxyJump */ + if (o->jump_host == NULL) + dump_cfg_string(oProxyCommand, o->proxy_command); + else { + /* Check for numeric addresses */ + i = strchr(o->jump_host, ':') != NULL || + strspn(o->jump_host, "1234567890.") == strlen(o->jump_host); + snprintf(buf, sizeof(buf), "%d", o->jump_port); + printf("proxyjump %s%s%s%s%s%s%s%s%s\n", + /* optional additional jump spec */ + o->jump_extra == NULL ? "" : o->jump_extra, + o->jump_extra == NULL ? "" : ",", + /* optional user */ + o->jump_user == NULL ? "" : o->jump_user, + o->jump_user == NULL ? "" : "@", + /* opening [ if hostname is numeric */ + i ? "[" : "", + /* mandatory hostname */ + o->jump_host, + /* closing ] if hostname is numeric */ + i ? "]" : "", + /* optional port number */ + o->jump_port <= 0 ? "" : ":", + o->jump_port <= 0 ? "" : buf); + } } diff --git a/readconf.h b/readconf.h index 5c2b7a2..64641f7 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.110 2015/07/10 06:21:53 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.117 2016/07/15 00:24:30 djm Exp $ */ /* * Author: Tatu Ylonen @@ -98,6 +98,14 @@ typedef struct { int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; + int num_certificate_files; /* Number of extra certificates for ssh. */ + char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; + int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; + struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; + + int add_keys_to_agent; + char *identity_agent; /* Optional path to ssh-agent socket */ + /* Local TCP/IP forward requests. */ int num_local_forwards; struct Forward *local_forwards; @@ -107,6 +115,10 @@ typedef struct { struct Forward *remote_forwards; int clear_forwardings; + /* stdio forwarding (-W) host and port */ + char *stdio_forward_host; + int stdio_forward_port; + int enable_ssh_keysign; int64_t rekey_limit; int rekey_interval; @@ -133,8 +145,6 @@ typedef struct { int permit_local_command; int visual_host_key; - int use_roaming; - int request_tty; int proxy_use_fdpass; @@ -156,6 +166,11 @@ typedef struct { char *hostbased_key_types; char *pubkey_key_types; + char *jump_user; + char *jump_host; + int jump_port; + char *jump_extra; + char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options; @@ -177,33 +192,28 @@ typedef struct { #define SSHCONF_CHECKPERM 1 /* check permissions on config file */ #define SSHCONF_USERCONF 2 /* user provided config file not system */ #define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */ +#define SSHCONF_NEVERMATCH 8 /* Match/Host never matches; internal only */ #define SSH_UPDATE_HOSTKEYS_NO 0 #define SSH_UPDATE_HOSTKEYS_YES 1 #define SSH_UPDATE_HOSTKEYS_ASK 2 void initialize_options(Options *); -#ifdef WIN32_FIXME -void fill_default_options(Options *, struct passwd *pw); -#else void fill_default_options(Options *); -#endif void fill_default_options_for_canonicalization(Options *); int process_config_line(Options *, struct passwd *, const char *, const char *, char *, const char *, int, int *, int); int read_config_file(const char *, struct passwd *, const char *, const char *, Options *, int); int parse_forward(struct Forward *, const char *, int, int); +int parse_jump(const char *, Options *, int); int default_ssh_port(void); int option_clear_or_none(const char *); void dump_client_config(Options *o, const char *host); void add_local_forward(Options *, const struct Forward *); void add_remote_forward(Options *, const struct Forward *); -#ifdef WIN32_FIXME -void add_identity_file(Options *, const char *, const char *, int, struct passwd *); -#else void add_identity_file(Options *, const char *, const char *, int); -#endif +void add_certificate_file(Options *, const char *, int); #endif /* READCONF_H */ diff --git a/readpass.c b/readpass.c index 736cd64..eb2d5aa 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.50 2014/02/02 03:44:31 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.51 2015/12/11 00:20:04 mmcc Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -92,7 +92,7 @@ ssh_askpass(char *askpass, const char *msg) close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); - execlp(askpass, askpass, msg, (char *) 0); + execlp(askpass, askpass, msg, (char *)NULL); fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); } close(p[1]); diff --git a/regress/.cvsignore b/regress/.cvsignore deleted file mode 100644 index 3fd25b0..0000000 --- a/regress/.cvsignore +++ /dev/null @@ -1,31 +0,0 @@ -*-agent -*.copy -*.log -*.prv -*.pub -actual -authorized_keys_* -batch -copy.dd* -data -expect -host.rsa* -key.* -known_hosts -krl-* -modpipe -remote_pid -revoked-* -revoked-ca -revoked-keyid -revoked-serials -rsa -rsa1 -sftp-server.sh -ssh-log-wrapper.sh -ssh_config -ssh_proxy* -sshd_config -sshd_proxy* -t*.out -t*.out[0-9] diff --git a/regress/Makefile b/regress/Makefile index 8f7bdbc..08fd82d 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,7 +1,6 @@ -# $OpenBSD: Makefile,v 1.81 2015/05/21 06:44:25 djm Exp $ +# $OpenBSD: Makefile,v 1.88 2016/06/03 04:10:41 dtucker Exp $ -#REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec -REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 +REGRESS_TARGETS= unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec tests: prep $(REGRESS_TARGETS) # Interop tests are not run by default @@ -55,6 +54,7 @@ LTESTS= connect \ multiplex \ reexec \ brokenkeys \ + sshcfgparse \ cfgparse \ cfgmatch \ addrmatch \ @@ -75,7 +75,9 @@ LTESTS= connect \ hostkey-agent \ keygen-knownhosts \ hostkey-rotate \ - principals-command + principals-command \ + cert-file \ + cfginclude # dhgex \ @@ -86,27 +88,28 @@ INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #LTESTS= cipher-speed USER!= id -un -CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ - t8.out t8.out.pub t9.out t9.out.pub t10.out t10.out.pub \ - t12.out t12.out.pub \ - authorized_keys_${USER} known_hosts pidfile testdata \ - ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ - rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ - rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ - ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ - sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \ - known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \ - putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ - key.rsa-* key.dsa-* key.ecdsa-* \ - authorized_principals_${USER} expect actual ready \ - sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ - ssh.log failed-ssh.log sshd.log failed-sshd.log \ - regress.log failed-regress.log ssh-log-wrapper.sh \ - sftp-server.sh sftp-server.log sftp.log setuid-allowed \ - data ed25519-agent ed25519-agent.pub key.ed25519-512 \ - key.ed25519-512.pub netcat host_krl_* host_revoked_* \ - kh.* user_*key* agent-key.* known_hosts.* hkr.* +CLEANFILES= *.core actual agent-key.* authorized_keys_${USER} \ + authorized_keys_${USER}.* authorized_principals_${USER} \ + banner.in banner.out cert_host_key* cert_user_key* \ + copy.1 copy.2 data ed25519-agent ed25519-agent* \ + ed25519-agent.pub empty.in expect failed-regress.log \ + failed-ssh.log failed-sshd.log hkr.* host.rsa host.rsa1 \ + host_* host_ca_key* host_krl_* host_revoked_* key.* \ + key.dsa-* key.ecdsa-* key.ed25519-512 key.ed25519-512.pub \ + key.rsa-* keys-command-args kh.* known_hosts \ + known_hosts-cert known_hosts.* krl-* ls.copy modpipe \ + netcat pidfile putty.rsa2 ready regress.log remote_pid \ + revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa1 \ + rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ + rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ + scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ + sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ + ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ + ssh_proxy_envpass sshd.log sshd_config sshd_config.orig \ + sshd_proxy sshd_proxy.* sshd_proxy_bak sshd_proxy_orig \ + t10.out t10.out.pub t12.out t12.out.pub t2.out t3.out \ + t6.out1 t6.out2 t7.out t7.out.pub t8.out t8.out.pub \ + t9.out t9.out.pub testdata user_*key* user_ca* user_key* SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} @@ -117,82 +120,77 @@ TEST_SSH_SSHKEYGEN?=ssh-keygen CPPFLAGS=-I.. -.WIN32_CURDIR = $(shell sed -e 's/\/cygdrive\/c/c:/g' <<< ${.CURDIR}) -.WIN32_OBJDIR = $(shell sed -e 's/\/cygdrive\/c/c:/g' <<< ${.OBJDIR}) -WIN32_OBJ = $(shell sed -e 's/\/cygdrive\/c/c:/g' <<< ${OBJ}) -WIN32_PWD = $(shell sed -e 's/\/cygdrive\/c/c:/g' <<< $@) - t1: - ${TEST_SSH_SSHKEYGEN} -if ${.WIN32_CURDIR}/rsa_ssh2.prv | diff -w - ${.WIN32_CURDIR}/rsa_openssh.prv - tr '\n' '\r' <${.WIN32_CURDIR}/rsa_ssh2.prv > ${.WIN32_OBJDIR}/rsa_ssh2_cr.prv - ${TEST_SSH_SSHKEYGEN} -if ${.WIN32_OBJDIR}/rsa_ssh2_cr.prv | diff -w - ${.WIN32_CURDIR}/rsa_openssh.prv - awk '{print $$0 "\r"}' ${.WIN32_CURDIR}/rsa_ssh2.prv > ${.WIN32_OBJDIR}/rsa_ssh2_crnl.prv - ${TEST_SSH_SSHKEYGEN} -if ${.WIN32_OBJDIR}/rsa_ssh2_crnl.prv | diff -w - ${.WIN32_CURDIR}/rsa_openssh.prv + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv + tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv + awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv t2: - cat ${.WIN32_CURDIR}/rsa_openssh.prv > $(WIN32_OBJ)/t2.out + cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out chmod 600 $(OBJ)/t2.out - ${TEST_SSH_SSHKEYGEN} -yf $(WIN32_OBJ)/t2.out | diff -w - ${.WIN32_CURDIR}/rsa_openssh.pub + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub t3: - ${TEST_SSH_SSHKEYGEN} -ef ${.WIN32_CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out - ${TEST_SSH_SSHKEYGEN} -if $(WIN32_OBJ)/t3.out | diff -w - ${.WIN32_CURDIR}/rsa_openssh.pub + ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out + ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub t4: - ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.WIN32_CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff -w - ${.WIN32_CURDIR}/t4.ok + ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t4.ok t5: - ${TEST_SSH_SSHKEYGEN} -Bf ${.WIN32_CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff -w - ${.WIN32_CURDIR}/t5.ok + ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t5.ok t6: - ${TEST_SSH_SSHKEYGEN} -if ${.WIN32_CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 - ${TEST_SSH_SSHKEYGEN} -if ${.WIN32_CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 chmod 600 $(OBJ)/t6.out1 - ${TEST_SSH_SSHKEYGEN} -yf $(WIN32_OBJ)/t6.out1 | diff -w - $(OBJ)/t6.out2 + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 $(OBJ)/t7.out: - ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $(WIN32_PWD) + ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ t7: $(OBJ)/t7.out - ${TEST_SSH_SSHKEYGEN} -lf $(WIN32_OBJ)/t7.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(WIN32_OBJ)/t7.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null $(OBJ)/t8.out: - ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $(WIN32_PWD) + ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ t8: $(OBJ)/t8.out - ${TEST_SSH_SSHKEYGEN} -lf $(WIN32_OBJ)/t8.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(WIN32_OBJ)/t8.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null $(OBJ)/t9.out: test "${TEST_SSH_ECC}" != yes || \ - ${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $(WIN32_PWD) + ${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@ t9: $(OBJ)/t9.out test "${TEST_SSH_ECC}" != yes || \ - ${TEST_SSH_SSHKEYGEN} -lf $(WIN32_OBJ)/t9.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t9.out > /dev/null test "${TEST_SSH_ECC}" != yes || \ - ${TEST_SSH_SSHKEYGEN} -Bf $(WIN32_OBJ)/t9.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null $(OBJ)/t10.out: - ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -f $(WIN32_PWD) + ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -f $@ t10: $(OBJ)/t10.out - ${TEST_SSH_SSHKEYGEN} -lf $(WIN32_OBJ)/t10.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(WIN32_OBJ)/t10.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t10.out > /dev/null + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null t11: - ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.WIN32_CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff -w - ${.WIN32_CURDIR}/t11.ok + ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t11.ok $(OBJ)/t12.out: - ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $(WIN32_PWD) + ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@ t12: $(OBJ)/t12.out - ${TEST_SSH_SSHKEYGEN} -lf $(WIN32_OBJ)/t12.out.pub | grep test-comment-1234 >/dev/null + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t12.out.pub | grep test-comment-1234 >/dev/null t-exec: ${LTESTS:=.sh} @if [ "x$?" = "x" ]; then exit 0; fi; \ diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index d5ae2d6..24b71f4 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh @@ -1,4 +1,4 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $ +# $OpenBSD: agent-getpeereid.sh,v 1.6 2016/05/03 14:41:04 djm Exp $ # Placed in the Public Domain. tid="disallow agent attach from other uid" @@ -13,10 +13,16 @@ else echo "skipped (not supported on this platform)" exit 0 fi -if [ -z "$SUDO" ]; then - echo "skipped: need SUDO to switch to uid $UNPRIV" - exit 0 -fi +case "x$SUDO" in + xsudo) sudo=1;; + xdoas) ;; + x) + echo "need SUDO to switch to uid $UNPRIV" + exit 0 ;; + *) + echo "unsupported $SUDO - "doas" and "sudo" are allowed" + exit 0 ;; +esac trace "start agent" eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null @@ -31,8 +37,13 @@ else if [ $r -ne 1 ]; then fail "ssh-add failed with $r != 1" fi - - < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null + if test -z "$sudo" ; then + # doas + ${SUDO} -n -u ${UNPRIV} ssh-add -l 2>/dev/null + else + # sudo + < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null + fi r=$? if [ $r -lt 2 ]; then fail "ssh-add did not fail for ${UNPRIV}: $r < 2" diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh index 1912ca8..bb676d6 100644 --- a/regress/agent-ptrace.sh +++ b/regress/agent-ptrace.sh @@ -12,6 +12,11 @@ if have_prog uname ; then esac fi +if [ "x$USER" = "xroot" ]; then + echo "Skipped: running as root" + exit 0 +fi + if have_prog gdb ; then : ok else diff --git a/regress/cert-file.sh b/regress/cert-file.sh new file mode 100644 index 0000000..bad923a --- /dev/null +++ b/regress/cert-file.sh @@ -0,0 +1,138 @@ +# $OpenBSD: cert-file.sh,v 1.2 2015/09/24 07:15:39 djm Exp $ +# Placed in the Public Domain. + +tid="ssh with certificates" + +rm -f $OBJ/user_ca_key* $OBJ/user_key* +rm -f $OBJ/cert_user_key* + +# Create a CA key +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key1 ||\ + fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key2 ||\ + fatal "ssh-keygen failed" + +# Make some keys and certificates. +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \ + fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key2 || \ + fatal "ssh-keygen failed" +# Move the certificate to a different address to better control +# when it is offered. +${SSHKEYGEN} -q -s $OBJ/user_ca_key1 -I "regress user key for $USER" \ + -z $$ -n ${USER} $OBJ/user_key1 || + fail "couldn't sign user_key1 with user_ca_key1" +mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub +${SSHKEYGEN} -q -s $OBJ/user_ca_key2 -I "regress user key for $USER" \ + -z $$ -n ${USER} $OBJ/user_key1 || + fail "couldn't sign user_key1 with user_ca_key2" +mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub + +trace 'try with identity files' +opts="-F $OBJ/ssh_proxy -oIdentitiesOnly=yes" +opts2="$opts -i $OBJ/user_key1 -i $OBJ/user_key2" +echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER + +for p in ${SSH_PROTOCOLS}; do + # Just keys should fail + ${SSH} $opts2 somehost exit 5$p + r=$? + if [ $r -eq 5$p ]; then + fail "ssh succeeded with no certs in protocol $p" + fi + + # Keys with untrusted cert should fail. + opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" + ${SSH} $opts3 somehost exit 5$p + r=$? + if [ $r -eq 5$p ]; then + fail "ssh succeeded with bad cert in protocol $p" + fi + + # Good cert with bad key should fail. + opts3="$opts -i $OBJ/user_key2" + opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" + ${SSH} $opts3 somehost exit 5$p + r=$? + if [ $r -eq 5$p ]; then + fail "ssh succeeded with no matching key in protocol $p" + fi + + # Keys with one trusted cert, should succeed. + opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" + ${SSH} $opts3 somehost exit 5$p + r=$? + if [ $r -ne 5$p ]; then + fail "ssh failed with trusted cert and key in protocol $p" + fi + + # Multiple certs and keys, with one trusted cert, should succeed. + opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_2.pub" + opts3="$opts3 -oCertificateFile=$OBJ/cert_user_key1_1.pub" + ${SSH} $opts3 somehost exit 5$p + r=$? + if [ $r -ne 5$p ]; then + fail "ssh failed with multiple certs in protocol $p" + fi + + #Keys with trusted certificate specified in config options, should succeed. + opts3="$opts2 -oCertificateFile=$OBJ/cert_user_key1_1.pub" + ${SSH} $opts3 somehost exit 5$p + r=$? + if [ $r -ne 5$p ]; then + fail "ssh failed with trusted cert in config in protocol $p" + fi +done + +#next, using an agent in combination with the keys +SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1 +if [ $? -ne 2 ]; then + fatal "ssh-add -l did not fail with exit code 2" +fi + +trace "start agent" +eval `${SSHAGENT} -s` > /dev/null +r=$? +if [ $r -ne 0 ]; then + fatal "could not start ssh-agent: exit code $r" +fi + +# add private keys to agent +${SSHADD} -k $OBJ/user_key2 > /dev/null 2>&1 +if [ $? -ne 0 ]; then + fatal "ssh-add did not succeed with exit code 0" +fi +${SSHADD} -k $OBJ/user_key1 > /dev/null 2>&1 +if [ $? -ne 0 ]; then + fatal "ssh-add did not succeed with exit code 0" +fi + +# try ssh with the agent and certificates +# note: ssh agent only uses certificates in protocol 2 +opts="-F $OBJ/ssh_proxy" +# with no certificates, shoud fail +${SSH} -2 $opts somehost exit 52 +if [ $? -eq 52 ]; then + fail "ssh connect with agent in protocol 2 succeeded with no cert" +fi + +#with an untrusted certificate, should fail +opts="$opts -oCertificateFile=$OBJ/cert_user_key1_2.pub" +${SSH} -2 $opts somehost exit 52 +if [ $? -eq 52 ]; then + fail "ssh connect with agent in protocol 2 succeeded with bad cert" +fi + +#with an additional trusted certificate, should succeed +opts="$opts -oCertificateFile=$OBJ/cert_user_key1_1.pub" +${SSH} -2 $opts somehost exit 52 +if [ $? -ne 52 ]; then + fail "ssh connect with agent in protocol 2 failed with good cert" +fi + +trace "kill agent" +${SSHAGENT} -k > /dev/null + +#cleanup +rm -f $OBJ/user_ca_key* $OBJ/user_key* +rm -f $OBJ/cert_user_key* diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 3f53922..62261cf 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.13 2015/07/10 06:23:25 markus Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.14 2016/05/02 09:52:00 djm Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -30,34 +30,51 @@ cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak HOSTS='localhost-with-alias,127.0.0.1,::1' -# Create a CA key and add it to known hosts. Ed25519 chosed for speed. +kh_ca() { + for k in "$@" ; do + printf "@cert-authority $HOSTS " + cat $OBJ/$k || fatal "couldn't cat $k" + done +} +kh_revoke() { + for k in "$@" ; do + printf "@revoked * " + cat $OBJ/$k || fatal "couldn't cat $k" + done +} + +# Create a CA key and add it to known hosts. Ed25519 chosen for speed. +# RSA for testing RSA/SHA2 signatures. ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/host_ca_key ||\ fail "ssh-keygen of host_ca_key failed" -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key2 ||\ + fail "ssh-keygen of host_ca_key failed" + +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert # Plain text revocation files touch $OBJ/host_revoked_empty touch $OBJ/host_revoked_plain touch $OBJ/host_revoked_cert -cp $OBJ/host_ca_key.pub $OBJ/host_revoked_ca +cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` +if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then + PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" +fi + # Prepare certificate, plain key and CA KRLs ${SSHKEYGEN} -kf $OBJ/host_krl_empty || fatal "KRL init failed" ${SSHKEYGEN} -kf $OBJ/host_krl_plain || fatal "KRL init failed" ${SSHKEYGEN} -kf $OBJ/host_krl_cert || fatal "KRL init failed" -${SSHKEYGEN} -kf $OBJ/host_krl_ca $OBJ/host_ca_key.pub \ +${SSHKEYGEN} -kf $OBJ/host_krl_ca $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub \ || fatal "KRL init failed" # Generate and sign host keys serial=1 -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do verbose "$tid: sign host ${ktype} cert" # Generate and sign a host key ${SSHKEYGEN} -q -N '' -t ${ktype} \ @@ -66,7 +83,11 @@ for ktype in $PLAIN_TYPES ; do ${SSHKEYGEN} -ukf $OBJ/host_krl_plain \ $OBJ/cert_host_key_${ktype}.pub || fatal "KRL update failed" cat $OBJ/cert_host_key_${ktype}.pub >> $OBJ/host_revoked_plain - ${SSHKEYGEN} -h -q -s $OBJ/host_ca_key -z $serial \ + case $ktype in + rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; + *) tflag=""; ca="$OBJ/host_ca_key" ;; + esac + ${SSHKEYGEN} -h -q -s $ca -z $serial $tflag \ -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${ktype} || fatal "couldn't sign cert_host_key_${ktype}" @@ -100,7 +121,7 @@ attempt_connect() { # Basic connect and revocation tests. for privsep in yes no ; do - for ktype in $PLAIN_TYPES ; do + for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} cert connect privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -131,18 +152,14 @@ for privsep in yes no ; do done # Revoked certificates with key present -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub - for ktype in $PLAIN_TYPES ; do - test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey" - printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n" - done -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig +for ktype in $PLAIN_TYPES ; do + test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey" + kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig +done cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert for privsep in yes no ; do - for ktype in $PLAIN_TYPES ; do + for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} revoked cert privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -162,16 +179,10 @@ for privsep in yes no ; do done # Revoked CA -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub - printf '@revoked ' - printf "* " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig +kh_revoke host_ca_key.pub host_ca_key2.pub >> $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do verbose "$tid: host ${ktype} revoked cert" ( cat $OBJ/sshd_proxy_bak @@ -188,11 +199,7 @@ for ktype in $PLAIN_TYPES ; do done # Create a CA key and add it to known hosts -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert test_one() { @@ -201,16 +208,19 @@ test_one() { sign_opts=$3 for kt in rsa ed25519 ; do - ${SSHKEYGEN} -q -s $OBJ/host_ca_key \ - -I "regress host key for $USER" \ + case $ktype in + rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; + *) tflag=""; ca="$OBJ/host_ca_key" ;; + esac + ${SSHKEYGEN} -q -s $ca $tflag -I "regress host key for $USER" \ $sign_opts $OBJ/cert_host_key_${kt} || - fail "couldn't sign cert_host_key_${kt}" + fatal "couldn't sign cert_host_key_${kt}" ( cat $OBJ/sshd_proxy_bak echo HostKey $OBJ/cert_host_key_${kt} echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub ) > $OBJ/sshd_proxy - + cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ @@ -237,17 +247,20 @@ test_one "cert valid interval" success "-h -V-1w:+2w" test_one "cert has constraints" failure "-h -Oforce-command=false" # Check downgrade of cert to raw key when no CA found -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* verbose "$tid: host ${ktype} ${v} cert downgrade to raw key" # Generate and sign a host key - ${SSHKEYGEN} -q -N '' -t ${ktype} \ - -f $OBJ/cert_host_key_${ktype} || \ + ${SSHKEYGEN} -q -N '' -t ${ktype} -f $OBJ/cert_host_key_${ktype} || \ fail "ssh-keygen of cert_host_key_${ktype} failed" - ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \ + case $ktype in + rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; + *) tflag=""; ca="$OBJ/host_ca_key" ;; + esac + ${SSHKEYGEN} -h -q $tflag -s $ca $tflag \ -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${ktype} || - fail "couldn't sign cert_host_key_${ktype}" + fatal "couldn't sign cert_host_key_${ktype}" ( printf "$HOSTS " cat $OBJ/cert_host_key_${ktype}.pub @@ -257,7 +270,7 @@ for ktype in $PLAIN_TYPES ; do echo HostKey $OBJ/cert_host_key_${ktype} echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub ) > $OBJ/sshd_proxy - + ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ -F $OBJ/ssh_proxy somehost true @@ -267,23 +280,22 @@ for ktype in $PLAIN_TYPES ; do done # Wrong certificate -( - printf '@cert-authority ' - printf "$HOSTS " - cat $OBJ/host_ca_key.pub -) > $OBJ/known_hosts-cert.orig +kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert -for kt in $PLAIN_TYPES ; do +for kt in $PLAIN_TYPES ; do + verbose "$tid: host ${kt} connect wrong cert" rm -f $OBJ/cert_host_key* # Self-sign key - ${SSHKEYGEN} -q -N '' -t ${kt} \ - -f $OBJ/cert_host_key_${kt} || \ + ${SSHKEYGEN} -q -N '' -t ${kt} -f $OBJ/cert_host_key_${kt} || \ fail "ssh-keygen of cert_host_key_${kt} failed" - ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/cert_host_key_${kt} \ + case $kt in + rsa-sha2-*) tflag="-t $kt" ;; + *) tflag="" ;; + esac + ${SSHKEYGEN} $tflag -h -q -s $OBJ/cert_host_key_${kt} \ -I "regress host key for $USER" \ -n $HOSTS $OBJ/cert_host_key_${kt} || - fail "couldn't sign cert_host_key_${kt}" - verbose "$tid: host ${kt} connect wrong cert" + fatal "couldn't sign cert_host_key_${kt}" ( cat $OBJ/sshd_proxy_bak echo HostKey $OBJ/cert_host_key_${kt} diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index c38c00a..3197463 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-userkey.sh,v 1.14 2015/07/10 06:23:25 markus Exp $ +# $OpenBSD: cert-userkey.sh,v 1.16 2016/05/03 12:15:49 dtucker Exp $ # Placed in the Public Domain. tid="certified user keys" @@ -9,8 +9,16 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'` +if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then + PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" +fi + kname() { - n=`echo "$1" | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/'` + case $ktype in + rsa-sha2-*) ;; + # subshell because some seds will add a newline + *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;; + esac echo "$n*,ssh-rsa*,ssh-ed25519*" } @@ -19,18 +27,24 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\ fail "ssh-keygen of user_ca_key failed" # Generate and sign user keys -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES $EXTRA_TYPES ; do verbose "$tid: sign user ${ktype} cert" ${SSHKEYGEN} -q -N '' -t ${ktype} \ -f $OBJ/cert_user_key_${ktype} || \ - fail "ssh-keygen of cert_user_key_${ktype} failed" - ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ - -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} || - fail "couldn't sign cert_user_key_${ktype}" + fatal "ssh-keygen of cert_user_key_${ktype} failed" + # Generate RSA/SHA2 certs for rsa-sha2* keys. + case $ktype in + rsa-sha2-*) tflag="-t $ktype" ;; + *) tflag="" ;; + esac + ${SSHKEYGEN} -q -s $OBJ/user_ca_key -z $$ \ + -I "regress user key for $USER" \ + -n ${USER},mekmitasdigoat $tflag $OBJ/cert_user_key_${ktype} || \ + fatal "couldn't sign cert_user_key_${ktype}" done # Test explicitly-specified principals -for ktype in $PLAIN_TYPES ; do +for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do t=$(kname $ktype) for privsep in yes no ; do _prefix="${ktype} privsep $privsep" @@ -67,7 +81,7 @@ for ktype in $PLAIN_TYPES ; do if [ $? -eq 0 ]; then fail "ssh cert connect succeeded unexpectedly" fi - + # Wrong authorized_principals verbose "$tid: ${_prefix} wrong authorized_principals" echo gregorsamsa > $OBJ/authorized_principals_$USER @@ -166,8 +180,8 @@ basic_tests() { echo > $OBJ/authorized_keys_$USER extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub" fi - - for ktype in $PLAIN_TYPES ; do + + for ktype in $PLAIN_TYPES ; do t=$(kname $ktype) for privsep in yes no ; do _prefix="${ktype} privsep $privsep $auth" @@ -183,7 +197,7 @@ basic_tests() { cat $OBJ/ssh_proxy_bak echo "PubkeyAcceptedKeyTypes ${t}" ) > $OBJ/ssh_proxy - + ${SSH} -2i $OBJ/cert_user_key_${ktype} \ -F $OBJ/ssh_proxy somehost true if [ $? -ne 0 ]; then @@ -223,7 +237,7 @@ basic_tests() { fail "ssh cert connect failed" fi done - + # Revoked CA verbose "$tid: ${ktype} $auth revoked CA key" ( @@ -238,7 +252,7 @@ basic_tests() { fail "ssh cert connect succeeded unexpecedly" fi done - + verbose "$tid: $auth CA does not authenticate" ( cat $OBJ/sshd_proxy_bak @@ -286,7 +300,7 @@ test_one() { echo $auth_opt >> $OBJ/sshd_proxy fi fi - + verbose "$tid: $ident auth $auth expect $result $ktype" ${SSHKEYGEN} -q -s $OBJ/user_ca_key \ -I "regress user key for $USER" \ @@ -342,13 +356,13 @@ test_one "principals key option no principals" failure "" \ # Wrong certificate cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy -for ktype in $PLAIN_TYPES ; do +for ktype in $PLAIN_TYPES ; do t=$(kname $ktype) # Self-sign ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \ "regress user key for $USER" \ -n $USER $OBJ/cert_user_key_${ktype} || - fail "couldn't sign cert_user_key_${ktype}" + fatal "couldn't sign cert_user_key_${ktype}" verbose "$tid: user ${ktype} connect wrong cert" ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ somehost true >/dev/null 2>&1 diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh new file mode 100644 index 0000000..2fc39ce --- /dev/null +++ b/regress/cfginclude.sh @@ -0,0 +1,293 @@ +# $OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $ +# Placed in the Public Domain. + +tid="config include" + +# to appease StrictModes +umask 022 + +cat > $OBJ/ssh_config.i << _EOF +Match host a + Hostname aa + +Match host b + Hostname bb + Include $OBJ/ssh_config.i.* + +Match host c + Include $OBJ/ssh_config.i.* + Hostname cc + +Match host m + Include $OBJ/ssh_config.i.* + +Host d + Hostname dd + +Host e + Hostname ee + Include $OBJ/ssh_config.i.* + +Host f + Include $OBJ/ssh_config.i.* + Hostname ff + +Host n + Include $OBJ/ssh_config.i.* +_EOF + +cat > $OBJ/ssh_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/ssh_config.i.1 << _EOF +Match host a + Hostname aaa + +Match host b + Hostname bbb + +Match host c + Hostname ccc + +Host d + Hostname ddd + +Host e + Hostname eee + +Host f + Hostname fff +_EOF + +cat > $OBJ/ssh_config.i.2 << _EOF +Match host a + Hostname aaaa + +Match host b + Hostname bbbb + +Match host c + Hostname cccc + +Host d + Hostname dddd + +Host e + Hostname eeee + +Host f + Hostname ffff + +Match all + Hostname xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out || + fatal "ssh config parse failed" + _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "host $_host include fail: expected $_exp got $_got" + fi +} + +trial a aa +trial b bb +trial c ccc +trial d dd +trial e ee +trial f fff +trial m xxxx +trial n xxxx +trial x x + +# Prepare an included config with an error. + +cat > $OBJ/ssh_config.i.3 << _EOF +Hostname xxxx + Junk +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed invalid config" + +${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \ + fail "ssh include allowed invalid config" + +rm -f $OBJ/ssh_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i.* +Hostname aa +_EOF + +trial a aa + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/ssh_config.i.x << _EOF +Match host x +_EOF + +trial a aa + +cat > $OBJ/ssh_config.i.x << _EOF +Host x +_EOF + +trial a aa + +# cleanup +rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out +# $OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $ +# Placed in the Public Domain. + +tid="config include" + +cat > $OBJ/ssh_config.i << _EOF +Match host a + Hostname aa + +Match host b + Hostname bb + Include $OBJ/ssh_config.i.* + +Match host c + Include $OBJ/ssh_config.i.* + Hostname cc + +Match host m + Include $OBJ/ssh_config.i.* + +Host d + Hostname dd + +Host e + Hostname ee + Include $OBJ/ssh_config.i.* + +Host f + Include $OBJ/ssh_config.i.* + Hostname ff + +Host n + Include $OBJ/ssh_config.i.* +_EOF + +cat > $OBJ/ssh_config.i.0 << _EOF +Match host xxxxxx +_EOF + +cat > $OBJ/ssh_config.i.1 << _EOF +Match host a + Hostname aaa + +Match host b + Hostname bbb + +Match host c + Hostname ccc + +Host d + Hostname ddd + +Host e + Hostname eee + +Host f + Hostname fff +_EOF + +cat > $OBJ/ssh_config.i.2 << _EOF +Match host a + Hostname aaaa + +Match host b + Hostname bbbb + +Match host c + Hostname cccc + +Host d + Hostname dddd + +Host e + Hostname eeee + +Host f + Hostname ffff + +Match all + Hostname xxxx +_EOF + +trial() { + _host="$1" + _exp="$2" + ${REAL_SSH} -F $OBJ/ssh_config.i -G "$_host" > $OBJ/ssh_config.out || + fatal "ssh config parse failed" + _got=`grep -i '^hostname ' $OBJ/ssh_config.out | awk '{print $2}'` + if test "x$_exp" != "x$_got" ; then + fail "host $_host include fail: expected $_exp got $_got" + fi +} + +trial a aa +trial b bb +trial c ccc +trial d dd +trial e ee +trial f fff +trial m xxxx +trial n xxxx +trial x x + +# Prepare an included config with an error. + +cat > $OBJ/ssh_config.i.3 << _EOF +Hostname xxxx + Junk +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed invalid config" + +${REAL_SSH} -F $OBJ/ssh_config.i -G x 2>/dev/null && \ + fail "ssh include allowed invalid config" + +rm -f $OBJ/ssh_config.i.* + +# Ensure that a missing include is not fatal. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i.* +Hostname aa +_EOF + +trial a aa + +# Ensure that Match/Host in an included config does not affect parent. +cat > $OBJ/ssh_config.i.x << _EOF +Match host x +_EOF + +trial a aa + +cat > $OBJ/ssh_config.i.x << _EOF +Host x +_EOF + +trial a aa + +# Ensure that recursive includes are bounded. +cat > $OBJ/ssh_config.i << _EOF +Include $OBJ/ssh_config.i +_EOF + +${REAL_SSH} -F $OBJ/ssh_config.i -G a 2>/dev/null && \ + fail "ssh include allowed infinite recursion?" # or hang... + +# cleanup +rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh index 736f389..ccf511f 100644 --- a/regress/cfgparse.sh +++ b/regress/cfgparse.sh @@ -1,7 +1,7 @@ -# $OpenBSD: cfgparse.sh,v 1.5 2015/05/29 03:05:13 djm Exp $ +# $OpenBSD: cfgparse.sh,v 1.6 2016/06/03 03:47:59 dtucker Exp $ # Placed in the Public Domain. -tid="config parse" +tid="sshd config parse" # This is a reasonable proxy for IPv6 support. if ! config_defined HAVE_STRUCT_IN6_ADDR ; then diff --git a/regress/check-perm.c b/regress/check-perm.c new file mode 100644 index 0000000..dac307d --- /dev/null +++ b/regress/check-perm.c @@ -0,0 +1,205 @@ +/* + * Placed in the public domain + */ + +/* $OpenBSD: modpipe.c,v 1.6 2013/11/21 03:16:47 djm Exp $ */ + +#include "includes.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LIBGEN_H +#include +#endif + +static void +fatal(const char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vfprintf(stderr, fmt, args); + fputc('\n', stderr); + va_end(args); + exit(1); +} +/* Based on session.c. NB. keep tests in sync */ +static void +safely_chroot(const char *path, uid_t uid) +{ + const char *cp; + char component[PATH_MAX]; + struct stat st; + + if (*path != '/') + fatal("chroot path does not begin at root"); + if (strlen(path) >= sizeof(component)) + fatal("chroot path too long"); + + /* + * Descend the path, checking that each component is a + * root-owned directory with strict permissions. + */ + for (cp = path; cp != NULL;) { + if ((cp = strchr(cp, '/')) == NULL) + strlcpy(component, path, sizeof(component)); + else { + cp++; + memcpy(component, path, cp - path); + component[cp - path] = '\0'; + } + + /* debug3("%s: checking '%s'", __func__, component); */ + + if (stat(component, &st) != 0) + fatal("%s: stat(\"%s\"): %s", __func__, + component, strerror(errno)); + if (st.st_uid != 0 || (st.st_mode & 022) != 0) + fatal("bad ownership or modes for chroot " + "directory %s\"%s\"", + cp == NULL ? "" : "component ", component); + if (!S_ISDIR(st.st_mode)) + fatal("chroot path %s\"%s\" is not a directory", + cp == NULL ? "" : "component ", component); + + } + + if (chdir(path) == -1) + fatal("Unable to chdir to chroot path \"%s\": " + "%s", path, strerror(errno)); +} + +/* from platform.c */ +int +platform_sys_dir_uid(uid_t uid) +{ + if (uid == 0) + return 1; +#ifdef PLATFORM_SYS_DIR_UID + if (uid == PLATFORM_SYS_DIR_UID) + return 1; +#endif + return 0; +} + +/* from auth.c */ +int +auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, + uid_t uid, char *err, size_t errlen) +{ + char buf[PATH_MAX], homedir[PATH_MAX]; + char *cp; + int comparehome = 0; + struct stat st; + + if (realpath(name, buf) == NULL) { + snprintf(err, errlen, "realpath %s failed: %s", name, + strerror(errno)); + return -1; + } + if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) + comparehome = 1; + + if (!S_ISREG(stp->st_mode)) { + snprintf(err, errlen, "%s is not a regular file", buf); + return -1; + } + if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || + (stp->st_mode & 022) != 0) { + snprintf(err, errlen, "bad ownership or modes for file %s", + buf); + return -1; + } + + /* for each component of the canonical path, walking upwards */ + for (;;) { + if ((cp = dirname(buf)) == NULL) { + snprintf(err, errlen, "dirname() failed"); + return -1; + } + strlcpy(buf, cp, sizeof(buf)); + + if (stat(buf, &st) < 0 || + (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || + (st.st_mode & 022) != 0) { + snprintf(err, errlen, + "bad ownership or modes for directory %s", buf); + return -1; + } + + /* If are past the homedir then we can stop */ + if (comparehome && strcmp(homedir, buf) == 0) + break; + + /* + * dirname should always complete with a "/" path, + * but we can be paranoid and check for "." too + */ + if ((strcmp("/", buf) == 0) || (strcmp(".", buf) == 0)) + break; + } + return 0; +} + +static void +usage(void) +{ + fprintf(stderr, "check-perm -m [chroot | keys-command] [path]\n"); + exit(1); +} + +int +main(int argc, char **argv) +{ + const char *path = "."; + char errmsg[256]; + int ch, mode = -1; + extern char *optarg; + extern int optind; + struct stat st; + + while ((ch = getopt(argc, argv, "hm:")) != -1) { + switch (ch) { + case 'm': + if (strcasecmp(optarg, "chroot") == 0) + mode = 1; + else if (strcasecmp(optarg, "keys-command") == 0) + mode = 2; + else { + fprintf(stderr, "Invalid -m option\n"), + usage(); + } + break; + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc > 1) + usage(); + else if (argc == 1) + path = argv[0]; + + if (mode == 1) + safely_chroot(path, getuid()); + else if (mode == 2) { + if (stat(path, &st) < 0) + fatal("Could not stat %s: %s", path, strerror(errno)); + if (auth_secure_path(path, &st, NULL, 0, + errmsg, sizeof(errmsg)) != 0) + fatal("Unsafe %s: %s", path, errmsg); + } else { + fprintf(stderr, "Invalid mode\n"); + usage(); + } + return 0; +} diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh index 9a51f56..ea739f6 100644 --- a/regress/connect-privsep.sh +++ b/regress/connect-privsep.sh @@ -26,7 +26,12 @@ done # Because sandbox is sensitive to changes in libc, especially malloc, retest # with every malloc.conf option (and none). -for m in '' A F G H J P R S X '<' '>'; do +if [ -z "TEST_MALLOC_OPTIONS" ]; then + mopts="A F G H J P R S X < >" +else + mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'` +fi +for m in '' $mopts ; do for p in ${SSH_PROTOCOLS}; do env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true if [ $? -ne 0 ]; then diff --git a/regress/dhgex.sh b/regress/dhgex.sh index 57fca4a..e7c5733 100644 --- a/regress/dhgex.sh +++ b/regress/dhgex.sh @@ -1,4 +1,4 @@ -# $OpenBSD: dhgex.sh,v 1.2 2014/04/21 22:15:37 djm Exp $ +# $OpenBSD: dhgex.sh,v 1.3 2015/10/23 02:22:01 dtucker Exp $ # Placed in the Public Domain. tid="dhgex" @@ -20,7 +20,9 @@ ssh_test_dhgex() echo "Ciphers=$cipher" >> $OBJ/sshd_proxy rm -f ${LOG} opts="-oKexAlgorithms=$kex -oCiphers=$cipher" - groupsz="1024<$bits<8192" + min=2048 + max=8192 + groupsz="$min<$bits<$max" verbose "$tid bits $bits $kex $cipher" ${SSH} ${opts} $@ -vvv -F ${OBJ}/ssh_proxy somehost true if [ $? -ne 0 ]; then diff --git a/regress/forwarding.sh b/regress/forwarding.sh index fb4f35a..2539db9 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh @@ -1,4 +1,4 @@ -# $OpenBSD: forwarding.sh,v 1.15 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: forwarding.sh,v 1.16 2016/04/14 23:57:17 djm Exp $ # Placed in the Public Domain. tid="local and remote forwarding" @@ -59,7 +59,7 @@ for d in L R; do -$d ${base}01:127.0.0.1:$PORT \ -$d ${base}02:127.0.0.1:$PORT \ -$d ${base}03:127.0.0.1:$PORT \ - -$d ${base}01:127.0.0.1:$PORT \ + -$d ${base}01:localhost:$PORT \ -$d ${base}04:127.0.0.1:$PORT \ -oExitOnForwardFailure=yes somehost true r=$? diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh index 3aa8c40..d69de32 100644 --- a/regress/hostkey-rotate.sh +++ b/regress/hostkey-rotate.sh @@ -1,4 +1,4 @@ -# $OpenBSD: hostkey-rotate.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ +# $OpenBSD: hostkey-rotate.sh,v 1.5 2015/09/04 04:23:10 djm Exp $ # Placed in the Public Domain. tid="hostkey rotate" @@ -108,21 +108,3 @@ verbose "check rotate primary hostkey" dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa expect_nkeys 1 "learn hostkeys" check_key_present ssh-rsa || fail "didn't learn changed key" - -# $OpenBSD: hostkey-rotate.sh,v 1.4 2015/07/10 06:23:25 markus Exp $ -# Placed in the Public Domain. - -tid="hostkey rotate" - -# Prepare hostkeys file with one key - -# Connect to sshd - -# Check that other keys learned - -# Change one hostkey (non primary) - -# Connect to sshd - -# Check that the key was replaced - diff --git a/regress/integrity.sh b/regress/integrity.sh index 1d49767..bfadc6b 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh @@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.16 2015/03/24 20:22:17 markus Exp $ +# $OpenBSD: integrity.sh,v 1.18 2016/03/04 02:48:06 dtucker Exp $ # Placed in the Public Domain. tid="integrity" @@ -54,7 +54,7 @@ for m in $macs; do fail "ssh -m $m succeeds with bit-flip at $off" fi ecnt=`expr $ecnt + 1` - out=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ + out=$(egrep -v "^debug" $TEST_SSH_LOGFILE | tail -2 | \ tr -s '\r\n' '.') case "$out" in Bad?packet*) elen=`expr $elen + 1`; skip=3;; diff --git a/regress/keys-command.sh b/regress/keys-command.sh index 700273b..af68cf1 100644 --- a/regress/keys-command.sh +++ b/regress/keys-command.sh @@ -36,6 +36,12 @@ exec cat "$OBJ/authorized_keys_${LOGNAME}" _EOF $SUDO chmod 0755 "$KEY_COMMAND" +if ! $OBJ/check-perm -m keys-command $KEY_COMMAND ; then + echo "skipping: $KEY_COMMAND is unsuitable as AuthorizedKeysCommand" + $SUDO rm -f $KEY_COMMAND + exit 0 +fi + if [ -x $KEY_COMMAND ]; then cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak diff --git a/regress/keyscan.sh b/regress/keyscan.sh index 886f329..f97364b 100644 --- a/regress/keyscan.sh +++ b/regress/keyscan.sh @@ -1,4 +1,4 @@ -# $OpenBSD: keyscan.sh,v 1.4 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: keyscan.sh,v 1.5 2015/09/11 03:44:21 djm Exp $ # Placed in the Public Domain. tid="keyscan" @@ -8,7 +8,7 @@ rm -f ${OBJ}/host.dsa start_sshd -KEYTYPES="rsa dsa" +KEYTYPES=`${SSH} -Q key-plain` if ssh_version 1; then KEYTYPES="${KEYTYPES} rsa1" fi diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh index 2de037b..c0cf2fe 100644 --- a/regress/limit-keytype.sh +++ b/regress/limit-keytype.sh @@ -1,4 +1,4 @@ -# $OpenBSD: limit-keytype.sh,v 1.1 2015/01/13 07:49:49 djm Exp $ +# $OpenBSD: limit-keytype.sh,v 1.4 2015/10/29 08:05:17 djm Exp $ # Placed in the Public Domain. tid="restrict pubkey type" @@ -20,18 +20,19 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key2 || \ fatal "ssh-keygen failed" ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key3 || \ fatal "ssh-keygen failed" +${SSHKEYGEN} -q -N '' -t dsa -f $OBJ/user_key4 || \ + fatal "ssh-keygen failed" ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \ -z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 || fatal "couldn't sign user_key1" # Copy the private key alongside the cert to allow better control of when # it is offered. mv $OBJ/user_key3-cert.pub $OBJ/cert_user_key3.pub -cp -p $OBJ/user_key3 $OBJ/cert_user_key3 grep -v IdentityFile $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes" -fullopts="$opts -i $OBJ/cert_user_key3 -i $OBJ/user_key1 -i $OBJ/user_key2" +certopts="$opts -i $OBJ/user_key3 -oCertificateFile=$OBJ/cert_user_key3.pub" echo mekmitasdigoat > $OBJ/authorized_principals_$USER cat $OBJ/user_key1.pub > $OBJ/authorized_keys_$USER @@ -53,28 +54,44 @@ prepare_config() { prepare_config # Check we can log in with all key types. -${SSH} $opts -i $OBJ/cert_user_key3 proxy true || fatal "cert failed" +${SSH} $certopts proxy true || fatal "cert failed" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" # Allow plain Ed25519 and RSA. The certificate should fail. -verbose "privsep=$privsep allow rsa,ed25519" +verbose "allow rsa,ed25519" prepare_config "PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519" -${SSH} $opts -i $OBJ/cert_user_key3 proxy true && fatal "cert succeeded" +${SSH} $certopts proxy true && fatal "cert succeeded" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" # Allow Ed25519 only. -verbose "privsep=$privsep allow ed25519" +verbose "allow ed25519" prepare_config "PubkeyAcceptedKeyTypes ssh-ed25519" -${SSH} $opts -i $OBJ/cert_user_key3 proxy true && fatal "cert succeeded" +${SSH} $certopts proxy true && fatal "cert succeeded" ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" # Allow all certs. Plain keys should fail. -verbose "privsep=$privsep allow cert only" +verbose "allow cert only" prepare_config "PubkeyAcceptedKeyTypes ssh-*-cert-v01@openssh.com" -${SSH} $opts -i $OBJ/cert_user_key3 proxy true || fatal "cert failed" +${SSH} $certopts proxy true || fatal "cert failed" ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded" +# Allow RSA in main config, Ed25519 for non-existent user. +verbose "match w/ no match" +prepare_config "PubkeyAcceptedKeyTypes ssh-rsa" \ + "Match user x$USER" "PubkeyAcceptedKeyTypes +ssh-ed25519" +${SSH} $certopts proxy true && fatal "cert succeeded" +${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded" +${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed" + +# Allow only DSA in main config, Ed25519 for user. +verbose "match w/ matching" +prepare_config "PubkeyAcceptedKeyTypes ssh-dss" \ + "Match user $USER" "PubkeyAcceptedKeyTypes +ssh-ed25519" +${SSH} $certopts proxy true || fatal "cert failed" +${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed" +${SSH} $opts -i $OBJ/user_key4 proxy true && fatal "key4 succeeded" + diff --git a/regress/misc/Makefile b/regress/misc/Makefile new file mode 100644 index 0000000..14c0c27 --- /dev/null +++ b/regress/misc/Makefile @@ -0,0 +1,3 @@ +SUBDIR= kexfuzz + +.include diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile new file mode 100644 index 0000000..3018b63 --- /dev/null +++ b/regress/misc/kexfuzz/Makefile @@ -0,0 +1,78 @@ +# $OpenBSD: Makefile,v 1.1 2016/03/04 02:30:37 djm Exp $ + +.include +.include + +# XXX detect from ssh binary? +SSH1?= no +OPENSSL?= yes + +PROG= kexfuzz +SRCS= kexfuzz.c +NOMAN= 1 + +.if (${OPENSSL:L} == "yes") +CFLAGS+= -DWITH_OPENSSL +.else +# SSH v.1 requires OpenSSL. +SSH1= no +.endif + +.if (${SSH1:L} == "yes") +CFLAGS+= -DWITH_SSH1 +.endif + +# enable warnings +WARNINGS=Yes + +DEBUG=-g +CFLAGS+= -fstack-protector-all +CDIAGFLAGS= -Wall +CDIAGFLAGS+= -Wextra +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wchar-subscripts +CDIAGFLAGS+= -Wcomment +CDIAGFLAGS+= -Wformat +CDIAGFLAGS+= -Wformat-security +CDIAGFLAGS+= -Wimplicit +CDIAGFLAGS+= -Winline +CDIAGFLAGS+= -Wmissing-declarations +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wparentheses +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wreturn-type +CDIAGFLAGS+= -Wshadow +CDIAGFLAGS+= -Wsign-compare +CDIAGFLAGS+= -Wstrict-aliasing +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wswitch +CDIAGFLAGS+= -Wtrigraphs +CDIAGFLAGS+= -Wuninitialized +CDIAGFLAGS+= -Wunused +.if ${COMPILER_VERSION} == "gcc4" +CDIAGFLAGS+= -Wpointer-sign +CDIAGFLAGS+= -Wold-style-definition +.endif + +SSHREL=../../../../../usr.bin/ssh + +CFLAGS+=-I${.CURDIR}/${SSHREL} + +.if exists(${.CURDIR}/${SSHREL}/lib/${__objdir}) +LDADD+=-L${.CURDIR}/${SSHREL}/lib/${__objdir} -lssh +DPADD+=${.CURDIR}/${SSHREL}/lib/${__objdir}/libssh.a +.else +LDADD+=-L${.CURDIR}/${SSHREL}/lib -lssh +DPADD+=${.CURDIR}/${SSHREL}/lib/libssh.a +.endif + +LDADD+= -lutil -lz +DPADD+= ${LIBUTIL} ${LIBZ} + +.if (${OPENSSL:L} == "yes") +LDADD+= -lcrypto +DPADD+= ${LIBCRYPTO} +.endif + +.include + diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README new file mode 100644 index 0000000..8b215b5 --- /dev/null +++ b/regress/misc/kexfuzz/README @@ -0,0 +1,28 @@ +This is a harness to help with fuzzing KEX. + +To use it, you first set it to count packets in each direction: + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c +S2C: 29 +C2S: 31 + +Then get it to record a particular packet (in this case the 4th +packet from client->server): + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ + -d -D C2S -i 3 -f packet_3 + +Fuzz the packet somehow: + +dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example + +Then re-run the key exchange substituting the modified packet in +its original sequence: + +./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ + -r -D C2S -i 3 -f packet_3 + +A comprehensive KEX fuzz run would fuzz every packet in both +directions for each key exchange type and every hostkey type. +This will take some time. + diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c new file mode 100644 index 0000000..2894d3a --- /dev/null +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -0,0 +1,410 @@ +/* $OpenBSD: kexfuzz.c,v 1.1 2016/03/04 02:30:37 djm Exp $ */ +/* + * Fuzz harness for KEX code + * + * Placed in the public domain + */ + +#include "includes.h" + +#include +#include +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +#include +#include +#include +#ifdef HAVE_ERR_H +# include +#endif + +#include "ssherr.h" +#include "ssh_api.h" +#include "sshbuf.h" +#include "packet.h" +#include "myproposal.h" +#include "authfile.h" + +struct ssh *active_state = NULL; /* XXX - needed for linking */ + +void kex_tests(void); +static int do_debug = 0; + +enum direction { S2C, C2S }; + +static int +do_send_and_receive(struct ssh *from, struct ssh *to, int mydirection, + int *packet_count, int trigger_direction, int packet_index, + const char *dump_path, struct sshbuf *replace_data) +{ + u_char type; + size_t len, olen; + const u_char *buf; + int r; + FILE *dumpfile; + + for (;;) { + if ((r = ssh_packet_next(from, &type)) != 0) { + fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r)); + return r; + } + if (type != 0) + return 0; + buf = ssh_output_ptr(from, &len); + olen = len; + if (do_debug) { + printf("%s packet %d type %u len %zu:\n", + mydirection == S2C ? "s2c" : "c2s", + *packet_count, type, len); + sshbuf_dump_data(buf, len, stdout); + } + if (mydirection == trigger_direction && + packet_index == *packet_count) { + if (replace_data != NULL) { + buf = sshbuf_ptr(replace_data); + len = sshbuf_len(replace_data); + if (do_debug) { + printf("***** replaced packet " + "len %zu\n", len); + sshbuf_dump_data(buf, len, stdout); + } + } else if (dump_path != NULL) { + if ((dumpfile = fopen(dump_path, "w+")) == NULL) + err(1, "fopen %s", dump_path); + if (len != 0 && + fwrite(buf, len, 1, dumpfile) != 1) + err(1, "fwrite %s", dump_path); + if (do_debug) + printf("***** dumped packet " + "len %zu\n", len); + fclose(dumpfile); + exit(0); + } + } + (*packet_count)++; + if (len == 0) + return 0; + if ((r = ssh_input_append(to, buf, len)) != 0 || + (r = ssh_output_consume(from, olen)) != 0) + return r; + } +} + +/* Minimal test_helper.c scaffholding to make this standalone */ +const char *in_test = NULL; +#define TEST_START(a) \ + do { \ + in_test = (a); \ + if (do_debug) \ + fprintf(stderr, "test %s starting\n", in_test); \ + } while (0) +#define TEST_DONE() \ + do { \ + if (do_debug) \ + fprintf(stderr, "test %s done\n", \ + in_test ? in_test : "???"); \ + in_test = NULL; \ + } while(0) +#define ASSERT_INT_EQ(a, b) \ + do { \ + if ((int)(a) != (int)(b)) { \ + fprintf(stderr, "%s %s:%d " \ + "%s (%d) != expected %s (%d)\n", \ + in_test ? in_test : "(none)", \ + __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \ + exit(2); \ + } \ + } while (0) +#define ASSERT_INT_GE(a, b) \ + do { \ + if ((int)(a) < (int)(b)) { \ + fprintf(stderr, "%s %s:%d " \ + "%s (%d) < expected %s (%d)\n", \ + in_test ? in_test : "(none)", \ + __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \ + exit(2); \ + } \ + } while (0) +#define ASSERT_PTR_NE(a, b) \ + do { \ + if ((a) == (b)) { \ + fprintf(stderr, "%s %s:%d " \ + "%s (%p) != expected %s (%p)\n", \ + in_test ? in_test : "(none)", \ + __func__, __LINE__, #a, (a), #b, (b)); \ + exit(2); \ + } \ + } while (0) + + +static void +run_kex(struct ssh *client, struct ssh *server, int *s2c, int *c2s, + int direction, int packet_index, + const char *dump_path, struct sshbuf *replace_data) +{ + int r = 0; + + while (!server->kex->done || !client->kex->done) { + if ((r = do_send_and_receive(server, client, S2C, s2c, + direction, packet_index, dump_path, replace_data))) + break; + if ((r = do_send_and_receive(client, server, C2S, c2s, + direction, packet_index, dump_path, replace_data))) + break; + } + if (do_debug) + printf("done: %s\n", ssh_err(r)); + ASSERT_INT_EQ(r, 0); + ASSERT_INT_EQ(server->kex->done, 1); + ASSERT_INT_EQ(client->kex->done, 1); +} + +static void +do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c, + int direction, int packet_index, + const char *dump_path, struct sshbuf *replace_data) +{ + struct ssh *client = NULL, *server = NULL, *server2 = NULL; + struct sshkey *pubkey = NULL; + struct sshbuf *state; + struct kex_params kex_params; + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *keyname = NULL; + + TEST_START("sshkey_from_private"); + ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0); + TEST_DONE(); + + TEST_START("ssh_init"); + memcpy(kex_params.proposal, myproposal, sizeof(myproposal)); + if (kex != NULL) + kex_params.proposal[PROPOSAL_KEX_ALGS] = strdup(kex); + keyname = strdup(sshkey_ssh_name(prvkey)); + ASSERT_PTR_NE(keyname, NULL); + kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname; + ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0); + ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0); + ASSERT_PTR_NE(client, NULL); + ASSERT_PTR_NE(server, NULL); + TEST_DONE(); + + TEST_START("ssh_add_hostkey"); + ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0); + ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0); + TEST_DONE(); + + TEST_START("kex"); + run_kex(client, server, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("rekeying client"); + ASSERT_INT_EQ(kex_send_kexinit(client), 0); + run_kex(client, server, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("rekeying server"); + ASSERT_INT_EQ(kex_send_kexinit(server), 0); + run_kex(client, server, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("ssh_packet_get_state"); + state = sshbuf_new(); + ASSERT_PTR_NE(state, NULL); + ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0); + ASSERT_INT_GE(sshbuf_len(state), 1); + TEST_DONE(); + + TEST_START("ssh_packet_set_state"); + server2 = NULL; + ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0); + ASSERT_PTR_NE(server2, NULL); + ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0); + kex_free(server2->kex); /* XXX or should ssh_packet_set_state()? */ + ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0); + ASSERT_INT_EQ(sshbuf_len(state), 0); + sshbuf_free(state); + ASSERT_PTR_NE(server2->kex, NULL); + /* XXX we need to set the callbacks */ + server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; + server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; + server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +#ifdef OPENSSL_HAS_ECC + server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; +#endif + server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server; + server2->kex->load_host_public_key = server->kex->load_host_public_key; + server2->kex->load_host_private_key = server->kex->load_host_private_key; + server2->kex->sign = server->kex->sign; + TEST_DONE(); + + TEST_START("rekeying server2"); + ASSERT_INT_EQ(kex_send_kexinit(server2), 0); + run_kex(client, server2, s2c, c2s, direction, packet_index, + dump_path, replace_data); + ASSERT_INT_EQ(kex_send_kexinit(client), 0); + run_kex(client, server2, s2c, c2s, direction, packet_index, + dump_path, replace_data); + TEST_DONE(); + + TEST_START("cleanup"); + sshkey_free(pubkey); + ssh_free(client); + ssh_free(server); + ssh_free(server2); + free(keyname); + TEST_DONE(); +} + +static void +usage(void) +{ + fprintf(stderr, + "Usage: kexfuzz [-hcdrv] [-D direction] [-f data_file]\n" + " [-K kex_alg] [-k private_key] [-i packet_index]\n" + "\n" + "Options:\n" + " -h Display this help\n" + " -c Count packets sent during KEX\n" + " -d Dump mode: record KEX packet to data file\n" + " -r Replace mode: replace packet with data file\n" + " -v Turn on verbose logging\n" + " -D S2C|C2S Packet direction for replacement or dump\n" + " -f data_file Path to data file for replacement or dump\n" + " -K kex_alg Name of KEX algorithm to test (see below)\n" + " -k private_key Path to private key file\n" + " -i packet_index Index of packet to replace or dump (from 0)\n" + "\n" + "Available KEX algorithms: %s\n", kex_alg_list(' ')); +} + +static void +badusage(const char *bad) +{ + fprintf(stderr, "Invalid options\n"); + fprintf(stderr, "%s\n", bad); + usage(); + exit(1); +} + +int +main(int argc, char **argv) +{ + int ch, fd, r; + int count_flag = 0, dump_flag = 0, replace_flag = 0; + int packet_index = -1, direction = -1; + int s2c = 0, c2s = 0; /* packet counts */ + const char *kex = NULL, *kpath = NULL, *data_path = NULL; + struct sshkey *key = NULL; + struct sshbuf *replace_data = NULL; + + setvbuf(stdout, NULL, _IONBF, 0); + while ((ch = getopt(argc, argv, "hcdrvD:f:K:k:i:")) != -1) { + switch (ch) { + case 'h': + usage(); + return 0; + case 'c': + count_flag = 1; + break; + case 'd': + dump_flag = 1; + break; + case 'r': + replace_flag = 1; + break; + case 'v': + do_debug = 1; + break; + + case 'D': + if (strcasecmp(optarg, "s2c") == 0) + direction = S2C; + else if (strcasecmp(optarg, "c2s") == 0) + direction = C2S; + else + badusage("Invalid direction (-D)"); + break; + case 'f': + data_path = optarg; + break; + case 'K': + kex = optarg; + break; + case 'k': + kpath = optarg; + break; + case 'i': + packet_index = atoi(optarg); + if (packet_index < 0) + badusage("Invalid packet index"); + break; + default: + badusage("unsupported flag"); + } + } + argc -= optind; + argv += optind; + + /* Must select a single mode */ + if ((count_flag + dump_flag + replace_flag) != 1) + badusage("Must select one mode: -c, -d or -r"); + /* KEX type is mandatory */ + if (kex == NULL || !kex_names_valid(kex) || strchr(kex, ',') != NULL) + badusage("Missing or invalid kex type (-K flag)"); + /* Valid key is mandatory */ + if (kpath == NULL) + badusage("Missing private key (-k flag)"); + if ((fd = open(kpath, O_RDONLY)) == -1) + err(1, "open %s", kpath); + if ((r = sshkey_load_private_type_fd(fd, KEY_UNSPEC, NULL, + &key, NULL)) != 0) + errx(1, "Unable to load key %s: %s", kpath, ssh_err(r)); + close(fd); + /* XXX check that it is a private key */ + /* XXX support certificates */ + if (key == NULL || key->type == KEY_UNSPEC || key->type == KEY_RSA1) + badusage("Invalid key file (-k flag)"); + + /* Replace (fuzz) mode */ + if (replace_flag) { + if (packet_index == -1 || direction == -1 || data_path == NULL) + badusage("Replace (-r) mode must specify direction " + "(-D) packet index (-i) and data path (-f)"); + if ((fd = open(data_path, O_RDONLY)) == -1) + err(1, "open %s", data_path); + replace_data = sshbuf_new(); + if ((r = sshkey_load_file(fd, replace_data)) != 0) + errx(1, "read %s: %s", data_path, ssh_err(r)); + close(fd); + } + + /* Dump mode */ + if (dump_flag) { + if (packet_index == -1 || direction == -1 || data_path == NULL) + badusage("Dump (-d) mode must specify direction " + "(-D), packet index (-i) and data path (-f)"); + } + + /* Count mode needs no further flags */ + + do_kex_with_key(kex, key, &c2s, &s2c, + direction, packet_index, + dump_flag ? data_path : NULL, + replace_flag ? replace_data : NULL); + sshkey_free(key); + sshbuf_free(replace_data); + + if (count_flag) { + printf("S2C: %d\n", s2c); + printf("C2S: %d\n", c2s); + } + + return 0; +} diff --git a/regress/modpipe.c b/regress/modpipe.c index 134fe1b..5f4824b 100644 --- a/regress/modpipe.c +++ b/regress/modpipe.c @@ -25,38 +25,10 @@ #include #include #include -#include "openbsd-compat/getopt_long.c" - -static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); -static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); - -#ifdef WIN32_FIXME -void fatal(const char *fmt,...) {/*stub*/} +#ifdef HAVE_ERR_H +# include #endif -static void -err(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - -static void -errx(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} +#include "openbsd-compat/getopt_long.c" static void usage(void) diff --git a/regress/netcat.c b/regress/netcat.c index 3ffdebf..91642df 100644 --- a/regress/netcat.c +++ b/regress/netcat.c @@ -61,6 +61,9 @@ # include # endif #endif +#ifdef HAVE_ERR_H +# include +#endif /* Telnet options from arpa/telnet.h */ #define IAC 255 @@ -134,55 +137,6 @@ void usage(int); ssize_t drainbuf(int, unsigned char *, size_t *); ssize_t fillbuf(int, unsigned char *, size_t *); -static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); -static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); -static void warn(const char *, ...) __attribute__((format(printf, 1, 2))); - -#ifdef WIN32_FIXME -void logit(const char *fmt,...) {} -void debug(const char *fmt,...) {} -void debug2(const char *fmt,...) {} -void debug3(const char *fmt,...) {} -void error(const char *fmt,...) {} -void fatal(const char *fmt,...) {} -#endif - -static void -err(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - -static void -errx(int r, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); - exit(r); -} - -static void -warn(const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", strerror(errno)); - vfprintf(stderr, fmt, args); - fputc('\n', stderr); - va_end(args); -} int main(int argc, char *argv[]) diff --git a/regress/pesterTests/PlatformAbstractLayer.psm1 b/regress/pesterTests/PlatformAbstractLayer.psm1 new file mode 100644 index 0000000..8b5d663 --- /dev/null +++ b/regress/pesterTests/PlatformAbstractLayer.psm1 @@ -0,0 +1,361 @@ +#Abstract layer +Enum MachineRole { + Client + Server +} + +Enum Protocol +{ + WSMAN + SSH +} + +Enum PlatformType { + Windows + Linux + OSX +} + +function Set-Platform { + # Use the .NET Core APIs to determine the current platform; if a runtime + # exception is thrown, we are on FullCLR, not .NET Core. + try { + $Runtime = [System.Runtime.InteropServices.RuntimeInformation] + $OSPlatform = [System.Runtime.InteropServices.OSPlatform] + + $IsLinux = $Runtime::IsOSPlatform($OSPlatform::Linux) + $IsOSX = $Runtime::IsOSPlatform($OSPlatform::OSX) + $IsWindows = $Runtime::IsOSPlatform($OSPlatform::Windows) + } catch { + try { + $IsLinux = $false + $IsOSX = $false + $IsWindows = $true + } + catch { } + } + if($IsOSX) { + [PlatformType]::OSX + } elseif($IsLinux) { + [PlatformType]::Linux + } else { + [PlatformType]::Windows + } +} + +function Is-CoreCLR { + # Use the .NET Core APIs to determine the current platform; if a runtime + # exception is thrown, we are on FullCLR, not .NET Core. + try { + $Runtime = [System.Runtime.InteropServices.RuntimeInformation] + $IsCoreCLR = $true + } catch { + try { + $IsCoreCLR = $false + } + catch { } + } + if($IsCoreCLR) + { + $true + } + $false +} + +Class Machine +{ + [string] $MachineName = $env:COMPUTERNAME + [MachineRole] $Role = [MachineRole]::Client + [PlatformType] $Platform + [boolean] $IsCoreCLR + + #Members on server role + [string []] $PublicHostKeyPaths + [string []] $PrivateHostKeyPaths + [string] $localAdminUserName = "localadmin" + [string] $localAdminPassword = "Bull_dog1" + [string] $localAdminAuthorizedKeyPath + [System.Security.SecureString] $password + $preLatfpSetting + $localUserprofilePath + + #Members on client role + [string []] $clientPrivateKeyPaths + [string []] $clientPublicKeyPaths + [string] $ClientKeyDirectory + [string] $knownHostOfCurrentUser + [string] $OpenSSHdir = $PSScriptRoot + [string] $ToolsPath = "$env:ProgramData\chocolatey\lib\sysinternals\tools" + + Machine() { + $this.Platform = Set-Platform + $this.IsCoreCLR = Is-CoreCLR + $this.InitializeClient() + $this.InitializeServer() + } + + Machine ([MachineRole] $r) { + $this.Platform = Set-Platform + $this.IsCoreCLR = Is-CoreCLR + $this.Role = $r + if($this.Role -eq [MachineRole]::Client) { + $this.InitializeClient() + } else { + $this.InitializeServer() + } + } + + [void] InitializeClient() { + $this.ClientKeyDirectory = join-path ($env:USERPROFILE) ".ssh" + if(-not (Test-path $this.ClientKeyDirectory -PathType Container)) + { + New-Item -Path $this.ClientKeyDirectory -ItemType Directory -Force -ErrorAction silentlycontinue + } + + Remove-Item -Path "$($this.ClientKeyDirectory)\*" -Force -ea silentlycontinue + + $this.knownHostOfCurrentUser = join-path ($env:USERPROFILE) ".ssh/known_hosts" + + if ($this.Platform -eq [PlatformType]::Windows) + { + $this.ToolsPath = "$env:ProgramData\chocolatey\lib\sysinternals\tools" + #download pstools + if ( -not (Test-Path (join-path $($this.ToolsPath) "psexec.exe" ))) { + $this.DownloadPStools() + } + } + + foreach($key in @("ed25519")) #@("rsa","dsa","ecdsa","ed25519") + { + $keyPath = "$($this.ClientKeyDirectory)\id_$key" + $this.clientPrivateKeyPaths += $keyPath + $this.clientPublicKeyPaths += "$keyPath.pub" + $str = ".\ssh-keygen -t $key -P """" -f $keyPath" + $this.RunCmd($str) + + } + } + + [void] InitializeServer() { + if ($this.Platform -eq [PlatformType]::Windows) + { + #Start-Service sshd + #load the profile to create the profile folder + $this.SetLocalAccountTokenFilterPolicy(1) + } + + $this.password = ConvertTo-SecureString -String $this.localAdminPassword -AsPlainText -Force + $this.AddAdminUser($this.localAdminUserName, $this.password) + + $this.SetupServerRemoting([Protocol]::WSMAN) + $this.localUserprofilePath = $this.GetUserProfileLocation($this) + $sshPath = join-path $($this.localUserprofilePath) ".ssh" + if(-not (Test-path $sshPath -PathType Container)) + { + New-Item -Path $sshPath -ItemType Directory -Force -ErrorAction silentlycontinue + } + $this.localAdminAuthorizedKeyPath = join-path $($this.localUserprofilePath) ".ssh/authorized_keys" + Remove-Item -Path $($this.localAdminAuthorizedKeyPath) -Force -ea silentlycontinue + + #Generate all host keys + .\ssh-keygen -A + $this.PublicHostKeyPaths = @("$psscriptroot\ssh_host_ed25519_key.pub") + # @("$psscriptroot\ssh_host_rsa_key.pub","$psscriptroot\ssh_host_dsa_key.pub","$psscriptroot\ssh_host_ecdsa_key.pub","$psscriptroot\ssh_host_ed25519_key.pub") + $this.PrivateHostKeyPaths = @("$psscriptroot\ssh_host_ed25519_key") + # @("$psscriptroot\ssh_host_rsa_key","$psscriptroot\ssh_host_dsa_key","$psscriptroot\ssh_host_ecdsa_key","$psscriptroot\ssh_host_ed25519_key") + } + + [void] SetupClient([Machine] $server) { + #add the host keys known host on client + + if( -not (Test-Path $($this.knownHostOfCurrentUser ) ) ) + { + $null = New-item -path $($this.knownHostOfCurrentUser) -force + } + foreach($keypath in $server.PublicHostKeyPaths) + { + $this.SetKeys($($server.MachineName), $keypath, $($this.knownHostOfCurrentUser)) + } + } + + [void] SetupServerRemoting([Protocol] $protocol) { + if ($this.Platform -eq [PlatformType]::Windows) + { + switch($protocol ) + { + ([Protocol]::SSH) { + $env:Path = "$env:Path;$PSScriptRoot" + Restart-Service sshd + } + ([Protocol]::WSMAN) { + if( (Get-ComputerInfo).osproductType -notcontains 'Server' ) + { + Enable-PSRemoting -Force + } + } + default { + } + } + } + } + + [void] SetupServer([Machine] $client) { + if( -not (Test-Path $($this.localAdminAuthorizedKeyPath ) ) ) + { + $null = New-item -path $($this.localAdminAuthorizedKeyPath) -force + } + + foreach($publicKeyPath in $client.clientPublicKeyPaths) + { + $this.SetKeys($null, $publicKeyPath, $($this.localAdminAuthorizedKeyPath)) + } + } + + [void] CleanupServer() { + Remove-Item -Path $this.localAdminAuthorizedKeyPath -Force -ea silentlycontinue + if ( $this.Platform -eq [PlatformType]::Windows ) + { + $this.CleanupLocalAccountTokenFilterPolicy() + } + } + + [void] CleanupClient() { + Remove-Item -Path "$this.clientKeyPath\*" -Force -ea silentlycontinue + } + + [void] RunCmd($Str) { + if ($this.Platform -eq [PlatformType]::Windows) + { + cmd /c $Str + } + } + + [void] AddAdminUser($UserName, $password) { + if ( $this.Platform -eq [PlatformType]::Windows ) { + $a = Get-LocalUser -Name $UserName -ErrorAction Ignore + if ($a -eq $null) + { + $a = New-LocalUser -Name $UserName -Password $password -AccountNeverExpires -PasswordNeverExpires -UserMayNotChangePassword + } + + if((Get-LocalGroupMember -SID s-1-5-32-544 -Member $a -ErrorAction Ignore ) -eq $null) + { + Add-LocalGroupMember -SID s-1-5-32-544 -Member $a + } + } else { + #Todo add local user and add it to administrators group on linux + #Todo: get $localUserprofilePath + } + } + + #Set LocalAccountTokenFilterPolicy + [void] SetLocalAccountTokenFilterPolicy($setting) { + $path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\system" + #load the profile to create the profile folder + $this.preLatfpSetting = get-ItemProperty -Path $path -Name LocalAccountTokenFilterPolicy -ErrorAction Ignore + if( $this.preLatfpSetting -eq $null) + { + New-ItemProperty -Path $path -Name LocalAccountTokenFilterPolicy -Value $setting -PropertyType DWord + } + else + { + Set-ItemProperty -Path $path -Name LocalAccountTokenFilterPolicy -Value $setting + } + } + + [void] CleanupLocalAccountTokenFilterPolicy() { + if($this.preLatfpSetting -eq $null) + { + Remove-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\system -Name LocalAccountTokenFilterPolicy -Force -ErrorAction SilentlyContinue + } + else + { + Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\system -Name LocalAccountTokenFilterPolicy -Value $this.preLatfpSetting.LocalAccountTokenFilterPolicy + } + } + + [void] SecureHostKeys([string[]] $keys) { + if ( $this.Platform -eq [PlatformType]::Windows ) + { + #TODO: Remove the path to OpenSSHDir from the string link + #Secure host-keys with psexec + foreach($key in $keys) { + & "$($this.ToolsPath)\psexec" -accepteula -nobanner -i -s -w $($this.OpenSSHdir) cmd.exe /c "ssh-add.exe $key" + } + } + } + + [void] CleanupHostKeys() { + if ( $this.Platform -eq [PlatformType]::Windows ) + { + & "$($this.ToolsPath)\psexec" -accepteula -nobanner -i -s -w $($this.OpenSSHdir) cmd.exe /c "ssh-add.exe -D" + } + } + + [string] GetUserProfileLocation([Machine] $remote ) { + #load the profile to create the profile folder + $pscreds = [System.Management.Automation.PSCredential]::new($($remote.MachineName) + "\" + $($remote.localAdminUserName), $($remote.password)) + $ret = Invoke-Command -Credential $pscreds -ComputerName $($remote.MachineName) -command {$env:userprofile} + return $ret + } + + [void] UnzipFile($argVar, $targetondisk ) { + $shell_app=new-object -com shell.application + $zip_file = $shell_app.namespace($argVar) + Write-Host "Uncompressing zip file to $($targetondisk)" -ForegroundColor Cyan + $destination = $shell_app.namespace($targetondisk) + $destination.Copyhere($zip_file.items(), 0x10) + $shell_app = $null + } + + [void] DownloadPStools() + { + $machinePath = [Environment]::GetEnvironmentVariable('Path', 'MACHINE') + $newMachineEnvironmentPath = $machinePath + # Install chocolatey + $chocolateyPath = "$env:AllUsersProfile\chocolatey\bin" + if(Get-Command "choco" -ErrorAction SilentlyContinue) + { + Write-Information -MessageData "Chocolatey is already installed. Skipping installation." + } + else + { + Write-Information -MessageData "Chocolatey not present. Installing chocolatey." + Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')) + + if (-not ($machinePath.ToLower().Contains($chocolateyPath.ToLower()))) + { + Write-Information -MessageData "Adding $chocolateyPath to Path environment variable" + $newMachineEnvironmentPath += ";$chocolateyPath" + $env:Path += ";$chocolateyPath" + } + else + { + Write-Information -MessageData "$chocolateyPath already present in Path environment variable" + } + } + + if ( -not (Test-Path $($this.ToolsPath) ) ) { + Write-Information -MessageData "sysinternals not present. Installing sysinternals." + choco install sysinternals -y + } + else + { + Write-Information -MessageData "sysinternals present. Skipping installation." + } + } + + [void] SetKeys($Hostnames, $keyPath, $Path) { + if($Hostnames -ne $null) + { + foreach ($hostname in $Hostnames) + { + ($hostname + " " + (Get-Content $keyPath)) | Out-File -Append $Path -Encoding ascii + } + } + else + { + Get-Content $keyPath | Out-File -Append $Path -Encoding ascii + } + } +} diff --git a/regress/pesterTests/PortForwarding.Tests.ps1 b/regress/pesterTests/PortForwarding.Tests.ps1 new file mode 100644 index 0000000..4a2eb32 --- /dev/null +++ b/regress/pesterTests/PortForwarding.Tests.ps1 @@ -0,0 +1,56 @@ +using module .\PlatformAbstractLayer.psm1 + +Describe "Tests for portforwarding" -Tags "CI" { + BeforeAll { + $fileName = "test.txt" + $filePath = Join-Path ${TestDrive} $fileName + + [Machine] $client = [Machine]::new([MachineRole]::Client) + [Machine] $server = [Machine]::new([MachineRole]::Server) + $client.SetupClient($server) + $server.SetupServer($client) + + $server.SecureHostKeys($server.PrivateHostKeyPaths) + $server.SetupServerRemoting([Protocol]::WSMAN) + #setup single signon + .\ssh-add.exe $client.clientPrivateKeyPaths[0] + Remove-Item -Path $filePath -Force -ea silentlycontinue + + $testData = @( + @{ + Title = "Local port forwarding" + Options = "-L 5432:127.0.0.1:47001" + Port = 5432 + + }, + @{ + Title = "Remote port forwarding" + Options = "-R 5432:127.0.0.1:47001" + Port = 5432 + } + ) + } + + AfterAll { + #cleanup single signon + .\ssh-add.exe -D + $Server.CleanupHostKeys() + $client.CleanupClient() + $server.CleanupServer() + } + + AfterEach { + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + It '' -TestCases:$testData { + param([string]$Title, $Options, $port) + + $str = ".\ssh $($Options) $($server.localAdminUserName)@$($server.MachineName) powershell.exe Test-WSMan -computer 127.0.0.1 -port $port > $filePath" + $client.RunCmd($str) + #validate file content. + $content = Get-Content $filePath + $content -like "wsmid*" | Should Not Be $null + } + +} diff --git a/regress/pesterTests/PowerShell.SSH.Tests.ps1 b/regress/pesterTests/PowerShell.SSH.Tests.ps1 new file mode 100644 index 0000000..4e87200 --- /dev/null +++ b/regress/pesterTests/PowerShell.SSH.Tests.ps1 @@ -0,0 +1,83 @@ +using module .\PlatformAbstractLayer.psm1 + +Describe "Tests for powershell over ssh" -Tags "Scenario" { + BeforeAll { + $defaultParamValues = $PSDefaultParameterValues.Clone() + #Skip on windows powershell. this feature only supported in powershell core from git + #due to known issue, these tests need to be disabled. + #if ($psversiontable.GitCommitId -eq $null) + if ($true) + { + $PSDefaultParameterValues["It:Skip"] = $true + } + + [Machine] $client = [Machine]::new([MachineRole]::Client) + [Machine] $server = [Machine]::new([MachineRole]::Server) + $client.SetupClient($server) + $server.SetupServer($client) + $server.SetupServerRemoting([Protocol]::SSH) + } + AfterAll { + $global:PSDefaultParameterValues = $defaultParamValues + $client.CleanupClient() + $server.CleanupServer() + } + + Context "Key based authentication with KeyFilePath. Key is Secured in ssh-agenton server" { + BeforeAll { + $server.SecureHostKeys($server.PrivateHostKeyPaths) + $identifyFile = $client.clientPrivateKeyPaths[0] + } + + AfterAll { + $server.CleanupHostKeys() + } + It 'Key is Secured in ssh-agenton server' { + $session = New-PSSession -HostName $server.MachineName -UserName $server.localAdminUserName -KeyFilePath $identifyFile + #$pscreds = [System.Management.Automation.PSCredential]::new($($server.MachineName) + "\" + $($server.localAdminUserName), $($server.password)) + #$session = New-PSSession -Credential $pscreds -ComputerName $($server.MachineName) + $ret = Invoke-Command $session -command {$env:computername} + $ret | Should be $server.MachineName + } + } + + #this context only run on windows + Context "Single signon and host keys are secured in ssh-agent" { + BeforeAll { + $server.SecureHostKeys($server.PrivateHostKeyPaths) + $identifyFile = $client.clientPrivateKeyPaths[0] + #setup single signon + .\ssh-add.exe $identifyFile + } + + AfterAll { + $server.CleanupHostKeys() + + #cleanup single signon + .\ssh-add.exe -D + } + + It 'Single signon and host keys are secured in ssh-agent' { + #$session = New-PSSession -HostName $server.MachineName -UserName $server.localAdminUserName + $pscreds = [System.Management.Automation.PSCredential]::new($($server.MachineName) + "\" + $($server.localAdminUserName), $($server.password)) + $session = New-PSSession -Credential $pscreds -ComputerName $($server.MachineName) + $ret = Invoke-Command $session -command {$env:computername} + $ret | Should be $server.MachineName + } + } + + Context "Key based authentication with KeyFilePath. Host keys are not secured on server" { + BeforeAll { + $identifyFile = $client.clientPrivateKeyPaths[0] + } + + It 'Key based authentication with KeyFilePath. Host keys are not secured on server' { + $session = New-PSSession -HostName $server.MachineName -UserName $server.localAdminUserName -KeyFilePath $identifyFile + #$pscreds = [System.Management.Automation.PSCredential]::new($($server.MachineName) + "\" + $($server.localAdminUserName), $($server.password)) + #$session = New-PSSession -Credential $pscreds -ComputerName $($server.MachineName) + $ret = Invoke-Command $session -command {$env:computername} + $ret | Should be $server.MachineName + } + } +} + diff --git a/regress/pesterTests/SCP.Tests.ps1 b/regress/pesterTests/SCP.Tests.ps1 new file mode 100644 index 0000000..6b2aade --- /dev/null +++ b/regress/pesterTests/SCP.Tests.ps1 @@ -0,0 +1,216 @@ +using module .\PlatformAbstractLayer.psm1 + +#covered -i -p -q -r -v -c -S -C +#todo: -F, -l and -P should be tested over the network +Describe "Tests for scp command" -Tags "Scenario" { + BeforeAll { + $fileName1 = "test.txt" + $fileName2 = "test2.txt" + $SourceDirName = "SourceDir" + $SourceDir = Join-Path ${TestDrive} $SourceDirName + $SourceFilePath = Join-Path $SourceDir $fileName1 + $DestinationDir = Join-Path ${TestDrive} "DestDir" + $DestinationFilePath = Join-Path $DestinationDir $fileName1 + $NestedSourceDir= Join-Path $SourceDir "nested" + $NestedSourceFilePath = Join-Path $NestedSourceDir $fileName2 + $null = New-Item $SourceDir -ItemType directory -Force + $null = New-Item $NestedSourceDir -ItemType directory -Force + $null = New-item -path $SourceFilePath -force + $null = New-item -path $NestedSourceFilePath -force + "Test content111" | Set-content -Path $SourceFilePath + "Test content in nested dir" | Set-content -Path $NestedSourceFilePath + $null = New-Item $DestinationDir -ItemType directory -Force + + [Machine] $client = [Machine]::new([MachineRole]::Client) + [Machine] $server = [Machine]::new([MachineRole]::Server) + $client.SetupClient($server) + $server.SetupServer($client) + + $testData = @( + <# known issue 340 + @{ + Title = 'Simple copy local file to local file'; + Source = $SourceFilePath; + Destination = $DestinationFilePath + },#> + @{ + Title = 'Simple copy local file to remote file'; + Source = $SourceFilePath; + Destination = "$($server.localAdminUserName)@$($server.MachineName):$DestinationFilePath" + }, + @{ + Title = 'Simple copy remote file to local file'; + Source = "$($server.localAdminUserName)@$($server.MachineName):$SourceFilePath" + Destination = $DestinationFilePath + }, + <# known issue 340 + @{ + Title = 'Simple copy local file to local dir'; + Source = $SourceFilePath; + Destination = $DestinationDir + },#> + @{ + Title = 'simple copy local file to remote dir'; + Source = $SourceFilePath; + Destination = "$($server.localAdminUserName)@$($server.MachineName):$DestinationDir" + }, + @{ + Title = 'simple copy remote file to local dir'; + Source = "$($server.localAdminUserName)@$($server.MachineName):$SourceFilePath" + Destination = $DestinationDir + } + ) + + $testData1 = @( + @{ + Title = 'copy from local dir to remote dir'; + Source = $sourceDir; + Destination = "$($server.localAdminUserName)@$($server.MachineName):$DestinationDir" + }, + <# known issue 340 + @{ + Title = 'copy from local dir to local dir'; + Source = $sourceDir; + Destination = $DestinationDir + },#> + @{ + Title = 'copy from remote dir to local dir'; + Source = "$($server.localAdminUserName)@$($server.MachineName):$sourceDir" + Destination = $DestinationDir + } + ) + } + AfterAll { + + $client.CleanupClient() + $server.CleanupServer() + + Get-Item $SourceDir | Remove-Item -Recurse -Force -ea silentlycontinue + Get-Item $DestinationDir | Remove-Item -Recurse -Force -ea silentlycontinue + } + + BeforeEach { + $null = New-Item $DestinationDir -ItemType directory -Force + } + + AfterEach { + Get-ChildItem $DestinationDir -Recurse -Directory | Remove-Item -Recurse -Force -ea silentlycontinue + } + + <#Context "SCP usage" { + It 'SCP usage' { + #TODO: usage output does not redirect to file + } + }#> + + #this context only run on windows + Context "Key is Secured in ssh-agenton server" { + BeforeAll { + $Server.SecureHostKeys($server.PrivateHostKeyPaths) + $identifyFile = $client.clientPrivateKeyPaths[0] + } + + AfterAll { + $Server.CleanupHostKeys() + } + #Known issue 368 + <#It 'File Copy with -i option: <Title> ' -TestCases:$testData { + param([string]$Title, $Source, $Destination) + + .\scp -i $identifyFile $Source $Destination + #validate file content. DestPath is the path to the file. + $equal = @(Compare-Object (Get-ChildItem -path $SourceFilePath) (Get-ChildItem -path $DestinationFilePath) -Property Name, Length).Length -eq 0 + $equal | Should Be $true + } + + <#It 'Directory recursive Copy with -ioption: <Title> ' -TestCases:$testData1 -skip:(!(Is-Windows)) { + param([string]$Title, $Source, $Destination) + + .\scp -r -i $identifyFile $Source $Destination + + $equal = @(Compare-Object (Get-Item -path $SourceDir ) (Get-Item -path (join-path $DestinationDir $SourceDirName) ) -Property Name, Length).Length -eq 0 + $equal | Should Be $true + + #known issue 364 + #$equal = @(Compare-Object (Get-ChildItem -Recurse -path $SourceDir) (Get-ChildItem -Recurse -path (join-path $DestinationDir $SourceDirName) ) -Property Name, Length).Length -eq 0 + #$equal | Should Be $true + }#> + } + + #this context only run on windows + Context "Single signon with keys -p -v -c option Secured in ssh-agent" { + BeforeAll { + $Server.SecureHostKeys($server.PrivateHostKeyPaths) + $identifyFile = $client.clientPrivateKeyPaths[0] + #setup single signon + .\ssh-add.exe $identifyFile + } + + AfterAll { + $Server.CleanupHostKeys() + + #cleanup single signon + .\ssh-add.exe -D + } + + It 'File Copy with -S option (positive)' { + .\scp -S .\ssh.exe $SourceFilePath "$($server.localAdminUserName)@$($server.MachineName):$DestinationFilePath" + #validate file content. DestPath is the path to the file. + $equal = @(Compare-Object (Get-ChildItem -path $SourceFilePath) (Get-ChildItem -path $DestinationFilePath) -Property Name, Length).Length -eq 0 #todo: add LastWriteTime in comparison when issue is fixed + $equal | Should Be $true + } + + It 'File Copy with -p -c -v option: <Title> ' -TestCases:$testData { + param([string]$Title, $Source, $Destination) + + .\scp -p -c aes128-ctr -C $Source $Destination #Todo: add -v after it is supported. + #validate file content. DestPath is the path to the file. + $equal = @(Compare-Object (Get-ChildItem -path $SourceFilePath) (Get-ChildItem -path $DestinationFilePath) -Property Name, Length).Length -eq 0 #todo: add LastWriteTime in comparison when issue is fixed + $equal | Should Be $true + } + + #known issue 369 + <#It 'Directory recursive Copy with -v option: <Title> ' -TestCases:$testData1 { + param([string]$Title, $Source, $Destination) + + .\scp -r -p $Source $Destination + + $equal = @(Compare-Object (Get-Item -path $SourceDir ) (Get-Item -path (join-path $DestinationDir $SourceDirName) ) -Property Name, Length, LastWriteTime).Length -eq 0 + $equal | Should Be $true + + #known issue 364 + #$equal = @(Compare-Object (Get-ChildItem -Recurse -path $SourceDir) (Get-ChildItem -Recurse -path (join-path $DestinationDir $SourceDirName) ) -Property Name, Length, LastWriteTime).Length -eq 0 + #$equal | Should Be $true + }#> + } + <#Known issue 368 + Context "Key based authentication with -i -C -q options. host keys are not secured on server" { + BeforeAll { + $identifyFile = $client.clientPrivateKeyPaths[0] + } + + It 'File Copy with -i -C -q options: <Title> ' -TestCases:$testData{ + param([string]$Title, $Source, $Destination) + + .\scp -i $identifyFile -C -q $Source $Destination + #validate file content. DestPath is the path to the file. + $equal = @(Compare-Object (Get-ChildItem -path $SourceFilePath) (Get-ChildItem -path $DestinationFilePath) -Property Name, Length).Length -eq 0 # need to validate LastWriteTime after issue 356 is fixed. + $equal | Should Be $true + } + + + It 'Directory recursive Copy with -i and -q options: <Title> ' -TestCases:$testData1 { + param([string]$Title, $Source, $Destination) + + .\scp -i $identifyFile -r -q $Source $Destination + $equal = @(Compare-Object (Get-Item -path $SourceDir ) (Get-Item -path (join-path $DestinationDir $SourceDirName) ) -Property Name, Length).Length -eq 0 + $equal | Should Be $true + + #known issue 364 + #$equal = @(Compare-Object (Get-ChildItem -Recurse -path $SourceDir) (Get-ChildItem -Recurse -path (join-path $DestinationDir $SourceDirName) ) -Property Name, Length).Length -eq 0 + #$equal | Should Be $true + } + } + #> +} + diff --git a/regress/pesterTests/SSH.Tests.ps1 b/regress/pesterTests/SSH.Tests.ps1 new file mode 100644 index 0000000..0b39990 --- /dev/null +++ b/regress/pesterTests/SSH.Tests.ps1 @@ -0,0 +1,139 @@ +using module .\PlatformAbstractLayer.psm1 + +#covered -i -q -v -l -c -C +#todo: -S -F -V -e +Describe "Tests for ssh command" -Tags "CI" { + BeforeAll { + $fileName = "test.txt" + $filePath = Join-Path ${TestDrive} $fileName + + [Machine] $client = [Machine]::new([MachineRole]::Client) + [Machine] $server = [Machine]::new([MachineRole]::Server) + $client.SetupClient($server) + $server.SetupServer($client) + + $testData = @( + @{ + Title = 'Simple logon -v option'; + LogonStr = "$($server.localAdminUserName)@$($server.MachineName)" + Options = "-v" + }, + @{ + Title = 'Simple logon using -C -l option' + LogonStr = $server.MachineName + Options = "-C -l $($server.localAdminUserName)" + } + ) + + $testData1 = @( + @{ + Title = "logon using -i -q option" + LogonStr = "$($server.localAdminUserName)@$($server.MachineName)" + Options = '-i $identifyFile -q' + }, + @{ + Title = "logon using -i -v option" + LogonStr = "$($server.localAdminUserName)@$($server.MachineName)" + Options = '-i $identifyFile -v' + }, + @{ + Title = "logon using -i -c option" + LogonStr = "$($server.localAdminUserName)@$($server.MachineName)" + Options = '-i $identifyFile -c aes256-ctr' + }, + <# -V does not redirect to file + @{ + Title = "logon using -i -V option" + LogonStr = "$($server.localAdminUserName)@$($server.MachineName)" + Options = '-i $identifyFile -V' + SkipVerification = $true + },#> + @{ + Title = 'logon using -i -l option' + LogonStr = $server.MachineName + Options = '-i $identifyFile -l $($server.localAdminUserName)' + } + ) + + } + + AfterAll { + $client.CleanupClient() + $server.CleanupServer() + } + + Context "Key is not secured in ssh-agent on server" { + BeforeAll { + $identifyFile = $client.clientPrivateKeyPaths[0] + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + AfterEach { + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + It '<Title>' -TestCases:$testData1 { + param([string]$Title, $LogonStr, $Options, $SkipVerification = $false) + + $str = $ExecutionContext.InvokeCommand.ExpandString(".\ssh $($Options) $($LogonStr) hostname > $filePath") + $client.RunCmd($str) + #validate file content. + Get-Content $filePath | Should be $server.MachineName + } + } + + Context "Key is secured in ssh-agent" { + BeforeAll { + $server.SecureHostKeys($server.PrivateHostKeyPaths) + $identifyFile = $client.clientPrivateKeyPaths[0] + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + AfterAll { + $Server.CleanupHostKeys() + } + + AfterEach { + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + It '<Title>' -TestCases:$testData1 { + param([string]$Title, $LogonStr, $Options, $SkipVerification = $false) + + $str = $ExecutionContext.InvokeCommand.ExpandString(".\ssh $Options $LogonStr hostname > $filePath") + $client.RunCmd($str) + #validate file content. + Get-Content $filePath | Should be $server.MachineName + } + } + + Context "Single signon on client and keys secured in ssh-agent on server" { + BeforeAll { + $Server.SecureHostKeys($server.PrivateHostKeyPaths) + $identifyFile = $client.clientPrivateKeyPaths[0] + #setup single signon + .\ssh-add.exe $identifyFile + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + AfterAll { + $Server.CleanupHostKeys() + + #cleanup single signon + .\ssh-add.exe -D + } + + AfterEach { + Remove-Item -Path $filePath -Force -ea silentlycontinue + } + + It '<Title>' -TestCases:$testData { + param([string]$Title, $LogonStr, $Options) + + $str = ".\ssh $($Options) $($LogonStr) hostname > $filePath" + $client.RunCmd($str) + #validate file content. + Get-Content $filePath | Should be $server.MachineName + } + } +} diff --git a/regress/principals-command.sh b/regress/principals-command.sh index b90a8cf..c0be7e7 100644 --- a/regress/principals-command.sh +++ b/regress/principals-command.sh @@ -24,6 +24,13 @@ _EOF test $? -eq 0 || fatal "couldn't prepare principals command" $SUDO chmod 0755 "$PRINCIPALS_CMD" +if ! $OBJ/check-perm -m keys-command $PRINCIPALS_CMD ; then + echo "skipping: $PRINCIPALS_CMD is unsuitable as " \ + "AuthorizedPrincipalsCommand" + $SUDO rm -f $PRINCIPALS_CMD + exit 0 +fi + # Create a CA key and a user certificate. ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_ca_key || \ fatal "ssh-keygen of user_ca_key failed" diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index f816962..b7a43fa 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh @@ -1,4 +1,4 @@ -# $OpenBSD: proxy-connect.sh,v 1.8 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: proxy-connect.sh,v 1.9 2016/02/17 02:24:17 djm Exp $ # Placed in the Public Domain. tid="proxy connect" @@ -18,7 +18,8 @@ for ps in no yes; do fail "ssh proxyconnect protocol $p privsep=$ps comp=$c failed" fi if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then - fail "bad SSH_CONNECTION protocol $p privsep=$ps comp=$c" + fail "bad SSH_CONNECTION protocol $p privsep=$ps comp=$c: " \ + "$SSH_CONNECTION" fi done done diff --git a/regress/rekey.sh b/regress/rekey.sh index 0d4444d..ae145bc 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: rekey.sh,v 1.16 2015/02/14 12:43:16 markus Exp $ +# $OpenBSD: rekey.sh,v 1.17 2016/01/29 05:18:15 dtucker Exp $ # Placed in the Public Domain. tid="rekey" @@ -137,13 +137,15 @@ for s in 5 10; do done verbose "rekeylimit parsing" -for size in 16 1k 1K 1m 1M 1g 1G; do +for size in 16 1k 1K 1m 1M 1g 1G 4G 8G; do for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do case $size in 16) bytes=16 ;; 1k|1K) bytes=1024 ;; 1m|1M) bytes=1048576 ;; 1g|1G) bytes=1073741824 ;; + 4g|4G) bytes=4294967296 ;; + 8g|8G) bytes=8589934592 ;; esac case $time in 1) seconds=1 ;; diff --git a/regress/setuid-allowed.c b/regress/setuid-allowed.c index 5744b50..3fcbae8 100644 --- a/regress/setuid-allowed.c +++ b/regress/setuid-allowed.c @@ -30,6 +30,7 @@ void debug3(const char *fmt,...) {/*stub*/} #endif void +static void usage(void) { fprintf(stderr, "check-setuid [path]\n"); diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh index 23f7456..9c26eb6 100644 --- a/regress/sftp-chroot.sh +++ b/regress/sftp-chroot.sh @@ -12,6 +12,11 @@ if [ -z "$SUDO" ]; then exit 0 fi +if ! $OBJ/check-perm -m chroot "$CHROOT" ; then + echo "skipped: $CHROOT is unsuitable as ChrootDirectory" + exit 0 +fi + $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ fatal "create $PRIVDATA failed" diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh new file mode 100644 index 0000000..010e028 --- /dev/null +++ b/regress/sshcfgparse.sh @@ -0,0 +1,29 @@ +# $OpenBSD: sshcfgparse.sh,v 1.2 2016/07/14 01:24:21 dtucker Exp $ +# Placed in the Public Domain. + +tid="ssh config parse" + +verbose "reparse minimal config" +(${SSH} -G -F $OBJ/ssh_config somehost >$OBJ/ssh_config.1 && + ${SSH} -G -F $OBJ/ssh_config.1 somehost >$OBJ/ssh_config.2 && + diff $OBJ/ssh_config.1 $OBJ/ssh_config.2) || fail "reparse minimal config" + +verbose "ssh -W opts" +f=`${SSH} -GF $OBJ/ssh_config host | awk '/exitonforwardfailure/{print $2}'` +test "$f" = "no" || fail "exitonforwardfailure default" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/exitonforwardfailure/{print $2}'` +test "$f" = "yes" || fail "exitonforwardfailure enable" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o exitonforwardfailure=no h | \ + awk '/exitonforwardfailure/{print $2}'` +test "$f" = "no" || fail "exitonforwardfailure override" + +f=`${SSH} -GF $OBJ/ssh_config host | awk '/clearallforwardings/{print $2}'` +test "$f" = "no" || fail "clearallforwardings default" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 h | awk '/clearallforwardings/{print $2}'` +test "$f" = "yes" || fail "clearallforwardings enable" +f=`${SSH} -GF $OBJ/ssh_config -W a:1 -o clearallforwardings=no h | \ + awk '/clearallforwardings/{print $2}'` +test "$f" = "no" || fail "clearallforwardings override" + +# cleanup +rm -f $OBJ/ssh_config.[012] diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 114e129..1b6526d 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.51 2015/03/03 22:35:19 markus Exp $ +# $OpenBSD: test-exec.sh,v 1.53 2016/04/15 02:57:10 djm Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -221,6 +221,7 @@ echo "#!/bin/sh" > $SSHLOGWRAP echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP chmod a+rx $OBJ/ssh-log-wrapper.sh +REAL_SSH="$SSH" SSH="$SSHLOGWRAP" # Some test data. We make a copy because some tests will overwrite it. @@ -411,6 +412,13 @@ cat << EOF > $OBJ/sshd_config Subsystem sftp $SFTPSERVER EOF +# This may be necessary if /usr/src and/or /usr/obj are group-writable, +# but if you aren't careful with permissions then the unit tests could +# be abused to locally escalate privileges. +if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then + echo "StrictModes no" >> $OBJ/sshd_config +fi + if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile index d3d9082..0a95d4b 100644 --- a/regress/unittests/Makefile +++ b/regress/unittests/Makefile @@ -1,5 +1,5 @@ -# $OpenBSD: Makefile,v 1.5 2015/02/16 22:21:03 djm Exp $ +# $OpenBSD: Makefile,v 1.6 2016/05/26 19:14:25 schwarze Exp $ REGRESS_FAIL_EARLY= yes -SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys +SUBDIR= test_helper sshbuf sshkey bitmap kex hostkeys utf8 .include <bsd.subdir.mk> diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index 81ce18c..7385e2b 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc @@ -7,6 +7,7 @@ WARNINGS=Yes DEBUG=-g +CFLAGS+= -fstack-protector-all CDIAGFLAGS= -Wall CDIAGFLAGS+= -Wextra CDIAGFLAGS+= -Werror diff --git a/regress/unittests/bitmap/tests.c b/regress/unittests/bitmap/tests.c index 0a2d470..23025f9 100644 --- a/regress/unittests/bitmap/tests.c +++ b/regress/unittests/bitmap/tests.c @@ -24,12 +24,6 @@ #define NTESTS 131 -#ifdef WIN32_FIXME -void fatal(const char *fmt,...) {/*stub*/} -void logit(const char *fmt,...) {/*stub*/} -void debug3(const char *fmt,...) {/*stub*/} -#endif - void tests(void) { diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 37bd410..95f149f 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -45,21 +45,6 @@ struct cbctx { int match_ipv6; }; -#ifdef WIN32_FIXME -const char * -test_data_file(const char *name) -{ - static char ret[PATH_MAX]; - snprintf(ret, sizeof(ret), "c:/openssh/Win32-OpenSSH/regress/unittests/hostkeys/testdata/%s", name); - if (access(ret, F_OK) != 0) { - fprintf(stderr, "Cannot access data file %s: %s\n", - ret, strerror(errno)); - exit(1); - } - return ret; -} -#endif - /* * hostkeys_foreach() iterator callback that verifies the line passed * against an array of expected entries. @@ -76,9 +61,10 @@ check(struct hostkey_foreach_line *l, void *_ctx) test_subtest_info("entry %zu/%zu, file line %ld", ctx->i + 1, ctx->nexpected, l->linenum); -#ifndef WIN32_FIXME for (;;) { - ASSERT_SIZE_T_LT(ctx->i, ctx->nexpected); +#ifndef WIN32_FIXME + //ASSERT_SIZE_T_LT(ctx->i, ctx->nexpected); +#endif expected = ctx->expected + ctx->i++; /* If we are matching host/IP then skip entries that don't */ if (!matching) @@ -92,7 +78,6 @@ check(struct hostkey_foreach_line *l, void *_ctx) if (ctx->match_ipv6 && expected->match_ipv6) break; } -#endif expected_status = (parse_key || expected->no_parse_status < 0) ? expected->l.status : (u_int)expected->no_parse_status; expected_match = expected->l.match; diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index 8a881a4..e7221e0 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -145,10 +145,12 @@ do_kex_with_key(char *kex, int keytype, int bits) sshbuf_free(state); ASSERT_PTR_NE(server2->kex, NULL); /* XXX we need to set the callbacks */ +#ifdef WITH_OPENSSL server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; +#endif #ifdef OPENSSL_HAS_ECC server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server; #endif diff --git a/regress/unittests/sshbuf/test_sshbuf.c b/regress/unittests/sshbuf/test_sshbuf.c index 68114e7..ee77d69 100644 --- a/regress/unittests/sshbuf/test_sshbuf.c +++ b/regress/unittests/sshbuf/test_sshbuf.c @@ -24,12 +24,6 @@ void sshbuf_tests(void); -#ifdef WIN32_FIXME -void fatal(const char *fmt,...) {/*stub*/} -void logit(const char *fmt,...) {/*stub*/} -void debug3(const char *fmt,...) {/*stub*/} -#endif - void sshbuf_tests(void) { diff --git a/regress/unittests/sshbuf/test_sshbuf_misc.c b/regress/unittests/sshbuf/test_sshbuf_misc.c index f155491..762a6c3 100644 --- a/regress/unittests/sshbuf/test_sshbuf_misc.c +++ b/regress/unittests/sshbuf/test_sshbuf_misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshbuf_misc.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */ +/* $OpenBSD: test_sshbuf_misc.c,v 1.2 2016/05/03 13:48:33 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -134,5 +134,34 @@ sshbuf_misc_tests(void) ASSERT_U32_EQ(PEEK_U32(sshbuf_ptr(p1)), 0xd00fd00f); sshbuf_free(p1); TEST_DONE(); + + TEST_START("sshbuf_dup_string"); + p1 = sshbuf_new(); + ASSERT_PTR_NE(p1, NULL); + /* Check empty buffer */ + p = sshbuf_dup_string(p1); + ASSERT_PTR_NE(p, NULL); + ASSERT_SIZE_T_EQ(strlen(p), 0); + free(p); + /* Check buffer with string */ + ASSERT_INT_EQ(sshbuf_put(p1, "quad1", strlen("quad1")), 0); + p = sshbuf_dup_string(p1); + ASSERT_PTR_NE(p, NULL); + ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1")); + ASSERT_STRING_EQ(p, "quad1"); + free(p); + /* Check buffer with terminating nul */ + ASSERT_INT_EQ(sshbuf_put(p1, "\0", 1), 0); + p = sshbuf_dup_string(p1); + ASSERT_PTR_NE(p, NULL); + ASSERT_SIZE_T_EQ(strlen(p), strlen("quad1")); + ASSERT_STRING_EQ(p, "quad1"); + free(p); + /* Check buffer with data after nul (expect failure) */ + ASSERT_INT_EQ(sshbuf_put(p1, "quad2", strlen("quad2")), 0); + p = sshbuf_dup_string(p1); + ASSERT_PTR_EQ(p, NULL); + sshbuf_free(p1); + TEST_DONE(); } diff --git a/regress/unittests/sshbuf/tests.c b/regress/unittests/sshbuf/tests.c index 1557e43..21495b6 100644 --- a/regress/unittests/sshbuf/tests.c +++ b/regress/unittests/sshbuf/tests.c @@ -20,9 +20,13 @@ tests(void) { sshbuf_tests(); sshbuf_getput_basic_tests(); +#ifdef WITH_OPENSSL sshbuf_getput_crypto_tests(); +#endif sshbuf_misc_tests(); sshbuf_fuzz_tests(); +#ifdef WITH_OPENSSL sshbuf_getput_fuzz_tests(); +#endif sshbuf_fixed(); } diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c index b598f05..c8d5560 100644 --- a/regress/unittests/sshkey/common.c +++ b/regress/unittests/sshkey/common.c @@ -19,10 +19,12 @@ #include <string.h> #include <unistd.h> +#ifdef WITH_OPENSSL #include <openssl/bn.h> #include <openssl/rsa.h> #include <openssl/dsa.h> #include <openssl/objects.h> +#endif #ifdef OPENSSL_HAS_NISTP256 # include <openssl/ec.h> #endif @@ -70,6 +72,7 @@ load_text_file(const char *name) return ret; } +#ifdef WITH_OPENSSL BIGNUM * load_bignum(const char *name) { @@ -81,4 +84,4 @@ load_bignum(const char *name) sshbuf_free(buf); return ret; } - +#endif diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index c8a2369..a47a9c1 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_file.c,v 1.4 2015/07/07 14:53:30 markus Exp $ */ +/* $OpenBSD: test_file.c,v 1.5 2015/10/06 01:20:59 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -54,8 +54,7 @@ sshkey_file_tests(void) #ifdef WITH_SSH1 TEST_START("parse RSA1 from private"); buf = load_file("rsa1_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa1_1", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); a = load_bignum("rsa1_1.param.n"); @@ -66,7 +65,7 @@ sshkey_file_tests(void) TEST_START("parse RSA1 from private w/ passphrase"); buf = load_file("rsa1_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "rsa1_1_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); @@ -102,10 +101,10 @@ sshkey_file_tests(void) sshkey_free(k1); #endif +#ifdef WITH_OPENSSL TEST_START("parse RSA from private"); buf = load_file("rsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "rsa_1", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); a = load_bignum("rsa_1.param.n"); @@ -122,7 +121,7 @@ sshkey_file_tests(void) TEST_START("parse RSA from private w/ passphrase"); buf = load_file("rsa_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "rsa_1_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); @@ -131,24 +130,23 @@ sshkey_file_tests(void) TEST_START("parse RSA from new-format"); buf = load_file("rsa_n"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - "", "rsa_n", &k2, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); - +#ifndef WIN32_FIXME TEST_START("parse RSA from new-format w/ passphrase"); buf = load_file("rsa_n_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "rsa_n_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); - +#endif TEST_START("load RSA from public"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, NULL), 0); @@ -197,8 +195,7 @@ sshkey_file_tests(void) TEST_START("parse DSA from private"); buf = load_file("dsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "dsa_1", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); a = load_bignum("dsa_1.param.g"); @@ -215,7 +212,7 @@ sshkey_file_tests(void) TEST_START("parse DSA from private w/ passphrase"); buf = load_file("dsa_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "dsa_1_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); @@ -224,24 +221,24 @@ sshkey_file_tests(void) TEST_START("parse DSA from new-format"); buf = load_file("dsa_n"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - "", "dsa_n", &k2, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); +#ifndef WIN32_FIXME TEST_START("parse DSA from new-format w/ passphrase"); buf = load_file("dsa_n_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "dsa_n_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); - +#endif TEST_START("load DSA from public"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2, NULL), 0); @@ -287,12 +284,12 @@ sshkey_file_tests(void) TEST_DONE(); sshkey_free(k1); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("parse ECDSA from private"); buf = load_file("ecdsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ecdsa_1", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); buf = load_text_file("ecdsa_1.param.curve"); @@ -315,7 +312,7 @@ sshkey_file_tests(void) TEST_START("parse ECDSA from private w/ passphrase"); buf = load_file("ecdsa_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "ecdsa_1_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); @@ -324,24 +321,23 @@ sshkey_file_tests(void) TEST_START("parse ECDSA from new-format"); buf = load_file("ecdsa_n"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - "", "ecdsa_n", &k2, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); - +#ifndef WIN32_FIXME TEST_START("parse ECDSA from new-format w/ passphrase"); buf = load_file("ecdsa_n_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "ecdsa_n_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); sshkey_free(k2); TEST_DONE(); - +#endif TEST_START("load ECDSA from public"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_1.pub"), &k2, NULL), 0); @@ -388,11 +384,10 @@ sshkey_file_tests(void) sshkey_free(k1); #endif /* OPENSSL_HAS_ECC */ - +#ifndef WIN32_FIXME TEST_START("parse Ed25519 from private"); buf = load_file("ed25519_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "ed25519_1", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k1, NULL); ASSERT_INT_EQ(k1->type, KEY_ED25519); @@ -402,7 +397,7 @@ sshkey_file_tests(void) TEST_START("parse Ed25519 from private w/ passphrase"); buf = load_file("ed25519_1_pw"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, - (const char *)sshbuf_ptr(pw), "ed25519_1_pw", &k2, NULL), 0); + (const char *)sshbuf_ptr(pw), &k2, NULL), 0); sshbuf_free(buf); ASSERT_PTR_NE(k2, NULL); ASSERT_INT_EQ(sshkey_equal(k1, k2), 1); @@ -456,5 +451,5 @@ sshkey_file_tests(void) sshkey_free(k1); sshbuf_free(pw); - +#endif } diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 1f08a2e..3f8879f 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_fuzz.c,v 1.4 2015/03/04 23:22:35 djm Exp $ */ +/* $OpenBSD: test_fuzz.c,v 1.6 2015/12/07 02:20:46 djm Exp $ */ /* * Fuzz tests for key parsing * @@ -72,13 +72,13 @@ public_fuzz(struct sshkey *k) } static void -sig_fuzz(struct sshkey *k) +sig_fuzz(struct sshkey *k, const char *sig_alg) { struct fuzz *fuzz; u_char *sig, c[] = "some junk to be signed"; size_t l; - ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), 0), 0); + ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0); ASSERT_SIZE_T_GT(l, 0); fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */ FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP | @@ -110,8 +110,7 @@ sshkey_fuzz_tests(void) fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -119,8 +118,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -154,8 +152,7 @@ sshkey_fuzz_tests(void) buf = load_file("rsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -163,8 +160,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -176,8 +172,7 @@ sshkey_fuzz_tests(void) buf = load_file("rsa_n"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -185,8 +180,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -198,8 +192,7 @@ sshkey_fuzz_tests(void) buf = load_file("dsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -207,8 +200,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -220,8 +212,7 @@ sshkey_fuzz_tests(void) buf = load_file("dsa_n"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -229,8 +220,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -243,8 +233,7 @@ sshkey_fuzz_tests(void) buf = load_file("ecdsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -252,8 +241,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -265,8 +253,7 @@ sshkey_fuzz_tests(void) buf = load_file("ecdsa_n"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -274,8 +261,7 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } @@ -283,13 +269,12 @@ sshkey_fuzz_tests(void) fuzz_cleanup(fuzz); TEST_DONE(); #endif - +#ifndef WIN32_FIXME TEST_START("fuzz Ed25519 private"); buf = load_file("ed25519_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), sshbuf_len(buf)); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshkey_free(k1); sshbuf_free(buf); ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL); @@ -297,19 +282,17 @@ sshkey_fuzz_tests(void) for(; !fuzz_done(fuzz); fuzz_next(fuzz)) { r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz)); ASSERT_INT_EQ(r, 0); - if (sshkey_parse_private_fileblob(fuzzed, "", "key", - &k1, NULL) == 0) + if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0) sshkey_free(k1); sshbuf_reset(fuzzed); } sshbuf_free(fuzzed); fuzz_cleanup(fuzz); TEST_DONE(); - +#endif TEST_START("fuzz RSA public"); buf = load_file("rsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); public_fuzz(k1); sshkey_free(k1); @@ -323,8 +306,7 @@ sshkey_fuzz_tests(void) TEST_START("fuzz DSA public"); buf = load_file("dsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); public_fuzz(k1); sshkey_free(k1); @@ -339,8 +321,7 @@ sshkey_fuzz_tests(void) #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA public"); buf = load_file("ecdsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); public_fuzz(k1); sshkey_free(k1); @@ -352,11 +333,10 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); #endif - +#ifndef WIN32_FIXME TEST_START("fuzz Ed25519 public"); buf = load_file("ed25519_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); public_fuzz(k1); sshkey_free(k1); @@ -367,45 +347,57 @@ sshkey_fuzz_tests(void) public_fuzz(k1); sshkey_free(k1); TEST_DONE(); - +#endif TEST_START("fuzz RSA sig"); buf = load_file("rsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); - sig_fuzz(k1); + sig_fuzz(k1, "ssh-rsa"); + sshkey_free(k1); + TEST_DONE(); + + TEST_START("fuzz RSA SHA256 sig"); + buf = load_file("rsa_1"); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); + sshbuf_free(buf); + sig_fuzz(k1, "rsa-sha2-256"); + sshkey_free(k1); + TEST_DONE(); + + TEST_START("fuzz RSA SHA512 sig"); + buf = load_file("rsa_1"); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); + sshbuf_free(buf); + sig_fuzz(k1, "rsa-sha2-512"); sshkey_free(k1); TEST_DONE(); TEST_START("fuzz DSA sig"); buf = load_file("dsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); - sig_fuzz(k1); + sig_fuzz(k1, NULL); sshkey_free(k1); TEST_DONE(); #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA sig"); buf = load_file("ecdsa_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); - sig_fuzz(k1); + sig_fuzz(k1, NULL); sshkey_free(k1); TEST_DONE(); #endif - +#ifndef WIN32_FIXME TEST_START("fuzz Ed25519 sig"); buf = load_file("ed25519_1"); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", "key", - &k1, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); sshbuf_free(buf); - sig_fuzz(k1); + sig_fuzz(k1, NULL); sshkey_free(k1); TEST_DONE(); - +#endif /* XXX fuzz decoded new-format blobs too */ } diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index f1ae436..7a987f6 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.7 2015/08/05 05:27:33 djm Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.10 2016/05/02 09:52:00 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -50,23 +50,10 @@ put_opt(struct sshbuf *b, const char *name, const char *value) sshbuf_free(sect); } -#ifdef WIN32_FIXME -const char * -test_data_file(const char *name) -{ - static char ret[PATH_MAX]; - snprintf(ret, sizeof(ret), "c:/openssh/Win32-OpenSSH/regress/unittests/sshkey/testdata/%s", name); - if (access(ret, F_OK) != 0) { - fprintf(stderr, "Cannot access data file %s: %s\n", - ret, strerror(errno)); - exit(1); - } - return ret; -} -#endif static void build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, - const struct sshkey *sign_key, const struct sshkey *ca_key) + const struct sshkey *sign_key, const struct sshkey *ca_key, + const char *sig_alg) { struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts; u_char *sigblob; @@ -113,7 +100,7 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */ ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */ ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen, - sshbuf_ptr(b), sshbuf_len(b), 0), 0); + sshbuf_ptr(b), sshbuf_len(b), sig_alg, 0), 0); ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */ free(sigblob); @@ -125,12 +112,13 @@ build_cert(struct sshbuf *b, const struct sshkey *k, const char *type, } static void -signature_test(struct sshkey *k, struct sshkey *bad, const u_char *d, size_t l) +signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg, + const u_char *d, size_t l) { size_t len; u_char *sig; - ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, 0), 0); + ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, 0), 0); ASSERT_SIZE_T_GT(len, 8); ASSERT_PTR_NE(sig, NULL); ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, 0), 0); @@ -157,7 +145,7 @@ banana(u_char *s, size_t l) } static void -signature_tests(struct sshkey *k, struct sshkey *bad) +signature_tests(struct sshkey *k, struct sshkey *bad, const char *sig_alg) { u_char i, buf[2049]; size_t lens[] = { @@ -169,7 +157,7 @@ signature_tests(struct sshkey *k, struct sshkey *bad) test_subtest_info("%s key, banana length %zu", sshkey_type(k), lens[i]); banana(buf, lens[i]); - signature_test(k, bad, buf, lens[i]); + signature_test(k, bad, sig_alg, buf, lens[i]); } } @@ -180,7 +168,7 @@ get_private(const char *n) struct sshkey *ret; b = load_file(n); - ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", n, &ret, NULL), 0); + ASSERT_INT_EQ(sshkey_parse_private_fileblob(b, "", &ret, NULL), 0); sshbuf_free(b); return ret; } @@ -205,6 +193,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("new/free KEY_RSA1"); k1 = sshkey_new(KEY_RSA1); ASSERT_PTR_NE(k1, NULL); @@ -233,6 +222,7 @@ sshkey_tests(void) ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("new/free KEY_ECDSA"); @@ -252,6 +242,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("new_private KEY_RSA"); k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); @@ -320,7 +311,7 @@ sshkey_tests(void) ASSERT_PTR_NE(kd->dsa->g, NULL); ASSERT_PTR_NE(kd->dsa->priv_key, NULL); TEST_DONE(); - +#endif #ifdef OPENSSL_HAS_ECC TEST_START("generate KEY_ECDSA"); ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0); @@ -339,6 +330,7 @@ sshkey_tests(void) ASSERT_PTR_NE(kf->ed25519_sk, NULL); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("demote KEY_RSA"); ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); ASSERT_PTR_NE(k1, NULL); @@ -369,6 +361,7 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(kd, k1), 1); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("demote KEY_ECDSA"); @@ -436,7 +429,8 @@ sshkey_tests(void) #endif sshkey_free(kf); - TEST_START("certify key"); +#ifndef WIN32_FIXME + TEST_START("certify key"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_1.pub"), &k1, NULL), 0); k2 = get_private("ed25519_2"); @@ -467,7 +461,7 @@ sshkey_tests(void) put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL); put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL); ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0); - ASSERT_INT_EQ(sshkey_certify(k1, k2), 0); + ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL), 0); b = sshbuf_new(); ASSERT_PTR_NE(b, NULL); ASSERT_INT_EQ(sshkey_putb(k1, b), 0); @@ -478,12 +472,31 @@ sshkey_tests(void) sshkey_free(k3); sshbuf_reset(b); TEST_DONE(); +#endif TEST_START("sign and verify RSA"); k1 = get_private("rsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, NULL), 0); - signature_tests(k1, k2); + signature_tests(k1, k2, "ssh-rsa"); + sshkey_free(k1); + sshkey_free(k2); + TEST_DONE(); + + TEST_START("sign and verify RSA-SHA256"); + k1 = get_private("rsa_1"); + ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, + NULL), 0); + signature_tests(k1, k2, "rsa-sha2-256"); + sshkey_free(k1); + sshkey_free(k2); + TEST_DONE(); + + TEST_START("sign and verify RSA-SHA512"); + k1 = get_private("rsa_1"); + ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2, + NULL), 0); + signature_tests(k1, k2, "rsa-sha2-512"); sshkey_free(k1); sshkey_free(k2); TEST_DONE(); @@ -492,29 +505,28 @@ sshkey_tests(void) k1 = get_private("dsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, NULL), 0); - signature_tests(k1, k2); + signature_tests(k1, k2, NULL); sshkey_free(k1); sshkey_free(k2); TEST_DONE(); + #ifdef OPENSSL_HAS_ECC #ifndef WIN32_FIXME TEST_START("sign and verify ECDSA"); k1 = get_private("ecdsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_2.pub"), &k2, NULL), 0); - signature_tests(k1, k2); + signature_tests(k1, k2, NULL); sshkey_free(k1); sshkey_free(k2); TEST_DONE(); -#endif -#endif TEST_START("sign and verify ED25519"); k1 = get_private("ed25519_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_2.pub"), &k2, NULL), 0); - signature_tests(k1, k2); + signature_tests(k1, k2, NULL); sshkey_free(k1); sshkey_free(k2); TEST_DONE(); @@ -524,7 +536,7 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2, NULL), 0); k3 = get_private("rsa_1"); - build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1); + build_cert(b, k2, "ssh-rsa-cert-v01@openssh.com", k3, k1, NULL); ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(b), sshbuf_len(b), &k4), SSH_ERR_KEY_CERT_INVALID_SIGN_KEY); ASSERT_PTR_EQ(k4, NULL); @@ -533,5 +545,6 @@ sshkey_tests(void) sshkey_free(k3); sshbuf_free(b); TEST_DONE(); - +#endif +#endif } diff --git a/regress/unittests/sshkey/tests.c b/regress/unittests/sshkey/tests.c index 13f265c..1b89eb9 100644 --- a/regress/unittests/sshkey/tests.c +++ b/regress/unittests/sshkey/tests.c @@ -18,9 +18,10 @@ void sshkey_fuzz_tests(void); void tests(void) { +#ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); ERR_load_CRYPTO_strings(); - +#endif sshkey_tests(); sshkey_file_tests(); sshkey_fuzz_tests(); diff --git a/regress/unittests/test_helper/Makefile b/regress/unittests/test_helper/Makefile index 5b3894c..78026e6 100644 --- a/regress/unittests/test_helper/Makefile +++ b/regress/unittests/test_helper/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.2 2015/01/20 22:58:57 djm Exp $ +# $OpenBSD: Makefile,v 1.3 2016/07/04 18:01:44 guenther Exp $ LIB= test_helper SRCS= test_helper.c fuzz.c -DEBUGLIBS= no NOPROFILE= yes NOPIC= yes diff --git a/regress/unittests/utf8/Makefile b/regress/unittests/utf8/Makefile new file mode 100644 index 0000000..150ea2f --- /dev/null +++ b/regress/unittests/utf8/Makefile @@ -0,0 +1,12 @@ +# $OpenBSD: Makefile,v 1.2 2016/05/30 12:14:08 schwarze Exp $ + +TEST_ENV= "MALLOC_OPTIONS=CFGJPRSUX" + +PROG=test_utf8 +SRCS=tests.c +REGRESS_TARGETS=run-regress-${PROG} + +run-regress-${PROG}: ${PROG} + env ${TEST_ENV} ./${PROG} + +.include <bsd.regress.mk> diff --git a/regress/unittests/utf8/tests.c b/regress/unittests/utf8/tests.c new file mode 100644 index 0000000..7e8b406 --- /dev/null +++ b/regress/unittests/utf8/tests.c @@ -0,0 +1,92 @@ +/* $OpenBSD: tests.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */ +/* + * Regress test for the utf8.h *mprintf() API + * + * Written by Ingo Schwarze <schwarze@openbsd.org> in 2016 + * and placed in the public domain. + */ + +#include <locale.h> +#include <string.h> + +#include "../test_helper/test_helper.h" + +#include "utf8.h" + +void badarg(void); +void one(const char *, const char *, int, int, int, const char *); + +void +badarg(void) +{ + char buf[16]; + int len, width; + + width = 1; + TEST_START("utf8_badarg"); + len = snmprintf(buf, sizeof(buf), &width, "\377"); + ASSERT_INT_EQ(len, -1); + ASSERT_STRING_EQ(buf, ""); + ASSERT_INT_EQ(width, 0); + TEST_DONE(); +} + +void +one(const char *name, const char *mbs, int width, + int wantwidth, int wantlen, const char *wants) +{ + char buf[16]; + int *wp; + int len; + + if (wantlen == -2) + wantlen = strlen(wants); + (void)strlcpy(buf, "utf8_", sizeof(buf)); + (void)strlcat(buf, name, sizeof(buf)); + TEST_START(buf); + wp = wantwidth == -2 ? NULL : &width; + len = snmprintf(buf, sizeof(buf), wp, "%s", mbs); + ASSERT_INT_EQ(len, wantlen); + ASSERT_STRING_EQ(buf, wants); + ASSERT_INT_EQ(width, wantwidth); + TEST_DONE(); +} + +void +tests(void) +{ + char *loc; + + TEST_START("utf8_setlocale"); +#ifdef WIN32_FIXME + loc = setlocale(LC_CTYPE, "English"); +#else + loc = setlocale(LC_CTYPE, "en_US.UTF-8"); +#endif + ASSERT_PTR_NE(loc, NULL); + TEST_DONE(); + + badarg(); + one("null", NULL, 8, 6, 6, "(null)"); + one("empty", "", 2, 0, 0, ""); + one("ascii", "x", -2, -2, -2, "x"); + one("newline", "a\nb", -2, -2, -2, "a\nb"); + one("cr", "a\rb", -2, -2, -2, "a\rb"); + one("tab", "a\tb", -2, -2, -2, "a\tb"); +#ifndef WIN32_FIXME + one("esc", "\033x", -2, -2, -2, "\\033x"); + one("inv_badbyte", "\377x", -2, -2, -2, "\\377x"); + one("inv_nocont", "\341x", -2, -2, -2, "\\341x"); + one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b"); +#endif + one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345"); +#ifndef WIN32_FIXME + one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012"); +#endif + one("width_ascii", "123", 2, 2, -1, "12"); + one("width_double", "a\343\201\201", 2, 1, -1, "a"); +#ifndef WIN32_FIXME + one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201"); + one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201"); +#endif +} diff --git a/regress/unittests/win32compat/test_helper.c b/regress/unittests/win32compat/test_helper.c index 6d31019..0c33953 100644 --- a/regress/unittests/win32compat/test_helper.c +++ b/regress/unittests/win32compat/test_helper.c @@ -17,7 +17,7 @@ /* Utility functions/framework for regress tests */ -//#include "includes.h" +#include "includes.h" #include <sys/types.h> //#include <sys/param.h> @@ -34,7 +34,9 @@ //#include <unistd.h> #include <signal.h> -//#include <openssl/bn.h> +#ifdef WITH_OPENSSL +#include <openssl/bn.h> +#endif #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS) # include <vis.h> @@ -43,6 +45,8 @@ #include "test_helper.h" //#include "atomicio.h" +#define F_OK 0 + #define TEST_CHECK_INT(r, pred) do { \ switch (pred) { \ case TEST_EQ: \ @@ -173,7 +177,6 @@ main(int argc, char **argv) printf(" %u tests ok\n", test_number); return 0; } -#ifndef WIN32_FIXME const char * test_data_file(const char *name) { @@ -190,7 +193,6 @@ test_data_file(const char *name) } return ret; } -#endif void test_info(char *s, size_t len) @@ -311,18 +313,20 @@ test_header(const char *file, int line, const char *a1, const char *a2, a2 != NULL ? ", " : "", a2 != NULL ? a2 : ""); } -//void -//assert_bignum(const char *file, int line, const char *a1, const char *a2, -// const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred) -//{ -// int r = BN_cmp(aa1, aa2); -// -// TEST_CHECK_INT(r, pred); -// test_header(file, line, a1, a2, "BIGNUM", pred); -// fprintf(stderr, "%12s = 0x%s\n", a1, BN_bn2hex(aa1)); -// fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2)); -// test_die(); -//} +#ifdef WITH_OPENSSL +void +assert_bignum(const char *file, int line, const char *a1, const char *a2, + const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred) +{ + int r = BN_cmp(aa1, aa2); + + TEST_CHECK_INT(r, pred); + test_header(file, line, a1, a2, "BIGNUM", pred); + fprintf(stderr, "%12s = 0x%s\n", a1, BN_bn2hex(aa1)); + fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2)); + test_die(); +} +#endif void assert_string(const char *file, int line, const char *a1, const char *a2, diff --git a/rel/Master-10_13_2015/OpenSSH-Win32.zip b/rel/Master-10_13_2015/OpenSSH-Win32.zip deleted file mode 100644 index de80afc..0000000 Binary files a/rel/Master-10_13_2015/OpenSSH-Win32.zip and /dev/null differ diff --git a/roaming.h b/roaming.h deleted file mode 100644 index da069f8..0000000 --- a/roaming.h +++ /dev/null @@ -1,45 +0,0 @@ -/* $OpenBSD: roaming.h,v 1.6 2011/12/07 05:44:38 djm Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef ROAMING_H -#define ROAMING_H - -#define DEFAULT_ROAMBUF 65536 -#define MAX_ROAMBUF (2*1024*1024) /* XXX arbitrary */ -#define ROAMING_REQUEST "roaming@appgate.com" - -extern int roaming_enabled; -extern int resume_in_progress; - -void request_roaming(void); -int get_snd_buf_size(void); -int get_recv_buf_size(void); -void add_recv_bytes(u_int64_t); -int wait_for_roaming_reconnect(void); -void roaming_reply(int, u_int32_t, void *); -void set_out_buffer_size(size_t); -ssize_t roaming_write(int, const void *, size_t, int *); -ssize_t roaming_read(int, void *, size_t, int *); -size_t roaming_atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); -u_int64_t get_recv_bytes(void); -u_int64_t get_sent_bytes(void); -void roam_set_bytes(u_int64_t, u_int64_t); -void resend_bytes(int, u_int64_t *); -void calculate_new_key(u_int64_t *, u_int64_t, u_int64_t); -int resume_kex(void); - -#endif /* ROAMING */ diff --git a/roaming_client.c b/roaming_client.c deleted file mode 100644 index cb13285..0000000 --- a/roaming_client.c +++ /dev/null @@ -1,271 +0,0 @@ -/* $OpenBSD: roaming_client.c,v 1.9 2015/01/27 12:54:06 okan Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include "openbsd-compat/sys-queue.h" -#include <sys/types.h> -#include <sys/socket.h> - -#include <signal.h> -#include <string.h> -#include <unistd.h> - -#include "xmalloc.h" -#include "buffer.h" -#include "channels.h" -#include "cipher.h" -#include "dispatch.h" -#include "clientloop.h" -#include "log.h" -#include "match.h" -#include "misc.h" -#include "packet.h" -#include "ssh.h" -#include "key.h" -#include "kex.h" -#include "readconf.h" -#include "roaming.h" -#include "ssh2.h" -#include "sshconnect.h" -#include "digest.h" - -/* import */ -extern Options options; -extern char *host; -extern struct sockaddr_storage hostaddr; -extern int session_resumed; - -static u_int32_t roaming_id; -static u_int64_t cookie; -static u_int64_t lastseenchall; -static u_int64_t key1, key2, oldkey1, oldkey2; - -void -roaming_reply(int type, u_int32_t seq, void *ctxt) -{ - if (type == SSH2_MSG_REQUEST_FAILURE) { - logit("Server denied roaming"); - return; - } - verbose("Roaming enabled"); - roaming_id = packet_get_int(); - cookie = packet_get_int64(); - key1 = oldkey1 = packet_get_int64(); - key2 = oldkey2 = packet_get_int64(); - set_out_buffer_size(packet_get_int() + get_snd_buf_size()); - roaming_enabled = 1; -} - -void -request_roaming(void) -{ - packet_start(SSH2_MSG_GLOBAL_REQUEST); - packet_put_cstring(ROAMING_REQUEST); - packet_put_char(1); - packet_put_int(get_recv_buf_size()); - packet_send(); - client_register_global_confirm(roaming_reply, NULL); -} - -static void -roaming_auth_required(void) -{ - u_char digest[SSH_DIGEST_MAX_LENGTH]; - Buffer b; - u_int64_t chall, oldchall; - - chall = packet_get_int64(); - oldchall = packet_get_int64(); - if (oldchall != lastseenchall) { - key1 = oldkey1; - key2 = oldkey2; - } - lastseenchall = chall; - - buffer_init(&b); - buffer_put_int64(&b, cookie); - buffer_put_int64(&b, chall); - if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) - fatal("%s: ssh_digest_buffer failed", __func__); - buffer_free(&b); - - packet_start(SSH2_MSG_KEX_ROAMING_AUTH); - packet_put_int64(key1 ^ get_recv_bytes()); - packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); - packet_send(); - - oldkey1 = key1; - oldkey2 = key2; - calculate_new_key(&key1, cookie, chall); - calculate_new_key(&key2, cookie, chall); - - debug("Received %llu bytes", (unsigned long long)get_recv_bytes()); - debug("Sent roaming_auth packet"); -} - -int -resume_kex(void) -{ - /* - * This should not happen - if the client sends the kex method - * resume@appgate.com then the kex is done in roaming_resume(). - */ - return 1; -} - -static int -roaming_resume(void) -{ - u_int64_t recv_bytes; - char *str = NULL, *kexlist = NULL, *c; - int i, type; - int timeout_ms = options.connection_timeout * 1000; - u_int len; - u_int32_t rnd = 0; - - resume_in_progress = 1; - - /* Exchange banners */ - ssh_exchange_identification(timeout_ms); - packet_set_nonblocking(); - - /* Send a kexinit message with resume@appgate.com as only kex algo */ - packet_start(SSH2_MSG_KEXINIT); - for (i = 0; i < KEX_COOKIE_LEN; i++) { - if (i % 4 == 0) - rnd = arc4random(); - packet_put_char(rnd & 0xff); - rnd >>= 8; - } - packet_put_cstring(KEX_RESUME); - for (i = 1; i < PROPOSAL_MAX; i++) { - /* kex algorithm added so start with i=1 and not 0 */ - packet_put_cstring(""); /* Not used when we resume */ - } - packet_put_char(1); /* first kex_packet follows */ - packet_put_int(0); /* reserved */ - packet_send(); - - /* Assume that resume@appgate.com will be accepted */ - packet_start(SSH2_MSG_KEX_ROAMING_RESUME); - packet_put_int(roaming_id); - packet_send(); - - /* Read the server's kexinit and check for resume@appgate.com */ - if ((type = packet_read()) != SSH2_MSG_KEXINIT) { - debug("expected kexinit on resume, got %d", type); - goto fail; - } - for (i = 0; i < KEX_COOKIE_LEN; i++) - (void)packet_get_char(); - kexlist = packet_get_string(&len); - if (!kexlist - || (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) { - debug("server doesn't allow resume"); - goto fail; - } - free(str); - for (i = 1; i < PROPOSAL_MAX; i++) { - /* kex algorithm taken care of so start with i=1 and not 0 */ - free(packet_get_string(&len)); - } - i = packet_get_char(); /* first_kex_packet_follows */ - if (i && (c = strchr(kexlist, ','))) - *c = 0; - if (i && strcmp(kexlist, KEX_RESUME)) { - debug("server's kex guess (%s) was wrong, skipping", kexlist); - (void)packet_read(); /* Wrong guess - discard packet */ - } - - /* - * Read the ROAMING_AUTH_REQUIRED challenge from the server and - * send ROAMING_AUTH - */ - if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) { - debug("expected roaming_auth_required, got %d", type); - goto fail; - } - roaming_auth_required(); - - /* Read ROAMING_AUTH_OK from the server */ - if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) { - debug("expected roaming_auth_ok, got %d", type); - goto fail; - } - recv_bytes = packet_get_int64() ^ oldkey2; - debug("Peer received %llu bytes", (unsigned long long)recv_bytes); - resend_bytes(packet_get_connection_out(), &recv_bytes); - - resume_in_progress = 0; - - session_resumed = 1; /* Tell clientloop */ - - return 0; - -fail: - free(kexlist); - if (packet_get_connection_in() == packet_get_connection_out()) - close(packet_get_connection_in()); - else { - close(packet_get_connection_in()); - close(packet_get_connection_out()); - } - return 1; -} - -int -wait_for_roaming_reconnect(void) -{ - static int reenter_guard = 0; - int timeout_ms = options.connection_timeout * 1000; - int c; - - if (reenter_guard != 0) - fatal("Server refused resume, roaming timeout may be exceeded"); - reenter_guard = 1; - - fprintf(stderr, "[connection suspended, press return to resume]"); - fflush(stderr); - packet_backup_state(); - /* TODO Perhaps we should read from tty here */ - while ((c = fgetc(stdin)) != EOF) { - if (c == 'Z' - 64) { - kill(getpid(), SIGTSTP); - continue; - } - if (c != '\n' && c != '\r') - continue; - - if (ssh_connect(host, NULL, &hostaddr, options.port, - options.address_family, 1, &timeout_ms, - options.tcp_keep_alive, options.use_privileged_port) == 0 && - roaming_resume() == 0) { - packet_restore_state(); - reenter_guard = 0; - fprintf(stderr, "[connection resumed]\n"); - fflush(stderr); - return 0; - } - - fprintf(stderr, "[reconnect failed, press return to retry]"); - fflush(stderr); - } - fprintf(stderr, "[exiting]\n"); - fflush(stderr); - exit(0); -} diff --git a/roaming_common.c b/roaming_common.c deleted file mode 100644 index ea06460..0000000 --- a/roaming_common.c +++ /dev/null @@ -1,241 +0,0 @@ -/* $OpenBSD: roaming_common.c,v 1.13 2015/01/27 12:54:06 okan Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> - -#include <errno.h> -#include <stdarg.h> -#include <string.h> -#include <unistd.h> - -#include "atomicio.h" -#include "log.h" -#include "packet.h" -#include "xmalloc.h" -#include "cipher.h" -#include "buffer.h" -#include "roaming.h" -#include "digest.h" - -static size_t out_buf_size = 0; -static char *out_buf = NULL; -static size_t out_start; -static size_t out_last; - -static u_int64_t write_bytes = 0; -static u_int64_t read_bytes = 0; - -int roaming_enabled = 0; -int resume_in_progress = 0; - -int -get_snd_buf_size(void) -{ - int fd = packet_get_connection_out(); - int optval; - socklen_t optvallen = sizeof(optval); - - if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &optval, &optvallen) != 0) - optval = DEFAULT_ROAMBUF; - return optval; -} - -int -get_recv_buf_size(void) -{ - int fd = packet_get_connection_in(); - int optval; - socklen_t optvallen = sizeof(optval); - - if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &optval, &optvallen) != 0) - optval = DEFAULT_ROAMBUF; - return optval; -} - -void -set_out_buffer_size(size_t size) -{ - if (size == 0 || size > MAX_ROAMBUF) - fatal("%s: bad buffer size %lu", __func__, (u_long)size); - /* - * The buffer size can only be set once and the buffer will live - * as long as the session lives. - */ - if (out_buf == NULL) { - out_buf_size = size; - out_buf = xmalloc(size); - out_start = 0; - out_last = 0; - } -} - -u_int64_t -get_recv_bytes(void) -{ - return read_bytes; -} - -void -add_recv_bytes(u_int64_t num) -{ - read_bytes += num; -} - -u_int64_t -get_sent_bytes(void) -{ - return write_bytes; -} - -void -roam_set_bytes(u_int64_t sent, u_int64_t recvd) -{ - read_bytes = recvd; - write_bytes = sent; -} - -static void -buf_append(const char *buf, size_t count) -{ - if (count > out_buf_size) { - buf += count - out_buf_size; - count = out_buf_size; - } - if (count < out_buf_size - out_last) { - memcpy(out_buf + out_last, buf, count); - if (out_start > out_last) - out_start += count; - out_last += count; - } else { - /* data will wrap */ - size_t chunk = out_buf_size - out_last; - memcpy(out_buf + out_last, buf, chunk); - memcpy(out_buf, buf + chunk, count - chunk); - out_last = count - chunk; - out_start = out_last + 1; - } -} - -ssize_t -roaming_write(int fd, const void *buf, size_t count, int *cont) -{ - ssize_t ret; - - ret = write(fd, buf, count); - if (ret > 0 && !resume_in_progress) { - write_bytes += ret; - if (out_buf_size > 0) - buf_append(buf, ret); - } - if (out_buf_size > 0 && - (ret == 0 || (ret == -1 && errno == EPIPE))) { - if (wait_for_roaming_reconnect() != 0) { - ret = 0; - *cont = 1; - } else { - ret = -1; - errno = EAGAIN; - } - } - return ret; -} - -ssize_t -roaming_read(int fd, void *buf, size_t count, int *cont) -{ - ssize_t ret = read(fd, buf, count); - if (ret > 0) { - if (!resume_in_progress) { - read_bytes += ret; - } - } else if (out_buf_size > 0 && - (ret == 0 || (ret == -1 && (errno == ECONNRESET - || errno == ECONNABORTED || errno == ETIMEDOUT - || errno == EHOSTUNREACH)))) { - debug("roaming_read failed for %d ret=%ld errno=%d", - fd, (long)ret, errno); - ret = 0; - if (wait_for_roaming_reconnect() == 0) - *cont = 1; - } - return ret; -} - -size_t -roaming_atomicio(ssize_t(*f)(int, void*, size_t), int fd, void *buf, - size_t count) -{ - size_t ret = atomicio(f, fd, buf, count); - - if (f == vwrite && ret > 0 && !resume_in_progress) { - write_bytes += ret; - } else if (f == read && ret > 0 && !resume_in_progress) { - read_bytes += ret; - } - return ret; -} - -void -resend_bytes(int fd, u_int64_t *offset) -{ - size_t available, needed; - - if (out_start < out_last) - available = out_last - out_start; - else - available = out_buf_size; - needed = write_bytes - *offset; - debug3("resend_bytes: resend %lu bytes from %llu", - (unsigned long)needed, (unsigned long long)*offset); - if (needed > available) - fatal("Needed to resend more data than in the cache"); - if (out_last < needed) { - int chunkend = needed - out_last; - atomicio(vwrite, fd, out_buf + out_buf_size - chunkend, - chunkend); - atomicio(vwrite, fd, out_buf, out_last); - } else { - atomicio(vwrite, fd, out_buf + (out_last - needed), needed); - } -} - -/* - * Caclulate a new key after a reconnect - */ -void -calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) -{ - u_char hash[SSH_DIGEST_MAX_LENGTH]; - Buffer b; - - buffer_init(&b); - buffer_put_int64(&b, *key); - buffer_put_int64(&b, cookie); - buffer_put_int64(&b, challenge); - - if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, hash, sizeof(hash)) != 0) - fatal("%s: digest_buffer failed", __func__); - - buffer_clear(&b); - buffer_append(&b, hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); - *key = buffer_get_int64(&b); - buffer_free(&b); -} diff --git a/roaming_serv.c b/roaming_serv.c deleted file mode 100644 index 511ca84..0000000 --- a/roaming_serv.c +++ /dev/null @@ -1,31 +0,0 @@ -/* $OpenBSD: roaming_serv.c,v 1.1 2009/10/24 11:18:23 andreas Exp $ */ -/* - * Copyright (c) 2004-2009 AppGate Network Security AB - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include <sys/types.h> - -#include "roaming.h" - -/* - * Wait for the roaming client to reconnect. Returns 0 if a connect ocurred. - */ -int -wait_for_roaming_reconnect(void) -{ - return 1; -} diff --git a/runconfigure b/runconfigure deleted file mode 100644 index 2a5a15e..0000000 --- a/runconfigure +++ /dev/null @@ -1,4 +0,0 @@ -autoreconf -##./configure --build=i686-pc-mingw32 --host=i686-pc-mingw32 --with-ssl-dir=../openssl-1.0.2d --with-kerberos5 --with-zlib=../zlib-1.2.8 -./configure --build=i686-pc-mingw32 --host=i686-pc-mingw32 --with-ssl-dir=../openssl-1.0.2d --with-kerberos5 -cat config.h.tail >> config.h diff --git a/sandbox-pledge.c b/sandbox-pledge.c new file mode 100644 index 0000000..d28fc27 --- /dev/null +++ b/sandbox-pledge.c @@ -0,0 +1,77 @@ +/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */ +/* + * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef SANDBOX_PLEDGE + +#include <sys/types.h> +#include <sys/ioctl.h> +#include <sys/syscall.h> +#include <sys/socket.h> +#include <sys/wait.h> + +#include <errno.h> +#include <limits.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <pwd.h> + +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(struct monitor *m) +{ + struct ssh_sandbox *box; + + debug3("%s: preparing pledge sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + if (pledge("stdio", NULL) == -1) + fatal("%s: pledge()", __func__); +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); + debug3("%s: finished", __func__); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + box->child_pid = child_pid; + /* Nothing to do here */ +} + +#endif /* SANDBOX_PLEDGE */ diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 2462bcc..2e1ed2c 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -103,6 +103,12 @@ static const struct sock_filter preauth_insns[] = { offsetof(struct seccomp_data, nr)), /* Syscalls to non-fatally deny */ +#ifdef __NR_lstat + SC_DENY(lstat, EACCES), +#endif +#ifdef __NR_lstat64 + SC_DENY(lstat64, EACCES), +#endif #ifdef __NR_fstat SC_DENY(fstat, EACCES), #endif @@ -147,6 +153,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_getpid SC_ALLOW(getpid), #endif +#ifdef __NR_getrandom + SC_ALLOW(getrandom), +#endif #ifdef __NR_gettimeofday SC_ALLOW(gettimeofday), #endif diff --git a/sandbox-solaris.c b/sandbox-solaris.c new file mode 100644 index 0000000..343a010 --- /dev/null +++ b/sandbox-solaris.c @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2015 Joyent, Inc + * Author: Alex Wilson <alex.wilson@joyent.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include "includes.h" + +#ifdef SANDBOX_SOLARIS +#ifndef USE_SOLARIS_PRIVS +# error "--with-solaris-privs must be used with the Solaris sandbox" +#endif + +#include <sys/types.h> + +#include <errno.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#ifdef HAVE_PRIV_H +# include <priv.h> +#endif + +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +struct ssh_sandbox { + priv_set_t *pset; +}; + +struct ssh_sandbox * +ssh_sandbox_init(struct monitor *monitor) +{ + struct ssh_sandbox *box = NULL; + + box = xcalloc(1, sizeof(*box)); + + /* Start with "basic" and drop everything we don't need. */ + box->pset = solaris_basic_privset(); + + if (box->pset == NULL) { + free(box); + return NULL; + } + + /* Drop everything except the ability to use already-opened files */ + if (priv_delset(box->pset, PRIV_FILE_LINK_ANY) != 0 || +#ifdef PRIV_NET_ACCESS + priv_delset(box->pset, PRIV_NET_ACCESS) != 0 || +#endif + priv_delset(box->pset, PRIV_PROC_EXEC) != 0 || + priv_delset(box->pset, PRIV_PROC_FORK) != 0 || + priv_delset(box->pset, PRIV_PROC_INFO) != 0 || + priv_delset(box->pset, PRIV_PROC_SESSION) != 0) { + free(box); + return NULL; + } + + /* These may not be available on older Solaris-es */ +# if defined(PRIV_FILE_READ) && defined(PRIV_FILE_WRITE) + if (priv_delset(box->pset, PRIV_FILE_READ) != 0 || + priv_delset(box->pset, PRIV_FILE_WRITE) != 0) { + free(box); + return NULL; + } +# endif + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + if (setppriv(PRIV_SET, PRIV_PERMITTED, box->pset) != 0 || + setppriv(PRIV_SET, PRIV_LIMIT, box->pset) != 0 || + setppriv(PRIV_SET, PRIV_INHERITABLE, box->pset) != 0) + fatal("setppriv: %s", strerror(errno)); +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + priv_freeset(box->pset); + box->pset = NULL; + free(box); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + /* Nothing to do here */ +} + +#endif /* SANDBOX_SOLARIS */ diff --git a/sandbox-systrace.c b/sandbox-systrace.c index 3830ed1..b4d8d04 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sandbox-systrace.c,v 1.17 2015/07/27 16:29:23 guenther Exp $ */ +/* $OpenBSD: sandbox-systrace.c,v 1.18 2015/10/02 01:39:26 deraadt Exp $ */ /* * Copyright (c) 2011 Damien Miller <djm@mindrot.org> * @@ -50,9 +50,17 @@ struct sandbox_policy { /* Permitted syscalls in preauth. Unlisted syscalls get SYSTR_POLICY_KILL */ static const struct sandbox_policy preauth_policy[] = { - { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, - { SYS_close, SYSTR_POLICY_PERMIT }, { SYS_exit, SYSTR_POLICY_PERMIT }, +#ifdef SYS_kbind + { SYS_kbind, SYSTR_POLICY_PERMIT }, +#endif + + { SYS_getpid, SYSTR_POLICY_PERMIT }, + { SYS_getpgid, SYSTR_POLICY_PERMIT }, + { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, + { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, + { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, + #ifdef SYS_getentropy /* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */ { SYS_getentropy, SYSTR_POLICY_PERMIT }, @@ -60,27 +68,25 @@ static const struct sandbox_policy preauth_policy[] = { /* Previous releases used sysctl(3)'s kern.arnd variable. */ { SYS___sysctl, SYSTR_POLICY_PERMIT }, #endif - { SYS_getpid, SYSTR_POLICY_PERMIT }, - { SYS_getpgid, SYSTR_POLICY_PERMIT }, - { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, -#ifdef SYS_kbind - { SYS_kbind, SYSTR_POLICY_PERMIT }, +#ifdef SYS_sendsyslog + { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, #endif + { SYS_madvise, SYSTR_POLICY_PERMIT }, { SYS_mmap, SYSTR_POLICY_PERMIT }, { SYS_mprotect, SYSTR_POLICY_PERMIT }, { SYS_mquery, SYSTR_POLICY_PERMIT }, { SYS_munmap, SYSTR_POLICY_PERMIT }, - { SYS_open, SYSTR_POLICY_NEVER }, + { SYS_poll, SYSTR_POLICY_PERMIT }, - { SYS_read, SYSTR_POLICY_PERMIT }, { SYS_select, SYSTR_POLICY_PERMIT }, -#ifdef SYS_sendsyslog - { SYS_sendsyslog, SYSTR_POLICY_PERMIT }, -#endif - { SYS_shutdown, SYSTR_POLICY_PERMIT }, - { SYS_sigprocmask, SYSTR_POLICY_PERMIT }, + { SYS_read, SYSTR_POLICY_PERMIT }, { SYS_write, SYSTR_POLICY_PERMIT }, + { SYS_shutdown, SYSTR_POLICY_PERMIT }, + { SYS_close, SYSTR_POLICY_PERMIT }, + + { SYS_open, SYSTR_POLICY_NEVER }, + { -1, -1 } }; diff --git a/scard/.cvsignore b/scard/.cvsignore deleted file mode 100644 index 5349d34..0000000 --- a/scard/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile -Ssh.bin diff --git a/schnorr.c b/schnorr.c deleted file mode 100644 index 4d54d68..0000000 --- a/schnorr.c +++ /dev/null @@ -1,675 +0,0 @@ -/* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */ -/* - * Copyright (c) 2008 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Implementation of Schnorr signatures / zero-knowledge proofs, based on - * description in: - * - * F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", - * 16th Workshop on Security Protocols, Cambridge, April 2008 - * - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - */ - -#include "includes.h" - -#include <sys/types.h> - -#include <string.h> -#include <stdarg.h> -#include <stdio.h> - -#include <openssl/evp.h> -#include <openssl/bn.h> - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" - -#include "schnorr.h" - -#include "openbsd-compat/openssl-compat.h" - -/* #define SCHNORR_DEBUG */ /* Privacy-violating debugging */ -/* #define SCHNORR_MAIN */ /* Include main() selftest */ - -#ifndef SCHNORR_DEBUG -# define SCHNORR_DEBUG_BN(a) -# define SCHNORR_DEBUG_BUF(a) -#else -# define SCHNORR_DEBUG_BN(a) debug3_bn a -# define SCHNORR_DEBUG_BUF(a) debug3_buf a -#endif /* SCHNORR_DEBUG */ - -/* - * Calculate hash component of Schnorr signature H(g || g^v || g^x || id) - * using the hash function defined by "evp_md". Returns signature as - * bignum or NULL on error. - */ -static BIGNUM * -schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g, - const EVP_MD *evp_md, const BIGNUM *g_v, const BIGNUM *g_x, - const u_char *id, u_int idlen) -{ - u_char *digest; - u_int digest_len; - BIGNUM *h; - Buffer b; - int success = -1; - - if ((h = BN_new()) == NULL) { - error("%s: BN_new", __func__); - return NULL; - } - - buffer_init(&b); - - /* h = H(g || p || q || g^v || g^x || id) */ - buffer_put_bignum2(&b, g); - buffer_put_bignum2(&b, p); - buffer_put_bignum2(&b, q); - buffer_put_bignum2(&b, g_v); - buffer_put_bignum2(&b, g_x); - buffer_put_string(&b, id, idlen); - - SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b), - "%s: hashblob", __func__)); - if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_md, - &digest, &digest_len) != 0) { - error("%s: hash_buffer", __func__); - goto out; - } - if (BN_bin2bn(digest, (int)digest_len, h) == NULL) { - error("%s: BN_bin2bn", __func__); - goto out; - } - success = 0; - SCHNORR_DEBUG_BN((h, "%s: h = ", __func__)); - out: - buffer_free(&b); - bzero(digest, digest_len); - xfree(digest); - digest_len = 0; - if (success == 0) - return h; - BN_clear_free(h); - return NULL; -} - -/* - * Generate Schnorr signature to prove knowledge of private value 'x' used - * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g' - * using the hash function "evp_md". - * 'idlen' bytes from 'id' will be included in the signature hash as an anti- - * replay salt. - * - * On success, 0 is returned. The signature values are returned as *e_p - * (g^v mod p) and *r_p (v - xh mod q). The caller must free these values. - * On failure, -1 is returned. - */ -int -schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x, - const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p) -{ - int success = -1; - BIGNUM *h, *tmp, *v, *g_v, *r; - BN_CTX *bn_ctx; - - SCHNORR_DEBUG_BN((x, "%s: x = ", __func__)); - SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__)); - - /* Avoid degenerate cases: g^0 yields a spoofable signature */ - if (BN_cmp(g_x, BN_value_one()) <= 0) { - error("%s: g_x < 1", __func__); - return -1; - } - if (BN_cmp(g_x, grp_p) >= 0) { - error("%s: g_x > g", __func__); - return -1; - } - - h = g_v = r = tmp = v = NULL; - if ((bn_ctx = BN_CTX_new()) == NULL) { - error("%s: BN_CTX_new", __func__); - goto out; - } - if ((g_v = BN_new()) == NULL || - (r = BN_new()) == NULL || - (tmp = BN_new()) == NULL) { - error("%s: BN_new", __func__); - goto out; - } - - /* - * v must be a random element of Zq, so 1 <= v < q - * we also exclude v = 1, since g^1 looks dangerous - */ - if ((v = bn_rand_range_gt_one(grp_p)) == NULL) { - error("%s: bn_rand_range2", __func__); - goto out; - } - SCHNORR_DEBUG_BN((v, "%s: v = ", __func__)); - - /* g_v = g^v mod p */ - if (BN_mod_exp(g_v, grp_g, v, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g^v mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_v, "%s: g_v = ", __func__)); - - /* h = H(g || g^v || g^x || id) */ - if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, g_v, g_x, - id, idlen)) == NULL) { - error("%s: schnorr_hash failed", __func__); - goto out; - } - - /* r = v - xh mod q */ - if (BN_mod_mul(tmp, x, h, grp_q, bn_ctx) == -1) { - error("%s: BN_mod_mul (tmp = xv mod q)", __func__); - goto out; - } - if (BN_mod_sub(r, v, tmp, grp_q, bn_ctx) == -1) { - error("%s: BN_mod_mul (r = v - tmp)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_v, "%s: e = ", __func__)); - SCHNORR_DEBUG_BN((r, "%s: r = ", __func__)); - - *e_p = g_v; - *r_p = r; - - success = 0; - out: - BN_CTX_free(bn_ctx); - if (h != NULL) - BN_clear_free(h); - if (v != NULL) - BN_clear_free(v); - BN_clear_free(tmp); - - return success; -} - -/* - * Generate Schnorr signature to prove knowledge of private value 'x' used - * in public exponent g^x, under group defined by 'grp_p', 'grp_q' and 'grp_g' - * using a SHA256 hash. - * 'idlen' bytes from 'id' will be included in the signature hash as an anti- - * replay salt. - * On success, 0 is returned and *siglen bytes of signature are returned in - * *sig (caller to free). Returns -1 on failure. - */ -int -schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen, - u_char **sig, u_int *siglen) -{ - Buffer b; - BIGNUM *r, *e; - - if (schnorr_sign(grp_p, grp_q, grp_g, EVP_sha256(), - x, g_x, id, idlen, &r, &e) != 0) - return -1; - - /* Signature is (e, r) */ - buffer_init(&b); - /* XXX sigtype-hash as string? */ - buffer_put_bignum2(&b, e); - buffer_put_bignum2(&b, r); - *siglen = buffer_len(&b); - *sig = xmalloc(*siglen); - memcpy(*sig, buffer_ptr(&b), *siglen); - SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b), - "%s: sigblob", __func__)); - buffer_free(&b); - - BN_clear_free(r); - BN_clear_free(e); - - return 0; -} - -/* - * Verify Schnorr signature { r (v - xh mod q), e (g^v mod p) } against - * public exponent g_x (g^x) under group defined by 'grp_p', 'grp_q' and - * 'grp_g' using hash "evp_md". - * Signature hash will be salted with 'idlen' bytes from 'id'. - * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature. - */ -int -schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen, - const BIGNUM *r, const BIGNUM *e) -{ - int success = -1; - BIGNUM *h = NULL, *g_xh = NULL, *g_r = NULL, *gx_q = NULL; - BIGNUM *expected = NULL; - BN_CTX *bn_ctx; - - SCHNORR_DEBUG_BN((g_x, "%s: g_x = ", __func__)); - - /* Avoid degenerate cases: g^0 yields a spoofable signature */ - if (BN_cmp(g_x, BN_value_one()) <= 0) { - error("%s: g_x <= 1", __func__); - return -1; - } - if (BN_cmp(g_x, grp_p) >= 0) { - error("%s: g_x >= p", __func__); - return -1; - } - - h = g_xh = g_r = expected = NULL; - if ((bn_ctx = BN_CTX_new()) == NULL) { - error("%s: BN_CTX_new", __func__); - goto out; - } - if ((g_xh = BN_new()) == NULL || - (g_r = BN_new()) == NULL || - (gx_q = BN_new()) == NULL || - (expected = BN_new()) == NULL) { - error("%s: BN_new", __func__); - goto out; - } - - SCHNORR_DEBUG_BN((e, "%s: e = ", __func__)); - SCHNORR_DEBUG_BN((r, "%s: r = ", __func__)); - - /* gx_q = (g^x)^q must === 1 mod p */ - if (BN_mod_exp(gx_q, g_x, grp_q, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g_x^q mod p)", __func__); - goto out; - } - if (BN_cmp(gx_q, BN_value_one()) != 0) { - error("%s: Invalid signature (g^x)^q != 1 mod p", __func__); - goto out; - } - - SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__)); - /* h = H(g || g^v || g^x || id) */ - if ((h = schnorr_hash(grp_p, grp_q, grp_g, evp_md, e, g_x, - id, idlen)) == NULL) { - error("%s: schnorr_hash failed", __func__); - goto out; - } - - /* g_xh = (g^x)^h */ - if (BN_mod_exp(g_xh, g_x, h, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g_x^h mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_xh, "%s: g_xh = ", __func__)); - - /* g_r = g^r */ - if (BN_mod_exp(g_r, grp_g, r, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_exp (g_x^h mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((g_r, "%s: g_r = ", __func__)); - - /* expected = g^r * g_xh */ - if (BN_mod_mul(expected, g_r, g_xh, grp_p, bn_ctx) == -1) { - error("%s: BN_mod_mul (expected = g_r mod p)", __func__); - goto out; - } - SCHNORR_DEBUG_BN((expected, "%s: expected = ", __func__)); - - /* Check e == expected */ - success = BN_cmp(expected, e) == 0; - out: - BN_CTX_free(bn_ctx); - if (h != NULL) - BN_clear_free(h); - if (gx_q != NULL) - BN_clear_free(gx_q); - if (g_xh != NULL) - BN_clear_free(g_xh); - if (g_r != NULL) - BN_clear_free(g_r); - if (expected != NULL) - BN_clear_free(expected); - return success; -} - -/* - * Verify Schnorr signature 'sig' of length 'siglen' against public exponent - * g_x (g^x) under group defined by 'grp_p', 'grp_q' and 'grp_g' using a - * SHA256 hash. - * Signature hash will be salted with 'idlen' bytes from 'id'. - * Returns -1 on failure, 0 on incorrect signature or 1 on matching signature. - */ -int -schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, - const BIGNUM *grp_g, - const BIGNUM *g_x, const u_char *id, u_int idlen, - const u_char *sig, u_int siglen) -{ - Buffer b; - int ret = -1; - u_int rlen; - BIGNUM *r, *e; - - e = r = NULL; - if ((e = BN_new()) == NULL || - (r = BN_new()) == NULL) { - error("%s: BN_new", __func__); - goto out; - } - - /* Extract g^v and r from signature blob */ - buffer_init(&b); - buffer_append(&b, sig, siglen); - SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b), - "%s: sigblob", __func__)); - buffer_get_bignum2(&b, e); - buffer_get_bignum2(&b, r); - rlen = buffer_len(&b); - buffer_free(&b); - if (rlen != 0) { - error("%s: remaining bytes in signature %d", __func__, rlen); - goto out; - } - - ret = schnorr_verify(grp_p, grp_q, grp_g, EVP_sha256(), - g_x, id, idlen, r, e); - out: - BN_clear_free(e); - BN_clear_free(r); - - return ret; -} - -/* Helper functions */ - -/* - * Generate uniformly distributed random number in range (1, high). - * Return number on success, NULL on failure. - */ -BIGNUM * -bn_rand_range_gt_one(const BIGNUM *high) -{ - BIGNUM *r, *tmp; - int success = -1; - - if ((tmp = BN_new()) == NULL) { - error("%s: BN_new", __func__); - return NULL; - } - if ((r = BN_new()) == NULL) { - error("%s: BN_new failed", __func__); - goto out; - } - if (BN_set_word(tmp, 2) != 1) { - error("%s: BN_set_word(tmp, 2)", __func__); - goto out; - } - if (BN_sub(tmp, high, tmp) == -1) { - error("%s: BN_sub failed (tmp = high - 2)", __func__); - goto out; - } - if (BN_rand_range(r, tmp) == -1) { - error("%s: BN_rand_range failed", __func__); - goto out; - } - if (BN_set_word(tmp, 2) != 1) { - error("%s: BN_set_word(tmp, 2)", __func__); - goto out; - } - if (BN_add(r, r, tmp) == -1) { - error("%s: BN_add failed (r = r + 2)", __func__); - goto out; - } - success = 0; - out: - BN_clear_free(tmp); - if (success == 0) - return r; - BN_clear_free(r); - return NULL; -} - -/* - * Hash contents of buffer 'b' with hash 'md'. Returns 0 on success, - * with digest via 'digestp' (caller to free) and length via 'lenp'. - * Returns -1 on failure. - */ -int -hash_buffer(const u_char *buf, u_int len, const EVP_MD *md, - u_char **digestp, u_int *lenp) -{ - u_char digest[EVP_MAX_MD_SIZE]; - u_int digest_len; - EVP_MD_CTX evp_md_ctx; - int success = -1; - - EVP_MD_CTX_init(&evp_md_ctx); - - if (EVP_DigestInit_ex(&evp_md_ctx, md, NULL) != 1) { - error("%s: EVP_DigestInit_ex", __func__); - goto out; - } - if (EVP_DigestUpdate(&evp_md_ctx, buf, len) != 1) { - error("%s: EVP_DigestUpdate", __func__); - goto out; - } - if (EVP_DigestFinal_ex(&evp_md_ctx, digest, &digest_len) != 1) { - error("%s: EVP_DigestFinal_ex", __func__); - goto out; - } - *digestp = xmalloc(digest_len); - *lenp = digest_len; - memcpy(*digestp, digest, *lenp); - success = 0; - out: - EVP_MD_CTX_cleanup(&evp_md_ctx); - bzero(digest, sizeof(digest)); - digest_len = 0; - return success; -} - -/* print formatted string followed by bignum */ -void -debug3_bn(const BIGNUM *n, const char *fmt, ...) -{ - char *out, *h; - va_list args; - - out = NULL; - va_start(args, fmt); - vasprintf(&out, fmt, args); - va_end(args); - if (out == NULL) - fatal("%s: vasprintf failed", __func__); - - if (n == NULL) - debug3("%s(null)", out); - else { - h = BN_bn2hex(n); - debug3("%s0x%s", out, h); - free(h); - } - free(out); -} - -/* print formatted string followed by buffer contents in hex */ -void -debug3_buf(const u_char *buf, u_int len, const char *fmt, ...) -{ - char *out, h[65]; - u_int i, j; - va_list args; - - out = NULL; - va_start(args, fmt); - vasprintf(&out, fmt, args); - va_end(args); - if (out == NULL) - fatal("%s: vasprintf failed", __func__); - - debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : ""); - free(out); - if (buf == NULL) - return; - - *h = '\0'; - for (i = j = 0; i < len; i++) { - snprintf(h + j, sizeof(h) - j, "%02x", buf[i]); - j += 2; - if (j >= sizeof(h) - 1 || i == len - 1) { - debug3(" %s", h); - *h = '\0'; - j = 0; - } - } -} - -/* - * Construct a MODP group from hex strings p (which must be a safe - * prime) and g, automatically calculating subgroup q as (p / 2) - */ -struct modp_group * -modp_group_from_g_and_safe_p(const char *grp_g, const char *grp_p) -{ - struct modp_group *ret; - - ret = xmalloc(sizeof(*ret)); - ret->p = ret->q = ret->g = NULL; - if (BN_hex2bn(&ret->p, grp_p) == 0 || - BN_hex2bn(&ret->g, grp_g) == 0) - fatal("%s: BN_hex2bn", __func__); - /* Subgroup order is p/2 (p is a safe prime) */ - if ((ret->q = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - if (BN_rshift1(ret->q, ret->p) != 1) - fatal("%s: BN_rshift1", __func__); - - return ret; -} - -void -modp_group_free(struct modp_group *grp) -{ - if (grp->g != NULL) - BN_clear_free(grp->g); - if (grp->p != NULL) - BN_clear_free(grp->p); - if (grp->q != NULL) - BN_clear_free(grp->q); - bzero(grp, sizeof(*grp)); - xfree(grp); -} - -/* main() function for self-test */ - -#ifdef SCHNORR_MAIN -static void -schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q, - const BIGNUM *grp_g, const BIGNUM *x) -{ - BIGNUM *g_x; - u_char *sig; - u_int siglen; - BN_CTX *bn_ctx; - - if ((bn_ctx = BN_CTX_new()) == NULL) - fatal("%s: BN_CTX_new", __func__); - if ((g_x = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - - if (BN_mod_exp(g_x, grp_g, x, grp_p, bn_ctx) == -1) - fatal("%s: g_x", __func__); - if (schnorr_sign_buf(grp_p, grp_q, grp_g, x, g_x, "junk", 4, - &sig, &siglen)) - fatal("%s: schnorr_sign", __func__); - if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, - sig, siglen) != 1) - fatal("%s: verify fail", __func__); - if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "JUNK", 4, - sig, siglen) != 0) - fatal("%s: verify should have failed (bad ID)", __func__); - sig[4] ^= 1; - if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, - sig, siglen) != 0) - fatal("%s: verify should have failed (bit error)", __func__); - xfree(sig); - BN_free(g_x); - BN_CTX_free(bn_ctx); -} - -static void -schnorr_selftest(void) -{ - BIGNUM *x; - struct modp_group *grp; - u_int i; - char *hh; - - grp = jpake_default_group(); - if ((x = BN_new()) == NULL) - fatal("%s: BN_new", __func__); - SCHNORR_DEBUG_BN((grp->p, "%s: grp->p = ", __func__)); - SCHNORR_DEBUG_BN((grp->q, "%s: grp->q = ", __func__)); - SCHNORR_DEBUG_BN((grp->g, "%s: grp->g = ", __func__)); - - /* [1, 20) */ - for (i = 1; i < 20; i++) { - printf("x = %u\n", i); - fflush(stdout); - if (BN_set_word(x, i) != 1) - fatal("%s: set x word", __func__); - schnorr_selftest_one(grp->p, grp->q, grp->g, x); - } - - /* 100 x random [0, p) */ - for (i = 0; i < 100; i++) { - if (BN_rand_range(x, grp->p) != 1) - fatal("%s: BN_rand_range", __func__); - hh = BN_bn2hex(x); - printf("x = (random) 0x%s\n", hh); - free(hh); - fflush(stdout); - schnorr_selftest_one(grp->p, grp->q, grp->g, x); - } - - /* [q-20, q) */ - if (BN_set_word(x, 20) != 1) - fatal("%s: BN_set_word (x = 20)", __func__); - if (BN_sub(x, grp->q, x) != 1) - fatal("%s: BN_sub (q - x)", __func__); - for (i = 0; i < 19; i++) { - hh = BN_bn2hex(x); - printf("x = (q - %d) 0x%s\n", 20 - i, hh); - free(hh); - fflush(stdout); - schnorr_selftest_one(grp->p, grp->q, grp->g, x); - if (BN_add(x, x, BN_value_one()) != 1) - fatal("%s: BN_add (x + 1)", __func__); - } - BN_free(x); -} - -int -main(int argc, char **argv) -{ - log_init(argv[0], SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_USER, 1); - - schnorr_selftest(); - return 0; -} -#endif - diff --git a/schnorr.h b/schnorr.h deleted file mode 100644 index 9730b47..0000000 --- a/schnorr.h +++ /dev/null @@ -1,60 +0,0 @@ -/* $OpenBSD: schnorr.h,v 1.1 2009/03/05 07:18:19 djm Exp $ */ -/* - * Copyright (c) 2009 Damien Miller. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef SCHNORR_H -#define SCHNORR_H - -#include <sys/types.h> - -#include <openssl/bn.h> - -struct modp_group { - BIGNUM *p, *q, *g; -}; - -BIGNUM *bn_rand_range_gt_one(const BIGNUM *high); -int hash_buffer(const u_char *, u_int, const EVP_MD *, u_char **, u_int *); -void debug3_bn(const BIGNUM *, const char *, ...) - __attribute__((__nonnull__ (2))) - __attribute__((format(printf, 2, 3))); -void debug3_buf(const u_char *, u_int, const char *, ...) - __attribute__((__nonnull__ (3))) - __attribute__((format(printf, 3, 4))); -struct modp_group *modp_group_from_g_and_safe_p(const char *, const char *); -void modp_group_free(struct modp_group *); - -/* Signature and verification functions */ -int -schnorr_sign(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *x, const BIGNUM *g_x, - const u_char *id, u_int idlen, BIGNUM **r_p, BIGNUM **e_p); -int -schnorr_sign_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const BIGNUM *x, const BIGNUM *g_x, const u_char *id, u_int idlen, - u_char **sig, u_int *siglen); -int -schnorr_verify(const BIGNUM *grp_p, const BIGNUM *grp_q, const BIGNUM *grp_g, - const EVP_MD *evp_md, const BIGNUM *g_x, const u_char *id, u_int idlen, - const BIGNUM *r, const BIGNUM *e); -int -schnorr_verify_buf(const BIGNUM *grp_p, const BIGNUM *grp_q, - const BIGNUM *grp_g, - const BIGNUM *g_x, const u_char *id, u_int idlen, - const u_char *sig, u_int siglen); - -#endif /* JPAKE_H */ - diff --git a/scp.0 b/scp.0 deleted file mode 100644 index 8f41f61..0000000 --- a/scp.0 +++ /dev/null @@ -1,165 +0,0 @@ -SCP(1) General Commands Manual SCP(1) - -NAME - scp M-bM-^@M-^S secure copy (remote file copy program) - -SYNOPSIS - scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] - [-l limit] [-o ssh_option] [-P port] [-S program] - [[user@]host1:]file1 ... [[user@]host2:]file2 - -DESCRIPTION - scp copies files between hosts on a network. It uses ssh(1) for data - transfer, and uses the same authentication and provides the same security - as ssh(1). scp will ask for passwords or passphrases if they are needed - for authentication. - - File names may contain a user and host specification to indicate that the - file is to be copied to/from that host. Local file names can be made - explicit using absolute or relative pathnames to avoid scp treating file - names containing M-bM-^@M-^X:M-bM-^@M-^Y as host specifiers. Copies between two remote hosts - are also permitted. - - The options are as follows: - - -1 Forces scp to use protocol 1. - - -2 Forces scp to use protocol 2. - - -3 Copies between two remote hosts are transferred through the local - host. Without this option the data is copied directly between - the two remote hosts. Note that this option disables the - progress meter. - - -4 Forces scp to use IPv4 addresses only. - - -6 Forces scp to use IPv6 addresses only. - - -B Selects batch mode (prevents asking for passwords or - passphrases). - - -C Compression enable. Passes the -C flag to ssh(1) to enable - compression. - - -c cipher - Selects the cipher to use for encrypting the data transfer. This - option is directly passed to ssh(1). - - -F ssh_config - Specifies an alternative per-user configuration file for ssh. - This option is directly passed to ssh(1). - - -i identity_file - Selects the file from which the identity (private key) for public - key authentication is read. This option is directly passed to - ssh(1). - - -l limit - Limits the used bandwidth, specified in Kbit/s. - - -o ssh_option - Can be used to pass options to ssh in the format used in - ssh_config(5). This is useful for specifying options for which - there is no separate scp command-line flag. For full details of - the options listed below, and their possible values, see - ssh_config(5). - - AddressFamily - BatchMode - BindAddress - CanonicalDomains - CanonicalizeFallbackLocal - CanonicalizeHostname - CanonicalizeMaxDots - CanonicalizePermittedCNAMEs - ChallengeResponseAuthentication - CheckHostIP - Cipher - Ciphers - Compression - CompressionLevel - ConnectionAttempts - ConnectTimeout - ControlMaster - ControlPath - ControlPersist - GlobalKnownHostsFile - GSSAPIAuthentication - GSSAPIDelegateCredentials - HashKnownHosts - Host - HostbasedAuthentication - HostbasedKeyTypes - HostKeyAlgorithms - HostKeyAlias - HostName - IdentityFile - IdentitiesOnly - IPQoS - KbdInteractiveAuthentication - KbdInteractiveDevices - KexAlgorithms - LogLevel - MACs - NoHostAuthenticationForLocalhost - NumberOfPasswordPrompts - PasswordAuthentication - PKCS11Provider - Port - PreferredAuthentications - Protocol - ProxyCommand - PubkeyAcceptedKeyTypes - PubkeyAuthentication - RekeyLimit - RhostsRSAAuthentication - RSAAuthentication - SendEnv - ServerAliveInterval - ServerAliveCountMax - StrictHostKeyChecking - TCPKeepAlive - UpdateHostKeys - UsePrivilegedPort - User - UserKnownHostsFile - VerifyHostKeyDNS - - -P port - Specifies the port to connect to on the remote host. Note that - this option is written with a capital M-bM-^@M-^XPM-bM-^@M-^Y, because -p is already - reserved for preserving the times and modes of the file. - - -p Preserves modification times, access times, and modes from the - original file. - - -q Quiet mode: disables the progress meter as well as warning and - diagnostic messages from ssh(1). - - -r Recursively copy entire directories. Note that scp follows - symbolic links encountered in the tree traversal. - - -S program - Name of program to use for the encrypted connection. The program - must understand ssh(1) options. - - -v Verbose mode. Causes scp and ssh(1) to print debugging messages - about their progress. This is helpful in debugging connection, - authentication, and configuration problems. - -EXIT STATUS - The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs. - -SEE ALSO - sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), - sshd(8) - -HISTORY - scp is based on the rcp program in BSD source code from the Regents of - the University of California. - -AUTHORS - Timo Rinne <tri@iki.fi> - Tatu Ylonen <ylo@cs.hut.fi> - -OpenBSD 5.8 July 10, 2015 OpenBSD 5.8 diff --git a/scp.1 b/scp.1 index 279b0d7..4ae8777 100644 --- a/scp.1 +++ b/scp.1 @@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.67 2015/07/10 06:21:53 markus Exp $ +.\" $OpenBSD: scp.1,v 1.71 2016/07/16 06:57:55 jmc Exp $ .\" -.Dd $Mdocdate: July 10 2015 $ +.Dd $Mdocdate: July 16 2016 $ .Dt SCP 1 .Os .Sh NAME @@ -133,6 +133,7 @@ For full details of the options listed below, and their possible values, see .It CanonicalizeHostname .It CanonicalizeMaxDots .It CanonicalizePermittedCNAMEs +.It CertificateFile .It ChallengeResponseAuthentication .It CheckHostIP .It Cipher @@ -154,8 +155,9 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlgorithms .It HostKeyAlias .It HostName -.It IdentityFile .It IdentitiesOnly +.It IdentityAgent +.It IdentityFile .It IPQoS .It KbdInteractiveAuthentication .It KbdInteractiveDevices @@ -170,6 +172,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It Protocol .It ProxyCommand +.It ProxyJump .It PubkeyAcceptedKeyTypes .It PubkeyAuthentication .It RekeyLimit diff --git a/scp.c b/scp.c index 226a399..59cb396 100644 --- a/scp.c +++ b/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.182 2015/04/24 01:36:00 deraadt Exp $ */ +/* $OpenBSD: scp.c,v 1.186 2016/05/25 23:48:45 schwarze Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -73,14 +73,7 @@ #include "includes.h" -#ifndef WINDOWS #include <dirent.h> -#else -#include <io.h> -#include <fcntl.h> -#include <Shlwapi.h> -#include "win32_dirent.h" -#endif #include <sys/types.h> #include <sys/param.h> @@ -162,304 +155,31 @@ char *ssh_program = _PATH_SSH_PROGRAM; /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; - -#ifdef WINDOWS -typedef BOOL bool; -#define false FALSE -#define true TRUE - -#ifndef _SH_DENYNO -#define _SH_DENYNO 0x40 -#endif - -#define HAVE_UTIME_H - -#ifdef HAVE_UTIME_H -#include <sys/utime.h> -#if defined(_NEXT_SOURCE) && !defined(_POSIX_SOURCE) -struct utimbuf { - time_t actime; - time_t modtime; -}; -#endif /* _NEXT_SOURCE */ -#else -struct utimbuf -{ - long actime; - long modtime; -}; -#endif - -#ifndef _PATH_CP -#define _PATH_CP "copy" -//CHECK should we change in NT/2000 to copy ?? #define _PATH_CP "copy" -#endif - -#ifndef STDIN_FILENO -#define STDIN_FILENO 0 -#endif -#ifndef STDOUT_FILENO -#define STDOUT_FILENO 1 -#endif -#ifndef STDERR_FILENO -#define STDERR_FILENO 2 -#endif - - -/* This is set to non-zero to enable verbose mode. */ -int scpverbose = 0; - -#define SCP_STATISTICS_ENABLED -#define WITH_SCP_STATS -#define SCP_ALL_STATISTICS_ENABLED - -/* This is set to non-zero to enable statistics mode. */ -#ifdef SCP_STATISTICS_ENABLED -int statistics = 1; -#else /* SCP_STATISTICS_ENABLED */ -int statistics = 0; -#endif /* SCP_STATISTICS_ENABLED */ - -/* This is set to non-zero to enable printing statistics for each file */ -#ifdef SCP_ALL_STATISTICS_ENABLED -int all_statistics = 1; -#else /* SCP_ALL_STATISTICS_ENABLED */ -int all_statistics = 0; -#endif /* SCP_ALL_STATISTICS_ENABLED */ - -/* This is set to non-zero if compression is desired. */ -int compress = 0; - -/* This is set to non-zero if running in batch mode (that is, password - and passphrase queries are not allowed). */ -int batchmode = 0; - -/* This is to call ssh with argument -P (for using non-privileged - ports to get through some firewalls.) */ -int use_privileged_port = 1; - -/* This is set to the cipher type string if given on the command line. */ -char *cipher = NULL; - -/* This is set to the RSA authentication identity file name if given on - the command line. */ -char *identity = NULL; - -/* This is the port to use in contacting the remote site (is non-NULL). */ -char *port = NULL; - -/* This is set password if given on the command line. */ -char *password = NULL; - -/* This is set ssh_config if given on the command line. */ -char *ssh_config = NULL; - -int ipv_restrict = 0; - -#define ONLY_IPV4 1 -#define ONLY_IPV6 2 - -#ifdef WITH_SCP_STATS - -#define SOME_STATS_FILE stderr - -#define ssh_max(a,b) (((a) > (b)) ? (a) : (b)) - -/*unsigned long*/ u_int64_t statbytes = 0; -DWORD stat_starttimems = 0; -time_t stat_starttime = 0; -time_t stat_lasttime = 0; -double ratebs = 0.0; - -void stats_fixlen(int bytes); -//char *stat_eta(int secs); -char *stat_eta_new(int msecs); -#endif /* WITH_SCP_STATS */ - -/* Ssh options */ -char **ssh_options = NULL; -size_t ssh_options_cnt = 0; -size_t ssh_options_alloc = 0; - -// start: Windows specfic functions -#define S_ISDIR(x) (x & _S_IFDIR) - -static int g_RootMode = 0; -#define M_ADMIN 4 - -CHAR g_HomeDir[MAX_PATH]; -CHAR g_FSRoot[MAX_PATH]; -int isRootedPath = 0; // set to 1 if we prepend a home root - -int start_process_io(char *exename, char **argv, char **envv, - HANDLE StdInput, HANDLE StdOutput, HANDLE StdError, - unsigned long CreateFlags, PROCESS_INFORMATION *pi, - char *homedir, char *lpDesktop); - -#ifdef WINDOWS -struct passwd pw; -char username[128]; - -// InitForMicrosoftWindows() will initialize Unix like settings in Windows operating system. -int InitForMicrosoftWindows() -{ - int rc; - struct passwd *pwd; - - /* Get user\'s passwd structure. We need this for the home directory. */ - pwd = &pw ; - rc = sizeof(username); - if (GetUserName(username, (LPDWORD)&rc)) { - pwd->pw_name = username; - } - else { - return GetLastError(); - } - - return 0; -} - -#endif - -#define EMSG "" -#define BADCH (int)'~' - -int -sgetopt(int nargc, - char * const *nargv, - const char *ostr) -{ - static char *place = EMSG; /* option letter processing */ - register char *oli; /* option letter list index */ - char *p; - extern char *optarg; - extern int optind; - extern int optopt; - extern int opterr; - - if (!*place) - { /* update scanning pointer */ - if (optind >= nargc || (*(place = nargv[optind]) != '-')) - { - place = EMSG; - if (optind >= nargc ) - return(EOF); - else - return(BADCH); - } - if (place[1] && *++place == '-') - { /* found "--" */ - ++optind; - place = EMSG; - return(EOF); - } - } /* option letter okay? */ - if ((optopt = (int)*place++) == (int)':' || - !(oli = strchr((char *)ostr, optopt))) - { - /* - * if the user didn't specify '-' as an option, - * assume it means EOF. - */ - if ((optopt == (int)'-')) - return(EOF); - if (!*place) - ++optind; - if (opterr) - { - if (!(p = strrchr(*nargv, '/'))) - p = *nargv; - else - ++p; - (void)fprintf(stderr, "%s: illegal option -- %c\n", - p, optopt); - } - return(BADCH); - } - if (*++oli != ':') - { /* don't need argument */ - optarg = NULL; - if (!*place) - ++optind; - } - else - { /* need an argument */ - if (*place) /* no white space */ - optarg = place; - else if (nargc <= ++optind) - { /* no arg */ - place = EMSG; - if (!(p = strrchr(*nargv, '/'))) - p = *nargv; - else - ++p; - if (opterr) - (void)fprintf(stderr, - "%s: option requires an argument -- %c\n", - p, optopt); - return(BADCH); - } - else /* white space */ - optarg = nargv[optind]; - place = EMSG; - ++optind; - } - return(optopt); /* dump back option letter */ -} - -int _utimedir (char *name, struct _utimbuf *filetime) -{ - int rc, chandle; - HANDLE hFile; - - hFile = CreateFile( name, - GENERIC_WRITE, - FILE_SHARE_READ, - NULL, - OPEN_EXISTING, - FILE_FLAG_BACKUP_SEMANTICS, - NULL ); - if ( hFile != INVALID_HANDLE_VALUE ) { - chandle = _open_osfhandle ( (intptr_t)hFile, 0 ); - rc=_futime(chandle,filetime); // update access time to what we want - _close(chandle); - CloseHandle(hFile); - } - - return rc; -} - -// end of direntry functions -HANDLE hprocess=(HANDLE) 0; // we made it a global to stop child process(ssh) of scp -#else - -#endif - static void killchild(int signo) { - if (do_cmd_pid > 1) { - kill(do_cmd_pid, signo ? signo : SIGTERM); - waitpid(do_cmd_pid, NULL, 0); - } + if (do_cmd_pid > 1) { + kill(do_cmd_pid, signo ? signo : SIGTERM); + waitpid(do_cmd_pid, NULL, 0); + } - if (signo) - _exit(1); - exit(1); + if (signo) + _exit(1); + exit(1); } static void suspchild(int signo) { - int status; + int status; - if (do_cmd_pid > 1) { - kill(do_cmd_pid, signo); - while (waitpid(do_cmd_pid, &status, WUNTRACED) == -1 && - errno == EINTR) - ; - kill(getpid(), SIGSTOP); - } + if (do_cmd_pid > 1) { + kill(do_cmd_pid, signo); + while (waitpid(do_cmd_pid, &status, WUNTRACED) == -1 && + errno == EINTR) + ; + kill(getpid(), SIGSTOP); + } } static int @@ -579,195 +299,6 @@ error: int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) { -#ifdef WINDOWS - size_t i, j; - - HANDLE hSaveStdout, hSaveStdin ; - HANDLE hstdout[2], hstdin[2] ; - PROCESS_INFORMATION pi; - SECURITY_ATTRIBUTES sa ; /* simple */ - int rc; - HANDLE rfdfromssh, wfdtossh ; - char *args[256]; - - if (verbose_mode) - fprintf(stderr, "Executing: host %s, user %s, command %s\n", - host, remuser ? remuser : "(unspecified)", cmd); - - // Child code in Windows OS will be a new created process of ssh.exe. - // Child to execute the command on the remote host using ssh. - - i = 0; - args[i++] = ssh_program; - size_t len; - for(j = 0; j < ssh_options_cnt; j++) { - args[i++] = "-o"; - - //args[i++] = ssh_options[j]; - len = strlen(ssh_options[j])+3; - - args[i] = (char *) malloc(len); // add quotes - strcpy_s(args[i],len, "\""); - strcat_s(args[i],len, ssh_options[j]); - strcat_s(args[i],len, "\""); - i++ ; - - if (i > 250) - fatal("Too many -o options (total number of arguments is more than 256)"); - } - args[i++] = "-x"; - args[i++] = "-a"; - args[i++] = "\"-oFallBackToRsh no\""; // extra double quote needed for - // Windows platforms - //7/2/2001 args[i++] = "\"-oClearAllForwardings yes\""; - if (verbose_mode) - args[i++] = "-v"; - if (compress) - args[i++] = "-C"; - if (!use_privileged_port) - args[i++] = "-P"; - if (batchmode) - args[i++] = "\"-oBatchMode yes\""; - if (password != NULL) { - args[i++] = "-A"; - args[i++] = password; - } - if (cipher != NULL) { - args[i++] = "-c"; - args[i++] = cipher; - } - if (identity != NULL) { - args[i++] = "-i"; - args[i++] = identity; - } - if (port != NULL) { - args[i++] = "-p"; - args[i++] = port; - } - if (ssh_config) { - args[i++] = "-F"; - args[i++] = ssh_config; - } - if (remuser != NULL) { - args[i++] = "-l"; - args[i++] = remuser; - } - - if (ipv_restrict == ONLY_IPV4) - args[i++] = "-4"; - if (ipv_restrict == ONLY_IPV6) - args[i++] = "-6"; - - args[i++] = host; - args[i++] = cmd; - args[i++] = NULL; - - // Create a pair of pipes for communicating with ssh - // which we will spawn - // Do the plumbing so that child ssh process to be spawned has its - // standard input from the pout[0] and its standard output going to - // pin[1] - - sa.nLength = sizeof(SECURITY_ATTRIBUTES); - sa.bInheritHandle = TRUE ; /* pipe handles to be inherited */ - sa.lpSecurityDescriptor = NULL; - /* command processor output redirected to a nameless pipe */ - - rc = CreateOverlappedPipe( &hstdout[0], &hstdout[1], &sa, 0 ) ; - /* read from this fd to get data from ssh.exe*/ - - // make scp's pipe read handle not inheritable by ssh - rc = DuplicateHandle(GetCurrentProcess(), hstdout[0], - GetCurrentProcess(), (PHANDLE) &rfdfromssh, - 0, // this parm ignored if DUPLICATE_SAME_ACCESS below - FALSE, // not inherited - DUPLICATE_SAME_ACCESS); - CloseHandle(hstdout[0]); // this CloseHandle() is a crucial must do - hstdout[0] = rfdfromssh ; - - *fdin = _open_osfhandle((intptr_t)hstdout[0],0); - _setmode (*fdin, O_BINARY); // set this file handle for binary I/O - w32_allocate_fd_for_handle(hstdout[0], FALSE); - - rc = CreateOverlappedPipe( &hstdin[0], &hstdin[1], &sa, 0 ) ; - /* write to this fd to get data into ssh.exe*/ - - // make scp's pipe write handle not inheritable by ssh - rc = DuplicateHandle(GetCurrentProcess(), hstdin[1], - GetCurrentProcess(), (PHANDLE) &wfdtossh, - 0, // this parm ignored if DUPLICATE_SAME_ACCESS below - FALSE, // not inherited - DUPLICATE_SAME_ACCESS); - CloseHandle(hstdin[1]); // this CloseHandle() is a crucial must do - hstdin[1] = (HANDLE) wfdtossh ; - - *fdout = _open_osfhandle((intptr_t)hstdin[1],0); - _setmode (*fdout, O_BINARY); // set this file handle for binary I/O - w32_allocate_fd_for_handle(hstdin[1], FALSE); - - hSaveStdout = GetStdHandle(STD_OUTPUT_HANDLE); - //hSaveStderr = GetStdHandle(STD_ERROR_HANDLE); - hSaveStdin = GetStdHandle(STD_INPUT_HANDLE); - - // Set a write handle to the pipe to be STDOUT. - SetStdHandle(STD_OUTPUT_HANDLE, hstdout[1]); - // Set a write handle to the pipe to be STDERR. - //SetStdHandle(STD_ERROR_HANDLE, hstdout[1]); - // Set a input handle to the pipe to be STDIN. - SetStdHandle(STD_INPUT_HANDLE, hstdin[0]); - - // start the child process(ssh) - rc = start_process_io( - NULL, /* executable name with .ext found in argv[0] */ - &args[0], /* argv */ - NULL , - hstdin[0], /* std input for cmd.exe */ - hstdout[1], /* std output for cmd.exe */ - GetStdHandle(STD_ERROR_HANDLE), //hstdout[1], /* std error for cmd.exe */ - 0, // dwStartupFlags, - &pi, - NULL, /* current directory is default directory we set before */ - NULL - ); - - if (port) - free(port); - - if (cipher) - free(cipher); - - if (identity) - free(identity); - - if (ssh_config) - free(ssh_config); - - if (!rc) { - printf("%s could not be started\n", ssh_program); - exit(1); - } - else { - hprocess = pi.hProcess ; - } - - // After process creation, restore the saved STDOUT and STDERR. - SetStdHandle(STD_OUTPUT_HANDLE, hSaveStdout); - //SetStdHandle(STD_ERROR_HANDLE, hSaveStderr); - SetStdHandle(STD_INPUT_HANDLE, hSaveStdin); - - /* now close the pipe's side that the ssh.exe will use as write handle */ - CloseHandle(hstdout[1]) ; - /* now close the pipe's side that the ssh.exe will use as read handle */ - CloseHandle(hstdin[0]) ; - - // update passed variables with where other funstions should read and write - // from to get I/O from above child process over pipe. - - //*fdout = remout; - //*fdin = remin; - - return 0; -#else int pin[2], pout[2], reserved[2]; if (verbose_mode) @@ -798,7 +329,57 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) signal(SIGTTOU, suspchild); /* Fork a child to execute the command on the remote host using ssh. */ - do_cmd_pid = fork(); +#ifdef WINDOWS + replacearg(&args, 0, "%s", ssh_program); + if (remuser != NULL) { + addargs(&args, "-l"); + addargs(&args, "%s", remuser); + } + addargs(&args, "--"); + addargs(&args, "%s", host); + addargs(&args, "%s", cmd); + + { + PROCESS_INFORMATION pi = { 0 }; + STARTUPINFOW si = { 0 }; + char* buf = xmalloc(1024); + /* TODO - check that 1024 buffer size is sufficient for resulting cmdline */ + char* ptr = buf; + char** list = args.list; + *ptr = '\0'; + while (*list) { + memcpy(ptr, *list, strlen(*list)); + ptr += strlen(*list); + *ptr++ = ' '; + list++; + } + *--ptr = '\0'; + + fcntl(pout[0], F_SETFD, FD_CLOEXEC); + fcntl(pin[1], F_SETFD, FD_CLOEXEC); + + si.cb = sizeof(STARTUPINFOW); + si.hStdInput = sfd_to_handle(pin[0]); + si.hStdOutput = sfd_to_handle(pout[1]); + si.hStdError = GetStdHandle(STD_ERROR_HANDLE); + si.wShowWindow = SW_HIDE; + si.dwFlags = STARTF_USESTDHANDLES; + si.lpDesktop = NULL; + if (CreateProcessW(NULL, utf8_to_utf16(buf), NULL, NULL, TRUE, + NORMAL_PRIORITY_CLASS, NULL, + NULL, &si, &pi) == TRUE) { + do_cmd_pid = pi.dwProcessId; + CloseHandle(pi.hThread); + sw_add_child(pi.hProcess, pi.dwProcessId); + } + else + errno = GetLastError(); + } + + +#else + do_cmd_pid = fork(); +#endif if (do_cmd_pid == 0) { /* Child. */ close(pin[1]); @@ -832,7 +413,6 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) signal(SIGINT, killchild); signal(SIGHUP, killchild); return 0; -#endif } /* @@ -902,7 +482,6 @@ char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ int response(void); void rsource(char *, struct stat *); - void sink(int, char *[]); void source(int, char *[]); void tolocal(int, char *[]); @@ -918,21 +497,10 @@ main(int argc, char **argv) extern char *optarg; extern int optind; -#ifdef WINDOWS - /* - * Initialize I/O wrappers. - */ - - w32posix_initialize(); - /*scp is invoked on client side*/ - if (!(argc >= 2 && ( strcmp(argv[1], "-f" ) == 0 || strcmp(argv[1], "-t") == 0 ))) - ConInit(STD_OUTPUT_HANDLE, TRUE); -#endif - /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - setlocale(LC_CTYPE, ""); + setlocale(LC_CTYPE, ""); /* Copy argv, because we modify it */ newargv = xcalloc(MAX(argc + 1, 1), sizeof(*newargv)); @@ -958,65 +526,33 @@ main(int argc, char **argv) case '1': case '2': case '4': - ipv_restrict = ONLY_IPV4; - break; case '6': - ipv_restrict = ONLY_IPV6; - break; case 'C': addargs(&args, "-%c", ch); addargs(&remote_remote_args, "-%c", ch); - - compress = ch; - break; case '3': throughlocal = 1; break; case 'o': - addargs(&remote_remote_args, "-%c", ch); - addargs(&remote_remote_args, "%s", optarg); - addargs(&args, "-%c", ch); - addargs(&args, "%s", optarg); - break; - case 'c': - addargs(&remote_remote_args, "-%c", ch); - addargs(&remote_remote_args, "%s", optarg); - addargs(&args, "-%c", ch); - addargs(&args, "%s", optarg); - - cipher = xstrdup(optarg);; - break; + case 'c': case 'i': - addargs(&remote_remote_args, "-%c", ch); - addargs(&remote_remote_args, "%s", optarg); - addargs(&args, "-%c", ch); - addargs(&args, "%s", optarg); - - identity = xstrdup(optarg);; - break; - case 'F': + case 'F': addargs(&remote_remote_args, "-%c", ch); addargs(&remote_remote_args, "%s", optarg); addargs(&args, "-%c", ch); addargs(&args, "%s", optarg); - - ssh_config = xstrdup(optarg);; - break; + break; case 'P': addargs(&remote_remote_args, "-p"); addargs(&remote_remote_args, "%s", optarg); addargs(&args, "-p"); addargs(&args, "%s", optarg); - - port = xstrdup(optarg);; - break; + break; case 'B': addargs(&remote_remote_args, "\"-oBatchmode yes\""); addargs(&args, "\"-oBatchmode yes\""); - - batchmode = 1; - break; + break; case 'l': limit_kbps = strtonum(optarg, 1, 100 * 1024 * 1024, &errstr); @@ -1066,16 +602,22 @@ main(int argc, char **argv) argc -= optind; argv += optind; -#ifndef WINDOWS if ((pwd = getpwuid(userid = getuid())) == NULL) fatal("unknown user %u", (u_int) userid); -#else - InitForMicrosoftWindows(); // picks the username, user home dir -#endif if (!isatty(STDOUT_FILENO)) showprogress = 0; + if (pflag) { + /* Cannot pledge: -p allows setuid/setgid files... */ + } else { + if (pledge("stdio rpath wpath cpath fattr tty proc exec", + NULL) == -1) { + perror("pledge"); + exit(1); + } + } + remin = STDIN_FILENO; remout = STDOUT_FILENO; @@ -1086,7 +628,7 @@ main(int argc, char **argv) exit(errs != 0); } if (tflag) { - /* Receive data. */ + /* Receive data. */ sink(argc, argv); exit(errs != 0); } @@ -1103,9 +645,7 @@ main(int argc, char **argv) iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); - #ifndef WINDOWS (void) signal(SIGPIPE, lostconn); - #endif if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ toremote(targ, argc, argv); @@ -1118,7 +658,6 @@ main(int argc, char **argv) * Finally check the exit status of the ssh process, if one was forked * and no error has occurred yet */ -#ifndef WINDOWS if (do_cmd_pid != -1 && errs == 0) { if (remin != -1) (void) close(remin); @@ -1131,7 +670,6 @@ main(int argc, char **argv) errs = 1; } } -#endif exit(errs != 0); } @@ -1197,7 +735,7 @@ toremote(char *targ, int argc, char **argv) return; } - for (i = 0; i < argc - 1; i++) { + for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); if (src && throughlocal) { /* extended remote to remote */ *src++ = 0; @@ -1234,7 +772,7 @@ toremote(char *targ, int argc, char **argv) freeargs(&alist); addargs(&alist, "%s", ssh_program); addargs(&alist, "-x"); - addargs(&alist, "-\"oClearAllForwardings yes\""); + addargs(&alist, "-oClearAllForwardings=yes"); addargs(&alist, "-n"); for (j = 0; j < remote_remote_args.num; j++) { addargs(&alist, "%s", @@ -1346,7 +884,7 @@ source(int argc, char **argv) off_t i, statbytes; size_t amt, nr; int fd = -1, haderr, indx; - char *last, *lastf, *lastr, *name, buf[2048], encname[PATH_MAX]; + char *last, *name, buf[2048], encname[PATH_MAX]; int len; for (indx = 0; indx < argc; ++indx) { @@ -1384,15 +922,18 @@ syserr: run_err("%s: %s", name, strerror(errno)); goto next; } #ifdef WINDOWS - if ((lastf = strrchr(name, '/')) == NULL && (lastr = strrchr(name, '\\')) == NULL) - last = name; - else { - if (lastf) - last = lastf; - if (lastr) - last = lastr; - ++last; - } + { + char *lastf = NULL, *lastr = NULL; + if ((lastf = strrchr(name, '/')) == NULL && (lastr = strrchr(name, '\\')) == NULL) + last = name; + else { + if (lastf) + last = lastf; + if (lastr) + last = lastr; + ++last; + } + } #else if ((last = strrchr(name, '/')) == NULL) last = name; @@ -1456,8 +997,8 @@ next: if (fd != -1) { else run_err("%s: %s", name, strerror(haderr)); (void) response(); - if (showprogress) - stop_progress_meter(); + if (showprogress) + stop_progress_meter(); } } @@ -1536,7 +1077,7 @@ sink(int argc, char **argv) off_t size, statbytes; unsigned long long ull; int setimes, targisdir, wrerrno = 0; - char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; struct timeval tv[2]; #define atime tv[0] @@ -1582,9 +1123,12 @@ sink(int argc, char **argv) fmprintf(stderr, "Sink: %s", buf); #endif if (buf[0] == '\01' || buf[0] == '\02') { - if (iamremote == 0) + if (iamremote == 0) { + (void) snmprintf(visbuf, sizeof(visbuf), + NULL, "%s", buf + 1); (void) atomicio(vwrite, STDERR_FILENO, - buf + 1, strlen(buf + 1)); + visbuf, strlen(visbuf)); + } if (buf[0] == '\02') exit(1); ++errs; @@ -1798,8 +1342,8 @@ bad: run_err("%s: %s", np, strerror(errno)); wrerrno = errno; } (void) response(); - if (showprogress) - stop_progress_meter(); + if (showprogress) + stop_progress_meter(); if (setimes && wrerr == NO) { setimes = 0; if (utimes(np, tv) < 0) { @@ -1827,7 +1371,7 @@ screwup: int response(void) { - char ch, *cp, resp, rbuf[2048]; + char ch, *cp, resp, rbuf[2048], visbuf[2048]; if (atomicio(read, remin, &resp, sizeof(resp)) != sizeof(resp)) lostconn(0); @@ -1847,8 +1391,13 @@ response(void) *cp++ = ch; } while (cp < &rbuf[sizeof(rbuf) - 1] && ch != '\n'); - if (!iamremote) - (void) atomicio(vwrite, STDERR_FILENO, rbuf, cp - rbuf); + if (!iamremote) { + cp[-1] = '\0'; + (void) snmprintf(visbuf, sizeof(visbuf), + NULL, "%s\n", rbuf); + (void) atomicio(vwrite, STDERR_FILENO, + visbuf, strlen(visbuf)); + } ++errs; if (resp == 1) return (-1); @@ -1974,135 +1523,3 @@ lostconn(int signo) else exit(1); } - -#ifdef WITH_SCP_STATS -void stats_fixlen(int bwritten) -{ - char rest[80]; - int i = 0; - - while (bwritten++ < 77) - { - rest[i++] = ' '; - } - rest[i] = '\0'; - fputs(rest, SOME_STATS_FILE); - fflush(SOME_STATS_FILE); -} - -char *stat_eta_new(int msecs) -{ - static char stat_result[32]; - int hours = 0, mins = 0, secs = 0; - - hours = msecs / 3600000; - msecs %= 3600000; - mins = msecs / 60000; - msecs %= 60000; - secs = msecs / 1000; - msecs %= 1000; - - if (hours > 0) { - sprintf_s(stat_result, sizeof(stat_result),"%02d:%02d:%02d:%03d", hours, mins, secs, msecs); - } - else - sprintf_s(stat_result, sizeof(stat_result), "%02d:%02d:%03d", mins, secs, msecs); - - return(stat_result); -} - -char *stat_eta(int secs) -{ - static char stat_result[20]; - int hours, mins; - - hours = secs / 3600; - secs %= 3600; - mins = secs / 60; - secs %= 60; - - sprintf(stat_result, "%02d:%02d:%02d", hours, mins, secs); - return(stat_result); -} -#endif /* WITH_SCP_STATS */ - -#ifdef WINDOWS -/* start_process_io() -input parameters: - exename - name of executable - StdXXXX - the three stdin, stdout, stdout I/O handles. -*/ - -int start_process_io(char *exename, char **argv, char **envv, - HANDLE StdInput, HANDLE StdOutput, HANDLE StdError, - unsigned long CreateFlags, PROCESS_INFORMATION *pi, - char *homedir, char *lpDesktop) -{ - UNREFERENCED_PARAMETER(envv); - STARTUPINFOW sui; - DWORD ret; - char cmdbuf[2048]; - int ctr; - - /* set up the STARTUPINFO structure, - * then call CreateProcess to try and start the new exe. - */ - sui.cb = sizeof(STARTUPINFO); - sui.lpReserved = 0; - sui.lpDesktop = utf8_to_utf16(lpDesktop); - sui.lpTitle = NULL; /* NULL means use exe name as title */ - sui.dwX = 0; - sui.dwY = 0; - sui.dwXSize = 132; - sui.dwYSize = 60; - sui.dwXCountChars = 132; - sui.dwYCountChars = 60; - sui.dwFillAttribute = 0; - sui.dwFlags = STARTF_USESTDHANDLES | STARTF_USESIZE | STARTF_USECOUNTCHARS; // | STARTF_USESHOWWINDOW ; - sui.wShowWindow = 0; // FALSE ; - sui.cbReserved2 = 0; - sui.lpReserved2 = 0; - sui.hStdInput = (HANDLE)StdInput; - sui.hStdOutput = (HANDLE)StdOutput; - sui.hStdError = (HANDLE)StdError; - - ctr = 0; - cmdbuf[0] = '\0'; - if (argv[0][0] != '\0' && argv[0][1] != ':') { - strcat(cmdbuf, w32_programdir()); - strcat(cmdbuf, "\\"); - } - while (argv[ctr]) { - strcat_s(cmdbuf, sizeof(cmdbuf), argv[ctr]); - strcat_s(cmdbuf, sizeof(cmdbuf), " "); - ctr++; - } - - ret = CreateProcessW( - utf8_to_utf16(exename), // given in form like "d:\\util\\cmd.exe" - utf8_to_utf16(cmdbuf), /* in "arg0 arg1 arg2" form command line */ - NULL, /* process security */ - NULL, /* thread security */ - TRUE, /* inherit handles is YES */ - CreateFlags, - /* give new proc a new screen, suspend it for debugging also */ - NULL, /* in "E1=a0E2=b0E3=c00" form environment, - NULL means use parent's */ - utf8_to_utf16(homedir), /* Current Directory, NULL means use whats for parent */ - &sui, /* start up info */ - pi); /* process created info kept here */ - - if (ret == TRUE) { - //cprintf ( "Process created, pid=%d, threadid=%d\n",pi->dwProcessId, - // pi->dwThreadId ) ; - - return pi->dwProcessId; - - } - else { - /* report failure to the user. */ - return ret; - } -} -#endif - diff --git a/scripts/set-mingw32.sh b/scripts/set-mingw32.sh deleted file mode 100644 index 63803d2..0000000 --- a/scripts/set-mingw32.sh +++ /dev/null @@ -1,48 +0,0 @@ -rm addr2line ar as c++ c++filt cpp dlltool dllwrap elfedit g++ gcc-4.7.3 \ - gcc-ar gcc-nm gcc-ranlib gcc gcov gfortran gnat gnatbind gnatchop \ - gnatclean gnatfind gnatkr gnatlink gnatls gnatmake gnatname gnatprep \ - gnatxref gprof ld.bfd ld nm objcopy objdump ranlib readelf size strings \ - strip windmc windres - -ln i686-pc-mingw32-addr2line.exe addr2line -ln i686-pc-mingw32-ar.exe ar -ln i686-pc-mingw32-as.exe as -ln i686-pc-mingw32-c++.exe c++ -ln i686-pc-mingw32-c++filt.exe c++filt -ln i686-pc-mingw32-cpp.exe cpp -ln i686-pc-mingw32-dlltool.exe dlltool -ln i686-pc-mingw32-dllwrap.exe dllwrap -ln i686-pc-mingw32-elfedit.exe elfedit -ln i686-pc-mingw32-g++.exe g++ -ln i686-pc-mingw32-gcc-4.7.3.exe gcc-4.7.3 -ln i686-pc-mingw32-gcc-ar.exe gcc-ar -ln i686-pc-mingw32-gcc-nm.exe gcc-nm -ln i686-pc-mingw32-gcc-ranlib.exe gcc-ranlib -ln i686-pc-mingw32-gcc.exe gcc -ln i686-pc-mingw32-gcov.exe gcov -ln i686-pc-mingw32-gfortran.exe gfortran -ln i686-pc-mingw32-gnat.exe gnat -ln i686-pc-mingw32-gnatbind.exe gnatbind -ln i686-pc-mingw32-gnatchop.exe gnatchop -ln i686-pc-mingw32-gnatclean.exe gnatclean -ln i686-pc-mingw32-gnatfind.exe gnatfind -ln i686-pc-mingw32-gnatkr.exe gnatkr -ln i686-pc-mingw32-gnatlink.exe gnatlink -ln i686-pc-mingw32-gnatls.exe gnatls -ln i686-pc-mingw32-gnatmake.exe gnatmake -ln i686-pc-mingw32-gnatname.exe gnatname -ln i686-pc-mingw32-gnatprep.exe gnatprep -ln i686-pc-mingw32-gnatxref.exe gnatxref -ln i686-pc-mingw32-gprof.exe gprof -ln i686-pc-mingw32-ld.bfd.exe ld.bfd -ln i686-pc-mingw32-ld.exe ld -ln i686-pc-mingw32-nm.exe nm -ln i686-pc-mingw32-objcopy.exe objcopy -ln i686-pc-mingw32-objdump.exe objdump -ln i686-pc-mingw32-ranlib.exe ranlib -ln i686-pc-mingw32-readelf.exe readelf -ln i686-pc-mingw32-size.exe size -ln i686-pc-mingw32-strings.exe strings -ln i686-pc-mingw32-strip.exe strip -ln i686-pc-mingw32-windmc.exe windmc -ln i686-pc-mingw32-windres.exe windres diff --git a/scripts/set-mingw64.sh b/scripts/set-mingw64.sh deleted file mode 100644 index e2c6765..0000000 --- a/scripts/set-mingw64.sh +++ /dev/null @@ -1,48 +0,0 @@ -rm addr2line ar as c++ c++filt cpp dlltool dllwrap elfedit g++ gcc-4.7.3 \ - gcc-ar gcc-nm gcc-ranlib gcc gcov gfortran gnat gnatbind gnatchop \ - gnatclean gnatfind gnatkr gnatlink gnatls gnatmake gnatname gnatprep \ - gnatxref gprof ld.bfd ld nm objcopy objdump ranlib readelf size strings \ - strip windmc windres - -ln x86_64-w64-mingw32-addr2line.exe addr2line -ln x86_64-w64-mingw32-ar.exe ar -ln x86_64-w64-mingw32-as.exe as -ln x86_64-w64-mingw32-c++.exe c++ -ln x86_64-w64-mingw32-c++filt.exe c++filt -ln x86_64-w64-mingw32-cpp.exe cpp -ln x86_64-w64-mingw32-dlltool.exe dlltool -ln x86_64-w64-mingw32-dllwrap.exe dllwrap -ln x86_64-w64-mingw32-elfedit.exe elfedit -ln x86_64-w64-mingw32-g++.exe g++ -ln x86_64-w64-mingw32-gcc-4.9.2.exe gcc-4.7.3 -ln x86_64-w64-mingw32-gcc-ar.exe gcc-ar -ln x86_64-w64-mingw32-gcc-nm.exe gcc-nm -ln x86_64-w64-mingw32-gcc-ranlib.exe gcc-ranlib -ln x86_64-w64-mingw32-gcc.exe gcc -ln x86_64-w64-mingw32-gcov.exe gcov -ln x86_64-w64-mingw32-gfortran.exe gfortran -ln x86_64-w64-mingw32-gnat.exe gnat -ln x86_64-w64-mingw32-gnatbind.exe gnatbind -ln x86_64-w64-mingw32-gnatchop.exe gnatchop -ln x86_64-w64-mingw32-gnatclean.exe gnatclean -ln x86_64-w64-mingw32-gnatfind.exe gnatfind -ln x86_64-w64-mingw32-gnatkr.exe gnatkr -ln x86_64-w64-mingw32-gnatlink.exe gnatlink -ln x86_64-w64-mingw32-gnatls.exe gnatls -ln x86_64-w64-mingw32-gnatmake.exe gnatmake -ln x86_64-w64-mingw32-gnatname.exe gnatname -ln x86_64-w64-mingw32-gnatprep.exe gnatprep -ln x86_64-w64-mingw32-gnatxref.exe gnatxref -ln x86_64-w64-mingw32-gprof.exe gprof -ln x86_64-w64-mingw32-ld.bfd.exe ld.bfd -ln x86_64-w64-mingw32-ld.exe ld -ln x86_64-w64-mingw32-nm.exe nm -ln x86_64-w64-mingw32-objcopy.exe objcopy -ln x86_64-w64-mingw32-objdump.exe objdump -ln x86_64-w64-mingw32-ranlib.exe ranlib -ln x86_64-w64-mingw32-readelf.exe readelf -ln x86_64-w64-mingw32-size.exe size -ln x86_64-w64-mingw32-strings.exe strings -ln x86_64-w64-mingw32-strip.exe strip -ln x86_64-w64-mingw32-windmc.exe windmc -ln x86_64-w64-mingw32-windres.exe windres diff --git a/servconf.c b/servconf.c index 54eb227..3a096cf 100644 --- a/servconf.c +++ b/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.280 2015/08/06 14:53:21 deraadt Exp $ */ +/* $OpenBSD: servconf.c,v 1.292 2016/06/23 05:17:51 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -13,15 +13,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include <sys/types.h> #include <sys/socket.h> @@ -191,6 +182,20 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } +static void +assemble_algorithms(ServerOptions *o) +{ + if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || + kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || + kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, + &o->hostkeyalgorithms) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, + &o->hostbased_key_types) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) + fatal("kex_assemble_names failed"); +} + void fill_default_server_options(ServerOptions *options) { @@ -272,8 +277,6 @@ fill_default_server_options(ServerOptions *options) options->hostbased_authentication = 0; if (options->hostbased_uses_name_from_packet_only == -1) options->hostbased_uses_name_from_packet_only = 0; - if (options->hostkeyalgorithms == NULL) - options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->pubkey_authentication == -1) @@ -355,18 +358,11 @@ fill_default_server_options(ServerOptions *options) if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; - if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || - kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || - kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->hostbased_key_types) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->pubkey_key_types) != 0) - fatal("%s: kex_assemble_names failed", __func__); + assemble_algorithms(options); - /* Turn privilege separation on by default */ + /* Turn privilege separation and sandboxing on by default */ if (use_privsep == -1) - use_privsep = PRIVSEP_NOSANDBOX; + use_privsep = PRIVSEP_ON; #define CLEAR_ON_NONE(v) \ do { \ @@ -381,12 +377,22 @@ fill_default_server_options(ServerOptions *options) CLEAR_ON_NONE(options->trusted_user_ca_keys); CLEAR_ON_NONE(options->revoked_keys_file); CLEAR_ON_NONE(options->authorized_principals_file); + CLEAR_ON_NONE(options->adm_forced_command); + CLEAR_ON_NONE(options->chroot_directory); for (i = 0; i < options->num_host_key_files; i++) CLEAR_ON_NONE(options->host_key_files[i]); for (i = 0; i < options->num_host_cert_files; i++) CLEAR_ON_NONE(options->host_cert_files[i]); #undef CLEAR_ON_NONE + /* Similar handling for AuthenticationMethods=any */ + if (options->num_auth_methods == 1 && + strcmp(options->auth_methods[0], "any") == 0) { + free(options->auth_methods[0]); + options->auth_methods[0] = NULL; + options->num_auth_methods = 0; + } + #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " @@ -527,7 +533,11 @@ static struct { { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, +#ifdef DISABLE_LASTLOG + { "printlastlog", sUnsupported, SSHCFG_GLOBAL }, +#else { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, +#endif { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL }, { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, @@ -727,14 +737,15 @@ process_queued_listen_addrs(ServerOptions *options) struct connection_info * get_connection_info(int populate, int use_dns) { + struct ssh *ssh = active_state; /* XXX */ static struct connection_info ci; if (!populate) return &ci; - ci.host = get_canonical_hostname(use_dns); - ci.address = get_remote_ipaddr(); - ci.laddress = get_local_ipaddr(packet_get_connection_in()); - ci.lport = get_local_port(); + ci.host = auth_get_canonical_hostname(ssh, use_dns); + ci.address = ssh_remote_ipaddr(ssh); + ci.laddress = ssh_local_ipaddr(ssh); + ci.lport = ssh_local_port(ssh); return &ci; } @@ -1366,16 +1377,12 @@ process_server_config_line(ServerOptions *options, char *line, if (scan_scaled(arg, &val64) == -1) fatal("%.200s line %d: Bad number '%s': %s", filename, linenum, arg, strerror(errno)); - /* check for too-large or too-small limits */ - if (val64 > UINT_MAX) - fatal("%.200s line %d: RekeyLimit too large", - filename, linenum); if (val64 != 0 && val64 < 16) fatal("%.200s line %d: RekeyLimit too small", filename, linenum); } if (*activep && options->rekey_limit == -1) - options->rekey_limit = (u_int32_t)val64; + options->rekey_limit = val64; if (cp != NULL) { /* optional rekey interval present */ if (strcmp(cp, "none") == 0) { (void)strdelim(&cp); /* discard */ @@ -1843,21 +1850,41 @@ process_server_config_line(ServerOptions *options, char *line, case sAuthenticationMethods: if (options->num_auth_methods == 0) { + value = 0; /* seen "any" pseudo-method */ + value2 = 0; /* sucessfully parsed any method */ while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_auth_methods >= MAX_AUTH_METHODS) fatal("%s line %d: " "too many authentication methods.", filename, linenum); - if (auth2_methods_valid(arg, 0) != 0) + if (strcmp(arg, "any") == 0) { + if (options->num_auth_methods > 0) { + fatal("%s line %d: \"any\" " + "must appear alone in " + "AuthenticationMethods", + filename, linenum); + } + value = 1; + } else if (value) { + fatal("%s line %d: \"any\" must appear " + "alone in AuthenticationMethods", + filename, linenum); + } else if (auth2_methods_valid(arg, 0) != 0) { fatal("%s line %d: invalid " "authentication method list.", filename, linenum); + } + value2 = 1; if (!*activep) continue; options->auth_methods[ options->num_auth_methods++] = xstrdup(arg); } + if (value2 == 0) { + fatal("%s line %d: no AuthenticationMethods " + "specified", filename, linenum); + } } return 0; @@ -2035,6 +2062,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(allow_agent_forwarding); M_CP_INTOPT(permit_tun); M_CP_INTOPT(fwd_opts.gateway_ports); + M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); M_CP_INTOPT(x11_display_offset); M_CP_INTOPT(x11_forwarding); M_CP_INTOPT(x11_use_localhost); @@ -2047,6 +2075,16 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(rekey_limit); M_CP_INTOPT(rekey_interval); + /* + * The bind_mask is a mode_t that may be unsigned, so we can't use + * M_CP_INTOPT - it does a signed comparison that causes compiler + * warnings. + */ + if (src->fwd_opts.streamlocal_bind_mask != (mode_t)-1) { + dst->fwd_opts.streamlocal_bind_mask = + src->fwd_opts.streamlocal_bind_mask; + } + /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */ #define M_CP_STROPT(n) do {\ if (src->n != NULL && dst->n != src->n) { \ @@ -2064,6 +2102,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); + /* Arguments that accept '+...' need to be expanded */ + assemble_algorithms(dst); + /* * The only things that should be below this point are string options * which are only used after authentication. @@ -2071,8 +2112,17 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) if (preauth) return; + /* These options may be "none" to clear a global setting */ M_CP_STROPT(adm_forced_command); + if (option_clear_or_none(dst->adm_forced_command)) { + free(dst->adm_forced_command); + dst->adm_forced_command = NULL; + } M_CP_STROPT(chroot_directory); + if (option_clear_or_none(dst->chroot_directory)) { + free(dst->chroot_directory); + dst->chroot_directory = NULL; + } } #undef M_CP_INTOPT @@ -2088,7 +2138,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, debug2("%s: config %s len %d", __func__, filename, buffer_len(conf)); - obuf = cbuf = xstrdup(buffer_ptr(conf)); + if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); active = connectinfo ? 0 : 1; linenum = 1; while ((cp = strsep(&cbuf, "\n")) != NULL) { @@ -2212,11 +2263,13 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals) { u_int i; - if (count <= 0) + if (count <= 0 && code != sAuthenticationMethods) return; printf("%s", lookup_opcode_name(code)); for (i = 0; i < count; i++) printf(" %s", vals[i]); + if (code == sAuthenticationMethods && count == 0) + printf(" any"); printf("\n"); } @@ -2303,7 +2356,9 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sChallengeResponseAuthentication, o->challenge_response_authentication); dump_cfg_fmtint(sPrintMotd, o->print_motd); +#ifndef DISABLE_LASTLOG dump_cfg_fmtint(sPrintLastLog, o->print_lastlog); +#endif dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding); dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); dump_cfg_fmtint(sPermitTTY, o->permit_tty); @@ -2319,6 +2374,7 @@ dump_config(ServerOptions *o) dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); + dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); @@ -2387,7 +2443,7 @@ dump_config(ServerOptions *o) printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); printf("%s\n", iptos2str(o->ip_qos_bulk)); - printf("rekeylimit %lld %d\n", (long long)o->rekey_limit, + printf("rekeylimit %llu %d\n", (unsigned long long)o->rekey_limit, o->rekey_interval); channel_print_adm_permitted_opens(); diff --git a/servconf.h b/servconf.h index 62c866f..cb04d48 100644 --- a/servconf.h +++ b/servconf.h @@ -198,8 +198,7 @@ typedef struct { u_int num_auth_methods; char *auth_methods[MAX_AUTH_METHODS]; - int fingerprint_hash; - + int fingerprint_hash; } ServerOptions; /* Information about the incoming connection as used by Match */ diff --git a/serverloop.c b/serverloop.c index a471cad..3faf7c4 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.184 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -78,7 +78,6 @@ #include "dispatch.h" #include "auth-options.h" #include "serverloop.h" -#include "roaming.h" #include "ssherr.h" extern ServerOptions options; @@ -141,6 +140,8 @@ notify_setup(void) set_nonblock(notify_pipe[1]); return; } + notify_pipe[0] = -1; /* read end */ + notify_pipe[1] = -1; /* write end */ } static void notify_parent(void) @@ -275,7 +276,7 @@ client_alive_check(void) */ static void wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - u_int *nallocp, u_int64_t max_time_milliseconds) + u_int *nallocp, u_int64_t max_time_ms) { struct timeval tv, *tvp; int ret; @@ -287,9 +288,9 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, &minwait_secs, 0); + /* XXX need proper deadline system for rekey/client alive */ if (minwait_secs != 0) - max_time_milliseconds = MIN(max_time_milliseconds, - (u_int)minwait_secs * 1000); + max_time_ms = MIN(max_time_ms, (u_int)minwait_secs * 1000); /* * if using client_alive, set the max timeout accordingly, @@ -299,11 +300,13 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * this could be randomized somewhat to make traffic * analysis more difficult, but we're not doing it yet. */ - if (compat20 && - max_time_milliseconds == 0 && options.client_alive_interval) { + if (compat20 && options.client_alive_interval) { + uint64_t keepalive_ms = + (uint64_t)options.client_alive_interval * 1000; + client_alive_scheduled = 1; - max_time_milliseconds = - (u_int64_t)options.client_alive_interval * 1000; + if (max_time_ms == 0 || max_time_ms > keepalive_ms) + max_time_ms = keepalive_ms; } if (compat20) { @@ -352,14 +355,14 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, * from it, then read as much as is available and exit. */ if (child_terminated && packet_not_very_much_data_to_write()) - if (max_time_milliseconds == 0 || client_alive_scheduled) - max_time_milliseconds = 100; + if (max_time_ms == 0 || client_alive_scheduled) + max_time_ms = 100; - if (max_time_milliseconds == 0) + if (max_time_ms == 0) tvp = NULL; else { - tv.tv_sec = max_time_milliseconds / 1000; - tv.tv_usec = 1000 * (max_time_milliseconds % 1000); + tv.tv_sec = max_time_ms / 1000; + tv.tv_usec = 1000 * (max_time_ms % 1000); tvp = &tv; } @@ -392,18 +395,16 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, static void process_input(fd_set *readset) { + struct ssh *ssh = active_state; /* XXX */ int len; char buf[16384]; /* Read and buffer any input data from the client. */ if (FD_ISSET(connection_in, readset)) { - int cont = 0; - len = roaming_read(connection_in, buf, sizeof(buf), &cont); + len = read(connection_in, buf, sizeof(buf)); if (len == 0) { - if (cont) - return; - verbose("Connection closed by %.100s", - get_remote_ipaddr()); + verbose("Connection closed by %.100s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); connection_closed = 1; if (compat20) return; @@ -412,8 +413,9 @@ process_input(fd_set *readset) if (errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) { verbose("Read error from remote host " - "%.100s: %.100s", - get_remote_ipaddr(), strerror(errno)); + "%.100s port %d: %.100s", + ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), strerror(errno)); cleanup_exit(255); } } else { @@ -570,6 +572,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) int type; debug("Entering interactive session."); + /* Initialize the SIGCHLD kludge. */ child_terminated = 0; mysignal(SIGCHLD, sigchld_handler); @@ -823,7 +826,7 @@ void server_loop2(Authctxt *authctxt) { fd_set *readset = NULL, *writeset = NULL; - int rekeying = 0, max_fd; + int max_fd; u_int nalloc = 0; u_int64_t rekey_timeout_ms = 0; @@ -850,11 +853,11 @@ server_loop2(Authctxt *authctxt) for (;;) { process_buffered_input_packets(); - rekeying = (active_state->kex != NULL && !active_state->kex->done); - - if (!rekeying && packet_not_very_much_data_to_write()) + if (!ssh_packet_is_rekeying(active_state) && + packet_not_very_much_data_to_write()) channel_output_poll(); - if (options.rekey_interval > 0 && compat20 && !rekeying) + if (options.rekey_interval > 0 && compat20 && + !ssh_packet_is_rekeying(active_state)) rekey_timeout_ms = packet_get_rekey_timeout() * 1000; else rekey_timeout_ms = 0; @@ -869,14 +872,8 @@ server_loop2(Authctxt *authctxt) } collect_children(); - if (!rekeying) { + if (!ssh_packet_is_rekeying(active_state)) channel_after_select(readset, writeset); - if (packet_need_rekeying()) { - debug("need rekeying"); - active_state->kex->done = 0; - kex_send_kexinit(active_state); - } - } process_input(readset); if (connection_closed) break; @@ -1211,7 +1208,7 @@ server_input_hostkeys_prove(struct sshbuf **respp) ssh->kex->session_id, ssh->kex->session_id_len)) != 0 || (r = sshkey_puts(key, sigbuf)) != 0 || (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen, - sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 || + sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), NULL, 0)) != 0 || (r = sshbuf_put_string(resp, sig, slen)) != 0) { error("%s: couldn't prepare signature: %s", __func__, ssh_err(r)); @@ -1259,12 +1256,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 || no_port_forwarding_flag || - (!want_reply && fwd.listen_port == 0) -#ifndef NO_IPPORT_RESERVED_CONCEPT - || (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && - pw->pw_uid != 0) -#endif - ) { + (!want_reply && fwd.listen_port == 0) || + (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED && + pw->pw_uid != 0)) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { @@ -1275,7 +1269,8 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) free(fwd.listen_host); if ((resp = sshbuf_new()) == NULL) fatal("%s: sshbuf_new", __func__); - if ((r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) + if (allocated_listen_port != 0 && + (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0) fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r)); } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { struct Forward fwd; diff --git a/session.c b/session.c index c40efb1..9d5681a 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ +/* $OpenBSD: session.c,v 1.282 2016/03/10 11:47:57 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -34,9 +34,6 @@ */ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ #include <sys/types.h> #include <sys/param.h> @@ -49,6 +46,7 @@ #include <arpa/inet.h> +#include <ctype.h> #include <errno.h> #include <fcntl.h> #include <grp.h> @@ -182,6 +180,7 @@ login_cap_t *lc; #endif static int is_child = 0; +static int in_chroot = 0; /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; @@ -337,6 +336,21 @@ do_authenticated(Authctxt *authctxt) do_cleanup(authctxt); } +/* Check untrusted xauth strings for metacharacters */ +static int +xauth_valid_string(const char *s) +{ + size_t i; + + for (i = 0; s[i] != '\0'; i++) { + if (!isalnum((u_char)s[i]) && + s[i] != '.' && s[i] != ':' && s[i] != '/' && + s[i] != '-' && s[i] != '_') + return 0; + } + return 1; +} + /* * Prepares for an interactive session. This is called after the user has * been successfully authenticated. During this message exchange, pseudo @@ -410,7 +424,13 @@ do_authenticated1(Authctxt *authctxt) s->screen = 0; } packet_check_eom(); - success = session_setup_x11fwd(s); + if (xauth_valid_string(s->auth_proto) && + xauth_valid_string(s->auth_data)) + success = session_setup_x11fwd(s); + else { + success = 0; + error("Invalid X11 forwarding data"); + } if (!success) { free(s->auth_proto); free(s->auth_data); @@ -506,11 +526,11 @@ void setup_session_vars(Session* s) char buf[128]; char* laddr; + struct ssh *ssh = active_state; /* XXX */ + if ((pw_dir_w = utf8_to_utf16(s->pw->pw_dir)) == NULL) fatal("%s: out of memory"); - - if ((tmp = utf8_to_utf16(s->pw->pw_name)) == NULL) fatal("%s, out of memory"); SetEnvironmentVariableW(L"USERNAME", tmp); @@ -531,14 +551,14 @@ void setup_session_vars(Session* s) } snprintf(buf, sizeof buf, "%.50s %d %d", - get_remote_ipaddr(), get_remote_port(), get_local_port()); + ssh->remote_ipaddr, ssh->remote_port, ssh->local_port); SetEnvironmentVariableA("SSH_CLIENT", buf); laddr = get_local_ipaddr(packet_get_connection_in()); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", - get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); + ssh->remote_ipaddr, ssh->remote_port, laddr, ssh->local_port); free(laddr); @@ -1059,7 +1079,6 @@ do_exec_no_pty(Session *s, const char *command) } #endif return 0; - } /* @@ -1173,7 +1192,7 @@ do_exec_pty(Session *s, const char *command) /* Enter interactive session. */ s->ptymaster = ptymaster; - packet_set_interactive(1, + packet_set_interactive(1, options.ip_qos_interactive, options.ip_qos_bulk); if (compat20) { session_set_fds(s, ptyfd, fdout, -1, 1, 1); @@ -1189,6 +1208,7 @@ do_exec_pty(Session *s, const char *command) static void do_pre_login(Session *s) { + struct ssh *ssh = active_state; /* XXX */ socklen_t fromlen; struct sockaddr_storage from; pid_t pid = getpid(); @@ -1208,7 +1228,7 @@ do_pre_login(Session *s) } record_utmp_only(pid, s->tty, s->pw->pw_name, - get_remote_name_or_ip(utmp_len, options.use_dns), + session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen); } #endif @@ -1220,9 +1240,10 @@ do_pre_login(Session *s) int do_exec(Session *s, const char *command) { + struct ssh *ssh = active_state; /* XXX */ int ret; - const char *forced = NULL; - char session_type[1024], *tty = NULL; + const char *forced = NULL, *tty = NULL; + char session_type[1024]; if (options.adm_forced_command) { original_command = command; @@ -1257,13 +1278,14 @@ do_exec(Session *s, const char *command) tty += 5; } - verbose("Starting session: %s%s%s for %s from %.200s port %d", + verbose("Starting session: %s%s%s for %s from %.200s port %d id %d", session_type, tty == NULL ? "" : " on ", tty == NULL ? "" : tty, s->pw->pw_name, - get_remote_ipaddr(), - get_remote_port()); + ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), + s->self); #ifdef SSH_AUDIT_EVENTS if (command != NULL) @@ -1297,6 +1319,7 @@ do_exec(Session *s, const char *command) void do_login(Session *s, const char *command) { + struct ssh *ssh = active_state; /* XXX */ socklen_t fromlen; struct sockaddr_storage from; struct passwd * pw = s->pw; @@ -1319,7 +1342,7 @@ do_login(Session *s, const char *command) /* Record that there was a login on that tty from the remote host. */ if (!use_privsep) record_login(pid, s->tty, pw->pw_name, pw->pw_uid, - get_remote_name_or_ip(utmp_len, + session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), (struct sockaddr *)&from, fromlen); @@ -1580,6 +1603,7 @@ copy_environment(char **source, char ***env, u_int *envsize) static char ** do_setup_env(Session *s, const char *shell) { + struct ssh *ssh = active_state; /* XXX */ char buf[256]; u_int i, envsize; char **env, *laddr; @@ -1681,12 +1705,14 @@ do_setup_env(Session *s, const char *shell) /* SSH_CLIENT deprecated */ snprintf(buf, sizeof buf, "%.50s %d %d", - get_remote_ipaddr(), get_remote_port(), get_local_port()); + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + ssh_local_port(ssh)); child_set_env(&env, &envsize, "SSH_CLIENT", buf); laddr = get_local_ipaddr(packet_get_connection_in()); snprintf(buf, sizeof buf, "%.50s %d %.50s %d", - get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + laddr, ssh_local_port(ssh)); free(laddr); child_set_env(&env, &envsize, "SSH_CONNECTION", buf); @@ -1736,7 +1762,7 @@ do_setup_env(Session *s, const char *shell) * Pull in any environment variables that may have * been set by PAM. */ - if (options.use_pam) { + if (options.use_pam && !options.use_login) { char **p; p = fetch_pam_child_environment(); @@ -1966,7 +1992,7 @@ do_setusercontext(struct passwd *pw) platform_setusercontext_post_groups(pw); - if (options.chroot_directory != NULL && + if (!in_chroot && options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, pw->pw_uid); @@ -1978,9 +2004,7 @@ do_setusercontext(struct passwd *pw) /* Make sure we don't attempt to chroot again */ free(options.chroot_directory); options.chroot_directory = NULL; -#ifdef USE_LIBIAF - doing_chroot = 1; -#endif + in_chroot = 1; } #ifdef HAVE_LOGIN_CAP @@ -1995,16 +2019,16 @@ do_setusercontext(struct passwd *pw) (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUMASK); #else # ifdef USE_LIBIAF -/* In a chroot environment, the set_id() will always fail; typically - * because of the lack of necessary authentication services and runtime - * such as ./usr/lib/libiaf.so, ./usr/lib/libpam.so.1, and ./etc/passwd - * We skip it in the internal sftp chroot case. - * We'll lose auditing and ACLs but permanently_set_uid will - * take care of the rest. - */ - if ((doing_chroot == 0) && set_id(pw->pw_name) != 0) { - fatal("set_id(%s) Failed", pw->pw_name); - } + /* + * In a chroot environment, the set_id() will always fail; + * typically because of the lack of necessary authentication + * services and runtime such as ./usr/lib/libiaf.so, + * ./usr/lib/libpam.so.1, and ./etc/passwd We skip it in the + * internal sftp chroot case. We'll lose auditing and ACLs but + * permanently_set_uid will take care of the rest. + */ + if (!in_chroot && set_id(pw->pw_name) != 0) + fatal("set_id(%s) Failed", pw->pw_name); # endif /* USE_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); @@ -2195,14 +2219,14 @@ do_child(Session *s, const char *command) /* we have to stash the hostname before we close our socket. */ if (options.use_login) - hostname = get_remote_name_or_ip(utmp_len, + hostname = session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns); /* * Close the connection descriptors; note that this is the child, and * the server will still have the socket open, and it is important * that we do not shutdown it. Note that the descriptors cannot be * closed before building the environment, as we call - * get_remote_ipaddr there. + * ssh_remote_ipaddr there. */ child_close_fds(); @@ -2244,11 +2268,11 @@ do_child(Session *s, const char *command) #ifdef HAVE_LOGIN_CAP r = login_getcapbool(lc, "requirehome", 0); #endif - if (r || options.chroot_directory == NULL || - strcasecmp(options.chroot_directory, "none") == 0) + if (r || !in_chroot) { fprintf(stderr, "Could not chdir to home " "directory %s: %s\n", pw->pw_dir, strerror(errno)); + } if (r) exit(1); } @@ -2636,7 +2660,13 @@ session_x11_req(Session *s) s->screen = packet_get_int(); packet_check_eom(); - success = session_setup_x11fwd(s); + if (xauth_valid_string(s->auth_proto) && + xauth_valid_string(s->auth_data)) + success = session_setup_x11fwd(s); + else { + success = 0; + error("Invalid X11 forwarding data"); + } if (!success) { free(s->auth_proto); free(s->auth_data); @@ -3022,9 +3052,15 @@ session_exit_message(Session *s, int status) void session_close(Session *s) { + struct ssh *ssh = active_state; /* XXX */ u_int i; - debug("session_close: session %d pid %ld", s->self, (long)s->pid); + verbose("Close session: user %s from %.200s port %d id %d", + s->pw->pw_name, + ssh_remote_ipaddr(ssh), + ssh_remote_port(ssh), + s->self); + if (s->ttyfd != -1) session_pty_cleanup(s); free(s->term); @@ -3295,3 +3331,18 @@ do_cleanup(Authctxt *authctxt) if (!use_privsep || mm_is_monitor()) session_destroy_all(session_pty_cleanup2); } + +/* Return a name for the remote host that fits inside utmp_size */ + +const char * +session_get_remote_name_or_ip(struct ssh *ssh, u_int utmp_size, int use_dns) +{ + const char *remote = ""; + + if (utmp_size > 0) + remote = auth_get_canonical_hostname(ssh, use_dns); + if (utmp_size == 0 || strlen(remote) > utmp_size) + remote = ssh_remote_ipaddr(ssh); + return remote; +} + diff --git a/session.h b/session.h index 6a2f35e..f18eaf3 100644 --- a/session.h +++ b/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.31 2013/10/14 21:20:52 djm Exp $ */ +/* $OpenBSD: session.h,v 1.32 2016/03/07 19:02:43 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -81,4 +81,6 @@ void do_setusercontext(struct passwd *); void child_set_env(char ***envp, u_int *envsizep, const char *name, const char *value); +const char *session_get_remote_name_or_ip(struct ssh *, u_int, int); + #endif diff --git a/sftp-client.c b/sftp-client.c index 3034b77..24e1c64 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.120 2015/05/28 04:50:53 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.124 2016/05/25 23:48:45 schwarze Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -36,12 +36,7 @@ #endif #include <sys/uio.h> -#ifdef WIN32_VS -#include "win32_dirent.h" -#else #include <dirent.h> -#endif - #include <errno.h> #include <fcntl.h> #include <signal.h> @@ -58,6 +53,7 @@ #include "atomicio.h" #include "progressmeter.h" #include "misc.h" +#include "utf8.h" #include "sftp.h" #include "sftp-common.h" @@ -568,8 +564,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, struct sshbuf *msg; u_int count, id, i, expected_id, ents = 0; size_t handle_len; - u_char type; - char *handle; + u_char type, *handle; int status = SSH2_FX_FAILURE; int r; @@ -664,7 +659,7 @@ do_lsreaddir(struct sftp_conn *conn, const char *path, int print_flag, } if (print_flag) - printf("%s\n", longname); + mprintf("%s\n", longname); /* * Directory entries should never contain '/' @@ -754,7 +749,6 @@ do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int print_flag) status = get_status(conn, id); if (status != SSH2_FX_OK && print_flag) error("Couldn't create directory: %s", fx2txt(status)); - errno = status; return status == SSH2_FX_OK ? 0 : -1; } @@ -1267,8 +1261,6 @@ do_download(struct sftp_conn *conn, const char *remote_path, local_fd = open(local_path, O_WRONLY | O_CREAT | (resume_flag ? 0 : O_TRUNC), mode | S_IWUSR); - - if (local_fd == -1) { error("Couldn't open local file \"%s\" for writing: %s", local_path, strerror(errno)); @@ -1377,7 +1369,6 @@ do_download(struct sftp_conn *conn, const char *remote_path, "%zu > %zu", len, req->len); if ((lseek(local_fd, req->offset, SEEK_SET) == -1 || atomicio(vwrite, local_fd, data, len) != len) && - !write_error) { write_errno = errno; write_error = 1; @@ -1481,7 +1472,6 @@ do_download(struct sftp_conn *conn, const char *remote_path, error("Can't set times on \"%s\": %s", local_path, strerror(errno)); } - if (fsync_flag) { debug("syncing \"%s\"", local_path); #ifdef WINDOWS @@ -1527,7 +1517,7 @@ download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, return -1; } if (print_flag) - printf("Retrieving %s\n", src); + mprintf("Retrieving %s\n", src); if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) mode = dirattrib->perm & 01777; @@ -1640,7 +1630,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, TAILQ_INIT(&acks); - if ((local_fd = open(local_path, O_RDONLY, 0)) == -1) { + if ((local_fd = open(local_path, O_RDONLY, 0)) == -1) { error("Couldn't open local file \"%s\" for reading: %s", local_path, strerror(errno)); return(-1); @@ -1667,7 +1657,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, if (resume) { /* Get remote file size if it exists */ if ((c = do_stat(conn, remote_path, 0)) == NULL) { - close(local_fd); + close(local_fd); return -1; } @@ -1731,7 +1721,6 @@ do_upload(struct sftp_conn *conn, const char *local_path, len = 0; else do len = read(local_fd, data, conn->transfer_buflen); - while ((len == -1) && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)); @@ -1827,7 +1816,7 @@ do_upload(struct sftp_conn *conn, const char *local_path, if (fsync_flag) (void)do_fsync(conn, handle, handle_len); - if (do_close(conn, handle, handle_len) != SSH2_FX_OK) + if (do_close(conn, handle, handle_len) != 0) status = SSH2_FX_FAILURE; free(handle); @@ -1840,12 +1829,11 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int depth, int preserve_flag, int print_flag, int resume, int fsync_flag) { int ret = 0; - u_int status; DIR *dirp; struct dirent *dp; char *filename, *new_src, *new_dst; struct stat sb; - Attrib a; + Attrib a, *dirattrib; if (depth >= MAX_DIR_DEPTH) { error("Maximum directory depth exceeded: %d levels", depth); @@ -1862,7 +1850,7 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, return -1; } if (print_flag) - printf("Entering %s\n", src); + mprintf("Entering %s\n", src); attrib_clear(&a); stat_to_attrib(&sb, &a); @@ -1872,17 +1860,18 @@ upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, if (!preserve_flag) a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; - status = do_mkdir(conn, dst, &a, 0); /* - * we lack a portable status for errno EEXIST, - * so if we get a SSH2_FX_FAILURE back we must check - * if it was created successfully. + * sftp lacks a portable status value to match errno EEXIST, + * so if we get a failure back then we must check whether + * the path already existed and is a directory. */ - if (status != SSH2_FX_OK) { - if (errno != SSH2_FX_FAILURE) + if (do_mkdir(conn, dst, &a, 0) != 0) { + if ((dirattrib = do_stat(conn, dst, 0)) == NULL) return -1; - if (do_stat(conn, dst, 0) == NULL) + if (!S_ISDIR(dirattrib->perm)) { + error("\"%s\" exists but is not a directory", dst); return -1; + } } if ((dirp = opendir(src)) == NULL) { diff --git a/sftp-client.h b/sftp-client.h index f814b07..14a3b81 100644 --- a/sftp-client.h +++ b/sftp-client.h @@ -21,6 +21,12 @@ #ifndef _SFTP_CLIENT_H #define _SFTP_CLIENT_H +#ifdef USE_SYSTEM_GLOB +# include <glob.h> +#else +# include "openbsd-compat/glob.h" +#endif + typedef struct SFTP_DIRENT SFTP_DIRENT; struct SFTP_DIRENT { diff --git a/sftp-common.c b/sftp-common.c index 621e955..0b84ab4 100644 --- a/sftp-common.c +++ b/sftp-common.c @@ -473,7 +473,7 @@ BOOL ResolveLink(wchar_t * tLink, wchar_t *ret, DWORD * plen, DWORD Flags) } if (fileHandle == INVALID_HANDLE_VALUE) { - swprintf_s(ret, *plen, L"%ls", tLink); + sprintf_s(ret, *plen, L"%ls", tLink); return TRUE; } @@ -524,27 +524,27 @@ char * get_inside_path(char * opath, BOOL bResolve, BOOL bMustExist) char * ipath; char * temp_name; wchar_t temp[1024]; - DWORD templen = 1024; - WIN32_FILE_ATTRIBUTE_DATA FileInfo; + DWORD templen = 1024; + WIN32_FILE_ATTRIBUTE_DATA FileInfo; - wchar_t* opath_w = utf8_to_utf16(opath); - if (!GetFileAttributesExW(opath_w, GetFileExInfoStandard, &FileInfo) && bMustExist) - { - free(opath_w); - return NULL; - } + wchar_t* opath_w = utf8_to_utf16(opath); + if (!GetFileAttributesExW(opath_w, GetFileExInfoStandard, &FileInfo) && bMustExist) + { + free(opath_w); + return NULL; + } - if (bResolve) - { - ResolveLink(opath_w, temp, &templen, FileInfo.dwFileAttributes); - ipath = utf16_to_utf8(temp); - } - else - { - ipath = xstrdup(opath); - } + if (bResolve) + { + ResolveLink(opath_w, temp, &templen, FileInfo.dwFileAttributes); + ipath = utf16_to_utf8(temp); + } + else + { + ipath = xstrdup(opath); + } - free(opath_w); + free(opath_w); return ipath; } diff --git a/sftp-glob.c b/sftp-glob.c index fbe3294..43a1beb 100644 --- a/sftp-glob.c +++ b/sftp-glob.c @@ -22,12 +22,7 @@ # include <sys/stat.h> #endif -#ifdef WINDOWS -#include "win32_dirent.h" -#else #include <dirent.h> -#endif - #include <stdlib.h> #include <string.h> #include <stdlib.h> @@ -152,4 +147,4 @@ remote_glob(struct sftp_conn *conn, const char *pattern, int flags, cur.conn = conn; return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)); -} \ No newline at end of file +} diff --git a/sftp-server-main.c b/sftp-server-main.c index 7e644ab..c6ccd62 100644 --- a/sftp-server-main.c +++ b/sftp-server-main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server-main.c,v 1.4 2009/02/21 19:32:04 tobias Exp $ */ +/* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2008 Markus Friedl. All rights reserved. * @@ -26,6 +26,7 @@ #include "log.h" #include "sftp.h" #include "misc.h" +#include "xmalloc.h" void cleanup_exit(int i) @@ -38,6 +39,7 @@ main(int argc, char **argv) { struct passwd *user_pw; + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/sftp-server.0 b/sftp-server.0 deleted file mode 100644 index b971cef..0000000 --- a/sftp-server.0 +++ /dev/null @@ -1,96 +0,0 @@ -SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) - -NAME - sftp-server M-bM-^@M-^S SFTP server subsystem - -SYNOPSIS - sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] - [-P blacklisted_requests] [-p whitelisted_requests] - [-u umask] - sftp-server -Q protocol_feature - -DESCRIPTION - sftp-server is a program that speaks the server side of SFTP protocol to - stdout and expects client requests from stdin. sftp-server is not - intended to be called directly, but from sshd(8) using the Subsystem - option. - - Command-line flags to sftp-server should be specified in the Subsystem - declaration. See sshd_config(5) for more information. - - Valid options are: - - -d start_directory - specifies an alternate starting directory for users. The - pathname may contain the following tokens that are expanded at - runtime: %% is replaced by a literal '%', %d is replaced by the - home directory of the user being authenticated, and %u is - replaced by the username of that user. The default is to use the - user's home directory. This option is useful in conjunction with - the sshd_config(5) ChrootDirectory option. - - -e Causes sftp-server to print logging information to stderr instead - of syslog for debugging. - - -f log_facility - Specifies the facility code that is used when logging messages - from sftp-server. The possible values are: DAEMON, USER, AUTH, - LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. - The default is AUTH. - - -h Displays sftp-server usage information. - - -l log_level - Specifies which messages will be logged by sftp-server. The - possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, - DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions - that sftp-server performs on behalf of the client. DEBUG and - DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher - levels of debugging output. The default is ERROR. - - -P blacklisted_requests - Specify a comma-separated list of SFTP protocol requests that are - banned by the server. sftp-server will reply to any blacklisted - request with a failure. The -Q flag can be used to determine the - supported request types. If both a blacklist and a whitelist are - specified, then the blacklist is applied before the whitelist. - - -p whitelisted_requests - Specify a comma-separated list of SFTP protocol requests that are - permitted by the server. All request types that are not on the - whitelist will be logged and replied to with a failure message. - - Care must be taken when using this feature to ensure that - requests made implicitly by SFTP clients are permitted. - - -Q protocol_feature - Query protocol features supported by sftp-server. At present the - only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used - for black or whitelisting (flags -P and -p respectively). - - -R Places this instance of sftp-server into a read-only mode. - Attempts to open files for writing, as well as other operations - that change the state of the filesystem, will be denied. - - -u umask - Sets an explicit umask(2) to be applied to newly-created files - and directories, instead of the user's default mask. - - On some systems, sftp-server must be able to access /dev/log for logging - to work, and use of sftp-server in a chroot configuration therefore - requires that syslogd(8) establish a logging socket inside the chroot - directory. - -SEE ALSO - sftp(1), ssh(1), sshd_config(5), sshd(8) - - T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- - filexfer-02.txt, October 2001, work in progress material. - -HISTORY - sftp-server first appeared in OpenBSD 2.8. - -AUTHORS - Markus Friedl <markus@openbsd.org> - -OpenBSD 5.8 December 11, 2014 OpenBSD 5.8 diff --git a/sftp-server.c b/sftp-server.c index 09633af..422ab44 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.109 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -29,17 +29,11 @@ #ifdef HAVE_SYS_STATVFS_H #include <sys/statvfs.h> #endif -#ifdef HAVE_SYS_PRCTL_H -#include <sys/prctl.h> -#endif #ifdef WIN32_VS -#include "win32_dirent.h" #include <Shlwapi.h> -#else -#include <dirent.h> #endif - +#include <dirent.h> #include <errno.h> #include <fcntl.h> #include <pwd.h> @@ -97,7 +91,7 @@ static u_int version; static int init_done; /* Disable writes */ -static int readonly = 0; +static int readonly; /* Requests that are allowed/denied */ static char *request_whitelist, *request_blacklist; @@ -710,11 +704,9 @@ process_open(u_int32_t id) Attrib a; char *name; int r, handle, fd, flags, mode, status = SSH2_FX_FAILURE; - - if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if ((r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */ + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */ (r = decode_attrib(iqueue, &a)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -973,7 +965,8 @@ process_setstat(u_int32_t id) } #endif - if ((r = decode_attrib(iqueue, &a)) != 0) + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = decode_attrib(iqueue, &a)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); debug("request %u: setstat name \"%s\"", id, name); @@ -1091,7 +1084,7 @@ process_opendir(u_int32_t id) DIR *dirp = NULL; char *path; int r, handle, status = SSH2_FX_FAILURE; - + if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -1156,28 +1149,6 @@ process_readdir(u_int32_t id) int nstats = 10, count = 0, i; stats = xcalloc(nstats, sizeof(Stat)); - #ifdef WIN32_FIXME - // process the first entry that opendir() has found already - if (_stricmp(dirp->c_file.name, ".") && !_stricmp(dirp->c_file.name, dirp->initName)) // a firstfile that's not ".", this can happen for shared root drives - { // put first dirp in list - if (!strcmp(path, "/")) { - snprintf(pathname, sizeof pathname, - "/%s", dirp->c_file.name); - } - else { - snprintf(pathname, sizeof pathname, - "%s/%s", path, dirp->c_file.name); - } - if (pathname) { - if (lstat(pathname, &st) >= 0) { - stat_to_attrib(&st, &(stats[count].attrib)); - stats[count].name = xstrdup(dirp->c_file.name); - stats[count].long_name = ls_file(dirp->c_file.name, &st,0, 0); - count++; - } - } - } - #endif while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { @@ -1190,28 +1161,9 @@ process_readdir(u_int32_t id) if (lstat(pathname, &st) < 0) continue; stat_to_attrib(&st, &(stats[count].attrib)); -#ifdef WIN32_FIXME - { - /* - * Convert names to UTF8 before send to network. - */ - #ifdef WIN32_VS - stats[count].name = xstrdup(dp->d_name); - #else - stats[count].name = ConvertLocal8ToUtf8(dp -> d_name, -1, NULL); - #endif - stats[count].long_name = ls_file(dp -> d_name, &st, dirp->c_file.attrib, 0); - - /* - debug3("putting name [%s]...\n", stats[count].name); - debug3("putting long name [%s]...\n", stats[count].long_name); - */ - } -#else stats[count].name = xstrdup(dp->d_name); stats[count].long_name = ls_file(dp->d_name, &st, 0, 0); -#endif - count++; + count++; /* send up to 100 entries in one message */ /* XXX check packet size instead */ if (count == 100) @@ -1238,7 +1190,7 @@ process_remove(u_int32_t id) if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - + debug3("request %u: remove", id); logit("remove name \"%s\"", name); @@ -1264,11 +1216,9 @@ process_mkdir(u_int32_t id) Attrib a; char *name; int r, mode, status = SSH2_FX_FAILURE; - - if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if ((r = decode_attrib(iqueue, &a)) != 0) + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 || + (r = decode_attrib(iqueue, &a)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? @@ -1296,7 +1246,7 @@ process_rmdir(u_int32_t id) { char *name; int r, status; - + if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -1320,17 +1270,13 @@ process_rmdir(u_int32_t id) static void process_realpath(u_int32_t id) { - char resolvedname[PATH_MAX+ 1]; + char resolvedname[PATH_MAX]; char *path; int r; -//#ifdef WIN32_FIXME - //path = buffer_get_string_local8_from_utf8(&iqueue, NULL); -//#else + if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); -//#endif - #ifndef WIN32_FIXME if (path[0] == '\0') { free(path); @@ -1402,8 +1348,8 @@ process_rename(u_int32_t id) char *oldpath, *newpath; int r, status; struct stat sb; - -if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || + + if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef WIN32_FIXME @@ -1505,13 +1451,11 @@ process_readlink(u_int32_t id) send_names(id, 1, &s); } free(path); - } static void process_symlink(u_int32_t id) { - char *oldpath, *newpath; int r, status; @@ -1541,7 +1485,7 @@ process_extended_posix_rename(u_int32_t id) { char *oldpath, *newpath; int r, status; - + if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -1569,130 +1513,6 @@ process_extended_posix_rename(u_int32_t id) free(newpath); } -/* - * Remove whole directory tree. - * - * path - target dir, non-empty dir or file to remove (IN). - * - * RETURNS: 0 if OK. - */ - -int RemoveTree(const char *path) -{ - DIR *d = opendir(path); - - size_t path_len = strlen(path); - - int r = -1; - - if (d) - { - struct dirent *p; - - r = 0; - - while (!r && (p=readdir(d))) - { - int r2 = -1; - - char *buf; - - size_t len; - - /* - * Skip the names "." and ".." as we don't want to recurse on them. - */ - - if (!strcmp(p -> d_name, ".") || !strcmp(p -> d_name, "..")) - { - continue; - } - - len = path_len + strlen(p -> d_name) + 2; - - buf = (char *) malloc(len); - - if (buf) - { - struct stat statbuf; - - snprintf(buf, len, "%s/%s", path, p -> d_name); - - if (!stat(buf, &statbuf)) - { - if (S_ISDIR(statbuf.st_mode)) - { - r2 = RemoveTree(buf); - } - else - { - r2 = unlink(buf); - } - } - - free(buf); - } - - r = r2; - } - - closedir(d); - - if (r == 0) - { - r = rmdir(path); - } - } - else - { - r = unlink(path); - } - - return r; -} - -/* - * Close all handles to given target path. - * - * path - target path to close (IN). - * recursive - cloese subpaths too if set to 1 (IN). - */ - -static void HandlesCloseByPath(char *path, int recursive) -{ - int len = strlen(path); - int i = 0; - - for (i = 0; i < num_handles; i++) - { - int closeNeeded = 0; - - if (recursive) - { - if (strncmp(handles[i].name, path, len) == 0) - { - closeNeeded = 1; - } - } - else - { - if (strcmp(handles[i].name, path) == 0) - { - closeNeeded = 1; - } - } - - if (closeNeeded && - (handles[i].use == HANDLE_FILE || - handles[i].use == HANDLE_DIR)) - { - debug3("Closing handle [%d] to [%s]...", i, handles[i].name); - - handle_close(i); - } - } -} - static void process_extended_statvfs(u_int32_t id) { @@ -1705,10 +1525,9 @@ process_extended_statvfs(u_int32_t id) #endif int r; - + if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("request %u: statvfs", id); logit("statvfs \"%s\"", path); @@ -1753,11 +1572,10 @@ process_extended_hardlink(u_int32_t id) { char *oldpath, *newpath; int r, status; - -if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || + + if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 || (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug3("request %u: hardlink", id); logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath); @@ -1819,10 +1637,6 @@ process_extended(u_int32_t id) /* stolen from ssh-agent */ -#ifdef WIN32_FIXME -int readsomemore=0; -#endif - static void process(void) { @@ -1833,17 +1647,9 @@ process(void) const u_char *cp; int i, r; u_int32_t id; - - #ifdef WIN32_FIXME - // we use to tell our caller to read more data if a message is not complete - readsomemore=0; - #endif buf_len = sshbuf_len(iqueue); if (buf_len < 5) { - #ifdef WIN32_FIXME - readsomemore =1; - #endif return; /* Incomplete message. */ } cp = sshbuf_ptr(iqueue); @@ -1854,9 +1660,6 @@ process(void) sftp_server_cleanup_exit(11); } if (buf_len < msg_len + 4) { - #ifdef WIN32_FIXME - readsomemore =1; - #endif return; } if ((r = sshbuf_consume(iqueue, 4)) != 0) @@ -1956,11 +1759,11 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) extern char *optarg; extern char *__progname; + ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); log_init(__progname, log_level, log_facility, log_stderr); - pw = pwcopy(user_pw); - + pw = pwcopy(user_pw); while (!skipargs && (ch = getopt(argc, argv, "d:f:l:P:p:Q:u:cehR")) != -1) { @@ -2035,16 +1838,16 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* - * On Linux, we should try to avoid making /proc/self/{mem,maps} + * On platforms where we can, avoid making /proc/self/{mem,maps} * available to the user so that sftp access doesn't automatically * imply arbitrary code execution access that will break * restricted configurations. */ - if (prctl(PR_SET_DUMPABLE, 0) != 0) - fatal("unable to make the process undumpable"); -#endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */ + platform_disable_tracing(1); /* strict */ + + /* Drop any fine-grained privileges we don't need */ + platform_pledge_sftp_server(); if ((cp = getenv("SSH_CONNECTION")) != NULL) { client_addr = xstrdup(cp); @@ -2079,10 +1882,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) if ((oqueue = sshbuf_new()) == NULL) fatal("%s: sshbuf_new failed", __func__); - set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); - rset = xmalloc(set_size); - wset = xmalloc(set_size); - + rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask)); + wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask)); if (homedir != NULL) { if (chdir(homedir) != 0) { @@ -2091,8 +1892,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) } } + set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); for (;;) { - memset(rset, 0, set_size); memset(wset, 0, set_size); @@ -2108,7 +1909,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) else if (r != SSH_ERR_NO_BUFFER_SPACE) fatal("%s: sshbuf_check_reserve failed: %s", __func__, ssh_err(r)); - + olen = sshbuf_len(oqueue); if (olen > 0) FD_SET(out, wset); @@ -2182,7 +1983,7 @@ char *realpathWin32(const char *path, char resolved[PATH_MAX]) } resolved[0] = *path; // will be our first slash in /x:/users/test1 format - strncpy(resolved + 1, realpath, sizeof(realpath)); + strncpy(resolved + 1, realpath, sizeof(realpath) - 1); return resolved; } diff --git a/sftp-server.c.SSH.original_old b/sftp-server.c.SSH.original_old deleted file mode 100644 index 76edebc..0000000 --- a/sftp-server.c.SSH.original_old +++ /dev/null @@ -1,1353 +0,0 @@ -/* $OpenBSD: sftp-server.c,v 1.73 2007/05/17 07:55:29 djm Exp $ */ -/* - * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "includes.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif - -#include <dirent.h> -#include <errno.h> -#include <fcntl.h> -#include <pwd.h> -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <pwd.h> -#include <time.h> -#include <unistd.h> -#include <stdarg.h> - -#include "xmalloc.h" -#include "buffer.h" -#include "log.h" -#include "misc.h" -#include "uidswap.h" - -#include "sftp.h" -#include "sftp-common.h" - -/* helper */ -#define get_int64() buffer_get_int64(&iqueue); -#define get_int() buffer_get_int(&iqueue); -#define get_string(lenp) buffer_get_string(&iqueue, lenp); - -/* Our verbosity */ -LogLevel log_level = SYSLOG_LEVEL_ERROR; - -/* Our client */ -struct passwd *pw = NULL; -char *client_addr = NULL; - -/* input and output queue */ -Buffer iqueue; -Buffer oqueue; - -/* Version of client */ -int version; - -/* portable attributes, etc. */ - -typedef struct Stat Stat; - -struct Stat { - char *name; - char *long_name; - Attrib attrib; -}; - -static int -errno_to_portable(int unixerrno) -{ - int ret = 0; - - switch (unixerrno) { - case 0: - ret = SSH2_FX_OK; - break; - case ENOENT: - case ENOTDIR: - case EBADF: - case ELOOP: - ret = SSH2_FX_NO_SUCH_FILE; - break; - case EPERM: - case EACCES: - case EFAULT: - ret = SSH2_FX_PERMISSION_DENIED; - break; - case ENAMETOOLONG: - case EINVAL: - ret = SSH2_FX_BAD_MESSAGE; - break; - default: - ret = SSH2_FX_FAILURE; - break; - } - return ret; -} - -static int -flags_from_portable(int pflags) -{ - int flags = 0; - - if ((pflags & SSH2_FXF_READ) && - (pflags & SSH2_FXF_WRITE)) { - flags = O_RDWR; - } else if (pflags & SSH2_FXF_READ) { - flags = O_RDONLY; - } else if (pflags & SSH2_FXF_WRITE) { - flags = O_WRONLY; - } - if (pflags & SSH2_FXF_CREAT) - flags |= O_CREAT; - if (pflags & SSH2_FXF_TRUNC) - flags |= O_TRUNC; - if (pflags & SSH2_FXF_EXCL) - flags |= O_EXCL; - return flags; -} - -static const char * -string_from_portable(int pflags) -{ - static char ret[128]; - - *ret = '\0'; - -#define PAPPEND(str) { \ - if (*ret != '\0') \ - strlcat(ret, ",", sizeof(ret)); \ - strlcat(ret, str, sizeof(ret)); \ - } - - if (pflags & SSH2_FXF_READ) - PAPPEND("READ") - if (pflags & SSH2_FXF_WRITE) - PAPPEND("WRITE") - if (pflags & SSH2_FXF_CREAT) - PAPPEND("CREATE") - if (pflags & SSH2_FXF_TRUNC) - PAPPEND("TRUNCATE") - if (pflags & SSH2_FXF_EXCL) - PAPPEND("EXCL") - - return ret; -} - -static Attrib * -get_attrib(void) -{ - return decode_attrib(&iqueue); -} - -/* handle handles */ - -typedef struct Handle Handle; -struct Handle { - int use; - DIR *dirp; - int fd; - char *name; - u_int64_t bytes_read, bytes_write; -}; - -enum { - HANDLE_UNUSED, - HANDLE_DIR, - HANDLE_FILE -}; - -Handle handles[100]; - -static void -handle_init(void) -{ - u_int i; - - for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) - handles[i].use = HANDLE_UNUSED; -} - -static int -handle_new(int use, const char *name, int fd, DIR *dirp) -{ - u_int i; - - for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) { - if (handles[i].use == HANDLE_UNUSED) { - handles[i].use = use; - handles[i].dirp = dirp; - handles[i].fd = fd; - handles[i].name = xstrdup(name); - handles[i].bytes_read = handles[i].bytes_write = 0; - return i; - } - } - return -1; -} - -static int -handle_is_ok(int i, int type) -{ - return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) && - handles[i].use == type; -} - -static int -handle_to_string(int handle, char **stringp, int *hlenp) -{ - if (stringp == NULL || hlenp == NULL) - return -1; - *stringp = xmalloc(sizeof(int32_t)); - put_u32(*stringp, handle); - *hlenp = sizeof(int32_t); - return 0; -} - -static int -handle_from_string(const char *handle, u_int hlen) -{ - int val; - - if (hlen != sizeof(int32_t)) - return -1; - val = get_u32(handle); - if (handle_is_ok(val, HANDLE_FILE) || - handle_is_ok(val, HANDLE_DIR)) - return val; - return -1; -} - -static char * -handle_to_name(int handle) -{ - if (handle_is_ok(handle, HANDLE_DIR)|| - handle_is_ok(handle, HANDLE_FILE)) - return handles[handle].name; - return NULL; -} - -static DIR * -handle_to_dir(int handle) -{ - if (handle_is_ok(handle, HANDLE_DIR)) - return handles[handle].dirp; - return NULL; -} - -static int -handle_to_fd(int handle) -{ - if (handle_is_ok(handle, HANDLE_FILE)) - return handles[handle].fd; - return -1; -} - -static void -handle_update_read(int handle, ssize_t bytes) -{ - if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0) - handles[handle].bytes_read += bytes; -} - -static void -handle_update_write(int handle, ssize_t bytes) -{ - if (handle_is_ok(handle, HANDLE_FILE) && bytes > 0) - handles[handle].bytes_write += bytes; -} - -static u_int64_t -handle_bytes_read(int handle) -{ - if (handle_is_ok(handle, HANDLE_FILE)) - return (handles[handle].bytes_read); - return 0; -} - -static u_int64_t -handle_bytes_write(int handle) -{ - if (handle_is_ok(handle, HANDLE_FILE)) - return (handles[handle].bytes_write); - return 0; -} - -static int -handle_close(int handle) -{ - int ret = -1; - - if (handle_is_ok(handle, HANDLE_FILE)) { - ret = close(handles[handle].fd); - handles[handle].use = HANDLE_UNUSED; - xfree(handles[handle].name); - } else if (handle_is_ok(handle, HANDLE_DIR)) { - ret = closedir(handles[handle].dirp); - handles[handle].use = HANDLE_UNUSED; - xfree(handles[handle].name); - } else { - errno = ENOENT; - } - return ret; -} - -static void -handle_log_close(int handle, char *emsg) -{ - if (handle_is_ok(handle, HANDLE_FILE)) { - logit("%s%sclose \"%s\" bytes read %llu written %llu", - emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", - handle_to_name(handle), - (unsigned long long)handle_bytes_read(handle), - (unsigned long long)handle_bytes_write(handle)); - } else { - logit("%s%sclosedir \"%s\"", - emsg == NULL ? "" : emsg, emsg == NULL ? "" : " ", - handle_to_name(handle)); - } -} - -static void -handle_log_exit(void) -{ - u_int i; - - for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) - if (handles[i].use != HANDLE_UNUSED) - handle_log_close(i, "forced"); -} - -static int -get_handle(void) -{ - char *handle; - int val = -1; - u_int hlen; - - handle = get_string(&hlen); - if (hlen < 256) - val = handle_from_string(handle, hlen); - xfree(handle); - return val; -} - -/* send replies */ - -static void -send_msg(Buffer *m) -{ - int mlen = buffer_len(m); - - buffer_put_int(&oqueue, mlen); - buffer_append(&oqueue, buffer_ptr(m), mlen); - buffer_consume(m, mlen); -} - -static const char * -status_to_message(u_int32_t status) -{ - const char *status_messages[] = { - "Success", /* SSH_FX_OK */ - "End of file", /* SSH_FX_EOF */ - "No such file", /* SSH_FX_NO_SUCH_FILE */ - "Permission denied", /* SSH_FX_PERMISSION_DENIED */ - "Failure", /* SSH_FX_FAILURE */ - "Bad message", /* SSH_FX_BAD_MESSAGE */ - "No connection", /* SSH_FX_NO_CONNECTION */ - "Connection lost", /* SSH_FX_CONNECTION_LOST */ - "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */ - "Unknown error" /* Others */ - }; - return (status_messages[MIN(status,SSH2_FX_MAX)]); -} - -static void -send_status(u_int32_t id, u_int32_t status) -{ - Buffer msg; - - debug3("request %u: sent status %u", id, status); - if (log_level > SYSLOG_LEVEL_VERBOSE || - (status != SSH2_FX_OK && status != SSH2_FX_EOF)) - logit("sent status %s", status_to_message(status)); - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_STATUS); - buffer_put_int(&msg, id); - buffer_put_int(&msg, status); - if (version >= 3) { - buffer_put_cstring(&msg, status_to_message(status)); - buffer_put_cstring(&msg, ""); - } - send_msg(&msg); - buffer_free(&msg); -} -static void -send_data_or_handle(char type, u_int32_t id, const char *data, int dlen) -{ - Buffer msg; - - buffer_init(&msg); - buffer_put_char(&msg, type); - buffer_put_int(&msg, id); - buffer_put_string(&msg, data, dlen); - send_msg(&msg); - buffer_free(&msg); -} - -static void -send_data(u_int32_t id, const char *data, int dlen) -{ - debug("request %u: sent data len %d", id, dlen); - send_data_or_handle(SSH2_FXP_DATA, id, data, dlen); -} - -static void -send_handle(u_int32_t id, int handle) -{ - char *string; - int hlen; - - handle_to_string(handle, &string, &hlen); - debug("request %u: sent handle handle %d", id, handle); - send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); - xfree(string); -} - -static void -send_names(u_int32_t id, int count, const Stat *stats) -{ - Buffer msg; - int i; - - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_NAME); - buffer_put_int(&msg, id); - buffer_put_int(&msg, count); - debug("request %u: sent names count %d", id, count); - for (i = 0; i < count; i++) { - buffer_put_cstring(&msg, stats[i].name); - buffer_put_cstring(&msg, stats[i].long_name); - encode_attrib(&msg, &stats[i].attrib); - } - send_msg(&msg); - buffer_free(&msg); -} - -static void -send_attrib(u_int32_t id, const Attrib *a) -{ - Buffer msg; - - debug("request %u: sent attrib have 0x%x", id, a->flags); - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_ATTRS); - buffer_put_int(&msg, id); - encode_attrib(&msg, a); - send_msg(&msg); - buffer_free(&msg); -} - -/* parse incoming */ - -static void -process_init(void) -{ - Buffer msg; - - version = get_int(); - verbose("received client version %d", version); - buffer_init(&msg); - buffer_put_char(&msg, SSH2_FXP_VERSION); - buffer_put_int(&msg, SSH2_FILEXFER_VERSION); - send_msg(&msg); - buffer_free(&msg); -} - -static void -process_open(void) -{ - u_int32_t id, pflags; - Attrib *a; - char *name; - int handle, fd, flags, mode, status = SSH2_FX_FAILURE; - - id = get_int(); - name = get_string(NULL); - pflags = get_int(); /* portable flags */ - debug3("request %u: open flags %d", id, pflags); - a = get_attrib(); - flags = flags_from_portable(pflags); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; - logit("open \"%s\" flags %s mode 0%o", - name, string_from_portable(pflags), mode); - fd = open(name, flags, mode); - if (fd < 0) { - status = errno_to_portable(errno); - } else { - handle = handle_new(HANDLE_FILE, name, fd, NULL); - if (handle < 0) { - close(fd); - } else { - send_handle(id, handle); - status = SSH2_FX_OK; - } - } - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(name); -} - -static void -process_close(void) -{ - u_int32_t id; - int handle, ret, status = SSH2_FX_FAILURE; - - id = get_int(); - handle = get_handle(); - debug3("request %u: close handle %u", id, handle); - handle_log_close(handle, NULL); - ret = handle_close(handle); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); -} - -static void -process_read(void) -{ - char buf[64*1024]; - u_int32_t id, len; - int handle, fd, ret, status = SSH2_FX_FAILURE; - u_int64_t off; - - id = get_int(); - handle = get_handle(); - off = get_int64(); - len = get_int(); - - debug("request %u: read \"%s\" (handle %d) off %llu len %d", - id, handle_to_name(handle), handle, (unsigned long long)off, len); - if (len > sizeof buf) { - len = sizeof buf; - debug2("read change len %d", len); - } - fd = handle_to_fd(handle); - if (fd >= 0) { - if (lseek(fd, off, SEEK_SET) < 0) { - error("process_read: seek failed"); - status = errno_to_portable(errno); - } else { - ret = read(fd, buf, len); - if (ret < 0) { - status = errno_to_portable(errno); - } else if (ret == 0) { - status = SSH2_FX_EOF; - } else { - send_data(id, buf, ret); - status = SSH2_FX_OK; - handle_update_read(handle, ret); - } - } - } - if (status != SSH2_FX_OK) - send_status(id, status); -} - -static void -process_write(void) -{ - u_int32_t id; - u_int64_t off; - u_int len; - int handle, fd, ret, status = SSH2_FX_FAILURE; - char *data; - - id = get_int(); - handle = get_handle(); - off = get_int64(); - data = get_string(&len); - - debug("request %u: write \"%s\" (handle %d) off %llu len %d", - id, handle_to_name(handle), handle, (unsigned long long)off, len); - fd = handle_to_fd(handle); - if (fd >= 0) { - if (lseek(fd, off, SEEK_SET) < 0) { - status = errno_to_portable(errno); - error("process_write: seek failed"); - } else { -/* XXX ATOMICIO ? */ - ret = write(fd, data, len); - if (ret < 0) { - error("process_write: write failed"); - status = errno_to_portable(errno); - } else if ((size_t)ret == len) { - status = SSH2_FX_OK; - handle_update_write(handle, ret); - } else { - debug2("nothing at all written"); - } - } - } - send_status(id, status); - xfree(data); -} - -static void -process_do_stat(int do_lstat) -{ - Attrib a; - struct stat st; - u_int32_t id; - char *name; - int ret, status = SSH2_FX_FAILURE; - - id = get_int(); - name = get_string(NULL); - debug3("request %u: %sstat", id, do_lstat ? "l" : ""); - verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name); - ret = do_lstat ? lstat(name, &st) : stat(name, &st); - if (ret < 0) { - status = errno_to_portable(errno); - } else { - stat_to_attrib(&st, &a); - send_attrib(id, &a); - status = SSH2_FX_OK; - } - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(name); -} - -static void -process_stat(void) -{ - process_do_stat(0); -} - -static void -process_lstat(void) -{ - process_do_stat(1); -} - -static void -process_fstat(void) -{ - Attrib a; - struct stat st; - u_int32_t id; - int fd, ret, handle, status = SSH2_FX_FAILURE; - - id = get_int(); - handle = get_handle(); - debug("request %u: fstat \"%s\" (handle %u)", - id, handle_to_name(handle), handle); - fd = handle_to_fd(handle); - if (fd >= 0) { - ret = fstat(fd, &st); - if (ret < 0) { - status = errno_to_portable(errno); - } else { - stat_to_attrib(&st, &a); - send_attrib(id, &a); - status = SSH2_FX_OK; - } - } - if (status != SSH2_FX_OK) - send_status(id, status); -} - -static struct timeval * -attrib_to_tv(const Attrib *a) -{ - static struct timeval tv[2]; - - tv[0].tv_sec = a->atime; - tv[0].tv_usec = 0; - tv[1].tv_sec = a->mtime; - tv[1].tv_usec = 0; - return tv; -} - -static void -process_setstat(void) -{ - Attrib *a; - u_int32_t id; - char *name; - int status = SSH2_FX_OK, ret; - - id = get_int(); - name = get_string(NULL); - a = get_attrib(); - debug("request %u: setstat name \"%s\"", id, name); - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { - logit("set \"%s\" size %llu", - name, (unsigned long long)a->size); - ret = truncate(name, a->size); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { - logit("set \"%s\" mode %04o", name, a->perm); - ret = chmod(name, a->perm & 0777); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { - char buf[64]; - time_t t = a->mtime; - - strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", - localtime(&t)); - logit("set \"%s\" modtime %s", name, buf); - ret = utimes(name, attrib_to_tv(a)); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { - logit("set \"%s\" owner %lu group %lu", name, - (u_long)a->uid, (u_long)a->gid); - ret = chown(name, a->uid, a->gid); - if (ret == -1) - status = errno_to_portable(errno); - } - send_status(id, status); - xfree(name); -} - -static void -process_fsetstat(void) -{ - Attrib *a; - u_int32_t id; - int handle, fd, ret; - int status = SSH2_FX_OK; - - id = get_int(); - handle = get_handle(); - a = get_attrib(); - debug("request %u: fsetstat handle %d", id, handle); - fd = handle_to_fd(handle); - if (fd < 0) { - status = SSH2_FX_FAILURE; - } else { - char *name = handle_to_name(handle); - - if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { - logit("set \"%s\" size %llu", - name, (unsigned long long)a->size); - ret = ftruncate(fd, a->size); - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { - logit("set \"%s\" mode %04o", name, a->perm); -#ifdef HAVE_FCHMOD - ret = fchmod(fd, a->perm & 0777); -#else - ret = chmod(name, a->perm & 0777); -#endif - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { - char buf[64]; - time_t t = a->mtime; - - strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S", - localtime(&t)); - logit("set \"%s\" modtime %s", name, buf); -#ifdef HAVE_FUTIMES - ret = futimes(fd, attrib_to_tv(a)); -#else - ret = utimes(name, attrib_to_tv(a)); -#endif - if (ret == -1) - status = errno_to_portable(errno); - } - if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { - logit("set \"%s\" owner %lu group %lu", name, - (u_long)a->uid, (u_long)a->gid); -#ifdef HAVE_FCHOWN - ret = fchown(fd, a->uid, a->gid); -#else - ret = chown(name, a->uid, a->gid); -#endif - if (ret == -1) - status = errno_to_portable(errno); - } - } - send_status(id, status); -} - -static void -process_opendir(void) -{ - DIR *dirp = NULL; - char *path; - int handle, status = SSH2_FX_FAILURE; - u_int32_t id; - - id = get_int(); - path = get_string(NULL); - debug3("request %u: opendir", id); - logit("opendir \"%s\"", path); - dirp = opendir(path); - if (dirp == NULL) { - status = errno_to_portable(errno); - } else { - handle = handle_new(HANDLE_DIR, path, 0, dirp); - if (handle < 0) { - closedir(dirp); - } else { - send_handle(id, handle); - status = SSH2_FX_OK; - } - - } - if (status != SSH2_FX_OK) - send_status(id, status); - xfree(path); -} - -static void -process_readdir(void) -{ - DIR *dirp; - struct dirent *dp; - char *path; - int handle; - u_int32_t id; - - id = get_int(); - handle = get_handle(); - debug("request %u: readdir \"%s\" (handle %d)", id, - handle_to_name(handle), handle); - dirp = handle_to_dir(handle); - path = handle_to_name(handle); - if (dirp == NULL || path == NULL) { - send_status(id, SSH2_FX_FAILURE); - } else { - struct stat st; - char pathname[MAXPATHLEN]; - Stat *stats; - int nstats = 10, count = 0, i; - - stats = xcalloc(nstats, sizeof(Stat)); - while ((dp = readdir(dirp)) != NULL) { - if (count >= nstats) { - nstats *= 2; - stats = xrealloc(stats, nstats, sizeof(Stat)); - } -/* XXX OVERFLOW ? */ - snprintf(pathname, sizeof pathname, "%s%s%s", path, - strcmp(path, "/") ? "/" : "", dp->d_name); - if (lstat(pathname, &st) < 0) - continue; - stat_to_attrib(&st, &(stats[count].attrib)); - stats[count].name = xstrdup(dp->d_name); - stats[count].long_name = ls_file(dp->d_name, &st, 0); - count++; - /* send up to 100 entries in one message */ - /* XXX check packet size instead */ - if (count == 100) - break; - } - if (count > 0) { - send_names(id, count, stats); - for (i = 0; i < count; i++) { - xfree(stats[i].name); - xfree(stats[i].long_name); - } - } else { - send_status(id, SSH2_FX_EOF); - } - xfree(stats); - } -} - -static void -process_remove(void) -{ - char *name; - u_int32_t id; - int status = SSH2_FX_FAILURE; - int ret; - - id = get_int(); - name = get_string(NULL); - debug3("request %u: remove", id); - logit("remove name \"%s\"", name); - ret = unlink(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); - xfree(name); -} - -static void -process_mkdir(void) -{ - Attrib *a; - u_int32_t id; - char *name; - int ret, mode, status = SSH2_FX_FAILURE; - - id = get_int(); - name = get_string(NULL); - a = get_attrib(); - mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? - a->perm & 0777 : 0777; - debug3("request %u: mkdir", id); - logit("mkdir name \"%s\" mode 0%o", name, mode); - ret = mkdir(name, mode); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); - xfree(name); -} - -static void -process_rmdir(void) -{ - u_int32_t id; - char *name; - int ret, status; - - id = get_int(); - name = get_string(NULL); - debug3("request %u: rmdir", id); - logit("rmdir name \"%s\"", name); - ret = rmdir(name); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); - xfree(name); -} - -static void -process_realpath(void) -{ - char resolvedname[MAXPATHLEN]; - u_int32_t id; - char *path; - - id = get_int(); - path = get_string(NULL); - if (path[0] == '\0') { - xfree(path); - path = xstrdup("."); - } - debug3("request %u: realpath", id); - verbose("realpath \"%s\"", path); - if (realpath(path, resolvedname) == NULL) { - send_status(id, errno_to_portable(errno)); - } else { - Stat s; - attrib_clear(&s.attrib); - s.name = s.long_name = resolvedname; - send_names(id, 1, &s); - } - xfree(path); -} - -static void -process_rename(void) -{ - u_int32_t id; - char *oldpath, *newpath; - int status; - struct stat sb; - - id = get_int(); - oldpath = get_string(NULL); - newpath = get_string(NULL); - debug3("request %u: rename", id); - logit("rename old \"%s\" new \"%s\"", oldpath, newpath); - status = SSH2_FX_FAILURE; - if (lstat(oldpath, &sb) == -1) - status = errno_to_portable(errno); - else if (S_ISREG(sb.st_mode)) { - /* Race-free rename of regular files */ - if (link(oldpath, newpath) == -1) { - if (errno == EOPNOTSUPP -#ifdef LINK_OPNOTSUPP_ERRNO - || errno == LINK_OPNOTSUPP_ERRNO -#endif - ) { - struct stat st; - - /* - * fs doesn't support links, so fall back to - * stat+rename. This is racy. - */ - if (stat(newpath, &st) == -1) { - if (rename(oldpath, newpath) == -1) - status = - errno_to_portable(errno); - else - status = SSH2_FX_OK; - } - } else { - status = errno_to_portable(errno); - } - } else if (unlink(oldpath) == -1) { - status = errno_to_portable(errno); - /* clean spare link */ - unlink(newpath); - } else - status = SSH2_FX_OK; - } else if (stat(newpath, &sb) == -1) { - if (rename(oldpath, newpath) == -1) - status = errno_to_portable(errno); - else - status = SSH2_FX_OK; - } - send_status(id, status); - xfree(oldpath); - xfree(newpath); -} - -static void -process_readlink(void) -{ - u_int32_t id; - int len; - char buf[MAXPATHLEN]; - char *path; - - id = get_int(); - path = get_string(NULL); - debug3("request %u: readlink", id); - verbose("readlink \"%s\"", path); - if ((len = readlink(path, buf, sizeof(buf) - 1)) == -1) - send_status(id, errno_to_portable(errno)); - else { - Stat s; - - buf[len] = '\0'; - attrib_clear(&s.attrib); - s.name = s.long_name = buf; - send_names(id, 1, &s); - } - xfree(path); -} - -static void -process_symlink(void) -{ - u_int32_t id; - char *oldpath, *newpath; - int ret, status; - - id = get_int(); - oldpath = get_string(NULL); - newpath = get_string(NULL); - debug3("request %u: symlink", id); - logit("symlink old \"%s\" new \"%s\"", oldpath, newpath); - /* this will fail if 'newpath' exists */ - ret = symlink(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; - send_status(id, status); - xfree(oldpath); - xfree(newpath); -} - -static void -process_extended(void) -{ - u_int32_t id; - char *request; - - id = get_int(); - request = get_string(NULL); - send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ - xfree(request); -} - -/* stolen from ssh-agent */ - -static void -process(void) -{ - u_int msg_len; - u_int buf_len; - u_int consumed; - u_int type; - u_char *cp; - - buf_len = buffer_len(&iqueue); - if (buf_len < 5) - return; /* Incomplete message. */ - cp = buffer_ptr(&iqueue); - msg_len = get_u32(cp); - if (msg_len > SFTP_MAX_MSG_LENGTH) { - error("bad message from %s local user %s", - client_addr, pw->pw_name); - cleanup_exit(11); - } - if (buf_len < msg_len + 4) - return; - buffer_consume(&iqueue, 4); - buf_len -= 4; - type = buffer_get_char(&iqueue); - switch (type) { - case SSH2_FXP_INIT: - process_init(); - break; - case SSH2_FXP_OPEN: - process_open(); - break; - case SSH2_FXP_CLOSE: - process_close(); - break; - case SSH2_FXP_READ: - process_read(); - break; - case SSH2_FXP_WRITE: - process_write(); - break; - case SSH2_FXP_LSTAT: - process_lstat(); - break; - case SSH2_FXP_FSTAT: - process_fstat(); - break; - case SSH2_FXP_SETSTAT: - process_setstat(); - break; - case SSH2_FXP_FSETSTAT: - process_fsetstat(); - break; - case SSH2_FXP_OPENDIR: - process_opendir(); - break; - case SSH2_FXP_READDIR: - process_readdir(); - break; - case SSH2_FXP_REMOVE: - process_remove(); - break; - case SSH2_FXP_MKDIR: - process_mkdir(); - break; - case SSH2_FXP_RMDIR: - process_rmdir(); - break; - case SSH2_FXP_REALPATH: - process_realpath(); - break; - case SSH2_FXP_STAT: - process_stat(); - break; - case SSH2_FXP_RENAME: - process_rename(); - break; - case SSH2_FXP_READLINK: - process_readlink(); - break; - case SSH2_FXP_SYMLINK: - process_symlink(); - break; - case SSH2_FXP_EXTENDED: - process_extended(); - break; - default: - error("Unknown message %d", type); - break; - } - /* discard the remaining bytes from the current packet */ - if (buf_len < buffer_len(&iqueue)) - fatal("iqueue grew unexpectedly"); - consumed = buf_len - buffer_len(&iqueue); - if (msg_len < consumed) - fatal("msg_len %d < consumed %d", msg_len, consumed); - if (msg_len > consumed) - buffer_consume(&iqueue, msg_len - consumed); -} - -/* Cleanup handler that logs active handles upon normal exit */ -void -cleanup_exit(int i) -{ - if (pw != NULL && client_addr != NULL) { - handle_log_exit(); - logit("session closed for local user %s from [%s]", - pw->pw_name, client_addr); - } - _exit(i); -} - -static void -usage(void) -{ - extern char *__progname; - - fprintf(stderr, - "usage: %s [-he] [-l log_level] [-f log_facility]\n", __progname); - exit(1); -} - -int -main(int argc, char **argv) -{ - fd_set *rset, *wset; - int in, out, max, ch, skipargs = 0, log_stderr = 0; - ssize_t len, olen, set_size; - SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; - char *cp, buf[4*4096]; - - extern char *optarg; - extern char *__progname; - - /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ - sanitise_stdfd(); - - __progname = ssh_get_progname(argv[0]); - log_init(__progname, log_level, log_facility, log_stderr); - - while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) { - switch (ch) { - case 'c': - /* - * Ignore all arguments if we are invoked as a - * shell using "sftp-server -c command" - */ - skipargs = 1; - break; - case 'e': - log_stderr = 1; - break; - case 'l': - log_level = log_level_number(optarg); - if (log_level == SYSLOG_LEVEL_NOT_SET) - error("Invalid log level \"%s\"", optarg); - break; - case 'f': - log_facility = log_facility_number(optarg); - if (log_level == SYSLOG_FACILITY_NOT_SET) - error("Invalid log facility \"%s\"", optarg); - break; - case 'h': - default: - usage(); - } - } - - log_init(__progname, log_level, log_facility, log_stderr); - - if ((cp = getenv("SSH_CONNECTION")) != NULL) { - client_addr = xstrdup(cp); - if ((cp = strchr(client_addr, ' ')) == NULL) - fatal("Malformed SSH_CONNECTION variable: \"%s\"", - getenv("SSH_CONNECTION")); - *cp = '\0'; - } else - client_addr = xstrdup("UNKNOWN"); - - if ((pw = getpwuid(getuid())) == NULL) - fatal("No user found for uid %lu", (u_long)getuid()); - pw = pwcopy(pw); - - logit("session opened for local user %s from [%s]", - pw->pw_name, client_addr); - - handle_init(); - - in = dup(STDIN_FILENO); - out = dup(STDOUT_FILENO); - -#ifdef HAVE_CYGWIN - setmode(in, O_BINARY); - setmode(out, O_BINARY); -#endif - - max = 0; - if (in > max) - max = in; - if (out > max) - max = out; - - buffer_init(&iqueue); - buffer_init(&oqueue); - - set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask); - rset = (fd_set *)xmalloc(set_size); - wset = (fd_set *)xmalloc(set_size); - - for (;;) { - memset(rset, 0, set_size); - memset(wset, 0, set_size); - - /* - * Ensure that we can read a full buffer and handle - * the worst-case length packet it can generate, - * otherwise apply backpressure by stopping reads. - */ - if (buffer_check_alloc(&iqueue, sizeof(buf)) && - buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH)) - FD_SET(in, rset); - - olen = buffer_len(&oqueue); - if (olen > 0) - FD_SET(out, wset); - - if (select(max+1, rset, wset, NULL, NULL) < 0) { - if (errno == EINTR) - continue; - error("select: %s", strerror(errno)); - cleanup_exit(2); - } - - /* copy stdin to iqueue */ - if (FD_ISSET(in, rset)) { - len = read(in, buf, sizeof buf); - if (len == 0) { - debug("read eof"); - cleanup_exit(0); - } else if (len < 0) { - error("read: %s", strerror(errno)); - cleanup_exit(1); - } else { - buffer_append(&iqueue, buf, len); - } - } - /* send oqueue to stdout */ - if (FD_ISSET(out, wset)) { - len = write(out, buffer_ptr(&oqueue), olen); - if (len < 0) { - error("write: %s", strerror(errno)); - cleanup_exit(1); - } else { - buffer_consume(&oqueue, len); - } - } - - /* - * Process requests from client if we can fit the results - * into the output buffer, otherwise stop processing input - * and let the output queue drain. - */ - if (buffer_check_alloc(&oqueue, SFTP_MAX_MSG_LENGTH)) - process(); - } -} diff --git a/sftp.0 b/sftp.0 deleted file mode 100644 index 550f276..0000000 --- a/sftp.0 +++ /dev/null @@ -1,383 +0,0 @@ -SFTP(1) General Commands Manual SFTP(1) - -NAME - sftp M-bM-^@M-^S secure file transfer program - -SYNOPSIS - sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher] - [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] - [-o ssh_option] [-P port] [-R num_requests] [-S program] - [-s subsystem | sftp_server] host - sftp [user@]host[:file ...] - sftp [user@]host[:dir[/]] - sftp -b batchfile [user@]host - -DESCRIPTION - sftp is an interactive file transfer program, similar to ftp(1), which - performs all operations over an encrypted ssh(1) transport. It may also - use many features of ssh, such as public key authentication and - compression. sftp connects and logs into the specified host, then enters - an interactive command mode. - - The second usage format will retrieve files automatically if a non- - interactive authentication method is used; otherwise it will do so after - successful interactive authentication. - - The third usage format allows sftp to start in a remote directory. - - The final usage format allows for automated sessions using the -b option. - In such cases, it is necessary to configure non-interactive - authentication to obviate the need to enter a password at connection time - (see sshd(8) and ssh-keygen(1) for details). - - Since some usage formats use colon characters to delimit host names from - path names, IPv6 addresses must be enclosed in square brackets to avoid - ambiguity. - - The options are as follows: - - -1 Specify the use of protocol version 1. - - -2 Specify the use of protocol version 2. - - -4 Forces sftp to use IPv4 addresses only. - - -6 Forces sftp to use IPv6 addresses only. - - -a Attempt to continue interrupted transfers rather than overwriting - existing partial or complete copies of files. If the partial - contents differ from those being transferred, then the resultant - file is likely to be corrupt. - - -B buffer_size - Specify the size of the buffer that sftp uses when transferring - files. Larger buffers require fewer round trips at the cost of - higher memory consumption. The default is 32768 bytes. - - -b batchfile - Batch mode reads a series of commands from an input batchfile - instead of stdin. Since it lacks user interaction it should be - used in conjunction with non-interactive authentication. A - batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input. sftp - will abort if any of the following commands fail: get, put, - reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, - chown, chgrp, lpwd, df, symlink, and lmkdir. Termination on - error can be suppressed on a command by command basis by - prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example, -rm - /tmp/blah*). - - -C Enables compression (via ssh's -C flag). - - -c cipher - Selects the cipher to use for encrypting the data transfers. - This option is directly passed to ssh(1). - - -D sftp_server_path - Connect directly to a local sftp server (rather than via ssh(1)). - This option may be useful in debugging the client and server. - - -F ssh_config - Specifies an alternative per-user configuration file for ssh(1). - This option is directly passed to ssh(1). - - -f Requests that files be flushed to disk immediately after - transfer. When uploading files, this feature is only enabled if - the server implements the "fsync@openssh.com" extension. - - -i identity_file - Selects the file from which the identity (private key) for public - key authentication is read. This option is directly passed to - ssh(1). - - -l limit - Limits the used bandwidth, specified in Kbit/s. - - -o ssh_option - Can be used to pass options to ssh in the format used in - ssh_config(5). This is useful for specifying options for which - there is no separate sftp command-line flag. For example, to - specify an alternate port use: sftp -oPort=24. For full details - of the options listed below, and their possible values, see - ssh_config(5). - - AddressFamily - BatchMode - BindAddress - CanonicalDomains - CanonicalizeFallbackLocal - CanonicalizeHostname - CanonicalizeMaxDots - CanonicalizePermittedCNAMEs - ChallengeResponseAuthentication - CheckHostIP - Cipher - Ciphers - Compression - CompressionLevel - ConnectionAttempts - ConnectTimeout - ControlMaster - ControlPath - ControlPersist - GlobalKnownHostsFile - GSSAPIAuthentication - GSSAPIDelegateCredentials - HashKnownHosts - Host - HostbasedAuthentication - HostbasedKeyTypes - HostKeyAlgorithms - HostKeyAlias - HostName - IdentityFile - IdentitiesOnly - IPQoS - KbdInteractiveAuthentication - KbdInteractiveDevices - KexAlgorithms - LogLevel - MACs - NoHostAuthenticationForLocalhost - NumberOfPasswordPrompts - PasswordAuthentication - PKCS11Provider - Port - PreferredAuthentications - Protocol - ProxyCommand - PubkeyAuthentication - RekeyLimit - RhostsRSAAuthentication - RSAAuthentication - SendEnv - ServerAliveInterval - ServerAliveCountMax - StrictHostKeyChecking - TCPKeepAlive - UpdateHostKeys - UsePrivilegedPort - User - UserKnownHostsFile - VerifyHostKeyDNS - - -P port - Specifies the port to connect to on the remote host. - - -p Preserves modification times, access times, and modes from the - original files transferred. - - -q Quiet mode: disables the progress meter as well as warning and - diagnostic messages from ssh(1). - - -R num_requests - Specify how many requests may be outstanding at any one time. - Increasing this may slightly improve file transfer speed but will - increase memory usage. The default is 64 outstanding requests. - - -r Recursively copy entire directories when uploading and - downloading. Note that sftp does not follow symbolic links - encountered in the tree traversal. - - -S program - Name of the program to use for the encrypted connection. The - program must understand ssh(1) options. - - -s subsystem | sftp_server - Specifies the SSH2 subsystem or the path for an sftp server on - the remote host. A path is useful for using sftp over protocol - version 1, or when the remote sshd(8) does not have an sftp - subsystem configured. - - -v Raise logging level. This option is also passed to ssh. - -INTERACTIVE COMMANDS - Once in interactive mode, sftp understands a set of commands similar to - those of ftp(1). Commands are case insensitive. Pathnames that contain - spaces must be enclosed in quotes. Any special characters contained - within pathnames that are recognized by glob(3) must be escaped with - backslashes (M-bM-^@M-^X\M-bM-^@M-^Y). - - bye Quit sftp. - - cd path - Change remote directory to path. - - chgrp grp path - Change group of file path to grp. path may contain glob(3) - characters and may match multiple files. grp must be a numeric - GID. - - chmod mode path - Change permissions of file path to mode. path may contain - glob(3) characters and may match multiple files. - - chown own path - Change owner of file path to own. path may contain glob(3) - characters and may match multiple files. own must be a numeric - UID. - - df [-hi] [path] - Display usage information for the filesystem holding the current - directory (or path if specified). If the -h flag is specified, - the capacity information will be displayed using "human-readable" - suffixes. The -i flag requests display of inode information in - addition to capacity information. This command is only supported - on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension. - - exit Quit sftp. - - get [-afPpr] remote-path [local-path] - Retrieve the remote-path and store it on the local machine. If - the local path name is not specified, it is given the same name - it has on the remote machine. remote-path may contain glob(3) - characters and may match multiple files. If it does and - local-path is specified, then local-path must specify a - directory. - - If the -a flag is specified, then attempt to resume partial - transfers of existing files. Note that resumption assumes that - any partial copy of the local file matches the remote copy. If - the remote file contents differ from the partial local copy then - the resultant file is likely to be corrupt. - - If the -f flag is specified, then fsync(2) will be called after - the file transfer has completed to flush the file to disk. - - If either the -P or -p flag is specified, then full file - permissions and access times are copied too. - - If the -r flag is specified then directories will be copied - recursively. Note that sftp does not follow symbolic links when - performing recursive transfers. - - help Display help text. - - lcd path - Change local directory to path. - - lls [ls-options [path]] - Display local directory listing of either path or current - directory if path is not specified. ls-options may contain any - flags supported by the local system's ls(1) command. path may - contain glob(3) characters and may match multiple files. - - lmkdir path - Create local directory specified by path. - - ln [-s] oldpath newpath - Create a link from oldpath to newpath. If the -s flag is - specified the created link is a symbolic link, otherwise it is a - hard link. - - lpwd Print local working directory. - - ls [-1afhlnrSt] [path] - Display a remote directory listing of either path or the current - directory if path is not specified. path may contain glob(3) - characters and may match multiple files. - - The following flags are recognized and alter the behaviour of ls - accordingly: - - -1 Produce single columnar output. - - -a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y). - - -f Do not sort the listing. The default sort order is - lexicographical. - - -h When used with a long format option, use unit suffixes: - Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, - and Exabyte in order to reduce the number of digits to - four or fewer using powers of 2 for sizes (K=1024, - M=1048576, etc.). - - -l Display additional details including permissions and - ownership information. - - -n Produce a long listing with user and group information - presented numerically. - - -r Reverse the sort order of the listing. - - -S Sort the listing by file size. - - -t Sort the listing by last modification time. - - lumask umask - Set local umask to umask. - - mkdir path - Create remote directory specified by path. - - progress - Toggle display of progress meter. - - put [-afPpr] local-path [remote-path] - Upload local-path and store it on the remote machine. If the - remote path name is not specified, it is given the same name it - has on the local machine. local-path may contain glob(3) - characters and may match multiple files. If it does and - remote-path is specified, then remote-path must specify a - directory. - - If the -a flag is specified, then attempt to resume partial - transfers of existing files. Note that resumption assumes that - any partial copy of the remote file matches the local copy. If - the local file contents differ from the remote local copy then - the resultant file is likely to be corrupt. - - If the -f flag is specified, then a request will be sent to the - server to call fsync(2) after the file has been transferred. - Note that this is only supported by servers that implement the - "fsync@openssh.com" extension. - - If either the -P or -p flag is specified, then full file - permissions and access times are copied too. - - If the -r flag is specified then directories will be copied - recursively. Note that sftp does not follow symbolic links when - performing recursive transfers. - - pwd Display remote working directory. - - quit Quit sftp. - - reget [-Ppr] remote-path [local-path] - Resume download of remote-path. Equivalent to get with the -a - flag set. - - reput [-Ppr] [local-path] remote-path - Resume upload of [local-path]. Equivalent to put with the -a - flag set. - - rename oldpath newpath - Rename remote file from oldpath to newpath. - - rm path - Delete remote file specified by path. - - rmdir path - Remove remote directory specified by path. - - symlink oldpath newpath - Create a symbolic link from oldpath to newpath. - - version - Display the sftp protocol version. - - !command - Execute command in local shell. - - ! Escape to local shell. - - ? Synonym for help. - -SEE ALSO - ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), - ssh_config(5), sftp-server(8), sshd(8) - - T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- - filexfer-00.txt, January 2001, work in progress material. - -OpenBSD 5.8 January 30, 2015 OpenBSD 5.8 diff --git a/sftp.1 b/sftp.1 index 214f011..fbdd00a 100644 --- a/sftp.1 +++ b/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.101 2015/01/30 11:43:14 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.105 2016/07/16 06:57:55 jmc Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 30 2015 $ +.Dd $Mdocdate: July 16 2016 $ .Dt SFTP 1 .Os .Sh NAME @@ -198,6 +198,7 @@ For full details of the options listed below, and their possible values, see .It CanonicalizeHostname .It CanonicalizeMaxDots .It CanonicalizePermittedCNAMEs +.It CertificateFile .It ChallengeResponseAuthentication .It CheckHostIP .It Cipher @@ -219,8 +220,9 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlgorithms .It HostKeyAlias .It HostName -.It IdentityFile .It IdentitiesOnly +.It IdentityAgent +.It IdentityFile .It IPQoS .It KbdInteractiveAuthentication .It KbdInteractiveDevices @@ -235,6 +237,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It Protocol .It ProxyCommand +.It ProxyJump .It PubkeyAuthentication .It RekeyLimit .It RhostsRSAAuthentication diff --git a/sftp.c b/sftp.c index 2cd76f0..4fe0927 100644 --- a/sftp.c +++ b/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: sftp.c,v 1.175 2016/07/22 03:47:36 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -49,6 +49,7 @@ typedef void EditLine; #endif #include <limits.h> #include <signal.h> +#include <stdarg.h> #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -63,6 +64,7 @@ typedef void EditLine; #include "log.h" #include "pathnames.h" #include "misc.h" +#include "utf8.h" #include "sftp.h" #include "ssherr.h" @@ -74,10 +76,6 @@ typedef void EditLine; #define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */ #define MAX_COMMAND_LINE 2048 -#ifdef WIN32_VS -#include "win32_dirent.h" -#endif - /* File to read commands from */ FILE* infile; @@ -347,7 +345,7 @@ local_do_ls(const char *args) /* Strip one path (usually the pwd) from the start of another */ static char * -path_strip(char *path, char *strip) +path_strip(const char *path, const char *strip) { size_t len; @@ -365,7 +363,7 @@ path_strip(char *path, char *strip) } static char * -make_absolute(char *p, char *pwd) +make_absolute(char *p, const char *pwd) { char *abs_str; @@ -563,7 +561,7 @@ parse_no_flags(const char *cmd, char **argv, int argc) } static int -is_dir(char *path) +is_dir(const char *path) { struct stat sb; @@ -575,7 +573,7 @@ is_dir(char *path) } static int -remote_is_dir(struct sftp_conn *conn, char *path) +remote_is_dir(struct sftp_conn *conn, const char *path) { Attrib *a; @@ -589,7 +587,7 @@ remote_is_dir(struct sftp_conn *conn, char *path) /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */ static int -pathname_is_dir(char *pathname) +pathname_is_dir(const char *pathname) { size_t l = strlen(pathname); @@ -597,8 +595,8 @@ pathname_is_dir(char *pathname) } static int -process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, - int pflag, int rflag, int resume, int fflag) +process_get(struct sftp_conn *conn, const char *src, const char *dst, + const char *pwd, int pflag, int rflag, int resume, int fflag) { char *abs_src = NULL; char *abs_dst = NULL; @@ -709,8 +707,8 @@ out: } static int -process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, - int pflag, int rflag, int resume, int fflag) +process_put(struct sftp_conn *conn, const char *src, const char *dst, + const char *pwd, int pflag, int rflag, int resume, int fflag) { char *tmp_dst = NULL; char *abs_dst = NULL; @@ -773,7 +771,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, } free(tmp); - resume |= global_aflag; + resume |= global_aflag; if (!quiet && resume) #ifdef WINDOWS { @@ -847,7 +845,8 @@ sdirent_comp(const void *aa, const void *bb) /* sftp ls.1 replacement for directories */ static int -do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) +do_ls_dir(struct sftp_conn *conn, const char *path, + const char *strip_path, int lflag) { int n; u_int c = 1, colspace = 0, columns = 1; @@ -871,12 +870,9 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) tmp = path_strip(path, strip_path); m += strlen(tmp); free(tmp); -#ifdef WINDOWS - width = ConScreenSizeX(); -#else + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) width = ws.ws_col; -#endif columns = width / (m + 2); columns = MAX(columns, 1); colspace = width / columns; @@ -932,10 +928,10 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) } else { #ifdef WINDOWS - wchar_t* wtmp = utf8_to_utf16(fname); - // TODO: Deal with the sizing wprintf_s(L"%-*s", colspace, wtmp); - WriteConsoleW(GetStdHandle(STD_OUTPUT_HANDLE), wtmp, wcslen(wtmp), 0, 0); - WriteConsoleW(GetStdHandle(STD_OUTPUT_HANDLE), L" ", 1, 0, 0); + wchar_t buf[1024]; + wchar_t* wtmp = utf8_to_utf16(fname); + swprintf(buf, 1024, L"%-*s", colspace, wtmp); + WriteConsoleW(GetStdHandle(STD_OUTPUT_HANDLE), buf, wcslen(buf), 0, 0); free(wtmp); #else printf("%-*s", colspace, fname); @@ -959,8 +955,8 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) /* sftp ls.1 replacement which handles path globs */ static int -do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, - int lflag) +do_globbed_ls(struct sftp_conn *conn, const char *path, + const char *strip_path, int lflag) { char *fname, *lname; glob_t g; @@ -998,12 +994,8 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, return err; } -#ifdef WINDOWS - width = ConScreenSizeX(); -#else if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) width = ws.ws_col; -#endif if (!(lflag & LS_SHORT_VIEW)) { /* Count entries for sort and find longest filename */ @@ -1063,7 +1055,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, } static int -do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) +do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) { struct sftp_statvfs st; char s_used[FMT_SCALED_STRSIZE]; @@ -1319,7 +1311,7 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, static int parse_args(const char **cpp, int *ignore_errors, int *aflag, - int *fflag, int *hflag, int *iflag, int *lflag, int *pflag, + int *fflag, int *hflag, int *iflag, int *lflag, int *pflag, int *rflag, int *sflag, unsigned long *n_arg, char **path1, char **path2) { @@ -1511,7 +1503,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, int err_abort) { char *path1, *path2, *tmp; - int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, + int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0, iflag = 0; int lflag = 0, pflag = 0, rflag = 0, sflag = 0; int cmdnum, i; @@ -1522,7 +1514,6 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, glob_t g; path1 = path2 = NULL; - cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag, &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, &path1, &path2); if (ignore_errors != 0) @@ -1853,7 +1844,7 @@ complete_display(char **list, u_int len) for (y = 0; list[y]; y++) { llen = strlen(list[y]); tmp = llen > len ? list[y] + len : ""; - printf("%-*s", colspace, tmp); + mprintf("%-*s", colspace, tmp); if (m >= columns) { printf("\n"); m = 1; @@ -2316,7 +2307,7 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) } #endif if (!interactive) { /* Echo command */ - printf("sftp> %s", cmd); + mprintf("sftp> %s", cmd); if (strlen(cmd) > 0 && cmd[strlen(cmd) - 1] != '\n') printf("\n"); @@ -2414,7 +2405,7 @@ connect_to_server(char *path, char **args, int *in, int *out) * Assign sockets to StartupInfo. */ - si.cb = sizeof(STARTUPINFO); + si.cb = sizeof(STARTUPINFOW); si.hStdInput = sfd_to_handle(c_in); si.hStdOutput = sfd_to_handle(c_out); si.hStdError = GetStdHandle(STD_ERROR_HANDLE); @@ -2425,7 +2416,6 @@ connect_to_server(char *path, char **args, int *in, int *out) /* * Create child ssh process with given stdout/stdin. */ - debug("Executing ssh client: \"%.500s\"...\n", fullCmd); if (CreateProcessW(NULL, utf8_to_utf16(fullCmd), NULL, NULL, TRUE, @@ -2514,16 +2504,10 @@ main(int argc, char **argv) long long limit_kbps = 0; #ifdef WINDOWS - /* - * Initialize I/O wrappers. - */ - - w32posix_initialize(); + /*TODO - is this really needed ???*/ setvbuf(stdout, NULL, _IONBF, 0); - - ConInit(STD_OUTPUT_HANDLE, TRUE); - #endif + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); setlocale(LC_CTYPE, ""); diff --git a/ssh-add.0 b/ssh-add.0 deleted file mode 100644 index 29db710..0000000 --- a/ssh-add.0 +++ /dev/null @@ -1,129 +0,0 @@ -SSH-ADD(1) General Commands Manual SSH-ADD(1) - -NAME - ssh-add M-bM-^@M-^S adds private key identities to the authentication agent - -SYNOPSIS - ssh-add [-cDdkLlXx] [-E fingerprint_hash] [-t life] [file ...] - ssh-add -s pkcs11 - ssh-add -e pkcs11 - -DESCRIPTION - ssh-add adds private key identities to the authentication agent, - ssh-agent(1). When run without arguments, it adds the files - ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and - ~/.ssh/identity. After loading a private key, ssh-add will try to load - corresponding certificate information from the filename obtained by - appending -cert.pub to the name of the private key file. Alternative - file names can be given on the command line. - - If any file requires a passphrase, ssh-add asks for the passphrase from - the user. The passphrase is read from the user's tty. ssh-add retries - the last passphrase if multiple identity files are given. - - The authentication agent must be running and the SSH_AUTH_SOCK - environment variable must contain the name of its socket for ssh-add to - work. - - The options are as follows: - - -c Indicates that added identities should be subject to confirmation - before being used for authentication. Confirmation is performed - by ssh-askpass(1). Successful confirmation is signaled by a zero - exit status from ssh-askpass(1), rather than text entered into - the requester. - - -D Deletes all identities from the agent. - - -d Instead of adding identities, removes identities from the agent. - If ssh-add has been run without arguments, the keys for the - default identities and their corresponding certificates will be - removed. Otherwise, the argument list will be interpreted as a - list of paths to public key files to specify keys and - certificates to be removed from the agent. If no public key is - found at a given path, ssh-add will append .pub and retry. - - -E fingerprint_hash - Specifies the hash algorithm used when displaying key - fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The - default is M-bM-^@M-^\sha256M-bM-^@M-^]. - - -e pkcs11 - Remove keys provided by the PKCS#11 shared library pkcs11. - - -k When loading keys into or deleting keys from the agent, process - plain private keys only and skip certificates. - - -L Lists public key parameters of all identities currently - represented by the agent. - - -l Lists fingerprints of all identities currently represented by the - agent. - - -s pkcs11 - Add keys provided by the PKCS#11 shared library pkcs11. - - -t life - Set a maximum lifetime when adding identities to an agent. The - lifetime may be specified in seconds or in a time format - specified in sshd_config(5). - - -X Unlock the agent. - - -x Lock the agent with a password. - -ENVIRONMENT - DISPLAY and SSH_ASKPASS - If ssh-add needs a passphrase, it will read the passphrase from - the current terminal if it was run from a terminal. If ssh-add - does not have a terminal associated with it but DISPLAY and - SSH_ASKPASS are set, it will execute the program specified by - SSH_ASKPASS (by default M-bM-^@M-^\ssh-askpassM-bM-^@M-^]) and open an X11 window to - read the passphrase. This is particularly useful when calling - ssh-add from a .xsession or related script. (Note that on some - machines it may be necessary to redirect the input from /dev/null - to make this work.) - - SSH_AUTH_SOCK - Identifies the path of a UNIX-domain socket used to communicate - with the agent. - -FILES - ~/.ssh/identity - Contains the protocol version 1 RSA authentication identity of - the user. - - ~/.ssh/id_dsa - Contains the protocol version 2 DSA authentication identity of - the user. - - ~/.ssh/id_ecdsa - Contains the protocol version 2 ECDSA authentication identity of - the user. - - ~/.ssh/id_ed25519 - Contains the protocol version 2 Ed25519 authentication identity - of the user. - - ~/.ssh/id_rsa - Contains the protocol version 2 RSA authentication identity of - the user. - - Identity files should not be readable by anyone but the user. Note that - ssh-add ignores identity files if they are accessible by others. - -EXIT STATUS - Exit status is 0 on success, 1 if the specified command fails, and 2 if - ssh-add is unable to contact the authentication agent. - -SEE ALSO - ssh(1), ssh-agent(1), ssh-askpass(1), ssh-keygen(1), sshd(8) - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. - -OpenBSD 5.8 March 30, 2015 OpenBSD 5.8 diff --git a/ssh-add.c b/ssh-add.c index 9080a4d..8d402b2 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.123 2015/07/03 03:43:18 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.128 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -93,7 +93,7 @@ static int lifetime = 0; /* User has to confirm key use */ static int confirm = 0; -/* we keep a cache of one passphrases */ +/* we keep a cache of one passphrase */ static char *pass = NULL; static void clear_pass(void) @@ -150,10 +150,8 @@ delete_file(int agent_fd, const char *filename, int key_only) certpath, ssh_err(r)); out: - if (cert != NULL) - sshkey_free(cert); - if (public != NULL) - sshkey_free(public); + sshkey_free(cert); + sshkey_free(public); free(certpath); free(comment); @@ -218,35 +216,32 @@ add_file(int agent_fd, const char *filename, int key_only) close(fd); /* At first, try empty passphrase */ - if ((r = sshkey_parse_private_fileblob(keyblob, "", filename, - &private, &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) { + if ((r = sshkey_parse_private_fileblob(keyblob, "", &private, + &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) { fprintf(stderr, "Error loading key \"%s\": %s\n", filename, ssh_err(r)); goto fail_load; } /* try last */ if (private == NULL && pass != NULL) { - if ((r = sshkey_parse_private_fileblob(keyblob, pass, filename, - &private, &comment)) != 0 && - r != SSH_ERR_KEY_WRONG_PASSPHRASE) { + if ((r = sshkey_parse_private_fileblob(keyblob, pass, &private, + &comment)) != 0 && r != SSH_ERR_KEY_WRONG_PASSPHRASE) { fprintf(stderr, "Error loading key \"%s\": %s\n", filename, ssh_err(r)); goto fail_load; } } - if (comment == NULL) - comment = xstrdup(filename); if (private == NULL) { /* clear passphrase since it did not work */ clear_pass(); - snprintf(msg, sizeof msg, "Enter passphrase for %.200s%s: ", - comment, confirm ? " (will confirm each use)" : ""); + snprintf(msg, sizeof msg, "Enter passphrase for %s%s: ", + filename, confirm ? " (will confirm each use)" : ""); for (;;) { pass = read_passphrase(msg, RP_ALLOW_STDIN); if (strcmp(pass, "") == 0) goto fail_load; if ((r = sshkey_parse_private_fileblob(keyblob, pass, - filename, &private, NULL)) == 0) + &private, &comment)) == 0) break; else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) { fprintf(stderr, @@ -254,16 +249,17 @@ add_file(int agent_fd, const char *filename, int key_only) filename, ssh_err(r)); fail_load: clear_pass(); - free(comment); sshbuf_free(keyblob); return -1; } clear_pass(); snprintf(msg, sizeof msg, - "Bad passphrase, try again for %.200s%s: ", comment, + "Bad passphrase, try again for %s%s: ", filename, confirm ? " (will confirm each use)" : ""); } } + if (comment == NULL || *comment == '\0') + comment = xstrdup(filename); sshbuf_free(keyblob); if ((r = ssh_add_identity_constrained(agent_fd, private, comment, @@ -386,7 +382,7 @@ list_identities(int agent_fd, int do_fp) if (do_fp) { fp = sshkey_fingerprint(idlist->keys[i], fingerprint_hash, SSH_FP_DEFAULT); - printf("%d %s %s (%s)\n", + printf("%u %s %s (%s)\n", sshkey_size(idlist->keys[i]), fp == NULL ? "(null)" : fp, idlist->comments[i], @@ -484,8 +480,8 @@ main(int argc, char **argv) char *pkcs11provider = NULL; int r, i, ch, deleting = 0, ret = 0, key_only = 0; int xflag = 0, lflag = 0, Dflag = 0; - + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/ssh-agent.0 b/ssh-agent.0 deleted file mode 100644 index 65bf6e7..0000000 --- a/ssh-agent.0 +++ /dev/null @@ -1,112 +0,0 @@ -SSH-AGENT(1) General Commands Manual SSH-AGENT(1) - -NAME - ssh-agent M-bM-^@M-^S authentication agent - -SYNOPSIS - ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash] - [-t life] [command [arg ...]] - ssh-agent [-c | -s] -k - -DESCRIPTION - ssh-agent is a program to hold private keys used for public key - authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started - in the beginning of an X-session or a login session, and all other - windows or programs are started as clients to the ssh-agent program. - Through use of environment variables the agent can be located and - automatically used for authentication when logging in to other machines - using ssh(1). - - The agent initially does not have any private keys. Keys are added using - ssh-add(1). Multiple identities may be stored in ssh-agent concurrently - and ssh(1) will automatically use them if present. ssh-add(1) is also - used to remove keys from ssh-agent and to query the keys that are held in - one. - - The options are as follows: - - -a bind_address - Bind the agent to the UNIX-domain socket bind_address. The - default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>. - - -c Generate C-shell commands on stdout. This is the default if - SHELL looks like it's a csh style of shell. - - -D Foreground mode. When this option is specified ssh-agent will - not fork. - - -d Debug mode. When this option is specified ssh-agent will not - fork and will write debug information to standard error. - - -E fingerprint_hash - Specifies the hash algorithm used when displaying key - fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The - default is M-bM-^@M-^\sha256M-bM-^@M-^]. - - -k Kill the current agent (given by the SSH_AGENT_PID environment - variable). - - -s Generate Bourne shell commands on stdout. This is the default if - SHELL does not look like it's a csh style of shell. - - -t life - Set a default value for the maximum lifetime of identities added - to the agent. The lifetime may be specified in seconds or in a - time format specified in sshd_config(5). A lifetime specified - for an identity with ssh-add(1) overrides this value. Without - this option the default maximum lifetime is forever. - - If a commandline is given, this is executed as a subprocess of the agent. - When the command dies, so does the agent. - - The idea is that the agent is run in the user's local PC, laptop, or - terminal. Authentication data need not be stored on any other machine, - and authentication passphrases never go over the network. However, the - connection to the agent is forwarded over SSH remote logins, and the user - can thus use the privileges given by the identities anywhere in the - network in a secure way. - - There are two main ways to get an agent set up: The first is that the - agent starts a new subcommand into which some environment variables are - exported, eg ssh-agent xterm &. The second is that the agent prints the - needed shell commands (either sh(1) or csh(1) syntax can be generated) - which can be evaluated in the calling shell, eg eval `ssh-agent -s` for - Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for - csh(1) and derivatives. - - Later ssh(1) looks at these variables and uses them to establish a - connection to the agent. - - The agent will never send a private key over its request channel. - Instead, operations that require a private key will be performed by the - agent, and the result will be returned to the requester. This way, - private keys are not exposed to clients using the agent. - - A UNIX-domain socket is created and the name of this socket is stored in - the SSH_AUTH_SOCK environment variable. The socket is made accessible - only to the current user. This method is easily abused by root or - another instance of the same user. - - The SSH_AGENT_PID environment variable holds the agent's process ID. - - The agent exits automatically when the command given on the command line - terminates. - -FILES - $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid> - UNIX-domain sockets used to contain the connection to the - authentication agent. These sockets should only be readable by - the owner. The sockets should get automatically removed when the - agent exits. - -SEE ALSO - ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. - -OpenBSD 5.8 April 24, 2015 OpenBSD 5.8 diff --git a/ssh-agent.1 b/ssh-agent.1 index d0aa712..c4b50bb 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.59 2015/04/24 06:26:49 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.62 2015/11/15 23:54:15 jmc Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 24 2015 $ +.Dd $Mdocdate: November 15 2015 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Sh SYNOPSIS .Nm ssh-agent .Op Fl c | s -.Op Fl Dd +.Op Fl \&Dd .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash .Op Fl t Ar life @@ -66,6 +66,13 @@ machines using .Pp The agent initially does not have any private keys. Keys are added using +.Xr ssh 1 +(see +.Cm AddKeysToAgent +in +.Xr ssh_config 5 +for details) +or .Xr ssh-add 1 . Multiple identities may be stored in .Nm @@ -130,7 +137,7 @@ overrides this value. Without this option the default maximum lifetime is forever. .El .Pp -If a commandline is given, this is executed as a subprocess of the agent. +If a command line is given, this is executed as a subprocess of the agent. When the command dies, so does the agent. .Pp The idea is that the agent is run in the user's local PC, laptop, or diff --git a/ssh-agent.c b/ssh-agent.c index 3b3c9b9..5062d2f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.204 2015/07/08 20:24:02 markus Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.213 2016/05/02 08:49:03 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -88,10 +88,6 @@ #include "ssh-pkcs11.h" #endif -#if defined(HAVE_SYS_PRCTL_H) -#include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ -#endif - typedef enum { AUTH_UNUSED, AUTH_SOCKET, @@ -144,8 +140,8 @@ char socket_dir[PATH_MAX]; #define LOCK_SALT_SIZE 16 #define LOCK_ROUNDS 1 int locked = 0; -char lock_passwd[LOCK_SIZE]; -char lock_salt[LOCK_SALT_SIZE]; +u_char lock_pwhash[LOCK_SIZE]; +u_char lock_salt[LOCK_SALT_SIZE]; extern char *__progname; @@ -653,6 +649,18 @@ process_authentication_challenge1(SocketEntry *e) } #endif +static char * +agent_decode_alg(struct sshkey *key, u_int flags) +{ + if (key->type == KEY_RSA) { + if (flags & SSH_AGENT_RSA_SHA2_256) + return "rsa-sha2-256"; + else if (flags & SSH_AGENT_RSA_SHA2_512) + return "rsa-sha2-512"; + } + return NULL; +} + /* ssh2 only */ static void process_sign_request2(SocketEntry *e) @@ -674,7 +682,7 @@ process_sign_request2(SocketEntry *e) if (flags & SSH_AGENT_OLD_SIGNATURE) compat = SSH_BUG_SIGBLOB; if ((r = sshkey_from_blob(blob, blen, &key)) != 0) { - error("%s: cannot parse key blob: %s", __func__, ssh_err(ok)); + error("%s: cannot parse key blob: %s", __func__, ssh_err(r)); goto send; } if ((id = lookup_identity(key, 2)) == NULL) { @@ -686,8 +694,8 @@ process_sign_request2(SocketEntry *e) goto send; } if ((r = sshkey_sign(id->key, &signature, &slen, - data, dlen, compat)) != 0) { - error("%s: sshkey_sign: %s", __func__, ssh_err(ok)); + data, dlen, agent_decode_alg(key, flags), compat)) != 0) { + error("%s: sshkey_sign: %s", __func__, ssh_err(r)); goto send; } /* Success */ @@ -950,7 +958,8 @@ static void process_lock_agent(SocketEntry *e, int lock) { int r, success = 0, delay; - char *passwd, passwdhash[LOCK_SIZE]; + char *passwd; + u_char passwdhash[LOCK_SIZE]; static u_int fail_count = 0; size_t pwlen; @@ -962,11 +971,11 @@ process_lock_agent(SocketEntry *e, int lock) if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), passwdhash, sizeof(passwdhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); - if (timingsafe_bcmp(passwdhash, lock_passwd, LOCK_SIZE) == 0) { + if (timingsafe_bcmp(passwdhash, lock_pwhash, LOCK_SIZE) == 0) { debug("agent unlocked"); locked = 0; fail_count = 0; - explicit_bzero(lock_passwd, sizeof(lock_passwd)); + explicit_bzero(lock_pwhash, sizeof(lock_pwhash)); success = 1; } else { /* delay in 0.1s increments up to 10s */ @@ -983,7 +992,7 @@ process_lock_agent(SocketEntry *e, int lock) locked = 1; arc4random_buf(lock_salt, sizeof(lock_salt)); if (bcrypt_pbkdf(passwd, pwlen, lock_salt, sizeof(lock_salt), - lock_passwd, sizeof(lock_passwd), LOCK_ROUNDS) < 0) + lock_pwhash, sizeof(lock_pwhash), LOCK_ROUNDS) < 0) fatal("bcrypt_pbkdf"); success = 1; } @@ -1519,6 +1528,7 @@ main(int ac, char **av) + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1526,10 +1536,7 @@ main(int ac, char **av) setegid(getgid()); setgid(getgid()); -#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) - /* Disable ptrace on Linux without sgid bit */ - prctl(PR_SET_DUMPABLE, 0); -#endif + platform_disable_tracing(0); /* strict=no */ #ifdef WITH_OPENSSL OpenSSL_add_all_algorithms(); @@ -1726,6 +1733,7 @@ main(int ac, char **av) printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, SSH_AUTHSOCKET_ENV_NAME); printf("echo Agent pid %ld;\n", (long)parent_pid); + fflush(stdout); goto skip; } pid = fork(); @@ -1817,6 +1825,10 @@ skip: #endif nalloc = 0; + if (pledge("stdio cpath unix id proc exec", NULL) == -1) + fatal("%s: pledge: %s", __progname, strerror(errno)); + platform_pledge_agent(); + while (1) { prepare_select(&readsetp, &writesetp, &max_fd, &nalloc, &tvp); result = select(max_fd + 1, readsetp, writesetp, NULL, tvp); diff --git a/ssh-dss.c b/ssh-dss.c index 8ed19d8..7af59fa 100644 --- a/ssh-dss.c +++ b/ssh-dss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -122,8 +122,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, explicit_bzero(digest, sizeof(digest)); if (sig != NULL) DSA_SIG_free(sig); - if (b != NULL) - sshbuf_free(b); + sshbuf_free(b); return ret; } @@ -140,7 +139,8 @@ ssh_dss_verify(const struct sshkey *key, char *ktype = NULL; if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA) + sshkey_type_plain(key->type) != KEY_DSA || + signature == NULL || signaturelen == 0) return SSH_ERR_INVALID_ARGUMENT; if (dlen == 0) return SSH_ERR_INTERNAL_ERROR; @@ -209,10 +209,8 @@ ssh_dss_verify(const struct sshkey *key, explicit_bzero(digest, sizeof(digest)); if (sig != NULL) DSA_SIG_free(sig); - if (b != NULL) - sshbuf_free(b); - if (ktype != NULL) - free(ktype); + sshbuf_free(b); + free(ktype); if (sigblob != NULL) { explicit_bzero(sigblob, len); free(sigblob); diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 2c76f8b..d7bf3c6 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.11 2014/06/24 01:13:21 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.13 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -99,10 +99,8 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, ret = 0; out: explicit_bzero(digest, sizeof(digest)); - if (b != NULL) - sshbuf_free(b); - if (bb != NULL) - sshbuf_free(bb); + sshbuf_free(b); + sshbuf_free(bb); if (sig != NULL) ECDSA_SIG_free(sig); return ret; @@ -123,7 +121,8 @@ ssh_ecdsa_verify(const struct sshkey *key, char *ktype = NULL; if (key == NULL || key->ecdsa == NULL || - sshkey_type_plain(key->type) != KEY_ECDSA) + sshkey_type_plain(key->type) != KEY_ECDSA || + signature == NULL || signaturelen == 0) return SSH_ERR_INVALID_ARGUMENT; if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || @@ -179,10 +178,8 @@ ssh_ecdsa_verify(const struct sshkey *key, out: explicit_bzero(digest, sizeof(digest)); - if (sigbuf != NULL) - sshbuf_free(sigbuf); - if (b != NULL) - sshbuf_free(b); + sshbuf_free(sigbuf); + sshbuf_free(b); if (sig != NULL) ECDSA_SIG_free(sig); free(ktype); diff --git a/ssh-ed25519.c b/ssh-ed25519.c index b159ff5..5163e02 100644 --- a/ssh-ed25519.c +++ b/ssh-ed25519.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519.c,v 1.6 2015/01/15 21:38:50 markus Exp $ */ +/* $OpenBSD: ssh-ed25519.c,v 1.7 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> * @@ -107,7 +107,8 @@ ssh_ed25519_verify(const struct sshkey *key, if (key == NULL || sshkey_type_plain(key->type) != KEY_ED25519 || key->ed25519_pk == NULL || - datalen >= INT_MAX - crypto_sign_ed25519_BYTES) + datalen >= INT_MAX - crypto_sign_ed25519_BYTES || + signature == NULL || signaturelen == 0) return SSH_ERR_INVALID_ARGUMENT; if ((b = sshbuf_from(signature, signaturelen)) == NULL) diff --git a/ssh-keygen.0 b/ssh-keygen.0 deleted file mode 100644 index 07a45b3..0000000 --- a/ssh-keygen.0 +++ /dev/null @@ -1,566 +0,0 @@ -SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) - -NAME - ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion - -SYNOPSIS - ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] - [-N new_passphrase] [-C comment] [-f output_keyfile] - ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] - ssh-keygen -i [-m key_format] [-f input_keyfile] - ssh-keygen -e [-m key_format] [-f input_keyfile] - ssh-keygen -y [-f input_keyfile] - ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] - ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] - ssh-keygen -B [-f input_keyfile] - ssh-keygen -D pkcs11 - ssh-keygen -F hostname [-f known_hosts_file] [-l] - ssh-keygen -H [-f known_hosts_file] - ssh-keygen -R hostname [-f known_hosts_file] - ssh-keygen -r hostname [-f input_keyfile] [-g] - ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] - ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines] - [-j start_line] [-K checkpt] [-W generator] - ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] - [-O option] [-V validity_interval] [-z serial_number] file ... - ssh-keygen -L [-f input_keyfile] - ssh-keygen -A - ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] - file ... - ssh-keygen -Q -f krl_file file ... - -DESCRIPTION - ssh-keygen generates, manages and converts authentication keys for - ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 - and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. - The type of key to be generated is specified with the -t option. If - invoked without any arguments, ssh-keygen will generate an RSA key for - use in SSH protocol 2 connections. - - ssh-keygen is also used to generate groups for use in Diffie-Hellman - group exchange (DH-GEX). See the MODULI GENERATION section for details. - - Finally, ssh-keygen can be used to generate and update Key Revocation - Lists, and to test whether given keys have been revoked by one. See the - KEY REVOCATION LISTS section for details. - - Normally each user wishing to use SSH with public key authentication runs - this once to create the authentication key in ~/.ssh/identity, - ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa. - Additionally, the system administrator may use this to generate host - keys, as seen in /etc/rc. - - Normally this program generates the key and asks for a file in which to - store the private key. The public key is stored in a file with the same - name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The - passphrase may be empty to indicate no passphrase (host keys must have an - empty passphrase), or it may be a string of arbitrary length. A - passphrase is similar to a password, except it can be a phrase with a - series of words, punctuation, numbers, whitespace, or any string of - characters you want. Good passphrases are 10-30 characters long, are not - simple sentences or otherwise easily guessable (English prose has only - 1-2 bits of entropy per character, and provides very bad passphrases), - and contain a mix of upper and lowercase letters, numbers, and non- - alphanumeric characters. The passphrase can be changed later by using - the -p option. - - There is no way to recover a lost passphrase. If the passphrase is lost - or forgotten, a new key must be generated and the corresponding public - key copied to other machines. - - For RSA1 keys, there is also a comment field in the key file that is only - for convenience to the user to help identify the key. The comment can - tell what the key is for, or whatever is useful. The comment is - initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed - using the -c option. - - After a key is generated, instructions below detail where the keys should - be placed to be activated. - - The options are as follows: - - -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for - which host keys do not exist, generate the host keys with the - default key file path, an empty passphrase, default bits for the - key type, and default comment. This is used by /etc/rc to - generate new host keys. - - -a rounds - When saving a new-format private key (i.e. an ed25519 key or any - SSH protocol 2 key when the -o flag is set), this option - specifies the number of KDF (key derivation function) rounds - used. Higher numbers result in slower passphrase verification - and increased resistance to brute-force password cracking (should - the keys be stolen). - - When screening DH-GEX candidates ( using the -T command). This - option specifies the number of primality tests to perform. - - -B Show the bubblebabble digest of specified private or public key - file. - - -b bits - Specifies the number of bits in the key to create. For RSA keys, - the minimum size is 1024 bits and the default is 2048 bits. - Generally, 2048 bits is considered sufficient. DSA keys must be - exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, - the -b flag determines the key length by selecting from one of - three elliptic curve sizes: 256, 384 or 521 bits. Attempting to - use bit lengths other than these three values for ECDSA keys will - fail. Ed25519 keys have a fixed length and the -b flag will be - ignored. - - -C comment - Provides a new comment. - - -c Requests changing the comment in the private and public key - files. This operation is only supported for RSA1 keys. The - program will prompt for the file containing the private keys, for - the passphrase if the key has one, and for the new comment. - - -D pkcs11 - Download the RSA public keys provided by the PKCS#11 shared - library pkcs11. When used in combination with -s, this option - indicates that a CA key resides in a PKCS#11 token (see the - CERTIFICATES section for details). - - -E fingerprint_hash - Specifies the hash algorithm used when displaying key - fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The - default is M-bM-^@M-^\sha256M-bM-^@M-^]. - - -e This option will read a private or public OpenSSH key file and - print to stdout the key in one of the formats specified by the -m - option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option - allows exporting OpenSSH keys for use by other programs, - including several commercial SSH implementations. - - -F hostname - Search for the specified hostname in a known_hosts file, listing - any occurrences found. This option is useful to find hashed host - names or addresses and may also be used in conjunction with the - -H option to print found keys in a hashed format. - - -f filename - Specifies the filename of the key file. - - -G output_file - Generate candidate primes for DH-GEX. These primes must be - screened for safety (using the -T option) before use. - - -g Use generic DNS format when printing fingerprint resource records - using the -r command. - - -H Hash a known_hosts file. This replaces all hostnames and - addresses with hashed representations within the specified file; - the original content is moved to a file with a .old suffix. - These hashes may be used normally by ssh and sshd, but they do - not reveal identifying information should the file's contents be - disclosed. This option will not modify existing hashed hostnames - and is therefore safe to use on files that mix hashed and non- - hashed names. - - -h When signing a key, create a host certificate instead of a user - certificate. Please see the CERTIFICATES section for details. - - -I certificate_identity - Specify the key identity when signing a public key. Please see - the CERTIFICATES section for details. - - -i This option will read an unencrypted private (or public) key file - in the format specified by the -m option and print an OpenSSH - compatible private (or public) key to stdout. This option allows - importing keys from other software, including several commercial - SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. - - -J num_lines - Exit after screening the specified number of lines while - performing DH candidate screening using the -T option. - - -j start_line - Start screening at the specified line number while performing DH - candidate screening using the -T option. - - -K checkpt - Write the last line processed to the file checkpt while - performing DH candidate screening using the -T option. This will - be used to skip lines in the input file that have already been - processed if the job is restarted. - - -k Generate a KRL file. In this mode, ssh-keygen will generate a - KRL file at the location specified via the -f flag that revokes - every key or certificate presented on the command line. - Keys/certificates to be revoked may be specified by public key - file or using the format described in the KEY REVOCATION LISTS - section. - - -L Prints the contents of a certificate. - - -l Show fingerprint of specified public key file. Private RSA1 keys - are also supported. For RSA and DSA keys ssh-keygen tries to - find the matching public key file and prints its fingerprint. If - combined with -v, an ASCII art representation of the key is - supplied with the fingerprint. - - -M memory - Specify the amount of memory to use (in megabytes) when - generating candidate moduli for DH-GEX. - - -m key_format - Specify a key format for the -i (import) or -e (export) - conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] - (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public - key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is - M-bM-^@M-^\RFC4716M-bM-^@M-^]. - - -N new_passphrase - Provides the new passphrase. - - -n principals - Specify one or more principals (user or host names) to be - included in a certificate when signing a key. Multiple - principals may be specified, separated by commas. Please see the - CERTIFICATES section for details. - - -O option - Specify a certificate option when signing a key. This option may - be specified multiple times. Please see the CERTIFICATES section - for details. The options that are valid for user certificates - are: - - clear Clear all enabled permissions. This is useful for - clearing the default set of permissions so permissions - may be added individually. - - force-command=command - Forces the execution of command instead of any shell or - command specified by the user when the certificate is - used for authentication. - - no-agent-forwarding - Disable ssh-agent(1) forwarding (permitted by default). - - no-port-forwarding - Disable port forwarding (permitted by default). - - no-pty Disable PTY allocation (permitted by default). - - no-user-rc - Disable execution of ~/.ssh/rc by sshd(8) (permitted by - default). - - no-x11-forwarding - Disable X11 forwarding (permitted by default). - - permit-agent-forwarding - Allows ssh-agent(1) forwarding. - - permit-port-forwarding - Allows port forwarding. - - permit-pty - Allows PTY allocation. - - permit-user-rc - Allows execution of ~/.ssh/rc by sshd(8). - - permit-x11-forwarding - Allows X11 forwarding. - - source-address=address_list - Restrict the source addresses from which the certificate - is considered valid. The address_list is a comma- - separated list of one or more address/netmask pairs in - CIDR format. - - At present, no options are valid for host keys. - - -o Causes ssh-keygen to save SSH protocol 2 private keys using the - new OpenSSH format rather than the more compatible PEM format. - The new format has increased resistance to brute-force password - cracking but is not supported by versions of OpenSSH prior to - 6.5. Ed25519 keys always use the new private key format. - - -P passphrase - Provides the (old) passphrase. - - -p Requests changing the passphrase of a private key file instead of - creating a new private key. The program will prompt for the file - containing the private key, for the old passphrase, and twice for - the new passphrase. - - -Q Test whether keys have been revoked in a KRL. - - -q Silence ssh-keygen. - - -R hostname - Removes all keys belonging to hostname from a known_hosts file. - This option is useful to delete hashed hosts (see the -H option - above). - - -r hostname - Print the SSHFP fingerprint resource record named hostname for - the specified public key file. - - -S start - Specify start point (in hex) when generating candidate moduli for - DH-GEX. - - -s ca_key - Certify (sign) a public key using the specified CA key. Please - see the CERTIFICATES section for details. - - When generating a KRL, -s specifies a path to a CA public key - file used to revoke certificates directly by key ID or serial - number. See the KEY REVOCATION LISTS section for details. - - -T output_file - Test DH group exchange candidate primes (generated using the -G - option) for safety. - - -t dsa | ecdsa | ed25519 | rsa | rsa1 - Specifies the type of key to create. The possible values are - M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or - M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. - - -u Update a KRL. When specified with -k, keys listed via the - command line are added to the existing KRL rather than a new KRL - being created. - - -V validity_interval - Specify a validity interval when signing a certificate. A - validity interval may consist of a single time, indicating that - the certificate is valid beginning now and expiring at that time, - or may consist of two times separated by a colon to indicate an - explicit time interval. The start time may be specified as a - date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a - relative time (to the current time) consisting of a minus sign - followed by a relative time in the format described in the TIME - FORMATS section of sshd_config(5). The end time may be specified - as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time - starting with a plus character. - - For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day - from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks - from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, - January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] - (valid from yesterday to midnight, January 1st, 2011). - - -v Verbose mode. Causes ssh-keygen to print debugging messages - about its progress. This is helpful for debugging moduli - generation. Multiple -v options increase the verbosity. The - maximum is 3. - - -W generator - Specify desired generator when testing candidate moduli for DH- - GEX. - - -y This option will read a private OpenSSH format file and print an - OpenSSH public key to stdout. - - -z serial_number - Specifies a serial number to be embedded in the certificate to - distinguish this certificate from others from the same CA. The - default serial number is zero. - - When generating a KRL, the -z flag is used to specify a KRL - version number. - -MODULI GENERATION - ssh-keygen may be used to generate groups for the Diffie-Hellman Group - Exchange (DH-GEX) protocol. Generating these groups is a two-step - process: first, candidate primes are generated using a fast, but memory - intensive process. These candidate primes are then tested for - suitability (a CPU-intensive process). - - Generation of primes is performed using the -G option. The desired - length of the primes may be specified by the -b option. For example: - - # ssh-keygen -G moduli-2048.candidates -b 2048 - - By default, the search for primes begins at a random point in the desired - length range. This may be overridden using the -S option, which - specifies a different start point (in hex). - - Once a set of candidates have been generated, they must be screened for - suitability. This may be performed using the -T option. In this mode - ssh-keygen will read candidates from standard input (or a file specified - using the -f option). For example: - - # ssh-keygen -T moduli-2048 -f moduli-2048.candidates - - By default, each candidate will be subjected to 100 primality tests. - This may be overridden using the -a option. The DH generator value will - be chosen automatically for the prime under consideration. If a specific - generator is desired, it may be requested using the -W option. Valid - generator values are 2, 3, and 5. - - Screened DH groups may be installed in /etc/moduli. It is important that - this file contains moduli of a range of bit lengths and that both ends of - a connection share common moduli. - -CERTIFICATES - ssh-keygen supports signing of keys to produce certificates that may be - used for user or host authentication. Certificates consist of a public - key, some identity information, zero or more principal (user or host) - names and a set of options that are signed by a Certification Authority - (CA) key. Clients or servers may then trust only the CA key and verify - its signature on a certificate rather than trusting many user/host keys. - Note that OpenSSH certificates are a different, and much simpler, format - to the X.509 certificates used in ssl(8). - - ssh-keygen supports two types of certificates: user and host. User - certificates authenticate users to servers, whereas host certificates - authenticate server hosts to users. To generate a user certificate: - - $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub - - The resultant certificate will be placed in /path/to/user_key-cert.pub. - A host certificate requires the -h option: - - $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub - - The host certificate will be output to /path/to/host_key-cert.pub. - - It is possible to sign using a CA key stored in a PKCS#11 token by - providing the token library using -D and identifying the CA key by - providing its public half as an argument to -s: - - $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub - - In all cases, key_id is a "key identifier" that is logged by the server - when the certificate is used for authentication. - - Certificates may be limited to be valid for a set of principal - (user/host) names. By default, generated certificates are valid for all - users or hosts. To generate a certificate for a specified set of - principals: - - $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub - $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub - - Additional limitations on the validity and use of user certificates may - be specified through certificate options. A certificate option may - disable features of the SSH session, may be valid only when presented - from particular source addresses or may force the use of a specific - command. For a list of valid certificate options, see the documentation - for the -O option above. - - Finally, certificates may be defined with a validity lifetime. The -V - option allows specification of certificate start and end times. A - certificate that is presented at a time outside this range will not be - considered valid. By default, certificates are valid from UNIX Epoch to - the distant future. - - For certificates to be used for user or host authentication, the CA - public key must be trusted by sshd(8) or ssh(1). Please refer to those - manual pages for details. - -KEY REVOCATION LISTS - ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs). - These binary files specify keys or certificates to be revoked using a - compact format, taking as little as one bit per certificate if they are - being revoked by serial number. - - KRLs may be generated using the -k flag. This option reads one or more - files from the command line and generates a new KRL. The files may - either contain a KRL specification (see below) or public keys, listed one - per line. Plain public keys are revoked by listing their hash or - contents in the KRL and certificates revoked by serial number or key ID - (if the serial is zero or not available). - - Revoking keys using a KRL specification offers explicit control over the - types of record used to revoke keys and may be used to directly revoke - certificates by serial number or key ID without having the complete - original certificate on hand. A KRL specification consists of lines - containing one of the following directives followed by a colon and some - directive-specific information. - - serial: serial_number[-serial_number] - Revokes a certificate with the specified serial number. Serial - numbers are 64-bit values, not including zero and may be - expressed in decimal, hex or octal. If two serial numbers are - specified separated by a hyphen, then the range of serial numbers - including and between each is revoked. The CA key must have been - specified on the ssh-keygen command line using the -s option. - - id: key_id - Revokes a certificate with the specified key ID string. The CA - key must have been specified on the ssh-keygen command line using - the -s option. - - key: public_key - Revokes the specified key. If a certificate is listed, then it - is revoked as a plain public key. - - sha1: public_key - Revokes the specified key by its SHA1 hash. - - KRLs may be updated using the -u flag in addition to -k. When this - option is specified, keys listed via the command line are merged into the - KRL, adding to those already there. - - It is also possible, given a KRL, to test whether it revokes a particular - key (or keys). The -Q flag will query an existing KRL, testing each key - specified on the commandline. If any key listed on the command line has - been revoked (or an error encountered) then ssh-keygen will exit with a - non-zero exit status. A zero exit status will only be returned if no key - was revoked. - -FILES - ~/.ssh/identity - Contains the protocol version 1 RSA authentication identity of - the user. This file should not be readable by anyone but the - user. It is possible to specify a passphrase when generating the - key; that passphrase will be used to encrypt the private part of - this file using 3DES. This file is not automatically accessed by - ssh-keygen but it is offered as the default file for the private - key. ssh(1) will read this file when a login attempt is made. - - ~/.ssh/identity.pub - Contains the protocol version 1 RSA public key for - authentication. The contents of this file should be added to - ~/.ssh/authorized_keys on all machines where the user wishes to - log in using RSA authentication. There is no need to keep the - contents of this file secret. - - ~/.ssh/id_dsa - ~/.ssh/id_ecdsa - ~/.ssh/id_ed25519 - ~/.ssh/id_rsa - Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA - authentication identity of the user. This file should not be - readable by anyone but the user. It is possible to specify a - passphrase when generating the key; that passphrase will be used - to encrypt the private part of this file using 128-bit AES. This - file is not automatically accessed by ssh-keygen but it is - offered as the default file for the private key. ssh(1) will - read this file when a login attempt is made. - - ~/.ssh/id_dsa.pub - ~/.ssh/id_ecdsa.pub - ~/.ssh/id_ed25519.pub - ~/.ssh/id_rsa.pub - Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public - key for authentication. The contents of this file should be - added to ~/.ssh/authorized_keys on all machines where the user - wishes to log in using public key authentication. There is no - need to keep the contents of this file secret. - - /etc/moduli - Contains Diffie-Hellman groups used for DH-GEX. The file format - is described in moduli(5). - -SEE ALSO - ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) - - The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. - -OpenBSD 5.8 August 20, 2015 OpenBSD 5.8 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index ed17a08..ce2213c 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.133 2016/06/16 06:10:45 jmc Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 20 2015 $ +.Dd $Mdocdate: June 16 2016 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -141,8 +141,12 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create RSA keys for use by SSH protocol version 1 and -DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. +can create keys for use by SSH protocol versions 1 and 2. +Protocol 1 should not be used +and is only offered to support legacy devices. +It suffers from a number of cryptographic weaknesses +and doesn't support many of the advanced features available for protocol 2. +.Pp The type of key to be generated is specified with the .Fl t option. @@ -203,7 +207,7 @@ There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key must be generated and the corresponding public key copied to other machines. .Pp -For RSA1 keys, +For RSA1 keys and keys stored in the newer OpenSSH format, there is also a comment field in the key file that is only for convenience to the user to help identify the key. The comment can tell what the key is for, or whatever is useful. @@ -260,7 +264,8 @@ flag will be ignored. Provides a new comment. .It Fl c Requests changing the comment in the private and public key files. -This operation is only supported for RSA1 keys. +This operation is only supported for RSA1 keys and keys stored in the +newer OpenSSH format. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment. .It Fl D Ar pkcs11 @@ -376,7 +381,7 @@ using the format described in the .Sx KEY REVOCATION LISTS section. .It Fl L -Prints the contents of a certificate. +Prints the contents of one or more certificates. .It Fl l Show fingerprint of specified public key file. Private RSA1 keys are also supported. @@ -385,7 +390,8 @@ For RSA and DSA keys tries to find the matching public key file and prints its fingerprint. If combined with .Fl v , -an ASCII art representation of the key is supplied with the fingerprint. +a visual ASCII art representation of the key is supplied with the +fingerprint. .It Fl M Ar memory Specify the amount of memory to use (in megabytes) when generating candidate moduli for DH-GEX. @@ -474,7 +480,7 @@ At present, no options are valid for host keys. .It Fl o Causes .Nm -to save SSH protocol 2 private keys using the new OpenSSH format rather than +to save private keys using the new OpenSSH format rather than the more compatible PEM format. The new format has increased resistance to brute-force password cracking but is not supported by versions of OpenSSH prior to 6.5. @@ -781,7 +787,7 @@ It is also possible, given a KRL, to test whether it revokes a particular key (or keys). The .Fl Q -flag will query an existing KRL, testing each key specified on the commandline. +flag will query an existing KRL, testing each key specified on the command line. If any key listed on the command line has been revoked (or an error encountered) then .Nm diff --git a/ssh-keygen.c b/ssh-keygen.c index 8247b33..2a7ee95 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.290 2016/05/02 09:36:42 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -523,7 +523,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) sshbuf_free(b); /* try the key */ - if (sshkey_sign(key, &sig, &slen, data, sizeof(data), 0) != 0 || + if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 || sshkey_verify(key, sig, slen, data, sizeof(data), 0) != 0) { sshkey_free(key); free(sig); @@ -808,116 +808,162 @@ do_download(struct passwd *pw) #endif /* ENABLE_PKCS11 */ } +static struct sshkey * +try_read_key(char **cpp) +{ + struct sshkey *ret; + int r; + + if ((ret = sshkey_new(KEY_RSA1)) == NULL) + fatal("sshkey_new failed"); + /* Try RSA1 */ + if ((r = sshkey_read(ret, cpp)) == 0) + return ret; + /* Try modern */ + sshkey_free(ret); + if ((ret = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("sshkey_new failed"); + if ((r = sshkey_read(ret, cpp)) == 0) + return ret; + /* Not a key */ + sshkey_free(ret); + return NULL; +} + +static void +fingerprint_one_key(const struct sshkey *public, const char *comment) +{ + char *fp = NULL, *ra = NULL; + enum sshkey_fp_rep rep; + int fptype; + + fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; + rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; + fp = sshkey_fingerprint(public, fptype, rep); + ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART); + if (fp == NULL || ra == NULL) + fatal("%s: sshkey_fingerprint failed", __func__); + printf("%u %s %s (%s)\n", sshkey_size(public), fp, + comment ? comment : "no comment", sshkey_type(public)); + if (log_level >= SYSLOG_LEVEL_VERBOSE) + printf("%s\n", ra); + free(ra); + free(fp); +} + +static void +fingerprint_private(const char *path) +{ + struct stat st; + char *comment = NULL; + struct sshkey *public = NULL; + int r; + + if (stat(identity_file, &st) < 0) + fatal("%s: %s", path, strerror(errno)); + if ((r = sshkey_load_public(path, &public, &comment)) != 0) { + debug("load public \"%s\": %s", path, ssh_err(r)); + if ((r = sshkey_load_private(path, NULL, + &public, &comment)) != 0) { + debug("load private \"%s\": %s", path, ssh_err(r)); + fatal("%s is not a key file.", path); + } + } + + fingerprint_one_key(public, comment); + sshkey_free(public); + free(comment); +} + static void do_fingerprint(struct passwd *pw) { FILE *f; - struct sshkey *public; - char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; - int r, i, skip = 0, num = 0, invalid = 1; - enum sshkey_fp_rep rep; - int fptype; - struct stat st; + struct sshkey *public = NULL; + char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; + int i, invalid = 1; + const char *path; + u_long lnum = 0; - fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash; - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s", identity_file, strerror(errno)); - if ((r = sshkey_load_public(identity_file, &public, &comment)) != 0) - debug2("Error loading public key \"%s\": %s", - identity_file, ssh_err(r)); - else { - fp = sshkey_fingerprint(public, fptype, rep); - ra = sshkey_fingerprint(public, fingerprint_hash, - SSH_FP_RANDOMART); - if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); - printf("%u %s %s (%s)\n", sshkey_size(public), fp, comment, - sshkey_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); - sshkey_free(public); - free(comment); - free(ra); - free(fp); - exit(0); - } - if (comment) { - free(comment); - comment = NULL; - } + path = identity_file; - if ((f = fopen(identity_file, "r")) == NULL) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); + if (strcmp(identity_file, "-") == 0) { + f = stdin; + path = "(stdin)"; + } else if ((f = fopen(path, "r")) == NULL) + fatal("%s: %s: %s", __progname, path, strerror(errno)); - while (fgets(line, sizeof(line), f)) { - if ((cp = strchr(line, '\n')) == NULL) { - error("line %d too long: %.40s...", - num + 1, line); - skip = 1; + while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + cp = line; + cp[strcspn(cp, "\n")] = '\0'; + /* Trim leading space and comments */ + cp = line + strspn(line, " \t"); + if (*cp == '#' || *cp == '\0') + continue; + + /* + * Input may be plain keys, private keys, authorized_keys + * or known_hosts. + */ + + /* + * Try private keys first. Assume a key is private if + * "SSH PRIVATE KEY" appears on the first line and we're + * not reading from stdin (XXX support private keys on stdin). + */ + if (lnum == 1 && strcmp(identity_file, "-") != 0 && + strstr(cp, "PRIVATE KEY") != NULL) { + fclose(f); + fingerprint_private(path); + exit(0); + } + + /* + * If it's not a private key, then this must be prepared to + * accept a public key prefixed with a hostname or options. + * Try a bare key first, otherwise skip the leading stuff. + */ + if ((public = try_read_key(&cp)) == NULL) { + i = strtol(cp, &ep, 10); + if (i == 0 || ep == NULL || + (*ep != ' ' && *ep != '\t')) { + int quoted = 0; + + comment = cp; + for (; *cp && (quoted || (*cp != ' ' && + *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') + cp++; /* Skip both */ + else if (*cp == '"') + quoted = !quoted; + } + if (!*cp) + continue; + *cp++ = '\0'; + } + } + /* Retry after parsing leading hostname/key options */ + if (public == NULL && (public = try_read_key(&cp)) == NULL) { + debug("%s:%lu: not a public key", path, lnum); continue; } - num++; - if (skip) { - skip = 0; - continue; - } - *cp = '\0'; - /* Skip leading whitespace, empty and comment lines. */ - for (cp = line; *cp == ' ' || *cp == '\t'; cp++) + /* Find trailing comment, if any */ + for (; *cp == ' ' || *cp == '\t'; cp++) ; - if (!*cp || *cp == '\n' || *cp == '#') - continue; - i = strtol(cp, &ep, 10); - if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) { - int quoted = 0; + if (*cp != '\0' && *cp != '#') comment = cp; - for (; *cp && (quoted || (*cp != ' ' && - *cp != '\t')); cp++) { - if (*cp == '\\' && cp[1] == '"') - cp++; /* Skip both */ - else if (*cp == '"') - quoted = !quoted; - } - if (!*cp) - continue; - *cp++ = '\0'; - } - ep = cp; - if ((public = sshkey_new(KEY_RSA1)) == NULL) - fatal("sshkey_new failed"); - if ((r = sshkey_read(public, &cp)) != 0) { - cp = ep; - sshkey_free(public); - if ((public = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); - if ((r = sshkey_read(public, &cp)) != 0) { - sshkey_free(public); - continue; - } - } - comment = *cp ? cp : comment; - fp = sshkey_fingerprint(public, fptype, rep); - ra = sshkey_fingerprint(public, fingerprint_hash, - SSH_FP_RANDOMART); - if (fp == NULL || ra == NULL) - fatal("%s: sshkey_fingerprint fail", __func__); - printf("%u %s %s (%s)\n", sshkey_size(public), fp, - comment ? comment : "no comment", sshkey_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); - free(ra); - free(fp); + + fingerprint_one_key(public, comment); sshkey_free(public); - invalid = 0; + invalid = 0; /* One good key in the file is sufficient */ } fclose(f); if (invalid) - fatal("%s is not a public key file.", identity_file); + fatal("%s is not a public key file.", path); exit(0); } @@ -1004,7 +1050,6 @@ do_gen_all_hostkeys(struct passwd *pw) continue; } f = fdopen(fd, "w"); - if (f == NULL) { error("fdopen %s failed", identity_file); close(fd); @@ -1202,8 +1247,11 @@ do_known_hosts(struct passwd *pw, const char *name) foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0; if ((r = hostkeys_foreach(identity_file, hash_hosts ? known_hosts_hash : known_hosts_find_delete, &ctx, - name, NULL, foreach_options)) != 0) + name, NULL, foreach_options)) != 0) { + if (inplace) + unlink(tmp); fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r)); + } if (inplace) fclose(ctx.out); @@ -1401,9 +1449,11 @@ do_change_comment(struct passwd *pw) identity_file, ssh_err(r)); } } - /* XXX what about new-format keys? */ - if (private->type != KEY_RSA1) { - error("Comments are only supported for RSA1 keys."); + + if (private->type != KEY_RSA1 && private->type != KEY_ED25519 && + !use_new_format) { + error("Comments are only supported for RSA1 or keys stored in " + "the new format (-o)."); explicit_bzero(passphrase, strlen(passphrase)); sshkey_free(private); exit(1); @@ -1459,44 +1509,6 @@ do_change_comment(struct passwd *pw) exit(0); } -static const char * -fmt_validity(u_int64_t valid_from, u_int64_t valid_to) -{ - char from[32], to[32]; - static char ret[64]; - time_t tt; - struct tm *tm; - - *from = *to = '\0'; - if (valid_from == 0 && valid_to == 0xffffffffffffffffULL) - return "forever"; - - if (valid_from != 0) { - /* XXX revisit INT_MAX in 2038 :) */ - tt = valid_from > INT_MAX ? INT_MAX : valid_from; - tm = localtime(&tt); - strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); - } - if (valid_to != 0xffffffffffffffffULL) { - /* XXX revisit INT_MAX in 2038 :) */ - tt = valid_to > INT_MAX ? INT_MAX : valid_to; - tm = localtime(&tt); - strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); - } - - if (valid_from == 0) { - snprintf(ret, sizeof(ret), "before %s", to); - return ret; - } - if (valid_to == 0xffffffffffffffffULL) { - snprintf(ret, sizeof(ret), "after %s", from); - return ret; - } - - snprintf(ret, sizeof(ret), "from %s to %s", from, to); - return ret; -} - static void add_flag_option(struct sshbuf *c, const char *name) { @@ -1590,7 +1602,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) int r, i, fd; u_int n; struct sshkey *ca, *public; - char *otmp, *tmp, *cp, *out, *comment, **plist = NULL; + char valid[64], *otmp, *tmp, *cp, *out, *comment, **plist = NULL; FILE *f; #ifdef ENABLE_PKCS11 @@ -1604,6 +1616,12 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) ca = load_identity(tmp); free(tmp); + if (key_type_name != NULL && + sshkey_type_from_name(key_type_name) != ca->type) { + fatal("CA key type %s doesn't match specified %s", + sshkey_ssh_name(ca), key_type_name); + } + for (i = 0; i < argc; i++) { /* Split list of principals */ n = 0; @@ -1645,8 +1663,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) &public->cert->signature_key)) != 0) fatal("key_from_private (ca key): %s", ssh_err(r)); - if (sshkey_certify(public, ca) != 0) - fatal("Couldn't not certify key %s", tmp); + if ((r = sshkey_certify(public, ca, key_type_name)) != 0) + fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) *cp = '\0'; @@ -1665,13 +1683,15 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) fclose(f); if (!quiet) { + sshkey_format_cert_validity(public->cert, + valid, sizeof(valid)); logit("Signed %s key %s: id \"%s\" serial %llu%s%s " - "valid %s", sshkey_cert_type(public), + "valid %s", sshkey_cert_type(public), out, public->cert->key_id, (unsigned long long)public->cert->serial, cert_principals != NULL ? " for " : "", cert_principals != NULL ? cert_principals : "", - fmt_validity(cert_valid_from, cert_valid_to)); + valid); } sshkey_free(public); @@ -1705,7 +1725,7 @@ parse_absolute_time(const char *s) char buf[32], *fmt; /* - * POSIX strptime says "The application shall ensure that there + * POSIX strptime says "The application shall ensure that there * is white-space or other non-alphanumeric characters between * any two conversion specifications" so arrange things this way. */ @@ -1869,31 +1889,18 @@ show_options(struct sshbuf *optbuf, int in_critical) } static void -do_show_cert(struct passwd *pw) +print_cert(struct sshkey *key) { - struct sshkey *key; - struct stat st; - char *key_fp, *ca_fp; + char valid[64], *key_fp, *ca_fp; u_int i; - int r; - - if (!have_identity) - ask_filename(pw, "Enter file in which the key is"); - if (stat(identity_file, &st) < 0) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); - if ((r = sshkey_load_public(identity_file, &key, NULL)) != 0) - fatal("Cannot load public key \"%s\": %s", - identity_file, ssh_err(r)); - if (!sshkey_is_cert(key)) - fatal("%s is not a certificate", identity_file); key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); ca_fp = sshkey_fingerprint(key->cert->signature_key, fingerprint_hash, SSH_FP_DEFAULT); if (key_fp == NULL || ca_fp == NULL) fatal("%s: sshkey_fingerprint fail", __func__); + sshkey_format_cert_validity(key->cert, valid, sizeof(valid)); - printf("%s:\n", identity_file); printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), sshkey_cert_type(key)); printf(" Public key: %s %s\n", sshkey_type(key), key_fp); @@ -1901,8 +1908,7 @@ do_show_cert(struct passwd *pw) sshkey_type(key->cert->signature_key), ca_fp); printf(" Key ID: \"%s\"\n", key->cert->key_id); printf(" Serial: %llu\n", (unsigned long long)key->cert->serial); - printf(" Valid: %s\n", - fmt_validity(key->cert->valid_after, key->cert->valid_before)); + printf(" Valid: %s\n", valid); printf(" Principals: "); if (key->cert->nprincipals == 0) printf("(none)\n"); @@ -1926,7 +1932,60 @@ do_show_cert(struct passwd *pw) printf("\n"); show_options(key->cert->extensions, 0); } - exit(0); +} + +static void +do_show_cert(struct passwd *pw) +{ + struct sshkey *key = NULL; + struct stat st; + int r, is_stdin = 0, ok = 0; + FILE *f; + char *cp, line[SSH_MAX_PUBKEY_BYTES]; + const char *path; + u_long lnum = 0; + + if (!have_identity) + ask_filename(pw, "Enter file in which the key is"); + if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0) + fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); + + path = identity_file; + if (strcmp(path, "-") == 0) { + f = stdin; + path = "(stdin)"; + is_stdin = 1; + } else if ((f = fopen(identity_file, "r")) == NULL) + fatal("fopen %s: %s", identity_file, strerror(errno)); + + while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) { + sshkey_free(key); + key = NULL; + /* Trim leading space and comments */ + cp = line + strspn(line, " \t"); + if (*cp == '#' || *cp == '\0') + continue; + if ((key = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("key_new"); + if ((r = sshkey_read(key, &cp)) != 0) { + error("%s:%lu: invalid key: %s", path, + lnum, ssh_err(r)); + continue; + } + if (!sshkey_is_cert(key)) { + error("%s:%lu is not a certificate", path, lnum); + continue; + } + ok = 1; + if (!is_stdin && lnum == 1) + printf("%s:\n", path); + else + printf("%s:%lu:\n", path, lnum); + print_cert(key); + } + sshkey_free(key); + fclose(f); + exit(ok ? 0 : 1); } static void @@ -2130,8 +2189,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) close(fd); sshbuf_free(kbuf); ssh_krl_free(krl); - if (ca != NULL) - sshkey_free(ca); + sshkey_free(ca); } static void @@ -2228,85 +2286,6 @@ main(int argc, char **argv) /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - -#ifdef WIN32_FIXME - - /* - * -rand option used for generate random password. - */ - - if ((argc == 2) && ((strncmp(argv[1], "-rand", 5) == 0))) - { - BIO *out = BIO_new(BIO_s_file()); - - if (out == NULL) - { - printf("Main: ERROR! Failed to create a new BIO for out.\n"); - - if (out) - { - BIO_free_all(out); - } - - exit(1); - } - - int r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); - - if (r <= 0) - { - printf("Main: ERROR! Failed to set stdout for out.\n"); - - if (out) - { - BIO_free_all(out); - } - - exit(1); - } - - BIO *b64 = BIO_new(BIO_f_base64()); - - if (b64 == NULL) - { - printf("Main: ERROR! Failed to create a new BIO for b64.\n"); - - if (out) - { - BIO_free_all(out); - } - - exit(1); - } - - out = BIO_push(b64, out); - - unsigned char buf[4096]; - - int num = 8; - - r = RAND_bytes(buf, num); - - if (r <= 0) - { - printf("Main: ERROR! Failed to generate random bytes.\n"); - - if (out) - { - BIO_free_all(out); - } - - exit(1); - } - - BIO_write(out, buf, num); - - (void) BIO_flush(out); - - exit(0); - } - - #endif __progname = ssh_get_progname(argv[0]); diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 deleted file mode 100644 index 500c1dd..0000000 --- a/ssh-keyscan.0 +++ /dev/null @@ -1,109 +0,0 @@ -SSH-KEYSCAN(1) General Commands Manual SSH-KEYSCAN(1) - -NAME - ssh-keyscan M-bM-^@M-^S gather ssh public keys - -SYNOPSIS - ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type] - [host | addrlist namelist] ... - -DESCRIPTION - ssh-keyscan is a utility for gathering the public ssh host keys of a - number of hosts. It was designed to aid in building and verifying - ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable - for use by shell and perl scripts. - - ssh-keyscan uses non-blocking socket I/O to contact as many hosts as - possible in parallel, so it is very efficient. The keys from a domain of - 1,000 hosts can be collected in tens of seconds, even when some of those - hosts are down or do not run ssh. For scanning, one does not need login - access to the machines that are being scanned, nor does the scanning - process involve any encryption. - - The options are as follows: - - -4 Forces ssh-keyscan to use IPv4 addresses only. - - -6 Forces ssh-keyscan to use IPv6 addresses only. - - -f file - Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from file, one per line. - If - is supplied instead of a filename, ssh-keyscan will read - hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^] pairs from the standard input. - - -H Hash all hostnames and addresses in the output. Hashed names may - be used normally by ssh and sshd, but they do not reveal - identifying information should the file's contents be disclosed. - - -p port - Port to connect to on the remote host. - - -T timeout - Set the timeout for connection attempts. If timeout seconds have - elapsed since a connection was initiated to a host or since the - last time anything was read from that host, then the connection - is closed and the host in question considered unavailable. - Default is 5 seconds. - - -t type - Specifies the type of the key to fetch from the scanned hosts. - The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], - M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple - values may be specified by separating them with commas. The - default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys. - - -v Verbose mode. Causes ssh-keyscan to print debugging messages - about its progress. - -SECURITY - If an ssh_known_hosts file is constructed using ssh-keyscan without - verifying the keys, users will be vulnerable to man in the middle - attacks. On the other hand, if the security model allows such a risk, - ssh-keyscan can help in the detection of tampered keyfiles or man in the - middle attacks which have begun after the ssh_known_hosts file was - created. - -FILES - Input format: - - 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 - - Output format for RSA1 keys: - - host-or-namelist bits exponent modulus - - Output format for RSA, DSA, ECDSA, and Ed25519 keys: - - host-or-namelist keytype base64-encoded-key - - Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], - M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^]. - - /etc/ssh/ssh_known_hosts - -EXAMPLES - Print the rsa host key for machine hostname: - - $ ssh-keyscan hostname - - Find all hosts from the file ssh_hosts which have new or different keys - from those in the sorted file ssh_known_hosts: - - $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \ - sort -u - ssh_known_hosts | diff ssh_known_hosts - - -SEE ALSO - ssh(1), sshd(8) - -AUTHORS - David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne - Davison <wayned@users.sourceforge.net> added support for protocol version - 2. - -BUGS - It generates "Connection closed by remote host" messages on the consoles - of all the machines it scans if the server is older than version 2.9. - This is because it opens a connection to the ssh port, reads the public - key, and drops the connection as soon as it gets the key. - -OpenBSD 5.8 August 30, 2014 OpenBSD 5.8 diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 6bbc480..d29d9d9 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.36 2014/08/30 15:33:50 sobrado Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.38 2015/11/08 23:24:03 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: August 30 2014 $ +.Dd $Mdocdate: November 8 2015 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -15,7 +15,7 @@ .Sh SYNOPSIS .Nm ssh-keyscan .Bk -words -.Op Fl 46Hv +.Op Fl 46cHv .Op Fl f Ar file .Op Fl p Ar port .Op Fl T Ar timeout @@ -54,6 +54,8 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl c +Request certificates from target hosts instead of plain keys. .It Fl f Ar file Read hosts or .Dq addrlist namelist diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 57d8842..c30d54e 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.101 2015/04/10 00:08:55 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -60,6 +60,7 @@ int ssh_port = SSH_DEFAULT_PORT; #define KT_ECDSA 8 #define KT_ED25519 16 +int get_cert = 0; int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519; int hash_hosts = 0; /* Hash hostname on output */ @@ -267,11 +268,32 @@ keygrab_ssh2(con *c) int r; enable_compat20(); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = - c->c_keytype == KT_DSA ? "ssh-dss" : - (c->c_keytype == KT_RSA ? "ssh-rsa" : - (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : - "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); + switch (c->c_keytype) { + case KT_DSA: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? + "ssh-dss-cert-v01@openssh.com" : "ssh-dss"; + break; + case KT_RSA: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? + "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa"; + break; + case KT_ED25519: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? + "ssh-ed25519-cert-v01@openssh.com" : "ssh-ed25519"; + break; + case KT_ECDSA: + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ? + "ecdsa-sha2-nistp256-cert-v01@openssh.com," + "ecdsa-sha2-nistp384-cert-v01@openssh.com," + "ecdsa-sha2-nistp521-cert-v01@openssh.com" : + "ecdsa-sha2-nistp256," + "ecdsa-sha2-nistp384," + "ecdsa-sha2-nistp521"; + break; + default: + fatal("unknown key type %d", c->c_keytype); + break; + } if ((r = kex_setup(c->c_ssh, myproposal)) != 0) { free(c->c_ssh); fprintf(stderr, "kex_setup: %s\n", ssh_err(r)); @@ -280,6 +302,9 @@ keygrab_ssh2(con *c) #ifdef WITH_OPENSSL c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC @@ -296,23 +321,39 @@ keygrab_ssh2(con *c) } static void -keyprint(con *c, struct sshkey *key) +keyprint_one(char *host, struct sshkey *key) { - char *host = c->c_output_name ? c->c_output_name : c->c_name; - char *hostport = NULL; + char *hostport; - if (!key) - return; if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) fatal("host_hash failed"); hostport = put_host_port(host, ssh_port); - fprintf(stdout, "%s ", hostport); + if (!get_cert) + fprintf(stdout, "%s ", hostport); sshkey_write(key, stdout); fputs("\n", stdout); free(hostport); } +static void +keyprint(con *c, struct sshkey *key) +{ + char *hosts = c->c_output_name ? c->c_output_name : c->c_name; + char *host, *ohosts; + + if (key == NULL) + return; + if (get_cert || (!hash_hosts && ssh_port == SSH_DEFAULT_PORT)) { + keyprint_one(hosts, key); + return; + } + ohosts = hosts = xstrdup(hosts); + while ((host = strsep(&hosts, ",")) != NULL) + keyprint_one(host, key); + free(ohosts); +} + static int tcpconnect(char *host) { @@ -369,6 +410,7 @@ conalloc(char *iname, char *oname, int keytype) if (fdcon[s].c_status) fatal("conalloc: attempt to reuse fdno %d", s); + debug3("%s: oname %s kt %d", __func__, oname, keytype); fdcon[s].c_fd = s; fdcon[s].c_status = CS_CON; fdcon[s].c_namebase = namebase; @@ -639,7 +681,7 @@ static void usage(void) { fprintf(stderr, - "usage: %s [-46Hv] [-f file] [-p port] [-T timeout] [-t type]\n" + "usage: %s [-46cHv] [-f file] [-p port] [-T timeout] [-t type]\n" "\t\t [host | addrlist namelist] ...\n", __progname); exit(1); @@ -657,6 +699,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + ssh_malloc_init(); /* must be called before any mallocs */ __progname = ssh_get_progname(argv[0]); seed_rng(); TAILQ_INIT(&tq); @@ -667,11 +710,14 @@ main(int argc, char **argv) if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "Hv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "cHv46p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; break; + case 'c': + get_cert = 1; + break; case 'p': ssh_port = a2port(optarg); if (ssh_port <= 0) { diff --git a/ssh-keysign.0 b/ssh-keysign.0 deleted file mode 100644 index 7db72c7..0000000 --- a/ssh-keysign.0 +++ /dev/null @@ -1,53 +0,0 @@ -SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) - -NAME - ssh-keysign M-bM-^@M-^S ssh helper program for host-based authentication - -SYNOPSIS - ssh-keysign - -DESCRIPTION - ssh-keysign is used by ssh(1) to access the local host keys and generate - the digital signature required during host-based authentication with SSH - protocol version 2. - - ssh-keysign is disabled by default and can only be enabled in the global - client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign - to M-bM-^@M-^\yesM-bM-^@M-^]. - - ssh-keysign is not intended to be invoked by the user, but from ssh(1). - See ssh(1) and sshd(8) for more information about host-based - authentication. - -FILES - /etc/ssh/ssh_config - Controls whether ssh-keysign is enabled. - - /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_rsa_key - These files contain the private parts of the host keys used to - generate the digital signature. They should be owned by root, - readable only by root, and not accessible to others. Since they - are readable only by root, ssh-keysign must be set-uid root if - host-based authentication is used. - - /etc/ssh/ssh_host_dsa_key-cert.pub - /etc/ssh/ssh_host_ecdsa_key-cert.pub - /etc/ssh/ssh_host_ed25519_key-cert.pub - /etc/ssh/ssh_host_rsa_key-cert.pub - If these files exist they are assumed to contain public - certificate information corresponding with the private keys - above. - -SEE ALSO - ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) - -HISTORY - ssh-keysign first appeared in OpenBSD 3.2. - -AUTHORS - Markus Friedl <markus@openbsd.org> - -OpenBSD 5.8 December 7, 2013 OpenBSD 5.8 diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 69d0829..19b0dbc 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.15 2016/02/17 07:38:19 jmc Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 7 2013 $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -35,7 +35,7 @@ is used by .Xr ssh 1 to access the local host keys and generate the digital signature -required during host-based authentication with SSH protocol version 2. +required during host-based authentication. .Pp .Nm is disabled by default and can only be enabled in the diff --git a/ssh-keysign.c b/ssh-keysign.c index 7b8bba8..0fb273f 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.49 2015/07/03 03:56:25 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.52 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -34,6 +34,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <errno.h> #ifdef WITH_OPENSSL #include <openssl/evp.h> @@ -59,6 +60,8 @@ struct ssh *active_state = NULL; /* XXX needed for linking */ +extern char *__progname; + /* XXX readconf.c needs these */ uid_t original_real_uid; @@ -179,6 +182,10 @@ main(int argc, char **argv) u_int32_t rnd[256]; #endif + ssh_malloc_init(); /* must be called before any mallocs */ + if (pledge("stdio rpath getpw dns id", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + /* Ensure that stdin and stdout are connected */ if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) exit(1); @@ -251,23 +258,26 @@ main(int argc, char **argv) if (!found) fatal("no hostkey found"); + if (pledge("stdio dns", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + if ((b = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); + fatal("%s: sshbuf_new failed", __progname); if (ssh_msg_recv(STDIN_FILENO, b) < 0) fatal("ssh_msg_recv failed"); if ((r = sshbuf_get_u8(b, &rver)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (rver != version) fatal("bad version: received %d, expected %d", rver, version); if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO) fatal("bad fd"); if ((host = get_local_name(fd)) == NULL) fatal("cannot get local name for fd"); if ((r = sshbuf_get_string(b, &data, &dlen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (valid_request(pw, host, &key, data, dlen) < 0) fatal("not a valid request"); free(host); @@ -283,19 +293,20 @@ main(int argc, char **argv) if (!found) { if ((fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) - fatal("%s: sshkey_fingerprint failed", __func__); + fatal("%s: sshkey_fingerprint failed", __progname); fatal("no matching hostkey found for key %s %s", sshkey_type(key), fp ? fp : ""); } - if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, 0)) != 0) + if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen, NULL, 0)) + != 0) fatal("sshkey_sign failed: %s", ssh_err(r)); free(data); /* send reply */ sshbuf_reset(b); if ((r = sshbuf_put_string(b, signature, slen)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); + fatal("%s: buffer error: %s", __progname, ssh_err(r)); if (ssh_msg_send(STDOUT_FILENO, version, b) == -1) fatal("ssh_msg_send failed"); diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index cd34729..df2eccc 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-client.c,v 1.5 2014/06/24 01:13:21 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11-client.c,v 1.6 2015/12/11 00:20:04 mmcc Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -181,7 +181,7 @@ pkcs11_start_helper(void) close(pair[0]); close(pair[1]); execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER, - (char *) 0); + (char *)NULL); fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER, strerror(errno)); _exit(1); diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 deleted file mode 100644 index 7fac805..0000000 --- a/ssh-pkcs11-helper.0 +++ /dev/null @@ -1,25 +0,0 @@ -SSH-PKCS11-HELPER(8) System Manager's Manual SSH-PKCS11-HELPER(8) - -NAME - ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support - -SYNOPSIS - ssh-pkcs11-helper - -DESCRIPTION - ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a - PKCS#11 token. - - ssh-pkcs11-helper is not intended to be invoked by the user, but from - ssh-agent(1). - -SEE ALSO - ssh(1), ssh-add(1), ssh-agent(1) - -HISTORY - ssh-pkcs11-helper first appeared in OpenBSD 4.7. - -AUTHORS - Markus Friedl <markus@openbsd.org> - -OpenBSD 5.8 July 16, 2013 OpenBSD 5.8 diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index f2d5863..53f41c5 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.12 2016/02/15 09:47:49 dtucker Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -280,6 +280,7 @@ main(int argc, char **argv) extern char *__progname; + ssh_malloc_init(); /* must be called before any mallocs */ TAILQ_INIT(&pkcs11_keylist); pkcs11_init(0); diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 83255c3..d1f750d 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.21 2015/07/18 08:02:17 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.22 2016/02/12 00:20:30 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -27,7 +27,6 @@ #include <stdio.h> #include <string.h> - #include <dlfcn.h> #include "openbsd-compat/sys-queue.h" @@ -109,7 +108,6 @@ pkcs11_provider_finalize(struct pkcs11_provider *p) error("C_Finalize failed: %lu", rv); p->valid = 0; p->function_list = NULL; - dlclose(p->handle); } @@ -324,8 +322,10 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, k11->slotidx = slotidx; /* identify key object on smartcard */ k11->keyid_len = keyid_attrib->ulValueLen; - k11->keyid = xmalloc(k11->keyid_len); - memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); + if (k11->keyid_len > 0) { + k11->keyid = xmalloc(k11->keyid_len); + memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); + } k11->orig_finish = def->finish; memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); k11->rsa_method.name = "pkcs11"; @@ -589,7 +589,6 @@ pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp) error("dlsym(C_GetFunctionList) failed: %s", dlerror()); goto fail; } - p = xcalloc(1, sizeof(*p)); p->name = xstrdup(provider_id); p->handle = handle; @@ -674,10 +673,8 @@ fail: free(p->slotinfo); free(p); } - if (handle) dlclose(handle); - return (-1); } diff --git a/ssh-rsa.c b/ssh-rsa.c index cdc18a4..a6db2a0 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.53 2015/06/15 01:32:50 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.59 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> * @@ -36,16 +36,56 @@ static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); +static const char * +rsa_hash_alg_ident(int hash_alg) +{ + switch (hash_alg) { + case SSH_DIGEST_SHA1: + return "ssh-rsa"; + case SSH_DIGEST_SHA256: + return "rsa-sha2-256"; + case SSH_DIGEST_SHA512: + return "rsa-sha2-512"; + } + return NULL; +} + +static int +rsa_hash_alg_from_ident(const char *ident) +{ + if (strcmp(ident, "ssh-rsa") == 0) + return SSH_DIGEST_SHA1; + if (strcmp(ident, "rsa-sha2-256") == 0) + return SSH_DIGEST_SHA256; + if (strcmp(ident, "rsa-sha2-512") == 0) + return SSH_DIGEST_SHA512; + return -1; +} + +static int +rsa_hash_alg_nid(int type) +{ + switch (type) { + case SSH_DIGEST_SHA1: + return NID_sha1; + case SSH_DIGEST_SHA256: + return NID_sha256; + case SSH_DIGEST_SHA512: + return NID_sha512; + default: + return -1; + } +} + /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, const char *alg_ident) { - int hash_alg; u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL; size_t slen; u_int dlen, len; - int nid, ret = SSH_ERR_INTERNAL_ERROR; + int nid, hash_alg, ret = SSH_ERR_INTERNAL_ERROR; struct sshbuf *b = NULL; if (lenp != NULL) @@ -53,16 +93,21 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, if (sigp != NULL) *sigp = NULL; - if (key == NULL || key->rsa == NULL || - sshkey_type_plain(key->type) != KEY_RSA) + if (alg_ident == NULL || strlen(alg_ident) == 0 || + strncmp(alg_ident, "ssh-rsa-cert", strlen("ssh-rsa-cert")) == 0) + hash_alg = SSH_DIGEST_SHA1; + else + hash_alg = rsa_hash_alg_from_ident(alg_ident); + if (key == NULL || key->rsa == NULL || hash_alg == -1 || + sshkey_type_plain(key->type) != KEY_RSA || + BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) return SSH_ERR_INVALID_ARGUMENT; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) return SSH_ERR_INVALID_ARGUMENT; /* hash the data */ - hash_alg = SSH_DIGEST_SHA1; - nid = NID_sha1; + nid = rsa_hash_alg_nid(hash_alg); if ((dlen = ssh_digest_bytes(hash_alg)) == 0) return SSH_ERR_INTERNAL_ERROR; if ((ret = ssh_digest_memory(hash_alg, data, datalen, @@ -91,7 +136,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, ret = SSH_ERR_ALLOC_FAIL; goto out; } - if ((ret = sshbuf_put_cstring(b, "ssh-rsa")) != 0 || + if ((ret = sshbuf_put_cstring(b, rsa_hash_alg_ident(hash_alg))) != 0 || (ret = sshbuf_put_string(b, sig, slen)) != 0) goto out; len = sshbuf_len(b); @@ -111,15 +156,13 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, explicit_bzero(sig, slen); free(sig); } - if (b != NULL) - sshbuf_free(b); + sshbuf_free(b); return ret; } int ssh_rsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, const u_char *data, size_t datalen) { char *ktype = NULL; int hash_alg, ret = SSH_ERR_INTERNAL_ERROR; @@ -129,16 +172,17 @@ ssh_rsa_verify(const struct sshkey *key, if (key == NULL || key->rsa == NULL || sshkey_type_plain(key->type) != KEY_RSA || - BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) + BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &ktype, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; } - if (strcmp("ssh-rsa", ktype) != 0) { + if ((hash_alg = rsa_hash_alg_from_ident(ktype)) == -1) { ret = SSH_ERR_KEY_TYPE_MISMATCH; goto out; } @@ -167,7 +211,6 @@ ssh_rsa_verify(const struct sshkey *key, explicit_bzero(sigblob, diff); len = modlen; } - hash_alg = SSH_DIGEST_SHA1; if ((dlen = ssh_digest_bytes(hash_alg)) == 0) { ret = SSH_ERR_INTERNAL_ERROR; goto out; @@ -183,10 +226,8 @@ ssh_rsa_verify(const struct sshkey *key, explicit_bzero(sigblob, len); free(sigblob); } - if (ktype != NULL) - free(ktype); - if (b != NULL) - sshbuf_free(b); + free(ktype); + sshbuf_free(b); explicit_bzero(digest, sizeof(digest)); return ret; } @@ -196,6 +237,7 @@ ssh_rsa_verify(const struct sshkey *key, * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn */ + /* * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) * oiw(14) secsig(3) algorithms(2) 26 } @@ -209,25 +251,71 @@ static const u_char id_sha1[] = { 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ }; +/* + * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + * id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) + * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) + * id-sha256(1) } + */ +static const u_char id_sha256[] = { + 0x30, 0x31, /* type Sequence, length 0x31 (49) */ + 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ + 0x06, 0x09, /* type OID, length 0x09 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, /* id-sha256 */ + 0x05, 0x00, /* NULL */ + 0x04, 0x20 /* Octet string, length 0x20 (32), followed by sha256 hash */ +}; + +/* + * See http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + * id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) + * organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) + * id-sha256(3) } + */ +static const u_char id_sha512[] = { + 0x30, 0x51, /* type Sequence, length 0x51 (81) */ + 0x30, 0x0d, /* type Sequence, length 0x0d (13) */ + 0x06, 0x09, /* type OID, length 0x09 */ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, /* id-sha512 */ + 0x05, 0x00, /* NULL */ + 0x04, 0x40 /* Octet string, length 0x40 (64), followed by sha512 hash */ +}; + +static int +rsa_hash_alg_oid(int hash_alg, const u_char **oidp, size_t *oidlenp) +{ + switch (hash_alg) { + case SSH_DIGEST_SHA1: + *oidp = id_sha1; + *oidlenp = sizeof(id_sha1); + break; + case SSH_DIGEST_SHA256: + *oidp = id_sha256; + *oidlenp = sizeof(id_sha256); + break; + case SSH_DIGEST_SHA512: + *oidp = id_sha512; + *oidlenp = sizeof(id_sha512); + break; + default: + return SSH_ERR_INVALID_ARGUMENT; + } + return 0; +} + static int openssh_RSA_verify(int hash_alg, u_char *hash, size_t hashlen, u_char *sigbuf, size_t siglen, RSA *rsa) { - size_t ret, rsasize = 0, oidlen = 0, hlen = 0; - int len, oidmatch, hashmatch; + size_t rsasize = 0, oidlen = 0, hlen = 0; + int ret, len, oidmatch, hashmatch; const u_char *oid = NULL; u_char *decrypted = NULL; + if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0) + return ret; ret = SSH_ERR_INTERNAL_ERROR; - switch (hash_alg) { - case SSH_DIGEST_SHA1: - oid = id_sha1; - oidlen = sizeof(id_sha1); - hlen = 20; - break; - default: - goto done; - } + hlen = ssh_digest_bytes(hash_alg); if (hashlen != hlen) { ret = SSH_ERR_INVALID_ARGUMENT; goto done; diff --git a/ssh.0 b/ssh.0 deleted file mode 100644 index ad4817a..0000000 --- a/ssh.0 +++ /dev/null @@ -1,972 +0,0 @@ -SSH(1) General Commands Manual SSH(1) - -NAME - ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) - -SYNOPSIS - ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] - [-D [bind_address:]port] [-E log_file] [-e escape_char] - [-F configfile] [-I pkcs11] [-i identity_file] [-L address] - [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] - [-Q cipher | cipher-auth | mac | kex | key | protocol-version] - [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] - [user@]hostname [command] - -DESCRIPTION - ssh (SSH client) is a program for logging into a remote machine and for - executing commands on a remote machine. It is intended to replace rlogin - and rsh, and provide secure encrypted communications between two - untrusted hosts over an insecure network. X11 connections, arbitrary TCP - ports and UNIX-domain sockets can also be forwarded over the secure - channel. - - ssh connects and logs into the specified hostname (with optional user - name). The user must prove his/her identity to the remote machine using - one of several methods depending on the protocol version used (see - below). - - If command is specified, it is executed on the remote host instead of a - login shell. - - The options are as follows: - - -1 Forces ssh to try protocol version 1 only. - - -2 Forces ssh to try protocol version 2 only. - - -4 Forces ssh to use IPv4 addresses only. - - -6 Forces ssh to use IPv6 addresses only. - - -A Enables forwarding of the authentication agent connection. This - can also be specified on a per-host basis in a configuration - file. - - Agent forwarding should be enabled with caution. Users with the - ability to bypass file permissions on the remote host (for the - agent's UNIX-domain socket) can access the local agent through - the forwarded connection. An attacker cannot obtain key material - from the agent, however they can perform operations on the keys - that enable them to authenticate using the identities loaded into - the agent. - - -a Disables forwarding of the authentication agent connection. - - -b bind_address - Use bind_address on the local machine as the source address of - the connection. Only useful on systems with more than one - address. - - -C Requests compression of all data (including stdin, stdout, - stderr, and data for forwarded X11, TCP and UNIX-domain - connections). The compression algorithm is the same used by - gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the - CompressionLevel option for protocol version 1. Compression is - desirable on modem lines and other slow connections, but will - only slow down things on fast networks. The default value can be - set on a host-by-host basis in the configuration files; see the - Compression option. - - -c cipher_spec - Selects the cipher specification for encrypting the session. - - Protocol version 1 allows specification of a single cipher. The - supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol - version 2, cipher_spec is a comma-separated list of ciphers - listed in order of preference. See the Ciphers keyword in - ssh_config(5) for more information. - - -D [bind_address:]port - Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. - This works by allocating a socket to listen to port on the local - side, optionally bound to the specified bind_address. Whenever a - connection is made to this port, the connection is forwarded over - the secure channel, and the application protocol is then used to - determine where to connect to from the remote machine. Currently - the SOCKS4 and SOCKS5 protocols are supported, and ssh will act - as a SOCKS server. Only root can forward privileged ports. - Dynamic port forwardings can also be specified in the - configuration file. - - IPv6 addresses can be specified by enclosing the address in - square brackets. Only the superuser can forward privileged - ports. By default, the local port is bound in accordance with - the GatewayPorts setting. However, an explicit bind_address may - be used to bind the connection to a specific address. The - bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be - bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates - that the port should be available from all interfaces. - - -E log_file - Append debug logs to log_file instead of standard error. - - -e escape_char - Sets the escape character for sessions with a pty (default: M-bM-^@M-^X~M-bM-^@M-^Y). - The escape character is only recognized at the beginning of a - line. The escape character followed by a dot (M-bM-^@M-^X.M-bM-^@M-^Y) closes the - connection; followed by control-Z suspends the connection; and - followed by itself sends the escape character once. Setting the - character to M-bM-^@M-^\noneM-bM-^@M-^] disables any escapes and makes the session - fully transparent. - - -F configfile - Specifies an alternative per-user configuration file. If a - configuration file is given on the command line, the system-wide - configuration file (/etc/ssh/ssh_config) will be ignored. The - default for the per-user configuration file is ~/.ssh/config. - - -f Requests ssh to go to background just before command execution. - This is useful if ssh is going to ask for passwords or - passphrases, but the user wants it in the background. This - implies -n. The recommended way to start X11 programs at a - remote site is with something like ssh -f host xterm. - - If the ExitOnForwardFailure configuration option is set to M-bM-^@M-^\yesM-bM-^@M-^], - then a client started with -f will wait for all remote port - forwards to be successfully established before placing itself in - the background. - - -G Causes ssh to print its configuration after evaluating Host and - Match blocks and exit. - - -g Allows remote hosts to connect to local forwarded ports. If used - on a multiplexed connection, then this option must be specified - on the master process. - - -I pkcs11 - Specify the PKCS#11 shared library ssh should use to communicate - with a PKCS#11 token providing the user's private RSA key. - - -i identity_file - Selects a file from which the identity (private key) for public - key authentication is read. The default is ~/.ssh/identity for - protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, - ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. - Identity files may also be specified on a per-host basis in the - configuration file. It is possible to have multiple -i options - (and multiple identities specified in configuration files). ssh - will also try to load certificate information from the filename - obtained by appending -cert.pub to identity filenames. - - -K Enables GSSAPI-based authentication and forwarding (delegation) - of GSSAPI credentials to the server. - - -k Disables forwarding (delegation) of GSSAPI credentials to the - server. - - -L [bind_address:]port:host:hostport - -L [bind_address:]port:remote_socket - -L local_socket:host:hostport - -L local_socket:remote_socket - Specifies that connections to the given TCP port or Unix socket - on the local (client) host are to be forwarded to the given host - and port, or Unix socket, on the remote side. This works by - allocating a socket to listen to either a TCP port on the local - side, optionally bound to the specified bind_address, or to a - Unix socket. Whenever a connection is made to the local port or - socket, the connection is forwarded over the secure channel, and - a connection is made to either host port hostport, or the Unix - socket remote_socket, from the remote machine. - - Port forwardings can also be specified in the configuration file. - Only the superuser can forward privileged ports. IPv6 addresses - can be specified by enclosing the address in square brackets. - - By default, the local port is bound in accordance with the - GatewayPorts setting. However, an explicit bind_address may be - used to bind the connection to a specific address. The - bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be - bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates - that the port should be available from all interfaces. - - -l login_name - Specifies the user to log in as on the remote machine. This also - may be specified on a per-host basis in the configuration file. - - -M Places the ssh client into M-bM-^@M-^\masterM-bM-^@M-^] mode for connection sharing. - Multiple -M options places ssh into M-bM-^@M-^\masterM-bM-^@M-^] mode with - confirmation required before slave connections are accepted. - Refer to the description of ControlMaster in ssh_config(5) for - details. - - -m mac_spec - Additionally, for protocol version 2 a comma-separated list of - MAC (message authentication code) algorithms can be specified in - order of preference. See the MACs keyword for more information. - - -N Do not execute a remote command. This is useful for just - forwarding ports (protocol version 2 only). - - -n Redirects stdin from /dev/null (actually, prevents reading from - stdin). This must be used when ssh is run in the background. A - common trick is to use this to run X11 programs on a remote - machine. For example, ssh -n shadows.cs.hut.fi emacs & will - start an emacs on shadows.cs.hut.fi, and the X11 connection will - be automatically forwarded over an encrypted channel. The ssh - program will be put in the background. (This does not work if - ssh needs to ask for a password or passphrase; see also the -f - option.) - - -O ctl_cmd - Control an active connection multiplexing master process. When - the -O option is specified, the ctl_cmd argument is interpreted - and passed to the master process. Valid commands are: M-bM-^@M-^\checkM-bM-^@M-^] - (check that the master process is running), M-bM-^@M-^\forwardM-bM-^@M-^] (request - forwardings without command execution), M-bM-^@M-^\cancelM-bM-^@M-^] (cancel - forwardings), M-bM-^@M-^\exitM-bM-^@M-^] (request the master to exit), and M-bM-^@M-^\stopM-bM-^@M-^] - (request the master to stop accepting further multiplexing - requests). - - -o option - Can be used to give options in the format used in the - configuration file. This is useful for specifying options for - which there is no separate command-line flag. For full details - of the options listed below, and their possible values, see - ssh_config(5). - - AddressFamily - BatchMode - BindAddress - CanonicalDomains - CanonicalizeFallbackLocal - CanonicalizeHostname - CanonicalizeMaxDots - CanonicalizePermittedCNAMEs - ChallengeResponseAuthentication - CheckHostIP - Cipher - Ciphers - ClearAllForwardings - Compression - CompressionLevel - ConnectionAttempts - ConnectTimeout - ControlMaster - ControlPath - ControlPersist - DynamicForward - EscapeChar - ExitOnForwardFailure - FingerprintHash - ForwardAgent - ForwardX11 - ForwardX11Timeout - ForwardX11Trusted - GatewayPorts - GlobalKnownHostsFile - GSSAPIAuthentication - GSSAPIDelegateCredentials - HashKnownHosts - Host - HostbasedAuthentication - HostbasedKeyTypes - HostKeyAlgorithms - HostKeyAlias - HostName - IdentityFile - IdentitiesOnly - IPQoS - KbdInteractiveAuthentication - KbdInteractiveDevices - KexAlgorithms - LocalCommand - LocalForward - LogLevel - MACs - Match - NoHostAuthenticationForLocalhost - NumberOfPasswordPrompts - PasswordAuthentication - PermitLocalCommand - PKCS11Provider - Port - PreferredAuthentications - Protocol - ProxyCommand - ProxyUseFdpass - PubkeyAcceptedKeyTypes - PubkeyAuthentication - RekeyLimit - RemoteForward - RequestTTY - RhostsRSAAuthentication - RSAAuthentication - SendEnv - ServerAliveInterval - ServerAliveCountMax - StreamLocalBindMask - StreamLocalBindUnlink - StrictHostKeyChecking - TCPKeepAlive - Tunnel - TunnelDevice - UpdateHostKeys - UsePrivilegedPort - User - UserKnownHostsFile - VerifyHostKeyDNS - VisualHostKey - XAuthLocation - - -p port - Port to connect to on the remote host. This can be specified on - a per-host basis in the configuration file. - - -Q cipher | cipher-auth | mac | kex | key | protocol-version - Queries ssh for the algorithms supported for the specified - version 2. The available features are: cipher (supported - symmetric ciphers), cipher-auth (supported symmetric ciphers that - support authenticated encryption), mac (supported message - integrity codes), kex (key exchange algorithms), key (key types) - and protocol-version (supported SSH protocol versions). - - -q Quiet mode. Causes most warning and diagnostic messages to be - suppressed. - - -R [bind_address:]port:host:hostport - -R [bind_address:]port:local_socket - -R remote_socket:host:hostport - -R remote_socket:local_socket - Specifies that connections to the given TCP port or Unix socket - on the remote (server) host are to be forwarded to the given host - and port, or Unix socket, on the local side. This works by - allocating a socket to listen to either a TCP port or to a Unix - socket on the remote side. Whenever a connection is made to this - port or Unix socket, the connection is forwarded over the secure - channel, and a connection is made to either host port hostport, - or local_socket, from the local machine. - - Port forwardings can also be specified in the configuration file. - Privileged ports can be forwarded only when logging in as root on - the remote machine. IPv6 addresses can be specified by enclosing - the address in square brackets. - - By default, TCP listening sockets on the server will be bound to - the loopback interface only. This may be overridden by - specifying a bind_address. An empty bind_address, or the address - M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all - interfaces. Specifying a remote bind_address will only succeed - if the server's GatewayPorts option is enabled (see - sshd_config(5)). - - If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically - allocated on the server and reported to the client at run time. - When used together with -O forward the allocated port will be - printed to the standard output. - - -S ctl_path - Specifies the location of a control socket for connection - sharing, or the string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing. - Refer to the description of ControlPath and ControlMaster in - ssh_config(5) for details. - - -s May be used to request invocation of a subsystem on the remote - system. Subsystems are a feature of the SSH2 protocol which - facilitate the use of SSH as a secure transport for other - applications (eg. sftp(1)). The subsystem is specified as the - remote command. - - -T Disable pseudo-terminal allocation. - - -t Force pseudo-terminal allocation. This can be used to execute - arbitrary screen-based programs on a remote machine, which can be - very useful, e.g. when implementing menu services. Multiple -t - options force tty allocation, even if ssh has no local tty. - - -V Display the version number and exit. - - -v Verbose mode. Causes ssh to print debugging messages about its - progress. This is helpful in debugging connection, - authentication, and configuration problems. Multiple -v options - increase the verbosity. The maximum is 3. - - -W host:port - Requests that standard input and output on the client be - forwarded to host on port over the secure channel. Implies -N, - -T, ExitOnForwardFailure and ClearAllForwardings. Works with - Protocol version 2 only. - - -w local_tun[:remote_tun] - Requests tunnel device forwarding with the specified tun(4) - devices between the client (local_tun) and the server - (remote_tun). - - The devices may be specified by numerical ID or the keyword - M-bM-^@M-^\anyM-bM-^@M-^], which uses the next available tunnel device. If - remote_tun is not specified, it defaults to M-bM-^@M-^\anyM-bM-^@M-^]. See also the - Tunnel and TunnelDevice directives in ssh_config(5). If the - Tunnel directive is unset, it is set to the default tunnel mode, - which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. - - -X Enables X11 forwarding. This can also be specified on a per-host - basis in a configuration file. - - X11 forwarding should be enabled with caution. Users with the - ability to bypass file permissions on the remote host (for the - user's X authorization database) can access the local X11 display - through the forwarded connection. An attacker may then be able - to perform activities such as keystroke monitoring. - - For this reason, X11 forwarding is subjected to X11 SECURITY - extension restrictions by default. Please refer to the ssh -Y - option and the ForwardX11Trusted directive in ssh_config(5) for - more information. - - -x Disables X11 forwarding. - - -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not - subjected to the X11 SECURITY extension controls. - - -y Send log information using the syslog(3) system module. By - default this information is sent to stderr. - - ssh may additionally obtain configuration data from a per-user - configuration file and a system-wide configuration file. The file format - and configuration options are described in ssh_config(5). - -AUTHENTICATION - The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to - use protocol 2 only, though this can be changed via the Protocol option - in ssh_config(5) or the -1 and -2 options (see above). Both protocols - support similar authentication methods, but protocol 2 is the default - since it provides additional mechanisms for confidentiality (the traffic - is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and - integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64, - umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for - ensuring the integrity of the connection. - - The methods available for authentication are: GSSAPI-based - authentication, host-based authentication, public key authentication, - challenge-response authentication, and password authentication. - Authentication methods are tried in the order specified above, though - protocol 2 has a configuration option to change the default order: - PreferredAuthentications. - - Host-based authentication works as follows: If the machine the user logs - in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote - machine, and the user names are the same on both sides, or if the files - ~/.rhosts or ~/.shosts exist in the user's home directory on the remote - machine and contain a line containing the name of the client machine and - the name of the user on that machine, the user is considered for login. - Additionally, the server must be able to verify the client's host key - (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, - below) for login to be permitted. This authentication method closes - security holes due to IP spoofing, DNS spoofing, and routing spoofing. - [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the - rlogin/rsh protocol in general, are inherently insecure and should be - disabled if security is desired.] - - Public key authentication works as follows: The scheme is based on - public-key cryptography, using cryptosystems where encryption and - decryption are done using separate keys, and it is unfeasible to derive - the decryption key from the encryption key. The idea is that each user - creates a public/private key pair for authentication purposes. The - server knows the public key, and only the user knows the private key. - ssh implements public key authentication protocol automatically, using - one of the DSA, ECDSA, Ed25519 or RSA algorithms. Protocol 1 is - restricted to using only RSA keys, but protocol 2 may use any. The - HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA - algorithms. - - The file ~/.ssh/authorized_keys lists the public keys that are permitted - for logging in. When the user logs in, the ssh program tells the server - which key pair it would like to use for authentication. The client - proves that it has access to the private key and the server checks that - the corresponding public key is authorized to accept the account. - - The user creates his/her key pair by running ssh-keygen(1). This stores - the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol - 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2 - Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in - ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), - ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2 - Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home - directory. The user should then copy the public key to - ~/.ssh/authorized_keys in his/her home directory on the remote machine. - The authorized_keys file corresponds to the conventional ~/.rhosts file, - and has one key per line, though the lines can be very long. After this, - the user can log in without giving the password. - - A variation on public key authentication is available in the form of - certificate authentication: instead of a set of public/private keys, - signed certificates are used. This has the advantage that a single - trusted certification authority can be used in place of many - public/private keys. See the CERTIFICATES section of ssh-keygen(1) for - more information. - - The most convenient way to use public key or certificate authentication - may be with an authentication agent. See ssh-agent(1) for more - information. - - Challenge-response authentication works as follows: The server sends an - arbitrary "challenge" text, and prompts for a response. Protocol 2 - allows multiple challenges and responses; protocol 1 is restricted to - just one challenge/response. Examples of challenge-response - authentication include BSD Authentication (see login.conf(5)) and PAM - (some non-OpenBSD systems). - - Finally, if other authentication methods fail, ssh prompts the user for a - password. The password is sent to the remote host for checking; however, - since all communications are encrypted, the password cannot be seen by - someone listening on the network. - - ssh automatically maintains and checks a database containing - identification for all hosts it has ever been used with. Host keys are - stored in ~/.ssh/known_hosts in the user's home directory. Additionally, - the file /etc/ssh/ssh_known_hosts is automatically checked for known - hosts. Any new hosts are automatically added to the user's file. If a - host's identification ever changes, ssh warns about this and disables - password authentication to prevent server spoofing or man-in-the-middle - attacks, which could otherwise be used to circumvent the encryption. The - StrictHostKeyChecking option can be used to control logins to machines - whose host key is not known or has changed. - - When the user's identity has been accepted by the server, the server - either executes the given command in a non-interactive session or, if no - command has been specified, logs into the machine and gives the user a - normal shell as an interactive session. All communication with the - remote command or shell will be automatically encrypted. - - If an interactive session is requested ssh by default will only request a - pseudo-terminal (pty) for interactive sessions when the client has one. - The flags -T and -t can be used to override this behaviour. - - If a pseudo-terminal has been allocated the user may use the escape - characters noted below. - - If no pseudo-terminal has been allocated, the session is transparent and - can be used to reliably transfer binary data. On most systems, setting - the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent - even if a tty is used. - - The session terminates when the command or shell on the remote machine - exits and all X11 and TCP connections have been closed. - -ESCAPE CHARACTERS - When a pseudo-terminal has been requested, ssh supports a number of - functions through the use of an escape character. - - A single tilde character can be sent as ~~ or by following the tilde by a - character other than those described below. The escape character must - always follow a newline to be interpreted as special. The escape - character can be changed in configuration files using the EscapeChar - configuration directive or on the command line by the -e option. - - The supported escapes (assuming the default M-bM-^@M-^X~M-bM-^@M-^Y) are: - - ~. Disconnect. - - ~^Z Background ssh. - - ~# List forwarded connections. - - ~& Background ssh at logout when waiting for forwarded connection / - X11 sessions to terminate. - - ~? Display a list of escape characters. - - ~B Send a BREAK to the remote system (only useful for SSH protocol - version 2 and if the peer supports it). - - ~C Open command line. Currently this allows the addition of port - forwardings using the -L, -R and -D options (see above). It also - allows the cancellation of existing port-forwardings with - -KL[bind_address:]port for local, -KR[bind_address:]port for - remote and -KD[bind_address:]port for dynamic port-forwardings. - !command allows the user to execute a local command if the - PermitLocalCommand option is enabled in ssh_config(5). Basic - help is available, using the -h option. - - ~R Request rekeying of the connection (only useful for SSH protocol - version 2 and if the peer supports it). - - ~V Decrease the verbosity (LogLevel) when errors are being written - to stderr. - - ~v Increase the verbosity (LogLevel) when errors are being written - to stderr. - -TCP FORWARDING - Forwarding of arbitrary TCP connections over the secure channel can be - specified either on the command line or in a configuration file. One - possible application of TCP forwarding is a secure connection to a mail - server; another is going through firewalls. - - In the example below, we look at encrypting communication between an IRC - client and server, even though the IRC server does not directly support - encrypted communications. This works as follows: the user connects to - the remote host using ssh, specifying a port to be used to forward - connections to the remote server. After that it is possible to start the - service which is to be encrypted on the client machine, connecting to the - same local port, and ssh will encrypt and forward the connection. - - The following example tunnels an IRC session from client machine - M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]: - - $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 - $ irc -c '#users' -p 1234 pinky 127.0.0.1 - - This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining - channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234. It doesn't matter - which port is used, as long as it's greater than 1023 (remember, only - root can open sockets on privileged ports) and doesn't conflict with any - ports already in use. The connection is forwarded to port 6667 on the - remote server, since that's the standard port for IRC services. - - The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is - specified to allow an amount of time (10 seconds, in the example) to - start the service which is to be tunnelled. If no connections are made - within the time specified, ssh will exit. - -X11 FORWARDING - If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the - -X, -x, and -Y options above) and the user is using X11 (the DISPLAY - environment variable is set), the connection to the X11 display is - automatically forwarded to the remote side in such a way that any X11 - programs started from the shell (or command) will go through the - encrypted channel, and the connection to the real X server will be made - from the local machine. The user should not manually set DISPLAY. - Forwarding of X11 connections can be configured on the command line or in - configuration files. - - The DISPLAY value set by ssh will point to the server machine, but with a - display number greater than zero. This is normal, and happens because - ssh creates a M-bM-^@M-^\proxyM-bM-^@M-^] X server on the server machine for forwarding the - connections over the encrypted channel. - - ssh will also automatically set up Xauthority data on the server machine. - For this purpose, it will generate a random authorization cookie, store - it in Xauthority on the server, and verify that any forwarded connections - carry this cookie and replace it by the real cookie when the connection - is opened. The real authentication cookie is never sent to the server - machine (and no cookies are sent in the plain). - - If the ForwardAgent variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of - the -A and -a options above) and the user is using an authentication - agent, the connection to the agent is automatically forwarded to the - remote side. - -VERIFYING HOST KEYS - When connecting to a server for the first time, a fingerprint of the - server's public key is presented to the user (unless the option - StrictHostKeyChecking has been disabled). Fingerprints can be determined - using ssh-keygen(1): - - $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key - - If the fingerprint is already known, it can be matched and the key can be - accepted or rejected. If only legacy (MD5) fingerprints for the server - are available, the ssh-keygen(1) -E option may be used to downgrade the - fingerprint algorithm to match. - - Because of the difficulty of comparing host keys just by looking at - fingerprint strings, there is also support to compare host keys visually, - using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small - ASCII graphic gets displayed on every login to a server, no matter if the - session itself is interactive or not. By learning the pattern a known - server produces, a user can easily find out that the host key has changed - when a completely different pattern is displayed. Because these patterns - are not unambiguous however, a pattern that looks similar to the pattern - remembered only gives a good probability that the host key is the same, - not guaranteed proof. - - To get a listing of the fingerprints along with their random art for all - known hosts, the following command line can be used: - - $ ssh-keygen -lv -f ~/.ssh/known_hosts - - If the fingerprint is unknown, an alternative method of verification is - available: SSH fingerprints verified by DNS. An additional resource - record (RR), SSHFP, is added to a zonefile and the connecting client is - able to match the fingerprint with that of the key presented. - - In this example, we are connecting a client to a server, - M-bM-^@M-^\host.example.comM-bM-^@M-^]. The SSHFP resource records should first be added to - the zonefile for host.example.com: - - $ ssh-keygen -r host.example.com. - - The output lines will have to be added to the zonefile. To check that - the zone is answering fingerprint queries: - - $ dig -t SSHFP host.example.com - - Finally the client connects: - - $ ssh -o "VerifyHostKeyDNS ask" host.example.com - [...] - Matching host key fingerprint found in DNS. - Are you sure you want to continue connecting (yes/no)? - - See the VerifyHostKeyDNS option in ssh_config(5) for more information. - -SSH-BASED VIRTUAL PRIVATE NETWORKS - ssh contains support for Virtual Private Network (VPN) tunnelling using - the tun(4) network pseudo-device, allowing two networks to be joined - securely. The sshd_config(5) configuration option PermitTunnel controls - whether the server supports this, and at what level (layer 2 or 3 - traffic). - - The following example would connect client network 10.0.50.0/24 with - remote network 10.0.99.0/24 using a point-to-point connection from - 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway - to the remote network, at 192.168.1.15, allows it. - - On the client: - - # ssh -f -w 0:1 192.168.1.15 true - # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 - # route add 10.0.99.0/24 10.1.1.2 - - On the server: - - # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 - # route add 10.0.50.0/24 10.1.1.1 - - Client access may be more finely tuned via the /root/.ssh/authorized_keys - file (see below) and the PermitRootLogin server option. The following - entry would permit connections on tun(4) device 1 from user M-bM-^@M-^\janeM-bM-^@M-^] and on - tun device 2 from user M-bM-^@M-^\johnM-bM-^@M-^], if PermitRootLogin is set to - M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^]: - - tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane - tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john - - Since an SSH-based setup entails a fair amount of overhead, it may be - more suited to temporary setups, such as for wireless VPNs. More - permanent VPNs are better provided by tools such as ipsecctl(8) and - isakmpd(8). - -ENVIRONMENT - ssh will normally set the following environment variables: - - DISPLAY The DISPLAY variable indicates the location of the - X11 server. It is automatically set by ssh to - point to a value of the form M-bM-^@M-^\hostname:nM-bM-^@M-^], where - M-bM-^@M-^\hostnameM-bM-^@M-^] indicates the host where the shell runs, - and M-bM-^@M-^XnM-bM-^@M-^Y is an integer M-bM-^IM-% 1. ssh uses this special - value to forward X11 connections over the secure - channel. The user should normally not set DISPLAY - explicitly, as that will render the X11 connection - insecure (and will require the user to manually - copy any required authorization cookies). - - HOME Set to the path of the user's home directory. - - LOGNAME Synonym for USER; set for compatibility with - systems that use this variable. - - MAIL Set to the path of the user's mailbox. - - PATH Set to the default PATH, as specified when - compiling ssh. - - SSH_ASKPASS If ssh needs a passphrase, it will read the - passphrase from the current terminal if it was run - from a terminal. If ssh does not have a terminal - associated with it but DISPLAY and SSH_ASKPASS are - set, it will execute the program specified by - SSH_ASKPASS and open an X11 window to read the - passphrase. This is particularly useful when - calling ssh from a .xsession or related script. - (Note that on some machines it may be necessary to - redirect the input from /dev/null to make this - work.) - - SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to - communicate with the agent. - - SSH_CONNECTION Identifies the client and server ends of the - connection. The variable contains four space- - separated values: client IP address, client port - number, server IP address, and server port number. - - SSH_ORIGINAL_COMMAND This variable contains the original command line if - a forced command is executed. It can be used to - extract the original arguments. - - SSH_TTY This is set to the name of the tty (path to the - device) associated with the current shell or - command. If the current session has no tty, this - variable is not set. - - TZ This variable is set to indicate the present time - zone if it was set when the daemon was started - (i.e. the daemon passes the value on to new - connections). - - USER Set to the name of the user logging in. - - Additionally, ssh reads ~/.ssh/environment, and adds lines of the format - M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are - allowed to change their environment. For more information, see the - PermitUserEnvironment option in sshd_config(5). - -FILES - ~/.rhosts - This file is used for host-based authentication (see above). On - some machines this file may need to be world-readable if the - user's home directory is on an NFS partition, because sshd(8) - reads it as root. Additionally, this file must be owned by the - user, and must not have write permissions for anyone else. The - recommended permission for most machines is read/write for the - user, and not accessible by others. - - ~/.shosts - This file is used in exactly the same way as .rhosts, but allows - host-based authentication without permitting login with - rlogin/rsh. - - ~/.ssh/ - This directory is the default location for all user-specific - configuration and authentication information. There is no - general requirement to keep the entire contents of this directory - secret, but the recommended permissions are read/write/execute - for the user, and not accessible by others. - - ~/.ssh/authorized_keys - Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used - for logging in as this user. The format of this file is - described in the sshd(8) manual page. This file is not highly - sensitive, but the recommended permissions are read/write for the - user, and not accessible by others. - - ~/.ssh/config - This is the per-user configuration file. The file format and - configuration options are described in ssh_config(5). Because of - the potential for abuse, this file must have strict permissions: - read/write for the user, and not writable by others. - - ~/.ssh/environment - Contains additional definitions for environment variables; see - ENVIRONMENT, above. - - ~/.ssh/identity - ~/.ssh/id_dsa - ~/.ssh/id_ecdsa - ~/.ssh/id_ed25519 - ~/.ssh/id_rsa - Contains the private key for authentication. These files contain - sensitive data and should be readable by the user but not - accessible by others (read/write/execute). ssh will simply - ignore a private key file if it is accessible by others. It is - possible to specify a passphrase when generating the key which - will be used to encrypt the sensitive part of this file using - 3DES. - - ~/.ssh/identity.pub - ~/.ssh/id_dsa.pub - ~/.ssh/id_ecdsa.pub - ~/.ssh/id_ed25519.pub - ~/.ssh/id_rsa.pub - Contains the public key for authentication. These files are not - sensitive and can (but need not) be readable by anyone. - - ~/.ssh/known_hosts - Contains a list of host keys for all hosts the user has logged - into that are not already in the systemwide list of known host - keys. See sshd(8) for further details of the format of this - file. - - ~/.ssh/rc - Commands in this file are executed by ssh when the user logs in, - just before the user's shell (or command) is started. See the - sshd(8) manual page for more information. - - /etc/hosts.equiv - This file is for host-based authentication (see above). It - should only be writable by root. - - /etc/shosts.equiv - This file is used in exactly the same way as hosts.equiv, but - allows host-based authentication without permitting login with - rlogin/rsh. - - /etc/ssh/ssh_config - Systemwide configuration file. The file format and configuration - options are described in ssh_config(5). - - /etc/ssh/ssh_host_key - /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_rsa_key - These files contain the private parts of the host keys and are - used for host-based authentication. If protocol version 1 is - used, ssh must be setuid root, since the host key is readable - only by root. For protocol version 2, ssh uses ssh-keysign(8) to - access the host keys, eliminating the requirement that ssh be - setuid root when host-based authentication is used. By default - ssh is not setuid root. - - /etc/ssh/ssh_known_hosts - Systemwide list of known host keys. This file should be prepared - by the system administrator to contain the public host keys of - all machines in the organization. It should be world-readable. - See sshd(8) for further details of the format of this file. - - /etc/ssh/sshrc - Commands in this file are executed by ssh when the user logs in, - just before the user's shell (or command) is started. See the - sshd(8) manual page for more information. - -EXIT STATUS - ssh exits with the exit status of the remote command or with 255 if an - error occurred. - -SEE ALSO - scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), - tun(4), ssh_config(5), ssh-keysign(8), sshd(8) - -STANDARDS - S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned - Numbers, RFC 4250, January 2006. - - T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, - RFC 4251, January 2006. - - T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, - RFC 4252, January 2006. - - T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer - Protocol, RFC 4253, January 2006. - - T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC - 4254, January 2006. - - J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell - (SSH) Key Fingerprints, RFC 4255, January 2006. - - F. Cusack and M. Forssen, Generic Message Exchange Authentication for the - Secure Shell Protocol (SSH), RFC 4256, January 2006. - - J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break - Extension, RFC 4335, January 2006. - - M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport - Layer Encryption Modes, RFC 4344, January 2006. - - B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport - Layer Protocol, RFC 4345, January 2006. - - M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for - the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. - - J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File - Format, RFC 4716, November 2006. - - D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the - Secure Shell Transport Layer, RFC 5656, December 2009. - - A. Perrig and D. Song, Hash Visualization: a New Technique to improve - Real-World Security, 1999, International Workshop on Cryptographic - Techniques and E-Commerce (CrypTEC '99). - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. - -OpenBSD 5.8 July 20, 2015 OpenBSD 5.8 diff --git a/ssh.1 b/ssh.1 index 2ea0a20..4011c65 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.361 2015/07/20 18:44:12 millert Exp $ -.Dd $Mdocdate: July 20 2015 $ +.\" $OpenBSD: ssh.1,v 1.376 2016/07/16 06:57:55 jmc Exp $ +.Dd $Mdocdate: July 16 2016 $ .Dt SSH 1 .Os .Sh NAME @@ -52,13 +52,14 @@ .Op Fl F Ar configfile .Op Fl I Ar pkcs11 .Op Fl i Ar identity_file +.Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port .Op Fl L Ar address .Op Fl l Ar login_name .Op Fl m Ar mac_spec .Op Fl O Ar ctl_cmd .Op Fl o Ar option .Op Fl p Ar port -.Op Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version +.Op Fl Q Ar query_option .Op Fl R Ar address .Op Fl S Ar ctl_path .Op Fl W Ar host : Ns Ar port @@ -70,8 +71,7 @@ .Nm (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. -It is intended to replace rlogin and rsh, -and provide secure encrypted communications between +It is intended to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections, arbitrary TCP ports and .Ux Ns -domain @@ -85,7 +85,7 @@ connects and logs into the specified name). The user must prove his/her identity to the remote machine using one of several methods -depending on the protocol version used (see below). +(see below). .Pp If .Ar command @@ -304,12 +304,33 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). +If no certificates have been explicitly specified by the +.Cm CertificateFile +directive, .Nm will also try to load certificate information from the filename obtained by appending .Pa -cert.pub to identity filenames. .Pp +.It Fl J Xo +.Sm off +.Op Ar user No @ +.Ar host +.Op : Ar port +.Sm on +.Xc +Connect to the target host by first making a +.Nm +connection to the jump +.Ar host +and then establishing a TCP forwarding to the ultimate destination from +there. +Multiple jump hops may be specified separated by comma characters. +This is a shortcut to specify a +.Cm ProxyJump +configuration directive. +.Pp .It Fl K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. @@ -400,17 +421,15 @@ in for details. .Pp .It Fl m Ar mac_spec -Additionally, for protocol version 2 a comma-separated list of MAC -(message authentication code) algorithms can -be specified in order of preference. +A comma-separated list of MAC (message authentication code) algorithms, +specified in order of preference. See the .Cm MACs keyword for more information. .Pp .It Fl N Do not execute a remote command. -This is useful for just forwarding ports -(protocol version 2 only). +This is useful for just forwarding ports. .Pp .It Fl n Redirects stdin from @@ -460,6 +479,7 @@ For full details of the options listed below, and their possible values, see .Xr ssh_config 5 . .Pp .Bl -tag -width Ds -offset indent -compact +.It AddKeysToAgent .It AddressFamily .It BatchMode .It BindAddress @@ -468,6 +488,7 @@ For full details of the options listed below, and their possible values, see .It CanonicalizeHostname .It CanonicalizeMaxDots .It CanonicalizePermittedCNAMEs +.It CertificateFile .It ChallengeResponseAuthentication .It CheckHostIP .It Cipher @@ -499,8 +520,10 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlgorithms .It HostKeyAlias .It HostName -.It IdentityFile .It IdentitiesOnly +.It IdentityAgent +.It IdentityFile +.It Include .It IPQoS .It KbdInteractiveAuthentication .It KbdInteractiveDevices @@ -519,6 +542,7 @@ For full details of the options listed below, and their possible values, see .It PreferredAuthentications .It Protocol .It ProxyCommand +.It ProxyJump .It ProxyUseFdpass .It PubkeyAcceptedKeyTypes .It PubkeyAuthentication @@ -550,7 +574,7 @@ Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file. .Pp -.It Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version +.It Fl Q Ar query_option Queries .Nm for the algorithms supported for the specified version 2. @@ -564,7 +588,11 @@ The available features are: .Ar kex (key exchange algorithms), .Ar key -(key types) and +(key types), +.Ar key-cert +(certificate key types), +.Ar key-plain +(non-certificate key types), and .Ar protocol-version (supported SSH protocol versions). .Pp @@ -656,8 +684,8 @@ for details. .Pp .It Fl s May be used to request invocation of a subsystem on the remote system. -Subsystems are a feature of the SSH2 protocol which facilitate the use -of SSH as a secure transport for other applications (eg.\& +Subsystems facilitate the use of SSH +as a secure transport for other applications (e.g.\& .Xr sftp 1 ) . The subsystem is specified as the remote command. .Pp @@ -701,8 +729,10 @@ Implies .Fl T , .Cm ExitOnForwardFailure and -.Cm ClearAllForwardings . -Works with Protocol version 2 only. +.Cm ClearAllForwardings , +though these can be overridden in the configuration file or using +.Fl o +command line options. .Pp .It Fl w Xo .Ar local_tun Ns Op : Ns Ar remote_tun @@ -787,15 +817,10 @@ or the and .Fl 2 options (see above). -Both protocols support similar authentication methods, -but protocol 2 is the default since -it provides additional mechanisms for confidentiality -(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) -and integrity (hmac-md5, hmac-sha1, -hmac-sha2-256, hmac-sha2-512, -umac-64, umac-128, hmac-ripemd160). -Protocol 1 lacks a strong mechanism for ensuring the -integrity of the connection. +Protocol 1 should not be used +and is only offered to support legacy devices. +It suffers from a number of cryptographic weaknesses +and doesn't support many of the advanced features available for protocol 2. .Pp The methods available for authentication are: GSSAPI-based authentication, @@ -804,8 +829,9 @@ public key authentication, challenge-response authentication, and password authentication. Authentication methods are tried in the order specified above, -though protocol 2 has a configuration option to change the default order: -.Cm PreferredAuthentications . +though +.Cm PreferredAuthentications +can be used to change the default order. .Pp Host-based authentication works as follows: If the machine the user logs in from is listed in @@ -849,8 +875,6 @@ The server knows the public key, and only the user knows the private key. .Nm implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms. -Protocol 1 is restricted to using only RSA keys, -but protocol 2 may use any. The HISTORY section of .Xr ssl 8 contains a brief discussion of the DSA and RSA algorithms. @@ -872,26 +896,26 @@ This stores the private key in .Pa ~/.ssh/identity (protocol 1), .Pa ~/.ssh/id_dsa -(protocol 2 DSA), +(DSA), .Pa ~/.ssh/id_ecdsa -(protocol 2 ECDSA), +(ECDSA), .Pa ~/.ssh/id_ed25519 -(protocol 2 Ed25519), +(Ed25519), or .Pa ~/.ssh/id_rsa -(protocol 2 RSA) +(RSA) and stores the public key in .Pa ~/.ssh/identity.pub (protocol 1), .Pa ~/.ssh/id_dsa.pub -(protocol 2 DSA), +(DSA), .Pa ~/.ssh/id_ecdsa.pub -(protocol 2 ECDSA), +(ECDSA), .Pa ~/.ssh/id_ed25519.pub -(protocol 2 Ed25519), +(Ed25519), or .Pa ~/.ssh/id_rsa.pub -(protocol 2 RSA) +(RSA) in the user's home directory. The user should then copy the public key to @@ -919,14 +943,16 @@ The most convenient way to use public key or certificate authentication may be with an authentication agent. See .Xr ssh-agent 1 +and (optionally) the +.Cm AddKeysToAgent +directive in +.Xr ssh_config 5 for more information. .Pp Challenge-response authentication works as follows: The server sends an arbitrary .Qq challenge text, and prompts for a response. -Protocol 2 allows multiple challenges and responses; -protocol 1 is restricted to just one challenge/response. Examples of challenge-response authentication include .Bx Authentication (see @@ -1025,7 +1051,7 @@ at logout when waiting for forwarded connection / X11 sessions to terminate. Display a list of escape characters. .It Cm ~B Send a BREAK to the remote system -(only useful for SSH protocol version 2 and if the peer supports it). +(only useful if the peer supports it). .It Cm ~C Open command line. Currently this allows the addition of port forwardings using the @@ -1058,7 +1084,7 @@ Basic help is available, using the option. .It Cm ~R Request rekeying of the connection -(only useful for SSH protocol version 2 and if the peer supports it). +(only useful if the peer supports it). .It Cm ~V Decrease the verbosity .Pq Ic LogLevel @@ -1526,20 +1552,6 @@ The file format and configuration options are described in .It Pa /etc/ssh/ssh_host_rsa_key These files contain the private parts of the host keys and are used for host-based authentication. -If protocol version 1 is used, -.Nm -must be setuid root, since the host key is readable only by root. -For protocol version 2, -.Nm -uses -.Xr ssh-keysign 8 -to access the host keys, -eliminating the requirement that -.Nm -be setuid root when host-based authentication is used. -By default -.Nm -is not setuid root. .Pp .It Pa /etc/ssh/ssh_known_hosts Systemwide list of known host keys. diff --git a/ssh.c b/ssh.c index d785bd0..3f2a3ed 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.445 2016/07/17 04:20:16 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -67,6 +67,7 @@ #include <string.h> #include <unistd.h> #include <limits.h> +#include <locale.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -105,7 +106,6 @@ #include "match.h" #include "msg.h" #include "uidswap.h" -#include "roaming.h" #include "version.h" #include "ssherr.h" #include "myproposal.h" @@ -114,13 +114,6 @@ #include "ssh-pkcs11.h" #endif -#ifdef WIN32_FIXME - #include <sys/stat.h> - - char dotsshdir[MAX_PATH]; - -#endif /* WIN32_FIXME */ - extern char *__progname; /* Saves a copy of argv for setproctitle emulation */ @@ -159,10 +152,6 @@ int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty; */ int fork_after_authentication_flag = 0; -/* forward stdio to remote host and port */ -char *stdio_forward_host = NULL; -int stdio_forward_port = 0; - /* * General data structure for command line options and options configurable * in configuration files. See readconf.h. @@ -211,11 +200,10 @@ usage(void) "usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" " [-F configfile] [-I pkcs11] [-i identity_file]\n" -" [-L address] [-l login_name] [-m mac_spec]\n" -" [-O ctl_cmd] [-o option] [-p port]\n" -" [-Q cipher | cipher-auth | mac | kex | key]\n" -" [-R address] [-S ctl_path] [-W host:port]\n" -" [-w local_tun[:remote_tun]] [user@]hostname [command]\n" +" [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n" +" [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]\n" +" [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n" +" [user@]hostname [command]\n" ); exit(255); } @@ -259,7 +247,7 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) if (port <= 0) port = default_ssh_port(); - snprintf(strport, sizeof strport, "%u", port); + snprintf(strport, sizeof strport, "%d", port); memset(&hints, 0, sizeof(hints)); hints.ai_family = options.address_family == -1 ? AF_UNSPEC : options.address_family; @@ -344,7 +332,7 @@ resolve_addr(const char *name, int port, char *caddr, size_t clen) * NB. this function must operate with a options having undefined members. */ static int -check_follow_cname(char **namep, const char *cname) +check_follow_cname(int direct, char **namep, const char *cname) { int i; struct allowed_cname *rule; @@ -356,9 +344,9 @@ check_follow_cname(char **namep, const char *cname) return 0; /* * Don't attempt to canonicalize names that will be interpreted by - * a proxy unless the user specifically requests so. + * a proxy or jump host unless the user specifically requests so. */ - if (!option_clear_or_none(options.proxy_command) && + if (!direct && options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) return 0; debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname); @@ -385,7 +373,7 @@ check_follow_cname(char **namep, const char *cname) static struct addrinfo * resolve_canonicalize(char **hostp, int port) { - int i, ndots; + int i, direct, ndots; char *cp, *fullhost, newname[NI_MAXHOST]; struct addrinfo *addrs; @@ -396,7 +384,9 @@ resolve_canonicalize(char **hostp, int port) * Don't attempt to canonicalize names that will be interpreted by * a proxy unless the user specifically requests so. */ - if (!option_clear_or_none(options.proxy_command) && + direct = option_clear_or_none(options.proxy_command) && + options.jump_host == NULL; + if (!direct && options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS) return NULL; @@ -413,6 +403,17 @@ resolve_canonicalize(char **hostp, int port) return addrs; } + /* If domain name is anchored, then resolve it now */ + if ((*hostp)[strlen(*hostp) - 1] == '.') { + debug3("%s: name is fully qualified", __func__); + fullhost = xstrdup(*hostp); + if ((addrs = resolve_host(fullhost, port, 0, + newname, sizeof(newname))) != NULL) + goto found; + free(fullhost); + goto notfound; + } + /* Don't apply canonicalization to sufficiently-qualified hostnames */ ndots = 0; for (cp = *hostp; *cp != '\0'; cp++) { @@ -436,10 +437,11 @@ resolve_canonicalize(char **hostp, int port) free(fullhost); continue; } + found: /* Remove trailing '.' */ fullhost[strlen(fullhost) - 1] = '\0'; /* Follow CNAME if requested */ - if (!check_follow_cname(&fullhost, newname)) { + if (!check_follow_cname(direct, &fullhost, newname)) { debug("Canonicalized hostname \"%s\" => \"%s\"", *hostp, fullhost); } @@ -447,6 +449,7 @@ resolve_canonicalize(char **hostp, int port) *hostp = fullhost; return addrs; } + notfound: if (!options.canonicalize_fallback_local) fatal("%s: Could not resolve host \"%s\"", __progname, *hostp); debug2("%s: host %s not found in any suffix", __func__, *hostp); @@ -507,17 +510,16 @@ set_addrinfo_port(struct addrinfo *addrs, int port) /* * Main program for the ssh client. */ - int main(int ac, char **av) { - int i, r, opt, exit_status, use_syslog, config_test = 0; + struct ssh *ssh = NULL; + int i, r, opt, exit_status, use_syslog, direct, config_test = 0; char *p, *cp, *line, *argv0, buf[PATH_MAX], *host_arg, *logfile; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; - char cname[NI_MAXHOST]; + char cname[NI_MAXHOST], uidstr[32], *conn_hash_hex; struct stat st; struct passwd *pw; - int timeout_ms; extern int optind, optreset; extern char *optarg; @@ -525,8 +527,8 @@ main(int ac, char **av) struct addrinfo *addrs = NULL; struct ssh_digest_ctx *md; u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; - char *conn_hash_hex; - + + ssh_malloc_init(); /* must be called before any mallocs */ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -593,6 +595,8 @@ main(int ac, char **av) */ umask(022); + setlocale(LC_CTYPE, ""); + /* * Initialize option structure to indicate that no values have been * set. @@ -606,331 +610,339 @@ main(int ac, char **av) argv0 = av[0]; again: - while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" - "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { - switch (opt) { - case '1': - options.protocol = SSH_PROTO_1; - break; - case '2': - options.protocol = SSH_PROTO_2; - break; - case '4': - options.address_family = AF_INET; - break; - case '6': - options.address_family = AF_INET6; - break; - case 'n': - stdin_null_flag = 1; - break; - case 'f': - fork_after_authentication_flag = 1; - stdin_null_flag = 1; - break; - case 'x': - options.forward_x11 = 0; - break; - case 'X': - options.forward_x11 = 1; - break; - case 'y': - use_syslog = 1; - break; - case 'E': - logfile = xstrdup(optarg); - break; - case 'G': - config_test = 1; - break; - case 'Y': - options.forward_x11 = 1; - options.forward_x11_trusted = 1; - break; - case 'g': - options.fwd_opts.gateway_ports = 1; - break; - case 'O': - if (stdio_forward_host != NULL) - fatal("Cannot specify multiplexing " - "command with -W"); - else if (muxclient_command != 0) - fatal("Multiplexing command already specified"); - if (strcmp(optarg, "check") == 0) - muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK; - else if (strcmp(optarg, "forward") == 0) - muxclient_command = SSHMUX_COMMAND_FORWARD; - else if (strcmp(optarg, "exit") == 0) - muxclient_command = SSHMUX_COMMAND_TERMINATE; - else if (strcmp(optarg, "stop") == 0) - muxclient_command = SSHMUX_COMMAND_STOP; - else if (strcmp(optarg, "cancel") == 0) - muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; - else - fatal("Invalid multiplex command."); - break; - case 'P': /* deprecated */ - options.use_privileged_port = 0; - break; - case 'Q': - cp = NULL; - if (strcmp(optarg, "cipher") == 0) - cp = cipher_alg_list('\n', 0); - else if (strcmp(optarg, "cipher-auth") == 0) - cp = cipher_alg_list('\n', 1); - else if (strcmp(optarg, "mac") == 0) - cp = mac_alg_list('\n'); - else if (strcmp(optarg, "kex") == 0) - cp = kex_alg_list('\n'); - else if (strcmp(optarg, "key") == 0) - cp = key_alg_list(0, 0); - else if (strcmp(optarg, "key-cert") == 0) - cp = key_alg_list(1, 0); - else if (strcmp(optarg, "key-plain") == 0) - cp = key_alg_list(0, 1); - else if (strcmp(optarg, "protocol-version") == 0) { + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" + "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { + switch (opt) { + case '1': + options.protocol = SSH_PROTO_1; + break; + case '2': + options.protocol = SSH_PROTO_2; + break; + case '4': + options.address_family = AF_INET; + break; + case '6': + options.address_family = AF_INET6; + break; + case 'n': + stdin_null_flag = 1; + break; + case 'f': + fork_after_authentication_flag = 1; + stdin_null_flag = 1; + break; + case 'x': + options.forward_x11 = 0; + break; + case 'X': + options.forward_x11 = 1; + break; + case 'y': + use_syslog = 1; + break; + case 'E': + logfile = optarg; + break; + case 'G': + config_test = 1; + break; + case 'Y': + options.forward_x11 = 1; + options.forward_x11_trusted = 1; + break; + case 'g': + options.fwd_opts.gateway_ports = 1; + break; + case 'O': + if (options.stdio_forward_host != NULL) + fatal("Cannot specify multiplexing " + "command with -W"); + else if (muxclient_command != 0) + fatal("Multiplexing command already specified"); + if (strcmp(optarg, "check") == 0) + muxclient_command = SSHMUX_COMMAND_ALIVE_CHECK; + else if (strcmp(optarg, "forward") == 0) + muxclient_command = SSHMUX_COMMAND_FORWARD; + else if (strcmp(optarg, "exit") == 0) + muxclient_command = SSHMUX_COMMAND_TERMINATE; + else if (strcmp(optarg, "stop") == 0) + muxclient_command = SSHMUX_COMMAND_STOP; + else if (strcmp(optarg, "cancel") == 0) + muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; + else + fatal("Invalid multiplex command."); + break; + case 'P': /* deprecated */ + options.use_privileged_port = 0; + break; + case 'Q': + cp = NULL; + if (strcmp(optarg, "cipher") == 0) + cp = cipher_alg_list('\n', 0); + else if (strcmp(optarg, "cipher-auth") == 0) + cp = cipher_alg_list('\n', 1); + else if (strcmp(optarg, "mac") == 0) + cp = mac_alg_list('\n'); + else if (strcmp(optarg, "kex") == 0) + cp = kex_alg_list('\n'); + else if (strcmp(optarg, "key") == 0) + cp = key_alg_list(0, 0); + else if (strcmp(optarg, "key-cert") == 0) + cp = key_alg_list(1, 0); + else if (strcmp(optarg, "key-plain") == 0) + cp = key_alg_list(0, 1); + else if (strcmp(optarg, "protocol-version") == 0) { #ifdef WITH_SSH1 - cp = xstrdup("1\n2"); + cp = xstrdup("1\n2"); #else - cp = xstrdup("2"); + cp = xstrdup("2"); #endif - } - if (cp == NULL) - fatal("Unsupported query \"%s\"", optarg); - printf("%s\n", cp); - free(cp); - exit(0); - break; - case 'a': - options.forward_agent = 0; - break; - case 'A': - options.forward_agent = 1; - break; - case 'k': - options.gss_deleg_creds = 0; - break; - case 'K': - options.gss_authentication = 1; - options.gss_deleg_creds = 1; - break; - case 'i': - if (stat(optarg, &st) < 0) { - fprintf(stderr, "Warning: Identity file %s " - "not accessible: %s.\n", optarg, - strerror(errno)); - break; - } -#ifdef WIN32_FIXME - add_identity_file(&options, NULL, optarg, 1, pw); -#else - add_identity_file(&options, NULL, optarg, 1); -#endif - break; - case 'I': + } + if (cp == NULL) + fatal("Unsupported query \"%s\"", optarg); + printf("%s\n", cp); + free(cp); + exit(0); + break; + case 'a': + options.forward_agent = 0; + break; + case 'A': + options.forward_agent = 1; + break; + case 'k': + options.gss_deleg_creds = 0; + break; + case 'K': + options.gss_authentication = 1; + options.gss_deleg_creds = 1; + break; + case 'i': + p = tilde_expand_filename(optarg, original_real_uid); + if (stat(p, &st) < 0) { + fprintf(stderr, "Warning: Identity file %s " + "not accessible: %s.\n", p, + strerror(errno)); + break; + } + add_identity_file(&options, NULL, p, 1); + break; + case 'I': #ifdef ENABLE_PKCS11 - options.pkcs11_provider = xstrdup(optarg); + free(options.pkcs11_provider); + options.pkcs11_provider = xstrdup(optarg); #else - fprintf(stderr, "no support for PKCS#11.\n"); + fprintf(stderr, "no support for PKCS#11.\n"); #endif - break; - case 't': - if (options.request_tty == REQUEST_TTY_YES) - options.request_tty = REQUEST_TTY_FORCE; - else - options.request_tty = REQUEST_TTY_YES; - break; - case 'v': - if (debug_flag == 0) { - debug_flag = 1; - options.log_level = SYSLOG_LEVEL_DEBUG1; - } else { - if (options.log_level < SYSLOG_LEVEL_DEBUG3) - options.log_level++; - } - break; - case 'V': - #ifndef WIN32_FIXME - fprintf(stderr, "%s, %s\n", - SSH_RELEASE, - #else - fprintf(stderr, "%s %s, %s\n", - SSH_RELEASE, __DATE__ , - #endif + break; + case 'J': + if (options.jump_host != NULL) + fatal("Only a single -J option permitted"); + if (options.proxy_command != NULL) + fatal("Cannot specify -J with ProxyCommand"); + if (parse_jump(optarg, &options, 1) == -1) + fatal("Invalid -J argument"); + options.proxy_command = xstrdup("none"); + break; + case 't': + if (options.request_tty == REQUEST_TTY_YES) + options.request_tty = REQUEST_TTY_FORCE; + else + options.request_tty = REQUEST_TTY_YES; + break; + case 'v': + if (debug_flag == 0) { + debug_flag = 1; + options.log_level = SYSLOG_LEVEL_DEBUG1; + } + else { + if (options.log_level < SYSLOG_LEVEL_DEBUG3) { + debug_flag++; + options.log_level++; + } + break; + case 'V': + fprintf(stderr, "%s %s, %s\n", + SSH_RELEASE, __DATE__, #ifdef WITH_OPENSSL - SSLeay_version(SSLEAY_VERSION) + SSLeay_version(SSLEAY_VERSION) #else - "without OpenSSL" + "without OpenSSL" #endif - ); - if (opt == 'V') - exit(0); - break; - case 'w': - if (options.tun_open == -1) - options.tun_open = SSH_TUNMODE_DEFAULT; - options.tun_local = a2tun(optarg, &options.tun_remote); - if (options.tun_local == SSH_TUNID_ERR) { - fprintf(stderr, - "Bad tun device '%s'\n", optarg); - exit(255); - } - break; - case 'W': - if (stdio_forward_host != NULL) - fatal("stdio forward already specified"); - if (muxclient_command != 0) - fatal("Cannot specify stdio forward with -O"); - if (parse_forward(&fwd, optarg, 1, 0)) { - stdio_forward_host = fwd.listen_host; - stdio_forward_port = fwd.listen_port; - free(fwd.connect_host); - } else { - fprintf(stderr, - "Bad stdio forwarding specification '%s'\n", - optarg); - exit(255); - } - options.request_tty = REQUEST_TTY_NO; - no_shell_flag = 1; - options.clear_forwardings = 1; - options.exit_on_forward_failure = 1; - break; - case 'q': - options.log_level = SYSLOG_LEVEL_QUIET; - break; - case 'e': - if (optarg[0] == '^' && optarg[2] == 0 && - (u_char) optarg[1] >= 64 && - (u_char) optarg[1] < 128) - options.escape_char = (u_char) optarg[1] & 31; - else if (strlen(optarg) == 1) - options.escape_char = (u_char) optarg[0]; - else if (strcmp(optarg, "none") == 0) - options.escape_char = SSH_ESCAPECHAR_NONE; - else { - fprintf(stderr, "Bad escape character '%s'.\n", - optarg); - exit(255); - } - break; - case 'c': - if (ciphers_valid(*optarg == '+' ? - optarg + 1 : optarg)) { - /* SSH2 only */ - options.ciphers = xstrdup(optarg); - options.cipher = SSH_CIPHER_INVALID; - break; - } - /* SSH1 only */ - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { - fprintf(stderr, "Unknown cipher type '%s'\n", - optarg); - exit(255); - } - if (options.cipher == SSH_CIPHER_3DES) - options.ciphers = xstrdup("3des-cbc"); - else if (options.cipher == SSH_CIPHER_BLOWFISH) - options.ciphers = xstrdup("blowfish-cbc"); - else - options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); - break; - case 'm': - if (mac_valid(optarg)) - options.macs = xstrdup(optarg); - else { - fprintf(stderr, "Unknown mac type '%s'\n", - optarg); - exit(255); - } - break; - case 'M': - if (options.control_master == SSHCTL_MASTER_YES) - options.control_master = SSHCTL_MASTER_ASK; - else - options.control_master = SSHCTL_MASTER_YES; - break; - case 'p': - options.port = a2port(optarg); - if (options.port <= 0) { - fprintf(stderr, "Bad port '%s'\n", optarg); - exit(255); - } - break; - case 'l': - options.user = optarg; - break; + ); + if (opt == 'V') + exit(0); + break; + case 'w': + if (options.tun_open == -1) + options.tun_open = SSH_TUNMODE_DEFAULT; + options.tun_local = a2tun(optarg, &options.tun_remote); + if (options.tun_local == SSH_TUNID_ERR) { + fprintf(stderr, + "Bad tun device '%s'\n", optarg); + exit(255); + } + break; + case 'W': + if (options.stdio_forward_host != NULL) + fatal("stdio forward already specified"); + if (muxclient_command != 0) + fatal("Cannot specify stdio forward with -O"); + if (parse_forward(&fwd, optarg, 1, 0)) { + options.stdio_forward_host = fwd.listen_host; + options.stdio_forward_port = fwd.listen_port; + free(fwd.connect_host); + } + else { + fprintf(stderr, + "Bad stdio forwarding specification '%s'\n", + optarg); + exit(255); + } + options.request_tty = REQUEST_TTY_NO; + no_shell_flag = 1; + break; + case 'q': + options.log_level = SYSLOG_LEVEL_QUIET; + break; + case 'e': + if (optarg[0] == '^' && optarg[2] == 0 && + (u_char)optarg[1] >= 64 && + (u_char)optarg[1] < 128) + options.escape_char = (u_char)optarg[1] & 31; + else if (strlen(optarg) == 1) + options.escape_char = (u_char)optarg[0]; + else if (strcmp(optarg, "none") == 0) + options.escape_char = SSH_ESCAPECHAR_NONE; + else { + fprintf(stderr, "Bad escape character '%s'.\n", + optarg); + exit(255); + } + break; + case 'c': + if (ciphers_valid(*optarg == '+' ? + optarg + 1 : optarg)) { + /* SSH2 only */ + free(options.ciphers); + options.ciphers = xstrdup(optarg); + options.cipher = SSH_CIPHER_INVALID; + break; + } + /* SSH1 only */ + options.cipher = cipher_number(optarg); + if (options.cipher == -1) { + fprintf(stderr, "Unknown cipher type '%s'\n", + optarg); + exit(255); + } + if (options.cipher == SSH_CIPHER_3DES) + options.ciphers = xstrdup("3des-cbc"); + else if (options.cipher == SSH_CIPHER_BLOWFISH) + options.ciphers = xstrdup("blowfish-cbc"); + else + options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); + break; + case 'm': + if (mac_valid(optarg)) { + free(options.macs); + options.macs = xstrdup(optarg); + } + else { + fprintf(stderr, "Unknown mac type '%s'\n", + optarg); + exit(255); + } + break; + case 'M': + if (options.control_master == SSHCTL_MASTER_YES) + options.control_master = SSHCTL_MASTER_ASK; + else + options.control_master = SSHCTL_MASTER_YES; + break; + case 'p': + options.port = a2port(optarg); + if (options.port <= 0) { + fprintf(stderr, "Bad port '%s'\n", optarg); + exit(255); + } + break; + case 'l': + options.user = optarg; + break; - case 'L': - if (parse_forward(&fwd, optarg, 0, 0)) - add_local_forward(&options, &fwd); - else { - fprintf(stderr, - "Bad local forwarding specification '%s'\n", - optarg); - exit(255); - } - break; + case 'L': + if (parse_forward(&fwd, optarg, 0, 0)) + add_local_forward(&options, &fwd); + else { + fprintf(stderr, + "Bad local forwarding specification '%s'\n", + optarg); + exit(255); + } + break; - case 'R': - if (parse_forward(&fwd, optarg, 0, 1)) { - add_remote_forward(&options, &fwd); - } else { - fprintf(stderr, - "Bad remote forwarding specification " - "'%s'\n", optarg); - exit(255); - } - break; + case 'R': + if (parse_forward(&fwd, optarg, 0, 1)) { + add_remote_forward(&options, &fwd); + } + else { + fprintf(stderr, + "Bad remote forwarding specification " + "'%s'\n", optarg); + exit(255); + } + break; - case 'D': - if (parse_forward(&fwd, optarg, 1, 0)) { - add_local_forward(&options, &fwd); - } else { - fprintf(stderr, - "Bad dynamic forwarding specification " - "'%s'\n", optarg); - exit(255); - } - break; + case 'D': + if (parse_forward(&fwd, optarg, 1, 0)) { + add_local_forward(&options, &fwd); + } + else { + fprintf(stderr, + "Bad dynamic forwarding specification " + "'%s'\n", optarg); + exit(255); + } + break; - case 'C': - options.compression = 1; - break; - case 'N': - no_shell_flag = 1; - options.request_tty = REQUEST_TTY_NO; - break; - case 'T': - options.request_tty = REQUEST_TTY_NO; - break; - case 'o': - line = xstrdup(optarg); - if (process_config_line(&options, pw, - host ? host : "", host ? host : "", line, - "command-line", 0, NULL, SSHCONF_USERCONF) != 0) - exit(255); - free(line); - break; - case 's': - subsystem_flag = 1; - break; - case 'S': - if (options.control_path != NULL) - free(options.control_path); - options.control_path = xstrdup(optarg); - break; - case 'b': - options.bind_address = optarg; - break; - case 'F': - config = optarg; - break; - default: - usage(); - } - } + case 'C': + options.compression = 1; + break; + case 'N': + no_shell_flag = 1; + options.request_tty = REQUEST_TTY_NO; + break; + case 'T': + options.request_tty = REQUEST_TTY_NO; + break; + case 'o': + line = xstrdup(optarg); + if (process_config_line(&options, pw, + host ? host : "", host ? host : "", line, + "command-line", 0, NULL, SSHCONF_USERCONF) != 0) + exit(255); + free(line); + break; + case 's': + subsystem_flag = 1; + break; + case 'S': + free(options.control_path); + options.control_path = xstrdup(optarg); + break; + case 'b': + options.bind_address = optarg; + break; + case 'F': + config = optarg; + break; + default: + usage(); + } + } + } ac -= optind; av += optind; @@ -952,12 +964,6 @@ main(int ac, char **av) } ac--, av++; } - #ifdef WIN32_FIXME - // create various Windows user home directory based file names - sprintf(dotsshdir,"%s\\%s", pw->pw_dir, _PATH_SSH_USER_DIR ); - _mkdir(dotsshdir); //this base directory for the user is needed - - #endif /* Check that we got a host name. */ if (!host) @@ -1006,10 +1012,8 @@ main(int ac, char **av) */ if (use_syslog && logfile != NULL) fatal("Can't specify both -y and -E"); - if (logfile != NULL) { + if (logfile != NULL) log_redirect_stderr_to(logfile); - free(logfile); - } log_init(argv0, options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, SYSLOG_FACILITY_USER, !use_syslog); @@ -1058,9 +1062,10 @@ main(int ac, char **av) * has specifically requested canonicalisation for this case via * CanonicalizeHostname=always */ - if (addrs == NULL && options.num_permitted_cnames != 0 && - (option_clear_or_none(options.proxy_command) || - options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { + direct = option_clear_or_none(options.proxy_command) && + options.jump_host == NULL; + if (addrs == NULL && options.num_permitted_cnames != 0 && (direct || + options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) { if ((addrs = resolve_host(host, options.port, option_clear_or_none(options.proxy_command), cname, sizeof(cname))) == NULL) { @@ -1068,7 +1073,7 @@ main(int ac, char **av) if (option_clear_or_none(options.proxy_command)) cleanup_exit(255); /* logged in resolve_host */ } else - check_follow_cname(&host, cname); + check_follow_cname(direct, &host, cname); } /* @@ -1091,11 +1096,42 @@ main(int ac, char **av) } /* Fill configuration defaults. */ - #ifndef WIN32_FIXME fill_default_options(&options); - #else - fill_default_options(&options, pw); - #endif + + /* + * If ProxyJump option specified, then construct a ProxyCommand now. + */ + if (options.jump_host != NULL) { + char port_s[8]; + + /* Consistency check */ + if (options.proxy_command != NULL) + fatal("inconsistent options: ProxyCommand+ProxyJump"); + /* Never use FD passing for ProxyJump */ + options.proxy_use_fdpass = 0; + snprintf(port_s, sizeof(port_s), "%d", options.jump_port); + xasprintf(&options.proxy_command, + "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s", + /* Optional "-l user" argument if jump_user set */ + options.jump_user == NULL ? "" : " -l ", + options.jump_user == NULL ? "" : options.jump_user, + /* Optional "-p port" argument if jump_port set */ + options.jump_port <= 0 ? "" : " -p ", + options.jump_port <= 0 ? "" : port_s, + /* Optional additional jump hosts ",..." */ + options.jump_extra == NULL ? "" : " -J ", + options.jump_extra == NULL ? "" : options.jump_extra, + /* Optional "-F" argumment if -F specified */ + config == NULL ? "" : " -F ", + config == NULL ? "" : config, + /* Optional "-v" arguments if -v set */ + debug_flag ? " -" : "", + debug_flag, "vvv", + /* Mandatory hostname */ + options.jump_host); + debug("Setting implicit ProxyCommand from ProxyJump: %s", + options.proxy_command); + } if (options.port == 0) options.port = default_ssh_port(); @@ -1114,6 +1150,8 @@ main(int ac, char **av) "disabling"); options.update_hostkeys = 0; } + if (options.connection_attempts <= 0) + fatal("Invalid number of ConnectionAttempts"); #ifndef HAVE_CYGWIN if (original_effective_uid != 0) options.use_privileged_port = 0; @@ -1152,6 +1190,7 @@ main(int ac, char **av) strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", options.port); + snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid); if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || ssh_digest_update(md, thishost, strlen(thishost)) < 0 || @@ -1194,6 +1233,7 @@ main(int ac, char **av) "p", portstr, "r", options.user, "u", pw->pw_name, + "i", uidstr, (char *)NULL); free(cp); } @@ -1214,6 +1254,7 @@ main(int ac, char **av) * have yet resolved the hostname. Do so now. */ if (addrs == NULL && options.proxy_command == NULL) { + debug2("resolving \"%s\" port %d", host, options.port); if ((addrs = resolve_host(host, options.port, 1, cname, sizeof(cname))) == NULL) cleanup_exit(255); /* resolve_host logs the error */ @@ -1234,6 +1275,8 @@ main(int ac, char **av) packet_set_timeout(options.server_alive_interval, options.server_alive_count_max); + ssh = active_state; /* XXX */ + if (timeout_ms > 0) debug3("timeout: %d ms remain after connect", timeout_ms); @@ -1257,8 +1300,10 @@ main(int ac, char **av) sensitive_data.keys[i] = NULL; PRIV_START; +#if WITH_SSH1 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, _PATH_HOST_KEY_FILE, "", NULL, NULL); +#endif #ifdef OPENSSL_HAS_ECC sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL); @@ -1327,9 +1372,8 @@ main(int ac, char **av) * directory if it doesn't already exist. */ if (config == NULL) { - r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, + r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX ssh_selinux_setfscreatecon(buf); @@ -1342,17 +1386,32 @@ main(int ac, char **av) #endif } } -#ifdef WIN32_FIXME - SetFileAttributes(buf, FILE_ATTRIBUTE_HIDDEN); -#endif - /* load options.identity_files */ + + /* load options.identity_files */ load_public_identity_files(); + /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */ + if (options.identity_agent && + strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) { + if (strcmp(options.identity_agent, "none") == 0) { + unsetenv(SSH_AUTHSOCKET_ENV_NAME); + } else { + p = tilde_expand_filename(options.identity_agent, + original_real_uid); + cp = percent_expand(p, "d", pw->pw_dir, + "u", pw->pw_name, "l", thishost, "h", host, + "r", options.user, (char *)NULL); + setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); + free(cp); + free(p); + } + } + /* Expand ~ in known host file names. */ tilde_expand_paths(options.system_hostfiles, options.num_system_hostfiles); tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); - + signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ signal(SIGCHLD, main_sigchld_handler); @@ -1362,7 +1421,7 @@ main(int ac, char **av) if (packet_connection_is_on_socket()) { verbose("Authenticated to %s ([%s]:%d).", host, - get_remote_ipaddr(), get_remote_port()); + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); } else { verbose("Authenticated to %s (via proxy).", host); } @@ -1387,36 +1446,17 @@ main(int ac, char **av) options.identity_keys[i] = NULL; } } - - #ifdef WIN32_FIXME - if (tty_flag) { - //AllocConsole(); - ConInputInitParams(); // init the Console input side with global parameters - ConInit(STD_OUTPUT_HANDLE, TRUE); //init the output console surface for us to write - ConClearScreen(); + for (i = 0; i < options.num_certificate_files; i++) { + free(options.certificate_files[i]); + options.certificate_files[i] = NULL; } - else { - //extern int glob_itissshclient; - //glob_itissshclient = 1; // tell our contrib/win32/win32compat/socket.c code it is for ssh client side - } - #endif - + exit_status = compat20 ? ssh_session2() : ssh_session(); packet_close(); if (options.control_path != NULL && muxserver_sock != -1) unlink(options.control_path); - /* - * Windows specific Cleanup. - */ - -#ifdef WIN32_FIXME - - if (tty_flag) - ConUnInit(); // restore terminal to previous settings if it was a tty session -#endif - /* Kill ProxyCommand if it is running. */ ssh_kill_proxy_command(); @@ -1426,9 +1466,9 @@ main(int ac, char **av) static void control_persist_detach(void) { -#ifndef WIN32_FIXME//R +#ifndef WINDOWS pid_t pid; - int devnull; + int devnull, keep_stderr; debug("%s: backgrounding master process", __func__); @@ -1459,8 +1499,10 @@ control_persist_detach(void) error("%s: open(\"/dev/null\"): %s", __func__, strerror(errno)); } else { + keep_stderr = log_is_on_stderr() && debug_flag; if (dup2(devnull, STDIN_FILENO) == -1 || - dup2(devnull, STDOUT_FILENO) == -1) + dup2(devnull, STDOUT_FILENO) == -1 || + (!keep_stderr && dup2(devnull, STDERR_FILENO) == -1)) error("%s: dup2: %s", __func__, strerror(errno)); if (devnull > STDERR_FILENO) close(devnull); @@ -1468,7 +1510,7 @@ control_persist_detach(void) daemon(1, 1); setproctitle("%s [mux]", options.control_path); #else - fatal("not supported in Windows"); + fatal("ControlMaster is not supported in Windows"); #endif } @@ -1555,18 +1597,19 @@ ssh_init_stdio_forwarding(void) Channel *c; int in, out; - if (stdio_forward_host == NULL) + if (options.stdio_forward_host == NULL) return; if (!compat20) fatal("stdio forwarding require Protocol 2"); - debug3("%s: %s:%d", __func__, stdio_forward_host, stdio_forward_port); + debug3("%s: %s:%d", __func__, options.stdio_forward_host, + options.stdio_forward_port); if ((in = dup(STDIN_FILENO)) < 0 || (out = dup(STDOUT_FILENO)) < 0) fatal("channel_connect_stdio_fwd: dup() in/out failed"); - if ((c = channel_connect_stdio_fwd(stdio_forward_host, - stdio_forward_port, in, out)) == NULL) + if ((c = channel_connect_stdio_fwd(options.stdio_forward_host, + options.stdio_forward_port, in, out)) == NULL) fatal("%s: channel_connect_stdio_fwd failed", __func__); channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); channel_register_open_confirm(c->self, ssh_stdio_confirm, NULL); @@ -1665,6 +1708,7 @@ ssh_session(void) struct winsize ws; char *cp; const char *display; + char *proto = NULL, *data = NULL; /* Enable compression if requested. */ if (options.compression) { @@ -1709,22 +1753,12 @@ ssh_session(void) packet_put_cstring(cp); /* Store window size in the packet. */ - - #ifdef WIN32_FIXME - - packet_put_int((u_int) 25); /*row*/ - packet_put_int((u_int) 80); /*col*/ - packet_put_int((u_int) 640); /*xpixel*/ - packet_put_int((u_int) 480); /*ypixel*/ - - #else - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0) memset(&ws, 0, sizeof(ws)); packet_put_int((u_int)ws.ws_row); packet_put_int((u_int)ws.ws_col); packet_put_int((u_int)ws.ws_xpixel); packet_put_int((u_int)ws.ws_ypixel); -#endif /* Store tty modes in the packet. */ tty_make_modes(fileno(stdin), NULL); @@ -1749,13 +1783,9 @@ ssh_session(void) display = getenv("DISPLAY"); if (display == NULL && options.forward_x11) debug("X11 forwarding requested but DISPLAY not set"); - if (options.forward_x11 && display != NULL) { - char *proto, *data; - /* Get reasonable local authentication information. */ - client_x11_get_proto(display, options.xauth_location, - options.forward_x11_trusted, - options.forward_x11_timeout, - &proto, &data); + if (options.forward_x11 && client_x11_get_proto(display, + options.xauth_location, options.forward_x11_trusted, + options.forward_x11_timeout, &proto, &data) == 0) { /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); @@ -1845,6 +1875,7 @@ ssh_session2_setup(int id, int success, void *arg) extern char **environ; const char *display; int interactive = tty_flag; + char *proto = NULL, *data = NULL; if (!success) return; /* No need for error message, channels code sens one */ @@ -1852,12 +1883,9 @@ ssh_session2_setup(int id, int success, void *arg) display = getenv("DISPLAY"); if (display == NULL && options.forward_x11) debug("X11 forwarding requested but DISPLAY not set"); - if (options.forward_x11 && display != NULL) { - char *proto, *data; - /* Get reasonable local authentication information. */ - client_x11_get_proto(display, options.xauth_location, - options.forward_x11_trusted, - options.forward_x11_timeout, &proto, &data); + if (options.forward_x11 && client_x11_get_proto(display, + options.xauth_location, options.forward_x11_trusted, + options.forward_x11_timeout, &proto, &data) == 0) { /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication " "spoofing."); @@ -1888,8 +1916,8 @@ ssh_session2_setup(int id, int success, void *arg) client_session2_setup(id, tty_flag, subsystem_flag, term, NULL, fileno(stdin), &command, environ); #else - client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), - NULL, fileno(stdin), &command, environ); + client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), + NULL, fileno(stdin), &command, environ); #endif } @@ -1925,7 +1953,6 @@ ssh_session2_open(void) window >>= 1; packetmax >>= 1; } - c = channel_new( "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, @@ -2018,30 +2045,34 @@ ssh_session2(void) fork_postauth(); } - return client_loop(tty_flag, tty_flag ? options.escape_char : SSH_ESCAPECHAR_NONE, id); } +/* Loads all IdentityFile and CertificateFile keys */ static void load_public_identity_files(void) { char *filename, *cp, thishost[NI_MAXHOST]; char *pwdir = NULL, *pwname = NULL; - int i = 0; Key *public; struct passwd *pw; - u_int n_ids; + int i; + u_int n_ids, n_certs; char *identity_files[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; + char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; + struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; #ifdef ENABLE_PKCS11 Key **keys; int nkeys; #endif /* PKCS11 */ - n_ids = 0; + n_ids = n_certs = 0; memset(identity_files, 0, sizeof(identity_files)); memset(identity_keys, 0, sizeof(identity_keys)); + memset(certificate_files, 0, sizeof(certificate_files)); + memset(certificates, 0, sizeof(certificates)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -2066,7 +2097,6 @@ load_public_identity_files(void) fatal("load_public_identity_files: getpwuid failed"); pwname = xstrdup(pw->pw_name); pwdir = xstrdup(pw->pw_dir); - if (gethostname(thishost, sizeof(thishost)) == -1) fatal("load_public_identity_files: gethostname: %s", strerror(errno)); @@ -2074,6 +2104,7 @@ load_public_identity_files(void) if (n_ids >= SSH_MAX_IDENTITY_FILES || strcasecmp(options.identity_files[i], "none") == 0) { free(options.identity_files[i]); + options.identity_files[i] = NULL; continue; } cp = tilde_expand_filename(options.identity_files[i], @@ -2092,7 +2123,12 @@ load_public_identity_files(void) if (++n_ids >= SSH_MAX_IDENTITY_FILES) continue; - /* Try to add the certificate variant too */ + /* + * If no certificates have been explicitly listed then try + * to add the default certificate variant too. + */ + if (options.num_certificate_files != 0) + continue; xasprintf(&cp, "%s-cert", filename); public = key_load_public(cp, NULL); debug("identity file %s type %d", cp, @@ -2109,14 +2145,50 @@ load_public_identity_files(void) continue; } identity_keys[n_ids] = public; - /* point to the original path, most likely the private key */ - identity_files[n_ids] = xstrdup(filename); + identity_files[n_ids] = cp; n_ids++; } + + if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES) + fatal("%s: too many certificates", __func__); + for (i = 0; i < options.num_certificate_files; i++) { + cp = tilde_expand_filename(options.certificate_files[i], + original_real_uid); + filename = percent_expand(cp, "d", pwdir, + "u", pwname, "l", thishost, "h", host, + "r", options.user, (char *)NULL); + free(cp); + + public = key_load_public(filename, NULL); + debug("certificate file %s type %d", filename, + public ? public->type : -1); + free(options.certificate_files[i]); + options.certificate_files[i] = NULL; + if (public == NULL) { + free(filename); + continue; + } + if (!key_is_cert(public)) { + debug("%s: key %s type %s is not a certificate", + __func__, filename, key_type(public)); + key_free(public); + free(filename); + continue; + } + certificate_files[n_certs] = filename; + certificates[n_certs] = public; + ++n_certs; + } + options.num_identity_files = n_ids; memcpy(options.identity_files, identity_files, sizeof(identity_files)); memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); + options.num_certificate_files = n_certs; + memcpy(options.certificate_files, + certificate_files, sizeof(certificate_files)); + memcpy(options.certificates, certificates, sizeof(certificates)); + explicit_bzero(pwname, strlen(pwname)); free(pwname); explicit_bzero(pwdir, strlen(pwdir)); @@ -2137,6 +2209,3 @@ main_sigchld_handler(int sig) signal(sig, main_sigchld_handler); errno = save_errno; } - - - diff --git a/ssh.h b/ssh.h index 39c7e18..50467a7 100644 --- a/ssh.h +++ b/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.81 2015/08/04 05:23:06 djm Exp $ */ +/* $OpenBSD: ssh.h,v 1.83 2015/12/11 03:19:09 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -18,6 +18,12 @@ /* Default port number. */ #define SSH_DEFAULT_PORT 22 +/* + * Maximum number of certificate files that can be specified + * in configuration files or on the command line. + */ +#define SSH_MAX_CERTIFICATE_FILES 100 + /* * Maximum number of RSA authentication identity files that can be specified * in configuration files or on the command line. @@ -29,7 +35,7 @@ * Current value permits 16kbit RSA and RSA1 keys and 8kbit DSA keys, with * some room for options and comments. */ -#define SSH_MAX_PUBKEY_BYTES 8192 +#define SSH_MAX_PUBKEY_BYTES 16384 /* * Major protocol version. Different version indicates major incompatibility diff --git a/ssh1.h b/ssh1.h index 353d930..6a05c47 100644 --- a/ssh1.h +++ b/ssh1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh1.h,v 1.6 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: ssh1.h,v 1.7 2016/05/04 14:22:33 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -22,7 +22,6 @@ #define SSH_MSG_MIN 1 #define SSH_MSG_MAX 254 /* Message name */ /* msg code */ /* arguments */ -#define SSH_MSG_NONE 0 /* no message */ #define SSH_MSG_DISCONNECT 1 /* cause (string) */ #define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ #define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ diff --git a/ssh2.h b/ssh2.h index 87a4293..f2e37c9 100644 --- a/ssh2.h +++ b/ssh2.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh2.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */ +/* $OpenBSD: ssh2.h,v 1.18 2016/05/04 14:22:33 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -55,6 +55,10 @@ * 192-255 Local extensions */ +/* special marker for no message */ + +#define SSH_MSG_NONE 0 + /* ranges */ #define SSH2_MSG_TRANSPORT_MIN 1 @@ -80,6 +84,7 @@ #define SSH2_MSG_DEBUG 4 #define SSH2_MSG_SERVICE_REQUEST 5 #define SSH2_MSG_SERVICE_ACCEPT 6 +#define SSH2_MSG_EXT_INFO 7 /* transport layer: alg negotiation */ @@ -164,13 +169,6 @@ #define SSH2_EXTENDED_DATA_STDERR 1 -/* kex messages for resume@appgate.com */ -#define SSH2_MSG_KEX_ROAMING_RESUME 30 -#define SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED 31 -#define SSH2_MSG_KEX_ROAMING_AUTH 32 -#define SSH2_MSG_KEX_ROAMING_AUTH_OK 33 -#define SSH2_MSG_KEX_ROAMING_AUTH_FAIL 34 - /* Certificate types for OpenSSH certificate keys extension */ #define SSH2_CERT_TYPE_USER 1 #define SSH2_CERT_TYPE_HOST 2 diff --git a/ssh_api.c b/ssh_api.c index c781cdb..5cb4731 100644 --- a/ssh_api.c +++ b/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.7 2016/05/04 14:22:33 markus Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -17,14 +17,12 @@ #include "includes.h" -#include "ssh1.h" /* For SSH_MSG_NONE */ #include "ssh_api.h" #include "compat.h" #include "log.h" #include "authfile.h" #include "sshkey.h" #include "misc.h" -#include "ssh1.h" #include "ssh2.h" #include "version.h" #include "myproposal.h" @@ -40,8 +38,8 @@ int _ssh_order_hostkeyalgs(struct ssh *); int _ssh_verify_host_key(struct sshkey *, struct ssh *); struct sshkey *_ssh_host_public_key(int, int, struct ssh *); struct sshkey *_ssh_host_private_key(int, int, struct ssh *); -int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, - size_t *, const u_char *, size_t, u_int); +int _ssh_host_key_sign(struct sshkey *, struct sshkey *, + u_char **, size_t *, const u_char *, size_t, const char *, u_int); /* * stubs for the server side implementation of kex. @@ -49,7 +47,7 @@ int _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **, */ int use_privsep = 0; int mm_sshkey_sign(struct sshkey *, u_char **, u_int *, - u_char *, u_int, u_int); + u_char *, u_int, char *, u_int); DH *mm_choose_dh(int, int, int); /* Define these two variables here so that they are part of the library */ @@ -58,7 +56,7 @@ u_int session_id2_len = 0; int mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen, u_int compat) + u_char *data, u_int datalen, char *alg, u_int compat) { return (-1); } @@ -103,6 +101,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; # ifdef OPENSSL_HAS_ECC @@ -117,6 +118,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) #ifdef WITH_OPENSSL ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; # ifdef OPENSSL_HAS_ECC @@ -534,8 +538,8 @@ _ssh_order_hostkeyalgs(struct ssh *ssh) int _ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey, - u_char **signature, size_t *slen, - const u_char *data, size_t dlen, u_int compat) + u_char **signature, size_t *slen, const u_char *data, size_t dlen, + const char *alg, u_int compat) { - return sshkey_sign(privkey, signature, slen, data, dlen, compat); + return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat); } diff --git a/ssh_config b/ssh_config index 29aa0ac..90fb63f 100644 --- a/ssh_config +++ b/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ +# $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -34,8 +34,10 @@ # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_ecdsa +# IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2,1 +# Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 @@ -45,7 +47,4 @@ # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com -HostKeyAlgorithms ssh-rsa,ssh-dss -PubkeyAcceptedKeyTypes +ssh-dss,ecdsa-sha2-nistp256 - -#UsePrivilegeSeparation no +# RekeyLimit 1G 1h diff --git a/ssh_config.0 b/ssh_config.0 deleted file mode 100644 index 67133cd..0000000 --- a/ssh_config.0 +++ /dev/null @@ -1,1026 +0,0 @@ -SSH_CONFIG(5) File Formats Manual SSH_CONFIG(5) - -NAME - ssh_config M-bM-^@M-^S OpenSSH SSH client configuration files - -SYNOPSIS - ~/.ssh/config - /etc/ssh/ssh_config - -DESCRIPTION - ssh(1) obtains configuration data from the following sources in the - following order: - - 1. command-line options - 2. user's configuration file (~/.ssh/config) - 3. system-wide configuration file (/etc/ssh/ssh_config) - - For each parameter, the first obtained value will be used. The - configuration files contain sections separated by M-bM-^@M-^\HostM-bM-^@M-^] specifications, - and that section is only applied for hosts that match one of the patterns - given in the specification. The matched host name is usually the one - given on the command line (see the CanonicalizeHostname option for - exceptions.) - - Since the first obtained value for each parameter is used, more host- - specific declarations should be given near the beginning of the file, and - general defaults at the end. - - The configuration file has the following format: - - Empty lines and lines starting with M-bM-^@M-^X#M-bM-^@M-^Y are comments. Otherwise a line - is of the format M-bM-^@M-^\keyword argumentsM-bM-^@M-^]. Configuration options may be - separated by whitespace or optional whitespace and exactly one M-bM-^@M-^X=M-bM-^@M-^Y; the - latter format is useful to avoid the need to quote whitespace when - specifying configuration options using the ssh, scp, and sftp -o option. - Arguments may optionally be enclosed in double quotes (") in order to - represent arguments containing spaces. - - The possible keywords and their meanings are as follows (note that - keywords are case-insensitive and arguments are case-sensitive): - - Host Restricts the following declarations (up to the next Host or - Match keyword) to be only for those hosts that match one of the - patterns given after the keyword. If more than one pattern is - provided, they should be separated by whitespace. A single M-bM-^@M-^X*M-bM-^@M-^Y - as a pattern can be used to provide global defaults for all - hosts. The host is usually the hostname argument given on the - command line (see the CanonicalizeHostname option for - exceptions.) - - A pattern entry may be negated by prefixing it with an - exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). If a negated entry is matched, then the - Host entry is ignored, regardless of whether any other patterns - on the line match. Negated matches are therefore useful to - provide exceptions for wildcard matches. - - See PATTERNS for more information on patterns. - - Match Restricts the following declarations (up to the next Host or - Match keyword) to be used only when the conditions following the - Match keyword are satisfied. Match conditions are specified - using one or more critera or the single token all which always - matches. The available criteria keywords are: canonical, exec, - host, originalhost, user, and localuser. The all criteria must - appear alone or immediately after canonical. Other criteria may - be combined arbitrarily. All criteria but all and canonical - require an argument. Criteria may be negated by prepending an - exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). - - The canonical keyword matches only when the configuration file is - being re-parsed after hostname canonicalization (see the - CanonicalizeHostname option.) This may be useful to specify - conditions that work with canonical host names only. The exec - keyword executes the specified command under the user's shell. - If the command returns a zero exit status then the condition is - considered true. Commands containing whitespace characters must - be quoted. The following character sequences in the command will - be expanded prior to execution: M-bM-^@M-^X%LM-bM-^@M-^Y will be substituted by the - first component of the local host name, M-bM-^@M-^X%lM-bM-^@M-^Y will be substituted - by the local host name (including any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be - substituted by the target host name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by - the original target host name specified on the command-line, M-bM-^@M-^X%pM-bM-^@M-^Y - the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by the remote login username, and M-bM-^@M-^X%uM-bM-^@M-^Y - by the username of the user running ssh(1). - - The other keywords' criteria must be single entries or comma- - separated lists and may use the wildcard and negation operators - described in the PATTERNS section. The criteria for the host - keyword are matched against the target hostname, after any - substitution by the Hostname or CanonicalizeHostname options. - The originalhost keyword matches against the hostname as it was - specified on the command-line. The user keyword matches against - the target username on the remote host. The localuser keyword - matches against the name of the local user running ssh(1) (this - keyword may be useful in system-wide ssh_config files). - - AddressFamily - Specifies which address family to use when connecting. Valid - arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 - only). - - BatchMode - If set to M-bM-^@M-^\yesM-bM-^@M-^], passphrase/password querying will be disabled. - This option is useful in scripts and other batch jobs where no - user is present to supply the password. The argument must be - M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - BindAddress - Use the specified address on the local machine as the source - address of the connection. Only useful on systems with more than - one address. Note that this option does not work if - UsePrivilegedPort is set to M-bM-^@M-^\yesM-bM-^@M-^]. - - CanonicalDomains - When CanonicalizeHostname is enabled, this option specifies the - list of domain suffixes in which to search for the specified - destination host. - - CanonicalizeFallbackLocal - Specifies whether to fail with an error when hostname - canonicalization fails. The default, M-bM-^@M-^\yesM-bM-^@M-^], will attempt to look - up the unqualified hostname using the system resolver's search - rules. A value of M-bM-^@M-^\noM-bM-^@M-^] will cause ssh(1) to fail instantly if - CanonicalizeHostname is enabled and the target hostname cannot be - found in any of the domains specified by CanonicalDomains. - - CanonicalizeHostname - Controls whether explicit hostname canonicalization is performed. - The default, M-bM-^@M-^\noM-bM-^@M-^], is not to perform any name rewriting and let - the system resolver handle all hostname lookups. If set to M-bM-^@M-^\yesM-bM-^@M-^] - then, for connections that do not use a ProxyCommand, ssh(1) will - attempt to canonicalize the hostname specified on the command - line using the CanonicalDomains suffixes and - CanonicalizePermittedCNAMEs rules. If CanonicalizeHostname is - set to M-bM-^@M-^\alwaysM-bM-^@M-^], then canonicalization is applied to proxied - connections too. - - If this option is enabled, then the configuration files are - processed again using the new target name to pick up any new - configuration in matching Host and Match stanzas. - - CanonicalizeMaxDots - Specifies the maximum number of dot characters in a hostname - before canonicalization is disabled. The default, M-bM-^@M-^\1M-bM-^@M-^], allows a - single dot (i.e. hostname.subdomain). - - CanonicalizePermittedCNAMEs - Specifies rules to determine whether CNAMEs should be followed - when canonicalizing hostnames. The rules consist of one or more - arguments of source_domain_list:target_domain_list, where - source_domain_list is a pattern-list of domains that may follow - CNAMEs in canonicalization, and target_domain_list is a pattern- - list of domains that they may resolve to. - - For example, M-bM-^@M-^\*.a.example.com:*.b.example.com,*.c.example.comM-bM-^@M-^] - will allow hostnames matching M-bM-^@M-^\*.a.example.comM-bM-^@M-^] to be - canonicalized to names in the M-bM-^@M-^\*.b.example.comM-bM-^@M-^] or - M-bM-^@M-^\*.c.example.comM-bM-^@M-^] domains. - - ChallengeResponseAuthentication - Specifies whether to use challenge-response authentication. The - argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is - M-bM-^@M-^\yesM-bM-^@M-^]. - - CheckHostIP - If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh(1) will additionally check the - host IP address in the known_hosts file. This allows ssh to - detect if a host key changed due to DNS spoofing and will add - addresses of destination hosts to ~/.ssh/known_hosts in the - process, regardless of the setting of StrictHostKeyChecking. If - the option is set to M-bM-^@M-^\noM-bM-^@M-^], the check will not be executed. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. - - Cipher Specifies the cipher to use for encrypting the session in - protocol version 1. Currently, M-bM-^@M-^\blowfishM-bM-^@M-^], M-bM-^@M-^\3desM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^] are - supported. des is only supported in the ssh(1) client for - interoperability with legacy protocol 1 implementations that do - not support the 3des cipher. Its use is strongly discouraged due - to cryptographic weaknesses. The default is M-bM-^@M-^\3desM-bM-^@M-^]. - - Ciphers - Specifies the ciphers allowed for protocol version 2 in order of - preference. Multiple ciphers must be comma-separated. If the - specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified - ciphers will be appended to the default set instead of replacing - them. - - The supported ciphers are: - - 3des-cbc - aes128-cbc - aes192-cbc - aes256-cbc - aes128-ctr - aes192-ctr - aes256-ctr - aes128-gcm@openssh.com - aes256-gcm@openssh.com - arcfour - arcfour128 - arcfour256 - blowfish-cbc - cast128-cbc - chacha20-poly1305@openssh.com - - The default is: - - chacha20-poly1305@openssh.com, - aes128-ctr,aes192-ctr,aes256-ctr, - aes128-gcm@openssh.com,aes256-gcm@openssh.com, - arcfour256,arcfour128, - aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, - aes192-cbc,aes256-cbc,arcfour - - The list of available ciphers may also be obtained using the -Q - option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. - - ClearAllForwardings - Specifies that all local, remote, and dynamic port forwardings - specified in the configuration files or on the command line be - cleared. This option is primarily useful when used from the - ssh(1) command line to clear port forwardings set in - configuration files, and is automatically set by scp(1) and - sftp(1). The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is - M-bM-^@M-^\noM-bM-^@M-^]. - - Compression - Specifies whether to use compression. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] - or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - CompressionLevel - Specifies the compression level to use if compression is enabled. - The argument must be an integer from 1 (fast) to 9 (slow, best). - The default level is 6, which is good for most applications. The - meaning of the values is the same as in gzip(1). Note that this - option applies to protocol version 1 only. - - ConnectionAttempts - Specifies the number of tries (one per second) to make before - exiting. The argument must be an integer. This may be useful in - scripts if the connection sometimes fails. The default is 1. - - ConnectTimeout - Specifies the timeout (in seconds) used when connecting to the - SSH server, instead of using the default system TCP timeout. - This value is used only when the target is down or really - unreachable, not when it refuses the connection. - - ControlMaster - Enables the sharing of multiple sessions over a single network - connection. When set to M-bM-^@M-^\yesM-bM-^@M-^], ssh(1) will listen for - connections on a control socket specified using the ControlPath - argument. Additional sessions can connect to this socket using - the same ControlPath with ControlMaster set to M-bM-^@M-^\noM-bM-^@M-^] (the - default). These sessions will try to reuse the master instance's - network connection rather than initiating new ones, but will fall - back to connecting normally if the control socket does not exist, - or is not listening. - - Setting this to M-bM-^@M-^\askM-bM-^@M-^] will cause ssh to listen for control - connections, but require confirmation using ssh-askpass(1). If - the ControlPath cannot be opened, ssh will continue without - connecting to a master instance. - - X11 and ssh-agent(1) forwarding is supported over these - multiplexed connections, however the display and agent forwarded - will be the one belonging to the master connection i.e. it is not - possible to forward multiple displays or agents. - - Two additional options allow for opportunistic multiplexing: try - to use a master connection but fall back to creating a new one if - one does not already exist. These options are: M-bM-^@M-^\autoM-bM-^@M-^] and - M-bM-^@M-^\autoaskM-bM-^@M-^]. The latter requires confirmation like the M-bM-^@M-^\askM-bM-^@M-^] - option. - - ControlPath - Specify the path to the control socket used for connection - sharing as described in the ControlMaster section above or the - string M-bM-^@M-^\noneM-bM-^@M-^] to disable connection sharing. In the path, M-bM-^@M-^X%LM-bM-^@M-^Y - will be substituted by the first component of the local host - name, M-bM-^@M-^X%lM-bM-^@M-^Y will be substituted by the local host name (including - any domain name), M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted by the target host - name, M-bM-^@M-^X%nM-bM-^@M-^Y will be substituted by the original target host name - specified on the command line, M-bM-^@M-^X%pM-bM-^@M-^Y the destination port, M-bM-^@M-^X%rM-bM-^@M-^Y by - the remote login username, M-bM-^@M-^X%uM-bM-^@M-^Y by the username of the user - running ssh(1), and M-bM-^@M-^X%CM-bM-^@M-^Y by a hash of the concatenation: - %l%h%p%r. It is recommended that any ControlPath used for - opportunistic connection sharing include at least %h, %p, and %r - (or alternatively %C) and be placed in a directory that is not - writable by other users. This ensures that shared connections - are uniquely identified. - - ControlPersist - When used in conjunction with ControlMaster, specifies that the - master connection should remain open in the background (waiting - for future client connections) after the initial client - connection has been closed. If set to M-bM-^@M-^\noM-bM-^@M-^], then the master - connection will not be placed into the background, and will close - as soon as the initial client connection is closed. If set to - M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\0M-bM-^@M-^], then the master connection will remain in the - background indefinitely (until killed or closed via a mechanism - such as the ssh(1) M-bM-^@M-^\-O exitM-bM-^@M-^] option). If set to a time in - seconds, or a time in any of the formats documented in - sshd_config(5), then the backgrounded master connection will - automatically terminate after it has remained idle (with no - client connections) for the specified time. - - DynamicForward - Specifies that a TCP port on the local machine be forwarded over - the secure channel, and the application protocol is then used to - determine where to connect to from the remote machine. - - The argument must be [bind_address:]port. IPv6 addresses can be - specified by enclosing addresses in square brackets. By default, - the local port is bound in accordance with the GatewayPorts - setting. However, an explicit bind_address may be used to bind - the connection to a specific address. The bind_address of - M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be bound for local - use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port - should be available from all interfaces. - - Currently the SOCKS4 and SOCKS5 protocols are supported, and - ssh(1) will act as a SOCKS server. Multiple forwardings may be - specified, and additional forwardings can be given on the command - line. Only the superuser can forward privileged ports. - - EnableSSHKeysign - Setting this option to M-bM-^@M-^\yesM-bM-^@M-^] in the global client configuration - file /etc/ssh/ssh_config enables the use of the helper program - ssh-keysign(8) during HostbasedAuthentication. The argument must - be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. This option should be - placed in the non-hostspecific section. See ssh-keysign(8) for - more information. - - EscapeChar - Sets the escape character (default: M-bM-^@M-^X~M-bM-^@M-^Y). The escape character - can also be set on the command line. The argument should be a - single character, M-bM-^@M-^X^M-bM-^@M-^Y followed by a letter, or M-bM-^@M-^\noneM-bM-^@M-^] to disable - the escape character entirely (making the connection transparent - for binary data). - - ExitOnForwardFailure - Specifies whether ssh(1) should terminate the connection if it - cannot set up all requested dynamic, tunnel, local, and remote - port forwardings. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The - default is M-bM-^@M-^\noM-bM-^@M-^]. - - FingerprintHash - Specifies the hash algorithm used when displaying key - fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The - default is M-bM-^@M-^\sha256M-bM-^@M-^]. - - ForwardAgent - Specifies whether the connection to the authentication agent (if - any) will be forwarded to the remote machine. The argument must - be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - Agent forwarding should be enabled with caution. Users with the - ability to bypass file permissions on the remote host (for the - agent's Unix-domain socket) can access the local agent through - the forwarded connection. An attacker cannot obtain key material - from the agent, however they can perform operations on the keys - that enable them to authenticate using the identities loaded into - the agent. - - ForwardX11 - Specifies whether X11 connections will be automatically - redirected over the secure channel and DISPLAY set. The argument - must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - X11 forwarding should be enabled with caution. Users with the - ability to bypass file permissions on the remote host (for the - user's X11 authorization database) can access the local X11 - display through the forwarded connection. An attacker may then - be able to perform activities such as keystroke monitoring if the - ForwardX11Trusted option is also enabled. - - ForwardX11Timeout - Specify a timeout for untrusted X11 forwarding using the format - described in the TIME FORMATS section of sshd_config(5). X11 - connections received by ssh(1) after this time will be refused. - The default is to disable untrusted X11 forwarding after twenty - minutes has elapsed. - - ForwardX11Trusted - If this option is set to M-bM-^@M-^\yesM-bM-^@M-^], remote X11 clients will have full - access to the original X11 display. - - If this option is set to M-bM-^@M-^\noM-bM-^@M-^], remote X11 clients will be - considered untrusted and prevented from stealing or tampering - with data belonging to trusted X11 clients. Furthermore, the - xauth(1) token used for the session will be set to expire after - 20 minutes. Remote clients will be refused access after this - time. - - The default is M-bM-^@M-^\noM-bM-^@M-^]. - - See the X11 SECURITY extension specification for full details on - the restrictions imposed on untrusted clients. - - GatewayPorts - Specifies whether remote hosts are allowed to connect to local - forwarded ports. By default, ssh(1) binds local port forwardings - to the loopback address. This prevents other remote hosts from - connecting to forwarded ports. GatewayPorts can be used to - specify that ssh should bind local port forwardings to the - wildcard address, thus allowing remote hosts to connect to - forwarded ports. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The - default is M-bM-^@M-^\noM-bM-^@M-^]. - - GlobalKnownHostsFile - Specifies one or more files to use for the global host key - database, separated by whitespace. The default is - /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2. - - GSSAPIAuthentication - Specifies whether user authentication based on GSSAPI is allowed. - The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol - version 2 only. - - GSSAPIDelegateCredentials - Forward (delegate) credentials to the server. The default is - M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 only. - - HashKnownHosts - Indicates that ssh(1) should hash host names and addresses when - they are added to ~/.ssh/known_hosts. These hashed names may be - used normally by ssh(1) and sshd(8), but they do not reveal - identifying information should the file's contents be disclosed. - The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that existing names and addresses in - known hosts files will not be converted automatically, but may be - manually hashed using ssh-keygen(1). - - HostbasedAuthentication - Specifies whether to try rhosts based authentication with public - key authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The - default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 2 only - and is similar to RhostsRSAAuthentication. - - HostbasedKeyTypes - Specifies the key types that will be used for hostbased - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the - specified key types will be appended to the default set instead - of replacing them. The default for this option is: - - ecdsa-sha2-nistp256-cert-v01@openssh.com, - ecdsa-sha2-nistp384-cert-v01@openssh.com, - ecdsa-sha2-nistp521-cert-v01@openssh.com, - ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com, - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa - - The -Q option of ssh(1) may be used to list supported key types. - - HostKeyAlgorithms - Specifies the protocol version 2 host key algorithms that the - client wants to use in order of preference. Alternately if the - specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified - key types will be appended to the default set instead of - replacing them. The default for this option is: - - ecdsa-sha2-nistp256-cert-v01@openssh.com, - ecdsa-sha2-nistp384-cert-v01@openssh.com, - ecdsa-sha2-nistp521-cert-v01@openssh.com, - ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com, - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa - - If hostkeys are known for the destination host then this default - is modified to prefer their algorithms. - - The list of available key types may also be obtained using the -Q - option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^]. - - HostKeyAlias - Specifies an alias that should be used instead of the real host - name when looking up or saving the host key in the host key - database files. This option is useful for tunneling SSH - connections or for multiple servers running on a single host. - - HostName - Specifies the real host name to log into. This can be used to - specify nicknames or abbreviations for hosts. If the hostname - contains the character sequence M-bM-^@M-^X%hM-bM-^@M-^Y, then this will be replaced - with the host name specified on the command line (this is useful - for manipulating unqualified names). The character sequence M-bM-^@M-^X%%M-bM-^@M-^Y - will be replaced by a single M-bM-^@M-^X%M-bM-^@M-^Y character, which may be used - when specifying IPv6 link-local addresses. - - The default is the name given on the command line. Numeric IP - addresses are also permitted (both on the command line and in - HostName specifications). - - IdentitiesOnly - Specifies that ssh(1) should only use the authentication identity - files configured in the ssh_config files, even if ssh-agent(1) or - a PKCS11Provider offers more identities. The argument to this - keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. This option is intended for - situations where ssh-agent offers many different identities. The - default is M-bM-^@M-^\noM-bM-^@M-^]. - - IdentityFile - Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA - authentication identity is read. The default is ~/.ssh/identity - for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, - ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. - Additionally, any identities represented by the authentication - agent will be used for authentication unless IdentitiesOnly is - set. ssh(1) will try to load certificate information from the - filename obtained by appending -cert.pub to the path of a - specified IdentityFile. - - The file name may use the tilde syntax to refer to a user's home - directory or one of the following escape characters: M-bM-^@M-^X%dM-bM-^@M-^Y (local - user's home directory), M-bM-^@M-^X%uM-bM-^@M-^Y (local user name), M-bM-^@M-^X%lM-bM-^@M-^Y (local host - name), M-bM-^@M-^X%hM-bM-^@M-^Y (remote host name) or M-bM-^@M-^X%rM-bM-^@M-^Y (remote user name). - - It is possible to have multiple identity files specified in - configuration files; all these identities will be tried in - sequence. Multiple IdentityFile directives will add to the list - of identities tried (this behaviour differs from that of other - configuration directives). - - IdentityFile may be used in conjunction with IdentitiesOnly to - select which identities in an agent are offered during - authentication. - - IgnoreUnknown - Specifies a pattern-list of unknown options to be ignored if they - are encountered in configuration parsing. This may be used to - suppress errors if ssh_config contains options that are - unrecognised by ssh(1). It is recommended that IgnoreUnknown be - listed early in the configuration file as it will not be applied - to unknown options that appear before it. - - IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. - Accepted values are M-bM-^@M-^\af11M-bM-^@M-^], M-bM-^@M-^\af12M-bM-^@M-^], M-bM-^@M-^\af13M-bM-^@M-^], M-bM-^@M-^\af21M-bM-^@M-^], M-bM-^@M-^\af22M-bM-^@M-^], - M-bM-^@M-^\af23M-bM-^@M-^], M-bM-^@M-^\af31M-bM-^@M-^], M-bM-^@M-^\af32M-bM-^@M-^], M-bM-^@M-^\af33M-bM-^@M-^], M-bM-^@M-^\af41M-bM-^@M-^], M-bM-^@M-^\af42M-bM-^@M-^], M-bM-^@M-^\af43M-bM-^@M-^], M-bM-^@M-^\cs0M-bM-^@M-^], - M-bM-^@M-^\cs1M-bM-^@M-^], M-bM-^@M-^\cs2M-bM-^@M-^], M-bM-^@M-^\cs3M-bM-^@M-^], M-bM-^@M-^\cs4M-bM-^@M-^], M-bM-^@M-^\cs5M-bM-^@M-^], M-bM-^@M-^\cs6M-bM-^@M-^], M-bM-^@M-^\cs7M-bM-^@M-^], M-bM-^@M-^\efM-bM-^@M-^], - M-bM-^@M-^\lowdelayM-bM-^@M-^], M-bM-^@M-^\throughputM-bM-^@M-^], M-bM-^@M-^\reliabilityM-bM-^@M-^], or a numeric value. - This option may take one or two arguments, separated by - whitespace. If one argument is specified, it is used as the - packet class unconditionally. If two values are specified, the - first is automatically selected for interactive sessions and the - second for non-interactive sessions. The default is M-bM-^@M-^\lowdelayM-bM-^@M-^] - for interactive sessions and M-bM-^@M-^\throughputM-bM-^@M-^] for non-interactive - sessions. - - KbdInteractiveAuthentication - Specifies whether to use keyboard-interactive authentication. - The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default - is M-bM-^@M-^\yesM-bM-^@M-^]. - - KbdInteractiveDevices - Specifies the list of methods to use in keyboard-interactive - authentication. Multiple method names must be comma-separated. - The default is to use the server specified list. The methods - available vary depending on what the server supports. For an - OpenSSH server, it may be zero or more of: M-bM-^@M-^\bsdauthM-bM-^@M-^], M-bM-^@M-^\pamM-bM-^@M-^], and - M-bM-^@M-^\skeyM-bM-^@M-^]. - - KexAlgorithms - Specifies the available KEX (Key Exchange) algorithms. Multiple - algorithms must be comma-separated. Alternately if the specified - value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods - will be appended to the default set instead of replacing them. - The default is: - - curve25519-sha256@libssh.org, - ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, - diffie-hellman-group-exchange-sha256, - diffie-hellman-group-exchange-sha1, - diffie-hellman-group14-sha1 - - The list of available key exchange algorithms may also be - obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^]. - - LocalCommand - Specifies a command to execute on the local machine after - successfully connecting to the server. The command string - extends to the end of the line, and is executed with the user's - shell. The following escape character substitutions will be - performed: M-bM-^@M-^X%dM-bM-^@M-^Y (local user's home directory), M-bM-^@M-^X%hM-bM-^@M-^Y (remote host - name), M-bM-^@M-^X%lM-bM-^@M-^Y (local host name), M-bM-^@M-^X%nM-bM-^@M-^Y (host name as provided on the - command line), M-bM-^@M-^X%pM-bM-^@M-^Y (remote port), M-bM-^@M-^X%rM-bM-^@M-^Y (remote user name) or - M-bM-^@M-^X%uM-bM-^@M-^Y (local user name) or M-bM-^@M-^X%CM-bM-^@M-^Y by a hash of the concatenation: - %l%h%p%r. - - The command is run synchronously and does not have access to the - session of the ssh(1) that spawned it. It should not be used for - interactive commands. - - This directive is ignored unless PermitLocalCommand has been - enabled. - - LocalForward - Specifies that a TCP port on the local machine be forwarded over - the secure channel to the specified host and port from the remote - machine. The first argument must be [bind_address:]port and the - second argument must be host:hostport. IPv6 addresses can be - specified by enclosing addresses in square brackets. Multiple - forwardings may be specified, and additional forwardings can be - given on the command line. Only the superuser can forward - privileged ports. By default, the local port is bound in - accordance with the GatewayPorts setting. However, an explicit - bind_address may be used to bind the connection to a specific - address. The bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the - listening port be bound for local use only, while an empty - address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port should be available from - all interfaces. - - LogLevel - Gives the verbosity level that is used when logging messages from - ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO, - VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. - DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify - higher levels of verbose output. - - MACs Specifies the MAC (message authentication code) algorithms in - order of preference. The MAC algorithm is used in protocol - version 2 for data integrity protection. Multiple algorithms - must be comma-separated. If the specified value begins with a - M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms will be appended to - the default set instead of replacing them. - - The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after - encryption (encrypt-then-mac). These are considered safer and - their use recommended. - - The default is: - - umac-64-etm@openssh.com,umac-128-etm@openssh.com, - hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, - umac-64@openssh.com,umac-128@openssh.com, - hmac-sha2-256,hmac-sha2-512, - hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, - hmac-ripemd160-etm@openssh.com, - hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, - hmac-md5,hmac-sha1,hmac-ripemd160, - hmac-sha1-96,hmac-md5-96 - - The list of available MAC algorithms may also be obtained using - the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. - - NoHostAuthenticationForLocalhost - This option can be used if the home directory is shared across - machines. In this case localhost will refer to a different - machine on each of the machines and the user will get many - warnings about changed host keys. However, this option disables - host authentication for localhost. The argument to this keyword - must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is to check the host key for - localhost. - - NumberOfPasswordPrompts - Specifies the number of password prompts before giving up. The - argument to this keyword must be an integer. The default is 3. - - PasswordAuthentication - Specifies whether to use password authentication. The argument - to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. - - PermitLocalCommand - Allow local command execution via the LocalCommand option or - using the !command escape sequence in ssh(1). The argument must - be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - PKCS11Provider - Specifies which PKCS#11 provider to use. The argument to this - keyword is the PKCS#11 shared library ssh(1) should use to - communicate with a PKCS#11 token providing the user's private RSA - key. - - Port Specifies the port number to connect on the remote host. The - default is 22. - - PreferredAuthentications - Specifies the order in which the client should try protocol 2 - authentication methods. This allows a client to prefer one - method (e.g. keyboard-interactive) over another method (e.g. - password). The default is: - - gssapi-with-mic,hostbased,publickey, - keyboard-interactive,password - - Protocol - Specifies the protocol versions ssh(1) should support in order of - preference. The possible values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple - versions must be comma-separated. When this option is set to - M-bM-^@M-^\2,1M-bM-^@M-^] ssh will try version 2 and fall back to version 1 if - version 2 is not available. The default is M-bM-^@M-^X2M-bM-^@M-^Y. - - ProxyCommand - Specifies the command to use to connect to the server. The - command string extends to the end of the line, and is executed - using the user's shell M-bM-^@M-^XexecM-bM-^@M-^Y directive to avoid a lingering - shell process. - - In the command string, any occurrence of M-bM-^@M-^X%hM-bM-^@M-^Y will be substituted - by the host name to connect, M-bM-^@M-^X%pM-bM-^@M-^Y by the port, and M-bM-^@M-^X%rM-bM-^@M-^Y by the - remote user name. The command can be basically anything, and - should read from its standard input and write to its standard - output. It should eventually connect an sshd(8) server running - on some machine, or execute sshd -i somewhere. Host key - management will be done using the HostName of the host being - connected (defaulting to the name typed by the user). Setting - the command to M-bM-^@M-^\noneM-bM-^@M-^] disables this option entirely. Note that - CheckHostIP is not available for connects with a proxy command. - - This directive is useful in conjunction with nc(1) and its proxy - support. For example, the following directive would connect via - an HTTP proxy at 192.0.2.0: - - ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p - - ProxyUseFdpass - Specifies that ProxyCommand will pass a connected file descriptor - back to ssh(1) instead of continuing to execute and pass data. - The default is M-bM-^@M-^\noM-bM-^@M-^]. - - PubkeyAcceptedKeyTypes - Specifies the key types that will be used for public key - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key - types after it will be appended to the default instead of - replacing it. The default for this option is: - - ecdsa-sha2-nistp256-cert-v01@openssh.com, - ecdsa-sha2-nistp384-cert-v01@openssh.com, - ecdsa-sha2-nistp521-cert-v01@openssh.com, - ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com, - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa - - The -Q option of ssh(1) may be used to list supported key types. - - PubkeyAuthentication - Specifies whether to try public key authentication. The argument - to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\yesM-bM-^@M-^]. - This option applies to protocol version 2 only. - - RekeyLimit - Specifies the maximum amount of data that may be transmitted - before the session key is renegotiated, optionally followed a - maximum amount of time that may pass before the session key is - renegotiated. The first argument is specified in bytes and may - have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, - Megabytes, or Gigabytes, respectively. The default is between - M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second - value is specified in seconds and may use any of the units - documented in the TIME FORMATS section of sshd_config(5). The - default value for RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that - rekeying is performed after the cipher's default amount of data - has been sent or received and no time based rekeying is done. - This option applies to protocol version 2 only. - - RemoteForward - Specifies that a TCP port on the remote machine be forwarded over - the secure channel to the specified host and port from the local - machine. The first argument must be [bind_address:]port and the - second argument must be host:hostport. IPv6 addresses can be - specified by enclosing addresses in square brackets. Multiple - forwardings may be specified, and additional forwardings can be - given on the command line. Privileged ports can be forwarded - only when logging in as root on the remote machine. - - If the port argument is M-bM-^@M-^X0M-bM-^@M-^Y, the listen port will be dynamically - allocated on the server and reported to the client at run time. - - If the bind_address is not specified, the default is to only bind - to loopback addresses. If the bind_address is M-bM-^@M-^X*M-bM-^@M-^Y or an empty - string, then the forwarding is requested to listen on all - interfaces. Specifying a remote bind_address will only succeed - if the server's GatewayPorts option is enabled (see - sshd_config(5)). - - RequestTTY - Specifies whether to request a pseudo-tty for the session. The - argument may be one of: M-bM-^@M-^\noM-bM-^@M-^] (never request a TTY), M-bM-^@M-^\yesM-bM-^@M-^] (always - request a TTY when standard input is a TTY), M-bM-^@M-^\forceM-bM-^@M-^] (always - request a TTY) or M-bM-^@M-^\autoM-bM-^@M-^] (request a TTY when opening a login - session). This option mirrors the -t and -T flags for ssh(1). - - RevokedHostKeys - Specifies revoked host public keys. Keys listed in this file - will be refused for host authentication. Note that if this file - does not exist or is not readable, then host authentication will - be refused for all hosts. Keys may be specified as a text file, - listing one public key per line, or as an OpenSSH Key Revocation - List (KRL) as generated by ssh-keygen(1). For more information - on KRLs, see the KEY REVOCATION LISTS section in ssh-keygen(1). - - RhostsRSAAuthentication - Specifies whether to try rhosts based authentication with RSA - host authentication. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The - default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only - and requires ssh(1) to be setuid root. - - RSAAuthentication - Specifies whether to try RSA authentication. The argument to - this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. RSA authentication will only - be attempted if the identity file exists, or an authentication - agent is running. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option - applies to protocol version 1 only. - - SendEnv - Specifies what variables from the local environ(7) should be sent - to the server. Note that environment passing is only supported - for protocol 2. The server must also support it, and the server - must be configured to accept these environment variables. Note - that the TERM environment variable is always sent whenever a - pseudo-terminal is requested as it is required by the protocol. - Refer to AcceptEnv in sshd_config(5) for how to configure the - server. Variables are specified by name, which may contain - wildcard characters. Multiple environment variables may be - separated by whitespace or spread across multiple SendEnv - directives. The default is not to send any environment - variables. - - See PATTERNS for more information on patterns. - - ServerAliveCountMax - Sets the number of server alive messages (see below) which may be - sent without ssh(1) receiving any messages back from the server. - If this threshold is reached while server alive messages are - being sent, ssh will disconnect from the server, terminating the - session. It is important to note that the use of server alive - messages is very different from TCPKeepAlive (below). The server - alive messages are sent through the encrypted channel and - therefore will not be spoofable. The TCP keepalive option - enabled by TCPKeepAlive is spoofable. The server alive mechanism - is valuable when the client or server depend on knowing when a - connection has become inactive. - - The default value is 3. If, for example, ServerAliveInterval - (see below) is set to 15 and ServerAliveCountMax is left at the - default, if the server becomes unresponsive, ssh will disconnect - after approximately 45 seconds. This option applies to protocol - version 2 only. - - ServerAliveInterval - Sets a timeout interval in seconds after which if no data has - been received from the server, ssh(1) will send a message through - the encrypted channel to request a response from the server. The - default is 0, indicating that these messages will not be sent to - the server. This option applies to protocol version 2 only. - - StreamLocalBindMask - Sets the octal file creation mode mask (umask) used when creating - a Unix-domain socket file for local or remote port forwarding. - This option is only used for port forwarding to a Unix-domain - socket file. - - The default value is 0177, which creates a Unix-domain socket - file that is readable and writable only by the owner. Note that - not all operating systems honor the file mode on Unix-domain - socket files. - - StreamLocalBindUnlink - Specifies whether to remove an existing Unix-domain socket file - for local or remote port forwarding before creating a new one. - If the socket file already exists and StreamLocalBindUnlink is - not enabled, ssh will be unable to forward the port to the Unix- - domain socket file. This option is only used for port forwarding - to a Unix-domain socket file. - - The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - StrictHostKeyChecking - If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], ssh(1) will never automatically add - host keys to the ~/.ssh/known_hosts file, and refuses to connect - to hosts whose host key has changed. This provides maximum - protection against trojan horse attacks, though it can be - annoying when the /etc/ssh/ssh_known_hosts file is poorly - maintained or when connections to new hosts are frequently made. - This option forces the user to manually add all new hosts. If - this flag is set to M-bM-^@M-^\noM-bM-^@M-^], ssh will automatically add new host - keys to the user known hosts files. If this flag is set to - M-bM-^@M-^\askM-bM-^@M-^], new host keys will be added to the user known host files - only after the user has confirmed that is what they really want - to do, and ssh will refuse to connect to hosts whose host key has - changed. The host keys of known hosts will be verified - automatically in all cases. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or - M-bM-^@M-^\askM-bM-^@M-^]. The default is M-bM-^@M-^\askM-bM-^@M-^]. - - TCPKeepAlive - Specifies whether the system should send TCP keepalive messages - to the other side. If they are sent, death of the connection or - crash of one of the machines will be properly noticed. However, - this means that connections will die if the route is down - temporarily, and some people find it annoying. - - The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send TCP keepalive messages), and the - client will notice if the network goes down or the remote host - dies. This is important in scripts, and many users want it too. - - To disable TCP keepalive messages, the value should be set to - M-bM-^@M-^\noM-bM-^@M-^]. - - Tunnel Request tun(4) device forwarding between the client and the - server. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\point-to-pointM-bM-^@M-^] (layer 3), - M-bM-^@M-^\ethernetM-bM-^@M-^] (layer 2), or M-bM-^@M-^\noM-bM-^@M-^]. Specifying M-bM-^@M-^\yesM-bM-^@M-^] requests the - default tunnel mode, which is M-bM-^@M-^\point-to-pointM-bM-^@M-^]. The default is - M-bM-^@M-^\noM-bM-^@M-^]. - - TunnelDevice - Specifies the tun(4) devices to open on the client (local_tun) - and the server (remote_tun). - - The argument must be local_tun[:remote_tun]. The devices may be - specified by numerical ID or the keyword M-bM-^@M-^\anyM-bM-^@M-^], which uses the - next available tunnel device. If remote_tun is not specified, it - defaults to M-bM-^@M-^\anyM-bM-^@M-^]. The default is M-bM-^@M-^\any:anyM-bM-^@M-^]. - - UpdateHostKeys - Specifies whether ssh(1) should accept notifications of - additional hostkeys from the server sent after authentication has - completed and add them to UserKnownHostsFile. The argument must - be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^] (the default) or M-bM-^@M-^\askM-bM-^@M-^]. Enabling this option - allows learning alternate hostkeys for a server and supports - graceful key rotation by allowing a server to send replacement - public keys before old ones are removed. Additional hostkeys are - only accepted if the key used to authenticate the host was - already trusted or explicity accepted by the user. If - UpdateHostKeys is set to M-bM-^@M-^\askM-bM-^@M-^], then the user is asked to confirm - the modifications to the known_hosts file. Confirmation is - currently incompatible with ControlPersist, and will be disabled - if it is enabled. - - Presently, only sshd(8) from OpenSSH 6.8 and greater support the - M-bM-^@M-^\hostkeys@openssh.comM-bM-^@M-^] protocol extension used to inform the - client of all the server's hostkeys. - - UsePrivilegedPort - Specifies whether to use a privileged port for outgoing - connections. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is - M-bM-^@M-^\noM-bM-^@M-^]. If set to M-bM-^@M-^\yesM-bM-^@M-^], ssh(1) must be setuid root. Note that - this option must be set to M-bM-^@M-^\yesM-bM-^@M-^] for RhostsRSAAuthentication with - older servers. - - User Specifies the user to log in as. This can be useful when a - different user name is used on different machines. This saves - the trouble of having to remember to give the user name on the - command line. - - UserKnownHostsFile - Specifies one or more files to use for the user host key - database, separated by whitespace. The default is - ~/.ssh/known_hosts, ~/.ssh/known_hosts2. - - VerifyHostKeyDNS - Specifies whether to verify the remote key using DNS and SSHFP - resource records. If this option is set to M-bM-^@M-^\yesM-bM-^@M-^], the client - will implicitly trust keys that match a secure fingerprint from - DNS. Insecure fingerprints will be handled as if this option was - set to M-bM-^@M-^\askM-bM-^@M-^]. If this option is set to M-bM-^@M-^\askM-bM-^@M-^], information on - fingerprint match will be displayed, but the user will still need - to confirm new host keys according to the StrictHostKeyChecking - option. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\noM-bM-^@M-^], or M-bM-^@M-^\askM-bM-^@M-^]. The default - is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol version 2 - only. - - See also VERIFYING HOST KEYS in ssh(1). - - VisualHostKey - If this flag is set to M-bM-^@M-^\yesM-bM-^@M-^], an ASCII art representation of the - remote host key fingerprint is printed in addition to the - fingerprint string at login and for unknown host keys. If this - flag is set to M-bM-^@M-^\noM-bM-^@M-^], no fingerprint strings are printed at login - and only the fingerprint string will be printed for unknown host - keys. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - XAuthLocation - Specifies the full pathname of the xauth(1) program. The default - is /usr/X11R6/bin/xauth. - -PATTERNS - A pattern consists of zero or more non-whitespace characters, M-bM-^@M-^X*M-bM-^@M-^Y (a - wildcard that matches zero or more characters), or M-bM-^@M-^X?M-bM-^@M-^Y (a wildcard that - matches exactly one character). For example, to specify a set of - declarations for any host in the M-bM-^@M-^\.co.ukM-bM-^@M-^] set of domains, the following - pattern could be used: - - Host *.co.uk - - The following pattern would match any host in the 192.168.0.[0-9] network - range: - - Host 192.168.0.? - - A pattern-list is a comma-separated list of patterns. Patterns within - pattern-lists may be negated by preceding them with an exclamation mark - (M-bM-^@M-^X!M-bM-^@M-^Y). For example, to allow a key to be used from anywhere within an - organization except from the M-bM-^@M-^\dialupM-bM-^@M-^] pool, the following entry (in - authorized_keys) could be used: - - from="!*.dialup.example.com,*.example.com" - -FILES - ~/.ssh/config - This is the per-user configuration file. The format of this file - is described above. This file is used by the SSH client. - Because of the potential for abuse, this file must have strict - permissions: read/write for the user, and not accessible by - others. - - /etc/ssh/ssh_config - Systemwide configuration file. This file provides defaults for - those values that are not specified in the user's configuration - file, and for those users who do not have a configuration file. - This file must be world-readable. - -SEE ALSO - ssh(1) - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. - -OpenBSD 5.8 August 14, 2015 OpenBSD 5.8 diff --git a/ssh_config.5 b/ssh_config.5 index a47f3ca..7630e7b 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ -.Dd $Mdocdate: August 14 2015 $ +.\" $OpenBSD: ssh_config.5,v 1.236 2016/07/22 07:00:46 djm Exp $ +.Dd $Mdocdate: July 22 2016 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -139,7 +139,7 @@ or keyword) to be used only when the conditions following the .Cm Match keyword are satisfied. -Match conditions are specified using one or more critera +Match conditions are specified using one or more criteria or the single token .Cm all which always matches. @@ -221,6 +221,39 @@ keyword matches against the name of the local user running (this keyword may be useful in system-wide .Nm files). +.It Cm AddKeysToAgent +Specifies whether keys should be automatically added to a running +.Xr ssh-agent 1 . +If this option is set to +.Dq yes +and a key is loaded from a file, the key and its passphrase are added to +the agent with the default lifetime, as if by +.Xr ssh-add 1 . +If this option is set to +.Dq ask , +.Nm ssh +will require confirmation using the +.Ev SSH_ASKPASS +program before adding a key (see +.Xr ssh-add 1 +for details). +If this option is set to +.Dq confirm , +each use of the key must be confirmed, as if the +.Fl c +option was specified to +.Xr ssh-add 1 . +If this option is set to +.Dq no , +no keys are added to the agent. +The argument must be +.Dq yes , +.Dq confirm , +.Dq ask , +or +.Dq no . +The default is +.Dq no . .It Cm AddressFamily Specifies which address family to use when connecting. Valid arguments are @@ -229,6 +262,8 @@ Valid arguments are (use IPv4 only), or .Dq inet6 (use IPv6 only). +The default is +.Dq any . .It Cm BatchMode If set to .Dq yes , @@ -325,6 +360,41 @@ to be canonicalized to names in the or .Dq *.c.example.com domains. +.It Cm CertificateFile +Specifies a file from which the user's certificate is read. +A corresponding private key must be provided separately in order +to use this certificate either +from an +.Cm IdentityFile +directive or +.Fl i +flag to +.Xr ssh 1 , +via +.Xr ssh-agent 1 , +or via a +.Cm PKCS11Provider . +.Pp +The file name may use the tilde +syntax to refer to a user's home directory or one of the following +escape characters: +.Ql %d +(local user's home directory), +.Ql %u +(local user name), +.Ql %l +(local host name), +.Ql %h +(remote host name) or +.Ql %r +(remote user name). +.Pp +It is possible to have multiple certificate files specified in +configuration files; these certificates will be tried in sequence. +Multiple +.Cm CertificateFile +directives will add to the list of certificates used for +authentication. .It Cm ChallengeResponseAuthentication Specifies whether to use challenge-response authentication. The argument to this keyword must be @@ -418,9 +488,7 @@ The default is: chacha20-poly1305@openssh.com, aes128-ctr,aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com, -arcfour256,arcfour128, -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, -aes192-cbc,aes256-cbc,arcfour +aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc .Ed .Pp The list of available ciphers may also be obtained using the @@ -538,8 +606,11 @@ the destination port, .Ql %r by the remote login username, .Ql %u -by the username of the user running -.Xr ssh 1 , and +by the username and +.Ql %i +by the numeric user ID (uid) of the user running +.Xr ssh 1 , +and .Ql \&%C by a hash of the concatenation: %l%h%p%r. It is recommended that any @@ -639,7 +710,14 @@ data). Specifies whether .Xr ssh 1 should terminate the connection if it cannot set up all requested -dynamic, tunnel, local, and remote port forwardings. +dynamic, tunnel, local, and remote port forwardings, (e.g.\& +if either end is unable to bind and listen on a specified port). +Note that +.Cm ExitOnForwardFailure +does not apply to connections made over port forwardings and will not, +for example, cause +.Xr ssh 1 +to exit if TCP connections to the ultimate forwarding destination fail. The argument must be .Dq yes or @@ -748,12 +826,10 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm HashKnownHosts Indicates that .Xr ssh 1 @@ -780,9 +856,6 @@ or .Dq no . The default is .Dq no . -This option applies to protocol version 2 only and -is similar to -.Cm RhostsRSAAuthentication . .It Cm HostbasedKeyTypes Specifies the key types that will be used for hostbased authentication as a comma-separated pattern list. @@ -807,7 +880,7 @@ option of .Xr ssh 1 may be used to list supported key types. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the client wants to use in order of preference. Alternately if the specified value begins with a .Sq + @@ -859,9 +932,13 @@ specifications). .It Cm IdentitiesOnly Specifies that .Xr ssh 1 -should only use the authentication identity files configured in the +should only use the authentication identity and certificate files explicitly +configured in the .Nm -files, +files +or passed on the +.Xr ssh 1 +command-line, even if .Xr ssh-agent 1 or a @@ -875,6 +952,36 @@ This option is intended for situations where ssh-agent offers many different identities. The default is .Dq no . +.It Cm IdentityAgent +Specifies the +.Ux Ns -domain +socket used to communicate with the authentication agent. +.Pp +This option overrides the +.Dq SSH_AUTH_SOCK +environment variable and can be used to select a specific agent. +Setting the socket name to +.Dq none +disables the use of an authentication agent. +If the string +.Dq SSH_AUTH_SOCK +is specified, the location of the socket will be read from the +.Ev SSH_AUTH_SOCK +environment variable. +.Pp +The socket name may use the tilde +syntax to refer to a user's home directory or one of the following +escape characters: +.Ql %d +(local user's home directory), +.Ql %u +(local user name), +.Ql %l +(local host name), +.Ql %h +(remote host name) or +.Ql %r +(remote user name). .It Cm IdentityFile Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication identity is read. @@ -891,6 +998,8 @@ Additionally, any identities represented by the authentication agent will be used for authentication unless .Cm IdentitiesOnly is set. +If no certificates have been explicitly specified by +.Cm CertificateFile , .Xr ssh 1 will try to load certificate information from the filename obtained by appending @@ -924,6 +1033,11 @@ differs from that of other configuration directives). may be used in conjunction with .Cm IdentitiesOnly to select which identities in an agent are offered during authentication. +.Cm IdentityFile +may also be used in conjunction with +.Cm CertificateFile +in order to provide any certificate also needed for authentication with +the identity. .It Cm IgnoreUnknown Specifies a pattern-list of unknown options to be ignored if they are encountered in configuration parsing. @@ -935,6 +1049,25 @@ It is recommended that .Cm IgnoreUnknown be listed early in the configuration file as it will not be applied to unknown options that appear before it. +.It Cm Include +Include the specified configuration file(s). +Multiple pathnames may be specified and each pathname may contain +.Xr glob 3 +wildcards and, for user configurations, shell-like +.Dq ~ +references to user home directories. +Files without absolute paths are assumed to be in +.Pa ~/.ssh +if included in a user configuration file or +.Pa /etc/ssh +if included from the system configuration file. +.Cm Include +directive may appear inside a +.Cm Match +or +.Cm Host +block +to perform conditional inclusion. .It Cm IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. Accepted values are @@ -1083,8 +1216,7 @@ DEBUG2 and DEBUG3 each specify higher levels of verbose output. .It Cm MACs Specifies the MAC (message authentication code) algorithms in order of preference. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1100,13 +1232,9 @@ The default is: .Bd -literal -offset indent umac-64-etm@openssh.com,umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +hmac-sha1-etm@openssh.com, umac-64@openssh.com,umac-128@openssh.com, -hmac-sha2-256,hmac-sha2-512, -hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, -hmac-ripemd160-etm@openssh.com, -hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, -hmac-md5,hmac-sha1,hmac-ripemd160, -hmac-sha1-96,hmac-md5-96 +hmac-sha2-256,hmac-sha2-512,hmac-sha1 .Ed .Pp The list of available MAC algorithms may also be obtained using the @@ -1160,8 +1288,7 @@ private RSA key. Specifies the port number to connect on the remote host. The default is 22. .It Cm PreferredAuthentications -Specifies the order in which the client should try protocol 2 -authentication methods. +Specifies the order in which the client should try authentication methods. This allows a client to prefer one method (e.g.\& .Cm keyboard-interactive ) over another method (e.g.\& @@ -1187,6 +1314,9 @@ will try version 2 and fall back to version 1 if version 2 is not available. The default is .Sq 2 . +Protocol 1 suffers from a number of cryptographic weaknesses and should +not be used. +It is only offered to support legacy devices. .It Cm ProxyCommand Specifies the command to use to connect to the server. The command @@ -1228,6 +1358,30 @@ For example, the following directive would connect via an HTTP proxy at .Bd -literal -offset 3n ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p .Ed +.It Cm ProxyJump +Specifies one or more jump proxies as +.Xo +.Sm off +.Op Ar user No @ +.Ar host +.Op : Ns Ar port +.Sm on +.Xc . +Multiple proxies may be separated by comma characters and will be visited +sequentially. +Setting this option will cause +.Xr ssh 1 +to connect to the target host by first making a +.Xr ssh 1 +connection to the specified +.Cm ProxyJump +host and then establishing a +TCP forwarding to the ultimate target from there. +.Pp +Note that this option will compete with the +.Cm ProxyCommand +option - whichever is specified first will prevent later instances of the +other from taking effect. .It Cm ProxyUseFdpass Specifies that .Cm ProxyCommand @@ -1267,7 +1421,6 @@ or .Dq no . The default is .Dq yes . -This option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1293,7 +1446,6 @@ is .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RemoteForward Specifies that a TCP port on the remote machine be forwarded over the secure channel to the specified host and port from the local machine. @@ -1386,7 +1538,6 @@ Note that this option applies to protocol version 1 only. Specifies what variables from the local .Xr environ 7 should be sent to the server. -Note that environment passing is only supported for protocol 2. The server must also support it, and the server must be configured to accept these environment variables. Note that the @@ -1434,7 +1585,6 @@ If, for example, .Cm ServerAliveCountMax is left at the default, if the server becomes unresponsive, ssh will disconnect after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ServerAliveInterval Sets a timeout interval in seconds after which if no data has been received from the server, @@ -1443,7 +1593,6 @@ will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. -This option applies to protocol version 2 only. .It Cm StreamLocalBindMask Sets the octal file creation mode mask .Pq umask @@ -1575,7 +1724,7 @@ Enabling this option allows learning alternate hostkeys for a server and supports graceful key rotation by allowing a server to send replacement public keys before old ones are removed. Additional hostkeys are only accepted if the key used to authenticate the -host was already trusted or explicity accepted by the user. +host was already trusted or explicitly accepted by the user. If .Cm UpdateHostKeys is set to @@ -1640,7 +1789,6 @@ or .Dq ask . The default is .Dq no . -Note that this option applies to protocol version 2 only. .Pp See also VERIFYING HOST KEYS in .Xr ssh 1 . diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c index 8ff8a0a..74c49be 100644 --- a/sshbuf-getput-basic.c +++ b/sshbuf-getput-basic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-basic.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-basic.c,v 1.6 2016/06/16 11:00:17 dtucker Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -19,6 +19,8 @@ #include "includes.h" #include <sys/types.h> + +#include <stdarg.h> #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -131,7 +133,7 @@ sshbuf_get_string_direct(struct sshbuf *buf, const u_char **valp, size_t *lenp) *lenp = 0; if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) return r; - if (valp != 0) + if (valp != NULL) *valp = p; if (lenp != NULL) *lenp = len; @@ -168,7 +170,7 @@ sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp, SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); return SSH_ERR_MESSAGE_INCOMPLETE; } - if (valp != 0) + if (valp != NULL) *valp = p + 4; if (lenp != NULL) *lenp = len; @@ -268,7 +270,7 @@ sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) int r, len; u_char *p; - va_copy(ap2, ap); + VA_COPY(ap2, ap); if ((len = vsnprintf(NULL, 0, fmt, ap2)) < 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -278,7 +280,7 @@ sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) goto out; /* Nothing to do */ } va_end(ap2); - va_copy(ap2, ap); + VA_COPY(ap2, ap); if ((r = sshbuf_reserve(buf, (size_t)len + 1, &p)) < 0) goto out; if ((r = vsnprintf((char *)p, len + 1, fmt, ap2)) != len) { @@ -448,7 +450,7 @@ sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf, d++; len--; } - if (valp != 0) + if (valp != NULL) *valp = d; if (lenp != NULL) *lenp = len; diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index e2e093c..d0d791b 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.4 2015/01/14 15:02:39 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -158,10 +158,10 @@ sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v) if (len > 0 && (d[1] & 0x80) != 0) prepend = 1; if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) { - bzero(d, sizeof(d)); + explicit_bzero(d, sizeof(d)); return r; } - bzero(d, sizeof(d)); + explicit_bzero(d, sizeof(d)); return 0; } @@ -177,13 +177,13 @@ sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v) if (BN_bn2bin(v, d) != (int)len_bytes) return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */ if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) { - bzero(d, sizeof(d)); + explicit_bzero(d, sizeof(d)); return r; } POKE_U16(dp, len_bits); if (len_bytes != 0) memcpy(dp + 2, d, len_bytes); - bzero(d, sizeof(d)); + explicit_bzero(d, sizeof(d)); return 0; } @@ -210,7 +210,7 @@ sshbuf_put_ec(struct sshbuf *buf, const EC_POINT *v, const EC_GROUP *g) } BN_CTX_free(bn_ctx); ret = sshbuf_put_string(buf, d, len); - bzero(d, len); + explicit_bzero(d, len); return ret; } diff --git a/sshbuf-misc.c b/sshbuf-misc.c index d022065..15dcfbc 100644 --- a/sshbuf-misc.c +++ b/sshbuf-misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-misc.c,v 1.4 2015/03/24 20:03:44 markus Exp $ */ +/* $OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -103,7 +103,7 @@ sshbuf_dtob64(struct sshbuf *buf) if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL) return NULL; if ((r = b64_ntop(p, len, ret, plen)) == -1) { - bzero(ret, plen); + explicit_bzero(ret, plen); free(ret); return NULL; } @@ -122,17 +122,40 @@ sshbuf_b64tod(struct sshbuf *buf, const char *b64) if ((p = malloc(plen)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((nlen = b64_pton(b64, p, plen)) < 0) { - bzero(p, plen); + explicit_bzero(p, plen); free(p); return SSH_ERR_INVALID_FORMAT; } if ((r = sshbuf_put(buf, p, nlen)) < 0) { - bzero(p, plen); + explicit_bzero(p, plen); free(p); return r; } - bzero(p, plen); + explicit_bzero(p, plen); free(p); return 0; } +char * +sshbuf_dup_string(struct sshbuf *buf) +{ + const u_char *p = NULL, *s = sshbuf_ptr(buf); + size_t l = sshbuf_len(buf); + char *r; + + if (s == NULL || l > SIZE_MAX) + return NULL; + /* accept a nul only as the last character in the buffer */ + if (l > 0 && (p = memchr(s, '\0', l)) != NULL) { + if (p != s + l - 1) + return NULL; + l--; /* the nul is put back below */ + } + if ((r = malloc(l + 1)) == NULL) + return NULL; + if (l > 0) + memcpy(r, s, l); + r[l] = '\0'; + return r; +} + diff --git a/sshbuf.c b/sshbuf.c index dbe0c91..4d6e0ea 100644 --- a/sshbuf.c +++ b/sshbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.3 2015/01/20 23:14:00 deraadt Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.6 2016/01/12 23:42:54 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -134,7 +134,7 @@ sshbuf_fromb(struct sshbuf *buf) void sshbuf_init(struct sshbuf *ret) { - bzero(ret, sizeof(*ret)); + explicit_bzero(ret, sizeof(*ret)); ret->alloc = SSHBUF_SIZE_INIT; ret->max_size = SSHBUF_SIZE_MAX; ret->readonly = 0; @@ -163,10 +163,8 @@ sshbuf_free(struct sshbuf *buf) * If we are a child, the free our parent to decrement its reference * count and possibly free it. */ - if (buf->parent != NULL) { - sshbuf_free(buf->parent); - buf->parent = NULL; - } + sshbuf_free(buf->parent); + buf->parent = NULL; /* * If we are a parent with still-extant children, then don't free just * yet. The last child's call to sshbuf_free should decrement our @@ -177,10 +175,10 @@ sshbuf_free(struct sshbuf *buf) return; dont_free = buf->dont_free; if (!buf->readonly) { - bzero(buf->d, buf->alloc); + explicit_bzero(buf->d, buf->alloc); free(buf->d); } - bzero(buf, sizeof(*buf)); + explicit_bzero(buf, sizeof(*buf)); if (!dont_free) free(buf); } @@ -196,7 +194,7 @@ sshbuf_reset(struct sshbuf *buf) return; } if (sshbuf_check_sanity(buf) == 0) - bzero(buf->d, buf->alloc); + explicit_bzero(buf->d, buf->alloc); buf->off = buf->size = 0; if (buf->alloc != SSHBUF_SIZE_INIT) { if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) { @@ -255,7 +253,7 @@ sshbuf_set_max_size(struct sshbuf *buf, size_t max_size) rlen = roundup(buf->size, SSHBUF_SIZE_INC); if (rlen > max_size) rlen = max_size; - bzero(buf->d + buf->size, buf->alloc - buf->size); + explicit_bzero(buf->d + buf->size, buf->alloc - buf->size); SSHBUF_DBG(("new alloc = %zu", rlen)); if ((dp = realloc(buf->d, rlen)) == NULL) return SSH_ERR_ALLOC_FAIL; diff --git a/sshbuf.h b/sshbuf.h index eb0d92e..52ff017 100644 --- a/sshbuf.h +++ b/sshbuf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.4 2015/01/14 15:02:39 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.7 2016/05/02 08:49:03 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -120,12 +120,12 @@ size_t sshbuf_len(const struct sshbuf *buf); size_t sshbuf_avail(const struct sshbuf *buf); /* - * Returns a read-only pointer to the start of the the data in buf + * Returns a read-only pointer to the start of the data in buf */ const u_char *sshbuf_ptr(const struct sshbuf *buf); /* - * Returns a mutable pointer to the start of the the data in buf, or + * Returns a mutable pointer to the start of the data in buf, or * NULL if the buffer is read-only. */ u_char *sshbuf_mutable_ptr(const struct sshbuf *buf); @@ -239,47 +239,57 @@ char *sshbuf_dtob64(struct sshbuf *buf); /* Decode base64 data and append it to the buffer */ int sshbuf_b64tod(struct sshbuf *buf, const char *b64); +/* + * Duplicate the contents of a buffer to a string (caller to free). + * Returns NULL on buffer error, or if the buffer contains a premature + * nul character. + */ +char *sshbuf_dup_string(struct sshbuf *buf); + /* Macros for decoding/encoding integers */ #define PEEK_U64(p) \ - (((u_int64_t)(((u_char *)(p))[0]) << 56) | \ - ((u_int64_t)(((u_char *)(p))[1]) << 48) | \ - ((u_int64_t)(((u_char *)(p))[2]) << 40) | \ - ((u_int64_t)(((u_char *)(p))[3]) << 32) | \ - ((u_int64_t)(((u_char *)(p))[4]) << 24) | \ - ((u_int64_t)(((u_char *)(p))[5]) << 16) | \ - ((u_int64_t)(((u_char *)(p))[6]) << 8) | \ - (u_int64_t)(((u_char *)(p))[7])) + (((u_int64_t)(((const u_char *)(p))[0]) << 56) | \ + ((u_int64_t)(((const u_char *)(p))[1]) << 48) | \ + ((u_int64_t)(((const u_char *)(p))[2]) << 40) | \ + ((u_int64_t)(((const u_char *)(p))[3]) << 32) | \ + ((u_int64_t)(((const u_char *)(p))[4]) << 24) | \ + ((u_int64_t)(((const u_char *)(p))[5]) << 16) | \ + ((u_int64_t)(((const u_char *)(p))[6]) << 8) | \ + (u_int64_t)(((const u_char *)(p))[7])) #define PEEK_U32(p) \ - (((u_int32_t)(((u_char *)(p))[0]) << 24) | \ - ((u_int32_t)(((u_char *)(p))[1]) << 16) | \ - ((u_int32_t)(((u_char *)(p))[2]) << 8) | \ - (u_int32_t)(((u_char *)(p))[3])) + (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ + ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ + ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ + (u_int32_t)(((const u_char *)(p))[3])) #define PEEK_U16(p) \ - (((u_int16_t)(((u_char *)(p))[0]) << 8) | \ - (u_int16_t)(((u_char *)(p))[1])) + (((u_int16_t)(((const u_char *)(p))[0]) << 8) | \ + (u_int16_t)(((const u_char *)(p))[1])) #define POKE_U64(p, v) \ do { \ - ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 56) & 0xff; \ - ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 48) & 0xff; \ - ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 40) & 0xff; \ - ((u_char *)(p))[3] = (((u_int64_t)(v)) >> 32) & 0xff; \ - ((u_char *)(p))[4] = (((u_int64_t)(v)) >> 24) & 0xff; \ - ((u_char *)(p))[5] = (((u_int64_t)(v)) >> 16) & 0xff; \ - ((u_char *)(p))[6] = (((u_int64_t)(v)) >> 8) & 0xff; \ - ((u_char *)(p))[7] = ((u_int64_t)(v)) & 0xff; \ + const u_int64_t __v = (v); \ + ((u_char *)(p))[0] = (__v >> 56) & 0xff; \ + ((u_char *)(p))[1] = (__v >> 48) & 0xff; \ + ((u_char *)(p))[2] = (__v >> 40) & 0xff; \ + ((u_char *)(p))[3] = (__v >> 32) & 0xff; \ + ((u_char *)(p))[4] = (__v >> 24) & 0xff; \ + ((u_char *)(p))[5] = (__v >> 16) & 0xff; \ + ((u_char *)(p))[6] = (__v >> 8) & 0xff; \ + ((u_char *)(p))[7] = __v & 0xff; \ } while (0) #define POKE_U32(p, v) \ do { \ - ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 24) & 0xff; \ - ((u_char *)(p))[1] = (((u_int64_t)(v)) >> 16) & 0xff; \ - ((u_char *)(p))[2] = (((u_int64_t)(v)) >> 8) & 0xff; \ - ((u_char *)(p))[3] = ((u_int64_t)(v)) & 0xff; \ + const u_int32_t __v = (v); \ + ((u_char *)(p))[0] = (__v >> 24) & 0xff; \ + ((u_char *)(p))[1] = (__v >> 16) & 0xff; \ + ((u_char *)(p))[2] = (__v >> 8) & 0xff; \ + ((u_char *)(p))[3] = __v & 0xff; \ } while (0) #define POKE_U16(p, v) \ do { \ - ((u_char *)(p))[0] = (((u_int64_t)(v)) >> 8) & 0xff; \ - ((u_char *)(p))[1] = ((u_int64_t)(v)) & 0xff; \ + const u_int16_t __v = (v); \ + ((u_char *)(p))[0] = (__v >> 8) & 0xff; \ + ((u_char *)(p))[1] = __v & 0xff; \ } while (0) /* Internal definitions follow. Exposed for regress tests */ diff --git a/sshconnect.c b/sshconnect.c index 8161d69..1615b36 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -59,12 +59,12 @@ #include "readconf.h" #include "atomicio.h" #include "dns.h" -#include "roaming.h" #include "monitor_fdpass.h" #include "ssh2.h" #include "version.h" #include "authfile.h" #include "ssherr.h" +#include "authfd.h" char *client_version_string = NULL; char *server_version_string = NULL; @@ -72,10 +72,6 @@ Key *previous_host_key = NULL; static int matching_host_key_dns = 0; -#ifdef WIN32_FIXME - #define FAIL(X) if (X) goto fail -#endif - static pid_t proxy_command_pid = 0; /* import */ @@ -172,6 +168,7 @@ ssh_proxy_fdpass_connect(const char *host, u_short port, if ((sock = mm_receive_fd(sp[1])) == -1) fatal("proxy dialer did not pass back a connection"); + close(sp[1]); while (waitpid(pid, NULL, 0) == -1) if (errno != EINTR) @@ -370,10 +367,9 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, result = -1; goto done; } - + fdset = xcalloc(howmany(sockfd + 1, NFDBITS), sizeof(fd_mask)); - FD_SET(sockfd, fdset); ms_to_timeval(&tv, *timeoutp); @@ -448,7 +444,9 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, char ntop[NI_MAXHOST], strport[NI_MAXSERV]; struct addrinfo *ai; - debug2("ssh_connect: needpriv %d", needpriv); + debug2("%s: needpriv %d", __func__, needpriv); + memset(ntop, 0, sizeof(ntop)); + memset(strport, 0, sizeof(strport)); for (attempt = 0; attempt < connection_attempts; attempt++) { if (attempt > 0) { @@ -467,7 +465,7 @@ ssh_connect_direct(const char *host, struct addrinfo *aitop, if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { - error("ssh_connect: getnameinfo failed"); + error("%s: getnameinfo failed", __func__); continue; } debug("Connecting to %.200s [%.100s] port %s.", @@ -555,7 +553,7 @@ send_client_banner(int connection_out, int minor1) xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", PROTOCOL_MAJOR_1, minor1, SSH_VERSION); } - if (roaming_atomicio(vwrite, connection_out, client_version_string, + if (atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) fatal("write: %.100s", strerror(errno)); chop(client_version_string); @@ -615,7 +613,7 @@ ssh_exchange_identification(int timeout_ms) } } - len = roaming_atomicio(read, connection_in, &buf[i], 1); + len = atomicio(read, connection_in, &buf[i], 1); if (len != 1 && errno == EPIPE) fatal("ssh_exchange_identification: " @@ -951,7 +949,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, options.fingerprint_hash, SSH_FP_RANDOMART); if (fp == NULL || ra == NULL) fatal("%s: sshkey_fingerprint fail", __func__); - logit("Host key fingerprint is %s\n%s\n", fp, ra); + logit("Host key fingerprint is %s\n%s", fp, ra); free(ra); free(fp); } @@ -1262,8 +1260,9 @@ fail: int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { + u_int i; int r = -1, flags = 0; - char *fp = NULL; + char valid[64], *fp = NULL, *cafp = NULL; struct sshkey *plain = NULL; if ((fp = sshkey_fingerprint(host_key, @@ -1273,8 +1272,31 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) goto out; } - debug("Server host key: %s %s", - compat20 ? sshkey_ssh_name(host_key) : sshkey_type(host_key), fp); + if (sshkey_is_cert(host_key)) { + if ((cafp = sshkey_fingerprint(host_key->cert->signature_key, + options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) { + error("%s: fingerprint CA key: %s", + __func__, ssh_err(r)); + r = -1; + goto out; + } + sshkey_format_cert_validity(host_key->cert, + valid, sizeof(valid)); + debug("Server host certificate: %s %s, serial %llu " + "ID \"%s\" CA %s %s valid %s", + sshkey_ssh_name(host_key), fp, + (unsigned long long)host_key->cert->serial, + host_key->cert->key_id, + sshkey_ssh_name(host_key->cert->signature_key), cafp, + valid); + for (i = 0; i < host_key->cert->nprincipals; i++) { + debug2("Server host certificate hostname: %s", + host_key->cert->principals[i]); + } + } else { + debug("Server host key: %s %s", compat20 ? + sshkey_ssh_name(host_key) : sshkey_type(host_key), fp); + } if (sshkey_equal(previous_host_key, host_key)) { debug2("%s: server host key %s %s matches cached key", @@ -1339,6 +1361,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) out: sshkey_free(plain); free(fp); + free(cafp); if (r == 0 && host_key != NULL) { key_free(previous_host_key); previous_host_key = key_from_private(host_key); @@ -1518,3 +1541,30 @@ ssh_local_cmd(const char *args) return 0; #endif } + +void +maybe_add_key_to_agent(char *authfile, Key *private, char *comment, + char *passphrase) +{ + int auth_sock = -1, r; + + if (options.add_keys_to_agent == 0) + return; + + if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) { + debug3("no authentication agent, not adding key"); + return; + } + + if (options.add_keys_to_agent == 2 && + !ask_permission("Add key %s (%s) to agent?", authfile, comment)) { + debug3("user denied adding this key"); + return; + } + + if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0, + (options.add_keys_to_agent == 3))) == 0) + debug("identity added to agent: %s", authfile); + else + debug("could not add identity to agent: %s (%d)", authfile, r); +} diff --git a/sshconnect.h b/sshconnect.h index 0ea6e99..cf1851a 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.28 2013/10/16 02:31:47 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.29 2015/11/15 22:26:49 jcs Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -55,6 +55,8 @@ void ssh_userauth2(const char *, const char *, char *, Sensitive *); void ssh_put_password(char *); int ssh_local_cmd(const char *); +void maybe_add_key_to_agent(char *, Key *, char *, char *); + /* * Macros to raise/lower permissions. */ diff --git a/sshconnect1.c b/sshconnect1.c index 016abbc..bfc523b 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.77 2015/01/14 20:05:27 djm Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.78 2015/11/15 22:26:49 jcs Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -221,7 +221,7 @@ try_rsa_authentication(int idx) { BIGNUM *challenge; Key *public, *private; - char buf[300], *passphrase, *comment, *authfile; + char buf[300], *passphrase = NULL, *comment, *authfile; int i, perm_ok = 1, type, quit; public = options.identity_keys[idx]; @@ -283,13 +283,20 @@ try_rsa_authentication(int idx) debug2("no passphrase given, try next key"); quit = 1; } - explicit_bzero(passphrase, strlen(passphrase)); - free(passphrase); if (private != NULL || quit) break; debug2("bad passphrase given, try again..."); } } + + if (private != NULL) + maybe_add_key_to_agent(authfile, private, comment, passphrase); + + if (passphrase != NULL) { + explicit_bzero(passphrase, strlen(passphrase)); + free(passphrase); + } + /* We no longer need the comment. */ free(comment); diff --git a/sshconnect2.c b/sshconnect2.c index d222b3e..c467929 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.247 2016/07/22 05:46:11 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -71,13 +71,12 @@ #include "uidswap.h" #include "hostfile.h" #include "ssherr.h" +#include "utf8.h" #ifdef GSSAPI #include "ssh-gss.h" #endif - - /* import */ extern char *client_version_string; extern char *server_version_string; @@ -159,34 +158,28 @@ void ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *s; struct kex *kex; int r; xxx_host = host; xxx_hostaddr = hostaddr; - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( - options.kex_algorithms); + if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) + fatal("%s: kex_names_cat", __func__); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(options.ciphers); myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(options.ciphers); #ifndef WIN32_ZLIB_NO - if (options.compression) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none"; - } else { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib"; - } + myproposal[PROPOSAL_COMP_ALGS_CTOS] = + myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? + "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib"; #else - if (options.compression) { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; - } else { - myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; - } + myproposal[PROPOSAL_COMP_ALGS_CTOS] = + myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ? + "none" : "none"; #endif myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -213,16 +206,18 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) if ((r = kex_setup(active_state, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); kex = active_state->kex; - +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; - # ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_client; # endif - +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_client; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; @@ -230,10 +225,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); - if (options.use_roaming && !kex->roaming) { - debug("Roaming not allowed by server"); - options.use_roaming = 0; - } + /* remove ext-info from the KEX proposals for rekeying */ + myproposal[PROPOSAL_KEX_ALGS] = + compat_kex_proposal(options.kex_algorithms); + if ((r = kex_prop2buf(kex->my, myproposal)) != 0) + fatal("kex_prop2buf: %s", ssh_err(r)); session_id2 = kex->session_id; session_id2_len = kex->session_id_len; @@ -297,6 +293,8 @@ struct cauthmethod { int *batch_flag; /* flag in option struct that disables method */ }; +int input_userauth_service_accept(int, u_int32_t, void *); +int input_userauth_ext_info(int, u_int32_t, void *); int input_userauth_success(int, u_int32_t, void *); int input_userauth_success_unexpected(int, u_int32_t, void *); int input_userauth_failure(int, u_int32_t, void *); @@ -326,7 +324,7 @@ void userauth(Authctxt *, char *); static int sign_and_send_pubkey(Authctxt *, Identity *); static void pubkey_prepare(Authctxt *); static void pubkey_cleanup(Authctxt *); -static Key *load_identity_file(char *, int); +static Key *load_identity_file(Identity *); static Authmethod *authmethod_get(char *authlist); static Authmethod *authmethod_lookup(const char *name); @@ -336,7 +334,6 @@ Authmethod authmethods[] = { #ifdef GSSAPI {"gssapi-with-mic", userauth_gssapi, - userauth_sspi_kerberos_cleanup, NULL, &options.gss_authentication, NULL}, @@ -373,30 +370,12 @@ void ssh_userauth2(const char *local_user, const char *server_user, char *host, Sensitive *sensitive) { + struct ssh *ssh = active_state; Authctxt authctxt; - int type; + int r; if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; - - packet_start(SSH2_MSG_SERVICE_REQUEST); - packet_put_cstring("ssh-userauth"); - packet_send(); - debug("SSH2_MSG_SERVICE_REQUEST sent"); - packet_write_wait(); - type = packet_read(); - if (type != SSH2_MSG_SERVICE_ACCEPT) - fatal("Server denied authentication request: %d", type); - if (packet_remaining() > 0) { - char *reply = packet_get_string(NULL); - debug2("service_accept: %s", reply); - free(reply); - } else { - debug2("buggy server: service_accept w/o service"); - } - packet_check_eom(); - debug("SSH2_MSG_SERVICE_ACCEPT received"); - if (options.preferred_authentications == NULL) options.preferred_authentications = authmethods_get(); @@ -418,21 +397,63 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, if (authctxt.method == NULL) fatal("ssh_userauth2: internal error: cannot send userauth none request"); - /* initial userauth request */ - userauth_none(&authctxt); + if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 || + (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 || + (r = sshpkt_send(ssh)) != 0) + fatal("%s: %s", __func__, ssh_err(r)); - dispatch_init(&input_userauth_error); - dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); - dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); - dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); - dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ + ssh_dispatch_init(ssh, &input_userauth_error); + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); + ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); + ssh_dispatch_run(ssh, DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */ pubkey_cleanup(&authctxt); - dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); + ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); debug("Authentication succeeded (%s).", authctxt.method->name); } +/* ARGSUSED */ +int +input_userauth_service_accept(int type, u_int32_t seqnr, void *ctxt) +{ + Authctxt *authctxt = ctxt; + struct ssh *ssh = active_state; + int r; + + if (ssh_packet_remaining(ssh) > 0) { + char *reply; + + if ((r = sshpkt_get_cstring(ssh, &reply, NULL)) != 0) + goto out; + debug2("service_accept: %s", reply); + free(reply); + } else { + debug2("buggy server: service_accept w/o service"); + } + if ((r = sshpkt_get_end(ssh)) != 0) + goto out; + debug("SSH2_MSG_SERVICE_ACCEPT received"); + + /* initial userauth request */ + userauth_none(authctxt); + + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure); + ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner); + r = 0; + out: + return r; +} + +/* ARGSUSED */ +int +input_userauth_ext_info(int type, u_int32_t seqnr, void *ctxt) +{ + return kex_input_ext_info(type, seqnr, active_state); +} + void userauth(Authctxt *authctxt, char *authlist) { @@ -481,21 +502,15 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt) int input_userauth_banner(int type, u_int32_t seq, void *ctxt) { - char *msg, *raw, *lang; + char *msg, *lang; u_int len; - debug3("input_userauth_banner"); - raw = packet_get_string(&len); + debug3("%s", __func__); + msg = packet_get_string(&len); lang = packet_get_string(NULL); - if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { - if (len > 65536) - len = 65536; - msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ - strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); - fprintf(stderr, "%s", msg); - free(msg); - } - free(raw); + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) + fmprintf(stderr, "%s", msg); + free(msg); free(lang); return 0; } @@ -547,7 +562,7 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) packet_check_eom(); if (partial != 0) { - logit("Authenticated with partial success."); + verbose("Authenticated with partial success."); /* reset state */ pubkey_cleanup(authctxt); pubkey_prepare(authctxt); @@ -641,7 +656,7 @@ userauth_gssapi(Authctxt *authctxt) static u_int mech = 0; OM_uint32 min; int ok = 0; - + /* Try one GSSAPI method at a time, rather than sending them all at * once. */ @@ -984,29 +999,48 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) return 0; } +static const char * +identity_sign_encode(struct identity *id) +{ + struct ssh *ssh = active_state; + + if (id->key->type == KEY_RSA) { + switch (ssh->kex->rsa_sha2) { + case 256: + return "rsa-sha2-256"; + case 512: + return "rsa-sha2-512"; + } + } + return key_ssh_name(id->key); +} + static int identity_sign(struct identity *id, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat) { Key *prv; int ret; + const char *alg; + + alg = identity_sign_encode(id); /* the agent supports this key */ - if (id->agent_fd) + if (id->agent_fd != -1) return ssh_agent_sign(id->agent_fd, id->key, sigp, lenp, - data, datalen, compat); + data, datalen, alg, compat); /* * we have already loaded the private key or * the private key is stored in external hardware */ if (id->isprivate || (id->key->flags & SSHKEY_FLAG_EXT)) - return (sshkey_sign(id->key, sigp, lenp, data, datalen, + return (sshkey_sign(id->key, sigp, lenp, data, datalen, alg, compat)); /* load the private key from the file */ - if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) - return (-1); /* XXX return decent error code */ - ret = sshkey_sign(prv, sigp, lenp, data, datalen, compat); + if ((prv = load_identity_file(id)) == NULL) + return SSH_ERR_KEY_NOT_FOUND; + ret = sshkey_sign(prv, sigp, lenp, data, datalen, alg, compat); sshkey_free(prv); return (ret); } @@ -1015,18 +1049,17 @@ static int sign_and_send_pubkey(Authctxt *authctxt, Identity *id) { Buffer b; + Identity *private_id; u_char *blob, *signature; - u_int bloblen; size_t slen; - u_int skip = 0; - int ret = -1; - int have_sig = 1; + u_int bloblen, skip = 0; + int matched, ret = -1, have_sig = 1; char *fp; if ((fp = sshkey_fingerprint(id->key, options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) return 0; - debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); + debug3("%s: %s %s", __func__, key_type(id->key), fp); free(fp); if (key_to_blob(id->key, &blob, &bloblen) == 0) { @@ -1054,14 +1087,42 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) } else { buffer_put_cstring(&b, authctxt->method->name); buffer_put_char(&b, have_sig); - buffer_put_cstring(&b, key_ssh_name(id->key)); + buffer_put_cstring(&b, identity_sign_encode(id)); } buffer_put_string(&b, blob, bloblen); + /* + * If the key is an certificate, try to find a matching private key + * and use it to complete the signature. + * If no such private key exists, fall back to trying the certificate + * key itself in case it has a private half already loaded. + */ + if (key_is_cert(id->key)) { + matched = 0; + TAILQ_FOREACH(private_id, &authctxt->keys, next) { + if (sshkey_equal_public(id->key, private_id->key) && + id->key->type != private_id->key->type) { + id = private_id; + matched = 1; + break; + } + } + if (matched) { + debug2("%s: using private key \"%s\"%s for " + "certificate", __func__, id->filename, + id->agent_fd != -1 ? " from agent" : ""); + } else { + debug("%s: no separate private key for certificate " + "\"%s\"", __func__, id->filename); + } + } + /* generate signature */ ret = identity_sign(id, &signature, &slen, buffer_ptr(&b), buffer_len(&b), datafellows); if (ret != 0) { + if (ret != SSH_ERR_KEY_NOT_FOUND) + error("%s: signing failed: %s", __func__, ssh_err(ret)); free(blob); buffer_free(&b); return 0; @@ -1124,7 +1185,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) packet_put_cstring(authctxt->method->name); packet_put_char(have_sig); if (!(datafellows & SSH_BUG_PKAUTH)) - packet_put_cstring(key_ssh_name(id->key)); + packet_put_cstring(identity_sign_encode(id)); packet_put_string(blob, bloblen); free(blob); packet_send(); @@ -1132,20 +1193,20 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) } static Key * -load_identity_file(char *filename, int userprovided) +load_identity_file(Identity *id) { - Key *private; - char prompt[300], *passphrase; + Key *private = NULL; + char prompt[300], *passphrase, *comment; int r, perm_ok = 0, quit = 0, i; struct stat st; - if (stat(filename, &st) < 0) { - (userprovided ? logit : debug3)("no such identity: %s: %s", - filename, strerror(errno)); + if (stat(id->filename, &st) < 0) { + (id->userprovided ? logit : debug3)("no such identity: %s: %s", + id->filename, strerror(errno)); return NULL; } snprintf(prompt, sizeof prompt, - "Enter passphrase for key '%.100s': ", filename); + "Enter passphrase for key '%.100s': ", id->filename); for (i = 0; i <= options.number_of_password_prompts; i++) { if (i == 0) passphrase = ""; @@ -1157,8 +1218,8 @@ load_identity_file(char *filename, int userprovided) break; } } - switch ((r = sshkey_load_private_type(KEY_UNSPEC, filename, - passphrase, &private, NULL, &perm_ok))) { + switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename, + passphrase, &private, &comment, &perm_ok))) { case 0: break; case SSH_ERR_KEY_WRONG_PASSPHRASE: @@ -1172,20 +1233,25 @@ load_identity_file(char *filename, int userprovided) case SSH_ERR_SYSTEM_ERROR: if (errno == ENOENT) { debug2("Load key \"%s\": %s", - filename, ssh_err(r)); + id->filename, ssh_err(r)); quit = 1; break; } /* FALLTHROUGH */ default: - error("Load key \"%s\": %s", filename, ssh_err(r)); + error("Load key \"%s\": %s", id->filename, ssh_err(r)); quit = 1; break; } + if (!quit && private != NULL && id->agent_fd == -1 && + !(id->key && id->isprivate)) + maybe_add_key_to_agent(id->filename, private, comment, + passphrase); if (i > 0) { explicit_bzero(passphrase, strlen(passphrase)); free(passphrase); } + free(comment); if (private != NULL || quit) break; } @@ -1194,9 +1260,11 @@ load_identity_file(char *filename, int userprovided) /* * try keys in the following order: - * 1. agent keys that are found in the config file - * 2. other agent keys - * 3. keys that are only listed in the config file + * 1. certificates listed in the config file + * 2. other input certificates + * 3. agent keys that are found in the config file + * 4. other agent keys + * 5. keys that are only listed in the config file */ static void pubkey_prepare(Authctxt *authctxt) @@ -1204,7 +1272,7 @@ pubkey_prepare(Authctxt *authctxt) struct identity *id, *id2, *tmp; struct idlist agent, files, *preferred; struct sshkey *key; - int agent_fd, i, r, found; + int agent_fd = -1, i, r, found; size_t j; struct ssh_identitylist *idlist; @@ -1222,33 +1290,24 @@ pubkey_prepare(Authctxt *authctxt) continue; options.identity_keys[i] = NULL; id = xcalloc(1, sizeof(*id)); + id->agent_fd = -1; id->key = key; id->filename = xstrdup(options.identity_files[i]); id->userprovided = options.identity_file_userprovided[i]; TAILQ_INSERT_TAIL(&files, id, next); } - /* Prefer PKCS11 keys that are explicitly listed */ - TAILQ_FOREACH_SAFE(id, &files, next, tmp) { - if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) + /* list of certificates specified by user */ + for (i = 0; i < options.num_certificate_files; i++) { + key = options.certificates[i]; + if (!key_is_cert(key) || key->cert == NULL || + key->cert->type != SSH2_CERT_TYPE_USER) continue; - found = 0; - TAILQ_FOREACH(id2, &files, next) { - if (id2->key == NULL || - (id2->key->flags & SSHKEY_FLAG_EXT) == 0) - continue; - if (sshkey_equal(id->key, id2->key)) { - TAILQ_REMOVE(&files, id, next); - TAILQ_INSERT_TAIL(preferred, id, next); - found = 1; - break; - } - } - /* If IdentitiesOnly set and key not found then don't use it */ - if (!found && options.identities_only) { - TAILQ_REMOVE(&files, id, next); - explicit_bzero(id, sizeof(*id)); - free(id); - } + id = xcalloc(1, sizeof(*id)); + id->agent_fd = -1; + id->key = key; + id->filename = xstrdup(options.certificate_files[i]); + id->userprovided = options.certificate_file_userprovided[i]; + TAILQ_INSERT_TAIL(preferred, id, next); } /* list of keys supported by the agent */ if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) { @@ -1259,6 +1318,7 @@ pubkey_prepare(Authctxt *authctxt) if (r != SSH_ERR_AGENT_NO_IDENTITIES) debug("%s: ssh_fetch_identitylist: %s", __func__, ssh_err(r)); + close(agent_fd); } else { for (j = 0; j < idlist->nkeys; j++) { found = 0; @@ -1294,14 +1354,51 @@ pubkey_prepare(Authctxt *authctxt) } authctxt->agent_fd = agent_fd; } + /* Prefer PKCS11 keys that are explicitly listed */ + TAILQ_FOREACH_SAFE(id, &files, next, tmp) { + if (id->key == NULL || (id->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + found = 0; + TAILQ_FOREACH(id2, &files, next) { + if (id2->key == NULL || + (id2->key->flags & SSHKEY_FLAG_EXT) == 0) + continue; + if (sshkey_equal(id->key, id2->key)) { + TAILQ_REMOVE(&files, id, next); + TAILQ_INSERT_TAIL(preferred, id, next); + found = 1; + break; + } + } + /* If IdentitiesOnly set and key not found then don't use it */ + if (!found && options.identities_only) { + TAILQ_REMOVE(&files, id, next); + explicit_bzero(id, sizeof(*id)); + free(id); + } + } /* append remaining keys from the config file */ for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { TAILQ_REMOVE(&files, id, next); TAILQ_INSERT_TAIL(preferred, id, next); } - TAILQ_FOREACH(id, preferred, next) { - debug2("key: %s (%p),%s", id->filename, id->key, - id->userprovided ? " explicit" : ""); + /* finally, filter by PubkeyAcceptedKeyTypes */ + TAILQ_FOREACH_SAFE(id, preferred, next, id2) { + if (id->key != NULL && + match_pattern_list(sshkey_ssh_name(id->key), + options.pubkey_key_types, 0) != 1) { + debug("Skipping %s key %s - " + "not in PubkeyAcceptedKeyTypes", + sshkey_ssh_name(id->key), id->filename); + TAILQ_REMOVE(preferred, id, next); + sshkey_free(id->key); + free(id->filename); + memset(id, 0, sizeof(*id)); + continue; + } + debug2("key: %s (%p)%s%s", id->filename, id->key, + id->userprovided ? ", explicit" : "", + id->agent_fd != -1 ? ", agent" : ""); } } @@ -1315,8 +1412,7 @@ pubkey_cleanup(Authctxt *authctxt) for (id = TAILQ_FIRST(&authctxt->keys); id; id = TAILQ_FIRST(&authctxt->keys)) { TAILQ_REMOVE(&authctxt->keys, id, next); - if (id->key) - sshkey_free(id->key); + sshkey_free(id->key); free(id->filename); free(id); } @@ -1327,12 +1423,6 @@ try_identity(Identity *id) { if (!id->key) return (0); - if (match_pattern_list(sshkey_ssh_name(id->key), - options.pubkey_key_types, 0) != 1) { - debug("Skipping %s key %s for not in PubkeyAcceptedKeyTypes", - sshkey_ssh_name(id->key), id->filename); - return (0); - } if (key_type_plain(id->key->type) == KEY_RSA && (datafellows & SSH_BUG_RSASIGMD5) != 0) { debug("Skipped %s key %s for RSA/MD5 server", @@ -1367,8 +1457,7 @@ userauth_pubkey(Authctxt *authctxt) } } else { debug("Trying private key: %s", id->filename); - id->key = load_identity_file(id->filename, - id->userprovided); + id->key = load_identity_file(id); if (id->key != NULL) { if (try_identity(id)) { id->isprivate = 1; @@ -1528,7 +1617,7 @@ ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp, closefrom(sock + 1); debug3("%s: [child] pid=%ld, exec %s", __func__, (long)getpid(), _PATH_SSH_KEY_SIGN); - execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *) 0); + execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN, strerror(errno)); } @@ -1704,7 +1793,7 @@ userauth_hostbased(Authctxt *authctxt) r = ssh_keysign(private, &sig, &siglen, sshbuf_ptr(b), sshbuf_len(b)); else if ((r = sshkey_sign(private, &sig, &siglen, - sshbuf_ptr(b), sshbuf_len(b), datafellows)) != 0) + sshbuf_ptr(b), sshbuf_len(b), NULL, datafellows)) != 0) debug("%s: sshkey_sign: %s", __func__, ssh_err(r)); if (r != 0) { error("sign using hostkey %s %s failed", @@ -1838,8 +1927,8 @@ authmethods_get(void) buffer_append(&b, method->name, strlen(method->name)); } } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); + if ((list = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); return list; } diff --git a/sshd.0 b/sshd.0 deleted file mode 100644 index 7980225..0000000 --- a/sshd.0 +++ /dev/null @@ -1,635 +0,0 @@ -SSHD(8) System Manager's Manual SSHD(8) - -NAME - sshd M-bM-^@M-^S OpenSSH SSH daemon - -SYNOPSIS - sshd [-46DdeiqTt] [-b bits] [-C connection_spec] - [-c host_certificate_file] [-E log_file] [-f config_file] - [-g login_grace_time] [-h host_key_file] [-k key_gen_time] - [-o option] [-p port] [-u len] - -DESCRIPTION - sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these - programs replace rlogin and rsh, and provide secure encrypted - communications between two untrusted hosts over an insecure network. - - sshd listens for connections from clients. It is normally started at - boot from /etc/rc. It forks a new daemon for each incoming connection. - The forked daemons handle key exchange, encryption, authentication, - command execution, and data exchange. - - sshd can be configured using command-line options or a configuration file - (by default sshd_config(5)); command-line options override values - specified in the configuration file. sshd rereads its configuration file - when it receives a hangup signal, SIGHUP, by executing itself with the - name and options it was started with, e.g. /usr/sbin/sshd. - - The options are as follows: - - -4 Forces sshd to use IPv4 addresses only. - - -6 Forces sshd to use IPv6 addresses only. - - -b bits - Specifies the number of bits in the ephemeral protocol version 1 - server key (default 1024). - - -C connection_spec - Specify the connection parameters to use for the -T extended test - mode. If provided, any Match directives in the configuration - file that would apply to the specified user, host, and address - will be set before the configuration is written to standard - output. The connection parameters are supplied as keyword=value - pairs. The keywords are M-bM-^@M-^\userM-bM-^@M-^], M-bM-^@M-^\hostM-bM-^@M-^], M-bM-^@M-^\laddrM-bM-^@M-^], M-bM-^@M-^\lportM-bM-^@M-^], and - M-bM-^@M-^\addrM-bM-^@M-^]. All are required and may be supplied in any order, - either with multiple -C options or as a comma-separated list. - - -c host_certificate_file - Specifies a path to a certificate file to identify sshd during - key exchange. The certificate file must match a host key file - specified using the -h option or the HostKey configuration - directive. - - -D When this option is specified, sshd will not detach and does not - become a daemon. This allows easy monitoring of sshd. - - -d Debug mode. The server sends verbose debug output to standard - error, and does not put itself in the background. The server - also will not fork and will only process one connection. This - option is only intended for debugging for the server. Multiple - -d options increase the debugging level. Maximum is 3. - - -E log_file - Append debug logs to log_file instead of the system log. - - -e Write debug logs to standard error instead of the system log. - - -f config_file - Specifies the name of the configuration file. The default is - /etc/ssh/sshd_config. sshd refuses to start if there is no - configuration file. - - -g login_grace_time - Gives the grace time for clients to authenticate themselves - (default 120 seconds). If the client fails to authenticate the - user within this many seconds, the server disconnects and exits. - A value of zero indicates no limit. - - -h host_key_file - Specifies a file from which a host key is read. This option must - be given if sshd is not run as root (as the normal host key files - are normally not readable by anyone but root). The default is - /etc/ssh/ssh_host_key for protocol version 1, and - /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. - /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for - protocol version 2. It is possible to have multiple host key - files for the different protocol versions and host key - algorithms. - - -i Specifies that sshd is being run from inetd(8). If SSH protocol - 1 is enabled, sshd should not normally be run from inetd because - it needs to generate the server key before it can respond to the - client, and this may take some time. Clients may have to wait - too long if the key was regenerated every time. - - -k key_gen_time - Specifies how often the ephemeral protocol version 1 server key - is regenerated (default 3600 seconds, or one hour). The - motivation for regenerating the key fairly often is that the key - is not stored anywhere, and after about an hour it becomes - impossible to recover the key for decrypting intercepted - communications even if the machine is cracked into or physically - seized. A value of zero indicates that the key will never be - regenerated. - - -o option - Can be used to give options in the format used in the - configuration file. This is useful for specifying options for - which there is no separate command-line flag. For full details - of the options, and their values, see sshd_config(5). - - -p port - Specifies the port on which the server listens for connections - (default 22). Multiple port options are permitted. Ports - specified in the configuration file with the Port option are - ignored when a command-line port is specified. Ports specified - using the ListenAddress option override command-line ports. - - -q Quiet mode. Nothing is sent to the system log. Normally the - beginning, authentication, and termination of each connection is - logged. - - -T Extended test mode. Check the validity of the configuration - file, output the effective configuration to stdout and then exit. - Optionally, Match rules may be applied by specifying the - connection parameters using one or more -C options. - - -t Test mode. Only check the validity of the configuration file and - sanity of the keys. This is useful for updating sshd reliably as - configuration options may change. - - -u len This option is used to specify the size of the field in the utmp - structure that holds the remote host name. If the resolved host - name is longer than len, the dotted decimal value will be used - instead. This allows hosts with very long host names that - overflow this field to still be uniquely identified. Specifying - -u0 indicates that only dotted decimal addresses should be put - into the utmp file. -u0 may also be used to prevent sshd from - making DNS requests unless the authentication mechanism or - configuration requires it. Authentication mechanisms that may - require DNS include RhostsRSAAuthentication, - HostbasedAuthentication, and using a from="pattern-list" option - in a key file. Configuration options that require DNS include - using a USER@HOST pattern in AllowUsers or DenyUsers. - -AUTHENTICATION - The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to - use protocol 2 only, though this can be changed via the Protocol option - in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; - protocol 1 only supports RSA keys. For both protocols, each host has a - host-specific key, normally 2048 bits, used to identify the host. - - Forward security for protocol 1 is provided through an additional server - key, normally 1024 bits, generated when the server starts. This key is - normally regenerated every hour if it has been used, and is never stored - on disk. Whenever a client connects, the daemon responds with its public - host and server keys. The client compares the RSA host key against its - own database to verify that it has not changed. The client then - generates a 256-bit random number. It encrypts this random number using - both the host key and the server key, and sends the encrypted number to - the server. Both sides then use this random number as a session key - which is used to encrypt all further communications in the session. The - rest of the session is encrypted using a conventional cipher, currently - Blowfish or 3DES, with 3DES being used by default. The client selects - the encryption algorithm to use from those offered by the server. - - For protocol 2, forward security is provided through a Diffie-Hellman key - agreement. This key agreement results in a shared session key. The rest - of the session is encrypted using a symmetric cipher, currently 128-bit - AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The - client selects the encryption algorithm to use from those offered by the - server. Additionally, session integrity is provided through a - cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, - umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). - - Finally, the server and the client enter an authentication dialog. The - client tries to authenticate itself using host-based authentication, - public key authentication, challenge-response authentication, or password - authentication. - - Regardless of the authentication type, the account is checked to ensure - that it is accessible. An account is not accessible if it is locked, - listed in DenyUsers or its group is listed in DenyGroups . The - definition of a locked account is system dependant. Some platforms have - their own account database (eg AIX) and some modify the passwd field ( - M-bM-^@M-^X*LK*M-bM-^@M-^Y on Solaris and UnixWare, M-bM-^@M-^X*M-bM-^@M-^Y on HP-UX, containing M-bM-^@M-^XNologinM-bM-^@M-^Y on - Tru64, a leading M-bM-^@M-^X*LOCKED*M-bM-^@M-^Y on FreeBSD and a leading M-bM-^@M-^X!M-bM-^@M-^Y on most - Linuxes). If there is a requirement to disable password authentication - for the account while allowing still public-key, then the passwd field - should be set to something other than these values (eg M-bM-^@M-^XNPM-bM-^@M-^Y or M-bM-^@M-^X*NP*M-bM-^@M-^Y ). - - If the client successfully authenticates itself, a dialog for preparing - the session is entered. At this time the client may request things like - allocating a pseudo-tty, forwarding X11 connections, forwarding TCP - connections, or forwarding the authentication agent connection over the - secure channel. - - After this, the client either requests a shell or execution of a command. - The sides then enter session mode. In this mode, either side may send - data at any time, and such data is forwarded to/from the shell or command - on the server side, and the user terminal in the client side. - - When the user program terminates and all forwarded X11 and other - connections have been closed, the server sends command exit status to the - client, and both sides exit. - -LOGIN PROCESS - When a user successfully logs in, sshd does the following: - - 1. If the login is on a tty, and no command has been specified, - prints last login time and /etc/motd (unless prevented in the - configuration file or by ~/.hushlogin; see the FILES section). - - 2. If the login is on a tty, records login time. - - 3. Checks /etc/nologin; if it exists, prints contents and quits - (unless root). - - 4. Changes to run with normal user privileges. - - 5. Sets up basic environment. - - 6. Reads the file ~/.ssh/environment, if it exists, and users are - allowed to change their environment. See the - PermitUserEnvironment option in sshd_config(5). - - 7. Changes to user's home directory. - - 8. If ~/.ssh/rc exists and the sshd_config(5) PermitUserRC option - is set, runs it; else if /etc/ssh/sshrc exists, runs it; - otherwise runs xauth. The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11 - authentication protocol and cookie in standard input. See - SSHRC, below. - - 9. Runs user's shell or command. All commands are run under the - user's login shell as specified in the system password - database. - -SSHRC - If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment - files but before starting the user's shell or command. It must not - produce any output on stdout; stderr must be used instead. If X11 - forwarding is in use, it will receive the "proto cookie" pair in its - standard input (and DISPLAY in its environment). The script must call - xauth(1) because sshd will not run xauth automatically to add X11 - cookies. - - The primary purpose of this file is to run any initialization routines - which may be needed before the user's home directory becomes accessible; - AFS is a particular example of such an environment. - - This file will probably contain some initialization code followed by - something similar to: - - if read proto cookie && [ -n "$DISPLAY" ]; then - if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then - # X11UseLocalhost=yes - echo add unix:`echo $DISPLAY | - cut -c11-` $proto $cookie - else - # X11UseLocalhost=no - echo add $DISPLAY $proto $cookie - fi | xauth -q - - fi - - If this file does not exist, /etc/ssh/sshrc is run, and if that does not - exist either, xauth is used to add the cookie. - -AUTHORIZED_KEYS FILE FORMAT - AuthorizedKeysFile specifies the files containing public keys for public - key authentication; if none is specified, the default is - ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the - file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are - ignored as comments). Protocol 1 public keys consist of the following - space-separated fields: options, bits, exponent, modulus, comment. - Protocol 2 public key consist of: options, keytype, base64-encoded key, - comment. The options field is optional; its presence is determined by - whether the line starts with a number or not (the options field never - starts with a number). The bits, exponent, modulus, and comment fields - give the RSA key for protocol version 1; the comment field is not used - for anything (but may be convenient for the user to identify the key). - For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], - M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or - M-bM-^@M-^\ssh-rsaM-bM-^@M-^]. - - Note that lines in this file are usually several hundred bytes long - (because of the size of the public key encoding) up to a limit of 8 - kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 - kilobits. You don't want to type them in; instead, copy the - identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub - file and edit it. - - sshd enforces a minimum RSA key modulus size for protocol 1 and protocol - 2 keys of 768 bits. - - The options (if present) consist of comma-separated option - specifications. No spaces are permitted, except within double quotes. - The following option specifications are supported (note that option - keywords are case-insensitive): - - cert-authority - Specifies that the listed key is a certification authority (CA) - that is trusted to validate signed certificates for user - authentication. - - Certificates may encode access restrictions similar to these key - options. If both certificate restrictions and key options are - present, the most restrictive union of the two is applied. - - command="command" - Specifies that the command is executed whenever this key is used - for authentication. The command supplied by the user (if any) is - ignored. The command is run on a pty if the client requests a - pty; otherwise it is run without a tty. If an 8-bit clean - channel is required, one must not request a pty or should specify - no-pty. A quote may be included in the command by quoting it - with a backslash. This option might be useful to restrict - certain public keys to perform just a specific operation. An - example might be a key that permits remote backups but nothing - else. Note that the client may specify TCP and/or X11 forwarding - unless they are explicitly prohibited. The command originally - supplied by the client is available in the SSH_ORIGINAL_COMMAND - environment variable. Note that this option applies to shell, - command or subsystem execution. Also note that this command may - be superseded by either a sshd_config(5) ForceCommand directive - or a command embedded in a certificate. - - environment="NAME=value" - Specifies that the string is to be added to the environment when - logging in using this key. Environment variables set this way - override other default environment values. Multiple options of - this type are permitted. Environment processing is disabled by - default and is controlled via the PermitUserEnvironment option. - This option is automatically disabled if UseLogin is enabled. - - from="pattern-list" - Specifies that in addition to public key authentication, either - the canonical name of the remote host or its IP address must be - present in the comma-separated list of patterns. See PATTERNS in - ssh_config(5) for more information on patterns. - - In addition to the wildcard matching that may be applied to - hostnames or addresses, a from stanza may match IP addresses - using CIDR address/masklen notation. - - The purpose of this option is to optionally increase security: - public key authentication by itself does not trust the network or - name servers or anything (but the key); however, if somebody - somehow steals the key, the key permits an intruder to log in - from anywhere in the world. This additional option makes using a - stolen key more difficult (name servers and/or routers would have - to be compromised in addition to just the key). - - no-agent-forwarding - Forbids authentication agent forwarding when this key is used for - authentication. - - no-port-forwarding - Forbids TCP forwarding when this key is used for authentication. - Any port forward requests by the client will return an error. - This might be used, e.g. in connection with the command option. - - no-pty Prevents tty allocation (a request to allocate a pty will fail). - - no-user-rc - Disables execution of ~/.ssh/rc. - - no-X11-forwarding - Forbids X11 forwarding when this key is used for authentication. - Any X11 forward requests by the client will return an error. - - permitopen="host:port" - Limit local port forwarding with ssh(1) -L such that it may only - connect to the specified host and port. IPv6 addresses can be - specified by enclosing the address in square brackets. Multiple - permitopen options may be applied separated by commas. No - pattern matching is performed on the specified hostnames, they - must be literal domains or addresses. A port specification of * - matches any port. - - principals="principals" - On a cert-authority line, specifies allowed principals for - certificate authentication as a comma-separated list. At least - one name from the list must appear in the certificate's list of - principals for the certificate to be accepted. This option is - ignored for keys that are not marked as trusted certificate - signers using the cert-authority option. - - tunnel="n" - Force a tun(4) device on the server. Without this option, the - next available device will be used if the client requests a - tunnel. - - An example authorized_keys file: - - # Comments allowed at start of line - ssh-rsa AAAAB3Nza...LiPk== user@example.net - from="*.sales.example.net,!pc.sales.example.net" ssh-rsa - AAAAB2...19Q== john@example.net - command="dump /home",no-pty,no-port-forwarding ssh-dss - AAAAC3...51R== example.net - permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss - AAAAB5...21S== - tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== - jane@example.net - -SSH_KNOWN_HOSTS FILE FORMAT - The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host - public keys for all known hosts. The global file should be prepared by - the administrator (optional), and the per-user file is maintained - automatically: whenever the user connects from an unknown host, its key - is added to the per-user file. - - Each line in these files contains the following fields: markers - (optional), hostnames, bits, exponent, modulus, comment. The fields are - separated by spaces. - - The marker is optional, but if it is present then it must be one of - M-bM-^@M-^\@cert-authorityM-bM-^@M-^], to indicate that the line contains a certification - authority (CA) key, or M-bM-^@M-^\@revokedM-bM-^@M-^], to indicate that the key contained on - the line is revoked and must not ever be accepted. Only one marker - should be used on a key line. - - Hostnames is a comma-separated list of patterns (M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y act as - wildcards); each pattern in turn is matched against the canonical host - name (when authenticating a client) or against the user-supplied name - (when authenticating a server). A pattern may also be preceded by M-bM-^@M-^X!M-bM-^@M-^Y to - indicate negation: if the host name matches a negated pattern, it is not - accepted (by that line) even if it matched another pattern on the line. - A hostname or address may optionally be enclosed within M-bM-^@M-^X[M-bM-^@M-^Y and M-bM-^@M-^X]M-bM-^@M-^Y - brackets then followed by M-bM-^@M-^X:M-bM-^@M-^Y and a non-standard port number. - - Alternately, hostnames may be stored in a hashed form which hides host - names and addresses should the file's contents be disclosed. Hashed - hostnames start with a M-bM-^@M-^X|M-bM-^@M-^Y character. Only one hashed hostname may - appear on a single line and none of the above negation or wildcard - operators may be applied. - - Bits, exponent, and modulus are taken directly from the RSA host key; - they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The - optional comment field continues to the end of the line, and is not used. - - Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are ignored as comments. - - When performing host authentication, authentication is accepted if any - matching line has the proper key; either one that matches exactly or, if - the server has presented a certificate for authentication, the key of the - certification authority that signed the certificate. For a key to be - trusted as a certification authority, it must use the M-bM-^@M-^\@cert-authorityM-bM-^@M-^] - marker described above. - - The known hosts file also provides a facility to mark keys as revoked, - for example when it is known that the associated private key has been - stolen. Revoked keys are specified by including the M-bM-^@M-^\@revokedM-bM-^@M-^] marker at - the beginning of the key line, and are never accepted for authentication - or as certification authorities, but instead will produce a warning from - ssh(1) when they are encountered. - - It is permissible (but not recommended) to have several lines or - different host keys for the same names. This will inevitably happen when - short forms of host names from different domains are put in the file. It - is possible that the files contain conflicting information; - authentication is accepted if valid information can be found from either - file. - - Note that the lines in these files are typically hundreds of characters - long, and you definitely don't want to type in the host keys by hand. - Rather, generate them by a script, ssh-keyscan(1) or by taking - /etc/ssh/ssh_host_key.pub and adding the host names at the front. - ssh-keygen(1) also offers some basic automated editing for - ~/.ssh/known_hosts including removing hosts matching a host name and - converting all host names to their hashed representations. - - An example ssh_known_hosts file: - - # Comments allowed at start of line - closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net - cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= - # A hashed hostname - |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa - AAAA1234.....= - # A revoked key - @revoked * ssh-rsa AAAAB5W... - # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org - @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... - -FILES - ~/.hushlogin - This file is used to suppress printing the last login time and - /etc/motd, if PrintLastLog and PrintMotd, respectively, are - enabled. It does not suppress printing of the banner specified - by Banner. - - ~/.rhosts - This file is used for host-based authentication (see ssh(1) for - more information). On some machines this file may need to be - world-readable if the user's home directory is on an NFS - partition, because sshd reads it as root. Additionally, this - file must be owned by the user, and must not have write - permissions for anyone else. The recommended permission for most - machines is read/write for the user, and not accessible by - others. - - ~/.shosts - This file is used in exactly the same way as .rhosts, but allows - host-based authentication without permitting login with - rlogin/rsh. - - ~/.ssh/ - This directory is the default location for all user-specific - configuration and authentication information. There is no - general requirement to keep the entire contents of this directory - secret, but the recommended permissions are read/write/execute - for the user, and not accessible by others. - - ~/.ssh/authorized_keys - Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used - for logging in as this user. The format of this file is - described above. The content of the file is not highly - sensitive, but the recommended permissions are read/write for the - user, and not accessible by others. - - If this file, the ~/.ssh directory, or the user's home directory - are writable by other users, then the file could be modified or - replaced by unauthorized users. In this case, sshd will not - allow it to be used unless the StrictModes option has been set to - M-bM-^@M-^\noM-bM-^@M-^]. - - ~/.ssh/environment - This file is read into the environment at login (if it exists). - It can only contain empty lines, comment lines (that start with - M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file - should be writable only by the user; it need not be readable by - anyone else. Environment processing is disabled by default and - is controlled via the PermitUserEnvironment option. - - ~/.ssh/known_hosts - Contains a list of host keys for all hosts the user has logged - into that are not already in the systemwide list of known host - keys. The format of this file is described above. This file - should be writable only by root/the owner and can, but need not - be, world-readable. - - ~/.ssh/rc - Contains initialization routines to be run before the user's home - directory becomes accessible. This file should be writable only - by the user, and need not be readable by anyone else. - - /etc/hosts.equiv - This file is for host-based authentication (see ssh(1)). It - should only be writable by root. - - /etc/moduli - Contains Diffie-Hellman groups used for the "Diffie-Hellman Group - Exchange". The file format is described in moduli(5). - - /etc/motd - See motd(5). - - /etc/nologin - If this file exists, sshd refuses to let anyone except root log - in. The contents of the file are displayed to anyone trying to - log in, and non-root connections are refused. The file should be - world-readable. - - /etc/shosts.equiv - This file is used in exactly the same way as hosts.equiv, but - allows host-based authentication without permitting login with - rlogin/rsh. - - /etc/ssh/ssh_host_key - /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_rsa_key - These files contain the private parts of the host keys. These - files should only be owned by root, readable only by root, and - not accessible to others. Note that sshd does not start if these - files are group/world-accessible. - - /etc/ssh/ssh_host_key.pub - /etc/ssh/ssh_host_dsa_key.pub - /etc/ssh/ssh_host_ecdsa_key.pub - /etc/ssh/ssh_host_ed25519_key.pub - /etc/ssh/ssh_host_rsa_key.pub - These files contain the public parts of the host keys. These - files should be world-readable but writable only by root. Their - contents should match the respective private parts. These files - are not really used for anything; they are provided for the - convenience of the user so their contents can be copied to known - hosts files. These files are created using ssh-keygen(1). - - /etc/ssh/ssh_known_hosts - Systemwide list of known host keys. This file should be prepared - by the system administrator to contain the public host keys of - all machines in the organization. The format of this file is - described above. This file should be writable only by root/the - owner and should be world-readable. - - /etc/ssh/sshd_config - Contains configuration data for sshd. The file format and - configuration options are described in sshd_config(5). - - /etc/ssh/sshrc - Similar to ~/.ssh/rc, it can be used to specify machine-specific - login-time initializations globally. This file should be - writable only by root, and should be world-readable. - - /var/empty - chroot(2) directory used by sshd during privilege separation in - the pre-authentication phase. The directory should not contain - any files and must be owned by root and not group or world- - writable. - - /var/run/sshd.pid - Contains the process ID of the sshd listening for connections (if - there are several daemons running concurrently for different - ports, this contains the process ID of the one started last). - The content of this file is not sensitive; it can be world- - readable. - -SEE ALSO - scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), - ssh-keyscan(1), chroot(2), login.conf(5), moduli(5), sshd_config(5), - inetd(8), sftp-server(8) - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support - for privilege separation. - -OpenBSD 5.8 July 3, 2015 OpenBSD 5.8 diff --git a/sshd.8 b/sshd.8 index 213b5fc..6c521f2 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ -.Dd $Mdocdate: July 3 2015 $ +.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $ +.Dd $Mdocdate: February 17 2016 $ .Dt SSHD 8 .Os .Sh NAME @@ -275,14 +275,12 @@ though this can be changed via the .Cm Protocol option in .Xr sshd_config 5 . -Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; -protocol 1 only supports RSA keys. -For both protocols, -each host has a host-specific key, -normally 2048 bits, -used to identify the host. +Protocol 1 should not be used +and is only offered to support legacy devices. .Pp -Forward security for protocol 1 is provided through +Each host has a host-specific key, +used to identify the host. +Partial forward security for protocol 1 is provided through an additional server key, normally 1024 bits, generated when the server starts. @@ -470,7 +468,7 @@ does not exist either, xauth is used to add the cookie. .Cm AuthorizedKeysFile specifies the files containing public keys for public key authentication; -if none is specified, the default is +if this option is not specified, the default is .Pa ~/.ssh/authorized_keys and .Pa ~/.ssh/authorized_keys2 . @@ -522,6 +520,10 @@ No spaces are permitted, except within double quotes. The following option specifications are supported (note that option keywords are case-insensitive): .Bl -tag -width Ds +.It Cm agent-forwarding +Enable authentication agent forwarding previously disabled by the +.Cm restrict +option. .It Cm cert-authority Specifies that the listed key is a certification authority (CA) that is trusted to validate signed certificates for user authentication. @@ -616,6 +618,9 @@ they must be literal domains or addresses. A port specification of .Cm * matches any port. +.It Cm port-forwarding +Enable port forwarding previously disabled by the +.Cm restrict .It Cm principals="principals" On a .Cm cert-authority @@ -627,12 +632,33 @@ This option is ignored for keys that are not marked as trusted certificate signers using the .Cm cert-authority option. +.It Cm pty +Permits tty allocation previously disabled by the +.Cm restrict +option. +.It Cm restrict +Enable all restrictions, i.e. disable port, agent and X11 forwarding, +as well as disabling PTY allocation +and execution of +.Pa ~/.ssh/rc . +If any future restriction capabilities are added to authorized_keys files +they will be included in this set. .It Cm tunnel="n" Force a .Xr tun 4 device on the server. Without this option, the next available device will be used if the client requests a tunnel. +.It Cm user-rc +Enables execution of +.Pa ~/.ssh/rc +previously disabled by the +.Cm restrict +option. +.It Cm X11-forwarding +Permits X11 forwarding previously disabled by the +.Cm restrict +option. .El .Pp An example authorized_keys file: @@ -647,6 +673,10 @@ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss AAAAB5...21S== tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== jane@example.net +restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== +user@example.net +restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== +user@example.net .Ed .Sh SSH_KNOWN_HOSTS FILE FORMAT The @@ -856,9 +886,12 @@ This file is for host-based authentication (see It should only be writable by root. .Pp .It Pa /etc/moduli -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" +key exchange method. The file format is described in .Xr moduli 5 . +If no usable groups are found in this file then fixed internal groups will +be used. .Pp .It Pa /etc/motd See diff --git a/sshd.c b/sshd.c index 871b2bf..55cabc5 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */ +/* $OpenBSD: sshd.c,v 1.471 2016/08/03 04:23:55 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -121,21 +121,14 @@ #include "ssh-gss.h" #endif #include "monitor_wrap.h" -#include "roaming.h" #include "ssh-sandbox.h" #include "version.h" #include "ssherr.h" -#ifdef RUNTIME_LIBPAM -#include "pam.h" -#endif - #ifndef O_NOCTTY #define O_NOCTTY 0 #endif - - /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) @@ -259,6 +252,9 @@ Buffer loginmsg; /* Unprivileged user */ struct passwd *privsep_pw = NULL; +/* is child process - used by Windows implementation*/ +int is_child = 0; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -268,7 +264,7 @@ static void do_ssh1_kex(void); #endif static void do_ssh2_kex(void); - /* +/* * Retrieve path to current running module. * * path - buffer, where to store path (OUT). @@ -322,99 +318,6 @@ static void do_ssh2_kex(void); return exitCode; } -#ifdef WIN32_FIXME - /* - * Win32 only. - */ - - SERVICE_STATUS_HANDLE gSvcStatusHandle;; - SERVICE_STATUS gSvcStatus; - - int ranServiceMain = 0; - int iAmAService = 1; - - #define SVCNAME "SSHD" - - static VOID ReportSvcStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint) - { - static DWORD dwCheckPoint = 1; - - /* - * Fill in the SERVICE_STATUS structure. - */ - - gSvcStatus.dwCurrentState = dwCurrentState; - gSvcStatus.dwWin32ExitCode = dwWin32ExitCode; - gSvcStatus.dwWaitHint = dwWaitHint; - - if (dwCurrentState == SERVICE_START_PENDING) - { - gSvcStatus.dwControlsAccepted = 0; - } - else - { - gSvcStatus.dwControlsAccepted = SERVICE_ACCEPT_STOP; - } - - if ((dwCurrentState == SERVICE_RUNNING) || (dwCurrentState == SERVICE_STOPPED)) - { - gSvcStatus.dwCheckPoint = 0; - } - else - { - gSvcStatus.dwCheckPoint = dwCheckPoint++; - } - - /* - * Report the status of the service to the SCM. - */ - - SetServiceStatus( gSvcStatusHandle, &gSvcStatus ); - } - static VOID WINAPI SSHDHandlerEx(DWORD dwControl) - { - debug("Request received (%u)", dwControl); - - /* - * Handle the requested control code. - */ - - switch(dwControl) - { - case SERVICE_CONTROL_STOP: - { - debug("SERVICE_CONTROL_STOP signal received..."); - - ReportSvcStatus(SERVICE_STOP_PENDING, NO_ERROR, 500); - - GenerateConsoleCtrlEvent(CTRL_BREAK_EVENT, 0); - ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, 0); - - return; - } - - case SERVICE_CONTROL_INTERROGATE: - { - /* - * Fall through to send current status. - */ - - break; - } - - default: - { - break; - } - } - - ReportSvcStatus(gSvcStatus.dwCurrentState, NO_ERROR, 0); - } - -#endif /* WIN32_FIXME */ - - - /* * Close all listening sockets */ @@ -525,7 +428,8 @@ grace_alarm_handler(int sig) } /* Log error and exit. */ - sigdie("Timeout before authentication for %s", get_remote_ipaddr()); + sigdie("Timeout before authentication for %s port %d", + ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); } /* @@ -561,7 +465,7 @@ key_regeneration_alarm(int sig) } static void -sshd_exchange_identification(int sock_in, int sock_out) +sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) { u_int i; int mismatch; @@ -586,9 +490,9 @@ sshd_exchange_identification(int sock_in, int sock_out) #ifndef WIN32_FIXME xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", - major, minor, SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); + major, minor, SSH_VERSION, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); #else xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", major, minor, SSH_RELEASE, @@ -597,19 +501,21 @@ sshd_exchange_identification(int sock_in, int sock_out) #endif /* Send our protocol version identification. */ - if (roaming_atomicio(vwrite, sock_out, server_version_string, + if (atomicio(vwrite, sock_out, server_version_string, strlen(server_version_string)) != strlen(server_version_string)) { - logit("Could not write ident string to %s", get_remote_ipaddr()); + logit("Could not write ident string to %s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); cleanup_exit(255); } /* Read other sides version identification. */ memset(buf, 0, sizeof(buf)); for (i = 0; i < sizeof(buf) - 1; i++) { - if (roaming_atomicio(read, sock_in, &buf[i], 1) != 1) { - logit("Did not receive identification string from %s", - get_remote_ipaddr()); + if (atomicio(read, sock_in, &buf[i], 1) != 1) { + logit("Did not receive identification string " + "from %s port %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); cleanup_exit(255); } if (buf[i] == '\r') { @@ -638,7 +544,7 @@ sshd_exchange_identification(int sock_in, int sock_out) (void) atomicio(vwrite, sock_out, s, strlen(s)); logit("Bad protocol version identification '%.100s' " "from %s port %d", client_version_string, - get_remote_ipaddr(), get_remote_port()); + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); close(sock_in); close(sock_out); cleanup_exit(255); @@ -649,24 +555,24 @@ sshd_exchange_identification(int sock_in, int sock_out) #ifdef WIN32_FIXME SetEnvironmentVariable("SSH_CLIENT_ID", remote_version); #endif - - active_state->compat = compat_datafellows(remote_version); - if ((datafellows & SSH_BUG_PROBE) != 0) { - logit("probed from %s with %s. Don't panic.", - get_remote_ipaddr(), client_version_string); + if ((ssh->compat & SSH_BUG_PROBE) != 0) { + logit("probed from %s port %d with %s. Don't panic.", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + client_version_string); cleanup_exit(255); } - if ((datafellows & SSH_BUG_SCANNER) != 0) { - logit("scanned from %s with %s. Don't panic.", - get_remote_ipaddr(), client_version_string); + if ((ssh->compat & SSH_BUG_SCANNER) != 0) { + logit("scanned from %s port %d with %s. Don't panic.", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + client_version_string); cleanup_exit(255); } - if ((datafellows & SSH_BUG_RSASIGMD5) != 0) { + if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { logit("Client version \"%.100s\" uses unsafe RSA signature " "scheme; disabling use of RSA keys", remote_version); } - if ((datafellows & SSH_BUG_DERIVEKEY) != 0) { + if ((ssh->compat & SSH_BUG_DERIVEKEY) != 0) { fatal("Client version \"%.100s\" uses unsafe key agreement; " "refusing connection", remote_version); } @@ -711,8 +617,9 @@ sshd_exchange_identification(int sock_in, int sock_out) (void) atomicio(vwrite, sock_out, s, strlen(s)); close(sock_in); close(sock_out); - logit("Protocol major versions differ for %s: %.200s vs. %.200s", - get_remote_ipaddr(), + logit("Protocol major versions differ for %s port %d: " + "%.200s vs. %.200s", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), server_version_string, client_version_string); cleanup_exit(255); } @@ -789,31 +696,30 @@ privsep_preauth_child(void) arc4random_buf(rnd, sizeof(rnd)); #ifdef WITH_OPENSSL RAND_seed(rnd, sizeof(rnd)); + if ((RAND_bytes((u_char *)rnd, 1)) != 1) + fatal("%s: RAND_bytes failed", __func__); #endif explicit_bzero(rnd, sizeof(rnd)); /* Demote the private keys to public keys. */ demote_sensitive_data(); - /* Change our root directory */ - if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) - fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, - strerror(errno)); - if (chdir("/") == -1) - fatal("chdir(\"/\"): %s", strerror(errno)); + /* Demote the child */ + if (getuid() == 0 || geteuid() == 0) { + /* Change our root directory */ + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, + strerror(errno)); + if (chdir("/") == -1) + fatal("chdir(\"/\"): %s", strerror(errno)); - /* Drop our privileges */ - debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, - (u_int)privsep_pw->pw_gid); -#if 0 - /* XXX not ready, too heavy after chroot */ - do_setusercontext(privsep_pw); -#else - gidset[0] = privsep_pw->pw_gid; - if (setgroups(1, gidset) < 0) - fatal("setgroups: %.100s", strerror(errno)); - permanently_set_uid(privsep_pw); -#endif + /* Drop our privileges */ + debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, + (u_int)privsep_pw->pw_gid); + gidset[0] = privsep_pw->pw_gid; + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(privsep_pw); #endif } @@ -881,9 +787,7 @@ privsep_preauth(Authctxt *authctxt) /* Arrange for logging to be sent to the monitor */ set_log_handler(mm_log_handler, pmonitor); - /* Demote the child */ - if (getuid() == 0 || geteuid() == 0) - privsep_preauth_child(); + privsep_preauth_child(); setproctitle("%s", "[net]"); if (box != NULL) ssh_sandbox_child(box); @@ -944,6 +848,8 @@ privsep_postauth(Authctxt *authctxt) arc4random_buf(rnd, sizeof(rnd)); #ifdef WITH_OPENSSL RAND_seed(rnd, sizeof(rnd)); + if ((RAND_bytes((u_char *)rnd, 1)) != 1) + fatal("%s: RAND_bytes failed", __func__); #endif explicit_bzero(rnd, sizeof(rnd)); @@ -994,6 +900,12 @@ list_hostkey_types(void) buffer_append(&b, ",", 1); p = key_ssh_name(key); buffer_append(&b, p, strlen(p)); + + /* for RSA we also support SHA2 signatures */ + if (key->type == KEY_RSA) { + p = ",rsa-sha2-512,rsa-sha2-256"; + buffer_append(&b, p, strlen(p)); + } break; } /* If the private key has a cert peer, then list that too */ @@ -1012,8 +924,8 @@ list_hostkey_types(void) break; } } - buffer_append(&b, "\0", 1); - ret = xstrdup(buffer_ptr(&b)); + if ((ret = sshbuf_dup_string(&b)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); buffer_free(&b); debug("list_hostkey_types: %s", ret); return ret; @@ -1194,12 +1106,13 @@ usage(void) } static void -send_rexec_state(int fd, Buffer *conf) +send_rexec_state(int fd, struct sshbuf *conf) { - Buffer m; + struct sshbuf *m; + int r; - debug3("%s: entering fd = %d config len %d", __func__, fd, - buffer_len(conf)); + debug3("%s: entering fd = %d config len %zu", __func__, fd, + sshbuf_len(conf)); /* * Protocol from reexec master to child: @@ -1213,31 +1126,41 @@ send_rexec_state(int fd, Buffer *conf) * bignum q " * string rngseed (only if OpenSSL is not self-seeded) */ - buffer_init(&m); - buffer_put_cstring(&m, buffer_ptr(conf)); + if ((m = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); + if ((r = sshbuf_put_stringb(m, conf)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #ifdef WITH_SSH1 if (sensitive_data.server_key != NULL && sensitive_data.server_key->type == KEY_RSA1) { - buffer_put_int(&m, 1); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->e); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->n); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->d); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->iqmp); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->p); - buffer_put_bignum(&m, sensitive_data.server_key->rsa->q); + if ((r = sshbuf_put_u32(m, 1)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->e)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->n)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->d)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->iqmp)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->p)) != 0 || + (r = sshbuf_put_bignum1(m, + sensitive_data.server_key->rsa->q)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else #endif - buffer_put_int(&m, 0); + if ((r = sshbuf_put_u32(m, 0)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_send_rng_seed(&m); + rexec_send_rng_seed(m); #endif - if (ssh_msg_send(fd, 0, &m) == -1) + if (ssh_msg_send(fd, 0, m) == -1) fatal("%s: ssh_msg_send failed", __func__); - buffer_free(&m); + sshbuf_free(m); debug3("%s: done", __func__); } @@ -1260,7 +1183,7 @@ recv_rexec_state(int fd, Buffer *conf) cp = buffer_get_string(&m, &len); if (conf != NULL) - buffer_append(conf, cp, len + 1); + buffer_append(conf, cp, len); free(cp); if (buffer_get_int(&m)) { @@ -1438,9 +1361,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) for (;;) { if (received_sighup) sighup_restart(); - if (fdset != NULL) - free(fdset); - + free(fdset); fdset = xcalloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); @@ -1490,9 +1411,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) *newsock = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); if (*newsock < 0) { - if (errno != EINTR && errno != EWOULDBLOCK - && errno != ECONNABORTED - && errno != EAGAIN) + if (errno != EINTR && errno != EWOULDBLOCK && + errno != ECONNABORTED && errno != EAGAIN) error("accept: %.100s", strerror(errno)); if (errno == EMFILE || errno == ENFILE) @@ -1508,7 +1428,6 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) close(*newsock); continue; } - if (pipe(startup_p) == -1) { close(*newsock); continue; @@ -1534,15 +1453,15 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } /* - * Got connection. Fork a child to handle it, unless - * we are in debugging mode. - */ + * Got connection. Fork a child to handle it, unless + * we are in debugging mode. + */ if (debug_flag) { /* - * In debugging mode. Close the listening - * socket, and start processing the - * connection without forking. - */ + * In debugging mode. Close the listening + * socket, and start processing the + * connection without forking. + */ debug("Server will not fork when running in debugging mode."); close_listen_socks(); *sock_in = *newsock; @@ -1553,17 +1472,17 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) pid = getpid(); if (rexec_flag) { send_rexec_state(config_s[0], - &cfg); + &cfg); close(config_s[0]); } break; } /* - * Normal production daemon. Fork, and have - * the child process the connection. The - * parent continues listening. - */ + * Normal production daemon. Fork, and have + * the child process the connection. The + * parent continues listening. + */ platform_pre_fork(); #ifdef WIN32_FIXME { @@ -1672,6 +1591,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) arc4random_buf(rnd, sizeof(rnd)); #ifdef WITH_OPENSSL RAND_seed(rnd, sizeof(rnd)); + if ((RAND_bytes((u_char *)rnd, 1)) != 1) + fatal("%s: RAND_bytes failed", __func__); #endif explicit_bzero(rnd, sizeof(rnd)); } @@ -1682,12 +1603,55 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) } } +/* + * If IP options are supported, make sure there are none (log and + * return an error if any are found). Basically we are worried about + * source routing; it can be used to pretend you are somebody + * (ip-address) you are not. That itself may be "almost acceptable" + * under certain circumstances, but rhosts autentication is useless + * if source routing is accepted. Notice also that if we just dropped + * source routing here, the other side could use IP spoofing to do + * rest of the interaction and could still bypass security. So we + * exit here if we detect any IP options. + */ +static void +check_ip_options(struct ssh *ssh) +{ +#ifdef IP_OPTIONS + int sock_in = ssh_packet_get_connection_in(ssh); + struct sockaddr_storage from; + u_char opts[200]; + socklen_t i, option_size = sizeof(opts), fromlen = sizeof(from); + char text[sizeof(opts) * 3 + 1]; + + memset(&from, 0, sizeof(from)); + if (getpeername(sock_in, (struct sockaddr *)&from, + &fromlen) < 0) + return; + if (from.ss_family != AF_INET) + return; + /* XXX IPv6 options? */ + + if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts, + &option_size) >= 0 && option_size != 0) { + text[0] = '\0'; + for (i = 0; i < option_size; i++) + snprintf(text + i*3, sizeof(text) - i*3, + " %2.2x", opts[i]); + fatal("Connection from %.100s port %d with IP opts: %.800s", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), text); + } + return; +#endif /* IP_OPTIONS */ +} + /* * Main program for the daemon. */ int main(int ac, char **av) { + struct ssh *ssh = NULL; extern char *optarg; extern int optind; int r, opt, i, j, on = 1; @@ -1705,15 +1669,8 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = get_connection_info(0, 0); - #ifdef HAVE_STARTUP_NEEDS - - int startup_handler(void); - - startup_handler(); - - #endif - - #ifdef WIN32_FIXME + ssh_malloc_init(); /* must be called before any mallocs */ +#ifdef WIN32_FIXME /* * Setup exit signal handler for receiving signal, when @@ -1722,9 +1679,7 @@ main(int ac, char **av) AllocConsole(); - #endif /* WIN32_FIXME */ - - +#endif /* WIN32_FIXME */ #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); @@ -1738,8 +1693,7 @@ main(int ac, char **av) for (i = 0; i < ac; i++) saved_argv[i] = xstrdup(av[i]); saved_argv[i] = NULL; - - + #ifndef HAVE_SETPROCTITLE /* Prepare for later setproctitle emulation */ compat_init_setproctitle(ac, av); @@ -1761,7 +1715,6 @@ main(int ac, char **av) while ((opt = getopt(ac, av, "C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")) != -1) { switch (opt) { - case '4': options.address_family = AF_INET; break; @@ -1880,77 +1833,7 @@ main(int ac, char **av) } #ifdef WIN32_FIXME - if (getenv("SSHD_REMSOC") == NULL) - { - if (!ranServiceMain) - { - do - { - int wmain(int , wchar_t **); - SERVICE_TABLE_ENTRYW DispatchTable[] = - { - {L"SSHD", (LPSERVICE_MAIN_FUNCTIONW) wmain}, - {NULL, NULL} - }; - - /* - * Don't come back here now - */ - - ranServiceMain = 1; - /* - * This call returns when the service has stopped. - */ - - /* - * The process should simply terminate when the call returns. - */ - - /* - * If the service control dispatcher failed to register - * for any other reason, bail out. - */ - - if (!StartServiceCtrlDispatcherW(DispatchTable)) - { - if (GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) - { - /* - * We're a console app, baby! - */ - - iAmAService = 0; - - break; - } - - /* - * We're a service that can't go any further - */ - - return -1; - } - - return 0; - } while (0); - } - else - { - /* - * Finish up the service initialization - */ - - gSvcStatusHandle = RegisterServiceCtrlHandler("SSHD", SSHDHandlerEx); - - ZeroMemory(&gSvcStatus, sizeof(gSvcStatus)); - - gSvcStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS; - ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 300); - ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0); - } - } - rexec_flag = 0; use_privsep = 0; @@ -2024,10 +1907,8 @@ main(int ac, char **av) #endif /* If requested, redirect the logs to the specified logfile. */ - if (logfile != NULL) { + if (logfile != NULL) log_redirect_stderr_to(logfile); - free(logfile); - } /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) @@ -2086,22 +1967,6 @@ main(int ac, char **av) /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); - -#ifdef RUNTIME_LIBPAM - if(options.use_pam) - { - if(initPAM(options.pamLibrary_)) - { - debug("sshd PAM: libpam loaded!\n"); - } - else - { - options.use_pam = 0; - - error("cannot load PAM library! PAM is turned off!"); - } - } -#endif /* challenge-response is implemented via keyboard interactive */ if (options.challenge_response_authentication) @@ -2155,7 +2020,7 @@ main(int ac, char **av) "without OpenSSL" #endif ); - + #ifdef WIN32_FIXME logit("[Build " __DATE__ " " __TIME__ "]"); #endif @@ -2426,7 +2291,7 @@ main(int ac, char **av) } else { platform_pre_listen(); #ifdef WIN32_FIXME - if (getenv("SSHD_REMSOC") == NULL) + if (is_child == 0) #endif server_listen(); @@ -2453,42 +2318,28 @@ main(int ac, char **av) fclose(f); } } - #ifdef WIN32_FIXME +#ifdef WIN32_FIXME - if (getenv("SSHD_REMSOC") == NULL) - { - /* - * Accept a connection and return in a forked child - */ - - server_accept_loop(&sock_in, &sock_out, &newsock, config_s); - } - else - { - char *stopstring; - DWORD_PTR remotesochandle; - remotesochandle = strtol(getenv("SSHD_REMSOC"), &stopstring, 16); - debug("remote channel %d", remotesochandle); + if (is_child) { + char *stopstring; + DWORD_PTR remotesochandle; + remotesochandle = strtol(getenv("SSHD_REMSOC"), &stopstring, 16); + debug("remote channel %d", remotesochandle); - sock_in = sock_out = newsock = w32_allocate_fd_for_handle((HANDLE)remotesochandle, TRUE); + sock_in = sock_out = newsock = w32_allocate_fd_for_handle((HANDLE)remotesochandle, TRUE); - // we have the socket handle, delete it for child processes we create like shell + // we have the socket handle, delete it for child processes we create like shell SetEnvironmentVariable("SSHD_REMSOC", NULL); - SetHandleInformation((HANDLE)remotesochandle, HANDLE_FLAG_INHERIT, 0); // make the handle not to be inherited + SetHandleInformation((HANDLE)remotesochandle, HANDLE_FLAG_INHERIT, 0); // make the handle not to be inherited - /* - * We don't have a startup_pipe - */ - - startup_pipe = -1; + startup_pipe = -1; } - - #else + else +#endif /* Accept a connection and return in a forked child */ server_accept_loop(&sock_in, &sock_out, &newsock, config_s); - #endif } /* This is the child processing a new connection. */ @@ -2575,28 +2426,25 @@ main(int ac, char **av) */ packet_set_connection(sock_in, sock_out); packet_set_server(); + ssh = active_state; /* XXX */ + check_ip_options(ssh); /* Set SO_KEEPALIVE if requested. */ if (options.tcp_keep_alive && packet_connection_is_on_socket() && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); - if ((remote_port = get_remote_port()) < 0) { - debug("get_remote_port failed"); + if ((remote_port = ssh_remote_port(ssh)) < 0) { + debug("ssh_remote_port failed"); cleanup_exit(255); } - /* - * We use get_canonical_hostname with usedns = 0 instead of - * get_remote_ipaddr here so IP options will be checked. - */ - (void) get_canonical_hostname(0); /* * The rest of the code depends on the fact that - * get_remote_ipaddr() caches the remote ip, even if + * ssh_remote_ipaddr() caches the remote ip, even if * the socket goes away. */ - remote_ip = get_remote_ipaddr(); + remote_ip = ssh_remote_ipaddr(ssh); #ifdef SSH_AUDIT_EVENTS audit_connection_from(remote_ip, remote_port); @@ -2605,7 +2453,7 @@ main(int ac, char **av) /* Log the connection. */ laddr = get_local_ipaddr(sock_in); verbose("Connection from %s port %d on %s port %d", - remote_ip, remote_port, laddr, get_local_port()); + remote_ip, remote_port, laddr, ssh_local_port(ssh)); free(laddr); /* @@ -2620,7 +2468,7 @@ main(int ac, char **av) if (!debug_flag) alarm(options.login_grace_time); - sshd_exchange_identification(sock_in, sock_out); + sshd_exchange_identification(ssh, sock_in, sock_out); /* In inetd mode, generate ephemeral key only for proto 1 connections */ if (!compat20 && inetd_flag && sensitive_data.server_key == NULL) @@ -2758,6 +2606,7 @@ main(int ac, char **av) int ssh1_session_key(BIGNUM *session_key_int) { + struct ssh *ssh = active_state; /* XXX */ int rsafail = 0; if (BN_cmp(sensitive_data.server_key->rsa->n, @@ -2766,9 +2615,9 @@ ssh1_session_key(BIGNUM *session_key_int) if (BN_num_bits(sensitive_data.server_key->rsa->n) < BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s: " + fatal("do_connection: %s port %d: " "server_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", - get_remote_ipaddr(), + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), BN_num_bits(sensitive_data.server_key->rsa->n), BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), SSH_KEY_BITS_RESERVED); @@ -2784,9 +2633,9 @@ ssh1_session_key(BIGNUM *session_key_int) if (BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) < BN_num_bits(sensitive_data.server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { - fatal("do_connection: %s: " + fatal("do_connection: %s port %d: " "host_key %d < server_key %d + SSH_KEY_BITS_RESERVED %d", - get_remote_ipaddr(), + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), BN_num_bits(sensitive_data.ssh1_host_key->rsa->n), BN_num_bits(sensitive_data.server_key->rsa->n), SSH_KEY_BITS_RESERVED); @@ -2807,6 +2656,7 @@ ssh1_session_key(BIGNUM *session_key_int) static void do_ssh1_kex(void) { + struct ssh *ssh = active_state; /* XXX */ int i, len; int rsafail = 0; BIGNUM *session_key_int, *fake_key_int, *real_key_int; @@ -2924,9 +2774,10 @@ do_ssh1_kex(void) (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); if (len < 0 || (u_int)len > sizeof(session_key)) { - error("do_ssh1_kex: bad session key len from %s: " - "session_key_int %d > sizeof(session_key) %lu", - get_remote_ipaddr(), len, (u_long)sizeof(session_key)); + error("%s: bad session key len from %s port %d: " + "session_key_int %d > sizeof(session_key) %lu", __func__, + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + len, (u_long)sizeof(session_key)); rsafail++; } else { explicit_bzero(session_key, sizeof(session_key)); @@ -2972,24 +2823,26 @@ do_ssh1_kex(void) int sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, size_t *slen, - const u_char *data, size_t dlen, u_int flag) + const u_char *data, size_t dlen, const char *alg, u_int flag) { int r; u_int xxx_slen, xxx_dlen = dlen; if (privkey) { - if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen) < 0)) + if (PRIVSEP(key_sign(privkey, signature, &xxx_slen, data, xxx_dlen, + alg) < 0)) fatal("%s: key_sign failed", __func__); if (slen) *slen = xxx_slen; } else if (use_privsep) { - if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen) < 0) + if (mm_key_sign(pubkey, signature, &xxx_slen, data, xxx_dlen, + alg) < 0) fatal("%s: pubkey_sign failed", __func__); if (slen) *slen = xxx_slen; } else { if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slen, - data, dlen, datafellows)) != 0) + data, dlen, alg, datafellows)) != 0) fatal("%s: ssh_agent_sign failed: %s", __func__, ssh_err(r)); } @@ -3015,14 +2868,15 @@ do_ssh2_kex(void) if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; } else if (options.compression == COMP_DELAYED) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; + myproposal[PROPOSAL_COMP_ALGS_STOC] = + "none,zlib@openssh.com"; } if (options.rekey_limit || options.rekey_interval) - packet_set_rekey_limits((u_int32_t)options.rekey_limit, + packet_set_rekey_limits(options.rekey_limit, (time_t)options.rekey_interval); myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( @@ -3032,17 +2886,18 @@ do_ssh2_kex(void) if ((r = kex_setup(active_state, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); kex = active_state->kex; - - +#ifdef WITH_OPENSSL kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; + kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; + kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; + kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; - # ifdef OPENSSL_HAS_ECC kex->kex[KEX_ECDH_SHA2] = kexecdh_server; # endif - +#endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; kex->server = 1; kex->client_version_string=client_version_string; @@ -3088,9 +2943,6 @@ cleanup_exit(int i) /* done after do_cleanup so it can cancel the PAM auth 'thread' */ if (!use_privsep || mm_is_monitor()) audit_event(SSH_CONNECTION_ABANDON); -#endif -#ifdef WIN32_FIXME - if (!iAmAService || (getenv("SSHD_REMSOC"))) #endif _exit(i); } diff --git a/sshd_config b/sshd_config index 9bbdd2f..75ae8e7 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ +# $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -24,20 +24,23 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 1024 +# Ciphers and keying +#RekeyLimit default none + # Logging -# obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m -#PermitRootLogin yes +#PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -49,6 +52,11 @@ # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -76,8 +84,8 @@ AuthorizedKeysFile .ssh/authorized_keys #GSSAPIAuthentication no #GSSAPICleanupCredentials yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -93,20 +101,22 @@ AuthorizedKeysFile .ssh/authorized_keys #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes +#PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 -#UseDNS yes +#UseDNS no #PidFile /var/run/sshd.pid -#MaxStartups 10 +#MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none +#VersionAddendum none # no default banner path #Banner none @@ -118,9 +128,5 @@ Subsystem sftp /usr/libexec/sftp-server #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no +# PermitTTY no # ForceCommand cvs server - -PubkeyAcceptedKeyTypes +ssh-dss,ecdsa-sha2-nistp256 - - - diff --git a/sshd_config.0 b/sshd_config.0 deleted file mode 100644 index aae7fb6..0000000 --- a/sshd_config.0 +++ /dev/null @@ -1,1052 +0,0 @@ -SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) - -NAME - sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file - -SYNOPSIS - /etc/ssh/sshd_config - -DESCRIPTION - sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file - specified with -f on the command line). The file contains keyword- - argument pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines - are interpreted as comments. Arguments may optionally be enclosed in - double quotes (") in order to represent arguments containing spaces. - - The possible keywords and their meanings are as follows (note that - keywords are case-insensitive and arguments are case-sensitive): - - AcceptEnv - Specifies what environment variables sent by the client will be - copied into the session's environ(7). See SendEnv in - ssh_config(5) for how to configure the client. Note that - environment passing is only supported for protocol 2, and that - the TERM environment variable is always sent whenever the client - requests a pseudo-terminal as it is required by the protocol. - Variables are specified by name, which may contain the wildcard - characters M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be - separated by whitespace or spread across multiple AcceptEnv - directives. Be warned that some environment variables could be - used to bypass restricted user environments. For this reason, - care should be taken in the use of this directive. The default - is not to accept any environment variables. - - AddressFamily - Specifies which address family should be used by sshd(8). Valid - arguments are M-bM-^@M-^\anyM-bM-^@M-^], M-bM-^@M-^\inetM-bM-^@M-^] (use IPv4 only), or M-bM-^@M-^\inet6M-bM-^@M-^] (use IPv6 - only). The default is M-bM-^@M-^\anyM-bM-^@M-^]. - - AllowAgentForwarding - Specifies whether ssh-agent(1) forwarding is permitted. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that disabling agent forwarding does not - improve security unless users are also denied shell access, as - they can always install their own forwarders. - - AllowGroups - This keyword can be followed by a list of group name patterns, - separated by spaces. If specified, login is allowed only for - users whose primary group or supplementary group list matches one - of the patterns. Only group names are valid; a numerical group - ID is not recognized. By default, login is allowed for all - groups. The allow/deny directives are processed in the following - order: DenyUsers, AllowUsers, DenyGroups, and finally - AllowGroups. - - See PATTERNS in ssh_config(5) for more information on patterns. - - AllowTcpForwarding - Specifies whether TCP forwarding is permitted. The available - options are M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\allM-bM-^@M-^] to allow TCP forwarding, M-bM-^@M-^\noM-bM-^@M-^] to - prevent all TCP forwarding, M-bM-^@M-^\localM-bM-^@M-^] to allow local (from the - perspective of ssh(1)) forwarding only or M-bM-^@M-^\remoteM-bM-^@M-^] to allow - remote forwarding only. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that - disabling TCP forwarding does not improve security unless users - are also denied shell access, as they can always install their - own forwarders. - - AllowStreamLocalForwarding - Specifies whether StreamLocal (Unix-domain socket) forwarding is - permitted. The available options are M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\allM-bM-^@M-^] to allow - StreamLocal forwarding, M-bM-^@M-^\noM-bM-^@M-^] to prevent all StreamLocal - forwarding, M-bM-^@M-^\localM-bM-^@M-^] to allow local (from the perspective of - ssh(1)) forwarding only or M-bM-^@M-^\remoteM-bM-^@M-^] to allow remote forwarding - only. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that disabling StreamLocal - forwarding does not improve security unless users are also denied - shell access, as they can always install their own forwarders. - - AllowUsers - This keyword can be followed by a list of user name patterns, - separated by spaces. If specified, login is allowed only for - user names that match one of the patterns. Only user names are - valid; a numerical user ID is not recognized. By default, login - is allowed for all users. If the pattern takes the form - USER@HOST then USER and HOST are separately checked, restricting - logins to particular users from particular hosts. The allow/deny - directives are processed in the following order: DenyUsers, - AllowUsers, DenyGroups, and finally AllowGroups. - - See PATTERNS in ssh_config(5) for more information on patterns. - - AuthenticationMethods - Specifies the authentication methods that must be successfully - completed for a user to be granted access. This option must be - followed by one or more comma-separated lists of authentication - method names. Successful authentication requires completion of - every method in at least one of these lists. - - For example, an argument of M-bM-^@M-^\publickey,password - publickey,keyboard-interactiveM-bM-^@M-^] would require the user to - complete public key authentication, followed by either password - or keyboard interactive authentication. Only methods that are - next in one or more lists are offered at each stage, so for this - example, it would not be possible to attempt password or - keyboard-interactive authentication before public key. - - For keyboard interactive authentication it is also possible to - restrict authentication to a specific device by appending a colon - followed by the device identifier M-bM-^@M-^\bsdauthM-bM-^@M-^], M-bM-^@M-^\pamM-bM-^@M-^], or M-bM-^@M-^\skeyM-bM-^@M-^], - depending on the server configuration. For example, - M-bM-^@M-^\keyboard-interactive:bsdauthM-bM-^@M-^] would restrict keyboard - interactive authentication to the M-bM-^@M-^\bsdauthM-bM-^@M-^] device. - - If the M-bM-^@M-^\publickeyM-bM-^@M-^] method is listed more than once, sshd(8) - verifies that keys that have been used successfully are not - reused for subsequent authentications. For example, an - AuthenticationMethods of M-bM-^@M-^\publickey,publickeyM-bM-^@M-^] will require - successful authentication using two different public keys. - - This option is only available for SSH protocol 2 and will yield a - fatal error if enabled if protocol 1 is also enabled. Note that - each authentication method listed should also be explicitly - enabled in the configuration. The default is not to require - multiple authentication; successful completion of a single - authentication method is sufficient. - - AuthorizedKeysCommand - Specifies a program to be used to look up the user's public keys. - The program must be owned by root, not writable by group or - others and specified by an absolute path. - - Arguments to AuthorizedKeysCommand may be provided using the - following tokens, which will be expanded at runtime: %% is - replaced by a literal '%', %u is replaced by the username being - authenticated, %h is replaced by the home directory of the user - being authenticated, %t is replaced with the key type offered for - authentication, %f is replaced with the fingerprint of the key, - and %k is replaced with the key being offered for authentication. - If no arguments are specified then the username of the target - user will be supplied. - - The program should produce on standard output zero or more lines - of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a - key supplied by AuthorizedKeysCommand does not successfully - authenticate and authorize the user then public key - authentication continues using the usual AuthorizedKeysFile - files. By default, no AuthorizedKeysCommand is run. - - AuthorizedKeysCommandUser - Specifies the user under whose account the AuthorizedKeysCommand - is run. It is recommended to use a dedicated user that has no - other role on the host than running authorized keys commands. If - AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser - is not, then sshd(8) will refuse to start. - - AuthorizedKeysFile - Specifies the file that contains the public keys that can be used - for user authentication. The format is described in the - AUTHORIZED_KEYS FILE FORMAT section of sshd(8). - AuthorizedKeysFile may contain tokens of the form %T which are - substituted during connection setup. The following tokens are - defined: %% is replaced by a literal '%', %h is replaced by the - home directory of the user being authenticated, and %u is - replaced by the username of that user. After expansion, - AuthorizedKeysFile is taken to be an absolute path or one - relative to the user's home directory. Multiple files may be - listed, separated by whitespace. The default is - M-bM-^@M-^\.ssh/authorized_keys .ssh/authorized_keys2M-bM-^@M-^]. - - AuthorizedPrincipalsCommand - Specifies a program to be used to generate the list of allowed - certificate principals as per AuthorizedPrincipalsFile. The - program must be owned by root, not writable by group or others - and specified by an absolute path. - - Arguments to AuthorizedPrincipalsCommand may be provided using - the following tokens, which will be expanded at runtime: %% is - replaced by a literal '%', %u is replaced by the username being - authenticated and %h is replaced by the home directory of the - user being authenticated. - - The program should produce on standard output zero or more lines - of AuthorizedPrincipalsFile output. If either - AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is - specified, then certificates offered by the client for - authentication must contain a principal that is listed. By - default, no AuthorizedPrincipalsCommand is run. - - AuthorizedPrincipalsCommandUser - Specifies the user under whose account the - AuthorizedPrincipalsCommand is run. It is recommended to use a - dedicated user that has no other role on the host than running - authorized principals commands. If AuthorizedPrincipalsCommand - is specified but AuthorizedPrincipalsCommandUser is not, then - sshd(8) will refuse to start. - - AuthorizedPrincipalsFile - Specifies a file that lists principal names that are accepted for - certificate authentication. When using certificates signed by a - key listed in TrustedUserCAKeys, this file lists names, one of - which must appear in the certificate for it to be accepted for - authentication. Names are listed one per line preceded by key - options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). - Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored. - - AuthorizedPrincipalsFile may contain tokens of the form %T which - are substituted during connection setup. The following tokens - are defined: %% is replaced by a literal '%', %h is replaced by - the home directory of the user being authenticated, and %u is - replaced by the username of that user. After expansion, - AuthorizedPrincipalsFile is taken to be an absolute path or one - relative to the user's home directory. - - The default is M-bM-^@M-^\noneM-bM-^@M-^], i.e. not to use a principals file M-bM-^@M-^S in - this case, the username of the user must appear in a - certificate's principals list for it to be accepted. Note that - AuthorizedPrincipalsFile is only used when authentication - proceeds using a CA listed in TrustedUserCAKeys and is not - consulted for certification authorities trusted via - ~/.ssh/authorized_keys, though the principals= key option offers - a similar facility (see sshd(8) for details). - - Banner The contents of the specified file are sent to the remote user - before authentication is allowed. If the argument is M-bM-^@M-^\noneM-bM-^@M-^] then - no banner is displayed. This option is only available for - protocol version 2. By default, no banner is displayed. - - ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed - (e.g. via PAM or through authentication styles supported in - login.conf(5)) The default is M-bM-^@M-^\yesM-bM-^@M-^]. - - ChrootDirectory - Specifies the pathname of a directory to chroot(2) to after - authentication. At session startup sshd(8) checks that all - components of the pathname are root-owned directories which are - not writable by any other user or group. After the chroot, - sshd(8) changes the working directory to the user's home - directory. - - The pathname may contain the following tokens that are expanded - at runtime once the connecting user has been authenticated: %% is - replaced by a literal '%', %h is replaced by the home directory - of the user being authenticated, and %u is replaced by the - username of that user. - - The ChrootDirectory must contain the necessary files and - directories to support the user's session. For an interactive - session this requires at least a shell, typically sh(1), and - basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), - stderr(4), and tty(4) devices. For file transfer sessions using - M-bM-^@M-^\sftpM-bM-^@M-^], no additional configuration of the environment is - necessary if the in-process sftp server is used, though sessions - which use logging may require /dev/log inside the chroot - directory on some operating systems (see sftp-server(8) for - details). - - For safety, it is very important that the directory hierarchy be - prevented from modification by other processes on the system - (especially those outside the jail). Misconfiguration can lead - to unsafe environments which sshd(8) cannot detect. - - The default is not to chroot(2). - - Ciphers - Specifies the ciphers allowed for protocol version 2. Multiple - ciphers must be comma-separated. If the specified value begins - with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be appended - to the default set instead of replacing them. - - The supported ciphers are: - - 3des-cbc - aes128-cbc - aes192-cbc - aes256-cbc - aes128-ctr - aes192-ctr - aes256-ctr - aes128-gcm@openssh.com - aes256-gcm@openssh.com - arcfour - arcfour128 - arcfour256 - blowfish-cbc - cast128-cbc - chacha20-poly1305@openssh.com - - The default is: - - chacha20-poly1305@openssh.com, - aes128-ctr,aes192-ctr,aes256-ctr, - aes128-gcm@openssh.com,aes256-gcm@openssh.com - - The list of available ciphers may also be obtained using the -Q - option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^]. - - ClientAliveCountMax - Sets the number of client alive messages (see below) which may be - sent without sshd(8) receiving any messages back from the client. - If this threshold is reached while client alive messages are - being sent, sshd will disconnect the client, terminating the - session. It is important to note that the use of client alive - messages is very different from TCPKeepAlive (below). The client - alive messages are sent through the encrypted channel and - therefore will not be spoofable. The TCP keepalive option - enabled by TCPKeepAlive is spoofable. The client alive mechanism - is valuable when the client or server depend on knowing when a - connection has become inactive. - - The default value is 3. If ClientAliveInterval (see below) is - set to 15, and ClientAliveCountMax is left at the default, - unresponsive SSH clients will be disconnected after approximately - 45 seconds. This option applies to protocol version 2 only. - - ClientAliveInterval - Sets a timeout interval in seconds after which if no data has - been received from the client, sshd(8) will send a message - through the encrypted channel to request a response from the - client. The default is 0, indicating that these messages will - not be sent to the client. This option applies to protocol - version 2 only. - - Compression - Specifies whether compression is allowed, or delayed until the - user has authenticated successfully. The argument must be M-bM-^@M-^\yesM-bM-^@M-^], - M-bM-^@M-^\delayedM-bM-^@M-^], or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\delayedM-bM-^@M-^]. - - DenyGroups - This keyword can be followed by a list of group name patterns, - separated by spaces. Login is disallowed for users whose primary - group or supplementary group list matches one of the patterns. - Only group names are valid; a numerical group ID is not - recognized. By default, login is allowed for all groups. The - allow/deny directives are processed in the following order: - DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. - - See PATTERNS in ssh_config(5) for more information on patterns. - - DenyUsers - This keyword can be followed by a list of user name patterns, - separated by spaces. Login is disallowed for user names that - match one of the patterns. Only user names are valid; a - numerical user ID is not recognized. By default, login is - allowed for all users. If the pattern takes the form USER@HOST - then USER and HOST are separately checked, restricting logins to - particular users from particular hosts. The allow/deny - directives are processed in the following order: DenyUsers, - AllowUsers, DenyGroups, and finally AllowGroups. - - See PATTERNS in ssh_config(5) for more information on patterns. - - FingerprintHash - Specifies the hash algorithm used when logging key fingerprints. - Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The default is M-bM-^@M-^\sha256M-bM-^@M-^]. - - ForceCommand - Forces the execution of the command specified by ForceCommand, - ignoring any command supplied by the client and ~/.ssh/rc if - present. The command is invoked by using the user's login shell - with the -c option. This applies to shell, command, or subsystem - execution. It is most useful inside a Match block. The command - originally supplied by the client is available in the - SSH_ORIGINAL_COMMAND environment variable. Specifying a command - of M-bM-^@M-^\internal-sftpM-bM-^@M-^] will force the use of an in-process sftp - server that requires no support files when used with - ChrootDirectory. - - GatewayPorts - Specifies whether remote hosts are allowed to connect to ports - forwarded for the client. By default, sshd(8) binds remote port - forwardings to the loopback address. This prevents other remote - hosts from connecting to forwarded ports. GatewayPorts can be - used to specify that sshd should allow remote port forwardings to - bind to non-loopback addresses, thus allowing other hosts to - connect. The argument may be M-bM-^@M-^\noM-bM-^@M-^] to force remote port - forwardings to be available to the local host only, M-bM-^@M-^\yesM-bM-^@M-^] to - force remote port forwardings to bind to the wildcard address, or - M-bM-^@M-^\clientspecifiedM-bM-^@M-^] to allow the client to select the address to - which the forwarding is bound. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - GSSAPIAuthentication - Specifies whether user authentication based on GSSAPI is allowed. - The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that this option applies to protocol - version 2 only. - - GSSAPICleanupCredentials - Specifies whether to automatically destroy the user's credentials - cache on logout. The default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option - applies to protocol version 2 only. - - GSSAPIStrictAcceptorCheck - Determines whether to be strict about the identity of the GSSAPI - acceptor a client authenticates against. If set to M-bM-^@M-^\yesM-bM-^@M-^] then - the client must authenticate against the host service on the - current hostname. If set to M-bM-^@M-^\noM-bM-^@M-^] then the client may - authenticate against any service key stored in the machine's - default store. This facility is provided to assist with - operation on multi homed machines. The default is M-bM-^@M-^\yesM-bM-^@M-^]. - - HostbasedAcceptedKeyTypes - Specifies the key types that will be accepted for hostbased - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the - specified key types will be appended to the default set instead - of replacing them. The default for this option is: - - ecdsa-sha2-nistp256-cert-v01@openssh.com, - ecdsa-sha2-nistp384-cert-v01@openssh.com, - ecdsa-sha2-nistp521-cert-v01@openssh.com, - ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com, - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa - - The -Q option of ssh(1) may be used to list supported key types. - - HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication - together with successful public key client host authentication is - allowed (host-based authentication). This option is similar to - RhostsRSAAuthentication and applies to protocol version 2 only. - The default is M-bM-^@M-^\noM-bM-^@M-^]. - - HostbasedUsesNameFromPacketOnly - Specifies whether or not the server will attempt to perform a - reverse name lookup when matching the name in the ~/.shosts, - ~/.rhosts, and /etc/hosts.equiv files during - HostbasedAuthentication. A setting of M-bM-^@M-^\yesM-bM-^@M-^] means that sshd(8) - uses the name supplied by the client rather than attempting to - resolve the name from the TCP connection itself. The default is - M-bM-^@M-^\noM-bM-^@M-^]. - - HostCertificate - Specifies a file containing a public host certificate. The - certificate's public key must match a private host key already - specified by HostKey. The default behaviour of sshd(8) is not to - load any certificates. - - HostKey - Specifies a file containing a private host key used by SSH. The - default is /etc/ssh/ssh_host_key for protocol version 1, and - /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, - /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for - protocol version 2. - - Note that sshd(8) will refuse to use a file if it is group/world- - accessible and that the HostKeyAlgorithms option restricts which - of the keys are actually used by sshd(8). - - It is possible to have multiple host key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are - used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are - used for version 2 of the SSH protocol. It is also possible to - specify public host key files instead. In this case operations - on the private key will be delegated to an ssh-agent(1). - - HostKeyAgent - Identifies the UNIX-domain socket used to communicate with an - agent that has access to the private host keys. If - M-bM-^@M-^\SSH_AUTH_SOCKM-bM-^@M-^] is specified, the location of the socket will be - read from the SSH_AUTH_SOCK environment variable. - - HostKeyAlgorithms - Specifies the protocol version 2 host key algorithms that the - server offers. The default for this option is: - - ecdsa-sha2-nistp256-cert-v01@openssh.com, - ecdsa-sha2-nistp384-cert-v01@openssh.com, - ecdsa-sha2-nistp521-cert-v01@openssh.com, - ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com, - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa - - The list of available key types may also be obtained using the -Q - option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^]. - - IgnoreRhosts - Specifies that .rhosts and .shosts files will not be used in - RhostsRSAAuthentication or HostbasedAuthentication. - - /etc/hosts.equiv and /etc/shosts.equiv are still used. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. - - IgnoreUserKnownHosts - Specifies whether sshd(8) should ignore the user's - ~/.ssh/known_hosts during RhostsRSAAuthentication or - HostbasedAuthentication. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - IPQoS Specifies the IPv4 type-of-service or DSCP class for the - connection. Accepted values are M-bM-^@M-^\af11M-bM-^@M-^], M-bM-^@M-^\af12M-bM-^@M-^], M-bM-^@M-^\af13M-bM-^@M-^], M-bM-^@M-^\af21M-bM-^@M-^], - M-bM-^@M-^\af22M-bM-^@M-^], M-bM-^@M-^\af23M-bM-^@M-^], M-bM-^@M-^\af31M-bM-^@M-^], M-bM-^@M-^\af32M-bM-^@M-^], M-bM-^@M-^\af33M-bM-^@M-^], M-bM-^@M-^\af41M-bM-^@M-^], M-bM-^@M-^\af42M-bM-^@M-^], M-bM-^@M-^\af43M-bM-^@M-^], - M-bM-^@M-^\cs0M-bM-^@M-^], M-bM-^@M-^\cs1M-bM-^@M-^], M-bM-^@M-^\cs2M-bM-^@M-^], M-bM-^@M-^\cs3M-bM-^@M-^], M-bM-^@M-^\cs4M-bM-^@M-^], M-bM-^@M-^\cs5M-bM-^@M-^], M-bM-^@M-^\cs6M-bM-^@M-^], M-bM-^@M-^\cs7M-bM-^@M-^], M-bM-^@M-^\efM-bM-^@M-^], - M-bM-^@M-^\lowdelayM-bM-^@M-^], M-bM-^@M-^\throughputM-bM-^@M-^], M-bM-^@M-^\reliabilityM-bM-^@M-^], or a numeric value. - This option may take one or two arguments, separated by - whitespace. If one argument is specified, it is used as the - packet class unconditionally. If two values are specified, the - first is automatically selected for interactive sessions and the - second for non-interactive sessions. The default is M-bM-^@M-^\lowdelayM-bM-^@M-^] - for interactive sessions and M-bM-^@M-^\throughputM-bM-^@M-^] for non-interactive - sessions. - - KbdInteractiveAuthentication - Specifies whether to allow keyboard-interactive authentication. - The argument to this keyword must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default - is to use whatever value ChallengeResponseAuthentication is set - to (by default M-bM-^@M-^\yesM-bM-^@M-^]). - - KerberosAuthentication - Specifies whether the password provided by the user for - PasswordAuthentication will be validated through the Kerberos - KDC. To use this option, the server needs a Kerberos servtab - which allows the verification of the KDC's identity. The default - is M-bM-^@M-^\noM-bM-^@M-^]. - - KerberosGetAFSToken - If AFS is active and the user has a Kerberos 5 TGT, attempt to - acquire an AFS token before accessing the user's home directory. - The default is M-bM-^@M-^\noM-bM-^@M-^]. - - KerberosOrLocalPasswd - If password authentication through Kerberos fails then the - password will be validated via any additional local mechanism - such as /etc/passwd. The default is M-bM-^@M-^\yesM-bM-^@M-^]. - - KerberosTicketCleanup - Specifies whether to automatically destroy the user's ticket - cache file on logout. The default is M-bM-^@M-^\yesM-bM-^@M-^]. - - KexAlgorithms - Specifies the available KEX (Key Exchange) algorithms. Multiple - algorithms must be comma-separated. Alternately if the specified - value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods - will be appended to the default set instead of replacing them. - The supported algorithms are: - - curve25519-sha256@libssh.org - diffie-hellman-group1-sha1 - diffie-hellman-group14-sha1 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - - The default is: - - curve25519-sha256@libssh.org, - ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, - diffie-hellman-group-exchange-sha256, - diffie-hellman-group14-sha1 - - The list of available key exchange algorithms may also be - obtained using the -Q option of ssh(1) with an argument of M-bM-^@M-^\kexM-bM-^@M-^]. - - KeyRegenerationInterval - In protocol version 1, the ephemeral server key is automatically - regenerated after this many seconds (if it has been used). The - purpose of regeneration is to prevent decrypting captured - sessions by later breaking into the machine and stealing the - keys. The key is never stored anywhere. If the value is 0, the - key is never regenerated. The default is 3600 (seconds). - - ListenAddress - Specifies the local addresses sshd(8) should listen on. The - following forms may be used: - - ListenAddress host|IPv4_addr|IPv6_addr - ListenAddress host|IPv4_addr:port - ListenAddress [host|IPv6_addr]:port - - If port is not specified, sshd will listen on the address and all - Port options specified. The default is to listen on all local - addresses. Multiple ListenAddress options are permitted. - - LoginGraceTime - The server disconnects after this time if the user has not - successfully logged in. If the value is 0, there is no time - limit. The default is 120 seconds. - - LogLevel - Gives the verbosity level that is used when logging messages from - sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, - VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. - DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify - higher levels of debugging output. Logging with a DEBUG level - violates the privacy of users and is not recommended. - - MACs Specifies the available MAC (message authentication code) - algorithms. The MAC algorithm is used in protocol version 2 for - data integrity protection. Multiple algorithms must be comma- - separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, - then the specified algorithms will be appended to the default set - instead of replacing them. - - The algorithms that contain M-bM-^@M-^\-etmM-bM-^@M-^] calculate the MAC after - encryption (encrypt-then-mac). These are considered safer and - their use recommended. The supported MACs are: - - hmac-md5 - hmac-md5-96 - hmac-ripemd160 - hmac-sha1 - hmac-sha1-96 - hmac-sha2-256 - hmac-sha2-512 - umac-64@openssh.com - umac-128@openssh.com - hmac-md5-etm@openssh.com - hmac-md5-96-etm@openssh.com - hmac-ripemd160-etm@openssh.com - hmac-sha1-etm@openssh.com - hmac-sha1-96-etm@openssh.com - hmac-sha2-256-etm@openssh.com - hmac-sha2-512-etm@openssh.com - umac-64-etm@openssh.com - umac-128-etm@openssh.com - - The default is: - - umac-64-etm@openssh.com,umac-128-etm@openssh.com, - hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, - umac-64@openssh.com,umac-128@openssh.com, - hmac-sha2-256,hmac-sha2-512 - - The list of available MAC algorithms may also be obtained using - the -Q option of ssh(1) with an argument of M-bM-^@M-^\macM-bM-^@M-^]. - - Match Introduces a conditional block. If all of the criteria on the - Match line are satisfied, the keywords on the following lines - override those set in the global section of the config file, - until either another Match line or the end of the file. If a - keyword appears in multiple Match blocks that are satisfied, only - the first instance of the keyword is applied. - - The arguments to Match are one or more criteria-pattern pairs or - the single token All which matches all criteria. The available - criteria are User, Group, Host, LocalAddress, LocalPort, and - Address. The match patterns may consist of single entries or - comma-separated lists and may use the wildcard and negation - operators described in the PATTERNS section of ssh_config(5). - - The patterns in an Address criteria may additionally contain - addresses to match in CIDR address/masklen format, e.g. - M-bM-^@M-^\192.0.2.0/24M-bM-^@M-^] or M-bM-^@M-^\3ffe:ffff::/32M-bM-^@M-^]. Note that the mask length - provided must be consistent with the address - it is an error to - specify a mask length that is too long for the address or one - with bits set in this host portion of the address. For example, - M-bM-^@M-^\192.0.2.0/33M-bM-^@M-^] and M-bM-^@M-^\192.0.2.0/8M-bM-^@M-^] respectively. - - Only a subset of keywords may be used on the lines following a - Match keyword. Available keywords are AcceptEnv, - AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, - AllowTcpForwarding, AllowUsers, AuthenticationMethods, - AuthorizedKeysCommand, AuthorizedKeysCommandUser, - AuthorizedKeysFile, AuthorizedPrincipalsFile, Banner, - ChrootDirectory, DenyGroups, DenyUsers, ForceCommand, - GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, - HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, - KbdInteractiveAuthentication, KerberosAuthentication, - MaxAuthTries, MaxSessions, PasswordAuthentication, - PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, - PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, - PubkeyAuthentication, RekeyLimit, RevokedKeys, - RhostsRSAAuthentication, RSAAuthentication, StreamLocalBindMask, - StreamLocalBindUnlink, TrustedUserCAKeys, X11DisplayOffset, - X11Forwarding and X11UseLocalHost. - - MaxAuthTries - Specifies the maximum number of authentication attempts permitted - per connection. Once the number of failures reaches half this - value, additional failures are logged. The default is 6. - - MaxSessions - Specifies the maximum number of open sessions permitted per - network connection. The default is 10. - - MaxStartups - Specifies the maximum number of concurrent unauthenticated - connections to the SSH daemon. Additional connections will be - dropped until authentication succeeds or the LoginGraceTime - expires for a connection. The default is 10:30:100. - - Alternatively, random early drop can be enabled by specifying the - three colon separated values M-bM-^@M-^\start:rate:fullM-bM-^@M-^] (e.g. "10:30:60"). - sshd(8) will refuse connection attempts with a probability of - M-bM-^@M-^\rate/100M-bM-^@M-^] (30%) if there are currently M-bM-^@M-^\startM-bM-^@M-^] (10) - unauthenticated connections. The probability increases linearly - and all connection attempts are refused if the number of - unauthenticated connections reaches M-bM-^@M-^\fullM-bM-^@M-^] (60). - - PasswordAuthentication - Specifies whether password authentication is allowed. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. - - PermitEmptyPasswords - When password authentication is allowed, it specifies whether the - server allows login to accounts with empty password strings. The - default is M-bM-^@M-^\noM-bM-^@M-^]. - - PermitOpen - Specifies the destinations to which TCP port forwarding is - permitted. The forwarding specification must be one of the - following forms: - - PermitOpen host:port - PermitOpen IPv4_addr:port - PermitOpen [IPv6_addr]:port - - Multiple forwards may be specified by separating them with - whitespace. An argument of M-bM-^@M-^\anyM-bM-^@M-^] can be used to remove all - restrictions and permit any forwarding requests. An argument of - M-bM-^@M-^\noneM-bM-^@M-^] can be used to prohibit all forwarding requests. By - default all port forwarding requests are permitted. - - PermitRootLogin - Specifies whether root can log in using ssh(1). The argument - must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\prohibit-passwordM-bM-^@M-^], M-bM-^@M-^\without-passwordM-bM-^@M-^], - M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^], or M-bM-^@M-^\noM-bM-^@M-^]. The default is - M-bM-^@M-^\prohibit-passwordM-bM-^@M-^]. - - If this option is set to M-bM-^@M-^\prohibit-passwordM-bM-^@M-^] or - M-bM-^@M-^\without-passwordM-bM-^@M-^], password and keyboard-interactive - authentication are disabled for root. - - If this option is set to M-bM-^@M-^\forced-commands-onlyM-bM-^@M-^], root login with - public key authentication will be allowed, but only if the - command option has been specified (which may be useful for taking - remote backups even if root login is normally not allowed). All - other authentication methods are disabled for root. - - If this option is set to M-bM-^@M-^\noM-bM-^@M-^], root is not allowed to log in. - - PermitTunnel - Specifies whether tun(4) device forwarding is allowed. The - argument must be M-bM-^@M-^\yesM-bM-^@M-^], M-bM-^@M-^\point-to-pointM-bM-^@M-^] (layer 3), M-bM-^@M-^\ethernetM-bM-^@M-^] - (layer 2), or M-bM-^@M-^\noM-bM-^@M-^]. Specifying M-bM-^@M-^\yesM-bM-^@M-^] permits both - M-bM-^@M-^\point-to-pointM-bM-^@M-^] and M-bM-^@M-^\ethernetM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - Independent of this setting, the permissions of the selected - tun(4) device must allow access to the user. - - PermitTTY - Specifies whether pty(4) allocation is permitted. The default is - M-bM-^@M-^\yesM-bM-^@M-^]. - - PermitUserEnvironment - Specifies whether ~/.ssh/environment and environment= options in - ~/.ssh/authorized_keys are processed by sshd(8). The default is - M-bM-^@M-^\noM-bM-^@M-^]. Enabling environment processing may enable users to bypass - access restrictions in some configurations using mechanisms such - as LD_PRELOAD. - - PermitUserRC - Specifies whether any ~/.ssh/rc file is executed. The default is - M-bM-^@M-^\yesM-bM-^@M-^]. - - PidFile - Specifies the file that contains the process ID of the SSH - daemon, or M-bM-^@M-^\noneM-bM-^@M-^] to not write one. The default is - /var/run/sshd.pid. - - Port Specifies the port number that sshd(8) listens on. The default - is 22. Multiple options of this type are permitted. See also - ListenAddress. - - PrintLastLog - Specifies whether sshd(8) should print the date and time of the - last user login when a user logs in interactively. The default - is M-bM-^@M-^\yesM-bM-^@M-^]. - - PrintMotd - Specifies whether sshd(8) should print /etc/motd when a user logs - in interactively. (On some systems it is also printed by the - shell, /etc/profile, or equivalent.) The default is M-bM-^@M-^\yesM-bM-^@M-^]. - - Protocol - Specifies the protocol versions sshd(8) supports. The possible - values are M-bM-^@M-^X1M-bM-^@M-^Y and M-bM-^@M-^X2M-bM-^@M-^Y. Multiple versions must be comma- - separated. The default is M-bM-^@M-^X2M-bM-^@M-^Y. Note that the order of the - protocol list does not indicate preference, because the client - selects among multiple protocol versions offered by the server. - Specifying M-bM-^@M-^\2,1M-bM-^@M-^] is identical to M-bM-^@M-^\1,2M-bM-^@M-^]. - - PubkeyAcceptedKeyTypes - Specifies the key types that will be accepted for public key - authentication as a comma-separated pattern list. Alternately if - the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the - specified key types will be appended to the default set instead - of replacing them. The default for this option is: - - ecdsa-sha2-nistp256-cert-v01@openssh.com, - ecdsa-sha2-nistp384-cert-v01@openssh.com, - ecdsa-sha2-nistp521-cert-v01@openssh.com, - ssh-ed25519-cert-v01@openssh.com, - ssh-rsa-cert-v01@openssh.com, - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, - ssh-ed25519,ssh-rsa - - The -Q option of ssh(1) may be used to list supported key types. - - PubkeyAuthentication - Specifies whether public key authentication is allowed. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. Note that this option applies to protocol - version 2 only. - - RekeyLimit - Specifies the maximum amount of data that may be transmitted - before the session key is renegotiated, optionally followed a - maximum amount of time that may pass before the session key is - renegotiated. The first argument is specified in bytes and may - have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, - Megabytes, or Gigabytes, respectively. The default is between - M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second - value is specified in seconds and may use any of the units - documented in the TIME FORMATS section. The default value for - RekeyLimit is M-bM-^@M-^\default noneM-bM-^@M-^], which means that rekeying is - performed after the cipher's default amount of data has been sent - or received and no time based rekeying is done. This option - applies to protocol version 2 only. - - RevokedKeys - Specifies revoked public keys file, or M-bM-^@M-^\noneM-bM-^@M-^] to not use one. - Keys listed in this file will be refused for public key - authentication. Note that if this file is not readable, then - public key authentication will be refused for all users. Keys - may be specified as a text file, listing one public key per line, - or as an OpenSSH Key Revocation List (KRL) as generated by - ssh-keygen(1). For more information on KRLs, see the KEY - REVOCATION LISTS section in ssh-keygen(1). - - RhostsRSAAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication - together with successful RSA host authentication is allowed. The - default is M-bM-^@M-^\noM-bM-^@M-^]. This option applies to protocol version 1 only. - - RSAAuthentication - Specifies whether pure RSA authentication is allowed. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. This option applies to protocol version 1 - only. - - ServerKeyBits - Defines the number of bits in the ephemeral protocol version 1 - server key. The default and minimum value is 1024. - - StreamLocalBindMask - Sets the octal file creation mode mask (umask) used when creating - a Unix-domain socket file for local or remote port forwarding. - This option is only used for port forwarding to a Unix-domain - socket file. - - The default value is 0177, which creates a Unix-domain socket - file that is readable and writable only by the owner. Note that - not all operating systems honor the file mode on Unix-domain - socket files. - - StreamLocalBindUnlink - Specifies whether to remove an existing Unix-domain socket file - for local or remote port forwarding before creating a new one. - If the socket file already exists and StreamLocalBindUnlink is - not enabled, sshd will be unable to forward the port to the Unix- - domain socket file. This option is only used for port forwarding - to a Unix-domain socket file. - - The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - StrictModes - Specifies whether sshd(8) should check file modes and ownership - of the user's files and home directory before accepting login. - This is normally desirable because novices sometimes accidentally - leave their directory or files world-writable. The default is - M-bM-^@M-^\yesM-bM-^@M-^]. Note that this does not apply to ChrootDirectory, whose - permissions and ownership are checked unconditionally. - - Subsystem - Configures an external subsystem (e.g. file transfer daemon). - Arguments should be a subsystem name and a command (with optional - arguments) to execute upon subsystem request. - - The command sftp-server(8) implements the M-bM-^@M-^\sftpM-bM-^@M-^] file transfer - subsystem. - - Alternately the name M-bM-^@M-^\internal-sftpM-bM-^@M-^] implements an in-process - M-bM-^@M-^\sftpM-bM-^@M-^] server. This may simplify configurations using - ChrootDirectory to force a different filesystem root on clients. - - By default no subsystems are defined. Note that this option - applies to protocol version 2 only. - - SyslogFacility - Gives the facility code that is used when logging messages from - sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, - LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The - default is AUTH. - - TCPKeepAlive - Specifies whether the system should send TCP keepalive messages - to the other side. If they are sent, death of the connection or - crash of one of the machines will be properly noticed. However, - this means that connections will die if the route is down - temporarily, and some people find it annoying. On the other - hand, if TCP keepalives are not sent, sessions may hang - indefinitely on the server, leaving M-bM-^@M-^\ghostM-bM-^@M-^] users and consuming - server resources. - - The default is M-bM-^@M-^\yesM-bM-^@M-^] (to send TCP keepalive messages), and the - server will notice if the network goes down or the client host - crashes. This avoids infinitely hanging sessions. - - To disable TCP keepalive messages, the value should be set to - M-bM-^@M-^\noM-bM-^@M-^]. - - TrustedUserCAKeys - Specifies a file containing public keys of certificate - authorities that are trusted to sign user certificates for - authentication, or M-bM-^@M-^\noneM-bM-^@M-^] to not use one. Keys are listed one - per line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. - If a certificate is presented for authentication and has its - signing CA key listed in this file, then it may be used for - authentication for any user listed in the certificate's - principals list. Note that certificates that lack a list of - principals will not be permitted for authentication using - TrustedUserCAKeys. For more details on certificates, see the - CERTIFICATES section in ssh-keygen(1). - - UseDNS Specifies whether sshd(8) should look up the remote host name, - and to check that the resolved host name for the remote IP - address maps back to the very same IP address. - - If this option is set to M-bM-^@M-^\noM-bM-^@M-^] (the default) then only addresses - and not host names may be used in ~/.ssh/known_hosts from and - sshd_config Match Host directives. - - UseLogin - Specifies whether login(1) is used for interactive login - sessions. The default is M-bM-^@M-^\noM-bM-^@M-^]. Note that login(1) is never used - for remote command execution. Note also, that if this is - enabled, X11Forwarding will be disabled because login(1) does not - know how to handle xauth(1) cookies. If UsePrivilegeSeparation - is specified, it will be disabled after authentication. - - UsePAM Enables the Pluggable Authentication Module interface. If set to - M-bM-^@M-^\yesM-bM-^@M-^] this will enable PAM authentication using - ChallengeResponseAuthentication and PasswordAuthentication in - addition to PAM account and session module processing for all - authentication types. - - Because PAM challenge-response authentication usually serves an - equivalent role to password authentication, you should disable - either PasswordAuthentication or ChallengeResponseAuthentication. - - If UsePAM is enabled, you will not be able to run sshd(8) as a - non-root user. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - UsePrivilegeSeparation - Specifies whether sshd(8) separates privileges by creating an - unprivileged child process to deal with incoming network traffic. - After successful authentication, another process will be created - that has the privilege of the authenticated user. The goal of - privilege separation is to prevent privilege escalation by - containing any corruption within the unprivileged processes. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. If UsePrivilegeSeparation is set to M-bM-^@M-^\sandboxM-bM-^@M-^] - then the pre-authentication unprivileged process is subject to - additional restrictions. - - VersionAddendum - Optionally specifies additional text to append to the SSH - protocol banner sent by the server upon connection. The default - is M-bM-^@M-^\noneM-bM-^@M-^]. - - X11DisplayOffset - Specifies the first display number available for sshd(8)'s X11 - forwarding. This prevents sshd from interfering with real X11 - servers. The default is 10. - - X11Forwarding - Specifies whether X11 forwarding is permitted. The argument must - be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The default is M-bM-^@M-^\noM-bM-^@M-^]. - - When X11 forwarding is enabled, there may be additional exposure - to the server and to client displays if the sshd(8) proxy display - is configured to listen on the wildcard address (see - X11UseLocalhost below), though this is not the default. - Additionally, the authentication spoofing and authentication data - verification and substitution occur on the client side. The - security risk of using X11 forwarding is that the client's X11 - display server may be exposed to attack when the SSH client - requests forwarding (see the warnings for ForwardX11 in - ssh_config(5)). A system administrator may have a stance in - which they want to protect clients that may expose themselves to - attack by unwittingly requesting X11 forwarding, which can - warrant a M-bM-^@M-^\noM-bM-^@M-^] setting. - - Note that disabling X11 forwarding does not prevent users from - forwarding X11 traffic, as users can always install their own - forwarders. X11 forwarding is automatically disabled if UseLogin - is enabled. - - X11UseLocalhost - Specifies whether sshd(8) should bind the X11 forwarding server - to the loopback address or to the wildcard address. By default, - sshd binds the forwarding server to the loopback address and sets - the hostname part of the DISPLAY environment variable to - M-bM-^@M-^\localhostM-bM-^@M-^]. This prevents remote hosts from connecting to the - proxy display. However, some older X11 clients may not function - with this configuration. X11UseLocalhost may be set to M-bM-^@M-^\noM-bM-^@M-^] to - specify that the forwarding server should be bound to the - wildcard address. The argument must be M-bM-^@M-^\yesM-bM-^@M-^] or M-bM-^@M-^\noM-bM-^@M-^]. The - default is M-bM-^@M-^\yesM-bM-^@M-^]. - - XAuthLocation - Specifies the full pathname of the xauth(1) program, or M-bM-^@M-^\noneM-bM-^@M-^] to - not use one. The default is /usr/X11R6/bin/xauth. - -TIME FORMATS - sshd(8) command-line arguments and configuration file options that - specify time may be expressed using a sequence of the form: - time[qualifier], where time is a positive integer value and qualifier is - one of the following: - - M-bM-^_M-(noneM-bM-^_M-) seconds - s | S seconds - m | M minutes - h | H hours - d | D days - w | W weeks - - Each member of the sequence is added together to calculate the total time - value. - - Time format examples: - - 600 600 seconds (10 minutes) - 10m 10 minutes - 1h30m 1 hour 30 minutes (90 minutes) - -FILES - /etc/ssh/sshd_config - Contains configuration data for sshd(8). This file should be - writable by root only, but it is recommended (though not - necessary) that it be world-readable. - -SEE ALSO - sshd(8) - -AUTHORS - OpenSSH is a derivative of the original and free ssh 1.2.12 release by - Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support - for privilege separation. - -OpenBSD 5.8 August 14, 2015 OpenBSD 5.8 diff --git a/sshd_config.5 b/sshd_config.5 index b18d340..1bc26ec 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ -.Dd $Mdocdate: August 14 2015 $ +.\" $OpenBSD: sshd_config.5,v 1.227 2016/07/19 12:59:16 jmc Exp $ +.Dd $Mdocdate: July 19 2016 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -70,8 +70,7 @@ See in .Xr ssh_config 5 for how to configure the client. -Note that environment passing is only supported for protocol 2, and -that the +The .Ev TERM environment variable is always sent whenever the client requests a pseudo-terminal as it is required by the protocol. @@ -174,6 +173,8 @@ By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. +HOST criteria may additionally contain addresses to match in CIDR +address/masklen format. The allow/deny directives are processed in the following order: .Cm DenyUsers , .Cm AllowUsers , @@ -188,9 +189,12 @@ for more information on patterns. Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one or more comma-separated lists of -authentication method names. -Successful authentication requires completion of every method in at least -one of these lists. +authentication method names, or by the single string +.Dq any +to indicate the default behaviour of accepting any single authentication +method. +if the default is overridden, then successful authentication requires +completion of every method in at least one of these lists. .Pp For example, an argument of .Dq publickey,password publickey,keyboard-interactive @@ -226,11 +230,13 @@ of .Dq publickey,publickey will require successful authentication using two different public keys. .Pp -This option is only available for SSH protocol 2 and will yield a fatal +This option will yield a fatal error if enabled if protocol 1 is also enabled. Note that each authentication method listed should also be explicitly enabled in the configuration. -The default is not to require multiple authentication; successful completion +The default +.Dq any +is not to require multiple authentication; successful completion of a single authentication method is sufficient. .It Cm AuthorizedKeysCommand Specifies a program to be used to look up the user's public keys. @@ -285,6 +291,9 @@ After expansion, is taken to be an absolute path or one relative to the user's home directory. Multiple files may be listed, separated by whitespace. +Alternately this option may be set to +.Dq none +to skip checking for user keys in files. The default is .Dq .ssh/authorized_keys .ssh/authorized_keys2 . .It Cm AuthorizedPrincipalsCommand @@ -370,7 +379,6 @@ authentication is allowed. If the argument is .Dq none then no banner is displayed. -This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed (e.g. via @@ -429,10 +437,12 @@ Misconfiguration can lead to unsafe environments which .Xr sshd 8 cannot detect. .Pp -The default is not to +The default is +.Dq none , +indicating not to .Xr chroot 2 . .It Cm Ciphers -Specifies the ciphers allowed for protocol version 2. +Specifies the ciphers allowed. Multiple ciphers must be comma-separated. If the specified value begins with a .Sq + @@ -513,7 +523,6 @@ If .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. -This option applies to protocol version 2 only. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, @@ -522,7 +531,6 @@ will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. .It Cm Compression Specifies whether compression is allowed, or delayed until the user has authenticated successfully. @@ -559,6 +567,8 @@ By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. +HOST criteria may additionally contain addresses to match in CIDR +address/masklen format. The allow/deny directives are processed in the following order: .Cm DenyUsers , .Cm AllowUsers , @@ -596,6 +606,8 @@ Specifying a command of will force the use of an in-process sftp server that requires no support files when used with .Cm ChrootDirectory . +The default is +.Dq none . .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -620,13 +632,11 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Dq no . -Note that this option applies to protocol version 2 only. .It Cm GSSAPICleanupCredentials Specifies whether to automatically destroy the user's credentials cache on logout. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. @@ -669,9 +679,6 @@ may be used to list supported key types. Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). -This option is similar to -.Cm RhostsRSAAuthentication -and applies to protocol version 2 only. The default is .Dq no . .It Cm HostbasedUsesNameFromPacketOnly @@ -736,13 +743,13 @@ to an .It Cm HostKeyAgent Identifies the UNIX-domain socket used to communicate with an agent that has access to the private host keys. -If +If the string .Dq SSH_AUTH_SOCK is specified, the location of the socket will be read from the .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms -Specifies the protocol version 2 host key algorithms +Specifies the host key algorithms that the server offers. The default for this option is: .Bd -literal -offset 3n @@ -963,8 +970,7 @@ DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm MACs Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. +The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma-separated. If the specified value begins with a .Sq + @@ -1020,8 +1026,9 @@ The default is: .Bd -literal -offset indent umac-64-etm@openssh.com,umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +hmac-sha1-etm@openssh.com, umac-64@openssh.com,umac-128@openssh.com, -hmac-sha2-256,hmac-sha2-512 +hmac-sha2-256,hmac-sha2-512,hmac-sha1 .Ed .Pp The list of available MAC algorithms may also be obtained using the @@ -1091,6 +1098,8 @@ Available keywords are .Cm AuthorizedKeysCommand , .Cm AuthorizedKeysCommandUser , .Cm AuthorizedKeysFile , +.Cm AuthorizedPrincipalsCommand , +.Cm AuthorizedPrincipalsCommandUser , .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm ChrootDirectory , @@ -1134,7 +1143,15 @@ Once the number of failures reaches half this value, additional failures are logged. The default is 6. .It Cm MaxSessions -Specifies the maximum number of open sessions permitted per network connection. +Specifies the maximum number of open shell, login or subsystem (e.g. sftp) +sessions permitted per network connection. +Multiple sessions may be established by clients that support connection +multiplexing. +Setting +.Cm MaxSessions +to 1 will effectively disable session multiplexing, whereas setting it to 0 +will prevent all shell, login and subsystem sessions while still permitting +forwarding. The default is 10. .It Cm MaxStartups Specifies the maximum number of concurrent unauthenticated connections to the @@ -1198,6 +1215,9 @@ can be used to remove all restrictions and permit any forwarding requests. An argument of .Dq none can be used to prohibit all forwarding requests. +The wildcard +.Dq * +can be used for host or port to allow all hosts or ports, respectively. By default all port forwarding requests are permitted. .It Cm PermitRootLogin Specifies whether root can log in using @@ -1324,6 +1344,10 @@ and Multiple versions must be comma-separated. The default is .Sq 2 . +Protocol 1 suffers from a number of cryptographic weaknesses and should +not be used. +It is only offered to support legacy devices. +.Pp Note that the order of the protocol list does not indicate preference, because the client selects among multiple protocol versions offered by the server. @@ -1358,7 +1382,6 @@ may be used to list supported key types. Specifies whether public key authentication is allowed. The default is .Dq yes . -Note that this option applies to protocol version 2 only. .It Cm RekeyLimit Specifies the maximum amount of data that may be transmitted before the session key is renegotiated, optionally followed a maximum amount of @@ -1384,7 +1407,6 @@ is .Dq default none , which means that rekeying is performed after the cipher's default amount of data has been sent or received and no time based rekeying is done. -This option applies to protocol version 2 only. .It Cm RevokedKeys Specifies revoked public keys file, or .Dq none @@ -1471,7 +1493,6 @@ This may simplify configurations using to force a different filesystem root on clients. .Pp By default no subsystems are defined. -Note that this option applies to protocol version 2 only. .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Xr sshd 8 . @@ -1525,7 +1546,7 @@ very same IP address. If this option is set to .Dq no (the default) then only addresses and not host names may be used in -.Pa ~/.ssh/known_hosts +.Pa ~/.ssh/authorized_keys .Cm from and .Nm @@ -1584,14 +1605,19 @@ After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. -The default is -.Dq yes . +The argument must be +.Dq yes , +.Dq no , +or +.Dq sandbox . If .Cm UsePrivilegeSeparation is set to .Dq sandbox then the pre-authentication unprivileged process is subject to additional restrictions. +The default is +.Dq sandbox . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. diff --git a/ssherr.c b/ssherr.c index 4ca7939..6802070 100644 --- a/ssherr.c +++ b/ssherr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssherr.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */ +/* $OpenBSD: ssherr.c,v 1.5 2015/09/13 14:39:16 tim Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -104,7 +104,7 @@ ssh_err(int n) case SSH_ERR_NEED_REKEY: return "rekeying not supported by peer"; case SSH_ERR_PASSPHRASE_TOO_SHORT: - return "passphrase is too short (minimum four characters)"; + return "passphrase is too short (minimum five characters)"; case SSH_ERR_FILE_CHANGED: return "file changed while reading"; case SSH_ERR_KEY_UNKNOWN_CIPHER: diff --git a/sshkey.c b/sshkey.c index 32dd8f2..c9f04cd 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.35 2016/06/19 07:48:02 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -83,36 +83,39 @@ struct keytype { int type; int nid; int cert; + int sigonly; }; static const struct keytype keytypes[] = { - { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, + { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 }, { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", - KEY_ED25519_CERT, 0, 1 }, + KEY_ED25519_CERT, 0, 1, 0 }, #ifdef WITH_OPENSSL - { NULL, "RSA1", KEY_RSA1, 0, 0 }, - { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, - { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, + { NULL, "RSA1", KEY_RSA1, 0, 0, 0 }, + { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 }, + { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 }, + { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 }, + { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 }, # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, - { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, + { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, + { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 }, # ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, + { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 }, # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ - { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, - { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, + { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, + { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, # ifdef OPENSSL_HAS_ECC { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", - KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, + KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", - KEY_ECDSA_CERT, NID_secp384r1, 1 }, + KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, # ifdef OPENSSL_HAS_NISTP521 { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", - KEY_ECDSA_CERT, NID_secp521r1, 1 }, + KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ - { NULL, NULL, -1, -1, 0 } + { NULL, NULL, -1, -1, 0, 0 } }; const char * @@ -200,7 +203,7 @@ key_alg_list(int certs_only, int plain_only) const struct keytype *kt; for (kt = keytypes; kt->type != -1; kt++) { - if (kt->name == NULL) + if (kt->name == NULL || kt->sigonly) continue; if ((certs_only && !kt->cert) || (plain_only && kt->cert)) continue; @@ -417,20 +420,14 @@ cert_free(struct sshkey_cert *cert) if (cert == NULL) return; - if (cert->certblob != NULL) - sshbuf_free(cert->certblob); - if (cert->critical != NULL) - sshbuf_free(cert->critical); - if (cert->extensions != NULL) - sshbuf_free(cert->extensions); - if (cert->key_id != NULL) - free(cert->key_id); + sshbuf_free(cert->certblob); + sshbuf_free(cert->critical); + sshbuf_free(cert->extensions); + free(cert->key_id); for (i = 0; i < cert->nprincipals; i++) free(cert->principals[i]); - if (cert->principals != NULL) - free(cert->principals); - if (cert->signature_key != NULL) - sshkey_free(cert->signature_key); + free(cert->principals); + sshkey_free(cert->signature_key); explicit_bzero(cert, sizeof(*cert)); free(cert); } @@ -1216,7 +1213,7 @@ read_decimal_bignum(char **cpp, BIGNUM *v) return SSH_ERR_BIGNUM_TOO_LARGE; if (cp[e] == '\0') skip = 0; - else if (index(" \t\r\n", cp[e]) == NULL) + else if (strchr(" \t\r\n", cp[e]) == NULL) return SSH_ERR_INVALID_FORMAT; cp[e] = '\0'; if (BN_dec2bn(&v, cp) <= 0) @@ -1232,11 +1229,10 @@ sshkey_read(struct sshkey *ret, char **cpp) { struct sshkey *k; int retval = SSH_ERR_INVALID_FORMAT; - char *cp, *space; + char *ep, *cp, *space; int r, type, curve_nid = -1; struct sshbuf *blob; #ifdef WITH_SSH1 - char *ep; u_long bits; #endif /* WITH_SSH1 */ @@ -1247,7 +1243,7 @@ sshkey_read(struct sshkey *ret, char **cpp) #ifdef WITH_SSH1 /* Get number of bits. */ bits = strtoul(cp, &ep, 10); - if (*cp == '\0' || index(" \t\r\n", *ep) == NULL || + if (*cp == '\0' || strchr(" \t\r\n", *ep) == NULL || bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ /* Get public exponent, public modulus. */ @@ -1255,10 +1251,10 @@ sshkey_read(struct sshkey *ret, char **cpp) return r; if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) return r; - *cpp = ep; /* validate the claimed number of bits */ if (BN_num_bits(ret->rsa->n) != (int)bits) return SSH_ERR_KEY_BITS_MISMATCH; + *cpp = ep; retval = 0; #endif /* WITH_SSH1 */ break; @@ -1296,9 +1292,9 @@ sshkey_read(struct sshkey *ret, char **cpp) *space++ = '\0'; while (*space == ' ' || *space == '\t') space++; - *cpp = space; + ep = space; } else - *cpp = cp + strlen(cp); + ep = cp + strlen(cp); if ((r = sshbuf_b64tod(blob, cp)) != 0) { sshbuf_free(blob); return r; @@ -1329,8 +1325,9 @@ sshkey_read(struct sshkey *ret, char **cpp) ret->cert = k->cert; k->cert = NULL; } + switch (sshkey_type_plain(ret->type)) { #ifdef WITH_OPENSSL - if (sshkey_type_plain(ret->type) == KEY_RSA) { + case KEY_RSA: if (ret->rsa != NULL) RSA_free(ret->rsa); ret->rsa = k->rsa; @@ -1338,8 +1335,8 @@ sshkey_read(struct sshkey *ret, char **cpp) #ifdef DEBUG_PK RSA_print_fp(stderr, ret->rsa, 8); #endif - } - if (sshkey_type_plain(ret->type) == KEY_DSA) { + break; + case KEY_DSA: if (ret->dsa != NULL) DSA_free(ret->dsa); ret->dsa = k->dsa; @@ -1347,9 +1344,9 @@ sshkey_read(struct sshkey *ret, char **cpp) #ifdef DEBUG_PK DSA_print_fp(stderr, ret->dsa, 8); #endif - } + break; # ifdef OPENSSL_HAS_ECC - if (sshkey_type_plain(ret->type) == KEY_ECDSA) { + case KEY_ECDSA: if (ret->ecdsa != NULL) EC_KEY_free(ret->ecdsa); ret->ecdsa = k->ecdsa; @@ -1359,17 +1356,19 @@ sshkey_read(struct sshkey *ret, char **cpp) #ifdef DEBUG_PK sshkey_dump_ec_key(ret->ecdsa); #endif - } + break; # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ - if (sshkey_type_plain(ret->type) == KEY_ED25519) { + case KEY_ED25519: free(ret->ed25519_pk); ret->ed25519_pk = k->ed25519_pk; k->ed25519_pk = NULL; #ifdef DEBUG_PK /* XXX */ #endif + break; } + *cpp = ep; retval = 0; /*XXXX*/ sshkey_free(k); @@ -1717,7 +1716,7 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key) if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 || (ret = sshbuf_putb(to->critical, from->critical)) != 0 || - (ret = sshbuf_putb(to->extensions, from->extensions) != 0)) + (ret = sshbuf_putb(to->extensions, from->extensions)) != 0) return ret; to->serial = from->serial; @@ -1758,9 +1757,7 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) struct sshkey *n = NULL; int ret = SSH_ERR_INTERNAL_ERROR; - if (pkp != NULL) - *pkp = NULL; - + *pkp = NULL; switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA: @@ -1969,7 +1966,8 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, #ifdef DEBUG_PK /* XXX */ sshbuf_dump(b, stderr); #endif - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if ((copy = sshbuf_fromb(b)) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -2124,8 +2122,10 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, goto out; } ret = 0; - *keyp = key; - key = NULL; + if (keyp != NULL) { + *keyp = key; + key = NULL; + } out: sshbuf_free(copy); sshkey_free(key); @@ -2174,7 +2174,7 @@ sshkey_froms(struct sshbuf *buf, struct sshkey **keyp) int sshkey_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) + const u_char *data, size_t datalen, const char *alg, u_int compat) { if (sigp != NULL) *sigp = NULL; @@ -2194,7 +2194,7 @@ sshkey_sign(const struct sshkey *key, # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: - return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat); + return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg); #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: @@ -2226,7 +2226,7 @@ sshkey_verify(const struct sshkey *key, # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: case KEY_RSA: - return ssh_rsa_verify(key, sig, siglen, data, dlen, compat); + return ssh_rsa_verify(key, sig, siglen, data, dlen); #endif /* WITH_OPENSSL */ case KEY_ED25519: case KEY_ED25519_CERT: @@ -2243,9 +2243,7 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) struct sshkey *pk; int ret = SSH_ERR_INTERNAL_ERROR; - if (dkp != NULL) - *dkp = NULL; - + *dkp = NULL; if ((pk = calloc(1, sizeof(*pk))) == NULL) return SSH_ERR_ALLOC_FAIL; pk->type = k->type; @@ -2372,7 +2370,7 @@ sshkey_drop_cert(struct sshkey *k) /* Sign a certified key, (re-)generating the signed certblob. */ int -sshkey_certify(struct sshkey *k, struct sshkey *ca) +sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) { struct sshbuf *principals = NULL; u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32]; @@ -2462,7 +2460,7 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca) /* Sign the whole mess */ if ((ret = sshkey_sign(ca, &sig_blob, &sig_len, sshbuf_ptr(cert), - sshbuf_len(cert), 0)) != 0) + sshbuf_len(cert), alg, 0)) != 0) goto out; /* Append signature and we are done */ @@ -2472,12 +2470,9 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca) out: if (ret != 0) sshbuf_reset(cert); - if (sig_blob != NULL) - free(sig_blob); - if (ca_blob != NULL) - free(ca_blob); - if (principals != NULL) - sshbuf_free(principals); + free(sig_blob); + free(ca_blob); + sshbuf_free(principals); return ret; } @@ -2538,6 +2533,43 @@ sshkey_cert_check_authority(const struct sshkey *k, return 0; } +size_t +sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l) +{ + char from[32], to[32], ret[64]; + time_t tt; + struct tm *tm; + + *from = *to = '\0'; + if (cert->valid_after == 0 && + cert->valid_before == 0xffffffffffffffffULL) + return strlcpy(s, "forever", l); + + if (cert->valid_after != 0) { + /* XXX revisit INT_MAX in 2038 :) */ + tt = cert->valid_after > INT_MAX ? + INT_MAX : cert->valid_after; + tm = localtime(&tt); + strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm); + } + if (cert->valid_before != 0xffffffffffffffffULL) { + /* XXX revisit INT_MAX in 2038 :) */ + tt = cert->valid_before > INT_MAX ? + INT_MAX : cert->valid_before; + tm = localtime(&tt); + strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm); + } + + if (cert->valid_after == 0) + snprintf(ret, sizeof(ret), "before %s", to); + else if (cert->valid_before == 0xffffffffffffffffULL) + snprintf(ret, sizeof(ret), "after %s", from); + else + snprintf(ret, sizeof(ret), "from %s to %s", from, to); + + return strlcpy(s, ret, l); +} + int sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) { @@ -2701,7 +2733,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) goto out; } if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa)) != 0) || + EC_KEY_get0_public_key(k->ecdsa))) != 0 || (r = sshkey_ec_validate_private(k->ecdsa)) != 0) goto out; break; @@ -2719,7 +2751,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) goto out; } if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), - EC_KEY_get0_public_key(k->ecdsa)) != 0) || + EC_KEY_get0_public_key(k->ecdsa))) != 0 || (r = sshkey_ec_validate_private(k->ecdsa)) != 0) goto out; break; @@ -2741,10 +2773,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) case KEY_RSA_CERT: if ((r = sshkey_froms(buf, &k)) != 0 || (r = sshkey_add_private(k)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->d) != 0) || - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp) != 0) || - (r = sshbuf_get_bignum2(buf, k->rsa->p) != 0) || - (r = sshbuf_get_bignum2(buf, k->rsa->q) != 0) || + (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || + (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || (r = rsa_generate_additional_parameters(k->rsa)) != 0) goto out; break; @@ -3431,9 +3463,9 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, /* Store public key. This will be in plain text. */ if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || - (r = sshbuf_put_bignum1(encrypted, key->rsa->n) != 0) || - (r = sshbuf_put_bignum1(encrypted, key->rsa->e) != 0) || - (r = sshbuf_put_cstring(encrypted, comment) != 0)) + (r = sshbuf_put_bignum1(encrypted, key->rsa->n)) != 0 || + (r = sshbuf_put_bignum1(encrypted, key->rsa->e)) != 0 || + (r = sshbuf_put_cstring(encrypted, comment)) != 0) goto out; /* Allocate space for the private part of the key in the buffer. */ @@ -3454,10 +3486,8 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, out: explicit_bzero(&ciphercontext, sizeof(ciphercontext)); explicit_bzero(buf, sizeof(buf)); - if (buffer != NULL) - sshbuf_free(buffer); - if (encrypted != NULL) - sshbuf_free(encrypted); + sshbuf_free(buffer); + sshbuf_free(encrypted); return r; } @@ -3604,17 +3634,13 @@ sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, /* The encrypted private part is not parsed by this function. */ r = 0; - if (keyp != NULL) + if (keyp != NULL) { *keyp = pub; - else - sshkey_free(pub); - pub = NULL; - + pub = NULL; + } out: - if (copy != NULL) - sshbuf_free(copy); - if (pub != NULL) - sshkey_free(pub); + sshbuf_free(copy); + sshkey_free(pub); return r; } @@ -3632,7 +3658,8 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, const struct sshcipher *cipher; struct sshkey *prv = NULL; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if (commentp != NULL) *commentp = NULL; @@ -3718,22 +3745,20 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, goto out; } r = 0; - *keyp = prv; - prv = NULL; + if (keyp != NULL) { + *keyp = prv; + prv = NULL; + } if (commentp != NULL) { *commentp = comment; comment = NULL; } out: explicit_bzero(&ciphercontext, sizeof(ciphercontext)); - if (comment != NULL) - free(comment); - if (prv != NULL) - sshkey_free(prv); - if (copy != NULL) - sshbuf_free(copy); - if (decrypted != NULL) - sshbuf_free(decrypted); + free(comment); + sshkey_free(prv); + sshbuf_free(copy); + sshbuf_free(decrypted); return r; } #endif /* WITH_SSH1 */ @@ -3748,7 +3773,8 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, BIO *bio = NULL; int r; - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX) return SSH_ERR_ALLOC_FAIL; @@ -3817,14 +3843,15 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, goto out; } r = 0; - *keyp = prv; - prv = NULL; + if (keyp != NULL) { + *keyp = prv; + prv = NULL; + } out: BIO_free(bio); if (pk != NULL) EVP_PKEY_free(pk); - if (prv != NULL) - sshkey_free(prv); + sshkey_free(prv); return r; } #endif /* WITH_OPENSSL */ @@ -3833,9 +3860,8 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp) { - int r; - - *keyp = NULL; + if (keyp != NULL) + *keyp = NULL; if (commentp != NULL) *commentp = NULL; @@ -3856,8 +3882,8 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, return sshkey_parse_private2(blob, type, passphrase, keyp, commentp); case KEY_UNSPEC: - if ((r = sshkey_parse_private2(blob, type, passphrase, keyp, - commentp)) == 0) + if (sshkey_parse_private2(blob, type, passphrase, keyp, + commentp) == 0) return 0; #ifdef WITH_OPENSSL return sshkey_parse_private_pem_fileblob(blob, type, @@ -3872,10 +3898,8 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, int sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, - const char *filename, struct sshkey **keyp, char **commentp) + struct sshkey **keyp, char **commentp) { - int r; - if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3883,13 +3907,11 @@ sshkey_parse_private_fileblob(struct sshbuf *buffer, const char *passphrase, #ifdef WITH_SSH1 /* it's a SSH v1 key if the public key part is readable */ - if ((r = sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL)) == 0) { + if (sshkey_parse_public_rsa1_fileblob(buffer, NULL, NULL) == 0) { return sshkey_parse_private_fileblob_type(buffer, KEY_RSA1, passphrase, keyp, commentp); } #endif /* WITH_SSH1 */ - if ((r = sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, - passphrase, keyp, commentp)) == 0) - return 0; - return r; + return sshkey_parse_private_fileblob_type(buffer, KEY_UNSPEC, + passphrase, keyp, commentp); } diff --git a/sshkey.h b/sshkey.h index c8d3cdd..8c3d866 100644 --- a/sshkey.h +++ b/sshkey.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.9 2015/08/04 05:23:06 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.13 2016/05/02 09:36:42 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -137,10 +137,12 @@ int sshkey_type_is_cert(int); int sshkey_type_plain(int); int sshkey_to_certified(struct sshkey *); int sshkey_drop_cert(struct sshkey *); -int sshkey_certify(struct sshkey *, struct sshkey *); +int sshkey_certify(struct sshkey *, struct sshkey *, const char *); int sshkey_cert_copy(const struct sshkey *, struct sshkey *); int sshkey_cert_check_authority(const struct sshkey *, int, int, const char *, const char **); +size_t sshkey_format_cert_validity(const struct sshkey_cert *, + char *, size_t) __attribute__((__bounded__(__string__, 2, 3))); int sshkey_ecdsa_nid_from_name(const char *); int sshkey_curve_name_to_nid(const char *); @@ -167,7 +169,7 @@ int sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *); int sshkey_putb_plain(const struct sshkey *, struct sshbuf *); int sshkey_sign(const struct sshkey *, u_char **, size_t *, - const u_char *, size_t, u_int); + const u_char *, size_t, const char *, u_int); int sshkey_verify(const struct sshkey *, const u_char *, size_t, const u_char *, size_t, u_int); @@ -186,17 +188,16 @@ int sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, int sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, struct sshkey **keyp, char **commentp); int sshkey_parse_private_fileblob(struct sshbuf *buffer, - const char *passphrase, const char *filename, struct sshkey **keyp, - char **commentp); + const char *passphrase, struct sshkey **keyp, char **commentp); int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp); #ifdef SSHKEY_INTERNAL -int ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); +int ssh_rsa_sign(const struct sshkey *key, + u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, + const char *ident); int ssh_rsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); + const u_char *sig, size_t siglen, const u_char *data, size_t datalen); int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, u_int compat); int ssh_dss_verify(const struct sshkey *key, diff --git a/sshlogin.c b/sshlogin.c index 818312f..cea3e76 100644 --- a/sshlogin.c +++ b/sshlogin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshlogin.c,v 1.31 2015/01/20 23:14:00 deraadt Exp $ */ +/* $OpenBSD: sshlogin.c,v 1.32 2015/12/26 20:51:35 guenther Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland diff --git a/sshpty.c b/sshpty.c index 7ea87ac..b2cee30 100644 --- a/sshpty.c +++ b/sshpty.c @@ -14,15 +14,6 @@ #include "includes.h" -/* - * We support only client side kerberos on Windows. - */ - -#ifdef WIN32_FIXME - #undef GSSAPI - #undef KRB5 -#endif - #include <sys/types.h> #include <sys/ioctl.h> #include <sys/stat.h> diff --git a/sshtty.c b/sshtty.c index 8b8d485..a0e74e5 100644 --- a/sshtty.c +++ b/sshtty.c @@ -47,23 +47,16 @@ static struct termios _saved_tio; static int _in_raw_mode = 0; +#ifndef WINDOWS struct termios * get_saved_tio(void) { - #ifdef WIN32_FIXME - DebugBreak(); - #endif return _in_raw_mode ? &_saved_tio : NULL; } void leave_raw_mode(int quiet) { - /* - * Win32 has no ttys so there is no raw mode to leave - */ - -#ifndef WIN32_FIXME if (!_in_raw_mode) return; if (tcsetattr(fileno(stdin), TCSADRAIN, &_saved_tio) == -1) { @@ -71,17 +64,11 @@ leave_raw_mode(int quiet) perror("tcsetattr"); } else _in_raw_mode = 0; -#endif } void enter_raw_mode(int quiet) { - /* - * Win32 has no ttys so there is no raw mode to enter - */ - -#ifndef WIN32_FIXME struct termios tio; if (tcgetattr(fileno(stdin), &tio) == -1) { @@ -107,5 +94,30 @@ enter_raw_mode(int quiet) perror("tcsetattr"); } else _in_raw_mode = 1; -#endif } + +#else +int ConInit(DWORD OutputHandle, BOOL fSmartInit); +int ConUnInit(void); + +struct termios term_settings; + +/* TODO - clean this up for Windows, ConInit should return previous terminal settings that need to be stored in term_settings*/ + +struct termios * +get_saved_tio(void) { + memset(&term_settings, 0, sizeof(term_settings)); + return &term_settings; +} + +void +leave_raw_mode(int quiet) { + ConUnInit(); +} + +void +enter_raw_mode(int quiet) { + ConInit(STD_OUTPUT_HANDLE, TRUE); +} + +#endif diff --git a/ttymodes.c b/ttymodes.c index bdbf4cf..86c4c9b 100644 --- a/ttymodes.c +++ b/ttymodes.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.c,v 1.29 2008/11/02 00:16:16 stevesk Exp $ */ +/* $OpenBSD: ttymodes.c,v 1.30 2016/05/04 14:22:33 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -54,7 +54,6 @@ #include "packet.h" #include "log.h" -#include "ssh1.h" #include "compat.h" #include "buffer.h" diff --git a/ttymodes.h b/ttymodes.h index 4d848fe..14e177c 100644 --- a/ttymodes.h +++ b/ttymodes.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ttymodes.h,v 1.14 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: ttymodes.h,v 1.15 2016/05/03 09:03:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -127,6 +127,9 @@ TTYMODE(IXOFF, c_iflag, 40) #ifdef IMAXBEL TTYMODE(IMAXBEL,c_iflag, 41) #endif /* IMAXBEL */ +#ifdef IUTF8 +TTYMODE(IUTF8, c_iflag, 42) +#endif /* IUTF8 */ TTYMODE(ISIG, c_lflag, 50) TTYMODE(ICANON, c_lflag, 51) diff --git a/uidswap.c b/uidswap.c index 844527d..31c3f6b 100644 --- a/uidswap.c +++ b/uidswap.c @@ -136,7 +136,7 @@ temporarily_use_uid(struct passwd *pw) void permanently_drop_suid(uid_t uid) { -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST uid_t old_uid = getuid(); #endif @@ -144,8 +144,14 @@ permanently_drop_suid(uid_t uid) if (setresuid(uid, uid, uid) < 0) fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); -#ifndef HAVE_CYGWIN - /* Try restoration of UID if changed (test clearing of saved uid) */ +#ifndef NO_UID_RESTORATION_TEST + /* + * Try restoration of UID if changed (test clearing of saved uid). + * + * Note that we don't do this on Cygwin, or on Solaris-based platforms + * where fine-grained privileges are available (the user might be + * deliberately allowed the right to setuid back to root). + */ if (old_uid != uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); @@ -203,7 +209,7 @@ restore_uid(void) void permanently_set_uid(struct passwd *pw) { -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST uid_t old_uid = getuid(); gid_t old_gid = getgid(); #endif @@ -231,7 +237,7 @@ permanently_set_uid(struct passwd *pw) if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) @@ -245,7 +251,7 @@ permanently_set_uid(struct passwd *pw) (u_int)pw->pw_gid); } -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST /* Try restoration of UID if changed (test clearing of saved uid) */ if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) diff --git a/umac128.c b/umac128.c deleted file mode 100644 index 6eb55b2..0000000 --- a/umac128.c +++ /dev/null @@ -1,1276 +0,0 @@ -/* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ -/* ----------------------------------------------------------------------- - * - * umac.c -- C Implementation UMAC Message Authentication - * - * Version 0.93b of rfc4418.txt -- 2006 July 18 - * - * For a full description of UMAC message authentication see the UMAC - * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac - * Please report bugs and suggestions to the UMAC webpage. - * - * Copyright (c) 1999-2006 Ted Krovetz - * - * Permission to use, copy, modify, and distribute this software and - * its documentation for any purpose and with or without fee, is hereby - * granted provided that the above copyright notice appears in all copies - * and in supporting documentation, and that the name of the copyright - * holder not be used in advertising or publicity pertaining to - * distribution of the software without specific, written prior permission. - * - * Comments should be directed to Ted Krovetz (tdk@acm.org) - * - * ---------------------------------------------------------------------- */ - - /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// - * - * 1) This version does not work properly on messages larger than 16MB - * - * 2) If you set the switch to use SSE2, then all data must be 16-byte - * aligned - * - * 3) When calling the function umac(), it is assumed that msg is in - * a writable buffer of length divisible by 32 bytes. The message itself - * does not have to fill the entire buffer, but bytes beyond msg may be - * zeroed. - * - * 4) Three free AES implementations are supported by this implementation of - * UMAC. Paulo Barreto's version is in the public domain and can be found - * at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for - * "Barreto"). The only two files needed are rijndael-alg-fst.c and - * rijndael-alg-fst.h. Brian Gladman's version is distributed with the GNU - * Public lisence at http://fp.gladman.plus.com/AES/index.htm. It - * includes a fast IA-32 assembly version. The OpenSSL crypo library is - * the third. - * - * 5) With FORCE_C_ONLY flags set to 0, incorrect results are sometimes - * produced under gcc with optimizations set -O3 or higher. Dunno why. - * - /////////////////////////////////////////////////////////////////////// */ - -/* ---------------------------------------------------------------------- */ -/* --- User Switches ---------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -#ifndef UMAC_OUTPUT_LEN -#define UMAC_OUTPUT_LEN 8 /* Alowable: 4, 8, 12, 16 */ -#endif - -#if UMAC_OUTPUT_LEN != 4 && UMAC_OUTPUT_LEN != 8 && \ - UMAC_OUTPUT_LEN != 12 && UMAC_OUTPUT_LEN != 16 -# error UMAC_OUTPUT_LEN must be defined to 4, 8, 12 or 16 -#endif - -/* #define FORCE_C_ONLY 1 ANSI C and 64-bit integers req'd */ -/* #define AES_IMPLEMENTAION 1 1 = OpenSSL, 2 = Barreto, 3 = Gladman */ -/* #define SSE2 0 Is SSE2 is available? */ -/* #define RUN_TESTS 0 Run basic correctness/speed tests */ -/* #define UMAC_AE_SUPPORT 0 Enable auhthenticated encrytion */ - -/* ---------------------------------------------------------------------- */ -/* -- Global Includes --------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -#include "includes.h" -#include <sys/types.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> -#include <stddef.h> - -#include "xmalloc.h" -#include "umac.h" -#include "misc.h" - -/* ---------------------------------------------------------------------- */ -/* --- Primitive Data Types --- */ -/* ---------------------------------------------------------------------- */ - -/* The following assumptions may need change on your system */ -typedef u_int8_t UINT8; /* 1 byte */ -typedef u_int16_t UINT16; /* 2 byte */ -typedef u_int32_t UINT32; /* 4 byte */ -typedef u_int64_t UINT64; /* 8 bytes */ -typedef unsigned int UWORD; /* Register */ - -/* ---------------------------------------------------------------------- */ -/* --- Constants -------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -#define UMAC_KEY_LEN 16 /* UMAC takes 16 bytes of external key */ - -/* Message "words" are read from memory in an endian-specific manner. */ -/* For this implementation to behave correctly, __LITTLE_ENDIAN__ must */ -/* be set true if the host computer is little-endian. */ - -#if BYTE_ORDER == LITTLE_ENDIAN -#define __LITTLE_ENDIAN__ 1 -#else -#define __LITTLE_ENDIAN__ 0 -#endif - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- Architecture Specific ------------------------------------------ */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- Primitive Routines --------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - - -/* ---------------------------------------------------------------------- */ -/* --- 32-bit by 32-bit to 64-bit Multiplication ------------------------ */ -/* ---------------------------------------------------------------------- */ - -#define MUL64(a,b) ((UINT64)((UINT64)(UINT32)(a) * (UINT64)(UINT32)(b))) - -/* ---------------------------------------------------------------------- */ -/* --- Endian Conversion --- Forcing assembly on some platforms */ -/* ---------------------------------------------------------------------- */ - -#if (__LITTLE_ENDIAN__) -#define LOAD_UINT32_REVERSED(p) get_u32(p) -#define STORE_UINT32_REVERSED(p,v) put_u32(p,v) -#else -#define LOAD_UINT32_REVERSED(p) get_u32_le(p) -#define STORE_UINT32_REVERSED(p,v) put_u32_le(p,v) -#endif - -#define LOAD_UINT32_LITTLE(p) (get_u32_le(p)) -#define STORE_UINT32_BIG(p,v) put_u32(p, v) - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- Begin KDF & PDF Section ---------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -/* UMAC uses AES with 16 byte block and key lengths */ -#define AES_BLOCK_LEN 16 - -/* OpenSSL's AES */ -#ifdef WITH_OPENSSL -#include "openbsd-compat/openssl-compat.h" -#ifndef USE_BUILTIN_RIJNDAEL -# include <openssl/aes.h> -#endif -typedef AES_KEY aes_int_key[1]; -#define aes_encryption(in,out,int_key) \ - AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) -#define aes_key_setup(key,int_key) \ - AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) -#else -#include "rijndael.h" -#define AES_ROUNDS ((UMAC_KEY_LEN / 4) + 6) -typedef UINT8 aes_int_key[AES_ROUNDS+1][4][4]; /* AES internal */ -#define aes_encryption(in,out,int_key) \ - rijndaelEncrypt((u32 *)(int_key), AES_ROUNDS, (u8 *)(in), (u8 *)(out)) -#define aes_key_setup(key,int_key) \ - rijndaelKeySetupEnc((u32 *)(int_key), (const unsigned char *)(key), \ - UMAC_KEY_LEN*8) -#endif - -/* The user-supplied UMAC key is stretched using AES in a counter - * mode to supply all random bits needed by UMAC. The kdf function takes - * an AES internal key representation 'key' and writes a stream of - * 'nbytes' bytes to the memory pointed at by 'bufp'. Each distinct - * 'ndx' causes a distinct byte stream. - */ -static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) -{ - UINT8 in_buf[AES_BLOCK_LEN] = {0}; - UINT8 out_buf[AES_BLOCK_LEN]; - UINT8 *dst_buf = (UINT8 *)bufp; - int i; - - /* Setup the initial value */ - in_buf[AES_BLOCK_LEN-9] = ndx; - in_buf[AES_BLOCK_LEN-1] = i = 1; - - while (nbytes >= AES_BLOCK_LEN) { - aes_encryption(in_buf, out_buf, key); - memcpy(dst_buf,out_buf,AES_BLOCK_LEN); - in_buf[AES_BLOCK_LEN-1] = ++i; - nbytes -= AES_BLOCK_LEN; - dst_buf += AES_BLOCK_LEN; - } - if (nbytes) { - aes_encryption(in_buf, out_buf, key); - memcpy(dst_buf,out_buf,nbytes); - } -} - -/* The final UHASH result is XOR'd with the output of a pseudorandom - * function. Here, we use AES to generate random output and - * xor the appropriate bytes depending on the last bits of nonce. - * This scheme is optimized for sequential, increasing big-endian nonces. - */ - -typedef struct { - UINT8 cache[AES_BLOCK_LEN]; /* Previous AES output is saved */ - UINT8 nonce[AES_BLOCK_LEN]; /* The AES input making above cache */ - aes_int_key prf_key; /* Expanded AES key for PDF */ -} pdf_ctx; - -static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) -{ - UINT8 buf[UMAC_KEY_LEN]; - - kdf(buf, prf_key, 0, UMAC_KEY_LEN); - aes_key_setup(buf, pc->prf_key); - - /* Initialize pdf and cache */ - memset(pc->nonce, 0, sizeof(pc->nonce)); - aes_encryption(pc->nonce, pc->cache, pc->prf_key); -} - -static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) -{ - /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes - * of the AES output. If last time around we returned the ndx-1st - * element, then we may have the result in the cache already. - */ - -#if (UMAC_OUTPUT_LEN == 4) -#define LOW_BIT_MASK 3 -#elif (UMAC_OUTPUT_LEN == 8) -#define LOW_BIT_MASK 1 -#elif (UMAC_OUTPUT_LEN > 8) -#define LOW_BIT_MASK 0 -#endif - union { - UINT8 tmp_nonce_lo[4]; - UINT32 align; - } t; -#if LOW_BIT_MASK != 0 - int ndx = nonce[7] & LOW_BIT_MASK; -#endif - *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; - t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ - - if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || - (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) - { - ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0]; - ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; - aes_encryption(pc->nonce, pc->cache, pc->prf_key); - } - -#if (UMAC_OUTPUT_LEN == 4) - *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; -#elif (UMAC_OUTPUT_LEN == 8) - *((UINT64 *)buf) ^= ((UINT64 *)pc->cache)[ndx]; -#elif (UMAC_OUTPUT_LEN == 12) - ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0]; - ((UINT32 *)buf)[2] ^= ((UINT32 *)pc->cache)[2]; -#elif (UMAC_OUTPUT_LEN == 16) - ((UINT64 *)buf)[0] ^= ((UINT64 *)pc->cache)[0]; - ((UINT64 *)buf)[1] ^= ((UINT64 *)pc->cache)[1]; -#endif -} - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- Begin NH Hash Section ------------------------------------------ */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -/* The NH-based hash functions used in UMAC are described in the UMAC paper - * and specification, both of which can be found at the UMAC website. - * The interface to this implementation has two - * versions, one expects the entire message being hashed to be passed - * in a single buffer and returns the hash result immediately. The second - * allows the message to be passed in a sequence of buffers. In the - * muliple-buffer interface, the client calls the routine nh_update() as - * many times as necessary. When there is no more data to be fed to the - * hash, the client calls nh_final() which calculates the hash output. - * Before beginning another hash calculation the nh_reset() routine - * must be called. The single-buffer routine, nh(), is equivalent to - * the sequence of calls nh_update() and nh_final(); however it is - * optimized and should be prefered whenever the multiple-buffer interface - * is not necessary. When using either interface, it is the client's - * responsability to pass no more than L1_KEY_LEN bytes per hash result. - * - * The routine nh_init() initializes the nh_ctx data structure and - * must be called once, before any other PDF routine. - */ - - /* The "nh_aux" routines do the actual NH hashing work. They - * expect buffers to be multiples of L1_PAD_BOUNDARY. These routines - * produce output for all STREAMS NH iterations in one call, - * allowing the parallel implementation of the streams. - */ - -#define STREAMS (UMAC_OUTPUT_LEN / 4) /* Number of times hash is applied */ -#define L1_KEY_LEN 1024 /* Internal key bytes */ -#define L1_KEY_SHIFT 16 /* Toeplitz key shift between streams */ -#define L1_PAD_BOUNDARY 32 /* pad message to boundary multiple */ -#define ALLOC_BOUNDARY 16 /* Keep buffers aligned to this */ -#define HASH_BUF_BYTES 64 /* nh_aux_hb buffer multiple */ - -typedef struct { - UINT8 nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */ - UINT8 data [HASH_BUF_BYTES]; /* Incoming data buffer */ - int next_data_empty; /* Bookeeping variable for data buffer. */ - int bytes_hashed; /* Bytes (out of L1_KEY_LEN) incorperated. */ - UINT64 state[STREAMS]; /* on-line state */ -} nh_ctx; - - -#if (UMAC_OUTPUT_LEN == 4) - -static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) -/* NH hashing primitive. Previous (partial) hash result is loaded and -* then stored via hp pointer. The length of the data pointed at by "dp", -* "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key -* is expected to be endian compensated in memory at key setup. -*/ -{ - UINT64 h; - UWORD c = dlen / 32; - UINT32 *k = (UINT32 *)kp; - const UINT32 *d = (const UINT32 *)dp; - UINT32 d0,d1,d2,d3,d4,d5,d6,d7; - UINT32 k0,k1,k2,k3,k4,k5,k6,k7; - - h = *((UINT64 *)hp); - do { - d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); - d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); - d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); - d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); - k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); - k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); - h += MUL64((k0 + d0), (k4 + d4)); - h += MUL64((k1 + d1), (k5 + d5)); - h += MUL64((k2 + d2), (k6 + d6)); - h += MUL64((k3 + d3), (k7 + d7)); - - d += 8; - k += 8; - } while (--c); - *((UINT64 *)hp) = h; -} - -#elif (UMAC_OUTPUT_LEN == 8) - -static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) -/* Same as previous nh_aux, but two streams are handled in one pass, - * reading and writing 16 bytes of hash-state per call. - */ -{ - UINT64 h1,h2; - UWORD c = dlen / 32; - UINT32 *k = (UINT32 *)kp; - const UINT32 *d = (const UINT32 *)dp; - UINT32 d0,d1,d2,d3,d4,d5,d6,d7; - UINT32 k0,k1,k2,k3,k4,k5,k6,k7, - k8,k9,k10,k11; - - h1 = *((UINT64 *)hp); - h2 = *((UINT64 *)hp + 1); - k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); - do { - d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); - d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); - d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); - d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); - k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); - k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); - - h1 += MUL64((k0 + d0), (k4 + d4)); - h2 += MUL64((k4 + d0), (k8 + d4)); - - h1 += MUL64((k1 + d1), (k5 + d5)); - h2 += MUL64((k5 + d1), (k9 + d5)); - - h1 += MUL64((k2 + d2), (k6 + d6)); - h2 += MUL64((k6 + d2), (k10 + d6)); - - h1 += MUL64((k3 + d3), (k7 + d7)); - h2 += MUL64((k7 + d3), (k11 + d7)); - - k0 = k8; k1 = k9; k2 = k10; k3 = k11; - - d += 8; - k += 8; - } while (--c); - ((UINT64 *)hp)[0] = h1; - ((UINT64 *)hp)[1] = h2; -} - -#elif (UMAC_OUTPUT_LEN == 12) - -static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) -/* Same as previous nh_aux, but two streams are handled in one pass, - * reading and writing 24 bytes of hash-state per call. -*/ -{ - UINT64 h1,h2,h3; - UWORD c = dlen / 32; - UINT32 *k = (UINT32 *)kp; - const UINT32 *d = (const UINT32 *)dp; - UINT32 d0,d1,d2,d3,d4,d5,d6,d7; - UINT32 k0,k1,k2,k3,k4,k5,k6,k7, - k8,k9,k10,k11,k12,k13,k14,k15; - - h1 = *((UINT64 *)hp); - h2 = *((UINT64 *)hp + 1); - h3 = *((UINT64 *)hp + 2); - k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); - k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); - do { - d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); - d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); - d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); - d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); - k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); - k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); - - h1 += MUL64((k0 + d0), (k4 + d4)); - h2 += MUL64((k4 + d0), (k8 + d4)); - h3 += MUL64((k8 + d0), (k12 + d4)); - - h1 += MUL64((k1 + d1), (k5 + d5)); - h2 += MUL64((k5 + d1), (k9 + d5)); - h3 += MUL64((k9 + d1), (k13 + d5)); - - h1 += MUL64((k2 + d2), (k6 + d6)); - h2 += MUL64((k6 + d2), (k10 + d6)); - h3 += MUL64((k10 + d2), (k14 + d6)); - - h1 += MUL64((k3 + d3), (k7 + d7)); - h2 += MUL64((k7 + d3), (k11 + d7)); - h3 += MUL64((k11 + d3), (k15 + d7)); - - k0 = k8; k1 = k9; k2 = k10; k3 = k11; - k4 = k12; k5 = k13; k6 = k14; k7 = k15; - - d += 8; - k += 8; - } while (--c); - ((UINT64 *)hp)[0] = h1; - ((UINT64 *)hp)[1] = h2; - ((UINT64 *)hp)[2] = h3; -} - -#elif (UMAC_OUTPUT_LEN == 16) - -static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) -/* Same as previous nh_aux, but two streams are handled in one pass, - * reading and writing 24 bytes of hash-state per call. -*/ -{ - UINT64 h1,h2,h3,h4; - UWORD c = dlen / 32; - UINT32 *k = (UINT32 *)kp; - const UINT32 *d = (const UINT32 *)dp; - UINT32 d0,d1,d2,d3,d4,d5,d6,d7; - UINT32 k0,k1,k2,k3,k4,k5,k6,k7, - k8,k9,k10,k11,k12,k13,k14,k15, - k16,k17,k18,k19; - - h1 = *((UINT64 *)hp); - h2 = *((UINT64 *)hp + 1); - h3 = *((UINT64 *)hp + 2); - h4 = *((UINT64 *)hp + 3); - k0 = *(k+0); k1 = *(k+1); k2 = *(k+2); k3 = *(k+3); - k4 = *(k+4); k5 = *(k+5); k6 = *(k+6); k7 = *(k+7); - do { - d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); - d2 = LOAD_UINT32_LITTLE(d+2); d3 = LOAD_UINT32_LITTLE(d+3); - d4 = LOAD_UINT32_LITTLE(d+4); d5 = LOAD_UINT32_LITTLE(d+5); - d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); - k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); - k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); - k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); - - h1 += MUL64((k0 + d0), (k4 + d4)); - h2 += MUL64((k4 + d0), (k8 + d4)); - h3 += MUL64((k8 + d0), (k12 + d4)); - h4 += MUL64((k12 + d0), (k16 + d4)); - - h1 += MUL64((k1 + d1), (k5 + d5)); - h2 += MUL64((k5 + d1), (k9 + d5)); - h3 += MUL64((k9 + d1), (k13 + d5)); - h4 += MUL64((k13 + d1), (k17 + d5)); - - h1 += MUL64((k2 + d2), (k6 + d6)); - h2 += MUL64((k6 + d2), (k10 + d6)); - h3 += MUL64((k10 + d2), (k14 + d6)); - h4 += MUL64((k14 + d2), (k18 + d6)); - - h1 += MUL64((k3 + d3), (k7 + d7)); - h2 += MUL64((k7 + d3), (k11 + d7)); - h3 += MUL64((k11 + d3), (k15 + d7)); - h4 += MUL64((k15 + d3), (k19 + d7)); - - k0 = k8; k1 = k9; k2 = k10; k3 = k11; - k4 = k12; k5 = k13; k6 = k14; k7 = k15; - k8 = k16; k9 = k17; k10 = k18; k11 = k19; - - d += 8; - k += 8; - } while (--c); - ((UINT64 *)hp)[0] = h1; - ((UINT64 *)hp)[1] = h2; - ((UINT64 *)hp)[2] = h3; - ((UINT64 *)hp)[3] = h4; -} - -/* ---------------------------------------------------------------------- */ -#endif /* UMAC_OUTPUT_LENGTH */ -/* ---------------------------------------------------------------------- */ - - -/* ---------------------------------------------------------------------- */ - -static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) -/* This function is a wrapper for the primitive NH hash functions. It takes - * as argument "hc" the current hash context and a buffer which must be a - * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset - * appropriately according to how much message has been hashed already. - */ -{ - UINT8 *key; - - key = hc->nh_key + hc->bytes_hashed; - nh_aux(key, buf, hc->state, nbytes); -} - -/* ---------------------------------------------------------------------- */ - -#if (__LITTLE_ENDIAN__) -static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes) -/* We endian convert the keys on little-endian computers to */ -/* compensate for the lack of big-endian memory reads during hashing. */ -{ - UWORD iters = num_bytes / bpw; - if (bpw == 4) { - UINT32 *p = (UINT32 *)buf; - do { - *p = LOAD_UINT32_REVERSED(p); - p++; - } while (--iters); - } else if (bpw == 8) { - UINT32 *p = (UINT32 *)buf; - UINT32 t; - do { - t = LOAD_UINT32_REVERSED(p+1); - p[1] = LOAD_UINT32_REVERSED(p); - p[0] = t; - p += 2; - } while (--iters); - } -} -#define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z)) -#else -#define endian_convert_if_le(x,y,z) do{}while(0) /* Do nothing */ -#endif - -/* ---------------------------------------------------------------------- */ - -static void nh_reset(nh_ctx *hc) -/* Reset nh_ctx to ready for hashing of new data */ -{ - hc->bytes_hashed = 0; - hc->next_data_empty = 0; - hc->state[0] = 0; -#if (UMAC_OUTPUT_LEN >= 8) - hc->state[1] = 0; -#endif -#if (UMAC_OUTPUT_LEN >= 12) - hc->state[2] = 0; -#endif -#if (UMAC_OUTPUT_LEN == 16) - hc->state[3] = 0; -#endif - -} - -/* ---------------------------------------------------------------------- */ - -static void nh_init(nh_ctx *hc, aes_int_key prf_key) -/* Generate nh_key, endian convert and reset to be ready for hashing. */ -{ - kdf(hc->nh_key, prf_key, 1, sizeof(hc->nh_key)); - endian_convert_if_le(hc->nh_key, 4, sizeof(hc->nh_key)); - nh_reset(hc); -} - -/* ---------------------------------------------------------------------- */ - -static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) -/* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ -/* even multiple of HASH_BUF_BYTES. */ -{ - UINT32 i,j; - - j = hc->next_data_empty; - if ((j + nbytes) >= HASH_BUF_BYTES) { - if (j) { - i = HASH_BUF_BYTES - j; - memcpy(hc->data+j, buf, i); - nh_transform(hc,hc->data,HASH_BUF_BYTES); - nbytes -= i; - buf += i; - hc->bytes_hashed += HASH_BUF_BYTES; - } - if (nbytes >= HASH_BUF_BYTES) { - i = nbytes & ~(HASH_BUF_BYTES - 1); - nh_transform(hc, buf, i); - nbytes -= i; - buf += i; - hc->bytes_hashed += i; - } - j = 0; - } - memcpy(hc->data + j, buf, nbytes); - hc->next_data_empty = j + nbytes; -} - -/* ---------------------------------------------------------------------- */ - -static void zero_pad(UINT8 *p, int nbytes) -{ -/* Write "nbytes" of zeroes, beginning at "p" */ - if (nbytes >= (int)sizeof(UWORD)) { - while ((ptrdiff_t)p % sizeof(UWORD)) { - *p = 0; - nbytes--; - p++; - } - while (nbytes >= (int)sizeof(UWORD)) { - *(UWORD *)p = 0; - nbytes -= sizeof(UWORD); - p += sizeof(UWORD); - } - } - while (nbytes) { - *p = 0; - nbytes--; - p++; - } -} - -/* ---------------------------------------------------------------------- */ - -static void nh_final(nh_ctx *hc, UINT8 *result) -/* After passing some number of data buffers to nh_update() for integration - * into an NH context, nh_final is called to produce a hash result. If any - * bytes are in the buffer hc->data, incorporate them into the - * NH context. Finally, add into the NH accumulation "state" the total number - * of bits hashed. The resulting numbers are written to the buffer "result". - * If nh_update was never called, L1_PAD_BOUNDARY zeroes are incorporated. - */ -{ - int nh_len, nbits; - - if (hc->next_data_empty != 0) { - nh_len = ((hc->next_data_empty + (L1_PAD_BOUNDARY - 1)) & - ~(L1_PAD_BOUNDARY - 1)); - zero_pad(hc->data + hc->next_data_empty, - nh_len - hc->next_data_empty); - nh_transform(hc, hc->data, nh_len); - hc->bytes_hashed += hc->next_data_empty; - } else if (hc->bytes_hashed == 0) { - nh_len = L1_PAD_BOUNDARY; - zero_pad(hc->data, L1_PAD_BOUNDARY); - nh_transform(hc, hc->data, nh_len); - } - - nbits = (hc->bytes_hashed << 3); - ((UINT64 *)result)[0] = ((UINT64 *)hc->state)[0] + nbits; -#if (UMAC_OUTPUT_LEN >= 8) - ((UINT64 *)result)[1] = ((UINT64 *)hc->state)[1] + nbits; -#endif -#if (UMAC_OUTPUT_LEN >= 12) - ((UINT64 *)result)[2] = ((UINT64 *)hc->state)[2] + nbits; -#endif -#if (UMAC_OUTPUT_LEN == 16) - ((UINT64 *)result)[3] = ((UINT64 *)hc->state)[3] + nbits; -#endif - nh_reset(hc); -} - -/* ---------------------------------------------------------------------- */ - -static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, - UINT32 unpadded_len, UINT8 *result) -/* All-in-one nh_update() and nh_final() equivalent. - * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is - * well aligned - */ -{ - UINT32 nbits; - - /* Initialize the hash state */ - nbits = (unpadded_len << 3); - - ((UINT64 *)result)[0] = nbits; -#if (UMAC_OUTPUT_LEN >= 8) - ((UINT64 *)result)[1] = nbits; -#endif -#if (UMAC_OUTPUT_LEN >= 12) - ((UINT64 *)result)[2] = nbits; -#endif -#if (UMAC_OUTPUT_LEN == 16) - ((UINT64 *)result)[3] = nbits; -#endif - - nh_aux(hc->nh_key, buf, result, padded_len); -} - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- Begin UHASH Section -------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -/* UHASH is a multi-layered algorithm. Data presented to UHASH is first - * hashed by NH. The NH output is then hashed by a polynomial-hash layer - * unless the initial data to be hashed is short. After the polynomial- - * layer, an inner-product hash is used to produce the final UHASH output. - * - * UHASH provides two interfaces, one all-at-once and another where data - * buffers are presented sequentially. In the sequential interface, the - * UHASH client calls the routine uhash_update() as many times as necessary. - * When there is no more data to be fed to UHASH, the client calls - * uhash_final() which - * calculates the UHASH output. Before beginning another UHASH calculation - * the uhash_reset() routine must be called. The all-at-once UHASH routine, - * uhash(), is equivalent to the sequence of calls uhash_update() and - * uhash_final(); however it is optimized and should be - * used whenever the sequential interface is not necessary. - * - * The routine uhash_init() initializes the uhash_ctx data structure and - * must be called once, before any other UHASH routine. - */ - -/* ---------------------------------------------------------------------- */ -/* ----- Constants and uhash_ctx ---------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -/* ---------------------------------------------------------------------- */ -/* ----- Poly hash and Inner-Product hash Constants --------------------- */ -/* ---------------------------------------------------------------------- */ - -/* Primes and masks */ -#define p36 ((UINT64)0x0000000FFFFFFFFBull) /* 2^36 - 5 */ -#define p64 ((UINT64)0xFFFFFFFFFFFFFFC5ull) /* 2^64 - 59 */ -#define m36 ((UINT64)0x0000000FFFFFFFFFull) /* The low 36 of 64 bits */ - - -/* ---------------------------------------------------------------------- */ - -typedef struct uhash_ctx { - nh_ctx hash; /* Hash context for L1 NH hash */ - UINT64 poly_key_8[STREAMS]; /* p64 poly keys */ - UINT64 poly_accum[STREAMS]; /* poly hash result */ - UINT64 ip_keys[STREAMS*4]; /* Inner-product keys */ - UINT32 ip_trans[STREAMS]; /* Inner-product translation */ - UINT32 msg_len; /* Total length of data passed */ - /* to uhash */ -} uhash_ctx; -typedef struct uhash_ctx *uhash_ctx_t; - -/* ---------------------------------------------------------------------- */ - - -/* The polynomial hashes use Horner's rule to evaluate a polynomial one - * word at a time. As described in the specification, poly32 and poly64 - * require keys from special domains. The following implementations exploit - * the special domains to avoid overflow. The results are not guaranteed to - * be within Z_p32 and Z_p64, but the Inner-Product hash implementation - * patches any errant values. - */ - -static UINT64 poly64(UINT64 cur, UINT64 key, UINT64 data) -{ - UINT32 key_hi = (UINT32)(key >> 32), - key_lo = (UINT32)key, - cur_hi = (UINT32)(cur >> 32), - cur_lo = (UINT32)cur, - x_lo, - x_hi; - UINT64 X,T,res; - - X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); - x_lo = (UINT32)X; - x_hi = (UINT32)(X >> 32); - - res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); - - T = ((UINT64)x_lo << 32); - res += T; - if (res < T) - res += 59; - - res += data; - if (res < data) - res += 59; - - return res; -} - - -/* Although UMAC is specified to use a ramped polynomial hash scheme, this - * implementation does not handle all ramp levels. Because we don't handle - * the ramp up to p128 modulus in this implementation, we are limited to - * 2^14 poly_hash() invocations per stream (for a total capacity of 2^24 - * bytes input to UMAC per tag, ie. 16MB). - */ -static void poly_hash(uhash_ctx_t hc, UINT32 data_in[]) -{ - int i; - UINT64 *data=(UINT64*)data_in; - - for (i = 0; i < STREAMS; i++) { - if ((UINT32)(data[i] >> 32) == 0xfffffffful) { - hc->poly_accum[i] = poly64(hc->poly_accum[i], - hc->poly_key_8[i], p64 - 1); - hc->poly_accum[i] = poly64(hc->poly_accum[i], - hc->poly_key_8[i], (data[i] - 59)); - } else { - hc->poly_accum[i] = poly64(hc->poly_accum[i], - hc->poly_key_8[i], data[i]); - } - } -} - - -/* ---------------------------------------------------------------------- */ - - -/* The final step in UHASH is an inner-product hash. The poly hash - * produces a result not neccesarily WORD_LEN bytes long. The inner- - * product hash breaks the polyhash output into 16-bit chunks and - * multiplies each with a 36 bit key. - */ - -static UINT64 ip_aux(UINT64 t, UINT64 *ipkp, UINT64 data) -{ - t = t + ipkp[0] * (UINT64)(UINT16)(data >> 48); - t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); - t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); - t = t + ipkp[3] * (UINT64)(UINT16)(data); - - return t; -} - -static UINT32 ip_reduce_p36(UINT64 t) -{ -/* Divisionless modular reduction */ - UINT64 ret; - - ret = (t & m36) + 5 * (t >> 36); - if (ret >= p36) - ret -= p36; - - /* return least significant 32 bits */ - return (UINT32)(ret); -} - - -/* If the data being hashed by UHASH is no longer than L1_KEY_LEN, then - * the polyhash stage is skipped and ip_short is applied directly to the - * NH output. - */ -static void ip_short(uhash_ctx_t ahc, UINT8 *nh_res, u_char *res) -{ - UINT64 t; - UINT64 *nhp = (UINT64 *)nh_res; - - t = ip_aux(0,ahc->ip_keys, nhp[0]); - STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); -#if (UMAC_OUTPUT_LEN >= 8) - t = ip_aux(0,ahc->ip_keys+4, nhp[1]); - STORE_UINT32_BIG((UINT32 *)res+1, ip_reduce_p36(t) ^ ahc->ip_trans[1]); -#endif -#if (UMAC_OUTPUT_LEN >= 12) - t = ip_aux(0,ahc->ip_keys+8, nhp[2]); - STORE_UINT32_BIG((UINT32 *)res+2, ip_reduce_p36(t) ^ ahc->ip_trans[2]); -#endif -#if (UMAC_OUTPUT_LEN == 16) - t = ip_aux(0,ahc->ip_keys+12, nhp[3]); - STORE_UINT32_BIG((UINT32 *)res+3, ip_reduce_p36(t) ^ ahc->ip_trans[3]); -#endif -} - -/* If the data being hashed by UHASH is longer than L1_KEY_LEN, then - * the polyhash stage is not skipped and ip_long is applied to the - * polyhash output. - */ -static void ip_long(uhash_ctx_t ahc, u_char *res) -{ - int i; - UINT64 t; - - for (i = 0; i < STREAMS; i++) { - /* fix polyhash output not in Z_p64 */ - if (ahc->poly_accum[i] >= p64) - ahc->poly_accum[i] -= p64; - t = ip_aux(0,ahc->ip_keys+(i*4), ahc->poly_accum[i]); - STORE_UINT32_BIG((UINT32 *)res+i, - ip_reduce_p36(t) ^ ahc->ip_trans[i]); - } -} - - -/* ---------------------------------------------------------------------- */ - -/* ---------------------------------------------------------------------- */ - -/* Reset uhash context for next hash session */ -static int uhash_reset(uhash_ctx_t pc) -{ - nh_reset(&pc->hash); - pc->msg_len = 0; - pc->poly_accum[0] = 1; -#if (UMAC_OUTPUT_LEN >= 8) - pc->poly_accum[1] = 1; -#endif -#if (UMAC_OUTPUT_LEN >= 12) - pc->poly_accum[2] = 1; -#endif -#if (UMAC_OUTPUT_LEN == 16) - pc->poly_accum[3] = 1; -#endif - return 1; -} - -/* ---------------------------------------------------------------------- */ - -/* Given a pointer to the internal key needed by kdf() and a uhash context, - * initialize the NH context and generate keys needed for poly and inner- - * product hashing. All keys are endian adjusted in memory so that native - * loads cause correct keys to be in registers during calculation. - */ -static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) -{ - int i; - UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; - - /* Zero the entire uhash context */ - memset(ahc, 0, sizeof(uhash_ctx)); - - /* Initialize the L1 hash */ - nh_init(&ahc->hash, prf_key); - - /* Setup L2 hash variables */ - kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ - for (i = 0; i < STREAMS; i++) { - /* Fill keys from the buffer, skipping bytes in the buffer not - * used by this implementation. Endian reverse the keys if on a - * little-endian computer. - */ - memcpy(ahc->poly_key_8+i, buf+24*i, 8); - endian_convert_if_le(ahc->poly_key_8+i, 8, 8); - /* Mask the 64-bit keys to their special domain */ - ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; - ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ - } - - /* Setup L3-1 hash variables */ - kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ - for (i = 0; i < STREAMS; i++) - memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64), - 4*sizeof(UINT64)); - endian_convert_if_le(ahc->ip_keys, sizeof(UINT64), - sizeof(ahc->ip_keys)); - for (i = 0; i < STREAMS*4; i++) - ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ - - /* Setup L3-2 hash variables */ - /* Fill buffer with index 4 key */ - kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); - endian_convert_if_le(ahc->ip_trans, sizeof(UINT32), - STREAMS * sizeof(UINT32)); -} - -/* ---------------------------------------------------------------------- */ - -#if 0 -static uhash_ctx_t uhash_alloc(u_char key[]) -{ -/* Allocate memory and force to a 16-byte boundary. */ - uhash_ctx_t ctx; - u_char bytes_to_add; - aes_int_key prf_key; - - ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); - if (ctx) { - if (ALLOC_BOUNDARY) { - bytes_to_add = ALLOC_BOUNDARY - - ((ptrdiff_t)ctx & (ALLOC_BOUNDARY -1)); - ctx = (uhash_ctx_t)((u_char *)ctx + bytes_to_add); - *((u_char *)ctx - 1) = bytes_to_add; - } - aes_key_setup(key,prf_key); - uhash_init(ctx, prf_key); - } - return (ctx); -} -#endif - -/* ---------------------------------------------------------------------- */ - -#if 0 -static int uhash_free(uhash_ctx_t ctx) -{ -/* Free memory allocated by uhash_alloc */ - u_char bytes_to_sub; - - if (ctx) { - if (ALLOC_BOUNDARY) { - bytes_to_sub = *((u_char *)ctx - 1); - ctx = (uhash_ctx_t)((u_char *)ctx - bytes_to_sub); - } - free(ctx); - } - return (1); -} -#endif -/* ---------------------------------------------------------------------- */ - -static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) -/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and - * hash each one with NH, calling the polyhash on each NH output. - */ -{ - UWORD bytes_hashed, bytes_remaining; - UINT64 result_buf[STREAMS]; - UINT8 *nh_result = (UINT8 *)&result_buf; - - if (ctx->msg_len + len <= L1_KEY_LEN) { - nh_update(&ctx->hash, (const UINT8 *)input, len); - ctx->msg_len += len; - } else { - - bytes_hashed = ctx->msg_len % L1_KEY_LEN; - if (ctx->msg_len == L1_KEY_LEN) - bytes_hashed = L1_KEY_LEN; - - if (bytes_hashed + len >= L1_KEY_LEN) { - - /* If some bytes have been passed to the hash function */ - /* then we want to pass at most (L1_KEY_LEN - bytes_hashed) */ - /* bytes to complete the current nh_block. */ - if (bytes_hashed) { - bytes_remaining = (L1_KEY_LEN - bytes_hashed); - nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining); - nh_final(&ctx->hash, nh_result); - ctx->msg_len += bytes_remaining; - poly_hash(ctx,(UINT32 *)nh_result); - len -= bytes_remaining; - input += bytes_remaining; - } - - /* Hash directly from input stream if enough bytes */ - while (len >= L1_KEY_LEN) { - nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN, - L1_KEY_LEN, nh_result); - ctx->msg_len += L1_KEY_LEN; - len -= L1_KEY_LEN; - input += L1_KEY_LEN; - poly_hash(ctx,(UINT32 *)nh_result); - } - } - - /* pass remaining < L1_KEY_LEN bytes of input data to NH */ - if (len) { - nh_update(&ctx->hash, (const UINT8 *)input, len); - ctx->msg_len += len; - } - } - - return (1); -} - -/* ---------------------------------------------------------------------- */ - -static int uhash_final(uhash_ctx_t ctx, u_char *res) -/* Incorporate any pending data, pad, and generate tag */ -{ - UINT64 result_buf[STREAMS]; - UINT8 *nh_result = (UINT8 *)&result_buf; - - if (ctx->msg_len > L1_KEY_LEN) { - if (ctx->msg_len % L1_KEY_LEN) { - nh_final(&ctx->hash, nh_result); - poly_hash(ctx,(UINT32 *)nh_result); - } - ip_long(ctx, res); - } else { - nh_final(&ctx->hash, nh_result); - ip_short(ctx,nh_result, res); - } - uhash_reset(ctx); - return (1); -} - -/* ---------------------------------------------------------------------- */ - -#if 0 -static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) -/* assumes that msg is in a writable buffer of length divisible by */ -/* L1_PAD_BOUNDARY. Bytes beyond msg[len] may be zeroed. */ -{ - UINT8 nh_result[STREAMS*sizeof(UINT64)]; - UINT32 nh_len; - int extra_zeroes_needed; - - /* If the message to be hashed is no longer than L1_HASH_LEN, we skip - * the polyhash. - */ - if (len <= L1_KEY_LEN) { - if (len == 0) /* If zero length messages will not */ - nh_len = L1_PAD_BOUNDARY; /* be seen, comment out this case */ - else - nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); - extra_zeroes_needed = nh_len - len; - zero_pad((UINT8 *)msg + len, extra_zeroes_needed); - nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); - ip_short(ahc,nh_result, res); - } else { - /* Otherwise, we hash each L1_KEY_LEN chunk with NH, passing the NH - * output to poly_hash(). - */ - do { - nh(&ahc->hash, (UINT8 *)msg, L1_KEY_LEN, L1_KEY_LEN, nh_result); - poly_hash(ahc,(UINT32 *)nh_result); - len -= L1_KEY_LEN; - msg += L1_KEY_LEN; - } while (len >= L1_KEY_LEN); - if (len) { - nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); - extra_zeroes_needed = nh_len - len; - zero_pad((UINT8 *)msg + len, extra_zeroes_needed); - nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); - poly_hash(ahc,(UINT32 *)nh_result); - } - - ip_long(ahc, res); - } - - uhash_reset(ahc); - return 1; -} -#endif - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- Begin UMAC Section --------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ - -/* The UMAC interface has two interfaces, an all-at-once interface where - * the entire message to be authenticated is passed to UMAC in one buffer, - * and a sequential interface where the message is presented a little at a - * time. The all-at-once is more optimaized than the sequential version and - * should be preferred when the sequential interface is not required. - */ -struct umac_ctx { - uhash_ctx hash; /* Hash function for message compression */ - pdf_ctx pdf; /* PDF for hashed output */ - void *free_ptr; /* Address to free this struct via */ -} umac_ctx; - -/* ---------------------------------------------------------------------- */ - -#if 0 -int umac_reset(struct umac_ctx *ctx) -/* Reset the hash function to begin a new authentication. */ -{ - uhash_reset(&ctx->hash); - return (1); -} -#endif - -/* ---------------------------------------------------------------------- */ - -int umac_delete(struct umac_ctx *ctx) -/* Deallocate the ctx structure */ -{ - if (ctx) { - if (ALLOC_BOUNDARY) - ctx = (struct umac_ctx *)ctx->free_ptr; - free(ctx); - } - return (1); -} - -/* ---------------------------------------------------------------------- */ - -struct umac_ctx *umac_new(const u_char key[]) -/* Dynamically allocate a umac_ctx struct, initialize variables, - * generate subkeys from key. Align to 16-byte boundary. - */ -{ - struct umac_ctx *ctx, *octx; - size_t bytes_to_add; - aes_int_key prf_key; - - octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); - if (ctx) { - if (ALLOC_BOUNDARY) { - bytes_to_add = ALLOC_BOUNDARY - - ((ptrdiff_t)ctx & (ALLOC_BOUNDARY - 1)); - ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); - } - ctx->free_ptr = octx; - aes_key_setup(key, prf_key); - pdf_init(&ctx->pdf, prf_key); - uhash_init(&ctx->hash, prf_key); - } - - return (ctx); -} - -/* ---------------------------------------------------------------------- */ - -int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) -/* Incorporate any pending data, pad, and generate tag */ -{ - uhash_final(&ctx->hash, (u_char *)tag); - pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); - - return (1); -} - -/* ---------------------------------------------------------------------- */ - -int umac_update(struct umac_ctx *ctx, const u_char *input, long len) -/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ -/* hash each one, calling the PDF on the hashed output whenever the hash- */ -/* output buffer is full. */ -{ - uhash_update(&ctx->hash, input, len); - return (1); -} - -/* ---------------------------------------------------------------------- */ - -#if 0 -int umac(struct umac_ctx *ctx, u_char *input, - long len, u_char tag[], - u_char nonce[8]) -/* All-in-one version simply calls umac_update() and umac_final(). */ -{ - uhash(&ctx->hash, input, len, (u_char *)tag); - pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); - - return (1); -} -#endif - -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ----- End UMAC Section ----------------------------------------------- */ -/* ---------------------------------------------------------------------- */ -/* ---------------------------------------------------------------------- */ diff --git a/utf8.c b/utf8.c index f1b2fc0..d7bd13d 100644 --- a/utf8.c +++ b/utf8.c @@ -58,13 +58,13 @@ static int dangerous_locale(void) { #ifndef WINDOWS - char *loc; + char *loc; #ifdef HAVE_LANGINFO_H loc = nl_langinfo(CODESET); #endif - return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); + return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8"); #else wchar_t loc[LOCALE_NAME_MAX_LENGTH]; diff --git a/version.h b/version.h index 51052cb..f7a393f 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */ +/* $OpenBSD: version.h,v 1.77 2016/07/24 11:45:36 djm Exp $ */ -#define SSH_VERSION "OpenSSH_7.1" +#define SSH_VERSION "OpenSSH_7.3" #ifndef WIN32_FIXME #define SSH_PORTABLE "p1" diff --git a/win32_Makefile.in b/win32_Makefile.in deleted file mode 100644 index 277f4c3..0000000 --- a/win32_Makefile.in +++ /dev/null @@ -1,616 +0,0 @@ -# $Id: Makefile.in,v 1.325 2011/08/05 20:15:18 djm Exp $ - -# uncomment if you run a non bourne compatable shell. Ie. csh -#SHELL = @SH@ - -AUTORECONF=autoreconf - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -bindir=@bindir@ -sbindir=@sbindir@ -libexecdir=@libexecdir@ -datadir=@datadir@ -datarootdir=@datarootdir@ -mandir=@mandir@ -mansubdir=@mansubdir@ -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -DESTDIR= -VPATH=@srcdir@ -SSH_PROGRAM=@bindir@/ssh -ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass -SFTP_SERVER=$(libexecdir)/sftp-server -SSH_KEYSIGN=$(libexecdir)/ssh-keysign -SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper -PRIVSEP_PATH=@PRIVSEP_PATH@ -SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ -STRIP_OPT=@STRIP_OPT@ -TEST_SHELL=@TEST_SHELL@ - -PATHS= -DSSHDIR=\"$(sysconfdir)\" \ - -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ - -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ - -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ - -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \ - -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \ - -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ - -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" - -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -LIBS=@LIBS@ -lbcrypt -K5LIBS=@K5LIBS@ -GSSLIBS=@GSSLIBS@ -SSHLIBS=@SSHLIBS@ -SSHDLIBS=@SSHDLIBS@ -LIBEDIT=@LIBEDIT@ -AR=@AR@ -AWK=@AWK@ -RANLIB=@RANLIB@ -INSTALL=@INSTALL@ -PERL=@PERL@ -SED=@SED@ -ENT=@ENT@ -XAUTH_PATH=@XAUTH_PATH@ -LDFLAGS=-L. -Lopenbsd-compat/ -Lcontrib/win32/win32compat @LDFLAGS@ -L/lib/w32api -EXEEXT=@EXEEXT@ -MANFMT=@MANFMT@ - -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) - -LIBOPENSSH_OBJS=\ - ssh_api.o \ - ssherr.o \ - sshbuf.o \ - sshkey.o \ - sshbuf-getput-basic.o \ - sshbuf-misc.o \ - sshbuf-getput-crypto.o \ - krl.o \ - bitmap.o - -LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ - authfd.o authfile.o bufaux.o bufbn.o bufec.o buffer.o \ - canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ - cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ - compat.o crc32.o deattack.o fatal.o hostfile.o \ - log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \ - readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ - atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \ - monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ - msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ - ssh-pkcs11.o smult_curve25519_ref.o \ - poly1305.o chacha.o cipher-chachapoly.o \ - ssh-ed25519.o digest-libc.o hmac.o \ - sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ - kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ - kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ - kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ - kerberos-sspi.o schnorr.o jpake.o - -SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect1.o sshconnect2.o mux.o \ - roaming_common.o roaming_client.o - -SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - audit.o audit-bsm.o audit-linux.o platform.o \ - sshpty.o sshlogin.o servconf.o serverloop.o \ - auth.o auth1.o auth2.o auth-options.o session.o \ - auth-chall.o auth2-chall.o groupaccess.o \ - auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ - auth2-none.o auth2-passwd.o auth2-pubkey.o \ - monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \ - auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - sftp-server.o sftp-common.o \ - roaming_common.o roaming_serv.o \ - sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ - sandbox-seccomp-filter.o sandbox-capsicum.o \ - pam.o kexdhs.o kexgexs.o kexecdhs.o - -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 -MANTYPE = @MANTYPE@ - -CONFIGFILES=sshd_config.out ssh_config.out moduli.out -CONFIGFILES_IN=sshd_config ssh_config moduli - -PATHSUBS = \ - -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ - -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ - -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ - -e 's|/usr/libexec|$(libexecdir)|g' \ - -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \ - -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ - -e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \ - -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ - -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ - -e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \ - -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ - -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \ - -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ - -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \ - -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \ - -e 's|/var/empty|$(PRIVSEP_PATH)|g' \ - -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' - -FIXPATHSCMD = $(SED) $(PATHSUBS) -FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ - @UNSUPPORTED_ALGORITHMS@ - -all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) - -$(LIBSSH_OBJS): Makefile.in config.h -$(SSHOBJS): Makefile.in config.h -$(SSHDOBJS): Makefile.in config.h - -.c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ - -LIBWIN32COMPAT=contrib/win32/win32compat/@LIBWIN32COMPAT@ -$(LIBWIN32COMPAT): always - (cd contrib/win32/win32compat && $(MAKE)) - -LIBCOMPAT=openbsd-compat/libopenbsd-compat.a -$(LIBCOMPAT): always - (cd openbsd-compat && $(MAKE)) -always: - -libssh.a: $(LIBSSH_OBJS) - $(AR) rv $@ $(LIBSSH_OBJS) - $(RANLIB) $@ - -ssh$(EXEEXT): $(LIBCOMPAT) libssh.a @LIBWIN32COMPATDEPEND@ $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) ./libssh.a -lopenbsd-compat $(SSHLIBS) @LINKWIN32COMPAT@ $(LIBS) - -sshd$(EXEEXT): libssh.a @LIBWIN32COMPATDEPEND@ $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(SSHDLIBS) $(LIBS) - -ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ ssh-add.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ ssh-keygen.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) ./libssh.a -lopenbsd-compat -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) $(LIBEDIT) - -# test driver for the loginrec code - not built by default -logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o @LIBWIN32COMPATDEPEND@ - $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat ./libssh.a @LINKWIN32COMPAT@ $(LIBS) - -$(MANPAGES): $(MANPAGES_IN) - if test "$(MANTYPE)" = "cat"; then \ - manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \ - else \ - manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ - fi; \ - if test "$(MANTYPE)" = "man"; then \ - $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \ - $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ - else \ - $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \ - fi - -$(CONFIGFILES): $(CONFIGFILES_IN) - conffile=`echo $@ | sed 's/.out$$//'`; \ - $(FIXPATHSCMD) $(srcdir)/$${conffile} > $@ - -# fake rule to stop make trying to compile moduli.o into a binary "moduli.o" -moduli: - echo - -# special case target for umac128 -umac128.o: umac.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \ - -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \ - -Dumac_update=umac128_update -Dumac_final=umac128_final \ - -Dumac_delete=umac128_delete - -clean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core survey - rm -f regress/unittests/test_helper/*.a - rm -f regress/unittests/test_helper/*.o - rm -f regress/unittests/sshbuf/*.o - rm -f regress/unittests/sshbuf/test_sshbuf - rm -f regress/unittests/sshkey/*.o - rm -f regress/unittests/sshkey/test_sshkey - rm -f regress/unittests/bitmap/*.o - rm -f regress/unittests/bitmap/test_bitmap - rm -f regress/unittests/hostkeys/*.o - rm -f regress/unittests/hostkeys/test_hostkeys - rm -f regress/unittests/kex/*.o - rm -f regress/unittests/kex/test_kex - (cd openbsd-compat && $(MAKE) clean) - if test -f contrib/win32/win32compat/Makefile ; then \ - (cd contrib/win32/win32compat && $(MAKE) clean) \ - fi - -distclean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core opensshd.init openssh.xml - rm -f Makefile buildpkg.sh config.h config.status - rm -f survey.sh openbsd-compat/regress/Makefile *~ - rm -rf autom4te.cache - rm -f regress/unittests/test_helper/*.a - rm -f regress/unittests/test_helper/*.o - rm -f regress/unittests/sshbuf/*.o - rm -f regress/unittests/sshbuf/test_sshbuf - rm -f regress/unittests/sshkey/*.o - rm -f regress/unittests/sshkey/test_sshkey - rm -f regress/unittests/bitmap/*.o - rm -f regress/unittests/bitmap/test_bitmap - rm -f regress/unittests/hostkeys/*.o - rm -f regress/unittests/hostkeys/test_hostkeys - rm -f regress/unittests/kex/*.o - rm -f regress/unittests/kex/test_kex - (cd openbsd-compat && $(MAKE) distclean) - if test -f contrib/win32/win32compat/Makefile ; then \ - (cd contrib/win32/win32compat && $(MAKE) distclean) \ - fi - if test -d pkg ; then \ - rm -fr pkg ; \ - fi - -veryclean: distclean - rm -f configure config.h.in *.0 - -cleandir: veryclean - -mrproper: veryclean - -realclean: veryclean - -catman-do: - @for f in $(MANPAGES_IN) ; do \ - base=`echo $$f | sed 's/\..*$$//'` ; \ - echo "$$f -> $$base.0" ; \ - $(MANFMT) $$f | cat -v | sed -e 's/.\^H//g' \ - >$$base.0 ; \ - done - -distprep: catman-do - $(AUTORECONF) - -rm -rf autom4te.cache - -install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf -install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - -check-config: - -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config - -install-files: - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) - (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) - $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 - $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 - $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 - $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 - $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 - -rm -f $(DESTDIR)$(bindir)/slogin - ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - -install-sysconf: - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi - @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ - $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ - fi - @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ - $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ - fi - @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ - if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ - echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ - mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ - else \ - $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \ - fi ; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ - fi - -host-key: ssh-keygen$(EXEEXT) - @if [ -z "$(DESTDIR)" ] ; then \ - if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \ - echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \ - fi ; \ - if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \ - echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \ - fi ; \ - if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \ - echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \ - fi ; \ - if [ -f $(sysconfdir)/ssh_host_ed25519_key ] ; then \ - echo "$(sysconfdir)/ssh_host_ed25519_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t ed25519 -f $(sysconfdir)/ssh_host_ed25519_key -N "" ; \ - fi ; \ - if [ -z "@COMMENT_OUT_ECC@" ] ; then \ - if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \ - echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \ - fi ; \ - fi ; \ - fi ; - -host-key-force: ssh-keygen$(EXEEXT) - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" - ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" - ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" - ./ssh-keygen -t ed25519 -f $(DESTDIR)$(sysconfdir)/ssh_host_ed25519_key -N "" - test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N "" - -uninstallall: uninstall - -rm -f $(DESTDIR)$(sysconfdir)/ssh_config - -rm -f $(DESTDIR)$(sysconfdir)/sshd_config - -rmdir $(DESTDIR)$(sysconfdir) - -rmdir $(DESTDIR)$(bindir) - -rmdir $(DESTDIR)$(sbindir) - -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1 - -rmdir $(DESTDIR)$(mandir)/$(mansubdir)8 - -rmdir $(DESTDIR)$(mandir) - -rmdir $(DESTDIR)$(libexecdir) - -uninstall: - -rm -f $(DESTDIR)$(bindir)/slogin - -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) - -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) - -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) - -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - -regress-prep: - [ -d `pwd`/regress ] || mkdir -p `pwd`/regress - [ -d `pwd`/regress/unittests ] || mkdir -p `pwd`/regress/unittests - [ -d `pwd`/regress/unittests/test_helper ] || \ - mkdir -p `pwd`/regress/unittests/test_helper - [ -d `pwd`/regress/unittests/sshbuf ] || \ - mkdir -p `pwd`/regress/unittests/sshbuf - [ -d `pwd`/regress/unittests/sshkey ] || \ - mkdir -p `pwd`/regress/unittests/sshkey - [ -d `pwd`/regress/unittests/bitmap ] || \ - mkdir -p `pwd`/regress/unittests/bitmap - [ -d `pwd`/regress/unittests/hostkeys ] || \ - mkdir -p `pwd`/regress/unittests/hostkeys - [ -d `pwd`/regress/unittests/kex ] || \ - mkdir -p `pwd`/regress/unittests/kex - [ -f `pwd`/regress/Makefile ] || \ - ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile - -regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ - $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ - $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -regress/netcat$(EXEEXT): $(srcdir)/regress/netcat.c - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ - $(LDFLAGS) ./libssh.a -lopenbsd-compat @LINKWIN32COMPAT@ $(LIBS) - -UNITTESTS_TEST_HELPER_OBJS=\ - regress/unittests/test_helper/test_helper.o \ - regress/unittests/test_helper/fuzz.o - -regress/unittests/test_helper/libtest_helper.a: ${UNITTESTS_TEST_HELPER_OBJS} - $(AR) rv $@ $(UNITTESTS_TEST_HELPER_OBJS) - $(RANLIB) $@ - -UNITTESTS_TEST_SSHBUF_OBJS=\ - regress/unittests/sshbuf/tests.o \ - regress/unittests/sshbuf/test_sshbuf.o \ - regress/unittests/sshbuf/test_sshbuf_getput_basic.o \ - regress/unittests/sshbuf/test_sshbuf_getput_crypto.o \ - regress/unittests/sshbuf/test_sshbuf_misc.o \ - regress/unittests/sshbuf/test_sshbuf_fuzz.o \ - regress/unittests/sshbuf/test_sshbuf_getput_fuzz.o \ - regress/unittests/sshbuf/test_sshbuf_fixed.o - -regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \ - regress/unittests/test_helper/libtest_helper.a libssh.a - $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \ - regress/unittests/test_helper/libtest_helper.a \ - ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS) - -UNITTESTS_TEST_SSHKEY_OBJS=\ - regress/unittests/sshkey/test_fuzz.o \ - regress/unittests/sshkey/tests.o \ - regress/unittests/sshkey/common.o \ - regress/unittests/sshkey/test_file.o \ - regress/unittests/sshkey/test_sshkey.o - -regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \ - regress/unittests/test_helper/libtest_helper.a libssh.a - $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHKEY_OBJS) \ - regress/unittests/test_helper/libtest_helper.a \ - ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS) - -UNITTESTS_TEST_BITMAP_OBJS=\ - regress/unittests/bitmap/tests.o - -regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ - regress/unittests/test_helper/libtest_helper.a libssh.a - $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_BITMAP_OBJS) \ - regress/unittests/test_helper/libtest_helper.a \ - ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS) - -UNITTESTS_TEST_KEX_OBJS=\ - regress/unittests/kex/tests.o \ - regress/unittests/kex/test_kex.o \ - roaming_dummy.o - -regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ - regress/unittests/test_helper/libtest_helper.a libssh.a - $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_KEX_OBJS) \ - regress/unittests/test_helper/libtest_helper.a \ - ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS) - -UNITTESTS_TEST_HOSTKEYS_OBJS=\ - regress/unittests/hostkeys/tests.o \ - regress/unittests/hostkeys/test_iterate.o - -regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ - ${UNITTESTS_TEST_HOSTKEYS_OBJS} \ - regress/unittests/test_helper/libtest_helper.a libssh.a - $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_HOSTKEYS_OBJS) \ - regress/unittests/test_helper/libtest_helper.a \ - ./libssh.a -lopenbsd-compat -lwin32compat $(LIBS) - -REGRESS_BINARIES=\ - regress/modpipe$(EXEEXT) \ - regress/setuid-allowed$(EXEEXT) \ - regress/netcat$(EXEEXT) \ - regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ - regress/unittests/sshkey/test_sshkey$(EXEEXT) \ - regress/unittests/bitmap/test_bitmap$(EXEEXT) \ - regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \ - regress/unittests/kex/test_kex$(EXEEXT) - -tests interop-tests t-exec: regress-prep $(TARGETS) $(REGRESS_BINARIES) - BUILDDIR=`pwd`; \ - TEST_SSH_SCP="$${BUILDDIR}/scp"; \ - TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ - TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ - TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \ - TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \ - TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \ - TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \ - TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \ - TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \ - TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \ - TEST_SSH_PLINK="plink"; \ - TEST_SSH_PUTTYGEN="puttygen"; \ - TEST_SSH_CONCH="conch"; \ - TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \ - TEST_SSH_ECC="@TEST_SSH_ECC@" ; \ - cd $(srcdir)/regress || exit $$?; \ - $(MAKE) \ - .OBJDIR="$${BUILDDIR}/regress" \ - .CURDIR="`pwd`" \ - BUILDDIR="$${BUILDDIR}" \ - OBJ="$${BUILDDIR}/regress/" \ - PATH="$${BUILDDIR}:$${PATH}" \ - TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \ - TEST_SSH_SCP="$${TEST_SSH_SCP}" \ - TEST_SSH_SSH="$${TEST_SSH_SSH}" \ - TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \ - TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \ - TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \ - TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \ - TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \ - TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \ - TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \ - TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \ - TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \ - TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \ - TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \ - TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \ - TEST_SSH_ECC="$${TEST_SSH_ECC}" \ - TEST_SHELL="${TEST_SHELL}" \ - EXEEXT="$(EXEEXT)" \ - $@ && echo all tests passed - -compat-tests: $(LIBCOMPAT) - (cd openbsd-compat/regress && $(MAKE)) - -regressclean: - if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ - (cd regress && $(MAKE) clean) \ - fi - -survey: survey.sh ssh - @$(SHELL) ./survey.sh > survey - @echo 'The survey results have been placed in the file "survey" in the' - @echo 'current directory. Please review the file then send with' - @echo '"make send-survey".' - -send-survey: survey - mail portable-survey@mindrot.org <survey - -package: $(CONFIGFILES) $(MANPAGES) $(TARGETS) - if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ - sh buildpkg.sh; \ - fi diff --git a/win32_build b/win32_build deleted file mode 100644 index 709455c..0000000 --- a/win32_build +++ /dev/null @@ -1,22 +0,0 @@ -rm config.guess -rm config.sub -rm cconfigure.ac -rm configure -rm config.h -rm config.h.in -rm config.h.tail -rm Makefile.in -rm openbsd-compat/Makefile.in -cp win32_config.guess config.guess -cp win32_config.sub config.sub -cp win32_configure.ac configure.ac -cp win32_configure configure -cp win32_config.h config.h -cp win32_config.h.in config.h.in -cp win32_config.h.tail config.h.tail -cp win32_Makefile.in Makefile.in -cp openbsd-compat/win32_Makefile.in openbsd-compat/Makefile.in -autoreconf -./configure --build=i686-pc-mingw32 --host=i686-pc-mingw32 --with-ssl-dir=../openssl-1.0.2d --with-kerberos5 -cat config.h.tail >> config.h -make diff --git a/win32_config.guess b/win32_config.guess deleted file mode 100644 index 78553c4..0000000 --- a/win32_config.guess +++ /dev/null @@ -1,1511 +0,0 @@ -#! /bin/sh -# Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011 Free Software Foundation, Inc. - -timestamp='2011-01-23' - -# This file is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to <config-patches@gnu.org> and include a ChangeLog -# entry. -# -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. -# -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] - -Output the configuration name of the system \`$me' is run on. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to <config-patches@gnu.org>." - -version="\ -GNU config.guess ($timestamp) - -Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free -Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" >&2 - exit 1 ;; - * ) - break ;; - esac -done - -if test $# != 0; then - echo "$me: too many arguments$help" >&2 - exit 1 -fi - -trap 'exit 1' 1 2 15 - -# CC_FOR_BUILD -- compiler used by this script. Note that the use of a -# compiler to aid in system detection is discouraged as it requires -# temporary files to be created and, as you can see below, it is a -# headache to deal with in a portable fashion. - -# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still -# use `HOST_CC' if defined, but it is deprecated. - -# Portable tmp directory creation inspired by the Autoconf team. - -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; - for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' - -# This is needed to find uname on a Pyramid OSx when run in the BSD universe. -# (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then - PATH=$PATH:/.attbin ; export PATH -fi - -UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown -UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown -UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown - -# Note: order is significant - the case branches are not exclusive. - -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in - *:NetBSD:*:*) - # NetBSD (nbsd) targets should (where applicable) match one or - # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, - # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently - # switched to ELF, *-*-netbsd* would select the old - # object file format. This provides both forward - # compatibility and a consistent mechanism for selecting the - # object file format. - # - # Note: NetBSD doesn't particularly care about the vendor - # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in - armeb) machine=armeb-unknown ;; - arm*) machine=arm-unknown ;; - sh3el) machine=shl-unknown ;; - sh3eb) machine=sh-unknown ;; - sh5el) machine=sh5le-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; - esac - # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build - if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ELF__ - then - # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). - # Return netbsd for either. FIX? - os=netbsd - else - os=netbsdelf - fi - ;; - *) - os=netbsd - ;; - esac - # The OS release - # Debian GNU/NetBSD machines have a different userland, and - # thus, need a distinct triplet. However, they do not need - # kernel version information, so it can be replaced with a - # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in - Debian*) - release='-gnu' - ;; - *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` - ;; - esac - # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: - # contains redundant information, the shorter form: - # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" - exit ;; - *:OpenBSD:*:*) - UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} - exit ;; - *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} - exit ;; - *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} - exit ;; - macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} - exit ;; - *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} - exit ;; - alpha:OSF1:*:*) - case $UNAME_RELEASE in - *4.0) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - ;; - *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` - ;; - esac - # According to Compaq, /usr/sbin/psrinfo has been available on - # OSF/1 and Tru64 systems produced since 1995. I hope that - # covers most systems running today. This code pipes the CPU - # types through head -n 1, so we only detect the type of CPU 0. - ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in - "EV4 (21064)") - UNAME_MACHINE="alpha" ;; - "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; - "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; - "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; - "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; - "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; - "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; - "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; - "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; - "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; - "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; - "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; - "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; - "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; - esac - # A Pn.n version is a patched version. - # A Vn.n version is a released version. - # A Tn.n version is a released field test version. - # A Xn.n version is an unreleased experimental baselevel. - # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; - Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; - *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos - exit ;; - *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos - exit ;; - *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; - *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; - *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; - arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} - exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; - SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; - Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) - # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; - NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; - DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; - DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) - case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; - s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} - exit ;; - i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH="i386" - # If there is a compiler, see if it is configured for 64-bit objects. - # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. - # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - SUN_ARCH="x86_64" - fi - fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:6*:*) - # According to config.sub, this is the proper way to canonicalize - # SunOS6. Hard to guess exactly what SunOS6 will be like, but - # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in - Series*|S4*) - UNAME_RELEASE=`uname -v` - ;; - esac - # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit ;; - sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} - exit ;; - sun*:*:4.2BSD:*) - UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 - case "`/bin/arch`" in - sun3) - echo m68k-sun-sunos${UNAME_RELEASE} - ;; - sun4) - echo sparc-sun-sunos${UNAME_RELEASE} - ;; - esac - exit ;; - aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} - exit ;; - # The situation for MiNT is a little confusing. The machine name - # can be virtually everything (everything which is not - # "atarist" or "atariste" at least should have a processor - # > m68000). The system name ranges from "MiNT" over "FreeMiNT" - # to the lowercase version "mint" (or "freemint"). Finally - # the system name "TOS" denotes a system which is actually not - # MiNT. But MiNT is downward compatible to TOS, so this should - # be no problem. - atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} - exit ;; - milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; - hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; - *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; - m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} - exit ;; - powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} - exit ;; - RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; - RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} - exit ;; - VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} - exit ;; - 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} - exit ;; - mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c -#ifdef __cplusplus -#include <stdio.h> /* for printf() prototype */ - int main (int argc, char *argv[]) { -#else - int main (argc, argv) int argc; char *argv[]; { -#endif - #if defined (host_mips) && defined (MIPSEB) - #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); - #endif - #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); - #endif - #endif - exit (-1); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && - { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} - exit ;; - Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; - Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; - Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; - m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; - m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; - m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; - AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] - then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] - then - echo m88k-dg-dgux${UNAME_RELEASE} - else - echo m88k-dg-dguxbcs${UNAME_RELEASE} - fi - else - echo i586-dg-dgux${UNAME_RELEASE} - fi - exit ;; - M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; - M88*:*:R3*:*) - # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; - XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; - Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; - *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit ;; - ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' - i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; - ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit ;; - *:AIX:2:3) - if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include <sys/systemcfg.h> - - main() - { - if (!__power_pc()) - exit(1); - puts("powerpc-ibm-aix3.2.5"); - exit(0); - } -EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` - then - echo "$SYSTEM_NAME" - else - echo rs6000-ibm-aix3.2.5 - fi - elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 - else - echo rs6000-ibm-aix3.2 - fi - exit ;; - *:AIX:*:[4567]) - IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then - IBM_ARCH=rs6000 - else - IBM_ARCH=powerpc - fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` - else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} - fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit ;; - *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) - echo romp-ibm-bsd4.4 - exit ;; - ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 - *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; - DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; - 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; - hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; - 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; - 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then - sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac - fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - - #define _HPUX_SOURCE - #include <stdlib.h> - #include <unistd.h> - - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); - - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } -EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` - test -z "$HP_ARCH" && HP_ARCH=hppa - fi ;; - esac - if [ ${HP_ARCH} = "hppa2.0w" ] - then - eval $set_cc_for_build - - # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating - # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler - # generating 64-bit code. GNU and HP use different nomenclature: - # - # $ CC_FOR_BUILD=cc ./config.guess - # => hppa2.0w-hp-hpux11.23 - # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess - # => hppa64-hp-hpux11.23 - - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | - grep -q __LP64__ - then - HP_ARCH="hppa2.0w" - else - HP_ARCH="hppa64" - fi - fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit ;; - ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} - exit ;; - 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include <unistd.h> - int - main () - { - long cpu = sysconf (_SC_CPU_VERSION); - /* The order matters, because CPU_IS_HP_MC68K erroneously returns - true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct - results, however. */ - if (CPU_IS_PA_RISC (cpu)) - { - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; - case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; - default: puts ("hppa-hitachi-hiuxwe2"); break; - } - } - else if (CPU_IS_HP_MC68K (cpu)) - puts ("m68k-hitachi-hiuxwe2"); - else puts ("unknown-hitachi-hiuxwe2"); - exit (0); - } -EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) - echo hppa1.1-hp-bsd - exit ;; - 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; - *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) - echo hppa1.1-hp-osf - exit ;; - hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; - i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk - else - echo ${UNAME_MACHINE}-unknown-osf1 - fi - exit ;; - parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; - C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; - C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; - C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; - C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; - CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ - | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ - -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ - -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit ;; - F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; - i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit ;; - sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit ;; - *:FreeBSD:*:*) - case ${UNAME_MACHINE} in - pc98) - echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - esac - exit ;; - i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin - exit ;; - *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 - exit ;; - i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 - exit ;; - *:Interix*:*) - case ${UNAME_MACHINE} in - x86) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; - IA64) - echo ia64-unknown-interix${UNAME_RELEASE} - exit ;; - esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; - i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin - exit ;; - amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; - prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit ;; - *:GNU:*:*) - # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit ;; - *:GNU/*:*:*) - # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu - exit ;; - i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix - exit ;; - alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in - EV5) UNAME_MACHINE=alphaev5 ;; - EV56) UNAME_MACHINE=alphaev56 ;; - PCA56) UNAME_MACHINE=alphapca56 ;; - PCA57) UNAME_MACHINE=alphapca56 ;; - EV6) UNAME_MACHINE=alphaev6 ;; - EV67) UNAME_MACHINE=alphaev67 ;; - EV68*) UNAME_MACHINE=alphaev68 ;; - esac - objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit ;; - arm*:Linux:*:*) - eval $set_cc_for_build - if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ - | grep -q __ARM_EABI__ - then - echo ${UNAME_MACHINE}-unknown-linux-gnu - else - echo ${UNAME_MACHINE}-unknown-linux-gnueabi - fi - exit ;; - avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - cris:Linux:*:*) - echo cris-axis-linux-gnu - exit ;; - crisv32:Linux:*:*) - echo crisv32-axis-linux-gnu - exit ;; - frv:Linux:*:*) - echo frv-unknown-linux-gnu - exit ;; - i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" - exit ;; - ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el - #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el - #else - #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} - #else - CPU= - #endif - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } - ;; - or32:Linux:*:*) - echo or32-unknown-linux-gnu - exit ;; - padre:Linux:*:*) - echo sparc-unknown-linux-gnu - exit ;; - parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu - exit ;; - parisc:Linux:*:* | hppa:Linux:*:*) - # Look for CPU level - case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; - esac - exit ;; - ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu - exit ;; - ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu - exit ;; - s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux - exit ;; - sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - tile*:Linux:*:*) - echo ${UNAME_MACHINE}-tilera-linux-gnu - exit ;; - vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu - exit ;; - x86_64:Linux:*:*) - echo x86_64-unknown-linux-gnu - exit ;; - xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu - exit ;; - i*86:DYNIX/ptx:4*:*) - # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. - # earlier versions are messed up and put the nodename in both - # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; - i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, - # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit ;; - i*86:OS/2:*:*) - # If we were able to find `uname', then EMX Unix compatibility - # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx - exit ;; - i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop - exit ;; - i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos - exit ;; - i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable - exit ;; - i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} - exit ;; - i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` - if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} - else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} - fi - exit ;; - i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. - case `/bin/uname -X | grep "^Machine"` in - *486*) UNAME_MACHINE=i486 ;; - *Pentium) UNAME_MACHINE=i586 ;; - *Pent*|*Celeron) UNAME_MACHINE=i686 ;; - esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit ;; - i*86:*:3.2:*) - if test -f /usr/options/cb.name; then - UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` - echo ${UNAME_MACHINE}-pc-isc$UNAME_REL - elif /bin/uname -X 2>/dev/null >/dev/null ; then - UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` - (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 - (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ - && UNAME_MACHINE=i586 - (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ - && UNAME_MACHINE=i686 - (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ - && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL - else - echo ${UNAME_MACHINE}-pc-sysv32 - fi - exit ;; - pc:*:*:*) - # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. - # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that - # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; - Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; - paragon:*:*:*) - echo i860-intel-osf1 - exit ;; - i860:*:4.*:*) # i860-SVR4 - if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 - else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 - fi - exit ;; - mini*:CTIX:SYS*5:*) - # "miniframe" - echo m68010-convergent-sysv - exit ;; - mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; - M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; - M68*:*:R3V[5678]*:*) - test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; - 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) - OS_REL='' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; - NCR*:*:4.2:* | MPRAS*:*:4.2:*) - OS_REL='.3' - test -r /etc/.relid \ - && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } - /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; - m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} - exit ;; - mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; - TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} - exit ;; - rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit ;; - PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit ;; - SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} - exit ;; - RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; - *:SINIX-*:*:*) - if uname -p 2>/dev/null >/dev/null ; then - UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 - else - echo ns32k-sni-sysv - fi - exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says <Richard.M.Bartel@ccMail.Census.GOV> - echo i586-unisys-sysv4 - exit ;; - *:UNIX_System_V:4*:FTX*) - # From Gerald Hewes <hewes@openmarket.com>. - # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; - *:*:*:FTX*) - # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; - i*86:VOS:*:*) - # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos - exit ;; - *:VOS:*:*) - # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; - mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} - exit ;; - news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; - R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} - else - echo mips-unknown-sysv${UNAME_RELEASE} - fi - exit ;; - BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; - BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; - BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; - BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; - SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} - exit ;; - SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} - exit ;; - SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} - exit ;; - SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} - exit ;; - SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} - exit ;; - SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} - exit ;; - Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit ;; - *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit ;; - *:procnto*:*:* | *:QNX:[0123456789]*:*) - UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then - UNAME_PROCESSOR=i386 - UNAME_MACHINE=pc - fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit ;; - *:QNX:*:4*) - echo i386-pc-qnx - exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} - exit ;; - NSE-?:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} - exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} - exit ;; - *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; - BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; - DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit ;; - *:Plan9:*:*) - # "uname -m" is not consistent, so use $cputype instead. 386 - # is converted to i386 for consistency with other x86 - # operating systems. - if test "$cputype" = "386"; then - UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" - fi - echo ${UNAME_MACHINE}-unknown-plan9 - exit ;; - *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; - *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; - KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; - XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; - *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; - *:ITS:*:*) - echo pdp10-unknown-its - exit ;; - SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} - exit ;; - *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` - exit ;; - *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; - esac ;; - *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; - i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' - exit ;; - i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos - exit ;; - i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros - exit ;; -esac - -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c <<EOF -#ifdef _SEQUENT_ -# include <sys/types.h> -# include <sys/utsname.h> -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include <sys/param.h> - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include <sys/param.h> -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - -cat >&2 <<EOF -$0: unable to guess system type - -This script, last modified $timestamp, has failed to recognize -the operating system you are using. It is advised that you -download the most up to date version of the config scripts from - - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD -and - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD - -If the version you run ($0) is already up to date, please -send the following data and any information you think might be -pertinent to <config-patches@gnu.org> in order to provide the needed -information to handle your system. - -config.guess timestamp = $timestamp - -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null` - -hostinfo = `(hostinfo) 2>/dev/null` -/bin/universe = `(/bin/universe) 2>/dev/null` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` -/bin/arch = `(/bin/arch) 2>/dev/null` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` - -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} -EOF - -exit 1 - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/win32_config.h b/win32_config.h deleted file mode 100644 index 6263001..0000000 --- a/win32_config.h +++ /dev/null @@ -1,1647 +0,0 @@ -/* config.h. Generated from config.h.in by configure. */ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Define if building universal (internal helper macro) */ -/* #undef AC_APPLE_UNIVERSAL_BUILD */ - -/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address - */ -/* #undef AIX_GETNAMEINFO_HACK */ - -/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) - */ -/* #undef AIX_LOGINFAILED_4ARG */ - -/* System only supports IPv4 audit records */ -/* #undef AU_IPv4 */ - -/* Define if your resolver libs need this for getrrsetbyname */ -/* #undef BIND_8_COMPAT */ - -/* Define if cmsg_type is not passed correctly */ -/* #undef BROKEN_CMSG_TYPE */ - -/* getaddrinfo is broken (if present) */ -/* #undef BROKEN_GETADDRINFO */ - -/* getgroups(0,NULL) will return -1 */ -/* #undef BROKEN_GETGROUPS */ - -/* FreeBSD glob does not do what we need */ -/* #undef BROKEN_GLOB */ - -/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ -/* #undef BROKEN_INET_NTOA */ - -/* ia_uinfo routines not supported by OS yet */ -/* #undef BROKEN_LIBIAF */ - -/* Ultrix mmap can't map files */ -/* #undef BROKEN_MMAP */ - -/* Define if your struct dirent expects you to allocate extra space for - d_name */ -/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */ - -/* Can't do comparisons on readv */ -/* #undef BROKEN_READV_COMPARISON */ - -/* Define if you have a broken realpath. */ -/* #undef BROKEN_REALPATH */ - -/* Needed for NeXT */ -/* #undef BROKEN_SAVED_UIDS */ - -/* Define if your setregid() is broken */ -/* #undef BROKEN_SETREGID */ - -/* Define if your setresgid() is broken */ -/* #undef BROKEN_SETRESGID */ - -/* Define if your setresuid() is broken */ -/* #undef BROKEN_SETRESUID */ - -/* Define if your setreuid() is broken */ -/* #undef BROKEN_SETREUID */ - -/* LynxOS has broken setvbuf() implementation */ -/* #undef BROKEN_SETVBUF */ - -/* QNX shadow support is broken */ -/* #undef BROKEN_SHADOW_EXPIRE */ - -/* Define if your snprintf is busted */ -/* #undef BROKEN_SNPRINTF */ - -/* tcgetattr with ICANON may hang */ -/* #undef BROKEN_TCGETATTR_ICANON */ - -/* updwtmpx is broken (if present) */ -/* #undef BROKEN_UPDWTMPX */ - -/* Define if you have BSD auth support */ -/* #undef BSD_AUTH */ - -/* Define if you want to specify the path to your lastlog file */ -#define CONF_LASTLOG_FILE "/var/log/lastlog" - -/* Define if you want to specify the path to your utmp file */ -#define CONF_UTMP_FILE "/var/run/utmp" - -/* Define if you want to specify the path to your wtmpx file */ -/* #undef CONF_WTMPX_FILE */ - -/* Define if you want to specify the path to your wtmp file */ -/* #undef CONF_WTMP_FILE */ - -/* Define if your platform needs to skip post auth file descriptor passing */ -#define DISABLE_FD_PASSING 1 - -/* Define if you don't want to use lastlog */ -/* #undef DISABLE_LASTLOG */ - -/* Define if you don't want to use your system's login() call */ -/* #undef DISABLE_LOGIN */ - -/* Define if you don't want to use pututline() etc. to write [uw]tmp */ -/* #undef DISABLE_PUTUTLINE */ - -/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ -/* #undef DISABLE_PUTUTXLINE */ - -/* Define if you want to disable shadow passwords */ -#define DISABLE_SHADOW 1 - -/* Define if you don't want to use utmp */ -#define DISABLE_UTMP 1 - -/* Define if you don't want to use utmpx */ -#define DISABLE_UTMPX 1 - -/* Define if you don't want to use wtmp */ -#define DISABLE_WTMP 1 - -/* Define if you don't want to use wtmpx */ -#define DISABLE_WTMPX 1 - -/* Enable for PKCS#11 support */ -#define ENABLE_PKCS11 1 - -/* File names may not contain backslash characters */ -/* #undef FILESYSTEM_NO_BACKSLASH */ - -/* fsid_t has member val */ -/* #undef FSID_HAS_VAL */ - -/* fsid_t has member __val */ -/* #undef FSID_HAS___VAL */ - -/* Define to 1 if the `getpgrp' function requires zero arguments. */ -/* #undef GETPGRP_VOID */ - -/* Conflicting defs for getspnam */ -/* #undef GETSPNAM_CONFLICTING_DEFS */ - -/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ -/* #undef GLOB_HAS_ALTDIRFUNC */ - -/* Define if your system glob() function has gl_matchc options in glob_t */ -#define GLOB_HAS_GL_MATCHC 1 - -/* Define if your system glob() function has gl_statv options in glob_t */ -#define GLOB_HAS_GL_STATV 1 - -/* Define this if you want GSSAPI support in the version 2 protocol */ -#define GSSAPI 1 - -/* Define if you want to use shadow password expire field */ -/* #undef HAS_SHADOW_EXPIRE */ - -/* Define if your system uses access rights style file descriptor passing */ -/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */ - -/* Define if you have ut_addr in utmp.h */ -/* #undef HAVE_ADDR_IN_UTMP */ - -/* Define if you have ut_addr in utmpx.h */ -/* #undef HAVE_ADDR_IN_UTMPX */ - -/* Define if you have ut_addr_v6 in utmp.h */ -/* #undef HAVE_ADDR_V6_IN_UTMP */ - -/* Define if you have ut_addr_v6 in utmpx.h */ -/* #undef HAVE_ADDR_V6_IN_UTMPX */ - -/* Define to 1 if you have the `arc4random' function. */ -/* #undef HAVE_ARC4RANDOM */ - -/* Define to 1 if you have the `arc4random_buf' function. */ -/* #undef HAVE_ARC4RANDOM_BUF */ - -/* Define to 1 if you have the `arc4random_uniform' function. */ -/* #undef HAVE_ARC4RANDOM_UNIFORM */ - -/* Define to 1 if you have the `asprintf' function. */ -/* #undef HAVE_ASPRINTF */ - -/* OpenBSD's gcc has bounded */ -/* #undef HAVE_ATTRIBUTE__BOUNDED__ */ - -/* Have attribute nonnull */ -#define HAVE_ATTRIBUTE__NONNULL__ 1 - -/* OpenBSD's gcc has sentinel */ -/* #undef HAVE_ATTRIBUTE__SENTINEL__ */ - -/* Define to 1 if you have the `aug_get_machine' function. */ -/* #undef HAVE_AUG_GET_MACHINE */ - -/* Define to 1 if you have the `b64_ntop' function. */ -/* #undef HAVE_B64_NTOP */ - -/* Define to 1 if you have the `b64_pton' function. */ -/* #undef HAVE_B64_PTON */ - -/* Define if you have the basename function. */ -#define HAVE_BASENAME 1 - -/* Define to 1 if you have the `bcopy' function. */ -/* #undef HAVE_BCOPY */ - -/* Define to 1 if you have the `bindresvport_sa' function. */ -/* #undef HAVE_BINDRESVPORT_SA */ - -/* Define to 1 if you have the `BN_is_prime_ex' function. */ -#define HAVE_BN_IS_PRIME_EX 1 - -/* Define to 1 if you have the <bsm/audit.h> header file. */ -/* #undef HAVE_BSM_AUDIT_H */ - -/* Define to 1 if you have the <bstring.h> header file. */ -/* #undef HAVE_BSTRING_H */ - -/* Define to 1 if you have the `clock' function. */ -#define HAVE_CLOCK 1 - -/* define if you have clock_t data type */ -#define HAVE_CLOCK_T 1 - -/* Define to 1 if you have the `closefrom' function. */ -/* #undef HAVE_CLOSEFROM */ - -/* Define if gai_strerror() returns const char * */ -/* #undef HAVE_CONST_GAI_STRERROR_PROTO */ - -/* Define if your system uses ancillary data style file descriptor passing */ -/* #undef HAVE_CONTROL_IN_MSGHDR */ - -/* Define to 1 if you have the <crypto/sha2.h> header file. */ -/* #undef HAVE_CRYPTO_SHA2_H */ - -/* Define to 1 if you have the <crypt.h> header file. */ -/* #undef HAVE_CRYPT_H */ - -/* Define if you are on Cygwin */ -/* #undef HAVE_CYGWIN */ - -/* Define if your libraries define daemon() */ -/* #undef HAVE_DAEMON */ - -/* Define to 1 if you have the declaration of `authenticate', and to 0 if you - don't. */ -/* #undef HAVE_DECL_AUTHENTICATE */ - -/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you - don't. */ -#define HAVE_DECL_GLOB_NOMATCH 1 - -/* Define to 1 if you have the declaration of `h_errno', and to 0 if you - don't. */ -#define HAVE_DECL_H_ERRNO 0 - -/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you - don't. */ -/* #undef HAVE_DECL_LOGINFAILED */ - -/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if - you don't. */ -/* #undef HAVE_DECL_LOGINRESTRICTIONS */ - -/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you - don't. */ -/* #undef HAVE_DECL_LOGINSUCCESS */ - -/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you - don't. */ -#define HAVE_DECL_MAXSYMLINKS 0 - -/* Define to 1 if you have the declaration of `offsetof', and to 0 if you - don't. */ -#define HAVE_DECL_OFFSETOF 1 - -/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you - don't. */ -#define HAVE_DECL_O_NONBLOCK 0 - -/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you - don't. */ -/* #undef HAVE_DECL_PASSWDEXPIRED */ - -/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you - don't. */ -/* #undef HAVE_DECL_SETAUTHDB */ - -/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you - don't. */ -#define HAVE_DECL_SHUT_RD 1 - -/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. - */ -#define HAVE_DECL_WRITEV 0 - -/* Define to 1 if you have the declaration of `_getlong', and to 0 if you - don't. */ -/* #undef HAVE_DECL__GETLONG */ - -/* Define to 1 if you have the declaration of `_getshort', and to 0 if you - don't. */ -/* #undef HAVE_DECL__GETSHORT */ - -/* Define if you have /dev/ptmx */ -#define HAVE_DEV_PTMX 1 - -/* Define if you have /dev/ptc */ -/* #undef HAVE_DEV_PTS_AND_PTC */ - -/* Define to 1 if you have the <dirent.h> header file. */ -#define HAVE_DIRENT_H 1 - -/* Define to 1 if you have the `dirfd' function. */ -/* #undef HAVE_DIRFD */ - -/* Define to 1 if you have the `dirname' function. */ -#define HAVE_DIRNAME 1 - -/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ -#define HAVE_DSA_GENERATE_PARAMETERS_EX 1 - -/* Define to 1 if you have the <endian.h> header file. */ -/* #undef HAVE_ENDIAN_H */ - -/* Define to 1 if you have the `endutent' function. */ -/* #undef HAVE_ENDUTENT */ - -/* Define to 1 if you have the `endutxent' function. */ -/* #undef HAVE_ENDUTXENT */ - -/* Define if your system has /etc/default/login */ -/* #undef HAVE_ETC_DEFAULT_LOGIN */ - -/* Define to 1 if you have the `EVP_sha256' function. */ -#define HAVE_EVP_SHA256 1 - -/* Define if you have ut_exit in utmp.h */ -/* #undef HAVE_EXIT_IN_UTMP */ - -/* Define to 1 if you have the `fchmod' function. */ -/* #undef HAVE_FCHMOD */ - -/* Define to 1 if you have the `fchown' function. */ -/* #undef HAVE_FCHOWN */ - -/* Use F_CLOSEM fcntl for closefrom */ -/* #undef HAVE_FCNTL_CLOSEM */ - -/* Define to 1 if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H 1 - -/* Define to 1 if you have the <features.h> header file. */ -/* #undef HAVE_FEATURES_H */ - -/* Define to 1 if you have the <floatingpoint.h> header file. */ -/* #undef HAVE_FLOATINGPOINT_H */ - -/* Define to 1 if you have the `fmt_scaled' function. */ -/* #undef HAVE_FMT_SCALED */ - -/* Define to 1 if you have the `freeaddrinfo' function. */ -/* #undef HAVE_FREEADDRINFO */ - -/* Define to 1 if the system has the type `fsblkcnt_t'. */ -/* #undef HAVE_FSBLKCNT_T */ - -/* Define to 1 if the system has the type `fsfilcnt_t'. */ -/* #undef HAVE_FSFILCNT_T */ - -/* Define to 1 if you have the `fstatvfs' function. */ -/* #undef HAVE_FSTATVFS */ - -/* Define to 1 if you have the `futimes' function. */ -/* #undef HAVE_FUTIMES */ - -/* Define to 1 if you have the `gai_strerror' function. */ -/* #undef HAVE_GAI_STRERROR */ - -/* Define to 1 if you have the `getaddrinfo' function. */ -/* #undef HAVE_GETADDRINFO */ - -/* Define to 1 if you have the `getaudit' function. */ -/* #undef HAVE_GETAUDIT */ - -/* Define to 1 if you have the `getaudit_addr' function. */ -/* #undef HAVE_GETAUDIT_ADDR */ - -/* Define to 1 if you have the `getcwd' function. */ -#define HAVE_GETCWD 1 - -/* Define to 1 if you have the `getgrouplist' function. */ -/* #undef HAVE_GETGROUPLIST */ - -/* Define to 1 if you have the `getgrset' function. */ -/* #undef HAVE_GETGRSET */ - -/* Define to 1 if you have the `getlastlogxbyname' function. */ -/* #undef HAVE_GETLASTLOGXBYNAME */ - -/* Define to 1 if you have the `getluid' function. */ -/* #undef HAVE_GETLUID */ - -/* Define to 1 if you have the `getnameinfo' function. */ -/* #undef HAVE_GETNAMEINFO */ - -/* Define to 1 if you have the `getopt' function. */ -#define HAVE_GETOPT 1 - -/* Define to 1 if you have the <getopt.h> header file. */ -#define HAVE_GETOPT_H 1 - -/* Define if your getopt(3) defines and uses optreset */ -/* #undef HAVE_GETOPT_OPTRESET */ - -/* Define if your libraries define getpagesize() */ -#define HAVE_GETPAGESIZE 1 - -/* Define to 1 if you have the `getpeereid' function. */ -/* #undef HAVE_GETPEEREID */ - -/* Define to 1 if you have the `getpeerucred' function. */ -/* #undef HAVE_GETPEERUCRED */ - -/* Define to 1 if you have the `getpwanam' function. */ -/* #undef HAVE_GETPWANAM */ - -/* Define to 1 if you have the `getrlimit' function. */ -/* #undef HAVE_GETRLIMIT */ - -/* Define if getrrsetbyname() exists */ -/* #undef HAVE_GETRRSETBYNAME */ - -/* Define to 1 if you have the `getrusage' function. */ -/* #undef HAVE_GETRUSAGE */ - -/* Define to 1 if you have the `getseuserbyname' function. */ -/* #undef HAVE_GETSEUSERBYNAME */ - -/* Define to 1 if you have the `gettimeofday' function. */ -#define HAVE_GETTIMEOFDAY 1 - -/* Define to 1 if you have the `getttyent' function. */ -/* #undef HAVE_GETTTYENT */ - -/* Define to 1 if you have the `getutent' function. */ -/* #undef HAVE_GETUTENT */ - -/* Define to 1 if you have the `getutid' function. */ -/* #undef HAVE_GETUTID */ - -/* Define to 1 if you have the `getutline' function. */ -/* #undef HAVE_GETUTLINE */ - -/* Define to 1 if you have the `getutxent' function. */ -/* #undef HAVE_GETUTXENT */ - -/* Define to 1 if you have the `getutxid' function. */ -/* #undef HAVE_GETUTXID */ - -/* Define to 1 if you have the `getutxline' function. */ -/* #undef HAVE_GETUTXLINE */ - -/* Define to 1 if you have the `getutxuser' function. */ -/* #undef HAVE_GETUTXUSER */ - -/* Define to 1 if you have the `get_default_context_with_level' function. */ -/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */ - -/* Define to 1 if you have the `glob' function. */ -/* #undef HAVE_GLOB */ - -/* Define to 1 if you have the <glob.h> header file. */ -#define HAVE_GLOB_H 1 - -/* Define to 1 if you have the `group_from_gid' function. */ -/* #undef HAVE_GROUP_FROM_GID */ - -/* Define to 1 if you have the <gssapi_generic.h> header file. */ -/* #undef HAVE_GSSAPI_GENERIC_H */ - -/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */ -#define HAVE_GSSAPI_GSSAPI_GENERIC_H 1 - -/* Define to 1 if you have the <gssapi/gssapi.h> header file. */ -#define HAVE_GSSAPI_GSSAPI_H 1 - -/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ -#define HAVE_GSSAPI_GSSAPI_KRB5_H 1 - -/* Define to 1 if you have the <gssapi.h> header file. */ -/* #undef HAVE_GSSAPI_H */ - -/* Define to 1 if you have the <gssapi_krb5.h> header file. */ -/* #undef HAVE_GSSAPI_KRB5_H */ - -/* Define if HEADER.ad exists in arpa/nameser.h */ -/* #undef HAVE_HEADER_AD */ - -/* Define if you have ut_host in utmp.h */ -/* #undef HAVE_HOST_IN_UTMP */ - -/* Define if you have ut_host in utmpx.h */ -/* #undef HAVE_HOST_IN_UTMPX */ - -/* Define to 1 if you have the <iaf.h> header file. */ -/* #undef HAVE_IAF_H */ - -/* Define to 1 if you have the <ia.h> header file. */ -/* #undef HAVE_IA_H */ - -/* Define if you have ut_id in utmp.h */ -/* #undef HAVE_ID_IN_UTMP */ - -/* Define if you have ut_id in utmpx.h */ -/* #undef HAVE_ID_IN_UTMPX */ - -/* Define to 1 if you have the `inet_aton' function. */ -/* #undef HAVE_INET_ATON */ - -/* Define to 1 if you have the `inet_ntoa' function. */ -/* #undef HAVE_INET_NTOA */ - -/* Define to 1 if you have the `inet_ntop' function. */ -/* #undef HAVE_INET_NTOP */ - -/* Define to 1 if you have the `innetgr' function. */ -/* #undef HAVE_INNETGR */ - -/* define if you have int64_t data type */ -#define HAVE_INT64_T 1 - -/* Define to 1 if you have the <inttypes.h> header file. */ -#define HAVE_INTTYPES_H 1 - -/* define if you have intxx_t data type */ -#define HAVE_INTXX_T 1 - -/* Define to 1 if the system has the type `in_addr_t'. */ -/* #undef HAVE_IN_ADDR_T */ - -/* Define to 1 if the system has the type `in_port_t'. */ -/* #undef HAVE_IN_PORT_T */ - -/* Define if you have isblank(3C). */ -#define HAVE_ISBLANK 1 - -/* Define to 1 if you have the <lastlog.h> header file. */ -/* #undef HAVE_LASTLOG_H */ - -/* Define to 1 if you have the <libaudit.h> header file. */ -/* #undef HAVE_LIBAUDIT_H */ - -/* Define to 1 if you have the `bsm' library (-lbsm). */ -/* #undef HAVE_LIBBSM */ - -/* Define to 1 if you have the `crypt' library (-lcrypt). */ -/* #undef HAVE_LIBCRYPT */ - -/* Define to 1 if you have the `dl' library (-ldl). */ -/* #undef HAVE_LIBDL */ - -/* Define to 1 if you have the <libgen.h> header file. */ -#define HAVE_LIBGEN_H 1 - -/* Define if system has libiaf that supports set_id */ -/* #undef HAVE_LIBIAF */ - -/* Define to 1 if you have the `network' library (-lnetwork). */ -/* #undef HAVE_LIBNETWORK */ - -/* Define to 1 if you have the `nsl' library (-lnsl). */ -/* #undef HAVE_LIBNSL */ - -/* Define to 1 if you have the `pam' library (-lpam). */ -/* #undef HAVE_LIBPAM */ - -/* Define to 1 if you have the `socket' library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ - -/* Define to 1 if you have the <libutil.h> header file. */ -/* #undef HAVE_LIBUTIL_H */ - -/* Define to 1 if you have the `xnet' library (-lxnet). */ -/* #undef HAVE_LIBXNET */ - -/* Define to 1 if you have the `z' library (-lz). */ -#define HAVE_LIBZ 1 - -/* Define to 1 if you have the <limits.h> header file. */ -#define HAVE_LIMITS_H 1 - -/* Define to 1 if you have the <linux/if_tun.h> header file. */ -/* #undef HAVE_LINUX_IF_TUN_H */ - -/* Define if your libraries define login() */ -/* #undef HAVE_LOGIN */ - -/* Define to 1 if you have the <login_cap.h> header file. */ -/* #undef HAVE_LOGIN_CAP_H */ - -/* Define to 1 if you have the `login_getcapbool' function. */ -/* #undef HAVE_LOGIN_GETCAPBOOL */ - -/* Define to 1 if you have the <login.h> header file. */ -/* #undef HAVE_LOGIN_H */ - -/* Define to 1 if you have the `logout' function. */ -/* #undef HAVE_LOGOUT */ - -/* Define to 1 if you have the `logwtmp' function. */ -/* #undef HAVE_LOGWTMP */ - -/* Define to 1 if the system has the type `long double'. */ -#define HAVE_LONG_DOUBLE 1 - -/* Define to 1 if the system has the type `long long'. */ -#define HAVE_LONG_LONG 1 - -/* Define to 1 if you have the <maillock.h> header file. */ -/* #undef HAVE_MAILLOCK_H */ - -/* Define to 1 if you have the `md5_crypt' function. */ -/* #undef HAVE_MD5_CRYPT */ - -/* Define if you want to allow MD5 passwords */ -/* #undef HAVE_MD5_PASSWORDS */ - -/* Define to 1 if you have the `memmove' function. */ -#define HAVE_MEMMOVE 1 - -/* Define to 1 if you have the <memory.h> header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the `mkdtemp' function. */ -/* #undef HAVE_MKDTEMP */ - -/* Define to 1 if you have the `mmap' function. */ -/* #undef HAVE_MMAP */ - -/* define if you have mode_t data type */ -#define HAVE_MODE_T 1 - -/* Some systems put nanosleep outside of libc */ -/* #undef HAVE_NANOSLEEP */ - -/* Define to 1 if you have the <ndir.h> header file. */ -/* #undef HAVE_NDIR_H */ - -/* Define to 1 if you have the <netdb.h> header file. */ -/* #undef HAVE_NETDB_H */ - -/* Define to 1 if you have the <netgroup.h> header file. */ -/* #undef HAVE_NETGROUP_H */ - -/* Define to 1 if you have the <net/if_tun.h> header file. */ -/* #undef HAVE_NET_IF_TUN_H */ - -/* Define if you are on NeXT */ -/* #undef HAVE_NEXT */ - -/* Define to 1 if you have the `ngetaddrinfo' function. */ -/* #undef HAVE_NGETADDRINFO */ - -/* Define to 1 if you have the `nsleep' function. */ -/* #undef HAVE_NSLEEP */ - -/* Define to 1 if you have the `ogetaddrinfo' function. */ -/* #undef HAVE_OGETADDRINFO */ - -/* Define if you have an old version of PAM which takes only one argument to - pam_strerror */ -/* #undef HAVE_OLD_PAM */ - -/* Define to 1 if you have the `openlog_r' function. */ -/* #undef HAVE_OPENLOG_R */ - -/* Define to 1 if you have the `openpty' function. */ -/* #undef HAVE_OPENPTY */ - -/* Define if your ssl headers are included with #include <openssl/header.h> - */ -#define HAVE_OPENSSL 1 - -/* Define if you have Digital Unix Security Integration Architecture */ -/* #undef HAVE_OSF_SIA */ - -/* Define to 1 if you have the `pam_getenvlist' function. */ -/* #undef HAVE_PAM_GETENVLIST */ - -/* Define to 1 if you have the <pam/pam_appl.h> header file. */ -/* #undef HAVE_PAM_PAM_APPL_H */ - -/* Define to 1 if you have the `pam_putenv' function. */ -/* #undef HAVE_PAM_PUTENV */ - -/* Define to 1 if you have the <paths.h> header file. */ -/* #undef HAVE_PATHS_H */ - -/* Define if you have ut_pid in utmp.h */ -/* #undef HAVE_PID_IN_UTMP */ - -/* define if you have pid_t data type */ -#define HAVE_PID_T 1 - -/* Define to 1 if you have the `poll' function. */ -/* #undef HAVE_POLL */ - -/* Define to 1 if you have the <poll.h> header file. */ -/* #undef HAVE_POLL_H */ - -/* Define to 1 if you have the `prctl' function. */ -/* #undef HAVE_PRCTL */ - -/* Define to 1 if you have priveleged-port concept */ -/* #undef HAVE_PRIV_CONCEPT */ - -/* Define if you have /proc/$pid/fd */ -#define HAVE_PROC_PID 1 - -/* Define to 1 if you have the `pstat' function. */ -/* #undef HAVE_PSTAT */ - -/* Define to 1 if you have the <pty.h> header file. */ -/* #undef HAVE_PTY_H */ - -/* Define to 1 if you have the `pututline' function. */ -/* #undef HAVE_PUTUTLINE */ - -/* Define to 1 if you have the `pututxline' function. */ -/* #undef HAVE_PUTUTXLINE */ - -/* Define if your password has a pw_change field */ -/* #undef HAVE_PW_CHANGE_IN_PASSWD */ - -/* Define if your password has a pw_class field */ -/* #undef HAVE_PW_CLASS_IN_PASSWD */ - -/* Define if your password has a pw_expire field */ -/* #undef HAVE_PW_EXPIRE_IN_PASSWD */ - -/* Define to 1 if you have the `readpassphrase' function. */ -/* #undef HAVE_READPASSPHRASE */ - -/* Define to 1 if you have the <readpassphrase.h> header file. */ -/* #undef HAVE_READPASSPHRASE_H */ - -/* Define to 1 if you have the `realpath' function. */ -/* #undef HAVE_REALPATH */ - -/* Define to 1 if you have the `recvmsg' function. */ -/* #undef HAVE_RECVMSG */ - -/* sys/resource.h has RLIMIT_NPROC */ -/* #undef HAVE_RLIMIT_NPROC */ - -/* Define to 1 if you have the <rpc/types.h> header file. */ -/* #undef HAVE_RPC_TYPES_H */ - -/* Define to 1 if you have the `rresvport_af' function. */ -/* #undef HAVE_RRESVPORT_AF */ - -/* Define to 1 if you have the `RSA_generate_key_ex' function. */ -#define HAVE_RSA_GENERATE_KEY_EX 1 - -/* Define to 1 if you have the `RSA_get_default_method' function. */ -#define HAVE_RSA_GET_DEFAULT_METHOD 1 - -/* Define to 1 if you have the <sandbox.h> header file. */ -/* #undef HAVE_SANDBOX_H */ - -/* Define to 1 if you have the `sandbox_init' function. */ -/* #undef HAVE_SANDBOX_INIT */ - -/* define if you have sa_family_t data type */ -/* #undef HAVE_SA_FAMILY_T */ - -/* Define if you have SecureWare-based protected password database */ -/* #undef HAVE_SECUREWARE */ - -/* Define to 1 if you have the <security/pam_appl.h> header file. */ -/* #undef HAVE_SECURITY_PAM_APPL_H */ - -/* Define to 1 if you have the `sendmsg' function. */ -/* #undef HAVE_SENDMSG */ - -/* Define to 1 if you have the `setauthdb' function. */ -/* #undef HAVE_SETAUTHDB */ - -/* Define to 1 if you have the `setdtablesize' function. */ -/* #undef HAVE_SETDTABLESIZE */ - -/* Define to 1 if you have the `setegid' function. */ -/* #undef HAVE_SETEGID */ - -/* Define to 1 if you have the `setenv' function. */ -/* #undef HAVE_SETENV */ - -/* Define to 1 if you have the `seteuid' function. */ -/* #undef HAVE_SETEUID */ - -/* Define to 1 if you have the `setgroupent' function. */ -/* #undef HAVE_SETGROUPENT */ - -/* Define to 1 if you have the `setgroups' function. */ -/* #undef HAVE_SETGROUPS */ - -/* Define to 1 if you have the `setlogin' function. */ -/* #undef HAVE_SETLOGIN */ - -/* Define to 1 if you have the `setluid' function. */ -/* #undef HAVE_SETLUID */ - -/* Define to 1 if you have the `setpcred' function. */ -/* #undef HAVE_SETPCRED */ - -/* Define to 1 if you have the `setproctitle' function. */ -/* #undef HAVE_SETPROCTITLE */ - -/* Define to 1 if you have the `setregid' function. */ -/* #undef HAVE_SETREGID */ - -/* Define to 1 if you have the `setresgid' function. */ -/* #undef HAVE_SETRESGID */ - -/* Define to 1 if you have the `setresuid' function. */ -/* #undef HAVE_SETRESUID */ - -/* Define to 1 if you have the `setreuid' function. */ -/* #undef HAVE_SETREUID */ - -/* Define to 1 if you have the `setrlimit' function. */ -/* #undef HAVE_SETRLIMIT */ - -/* Define to 1 if you have the `setsid' function. */ -/* #undef HAVE_SETSID */ - -/* Define to 1 if you have the `setutent' function. */ -/* #undef HAVE_SETUTENT */ - -/* Define to 1 if you have the `setutxdb' function. */ -/* #undef HAVE_SETUTXDB */ - -/* Define to 1 if you have the `setutxent' function. */ -/* #undef HAVE_SETUTXENT */ - -/* Define to 1 if you have the `setvbuf' function. */ -#define HAVE_SETVBUF 1 - -/* Define to 1 if you have the `set_id' function. */ -/* #undef HAVE_SET_ID */ - -/* Define to 1 if you have the `SHA256_Update' function. */ -#define HAVE_SHA256_UPDATE 1 - -/* Define to 1 if you have the <sha2.h> header file. */ -/* #undef HAVE_SHA2_H */ - -/* Define to 1 if you have the <shadow.h> header file. */ -/* #undef HAVE_SHADOW_H */ - -/* Define to 1 if you have the `sigaction' function. */ -/* #undef HAVE_SIGACTION */ - -/* Define to 1 if you have the `sigvec' function. */ -/* #undef HAVE_SIGVEC */ - -/* Define to 1 if the system has the type `sig_atomic_t'. */ -#define HAVE_SIG_ATOMIC_T 1 - -/* define if you have size_t data type */ -#define HAVE_SIZE_T 1 - -/* Define to 1 if you have the `snprintf' function. */ -#define HAVE_SNPRINTF 1 - -/* Define to 1 if you have the `socketpair' function. */ -/* #undef HAVE_SOCKETPAIR */ - -/* Have PEERCRED socket option */ -/* #undef HAVE_SO_PEERCRED */ - -/* define if you have ssize_t data type */ -#define HAVE_SSIZE_T 1 - -/* Fields in struct sockaddr_storage */ -#define HAVE_SS_FAMILY_IN_SS 1 - -/* Define to 1 if you have the `statfs' function. */ -/* #undef HAVE_STATFS */ - -/* Define to 1 if you have the `statvfs' function. */ -/* #undef HAVE_STATVFS */ - -/* Define to 1 if you have the <stddef.h> header file. */ -#define HAVE_STDDEF_H 1 - -/* Define to 1 if you have the <stdint.h> header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the `strdup' function. */ -#define HAVE_STRDUP 1 - -/* Define to 1 if you have the `strerror' function. */ -#define HAVE_STRERROR 1 - -/* Define to 1 if you have the `strftime' function. */ -#define HAVE_STRFTIME 1 - -/* Silly mkstemp() */ -/* #undef HAVE_STRICT_MKSTEMP */ - -/* Define to 1 if you have the <strings.h> header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the `strlcat' function. */ -/* #undef HAVE_STRLCAT */ - -/* Define to 1 if you have the `strlcpy' function. */ -/* #undef HAVE_STRLCPY */ - -/* Define to 1 if you have the `strmode' function. */ -/* #undef HAVE_STRMODE */ - -/* Define to 1 if you have the `strnvis' function. */ -/* #undef HAVE_STRNVIS */ - -/* Define to 1 if you have the `strptime' function. */ -/* #undef HAVE_STRPTIME */ - -/* Define to 1 if you have the `strsep' function. */ -/* #undef HAVE_STRSEP */ - -/* Define to 1 if you have the `strtoll' function. */ -#define HAVE_STRTOLL 1 - -/* Define to 1 if you have the `strtonum' function. */ -/* #undef HAVE_STRTONUM */ - -/* Define to 1 if you have the `strtoul' function. */ -#define HAVE_STRTOUL 1 - -/* define if you have struct addrinfo data type */ -#define HAVE_STRUCT_ADDRINFO 1 - -/* define if you have struct in6_addr data type */ -/* #undef HAVE_STRUCT_IN6_ADDR */ - -/* define if you have struct sockaddr_in6 data type */ -/* #undef HAVE_STRUCT_SOCKADDR_IN6 */ - -/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ -/* #undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID */ - -/* define if you have struct sockaddr_storage data type */ -#define HAVE_STRUCT_SOCKADDR_STORAGE 1 - -/* Define to 1 if `st_blksize' is a member of `struct stat'. */ -/* #undef HAVE_STRUCT_STAT_ST_BLKSIZE */ - -/* Define to 1 if the system has the type `struct timespec'. */ -/* #undef HAVE_STRUCT_TIMESPEC */ - -/* define if you have struct timeval */ -#define HAVE_STRUCT_TIMEVAL 1 - -/* Define to 1 if you have the `swap32' function. */ -/* #undef HAVE_SWAP32 */ - -/* Define to 1 if you have the `sysconf' function. */ -/* #undef HAVE_SYSCONF */ - -/* Define if you have syslen in utmpx.h */ -/* #undef HAVE_SYSLEN_IN_UTMPX */ - -/* Define to 1 if you have the <sys/audit.h> header file. */ -/* #undef HAVE_SYS_AUDIT_H */ - -/* Define to 1 if you have the <sys/bitypes.h> header file. */ -/* #undef HAVE_SYS_BITYPES_H */ - -/* Define to 1 if you have the <sys/bsdtty.h> header file. */ -/* #undef HAVE_SYS_BSDTTY_H */ - -/* Define to 1 if you have the <sys/cdefs.h> header file. */ -/* #undef HAVE_SYS_CDEFS_H */ - -/* Define to 1 if you have the <sys/dir.h> header file. */ -/* #undef HAVE_SYS_DIR_H */ - -/* Define if your system defines sys_errlist[] */ -/* #undef HAVE_SYS_ERRLIST */ - -/* Define to 1 if you have the <sys/mman.h> header file. */ -/* #undef HAVE_SYS_MMAN_H */ - -/* Define to 1 if you have the <sys/mount.h> header file. */ -/* #undef HAVE_SYS_MOUNT_H */ - -/* Define to 1 if you have the <sys/ndir.h> header file. */ -/* #undef HAVE_SYS_NDIR_H */ - -/* Define if your system defines sys_nerr */ -/* #undef HAVE_SYS_NERR */ - -/* Define to 1 if you have the <sys/poll.h> header file. */ -/* #undef HAVE_SYS_POLL_H */ - -/* Define to 1 if you have the <sys/prctl.h> header file. */ -/* #undef HAVE_SYS_PRCTL_H */ - -/* Define to 1 if you have the <sys/pstat.h> header file. */ -/* #undef HAVE_SYS_PSTAT_H */ - -/* Define to 1 if you have the <sys/ptms.h> header file. */ -/* #undef HAVE_SYS_PTMS_H */ - -/* Define to 1 if you have the <sys/select.h> header file. */ -/* #undef HAVE_SYS_SELECT_H */ - -/* Define to 1 if you have the <sys/statvfs.h> header file. */ -/* #undef HAVE_SYS_STATVFS_H */ - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#define HAVE_SYS_STAT_H 1 - -/* Define to 1 if you have the <sys/stream.h> header file. */ -/* #undef HAVE_SYS_STREAM_H */ - -/* Define to 1 if you have the <sys/stropts.h> header file. */ -/* #undef HAVE_SYS_STROPTS_H */ - -/* Define to 1 if you have the <sys/strtio.h> header file. */ -/* #undef HAVE_SYS_STRTIO_H */ - -/* Force use of sys/syslog.h on Ultrix */ -/* #undef HAVE_SYS_SYSLOG_H */ - -/* Define to 1 if you have the <sys/sysmacros.h> header file. */ -/* #undef HAVE_SYS_SYSMACROS_H */ - -/* Define to 1 if you have the <sys/timers.h> header file. */ -/* #undef HAVE_SYS_TIMERS_H */ - -/* Define to 1 if you have the <sys/time.h> header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define to 1 if you have the <sys/types.h> header file. */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the <sys/un.h> header file. */ -/* #undef HAVE_SYS_UN_H */ - -/* Define to 1 if you have the `tcgetpgrp' function. */ -/* #undef HAVE_TCGETPGRP */ - -/* Define to 1 if you have the `tcsendbreak' function. */ -/* #undef HAVE_TCSENDBREAK */ - -/* Define to 1 if you have the `time' function. */ -#define HAVE_TIME 1 - -/* Define to 1 if you have the <time.h> header file. */ -#define HAVE_TIME_H 1 - -/* Define if you have ut_time in utmp.h */ -/* #undef HAVE_TIME_IN_UTMP */ - -/* Define if you have ut_time in utmpx.h */ -/* #undef HAVE_TIME_IN_UTMPX */ - -/* Define to 1 if you have the `timingsafe_bcmp' function. */ -/* #undef HAVE_TIMINGSAFE_BCMP */ - -/* Define to 1 if you have the <tmpdir.h> header file. */ -/* #undef HAVE_TMPDIR_H */ - -/* Define to 1 if you have the `truncate' function. */ -/* #undef HAVE_TRUNCATE */ - -/* Define to 1 if you have tty support */ -/* #undef HAVE_TTY */ - -/* Define to 1 if you have the <ttyent.h> header file. */ -/* #undef HAVE_TTYENT_H */ - -/* Define if you have ut_tv in utmp.h */ -/* #undef HAVE_TV_IN_UTMP */ - -/* Define if you have ut_tv in utmpx.h */ -/* #undef HAVE_TV_IN_UTMPX */ - -/* Define if you have ut_type in utmp.h */ -/* #undef HAVE_TYPE_IN_UTMP */ - -/* Define if you have ut_type in utmpx.h */ -/* #undef HAVE_TYPE_IN_UTMPX */ - -/* Define to 1 if you have the <ucred.h> header file. */ -/* #undef HAVE_UCRED_H */ - -/* define if you have uintxx_t data type */ -#define HAVE_UINTXX_T 1 - -/* Define to 1 if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `unsetenv' function. */ -/* #undef HAVE_UNSETENV */ - -/* Define to 1 if the system has the type `unsigned long long'. */ -#define HAVE_UNSIGNED_LONG_LONG 1 - -/* Define to 1 if you have the `updwtmp' function. */ -/* #undef HAVE_UPDWTMP */ - -/* Define to 1 if you have the `updwtmpx' function. */ -/* #undef HAVE_UPDWTMPX */ - -/* Define to 1 if you have the <usersec.h> header file. */ -/* #undef HAVE_USERSEC_H */ - -/* Define to 1 if you have the `user_from_uid' function. */ -/* #undef HAVE_USER_FROM_UID */ - -/* Define to 1 if you have the <util.h> header file. */ -/* #undef HAVE_UTIL_H */ - -/* Define to 1 if you have the `utimes' function. */ -/* #undef HAVE_UTIMES */ - -/* Define to 1 if you have the <utime.h> header file. */ -#define HAVE_UTIME_H 1 - -/* Define to 1 if you have the `utmpname' function. */ -/* #undef HAVE_UTMPNAME */ - -/* Define to 1 if you have the `utmpxname' function. */ -/* #undef HAVE_UTMPXNAME */ - -/* Define to 1 if you have the <utmpx.h> header file. */ -/* #undef HAVE_UTMPX_H */ - -/* Define to 1 if you have the <utmp.h> header file. */ -/* #undef HAVE_UTMP_H */ - -/* define if you have u_char data type */ -/* #undef HAVE_U_CHAR */ - -/* define if you have u_int data type */ -/* #undef HAVE_U_INT */ - -/* define if you have u_int64_t data type */ -/* #undef HAVE_U_INT64_T */ - -/* define if you have u_intxx_t data type */ -/* #undef HAVE_U_INTXX_T */ - -/* Define to 1 if you have the `vasprintf' function. */ -/* #undef HAVE_VASPRINTF */ - -/* Define if va_copy exists */ -#define HAVE_VA_COPY 1 - -/* Define to 1 if you have the `vhangup' function. */ -/* #undef HAVE_VHANGUP */ - -/* Define to 1 if you have the <vis.h> header file. */ -/* #undef HAVE_VIS_H */ - -/* Define to 1 if you have the `vsnprintf' function. */ -#define HAVE_VSNPRINTF 1 - -/* Define to 1 if you have the `waitpid' function. */ -/* #undef HAVE_WAITPID */ - -/* Define to 1 if you have the `_getlong' function. */ -/* #undef HAVE__GETLONG */ - -/* Define to 1 if you have the `_getpty' function. */ -/* #undef HAVE__GETPTY */ - -/* Define to 1 if you have the `_getshort' function. */ -/* #undef HAVE__GETSHORT */ - -/* Define if you have struct __res_state _res as an extern */ -#define HAVE__RES_EXTERN 1 - -/* Define to 1 if you have the `__b64_ntop' function. */ -/* #undef HAVE___B64_NTOP */ - -/* Define to 1 if you have the `__b64_pton' function. */ -/* #undef HAVE___B64_PTON */ - -/* Define if compiler implements __FUNCTION__ */ -#define HAVE___FUNCTION__ 1 - -/* Define if libc defines __progname */ -/* #undef HAVE___PROGNAME */ - -/* Fields in struct sockaddr_storage */ -/* #undef HAVE___SS_FAMILY_IN_SS */ - -/* Define if __va_copy exists */ -#define HAVE___VA_COPY 1 - -/* Define if compiler implements __func__ */ -#define HAVE___func__ 1 - -/* Define this if you are using the Heimdal version of Kerberos V5 */ -/* #undef HEIMDAL */ - -/* Define if you need to use IP address instead of hostname in $DISPLAY */ -/* #undef IPADDR_IN_DISPLAY */ - -/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ -/* #undef IPV4_IN_IPV6 */ - -/* Define if your system choked on IP TOS setting */ -#define IP_TOS_IS_BROKEN 1 - -/* Define if you want Kerberos 5 support */ -#define KRB5 1 - -/* Define if pututxline updates lastlog too */ -/* #undef LASTLOG_WRITE_PUTUTXLINE */ - -/* Define if you want TCP Wrappers support */ -/* #undef LIBWRAP */ - -/* Define to whatever link() returns for "not supported" if it doesn't return - EOPNOTSUPP. */ -/* #undef LINK_OPNOTSUPP_ERRNO */ - -/* Adjust Linux out-of-memory killer */ -/* #undef LINUX_OOM_ADJUST */ - -/* max value of long long calculated by configure */ -/* #undef LLONG_MAX */ - -/* min value of long long calculated by configure */ -/* #undef LLONG_MIN */ - -/* Account locked with pw(1) */ -/* #undef LOCKED_PASSWD_PREFIX */ - -/* String used in /etc/passwd to denote locked account */ -/* #undef LOCKED_PASSWD_STRING */ - -/* String used in /etc/passwd to denote locked account */ -/* #undef LOCKED_PASSWD_SUBSTR */ - -/* Some versions of /bin/login need the TERM supplied on the commandline */ -/* #undef LOGIN_NEEDS_TERM */ - -/* Some systems need a utmpx entry for /bin/login to work */ -/* #undef LOGIN_NEEDS_UTMPX */ - -/* Define if your login program cannot handle end of options ("--") */ -/* #undef LOGIN_NO_ENDOPT */ - -/* If your header files don't define LOGIN_PROGRAM, then use this (detected) - from environment and PATH */ -#define LOGIN_PROGRAM_FALLBACK "/usr/bin/login" - -/* Set this to your mail directory if you do not have _PATH_MAILDIR */ -#define MAIL_DIRECTORY "/var/spool/mail" - -/* Define on *nto-qnx systems */ -/* #undef MISSING_FD_MASK */ - -/* Define on *nto-qnx systems */ -/* #undef MISSING_HOWMANY */ - -/* Define on *nto-qnx systems */ -/* #undef MISSING_NFDBITS */ - -/* Need setpgrp to acquire controlling tty */ -/* #undef NEED_SETPGRP */ - -/* Define if the concept of ports only accessible to superusers isn't known - */ -#define NO_IPPORT_RESERVED_CONCEPT 1 - -/* Define if you don't want to use lastlog in session.c */ -/* #undef NO_SSH_LASTLOG */ - -/* Define if X11 doesn't support AF_UNIX sockets on that system */ -#define NO_X11_UNIX_SOCKETS 1 - -/* Define if EVP_DigestUpdate returns void */ -/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */ - -/* libcrypto includes complete ECC support */ -#define OPENSSL_HAS_ECC 1 - -/* libcrypto is missing AES 192 and 256 bit functions */ -/* #undef OPENSSL_LOBOTOMISED_AES */ - -/* Define if you want OpenSSL's internally seeded PRNG only */ -#define OPENSSL_PRNG_ONLY 1 - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "OpenSSH" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "OpenSSH Portable" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "openssh" - -/* Define to the home page for this package. */ -#define PACKAGE_URL "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "Portable" - -/* Define if you are using Solaris-derived PAM which passes pam_messages to - the conversation function with an extra level of indirection */ -/* #undef PAM_SUN_CODEBASE */ - -/* Work around problematic Linux PAM modules handling of PAM_TTY */ -/* #undef PAM_TTY_KLUDGE */ - -/* must supply username to passwd */ -/* #undef PASSWD_NEEDS_USERNAME */ - -/* Port number of PRNGD/EGD random number socket */ -/* #undef PRNGD_PORT */ - -/* Location of PRNGD/EGD random number socket */ -/* #undef PRNGD_SOCKET */ - -/* read(1) can return 0 for a non-closed fd */ -/* #undef PTY_ZEROREAD */ - -/* Sandbox using Darwin sandbox_init(3) */ -/* #undef SANDBOX_DARWIN */ - -/* no privsep sandboxing */ -#define SANDBOX_NULL 1 - -/* Sandbox using setrlimit(2) */ -/* #undef SANDBOX_RLIMIT */ - -/* Sandbox using systrace(4) */ -/* #undef SANDBOX_SYSTRACE */ - -/* Define if your platform breaks doing a seteuid before a setuid */ -/* #undef SETEUID_BREAKS_SETUID */ - -/* The size of `char', as computed by sizeof. */ -#define SIZEOF_CHAR 1 - -/* The size of `int', as computed by sizeof. */ -#define SIZEOF_INT 4 - -/* The size of `long int', as computed by sizeof. */ -#define SIZEOF_LONG_INT 4 - -/* The size of `long long int', as computed by sizeof. */ -#define SIZEOF_LONG_LONG_INT 8 - -/* The size of `short int', as computed by sizeof. */ -#define SIZEOF_SHORT_INT 2 - -/* Define if you want S/Key support */ -/* #undef SKEY */ - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -/* #undef SKEYCHALLENGE_4ARG */ - -/* Define as const if snprintf() can declare const char *fmt */ -#define SNPRINTF_CONST const - -/* Define to a Set Process Title type if your system is supported by - bsd-setproctitle.c */ -/* #undef SPT_TYPE */ - -/* Define if sshd somehow reacquires a controlling TTY after setsid() */ -/* #undef SSHD_ACQUIRES_CTTY */ - -/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ -/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */ - -/* Use audit debugging module */ -/* #undef SSH_AUDIT_EVENTS */ - -/* Windows is sensitive to read buffer size */ -/* #undef SSH_IOBUFSZ */ - -/* non-privileged user for privilege separation */ -#define SSH_PRIVSEP_USER "sshd" - -/* Use tunnel device compatibility to OpenBSD */ -/* #undef SSH_TUN_COMPAT_AF */ - -/* Open tunnel devices the FreeBSD way */ -/* #undef SSH_TUN_FREEBSD */ - -/* Open tunnel devices the Linux tun/tap way */ -/* #undef SSH_TUN_LINUX */ - -/* No layer 2 tunnel support */ -/* #undef SSH_TUN_NO_L2 */ - -/* Open tunnel devices the OpenBSD way */ -/* #undef SSH_TUN_OPENBSD */ - -/* Prepend the address family to IP tunnel traffic */ -/* #undef SSH_TUN_PREPEND_AF */ - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define if you want a different $PATH for the superuser */ -/* #undef SUPERUSER_PATH */ - -/* syslog_r function is safe to use in in a signal handler */ -/* #undef SYSLOG_R_SAFE_IN_SIGHAND */ - -/* Support passwords > 8 chars */ -/* #undef UNIXWARE_LONG_PASSWORDS */ - -/* Specify default $PATH */ -#define USER_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin" - -/* Define this if you want to use libkafs' AFS support */ -/* #undef USE_AFS */ - -/* Use BSM audit module */ -/* #undef USE_BSM_AUDIT */ - -/* Use btmp to log bad logins */ -/* #undef USE_BTMP */ - -/* Use libedit for sftp */ -/* #undef USE_LIBEDIT */ - -/* Use Linux audit module */ -/* #undef USE_LINUX_AUDIT */ - -/* Enable OpenSSL engine support */ -/* #undef USE_OPENSSL_ENGINE */ - -/* Define if you want to enable PAM support */ -/* #undef USE_PAM */ - -/* Use PIPES instead of a socketpair() */ -#define USE_PIPES 1 - -/* Define if you want to sanitize fds */ -/* #undef USE_SANITISE_STDFD */ - -/* Define if you have Solaris process contracts */ -/* #undef USE_SOLARIS_PROCESS_CONTRACTS */ - -/* Define if you have Solaris projects */ -/* #undef USE_SOLARIS_PROJECTS */ - -/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ -/* #undef WITH_ABBREV_NO_TTY */ - -/* Define if you want to enable AIX4's authenticate function */ -/* #undef WITH_AIXAUTHENTICATE */ - -/* Define if you have/want arrays (cluster-wide session managment, not C - arrays) */ -/* #undef WITH_IRIX_ARRAY */ - -/* Define if you want IRIX audit trails */ -/* #undef WITH_IRIX_AUDIT */ - -/* Define if you want IRIX kernel jobs */ -/* #undef WITH_IRIX_JOBS */ - -/* Define if you want IRIX project management */ -/* #undef WITH_IRIX_PROJECT */ - -/* Define if you want SELinux support. */ -/* #undef WITH_SELINUX */ - -/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel). */ -#if defined AC_APPLE_UNIVERSAL_BUILD -# if defined __BIG_ENDIAN__ -# define WORDS_BIGENDIAN 1 -# endif -#else -# ifndef WORDS_BIGENDIAN -/* # undef WORDS_BIGENDIAN */ -# endif -#endif - -/* Define if xauth is found in your path */ -/* #undef XAUTH_PATH */ - -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -/* #undef _FILE_OFFSET_BITS */ - -/* Define for large files, on AIX-style hosts. */ -/* #undef _LARGE_FILES */ - -/* log for bad login attempts */ -/* #undef _PATH_BTMP */ - -/* Full path of your "passwd" program */ -#define _PATH_PASSWD_PROG "/usr/bin/passwd" - -/* Specify location of ssh.pid */ -#define _PATH_SSH_PIDDIR "/var/run" - -/* Define if we don't have struct __res_state in resolv.h */ -#define __res_state state - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -/* #undef inline */ -#endif - -/* type to use in place of socklen_t if not defined */ -/* #undef socklen_t */ -#define WIN32_LEAN_AND_MEAN 1 -#define _CRT_SECURE_NO_DEPRECATE 1 -#define _CRT_NONSTDC_NO_DEPRECATE 1 -#define WIN32_FIXME 1 -#undef USE_NTCREATETOKEN - -/* Define if you must implement a startup_needs function for your platform */ -#define HAVE_STARTUP_NEEDS 1 - -/* Define if your platform uses Winsock instead of BSD sockets (yeah, there are a lot of platforms like this :) */ -#define HAVE_WINSOCK 1 - -#define snprintf _snprintf - -#define BROKEN_READV_COMPARISON - -/* Override detection of some headers and functions on MinGW */ -#undef BROKEN_SNPRINTF -#define GETPGRP_VOID 1 -#undef HAVE_CRYPT_H -#define HAVE_DAEMON 1 -#undef HAVE_ENDIAN_H -#undef HAVE_FCNTL_H -#define HAVE_FREEADDRINFO 1 -#define HAVE_GAI_STRERROR 1 -#define HAVE_GETADDRINFO 1 -#define HAVE_GETGROUPLIST 1 -#define HAVE_GETNAMEINFO 1 -#undef HAVE_ID_IN_UTMPX -#define HAVE_INET_ATON 1 -#define HAVE_INET_NTOA 1 -#define HAVE_INNETGR 1 -#undef HAVE_LIBCRYPT -#define HAVE_MKDTEMP 1 -#define HAVE_NANOSLEEP 1 -#undef HAVE_PATHS_H -#undef HAVE_POLL_H -#undef HAVE_PROC_PID -#undef HAVE_PTY_H -#define HAVE_NANOSLEEP 1 -#define HAVE_READPASSPHRASE 1 -#define HAVE_REALPATH 1 -#undef HAVE_SIG_ATOMIC_T -#define HAVE_SIZE_T 1 -#undef HAVE_STRERROR -#define HAVE_STRMODE 1 -#undef __USE_W32_SOCKETS - -#ifdef __MINGW32__ /* FIXME: Use autoconf to set this correctly */ -/* Define to 1 if you have the `strcasecmp' function. */ -#define HAVE_STRCASECMP 1 - -/* Define to 1 if you have the `strncasecmp' function. */ -#define HAVE_STRNCASECMP 1 -#endif - -#define HAVE_STRUCT_IN6_ADDR 1 -#define HAVE_STRUCT_SOCKADDR_IN6 1 -#define HAVE_STRUCT_TIMEVAL 1 -#undef HAVE_SYS_CDEFS_H -#undef HAVE_SYS_SYSMACROS_H -#undef HAVE_SYS_MMAN_H -#undef HAVE_SYS_UN_H - -#define HAVE_TCGETPGRP 1 - -#undef HAVE_TIME - -#define HAVE_TRUNCATE 1 - -#define HAVE_VIS_H 1 - -#define MISSING_FD_MASK 1 -#define MISSING_HOWMANY 1 -#define MISSING_NFDBITS 1 - -#undef SSH_PRIVSEP_USER - -#define HAVE_OPENPTY 1 - -/* Fixes for loginrec.c */ -#undef CONF_UTMP_FILE -#undef CONF_WTMPX_FILE -#undef CONF_WTMP_FILE -#undef CONF_UTMPX_FILE -#undef CONF_LASTLOG_FILE - -#define BROKEN_SYS_TERMIO_H - -#define strerror strerror_win32 - -#define strerror strerror_win32 - -// PRAGMA SYS PORT -#define WITH_OPENSSL 1 -#define HAVE_KRB5_GET_ERROR_MESSAGE 1 -#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 -#define HAVE_DECL_NFDBITS 0 -#define HAVE_DECL_HOWMANY 0 - -#define WIN32_ZLIB_NO 1 -#define USE_MSCNG 1 - -//#define HAVE_ARC4RANDOM_UNIFORM 1 - diff --git a/win32_config.h.in b/win32_config.h.in deleted file mode 100644 index 8ff5c73..0000000 --- a/win32_config.h.in +++ /dev/null @@ -1,1541 +0,0 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Define if building universal (internal helper macro) */ -#undef AC_APPLE_UNIVERSAL_BUILD - -/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address - */ -#undef AIX_GETNAMEINFO_HACK - -/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) - */ -#undef AIX_LOGINFAILED_4ARG - -/* System only supports IPv4 audit records */ -#undef AU_IPv4 - -/* Define if your resolver libs need this for getrrsetbyname */ -#undef BIND_8_COMPAT - -/* Define if cmsg_type is not passed correctly */ -#undef BROKEN_CMSG_TYPE - -/* getaddrinfo is broken (if present) */ -#undef BROKEN_GETADDRINFO - -/* getgroups(0,NULL) will return -1 */ -#undef BROKEN_GETGROUPS - -/* FreeBSD glob does not do what we need */ -#undef BROKEN_GLOB - -/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ -#undef BROKEN_INET_NTOA - -/* ia_uinfo routines not supported by OS yet */ -#undef BROKEN_LIBIAF - -/* Ultrix mmap can't map files */ -#undef BROKEN_MMAP - -/* Define if your struct dirent expects you to allocate extra space for - d_name */ -#undef BROKEN_ONE_BYTE_DIRENT_D_NAME - -/* Can't do comparisons on readv */ -#undef BROKEN_READV_COMPARISON - -/* Define if you have a broken realpath. */ -#undef BROKEN_REALPATH - -/* Needed for NeXT */ -#undef BROKEN_SAVED_UIDS - -/* Define if your setregid() is broken */ -#undef BROKEN_SETREGID - -/* Define if your setresgid() is broken */ -#undef BROKEN_SETRESGID - -/* Define if your setresuid() is broken */ -#undef BROKEN_SETRESUID - -/* Define if your setreuid() is broken */ -#undef BROKEN_SETREUID - -/* LynxOS has broken setvbuf() implementation */ -#undef BROKEN_SETVBUF - -/* QNX shadow support is broken */ -#undef BROKEN_SHADOW_EXPIRE - -/* Define if your snprintf is busted */ -#undef BROKEN_SNPRINTF - -/* tcgetattr with ICANON may hang */ -#undef BROKEN_TCGETATTR_ICANON - -/* updwtmpx is broken (if present) */ -#undef BROKEN_UPDWTMPX - -/* Define if you have BSD auth support */ -#undef BSD_AUTH - -/* Define if you want to specify the path to your lastlog file */ -#undef CONF_LASTLOG_FILE - -/* Define if you want to specify the path to your utmp file */ -#undef CONF_UTMP_FILE - -/* Define if you want to specify the path to your wtmpx file */ -#undef CONF_WTMPX_FILE - -/* Define if you want to specify the path to your wtmp file */ -#undef CONF_WTMP_FILE - -/* Define if your platform needs to skip post auth file descriptor passing */ -#undef DISABLE_FD_PASSING - -/* Define if you don't want to use lastlog */ -#undef DISABLE_LASTLOG - -/* Define if you don't want to use your system's login() call */ -#undef DISABLE_LOGIN - -/* Define if you don't want to use pututline() etc. to write [uw]tmp */ -#undef DISABLE_PUTUTLINE - -/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ -#undef DISABLE_PUTUTXLINE - -/* Define if you want to disable shadow passwords */ -#undef DISABLE_SHADOW - -/* Define if you don't want to use utmp */ -#undef DISABLE_UTMP - -/* Define if you don't want to use utmpx */ -#undef DISABLE_UTMPX - -/* Define if you don't want to use wtmp */ -#undef DISABLE_WTMP - -/* Define if you don't want to use wtmpx */ -#undef DISABLE_WTMPX - -/* Enable for PKCS#11 support */ -#undef ENABLE_PKCS11 - -/* File names may not contain backslash characters */ -#undef FILESYSTEM_NO_BACKSLASH - -/* fsid_t has member val */ -#undef FSID_HAS_VAL - -/* fsid_t has member __val */ -#undef FSID_HAS___VAL - -/* Define to 1 if the `getpgrp' function requires zero arguments. */ -#undef GETPGRP_VOID - -/* Conflicting defs for getspnam */ -#undef GETSPNAM_CONFLICTING_DEFS - -/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ -#undef GLOB_HAS_ALTDIRFUNC - -/* Define if your system glob() function has gl_matchc options in glob_t */ -#undef GLOB_HAS_GL_MATCHC - -/* Define if your system glob() function has gl_statv options in glob_t */ -#undef GLOB_HAS_GL_STATV - -/* Define this if you want GSSAPI support in the version 2 protocol */ -#undef GSSAPI - -/* Define if you want to use shadow password expire field */ -#undef HAS_SHADOW_EXPIRE - -/* Define if your system uses access rights style file descriptor passing */ -#undef HAVE_ACCRIGHTS_IN_MSGHDR - -/* Define if you have ut_addr in utmp.h */ -#undef HAVE_ADDR_IN_UTMP - -/* Define if you have ut_addr in utmpx.h */ -#undef HAVE_ADDR_IN_UTMPX - -/* Define if you have ut_addr_v6 in utmp.h */ -#undef HAVE_ADDR_V6_IN_UTMP - -/* Define if you have ut_addr_v6 in utmpx.h */ -#undef HAVE_ADDR_V6_IN_UTMPX - -/* Define to 1 if you have the `arc4random' function. */ -#undef HAVE_ARC4RANDOM - -/* Define to 1 if you have the `arc4random_buf' function. */ -#undef HAVE_ARC4RANDOM_BUF - -/* Define to 1 if you have the `arc4random_uniform' function. */ -#undef HAVE_ARC4RANDOM_UNIFORM - -/* Define to 1 if you have the `asprintf' function. */ -#undef HAVE_ASPRINTF - -/* OpenBSD's gcc has bounded */ -#undef HAVE_ATTRIBUTE__BOUNDED__ - -/* Have attribute nonnull */ -#undef HAVE_ATTRIBUTE__NONNULL__ - -/* OpenBSD's gcc has sentinel */ -#undef HAVE_ATTRIBUTE__SENTINEL__ - -/* Define to 1 if you have the `aug_get_machine' function. */ -#undef HAVE_AUG_GET_MACHINE - -/* Define to 1 if you have the `b64_ntop' function. */ -#undef HAVE_B64_NTOP - -/* Define to 1 if you have the `b64_pton' function. */ -#undef HAVE_B64_PTON - -/* Define if you have the basename function. */ -#undef HAVE_BASENAME - -/* Define to 1 if you have the `bcopy' function. */ -#undef HAVE_BCOPY - -/* Define to 1 if you have the `bindresvport_sa' function. */ -#undef HAVE_BINDRESVPORT_SA - -/* Define to 1 if you have the `BN_is_prime_ex' function. */ -#undef HAVE_BN_IS_PRIME_EX - -/* Define to 1 if you have the <bsm/audit.h> header file. */ -#undef HAVE_BSM_AUDIT_H - -/* Define to 1 if you have the <bstring.h> header file. */ -#undef HAVE_BSTRING_H - -/* Define to 1 if you have the `clock' function. */ -#undef HAVE_CLOCK - -/* define if you have clock_t data type */ -#undef HAVE_CLOCK_T - -/* Define to 1 if you have the `closefrom' function. */ -#undef HAVE_CLOSEFROM - -/* Define if gai_strerror() returns const char * */ -#undef HAVE_CONST_GAI_STRERROR_PROTO - -/* Define if your system uses ancillary data style file descriptor passing */ -#undef HAVE_CONTROL_IN_MSGHDR - -/* Define to 1 if you have the <crypto/sha2.h> header file. */ -#undef HAVE_CRYPTO_SHA2_H - -/* Define to 1 if you have the <crypt.h> header file. */ -#undef HAVE_CRYPT_H - -/* Define if you are on Cygwin */ -#undef HAVE_CYGWIN - -/* Define if your libraries define daemon() */ -#undef HAVE_DAEMON - -/* Define to 1 if you have the declaration of `authenticate', and to 0 if you - don't. */ -#undef HAVE_DECL_AUTHENTICATE - -/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you - don't. */ -#undef HAVE_DECL_GLOB_NOMATCH - -/* Define to 1 if you have the declaration of `h_errno', and to 0 if you - don't. */ -#undef HAVE_DECL_H_ERRNO - -/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you - don't. */ -#undef HAVE_DECL_LOGINFAILED - -/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if - you don't. */ -#undef HAVE_DECL_LOGINRESTRICTIONS - -/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you - don't. */ -#undef HAVE_DECL_LOGINSUCCESS - -/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you - don't. */ -#undef HAVE_DECL_MAXSYMLINKS - -/* Define to 1 if you have the declaration of `offsetof', and to 0 if you - don't. */ -#undef HAVE_DECL_OFFSETOF - -/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you - don't. */ -#undef HAVE_DECL_O_NONBLOCK - -/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you - don't. */ -#undef HAVE_DECL_PASSWDEXPIRED - -/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you - don't. */ -#undef HAVE_DECL_SETAUTHDB - -/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you - don't. */ -#undef HAVE_DECL_SHUT_RD - -/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. - */ -#undef HAVE_DECL_WRITEV - -/* Define to 1 if you have the declaration of `_getlong', and to 0 if you - don't. */ -#undef HAVE_DECL__GETLONG - -/* Define to 1 if you have the declaration of `_getshort', and to 0 if you - don't. */ -#undef HAVE_DECL__GETSHORT - -/* Define if you have /dev/ptmx */ -#undef HAVE_DEV_PTMX - -/* Define if you have /dev/ptc */ -#undef HAVE_DEV_PTS_AND_PTC - -/* Define to 1 if you have the <dirent.h> header file. */ -#undef HAVE_DIRENT_H - -/* Define to 1 if you have the `dirfd' function. */ -#undef HAVE_DIRFD - -/* Define to 1 if you have the `dirname' function. */ -#undef HAVE_DIRNAME - -/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ -#undef HAVE_DSA_GENERATE_PARAMETERS_EX - -/* Define to 1 if you have the <endian.h> header file. */ -#undef HAVE_ENDIAN_H - -/* Define to 1 if you have the `endutent' function. */ -#undef HAVE_ENDUTENT - -/* Define to 1 if you have the `endutxent' function. */ -#undef HAVE_ENDUTXENT - -/* Define if your system has /etc/default/login */ -#undef HAVE_ETC_DEFAULT_LOGIN - -/* Define to 1 if you have the `EVP_sha256' function. */ -#undef HAVE_EVP_SHA256 - -/* Define if you have ut_exit in utmp.h */ -#undef HAVE_EXIT_IN_UTMP - -/* Define to 1 if you have the `fchmod' function. */ -#undef HAVE_FCHMOD - -/* Define to 1 if you have the `fchown' function. */ -#undef HAVE_FCHOWN - -/* Use F_CLOSEM fcntl for closefrom */ -#undef HAVE_FCNTL_CLOSEM - -/* Define to 1 if you have the <fcntl.h> header file. */ -#undef HAVE_FCNTL_H - -/* Define to 1 if you have the <features.h> header file. */ -#undef HAVE_FEATURES_H - -/* Define to 1 if you have the <floatingpoint.h> header file. */ -#undef HAVE_FLOATINGPOINT_H - -/* Define to 1 if you have the `fmt_scaled' function. */ -#undef HAVE_FMT_SCALED - -/* Define to 1 if you have the `freeaddrinfo' function. */ -#undef HAVE_FREEADDRINFO - -/* Define to 1 if the system has the type `fsblkcnt_t'. */ -#undef HAVE_FSBLKCNT_T - -/* Define to 1 if the system has the type `fsfilcnt_t'. */ -#undef HAVE_FSFILCNT_T - -/* Define to 1 if you have the `fstatvfs' function. */ -#undef HAVE_FSTATVFS - -/* Define to 1 if you have the `futimes' function. */ -#undef HAVE_FUTIMES - -/* Define to 1 if you have the `gai_strerror' function. */ -#undef HAVE_GAI_STRERROR - -/* Define to 1 if you have the `getaddrinfo' function. */ -#undef HAVE_GETADDRINFO - -/* Define to 1 if you have the `getaudit' function. */ -#undef HAVE_GETAUDIT - -/* Define to 1 if you have the `getaudit_addr' function. */ -#undef HAVE_GETAUDIT_ADDR - -/* Define to 1 if you have the `getcwd' function. */ -#undef HAVE_GETCWD - -/* Define to 1 if you have the `getgrouplist' function. */ -#undef HAVE_GETGROUPLIST - -/* Define to 1 if you have the `getgrset' function. */ -#undef HAVE_GETGRSET - -/* Define to 1 if you have the `getlastlogxbyname' function. */ -#undef HAVE_GETLASTLOGXBYNAME - -/* Define to 1 if you have the `getluid' function. */ -#undef HAVE_GETLUID - -/* Define to 1 if you have the `getnameinfo' function. */ -#undef HAVE_GETNAMEINFO - -/* Define to 1 if you have the `getopt' function. */ -#undef HAVE_GETOPT - -/* Define to 1 if you have the <getopt.h> header file. */ -#undef HAVE_GETOPT_H - -/* Define if your getopt(3) defines and uses optreset */ -#undef HAVE_GETOPT_OPTRESET - -/* Define if your libraries define getpagesize() */ -#undef HAVE_GETPAGESIZE - -/* Define to 1 if you have the `getpeereid' function. */ -#undef HAVE_GETPEEREID - -/* Define to 1 if you have the `getpeerucred' function. */ -#undef HAVE_GETPEERUCRED - -/* Define to 1 if you have the `getpwanam' function. */ -#undef HAVE_GETPWANAM - -/* Define to 1 if you have the `getrlimit' function. */ -#undef HAVE_GETRLIMIT - -/* Define if getrrsetbyname() exists */ -#undef HAVE_GETRRSETBYNAME - -/* Define to 1 if you have the `getrusage' function. */ -#undef HAVE_GETRUSAGE - -/* Define to 1 if you have the `getseuserbyname' function. */ -#undef HAVE_GETSEUSERBYNAME - -/* Define to 1 if you have the `gettimeofday' function. */ -#undef HAVE_GETTIMEOFDAY - -/* Define to 1 if you have the `getttyent' function. */ -#undef HAVE_GETTTYENT - -/* Define to 1 if you have the `getutent' function. */ -#undef HAVE_GETUTENT - -/* Define to 1 if you have the `getutid' function. */ -#undef HAVE_GETUTID - -/* Define to 1 if you have the `getutline' function. */ -#undef HAVE_GETUTLINE - -/* Define to 1 if you have the `getutxent' function. */ -#undef HAVE_GETUTXENT - -/* Define to 1 if you have the `getutxid' function. */ -#undef HAVE_GETUTXID - -/* Define to 1 if you have the `getutxline' function. */ -#undef HAVE_GETUTXLINE - -/* Define to 1 if you have the `getutxuser' function. */ -#undef HAVE_GETUTXUSER - -/* Define to 1 if you have the `get_default_context_with_level' function. */ -#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL - -/* Define to 1 if you have the `glob' function. */ -#undef HAVE_GLOB - -/* Define to 1 if you have the <glob.h> header file. */ -#undef HAVE_GLOB_H - -/* Define to 1 if you have the `group_from_gid' function. */ -#undef HAVE_GROUP_FROM_GID - -/* Define to 1 if you have the <gssapi_generic.h> header file. */ -#undef HAVE_GSSAPI_GENERIC_H - -/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */ -#undef HAVE_GSSAPI_GSSAPI_GENERIC_H - -/* Define to 1 if you have the <gssapi/gssapi.h> header file. */ -#undef HAVE_GSSAPI_GSSAPI_H - -/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ -#undef HAVE_GSSAPI_GSSAPI_KRB5_H - -/* Define to 1 if you have the <gssapi.h> header file. */ -#undef HAVE_GSSAPI_H - -/* Define to 1 if you have the <gssapi_krb5.h> header file. */ -#undef HAVE_GSSAPI_KRB5_H - -/* Define if HEADER.ad exists in arpa/nameser.h */ -#undef HAVE_HEADER_AD - -/* Define if you have ut_host in utmp.h */ -#undef HAVE_HOST_IN_UTMP - -/* Define if you have ut_host in utmpx.h */ -#undef HAVE_HOST_IN_UTMPX - -/* Define to 1 if you have the <iaf.h> header file. */ -#undef HAVE_IAF_H - -/* Define to 1 if you have the <ia.h> header file. */ -#undef HAVE_IA_H - -/* Define if you have ut_id in utmp.h */ -#undef HAVE_ID_IN_UTMP - -/* Define if you have ut_id in utmpx.h */ -#undef HAVE_ID_IN_UTMPX - -/* Define to 1 if you have the `inet_aton' function. */ -#undef HAVE_INET_ATON - -/* Define to 1 if you have the `inet_ntoa' function. */ -#undef HAVE_INET_NTOA - -/* Define to 1 if you have the `inet_ntop' function. */ -#undef HAVE_INET_NTOP - -/* Define to 1 if you have the `innetgr' function. */ -#undef HAVE_INNETGR - -/* define if you have int64_t data type */ -#undef HAVE_INT64_T - -/* Define to 1 if you have the <inttypes.h> header file. */ -#undef HAVE_INTTYPES_H - -/* define if you have intxx_t data type */ -#undef HAVE_INTXX_T - -/* Define to 1 if the system has the type `in_addr_t'. */ -#undef HAVE_IN_ADDR_T - -/* Define to 1 if the system has the type `in_port_t'. */ -#undef HAVE_IN_PORT_T - -/* Define if you have isblank(3C). */ -#undef HAVE_ISBLANK - -/* Define to 1 if you have the <lastlog.h> header file. */ -#undef HAVE_LASTLOG_H - -/* Define to 1 if you have the <libaudit.h> header file. */ -#undef HAVE_LIBAUDIT_H - -/* Define to 1 if you have the `bsm' library (-lbsm). */ -#undef HAVE_LIBBSM - -/* Define to 1 if you have the `crypt' library (-lcrypt). */ -#undef HAVE_LIBCRYPT - -/* Define to 1 if you have the `dl' library (-ldl). */ -#undef HAVE_LIBDL - -/* Define to 1 if you have the <libgen.h> header file. */ -#undef HAVE_LIBGEN_H - -/* Define if system has libiaf that supports set_id */ -#undef HAVE_LIBIAF - -/* Define to 1 if you have the `network' library (-lnetwork). */ -#undef HAVE_LIBNETWORK - -/* Define to 1 if you have the `nsl' library (-lnsl). */ -#undef HAVE_LIBNSL - -/* Define to 1 if you have the `pam' library (-lpam). */ -#undef HAVE_LIBPAM - -/* Define to 1 if you have the `socket' library (-lsocket). */ -#undef HAVE_LIBSOCKET - -/* Define to 1 if you have the <libutil.h> header file. */ -#undef HAVE_LIBUTIL_H - -/* Define to 1 if you have the `xnet' library (-lxnet). */ -#undef HAVE_LIBXNET - -/* Define to 1 if you have the `z' library (-lz). */ -#undef HAVE_LIBZ - -/* Define to 1 if you have the <limits.h> header file. */ -#undef HAVE_LIMITS_H - -/* Define to 1 if you have the <linux/if_tun.h> header file. */ -#undef HAVE_LINUX_IF_TUN_H - -/* Define if your libraries define login() */ -#undef HAVE_LOGIN - -/* Define to 1 if you have the <login_cap.h> header file. */ -#undef HAVE_LOGIN_CAP_H - -/* Define to 1 if you have the `login_getcapbool' function. */ -#undef HAVE_LOGIN_GETCAPBOOL - -/* Define to 1 if you have the <login.h> header file. */ -#undef HAVE_LOGIN_H - -/* Define to 1 if you have the `logout' function. */ -#undef HAVE_LOGOUT - -/* Define to 1 if you have the `logwtmp' function. */ -#undef HAVE_LOGWTMP - -/* Define to 1 if the system has the type `long double'. */ -#undef HAVE_LONG_DOUBLE - -/* Define to 1 if the system has the type `long long'. */ -#undef HAVE_LONG_LONG - -/* Define to 1 if you have the <maillock.h> header file. */ -#undef HAVE_MAILLOCK_H - -/* Define to 1 if you have the `md5_crypt' function. */ -#undef HAVE_MD5_CRYPT - -/* Define if you want to allow MD5 passwords */ -#undef HAVE_MD5_PASSWORDS - -/* Define to 1 if you have the `memmove' function. */ -#undef HAVE_MEMMOVE - -/* Define to 1 if you have the <memory.h> header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the `mkdtemp' function. */ -#undef HAVE_MKDTEMP - -/* Define to 1 if you have the `mmap' function. */ -#undef HAVE_MMAP - -/* define if you have mode_t data type */ -#undef HAVE_MODE_T - -/* Some systems put nanosleep outside of libc */ -#undef HAVE_NANOSLEEP - -/* Define to 1 if you have the <ndir.h> header file. */ -#undef HAVE_NDIR_H - -/* Define to 1 if you have the <netdb.h> header file. */ -#undef HAVE_NETDB_H - -/* Define to 1 if you have the <netgroup.h> header file. */ -#undef HAVE_NETGROUP_H - -/* Define to 1 if you have the <net/if_tun.h> header file. */ -#undef HAVE_NET_IF_TUN_H - -/* Define if you are on NeXT */ -#undef HAVE_NEXT - -/* Define to 1 if you have the `ngetaddrinfo' function. */ -#undef HAVE_NGETADDRINFO - -/* Define to 1 if you have the `nsleep' function. */ -#undef HAVE_NSLEEP - -/* Define to 1 if you have the `ogetaddrinfo' function. */ -#undef HAVE_OGETADDRINFO - -/* Define if you have an old version of PAM which takes only one argument to - pam_strerror */ -#undef HAVE_OLD_PAM - -/* Define to 1 if you have the `openlog_r' function. */ -#undef HAVE_OPENLOG_R - -/* Define to 1 if you have the `openpty' function. */ -#undef HAVE_OPENPTY - -/* Define if your ssl headers are included with #include <openssl/header.h> - */ -#undef HAVE_OPENSSL - -/* Define if you have Digital Unix Security Integration Architecture */ -#undef HAVE_OSF_SIA - -/* Define to 1 if you have the `pam_getenvlist' function. */ -#undef HAVE_PAM_GETENVLIST - -/* Define to 1 if you have the <pam/pam_appl.h> header file. */ -#undef HAVE_PAM_PAM_APPL_H - -/* Define to 1 if you have the `pam_putenv' function. */ -#undef HAVE_PAM_PUTENV - -/* Define to 1 if you have the <paths.h> header file. */ -#undef HAVE_PATHS_H - -/* Define if you have ut_pid in utmp.h */ -#undef HAVE_PID_IN_UTMP - -/* define if you have pid_t data type */ -#undef HAVE_PID_T - -/* Define to 1 if you have the `poll' function. */ -#undef HAVE_POLL - -/* Define to 1 if you have the <poll.h> header file. */ -#undef HAVE_POLL_H - -/* Define to 1 if you have the `prctl' function. */ -#undef HAVE_PRCTL - -/* Define to 1 if you have priveleged-port concept */ -#undef HAVE_PRIV_CONCEPT - -/* Define if you have /proc/$pid/fd */ -#undef HAVE_PROC_PID - -/* Define to 1 if you have the `pstat' function. */ -#undef HAVE_PSTAT - -/* Define to 1 if you have the <pty.h> header file. */ -#undef HAVE_PTY_H - -/* Define to 1 if you have the `pututline' function. */ -#undef HAVE_PUTUTLINE - -/* Define to 1 if you have the `pututxline' function. */ -#undef HAVE_PUTUTXLINE - -/* Define if your password has a pw_change field */ -#undef HAVE_PW_CHANGE_IN_PASSWD - -/* Define if your password has a pw_class field */ -#undef HAVE_PW_CLASS_IN_PASSWD - -/* Define if your password has a pw_expire field */ -#undef HAVE_PW_EXPIRE_IN_PASSWD - -/* Define to 1 if you have the `readpassphrase' function. */ -#undef HAVE_READPASSPHRASE - -/* Define to 1 if you have the <readpassphrase.h> header file. */ -#undef HAVE_READPASSPHRASE_H - -/* Define to 1 if you have the `realpath' function. */ -#undef HAVE_REALPATH - -/* Define to 1 if you have the `recvmsg' function. */ -#undef HAVE_RECVMSG - -/* sys/resource.h has RLIMIT_NPROC */ -#undef HAVE_RLIMIT_NPROC - -/* Define to 1 if you have the <rpc/types.h> header file. */ -#undef HAVE_RPC_TYPES_H - -/* Define to 1 if you have the `rresvport_af' function. */ -#undef HAVE_RRESVPORT_AF - -/* Define to 1 if you have the `RSA_generate_key_ex' function. */ -#undef HAVE_RSA_GENERATE_KEY_EX - -/* Define to 1 if you have the `RSA_get_default_method' function. */ -#undef HAVE_RSA_GET_DEFAULT_METHOD - -/* Define to 1 if you have the <sandbox.h> header file. */ -#undef HAVE_SANDBOX_H - -/* Define to 1 if you have the `sandbox_init' function. */ -#undef HAVE_SANDBOX_INIT - -/* define if you have sa_family_t data type */ -#undef HAVE_SA_FAMILY_T - -/* Define if you have SecureWare-based protected password database */ -#undef HAVE_SECUREWARE - -/* Define to 1 if you have the <security/pam_appl.h> header file. */ -#undef HAVE_SECURITY_PAM_APPL_H - -/* Define to 1 if you have the `sendmsg' function. */ -#undef HAVE_SENDMSG - -/* Define to 1 if you have the `setauthdb' function. */ -#undef HAVE_SETAUTHDB - -/* Define to 1 if you have the `setdtablesize' function. */ -#undef HAVE_SETDTABLESIZE - -/* Define to 1 if you have the `setegid' function. */ -#undef HAVE_SETEGID - -/* Define to 1 if you have the `setenv' function. */ -#undef HAVE_SETENV - -/* Define to 1 if you have the `seteuid' function. */ -#undef HAVE_SETEUID - -/* Define to 1 if you have the `setgroupent' function. */ -#undef HAVE_SETGROUPENT - -/* Define to 1 if you have the `setgroups' function. */ -#undef HAVE_SETGROUPS - -/* Define to 1 if you have the `setlogin' function. */ -#undef HAVE_SETLOGIN - -/* Define to 1 if you have the `setluid' function. */ -#undef HAVE_SETLUID - -/* Define to 1 if you have the `setpcred' function. */ -#undef HAVE_SETPCRED - -/* Define to 1 if you have the `setproctitle' function. */ -#undef HAVE_SETPROCTITLE - -/* Define to 1 if you have the `setregid' function. */ -#undef HAVE_SETREGID - -/* Define to 1 if you have the `setresgid' function. */ -#undef HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -#undef HAVE_SETRESUID - -/* Define to 1 if you have the `setreuid' function. */ -#undef HAVE_SETREUID - -/* Define to 1 if you have the `setrlimit' function. */ -#undef HAVE_SETRLIMIT - -/* Define to 1 if you have the `setsid' function. */ -#undef HAVE_SETSID - -/* Define to 1 if you have the `setutent' function. */ -#undef HAVE_SETUTENT - -/* Define to 1 if you have the `setutxdb' function. */ -#undef HAVE_SETUTXDB - -/* Define to 1 if you have the `setutxent' function. */ -#undef HAVE_SETUTXENT - -/* Define to 1 if you have the `setvbuf' function. */ -#undef HAVE_SETVBUF - -/* Define to 1 if you have the `set_id' function. */ -#undef HAVE_SET_ID - -/* Define to 1 if you have the `SHA256_Update' function. */ -#undef HAVE_SHA256_UPDATE - -/* Define to 1 if you have the <sha2.h> header file. */ -#undef HAVE_SHA2_H - -/* Define to 1 if you have the <shadow.h> header file. */ -#undef HAVE_SHADOW_H - -/* Define to 1 if you have the `sigaction' function. */ -#undef HAVE_SIGACTION - -/* Define to 1 if you have the `sigvec' function. */ -#undef HAVE_SIGVEC - -/* Define to 1 if the system has the type `sig_atomic_t'. */ -#undef HAVE_SIG_ATOMIC_T - -/* define if you have size_t data type */ -#undef HAVE_SIZE_T - -/* Define to 1 if you have the `snprintf' function. */ -#undef HAVE_SNPRINTF - -/* Define to 1 if you have the `socketpair' function. */ -#undef HAVE_SOCKETPAIR - -/* Have PEERCRED socket option */ -#undef HAVE_SO_PEERCRED - -/* define if you have ssize_t data type */ -#undef HAVE_SSIZE_T - -/* Fields in struct sockaddr_storage */ -#undef HAVE_SS_FAMILY_IN_SS - -/* Define to 1 if you have the `statfs' function. */ -#undef HAVE_STATFS - -/* Define to 1 if you have the `statvfs' function. */ -#undef HAVE_STATVFS - -/* Define to 1 if you have the <stddef.h> header file. */ -#undef HAVE_STDDEF_H - -/* Define to 1 if you have the <stdint.h> header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the <stdlib.h> header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the `strdup' function. */ -#undef HAVE_STRDUP - -/* Define to 1 if you have the `strerror' function. */ -#undef HAVE_STRERROR - -/* Define to 1 if you have the `strftime' function. */ -#undef HAVE_STRFTIME - -/* Silly mkstemp() */ -#undef HAVE_STRICT_MKSTEMP - -/* Define to 1 if you have the <strings.h> header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the <string.h> header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the `strlcat' function. */ -#undef HAVE_STRLCAT - -/* Define to 1 if you have the `strlcpy' function. */ -#undef HAVE_STRLCPY - -/* Define to 1 if you have the `strmode' function. */ -#undef HAVE_STRMODE - -/* Define to 1 if you have the `strnvis' function. */ -#undef HAVE_STRNVIS - -/* Define to 1 if you have the `strptime' function. */ -#undef HAVE_STRPTIME - -/* Define to 1 if you have the `strsep' function. */ -#undef HAVE_STRSEP - -/* Define to 1 if you have the `strtoll' function. */ -#undef HAVE_STRTOLL - -/* Define to 1 if you have the `strtonum' function. */ -#undef HAVE_STRTONUM - -/* Define to 1 if you have the `strtoul' function. */ -#undef HAVE_STRTOUL - -/* define if you have struct addrinfo data type */ -#undef HAVE_STRUCT_ADDRINFO - -/* define if you have struct in6_addr data type */ -#undef HAVE_STRUCT_IN6_ADDR - -/* define if you have struct sockaddr_in6 data type */ -#undef HAVE_STRUCT_SOCKADDR_IN6 - -/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ -#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID - -/* define if you have struct sockaddr_storage data type */ -#undef HAVE_STRUCT_SOCKADDR_STORAGE - -/* Define to 1 if `st_blksize' is a member of `struct stat'. */ -#undef HAVE_STRUCT_STAT_ST_BLKSIZE - -/* Define to 1 if the system has the type `struct timespec'. */ -#undef HAVE_STRUCT_TIMESPEC - -/* define if you have struct timeval */ -#undef HAVE_STRUCT_TIMEVAL - -/* Define to 1 if you have the `swap32' function. */ -#undef HAVE_SWAP32 - -/* Define to 1 if you have the `sysconf' function. */ -#undef HAVE_SYSCONF - -/* Define if you have syslen in utmpx.h */ -#undef HAVE_SYSLEN_IN_UTMPX - -/* Define to 1 if you have the <sys/audit.h> header file. */ -#undef HAVE_SYS_AUDIT_H - -/* Define to 1 if you have the <sys/bitypes.h> header file. */ -#undef HAVE_SYS_BITYPES_H - -/* Define to 1 if you have the <sys/bsdtty.h> header file. */ -#undef HAVE_SYS_BSDTTY_H - -/* Define to 1 if you have the <sys/cdefs.h> header file. */ -#undef HAVE_SYS_CDEFS_H - -/* Define to 1 if you have the <sys/dir.h> header file. */ -#undef HAVE_SYS_DIR_H - -/* Define if your system defines sys_errlist[] */ -#undef HAVE_SYS_ERRLIST - -/* Define to 1 if you have the <sys/mman.h> header file. */ -#undef HAVE_SYS_MMAN_H - -/* Define to 1 if you have the <sys/mount.h> header file. */ -#undef HAVE_SYS_MOUNT_H - -/* Define to 1 if you have the <sys/ndir.h> header file. */ -#undef HAVE_SYS_NDIR_H - -/* Define if your system defines sys_nerr */ -#undef HAVE_SYS_NERR - -/* Define to 1 if you have the <sys/poll.h> header file. */ -#undef HAVE_SYS_POLL_H - -/* Define to 1 if you have the <sys/prctl.h> header file. */ -#undef HAVE_SYS_PRCTL_H - -/* Define to 1 if you have the <sys/pstat.h> header file. */ -#undef HAVE_SYS_PSTAT_H - -/* Define to 1 if you have the <sys/ptms.h> header file. */ -#undef HAVE_SYS_PTMS_H - -/* Define to 1 if you have the <sys/select.h> header file. */ -#undef HAVE_SYS_SELECT_H - -/* Define to 1 if you have the <sys/statvfs.h> header file. */ -#undef HAVE_SYS_STATVFS_H - -/* Define to 1 if you have the <sys/stat.h> header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the <sys/stream.h> header file. */ -#undef HAVE_SYS_STREAM_H - -/* Define to 1 if you have the <sys/stropts.h> header file. */ -#undef HAVE_SYS_STROPTS_H - -/* Define to 1 if you have the <sys/strtio.h> header file. */ -#undef HAVE_SYS_STRTIO_H - -/* Force use of sys/syslog.h on Ultrix */ -#undef HAVE_SYS_SYSLOG_H - -/* Define to 1 if you have the <sys/sysmacros.h> header file. */ -#undef HAVE_SYS_SYSMACROS_H - -/* Define to 1 if you have the <sys/timers.h> header file. */ -#undef HAVE_SYS_TIMERS_H - -/* Define to 1 if you have the <sys/time.h> header file. */ -#undef HAVE_SYS_TIME_H - -/* Define to 1 if you have the <sys/types.h> header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the <sys/un.h> header file. */ -#undef HAVE_SYS_UN_H - -/* Define to 1 if you have the `tcgetpgrp' function. */ -#undef HAVE_TCGETPGRP - -/* Define to 1 if you have the `tcsendbreak' function. */ -#undef HAVE_TCSENDBREAK - -/* Define to 1 if you have the `time' function. */ -#undef HAVE_TIME - -/* Define to 1 if you have the <time.h> header file. */ -#undef HAVE_TIME_H - -/* Define if you have ut_time in utmp.h */ -#undef HAVE_TIME_IN_UTMP - -/* Define if you have ut_time in utmpx.h */ -#undef HAVE_TIME_IN_UTMPX - -/* Define to 1 if you have the `timingsafe_bcmp' function. */ -#undef HAVE_TIMINGSAFE_BCMP - -/* Define to 1 if you have the <tmpdir.h> header file. */ -#undef HAVE_TMPDIR_H - -/* Define to 1 if you have the `truncate' function. */ -#undef HAVE_TRUNCATE - -/* Define to 1 if you have tty support */ -#undef HAVE_TTY - -/* Define to 1 if you have the <ttyent.h> header file. */ -#undef HAVE_TTYENT_H - -/* Define if you have ut_tv in utmp.h */ -#undef HAVE_TV_IN_UTMP - -/* Define if you have ut_tv in utmpx.h */ -#undef HAVE_TV_IN_UTMPX - -/* Define if you have ut_type in utmp.h */ -#undef HAVE_TYPE_IN_UTMP - -/* Define if you have ut_type in utmpx.h */ -#undef HAVE_TYPE_IN_UTMPX - -/* Define to 1 if you have the <ucred.h> header file. */ -#undef HAVE_UCRED_H - -/* define if you have uintxx_t data type */ -#undef HAVE_UINTXX_T - -/* Define to 1 if you have the <unistd.h> header file. */ -#undef HAVE_UNISTD_H - -/* Define to 1 if you have the `unsetenv' function. */ -#undef HAVE_UNSETENV - -/* Define to 1 if the system has the type `unsigned long long'. */ -#undef HAVE_UNSIGNED_LONG_LONG - -/* Define to 1 if you have the `updwtmp' function. */ -#undef HAVE_UPDWTMP - -/* Define to 1 if you have the `updwtmpx' function. */ -#undef HAVE_UPDWTMPX - -/* Define to 1 if you have the <usersec.h> header file. */ -#undef HAVE_USERSEC_H - -/* Define to 1 if you have the `user_from_uid' function. */ -#undef HAVE_USER_FROM_UID - -/* Define to 1 if you have the <util.h> header file. */ -#undef HAVE_UTIL_H - -/* Define to 1 if you have the `utimes' function. */ -#undef HAVE_UTIMES - -/* Define to 1 if you have the <utime.h> header file. */ -#undef HAVE_UTIME_H - -/* Define to 1 if you have the `utmpname' function. */ -#undef HAVE_UTMPNAME - -/* Define to 1 if you have the `utmpxname' function. */ -#undef HAVE_UTMPXNAME - -/* Define to 1 if you have the <utmpx.h> header file. */ -#undef HAVE_UTMPX_H - -/* Define to 1 if you have the <utmp.h> header file. */ -#undef HAVE_UTMP_H - -/* define if you have u_char data type */ -#undef HAVE_U_CHAR - -/* define if you have u_int data type */ -#undef HAVE_U_INT - -/* define if you have u_int64_t data type */ -#undef HAVE_U_INT64_T - -/* define if you have u_intxx_t data type */ -#undef HAVE_U_INTXX_T - -/* Define to 1 if you have the `vasprintf' function. */ -#undef HAVE_VASPRINTF - -/* Define if va_copy exists */ -#undef HAVE_VA_COPY - -/* Define to 1 if you have the `vhangup' function. */ -#undef HAVE_VHANGUP - -/* Define to 1 if you have the <vis.h> header file. */ -#undef HAVE_VIS_H - -/* Define to 1 if you have the `vsnprintf' function. */ -#undef HAVE_VSNPRINTF - -/* Define to 1 if you have the `waitpid' function. */ -#undef HAVE_WAITPID - -/* Define to 1 if you have the `_getlong' function. */ -#undef HAVE__GETLONG - -/* Define to 1 if you have the `_getpty' function. */ -#undef HAVE__GETPTY - -/* Define to 1 if you have the `_getshort' function. */ -#undef HAVE__GETSHORT - -/* Define if you have struct __res_state _res as an extern */ -#undef HAVE__RES_EXTERN - -/* Define to 1 if you have the `__b64_ntop' function. */ -#undef HAVE___B64_NTOP - -/* Define to 1 if you have the `__b64_pton' function. */ -#undef HAVE___B64_PTON - -/* Define if compiler implements __FUNCTION__ */ -#undef HAVE___FUNCTION__ - -/* Define if libc defines __progname */ -#undef HAVE___PROGNAME - -/* Fields in struct sockaddr_storage */ -#undef HAVE___SS_FAMILY_IN_SS - -/* Define if __va_copy exists */ -#undef HAVE___VA_COPY - -/* Define if compiler implements __func__ */ -#undef HAVE___func__ - -/* Define this if you are using the Heimdal version of Kerberos V5 */ -#undef HEIMDAL - -/* Define if you need to use IP address instead of hostname in $DISPLAY */ -#undef IPADDR_IN_DISPLAY - -/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ -#undef IPV4_IN_IPV6 - -/* Define if your system choked on IP TOS setting */ -#undef IP_TOS_IS_BROKEN - -/* Define if you want Kerberos 5 support */ -#undef KRB5 - -/* Define if pututxline updates lastlog too */ -#undef LASTLOG_WRITE_PUTUTXLINE - -/* Define if you want TCP Wrappers support */ -#undef LIBWRAP - -/* Define to whatever link() returns for "not supported" if it doesn't return - EOPNOTSUPP. */ -#undef LINK_OPNOTSUPP_ERRNO - -/* Adjust Linux out-of-memory killer */ -#undef LINUX_OOM_ADJUST - -/* max value of long long calculated by configure */ -#undef LLONG_MAX - -/* min value of long long calculated by configure */ -#undef LLONG_MIN - -/* Account locked with pw(1) */ -#undef LOCKED_PASSWD_PREFIX - -/* String used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_STRING - -/* String used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_SUBSTR - -/* Some versions of /bin/login need the TERM supplied on the commandline */ -#undef LOGIN_NEEDS_TERM - -/* Some systems need a utmpx entry for /bin/login to work */ -#undef LOGIN_NEEDS_UTMPX - -/* Define if your login program cannot handle end of options ("--") */ -#undef LOGIN_NO_ENDOPT - -/* If your header files don't define LOGIN_PROGRAM, then use this (detected) - from environment and PATH */ -#undef LOGIN_PROGRAM_FALLBACK - -/* Set this to your mail directory if you do not have _PATH_MAILDIR */ -#undef MAIL_DIRECTORY - -/* Define on *nto-qnx systems */ -#undef MISSING_FD_MASK - -/* Define on *nto-qnx systems */ -#undef MISSING_HOWMANY - -/* Define on *nto-qnx systems */ -#undef MISSING_NFDBITS - -/* Need setpgrp to acquire controlling tty */ -#undef NEED_SETPGRP - -/* Define if the concept of ports only accessible to superusers isn't known - */ -#undef NO_IPPORT_RESERVED_CONCEPT - -/* Define if you don't want to use lastlog in session.c */ -#undef NO_SSH_LASTLOG - -/* Define if X11 doesn't support AF_UNIX sockets on that system */ -#undef NO_X11_UNIX_SOCKETS - -/* Define if EVP_DigestUpdate returns void */ -#undef OPENSSL_EVP_DIGESTUPDATE_VOID - -/* libcrypto includes complete ECC support */ -#undef OPENSSL_HAS_ECC - -/* libcrypto is missing AES 192 and 256 bit functions */ -#undef OPENSSL_LOBOTOMISED_AES - -/* Define if you want OpenSSL's internally seeded PRNG only */ -#undef OPENSSL_PRNG_ONLY - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the home page for this package. */ -#undef PACKAGE_URL - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* Define if you are using Solaris-derived PAM which passes pam_messages to - the conversation function with an extra level of indirection */ -#undef PAM_SUN_CODEBASE - -/* Work around problematic Linux PAM modules handling of PAM_TTY */ -#undef PAM_TTY_KLUDGE - -/* must supply username to passwd */ -#undef PASSWD_NEEDS_USERNAME - -/* Port number of PRNGD/EGD random number socket */ -#undef PRNGD_PORT - -/* Location of PRNGD/EGD random number socket */ -#undef PRNGD_SOCKET - -/* read(1) can return 0 for a non-closed fd */ -#undef PTY_ZEROREAD - -/* Sandbox using Darwin sandbox_init(3) */ -#undef SANDBOX_DARWIN - -/* no privsep sandboxing */ -#undef SANDBOX_NULL - -/* Sandbox using setrlimit(2) */ -#undef SANDBOX_RLIMIT - -/* Sandbox using systrace(4) */ -#undef SANDBOX_SYSTRACE - -/* Define if your platform breaks doing a seteuid before a setuid */ -#undef SETEUID_BREAKS_SETUID - -/* The size of `char', as computed by sizeof. */ -#undef SIZEOF_CHAR - -/* The size of `int', as computed by sizeof. */ -#undef SIZEOF_INT - -/* The size of `long int', as computed by sizeof. */ -#undef SIZEOF_LONG_INT - -/* The size of `long long int', as computed by sizeof. */ -#undef SIZEOF_LONG_LONG_INT - -/* The size of `short int', as computed by sizeof. */ -#undef SIZEOF_SHORT_INT - -/* Define if you want S/Key support */ -#undef SKEY - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -#undef SKEYCHALLENGE_4ARG - -/* Define as const if snprintf() can declare const char *fmt */ -#undef SNPRINTF_CONST - -/* Define to a Set Process Title type if your system is supported by - bsd-setproctitle.c */ -#undef SPT_TYPE - -/* Define if sshd somehow reacquires a controlling TTY after setsid() */ -#undef SSHD_ACQUIRES_CTTY - -/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ -#undef SSHPAM_CHAUTHTOK_NEEDS_RUID - -/* Use audit debugging module */ -#undef SSH_AUDIT_EVENTS - -/* Windows is sensitive to read buffer size */ -#undef SSH_IOBUFSZ - -/* non-privileged user for privilege separation */ -#undef SSH_PRIVSEP_USER - -/* Use tunnel device compatibility to OpenBSD */ -#undef SSH_TUN_COMPAT_AF - -/* Open tunnel devices the FreeBSD way */ -#undef SSH_TUN_FREEBSD - -/* Open tunnel devices the Linux tun/tap way */ -#undef SSH_TUN_LINUX - -/* No layer 2 tunnel support */ -#undef SSH_TUN_NO_L2 - -/* Open tunnel devices the OpenBSD way */ -#undef SSH_TUN_OPENBSD - -/* Prepend the address family to IP tunnel traffic */ -#undef SSH_TUN_PREPEND_AF - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* Define if you want a different $PATH for the superuser */ -#undef SUPERUSER_PATH - -/* syslog_r function is safe to use in in a signal handler */ -#undef SYSLOG_R_SAFE_IN_SIGHAND - -/* Support passwords > 8 chars */ -#undef UNIXWARE_LONG_PASSWORDS - -/* Specify default $PATH */ -#undef USER_PATH - -/* Define this if you want to use libkafs' AFS support */ -#undef USE_AFS - -/* Use BSM audit module */ -#undef USE_BSM_AUDIT - -/* Use btmp to log bad logins */ -#undef USE_BTMP - -/* Use libedit for sftp */ -#undef USE_LIBEDIT - -/* Use Linux audit module */ -#undef USE_LINUX_AUDIT - -/* Enable OpenSSL engine support */ -#undef USE_OPENSSL_ENGINE - -/* Define if you want to enable PAM support */ -#undef USE_PAM - -/* Use PIPES instead of a socketpair() */ -#undef USE_PIPES - -/* Define if you want to sanitize fds */ -#undef USE_SANITISE_STDFD - -/* Define if you have Solaris process contracts */ -#undef USE_SOLARIS_PROCESS_CONTRACTS - -/* Define if you have Solaris projects */ -#undef USE_SOLARIS_PROJECTS - -/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ -#undef WITH_ABBREV_NO_TTY - -/* Define if you want to enable AIX4's authenticate function */ -#undef WITH_AIXAUTHENTICATE - -/* Define if you have/want arrays (cluster-wide session managment, not C - arrays) */ -#undef WITH_IRIX_ARRAY - -/* Define if you want IRIX audit trails */ -#undef WITH_IRIX_AUDIT - -/* Define if you want IRIX kernel jobs */ -#undef WITH_IRIX_JOBS - -/* Define if you want IRIX project management */ -#undef WITH_IRIX_PROJECT - -/* Define if you want SELinux support. */ -#undef WITH_SELINUX - -/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel). */ -#if defined AC_APPLE_UNIVERSAL_BUILD -# if defined __BIG_ENDIAN__ -# define WORDS_BIGENDIAN 1 -# endif -#else -# ifndef WORDS_BIGENDIAN -# undef WORDS_BIGENDIAN -# endif -#endif - -/* Define if xauth is found in your path */ -#undef XAUTH_PATH - -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - -/* Number of bits in a file offset, on hosts where this is settable. */ -#undef _FILE_OFFSET_BITS - -/* Define for large files, on AIX-style hosts. */ -#undef _LARGE_FILES - -/* log for bad login attempts */ -#undef _PATH_BTMP - -/* Full path of your "passwd" program */ -#undef _PATH_PASSWD_PROG - -/* Specify location of ssh.pid */ -#undef _PATH_SSH_PIDDIR - -/* Define if we don't have struct __res_state in resolv.h */ -#undef __res_state - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif - -/* type to use in place of socklen_t if not defined */ -#undef socklen_t diff --git a/win32_config.h.tail b/win32_config.h.tail deleted file mode 100644 index 5336f54..0000000 --- a/win32_config.h.tail +++ /dev/null @@ -1,105 +0,0 @@ -#define WIN32_LEAN_AND_MEAN 1 -#define _CRT_SECURE_NO_DEPRECATE 1 -#define _CRT_NONSTDC_NO_DEPRECATE 1 -#define WIN32_FIXME 1 -#undef USE_NTCREATETOKEN - -/* Define if you must implement a startup_needs function for your platform */ -#define HAVE_STARTUP_NEEDS 1 - -/* Define if your platform uses Winsock instead of BSD sockets (yeah, there are a lot of platforms like this :) */ -#define HAVE_WINSOCK 1 - -#define snprintf _snprintf - -#define BROKEN_READV_COMPARISON - -/* Override detection of some headers and functions on MinGW */ -#undef BROKEN_SNPRINTF -#define GETPGRP_VOID 1 -#undef HAVE_CRYPT_H -#define HAVE_DAEMON 1 -#undef HAVE_ENDIAN_H -#undef HAVE_FCNTL_H -#define HAVE_FREEADDRINFO 1 -#define HAVE_GAI_STRERROR 1 -#define HAVE_GETADDRINFO 1 -#define HAVE_GETGROUPLIST 1 -#define HAVE_GETNAMEINFO 1 -#undef HAVE_ID_IN_UTMPX -#define HAVE_INET_ATON 1 -#define HAVE_INET_NTOA 1 -#define HAVE_INNETGR 1 -#undef HAVE_LIBCRYPT -#define HAVE_MKDTEMP 1 -#define HAVE_NANOSLEEP 1 -#undef HAVE_PATHS_H -#undef HAVE_POLL_H -#undef HAVE_PROC_PID -#undef HAVE_PTY_H -#define HAVE_NANOSLEEP 1 -#define HAVE_READPASSPHRASE 1 -#define HAVE_REALPATH 1 -#undef HAVE_SIG_ATOMIC_T -#define HAVE_SIZE_T 1 -#undef HAVE_STRERROR -#define HAVE_STRMODE 1 -#undef __USE_W32_SOCKETS - -#ifdef __MINGW32__ /* FIXME: Use autoconf to set this correctly */ -/* Define to 1 if you have the `strcasecmp' function. */ -#define HAVE_STRCASECMP 1 - -/* Define to 1 if you have the `strncasecmp' function. */ -#define HAVE_STRNCASECMP 1 -#endif - -#define HAVE_STRUCT_IN6_ADDR 1 -#define HAVE_STRUCT_SOCKADDR_IN6 1 -#define HAVE_STRUCT_TIMEVAL 1 -#undef HAVE_SYS_CDEFS_H -#undef HAVE_SYS_SYSMACROS_H -#undef HAVE_SYS_MMAN_H -#undef HAVE_SYS_UN_H - -#define HAVE_TCGETPGRP 1 - -#undef HAVE_TIME - -#define HAVE_TRUNCATE 1 - -#define HAVE_VIS_H 1 - -#define MISSING_FD_MASK 1 -#define MISSING_HOWMANY 1 -#define MISSING_NFDBITS 1 - -#undef SSH_PRIVSEP_USER - -#define HAVE_OPENPTY 1 - -/* Fixes for loginrec.c */ -#undef CONF_UTMP_FILE -#undef CONF_WTMPX_FILE -#undef CONF_WTMP_FILE -#undef CONF_UTMPX_FILE -#undef CONF_LASTLOG_FILE - -#define BROKEN_SYS_TERMIO_H - -#define strerror strerror_win32 - -#define strerror strerror_win32 - -// PRAGMA SYS PORT -#define WITH_OPENSSL 1 -#define HAVE_KRB5_GET_ERROR_MESSAGE 1 -#define HAVE_KRB5_FREE_ERROR_MESSAGE 1 -#define HAVE_DECL_NFDBITS 0 -#define HAVE_DECL_HOWMANY 0 - -#define WIN32_ZLIB_NO 1 -#define USE_MSCNG 1 - -//#define HAVE_ARC4RANDOM_UNIFORM 1 - diff --git a/win32_config.sub b/win32_config.sub deleted file mode 100644 index 2d81696..0000000 --- a/win32_config.sub +++ /dev/null @@ -1,1739 +0,0 @@ -#! /bin/sh -# Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011 Free Software Foundation, Inc. - -timestamp='2011-01-01' - -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Please send patches to <config-patches@gnu.org>. Submit a context -# diff and a properly formatted GNU ChangeLog entry. -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to <config-patches@gnu.org>." - -version="\ -GNU config.sub ($timestamp) - -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free -Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit ;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | bfin \ - | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fido | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 \ - | ns16k | ns32k \ - | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ - | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu | strongarm \ - | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e \ - | we32k \ - | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - m6811 | m68hc11 | m6812 | m68hc12 | picochip) - # Motorola 68HC11/12. - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - ms1) - basic_machine=mt-unknown - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ - | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile-* | tilegx-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze) - basic_machine=microblaze-xilinx - ;; - mingw32) - basic_machine=i386-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` - os=-linux - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc - ;; - pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc) basic_machine=powerpc-unknown - ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle | ppc-le | powerpc-little) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rdos) - basic_machine=i386-pc - os=-rdos - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sde) - basic_machine=mipsisa32-sde - os=-elf - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh5el) - basic_machine=sh5le-unknown - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - # This must be matched before tile*. - tilegx*) - basic_machine=tilegx-unknown - os=-linux-gnu - ;; - tile*) - basic_machine=tile-unknown - os=-linux-gnu - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xbox) - basic_machine=i686-pc - os=-mingw32 - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - mmix) - basic_machine=mmix-knuth - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux - ;; - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -openbsd* | -solidbsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -os400*) - os=-os400 - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -tpf*) - os=-tpf - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -kaos*) - os=-kaos - ;; - -zvmoe) - os=-zvmoe - ;; - -dicos*) - os=-dicos - ;; - -nacl*) - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - score-*) - os=-elf - ;; - spu-*) - os=-elf - ;; - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - tic54x-*) - os=-coff - ;; - tic55x-*) - os=-coff - ;; - tic6x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 - ;; - m68*-cisco) - os=-aout - ;; - mep-*) - os=-elf - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-haiku) - os=-haiku - ;; - *-ibm) - os=-aix - ;; - *-knuth) - os=-mmixware - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -cnk*|-aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -os400*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/win32_configure b/win32_configure deleted file mode 100644 index f6b5e23..0000000 --- a/win32_configure +++ /dev/null @@ -1,17738 +0,0 @@ -#! /bin/sh -# From configure.ac Revision: 1.480 . -# Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for OpenSSH Portable. -# -# Report bugs to <openssh-unix-dev@mindrot.org>. -# -# -# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. -# -# -# This configure script is free software; the Free Software Foundation -# gives unlimited permission to copy, distribute and modify it. -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - -# Use a proper internal environment variable to ensure we don't fall - # into an infinite loop, continuously re-executing ourselves. - if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then - _as_can_reexec=no; export _as_can_reexec; - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 - fi - # We don't want this to propagate to other subprocesses. - { _as_can_reexec=; unset _as_can_reexec;} -if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which - # is contrary to our usage. Disable this feature. - alias -g '\${1+\"\$@\"}'='\"\$@\"' - setopt NO_GLOB_SUBST -else - case \`(set -o) 2>/dev/null\` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi -" - as_required="as_fn_return () { (exit \$1); } -as_fn_success () { as_fn_return 0; } -as_fn_failure () { as_fn_return 1; } -as_fn_ret_success () { return 0; } -as_fn_ret_failure () { return 1; } - -exitcode=0 -as_fn_success || { exitcode=1; echo as_fn_success failed.; } -as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } -as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } -as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : - -else - exitcode=1; echo positional parameters were not saved. -fi -test x\$exitcode = x0 || exit 1 -test -x / || exit 1" - as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO - as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO - eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && - test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 -test \$(( 1 + 1 )) = 2 || exit 1" - if (eval "$as_required") 2>/dev/null; then : - as_have_required=yes -else - as_have_required=no -fi - if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : - -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_found=false -for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - as_found=: - case $as_dir in #( - /*) - for as_base in sh bash ksh sh5; do - # Try only shells that exist, to save several forks. - as_shell=$as_dir/$as_base - if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : - CONFIG_SHELL=$as_shell as_have_required=yes - if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : - break 2 -fi -fi - done;; - esac - as_found=false -done -$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : - CONFIG_SHELL=$SHELL as_have_required=yes -fi; } -IFS=$as_save_IFS - - - if test "x$CONFIG_SHELL" != x; then : - export CONFIG_SHELL - # We cannot yet assume a decent shell, so we have to provide a -# neutralization value for shells without unset; and this also -# works around shells that cannot unset nonexistent variables. -# Preserve -v and -x to the replacement shell. -BASH_ENV=/dev/null -ENV=/dev/null -(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV -case $- in # (((( - *v*x* | *x*v* ) as_opts=-vx ;; - *v* ) as_opts=-v ;; - *x* ) as_opts=-x ;; - * ) as_opts= ;; -esac -exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} -# Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -exit 255 -fi - - if test x$as_have_required = xno; then : - $as_echo "$0: This script requires a shell more modern than all" - $as_echo "$0: the shells that I found on your system." - if test x${ZSH_VERSION+set} = xset ; then - $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" - $as_echo "$0: be upgraded to zsh 4.3.4 or later." - else - $as_echo "$0: Please tell bug-autoconf@gnu.org and -$0: openssh-unix-dev@mindrot.org about your system, -$0: including any error possibly output before this -$0: message. Then install a modern shell, or manually run -$0: the script under such a shell if you do have one." - fi - exit 1 -fi -fi -fi -SHELL=${CONFIG_SHELL-/bin/sh} -export SHELL -# Unset more variables known to interfere with behavior of common tools. -CLICOLOR_FORCE= GREP_OPTIONS= -unset CLICOLOR_FORCE GREP_OPTIONS - -## --------------------- ## -## M4sh Shell Functions. ## -## --------------------- ## -# as_fn_unset VAR -# --------------- -# Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset - -# as_fn_set_status STATUS -# ----------------------- -# Set $? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} # as_fn_set_status - -# as_fn_exit STATUS -# ----------------- -# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} # as_fn_exit - -# as_fn_mkdir_p -# ------------- -# Create "$as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} # as_fn_mkdir_p - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p -# as_fn_append VAR VALUE -# ---------------------- -# Append the text in VALUE to the end of the definition contained in VAR. Take -# advantage of any shell optimizations that allow amortized linear growth over -# repeated appends, instead of the typical quadratic growth present in naive -# implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -# as_fn_arith ARG... -# ------------------ -# Perform arithmetic evaluation on the ARGs, and store the result in the -# global $as_val. Take advantage of shells that can avoid forks. The arguments -# must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- -# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} # as_fn_error - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - - - as_lineno_1=$LINENO as_lineno_1a=$LINENO - as_lineno_2=$LINENO as_lineno_2a=$LINENO - eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && - test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { - # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) - sed -n ' - p - /[$]LINENO/= - ' <$as_myself | - sed ' - s/[$]LINENO.*/&-/ - t lineno - b - :lineno - N - :loop - s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ - t loop - s/-\n.*// - ' >$as_me.lineno && - chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } - - # If we had to re-execute with $CONFIG_SHELL, we're ensured to have - # already done that, so ensure we don't try to do so again and fall - # in an infinite loop. This has already happened in practice. - _as_can_reexec=no; export _as_can_reexec - # Don't try to exec as it changes $[0], causing all sort of problems - # (the dirname of $[0] is not the place where we might find the - # original and so on. Autoconf is especially sensitive to this). - . "./$as_me.lineno" - # Exit status is that of the last command. - exit -} - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in #((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -test -n "$DJDIR" || exec 7<&0 </dev/null -exec 6>&1 - -# Name of the host. -# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, -# so uname gets run too. -ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` - -# -# Initializations. -# -ac_default_prefix=/usr/local -ac_clean_files= -ac_config_libobj_dir=. -LIBOBJS= -cross_compiling=no -subdirs= -MFLAGS= -MAKEFLAGS= - -# Identity of this package. -PACKAGE_NAME='OpenSSH' -PACKAGE_TARNAME='openssh' -PACKAGE_VERSION='Portable' -PACKAGE_STRING='OpenSSH Portable' -PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org' -PACKAGE_URL='' - -ac_unique_file="ssh.c" -# Factoring default headers for most tests. -ac_includes_default="\ -#include <stdio.h> -#ifdef HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> -#endif -#ifdef STDC_HEADERS -# include <stdlib.h> -# include <stddef.h> -#else -# ifdef HAVE_STDLIB_H -# include <stdlib.h> -# endif -#endif -#ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include <memory.h> -# endif -# include <string.h> -#endif -#ifdef HAVE_STRINGS_H -# include <strings.h> -#endif -#ifdef HAVE_INTTYPES_H -# include <inttypes.h> -#endif -#ifdef HAVE_STDINT_H -# include <stdint.h> -#endif -#ifdef HAVE_UNISTD_H -# include <unistd.h> -#endif" - -ac_subst_vars='LTLIBOBJS -LIBOBJS -TEST_SSH_IPV6 -WIN32COMPAT -LIBWIN32COMPATDEPEND -LIBWIN32COMPAT -LINKWIN32COMPAT -piddir -user_path -mansubdir -MANTYPE -XAUTH_PATH -STRIP_OPT -xauth_path -PRIVSEP_PATH -KRB5CONF -SSHDLIBS -SSHLIBS -SSH_PRIVSEP_USER -COMMENT_OUT_ECC -TEST_SSH_ECC -TEST_SSH_SHA256 -LIBEDIT -PKGCONFIG -LD -PATH_PASSWD_PROG -LOGIN_PROGRAM_FALLBACK -STARTUP_SCRIPT_SHELL -MAKE_PACKAGE_SUPPORTED -PATH_USERADD_PROG -PATH_GROUPADD_PROG -MANFMT -TEST_SHELL -MANDOC -NROFF -GROFF -SH -TEST_MINUS_S_SH -ENT -SED -PERL -KILL -CAT -AR -INSTALL_DATA -INSTALL_SCRIPT -INSTALL_PROGRAM -RANLIB -AWK -EGREP -GREP -CPP -host_os -host_vendor -host_cpu -host -build_os -build_vendor -build_cpu -build -OBJEXT -EXEEXT -ac_ct_CC -CPPFLAGS -LDFLAGS -CFLAGS -CC -target_alias -host_alias -build_alias -LIBS -ECHO_T -ECHO_N -ECHO_C -DEFS -mandir -localedir -libdir -psdir -pdfdir -dvidir -htmldir -infodir -docdir -oldincludedir -includedir -localstatedir -sharedstatedir -sysconfdir -datadir -datarootdir -libexecdir -sbindir -bindir -program_transform_name -prefix -exec_prefix -PACKAGE_URL -PACKAGE_BUGREPORT -PACKAGE_STRING -PACKAGE_VERSION -PACKAGE_TARNAME -PACKAGE_NAME -PATH_SEPARATOR -SHELL' -ac_subst_files='' -ac_user_opts=' -enable_option_checking -enable_largefile -with_stackprotect -with_rpath -with_cflags -with_cppflags -with_ldflags -with_libs -with_Werror -with_solaris_contracts -with_solaris_projects -with_osfsia -with_zlib -with_zlib_version_check -with_skey -with_tcp_wrappers -with_libedit -with_audit -with_ssl_dir -with_openssl_header_check -with_ssl_engine -with_prngd_port -with_prngd_socket -with_pam -with_privsep_user -with_sandbox -with_selinux -with_kerberos5 -with_privsep_path -with_xauth -enable_strip -with_maildir -with_mantype -with_md5_passwords -with_shadow -with_ipaddr_display -enable_etc_default_login -with_default_path -with_superuser_path -with_4in6 -with_bsd_auth -with_pid_dir -enable_lastlog -enable_utmp -enable_utmpx -enable_wtmp -enable_wtmpx -enable_libutil -enable_pututline -enable_pututxline -with_lastlog -' - ac_precious_vars='build_alias -host_alias -target_alias -CC -CFLAGS -LDFLAGS -LIBS -CPPFLAGS -CPP' - - -# Initialize some variables set by options. -ac_init_help= -ac_init_version=false -ac_unrecognized_opts= -ac_unrecognized_sep= -# The variables have the same names as the options, with -# dashes changed to underlines. -cache_file=/dev/null -exec_prefix=NONE -no_create= -no_recursion= -prefix=NONE -program_prefix=NONE -program_suffix=NONE -program_transform_name=s,x,x, -silent= -site= -srcdir= -verbose= -x_includes=NONE -x_libraries=NONE - -# Installation directory options. -# These are left unexpanded so users can "make install exec_prefix=/foo" -# and all the variables that are supposed to be based on exec_prefix -# by default will actually change. -# Use braces instead of parens because sh, perl, etc. also accept them. -# (The list follows the same order as the GNU Coding Standards.) -bindir='${exec_prefix}/bin' -sbindir='${exec_prefix}/sbin' -libexecdir='${exec_prefix}/libexec' -datarootdir='${prefix}/share' -datadir='${datarootdir}' -sysconfdir='${prefix}/etc' -sharedstatedir='${prefix}/com' -localstatedir='${prefix}/var' -includedir='${prefix}/include' -oldincludedir='/usr/include' -docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' -infodir='${datarootdir}/info' -htmldir='${docdir}' -dvidir='${docdir}' -pdfdir='${docdir}' -psdir='${docdir}' -libdir='${exec_prefix}/lib' -localedir='${datarootdir}/locale' -mandir='${datarootdir}/man' - -ac_prev= -ac_dashdash= -for ac_option -do - # If the previous option needs an argument, assign it. - if test -n "$ac_prev"; then - eval $ac_prev=\$ac_option - ac_prev= - continue - fi - - case $ac_option in - *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; - *=) ac_optarg= ;; - *) ac_optarg=yes ;; - esac - - # Accept the important Cygnus configure options, so we can diagnose typos. - - case $ac_dashdash$ac_option in - --) - ac_dashdash=yes ;; - - -bindir | --bindir | --bindi | --bind | --bin | --bi) - ac_prev=bindir ;; - -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir=$ac_optarg ;; - - -build | --build | --buil | --bui | --bu) - ac_prev=build_alias ;; - -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build_alias=$ac_optarg ;; - - -cache-file | --cache-file | --cache-fil | --cache-fi \ - | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) - ac_prev=cache_file ;; - -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ - | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file=$ac_optarg ;; - - --config-cache | -C) - cache_file=config.cache ;; - - -datadir | --datadir | --datadi | --datad) - ac_prev=datadir ;; - -datadir=* | --datadir=* | --datadi=* | --datad=*) - datadir=$ac_optarg ;; - - -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ - | --dataroo | --dataro | --datar) - ac_prev=datarootdir ;; - -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ - | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) - datarootdir=$ac_optarg ;; - - -disable-* | --disable-*) - ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"enable_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval enable_$ac_useropt=no ;; - - -docdir | --docdir | --docdi | --doc | --do) - ac_prev=docdir ;; - -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) - docdir=$ac_optarg ;; - - -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) - ac_prev=dvidir ;; - -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) - dvidir=$ac_optarg ;; - - -enable-* | --enable-*) - ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"enable_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval enable_$ac_useropt=\$ac_optarg ;; - - -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ - | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ - | --exec | --exe | --ex) - ac_prev=exec_prefix ;; - -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ - | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ - | --exec=* | --exe=* | --ex=*) - exec_prefix=$ac_optarg ;; - - -gas | --gas | --ga | --g) - # Obsolete; use --with-gas. - with_gas=yes ;; - - -help | --help | --hel | --he | -h) - ac_init_help=long ;; - -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) - ac_init_help=recursive ;; - -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) - ac_init_help=short ;; - - -host | --host | --hos | --ho) - ac_prev=host_alias ;; - -host=* | --host=* | --hos=* | --ho=*) - host_alias=$ac_optarg ;; - - -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) - ac_prev=htmldir ;; - -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ - | --ht=*) - htmldir=$ac_optarg ;; - - -includedir | --includedir | --includedi | --included | --include \ - | --includ | --inclu | --incl | --inc) - ac_prev=includedir ;; - -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ - | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir=$ac_optarg ;; - - -infodir | --infodir | --infodi | --infod | --info | --inf) - ac_prev=infodir ;; - -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir=$ac_optarg ;; - - -libdir | --libdir | --libdi | --libd) - ac_prev=libdir ;; - -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir=$ac_optarg ;; - - -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ - | --libexe | --libex | --libe) - ac_prev=libexecdir ;; - -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ - | --libexe=* | --libex=* | --libe=*) - libexecdir=$ac_optarg ;; - - -localedir | --localedir | --localedi | --localed | --locale) - ac_prev=localedir ;; - -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) - localedir=$ac_optarg ;; - - -localstatedir | --localstatedir | --localstatedi | --localstated \ - | --localstate | --localstat | --localsta | --localst | --locals) - ac_prev=localstatedir ;; - -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ - | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) - localstatedir=$ac_optarg ;; - - -mandir | --mandir | --mandi | --mand | --man | --ma | --m) - ac_prev=mandir ;; - -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir=$ac_optarg ;; - - -nfp | --nfp | --nf) - # Obsolete; use --without-fp. - with_fp=no ;; - - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c | -n) - no_create=yes ;; - - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) - no_recursion=yes ;; - - -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ - | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ - | --oldin | --oldi | --old | --ol | --o) - ac_prev=oldincludedir ;; - -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ - | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ - | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir=$ac_optarg ;; - - -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) - ac_prev=prefix ;; - -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix=$ac_optarg ;; - - -program-prefix | --program-prefix | --program-prefi | --program-pref \ - | --program-pre | --program-pr | --program-p) - ac_prev=program_prefix ;; - -program-prefix=* | --program-prefix=* | --program-prefi=* \ - | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix=$ac_optarg ;; - - -program-suffix | --program-suffix | --program-suffi | --program-suff \ - | --program-suf | --program-su | --program-s) - ac_prev=program_suffix ;; - -program-suffix=* | --program-suffix=* | --program-suffi=* \ - | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix=$ac_optarg ;; - - -program-transform-name | --program-transform-name \ - | --program-transform-nam | --program-transform-na \ - | --program-transform-n | --program-transform- \ - | --program-transform | --program-transfor \ - | --program-transfo | --program-transf \ - | --program-trans | --program-tran \ - | --progr-tra | --program-tr | --program-t) - ac_prev=program_transform_name ;; - -program-transform-name=* | --program-transform-name=* \ - | --program-transform-nam=* | --program-transform-na=* \ - | --program-transform-n=* | --program-transform-=* \ - | --program-transform=* | --program-transfor=* \ - | --program-transfo=* | --program-transf=* \ - | --program-trans=* | --program-tran=* \ - | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name=$ac_optarg ;; - - -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) - ac_prev=pdfdir ;; - -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) - pdfdir=$ac_optarg ;; - - -psdir | --psdir | --psdi | --psd | --ps) - ac_prev=psdir ;; - -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) - psdir=$ac_optarg ;; - - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - silent=yes ;; - - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) - ac_prev=sbindir ;; - -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ - | --sbi=* | --sb=*) - sbindir=$ac_optarg ;; - - -sharedstatedir | --sharedstatedir | --sharedstatedi \ - | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ - | --sharedst | --shareds | --shared | --share | --shar \ - | --sha | --sh) - ac_prev=sharedstatedir ;; - -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ - | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ - | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ - | --sha=* | --sh=*) - sharedstatedir=$ac_optarg ;; - - -site | --site | --sit) - ac_prev=site ;; - -site=* | --site=* | --sit=*) - site=$ac_optarg ;; - - -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) - ac_prev=srcdir ;; - -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir=$ac_optarg ;; - - -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ - | --syscon | --sysco | --sysc | --sys | --sy) - ac_prev=sysconfdir ;; - -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ - | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir=$ac_optarg ;; - - -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target_alias ;; - -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target_alias=$ac_optarg ;; - - -v | -verbose | --verbose | --verbos | --verbo | --verb) - verbose=yes ;; - - -version | --version | --versio | --versi | --vers | -V) - ac_init_version=: ;; - - -with-* | --with-*) - ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"with_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval with_$ac_useropt=\$ac_optarg ;; - - -without-* | --without-*) - ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` - # Reject names that are not valid shell variable names. - expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" - ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` - case $ac_user_opts in - *" -"with_$ac_useropt" -"*) ;; - *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" - ac_unrecognized_sep=', ';; - esac - eval with_$ac_useropt=no ;; - - --x) - # Obsolete; use --with-x. - with_x=yes ;; - - -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ - | --x-incl | --x-inc | --x-in | --x-i) - ac_prev=x_includes ;; - -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ - | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes=$ac_optarg ;; - - -x-libraries | --x-libraries | --x-librarie | --x-librari \ - | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) - ac_prev=x_libraries ;; - -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ - | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries=$ac_optarg ;; - - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" - ;; - - *=*) - ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` - # Reject names that are not valid shell variable names. - case $ac_envvar in #( - '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; - esac - eval $ac_envvar=\$ac_optarg - export $ac_envvar ;; - - *) - # FIXME: should be removed in autoconf 3.0. - $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 - expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 - : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" - ;; - - esac -done - -if test -n "$ac_prev"; then - ac_option=--`echo $ac_prev | sed 's/_/-/g'` - as_fn_error $? "missing argument to $ac_option" -fi - -if test -n "$ac_unrecognized_opts"; then - case $enable_option_checking in - no) ;; - fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; - *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; - esac -fi - -# Check all directory arguments for consistency. -for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ - datadir sysconfdir sharedstatedir localstatedir includedir \ - oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir -do - eval ac_val=\$$ac_var - # Remove trailing slashes. - case $ac_val in - */ ) - ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` - eval $ac_var=\$ac_val;; - esac - # Be sure to have absolute directory names. - case $ac_val in - [\\/$]* | ?:[\\/]* ) continue;; - NONE | '' ) case $ac_var in *prefix ) continue;; esac;; - esac - as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" -done - -# There might be people who depend on the old broken behavior: `$host' -# used to hold the argument of --host etc. -# FIXME: To remove some day. -build=$build_alias -host=$host_alias -target=$target_alias - -# FIXME: To remove some day. -if test "x$host_alias" != x; then - if test "x$build_alias" = x; then - cross_compiling=maybe - elif test "x$build_alias" != "x$host_alias"; then - cross_compiling=yes - fi -fi - -ac_tool_prefix= -test -n "$host_alias" && ac_tool_prefix=$host_alias- - -test "$silent" = yes && exec 6>/dev/null - - -ac_pwd=`pwd` && test -n "$ac_pwd" && -ac_ls_di=`ls -di .` && -ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || - as_fn_error $? "working directory cannot be determined" -test "X$ac_ls_di" = "X$ac_pwd_ls_di" || - as_fn_error $? "pwd does not report name of working directory" - - -# Find the source files, if location was not specified. -if test -z "$srcdir"; then - ac_srcdir_defaulted=yes - # Try the directory containing this script, then the parent directory. - ac_confdir=`$as_dirname -- "$as_myself" || -$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_myself" : 'X\(//\)[^/]' \| \ - X"$as_myself" : 'X\(//\)$' \| \ - X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_myself" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - srcdir=$ac_confdir - if test ! -r "$srcdir/$ac_unique_file"; then - srcdir=.. - fi -else - ac_srcdir_defaulted=no -fi -if test ! -r "$srcdir/$ac_unique_file"; then - test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." - as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" -fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" -ac_abs_confdir=`( - cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" - pwd)` -# When building in place, set srcdir=. -if test "$ac_abs_confdir" = "$ac_pwd"; then - srcdir=. -fi -# Remove unnecessary trailing slashes from srcdir. -# Double slashes in file names in object file debugging info -# mess up M-x gdb in Emacs. -case $srcdir in -*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; -esac -for ac_var in $ac_precious_vars; do - eval ac_env_${ac_var}_set=\${${ac_var}+set} - eval ac_env_${ac_var}_value=\$${ac_var} - eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} - eval ac_cv_env_${ac_var}_value=\$${ac_var} -done - -# -# Report the --help message. -# -if test "$ac_init_help" = "long"; then - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat <<_ACEOF -\`configure' configures OpenSSH Portable to adapt to many kinds of systems. - -Usage: $0 [OPTION]... [VAR=VALUE]... - -To assign environment variables (e.g., CC, CFLAGS...), specify them as -VAR=VALUE. See below for descriptions of some of the useful variables. - -Defaults for the options are specified in brackets. - -Configuration: - -h, --help display this help and exit - --help=short display options specific to this package - --help=recursive display the short help of all the included packages - -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages - --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' - -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] - -Installation directories: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [PREFIX] - -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. - -For better control, use the options below. - -Fine tuning of the installation directories: - --bindir=DIR user executables [EPREFIX/bin] - --sbindir=DIR system admin executables [EPREFIX/sbin] - --libexecdir=DIR program executables [EPREFIX/libexec] - --sysconfdir=DIR read-only single-machine data [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] - --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --libdir=DIR object code libraries [EPREFIX/lib] - --includedir=DIR C header files [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc [/usr/include] - --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] - --datadir=DIR read-only architecture-independent data [DATAROOTDIR] - --infodir=DIR info documentation [DATAROOTDIR/info] - --localedir=DIR locale-dependent data [DATAROOTDIR/locale] - --mandir=DIR man documentation [DATAROOTDIR/man] - --docdir=DIR documentation root [DATAROOTDIR/doc/openssh] - --htmldir=DIR html documentation [DOCDIR] - --dvidir=DIR dvi documentation [DOCDIR] - --pdfdir=DIR pdf documentation [DOCDIR] - --psdir=DIR ps documentation [DOCDIR] -_ACEOF - - cat <<\_ACEOF - -System types: - --build=BUILD configure for building on BUILD [guessed] - --host=HOST cross-compile to build programs to run on HOST [BUILD] -_ACEOF -fi - -if test -n "$ac_init_help"; then - case $ac_init_help in - short | recursive ) echo "Configuration of OpenSSH Portable:";; - esac - cat <<\_ACEOF - -Optional Features: - --disable-option-checking ignore unrecognized --enable/--with options - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --disable-largefile omit support for large files - --disable-strip Disable calling strip(1) on install - --disable-etc-default-login Disable using PATH from /etc/default/login no - --disable-lastlog disable use of lastlog even if detected no - --disable-utmp disable use of utmp even if detected no - --disable-utmpx disable use of utmpx even if detected no - --disable-wtmp disable use of wtmp even if detected no - --disable-wtmpx disable use of wtmpx even if detected no - --disable-libutil disable use of libutil (login() etc.) no - --disable-pututline disable use of pututline() etc. (uwtmp) no - --disable-pututxline disable use of pututxline() etc. (uwtmpx) no - -Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --without-stackprotect Don't use compiler's stack protection - --without-rpath Disable auto-added -R linker paths - --with-cflags Specify additional flags to pass to compiler - --with-cppflags Specify additional flags to pass to preprocessor - --with-ldflags Specify additional flags to pass to linker - --with-libs Specify additional libraries to link with - --with-Werror Build main code with -Werror - --with-solaris-contracts Enable Solaris process contracts (experimental) - --with-solaris-projects Enable Solaris projects (experimental) - --with-osfsia Enable Digital Unix SIA - --with-zlib=PATH Use zlib in PATH - --without-zlib-version-check Disable zlib version check - --with-skey[=PATH] Enable S/Key support (optionally in PATH) - --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH) - --with-libedit[=PATH] Enable libedit support for sftp - --with-audit=module Enable audit support (modules=debug,bsm,linux) - --with-ssl-dir=PATH Specify path to OpenSSL installation - --without-openssl-header-check Disable OpenSSL version consistency check - --with-ssl-engine Enable OpenSSL (hardware) ENGINE support - --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT - --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool) - --with-pam Enable PAM support - --with-privsep-user=user Specify non-privileged user for privilege separation - --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace) - --with-selinux Enable SELinux support - --with-kerberos5=PATH Enable Kerberos 5 support - --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) - --with-xauth=PATH Specify path to xauth program - --with-maildir=/path/to/mail Specify your system mail directory - --with-mantype=man|cat|doc Set man page type - --with-md5-passwords Enable use of MD5 passwords - --without-shadow Disable shadow password support - --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY - --with-default-path= Specify default \$PATH environment for server - --with-superuser-path= Specify different path for super-user - --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses - --with-bsd-auth Enable BSD auth support - --with-pid-dir=PATH Specify location of ssh.pid file - --with-lastlog=FILE|DIR specify lastlog location common locations - -Some influential environment variables: - CC C compiler command - CFLAGS C compiler flags - LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a - nonstandard directory <lib dir> - LIBS libraries to pass to the linker, e.g. -l<library> - CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if - you have headers in a nonstandard directory <include dir> - CPP C preprocessor - -Use these variables to override the choices made by `configure' or to help -it to find libraries and programs with nonstandard names/locations. - -Report bugs to <openssh-unix-dev@mindrot.org>. -_ACEOF -ac_status=$? -fi - -if test "$ac_init_help" = "recursive"; then - # If there are subdirs, report their specific --help. - for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue - test -d "$ac_dir" || - { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || - continue - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. - if test -f "$ac_srcdir/configure.gnu"; then - echo && - $SHELL "$ac_srcdir/configure.gnu" --help=recursive - elif test -f "$ac_srcdir/configure"; then - echo && - $SHELL "$ac_srcdir/configure" --help=recursive - else - $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 - fi || ac_status=$? - cd "$ac_pwd" || { ac_status=$?; break; } - done -fi - -test -n "$ac_init_help" && exit $ac_status -if $ac_init_version; then - cat <<\_ACEOF -OpenSSH configure Portable -generated by GNU Autoconf 2.69 - -Copyright (C) 2012 Free Software Foundation, Inc. -This configure script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it. -_ACEOF - exit -fi - -## ------------------------ ## -## Autoconf initialization. ## -## ------------------------ ## - -# ac_fn_c_try_compile LINENO -# -------------------------- -# Try to compile conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext - if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest.$ac_objext; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_compile - -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -# that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - -# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists and can be compiled using the include files in -# INCLUDES, setting the cache variable VAR accordingly. -ac_fn_c_check_header_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_compile - -# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -# --------------------------------------------- -# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -# accordingly. -ac_fn_c_check_decl () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - as_decl_name=`echo $2|sed 's/ *(.*//'` - as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -#ifndef $as_decl_name -#ifdef __cplusplus - (void) $as_decl_use; -#else - (void) $as_decl_name; -#endif -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_decl - -# ac_fn_c_try_link LINENO -# ----------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - }; then : - ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_link - -# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists, giving a warning if it cannot be compiled using -# the include files in INCLUDES and setting the cache variable VAR -# accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} -( $as_echo "## ------------------------------------------- ## -## Report this to openssh-unix-dev@mindrot.org ## -## ------------------------------------------- ##" - ) | sed "s/^/$as_me: WARNING: /" >&2 - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_mongrel - -# ac_fn_c_check_func LINENO FUNC VAR -# ---------------------------------- -# Tests whether FUNC exists, setting the cache variable VAR accordingly -ac_fn_c_check_func () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -/* Define $2 to an innocuous variant, in case <limits.h> declares $2. - For example, HP-UX 11i <limits.h> declares gettimeofday. */ -#define $2 innocuous_$2 - -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. - Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - <limits.h> exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif - -#undef $2 - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char $2 (); -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined __stub_$2 || defined __stub___$2 -choke me -#endif - -int -main () -{ -return $2 (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - eval "$3=yes" -else - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_func - -# ac_fn_c_check_type LINENO TYPE VAR INCLUDES -# ------------------------------------------- -# Tests whether TYPE exists after having included INCLUDES, setting cache -# variable VAR accordingly. -ac_fn_c_check_type () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=no" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -if (sizeof ($2)) - return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -if (sizeof (($2))) - return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - eval "$3=yes" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_type - -# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES -# -------------------------------------------- -# Tries to find the compile-time value of EXPR in a program that includes -# INCLUDES, setting VAR accordingly. Returns whether the value could be -# computed -ac_fn_c_compute_int () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if test "$cross_compiling" = yes; then - # Depending upon the size, compute the lo and hi bounds. -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) >= 0)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=0 ac_mid=0 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid; break -else - as_fn_arith $ac_mid + 1 && ac_lo=$as_val - if test $ac_lo -le $ac_mid; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) < 0)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=-1 ac_mid=-1 - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) >= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_lo=$ac_mid; break -else - as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val - if test $ac_mid -le $ac_hi; then - ac_lo= ac_hi= - break - fi - as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done -else - ac_lo= ac_hi= -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -# Binary search between lo and hi bounds. -while test "x$ac_lo" != "x$ac_hi"; do - as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -int -main () -{ -static int test_array [1 - 2 * !(($2) <= $ac_mid)]; -test_array [0] = 0; -return test_array [0]; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_hi=$ac_mid -else - as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -done -case $ac_lo in #(( -?*) eval "$3=\$ac_lo"; ac_retval=0 ;; -'') ac_retval=1 ;; -esac - else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -static long int longval () { return $2; } -static unsigned long int ulongval () { return $2; } -#include <stdio.h> -#include <stdlib.h> -int -main () -{ - - FILE *f = fopen ("conftest.val", "w"); - if (! f) - return 1; - if (($2) < 0) - { - long int i = longval (); - if (i != ($2)) - return 1; - fprintf (f, "%ld", i); - } - else - { - unsigned long int i = ulongval (); - if (i != ($2)) - return 1; - fprintf (f, "%lu", i); - } - /* Do not output a trailing newline, as this causes \r\n confusion - on some platforms. */ - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - echo >>conftest.val; read $3 <conftest.val; ac_retval=0 -else - ac_retval=1 -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -rm -f conftest.val - - fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_compute_int - -# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES -# ---------------------------------------------------- -# Tries to find if the field MEMBER exists in type AGGR, after including -# INCLUDES, setting cache variable VAR accordingly. -ac_fn_c_check_member () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$5 -int -main () -{ -static $2 ac_aggr; -if (ac_aggr.$3) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$5 -int -main () -{ -static $2 ac_aggr; -if (sizeof ac_aggr.$3) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$4=yes" -else - eval "$4=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -eval ac_res=\$$4 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_member -cat >config.log <<_ACEOF -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. - -It was created by OpenSSH $as_me Portable, which was -generated by GNU Autoconf 2.69. Invocation command line was - - $ $0 $@ - -_ACEOF -exec 5>>config.log -{ -cat <<_ASUNAME -## --------- ## -## Platform. ## -## --------- ## - -hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` -uname -m = `(uname -m) 2>/dev/null || echo unknown` -uname -r = `(uname -r) 2>/dev/null || echo unknown` -uname -s = `(uname -s) 2>/dev/null || echo unknown` -uname -v = `(uname -v) 2>/dev/null || echo unknown` - -/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` -/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` - -/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` -/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` -/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` -/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` -/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` -/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` -/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` - -_ASUNAME - -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" - done -IFS=$as_save_IFS - -} >&5 - -cat >&5 <<_ACEOF - - -## ----------- ## -## Core tests. ## -## ----------- ## - -_ACEOF - - -# Keep a trace of the command line. -# Strip out --no-create and --no-recursion so they do not pile up. -# Strip out --silent because we don't want to record it for future runs. -# Also quote any args containing shell meta-characters. -# Make two passes to allow for proper duplicate-argument suppression. -ac_configure_args= -ac_configure_args0= -ac_configure_args1= -ac_must_keep_next=false -for ac_pass in 1 2 -do - for ac_arg - do - case $ac_arg in - -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil) - continue ;; - *\'*) - ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - case $ac_pass in - 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; - 2) - as_fn_append ac_configure_args1 " '$ac_arg'" - if test $ac_must_keep_next = true; then - ac_must_keep_next=false # Got value, back to normal. - else - case $ac_arg in - *=* | --config-cache | -C | -disable-* | --disable-* \ - | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ - | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ - | -with-* | --with-* | -without-* | --without-* | --x) - case "$ac_configure_args0 " in - "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; - esac - ;; - -* ) ac_must_keep_next=true ;; - esac - fi - as_fn_append ac_configure_args " '$ac_arg'" - ;; - esac - done -done -{ ac_configure_args0=; unset ac_configure_args0;} -{ ac_configure_args1=; unset ac_configure_args1;} - -# When interrupted or exit'd, cleanup temporary files, and complete -# config.log. We remove comments because anyway the quotes in there -# would cause problems or look ugly. -# WARNING: Use '\'' to represent an apostrophe within the trap. -# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. -trap 'exit_status=$? - # Save into config.log some information that might help in debugging. - { - echo - - $as_echo "## ---------------- ## -## Cache variables. ## -## ---------------- ##" - echo - # The following way of writing the cache mishandles newlines in values, -( - for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done - (set) 2>&1 | - case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - sed -n \ - "s/'\''/'\''\\\\'\'''\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" - ;; #( - *) - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) - echo - - $as_echo "## ----------------- ## -## Output variables. ## -## ----------------- ##" - echo - for ac_var in $ac_subst_vars - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - - if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## -## File substitutions. ## -## ------------------- ##" - echo - for ac_var in $ac_subst_files - do - eval ac_val=\$$ac_var - case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; - esac - $as_echo "$ac_var='\''$ac_val'\''" - done | sort - echo - fi - - if test -s confdefs.h; then - $as_echo "## ----------- ## -## confdefs.h. ## -## ----------- ##" - echo - cat confdefs.h - echo - fi - test "$ac_signal" != 0 && - $as_echo "$as_me: caught signal $ac_signal" - $as_echo "$as_me: exit $exit_status" - } >&5 - rm -f core *.core core.conftest.* && - rm -f -r conftest* confdefs* conf$$* $ac_clean_files && - exit $exit_status -' 0 -for ac_signal in 1 2 13 15; do - trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal -done -ac_signal=0 - -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -f -r conftest* confdefs.h - -$as_echo "/* confdefs.h */" > confdefs.h - -# Predefined preprocessor variables. - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF - -cat >>confdefs.h <<_ACEOF -#define PACKAGE_URL "$PACKAGE_URL" -_ACEOF - - -# Let the site file select an alternate cache file if it wants to. -# Prefer an explicitly selected file to automatically selected ones. -ac_site_file1=NONE -ac_site_file2=NONE -if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in #(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac -elif test "x$prefix" != xNONE; then - ac_site_file1=$prefix/share/config.site - ac_site_file2=$prefix/etc/config.site -else - ac_site_file1=$ac_default_prefix/share/config.site - ac_site_file2=$ac_default_prefix/etc/config.site -fi -for ac_site_file in "$ac_site_file1" "$ac_site_file2" -do - test "x$ac_site_file" = xNONE && continue - if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -$as_echo "$as_me: loading site script $ac_site_file" >&6;} - sed 's/^/| /' "$ac_site_file" >&5 - . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } - fi -done - -if test -r "$cache_file"; then - # Some versions of bash will fail to source /dev/null (special files - # actually), so we avoid doing that. DJGPP emulates it as a regular file. - if test /dev/null != "$cache_file" && test -f "$cache_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -$as_echo "$as_me: loading cache $cache_file" >&6;} - case $cache_file in - [\\/]* | ?:[\\/]* ) . "$cache_file";; - *) . "./$cache_file";; - esac - fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -$as_echo "$as_me: creating cache $cache_file" >&6;} - >$cache_file -fi - -# Check that the precious variables saved in the cache have kept the same -# value. -ac_cache_corrupted=false -for ac_var in $ac_precious_vars; do - eval ac_old_set=\$ac_cv_env_${ac_var}_set - eval ac_new_set=\$ac_env_${ac_var}_set - eval ac_old_val=\$ac_cv_env_${ac_var}_value - eval ac_new_val=\$ac_env_${ac_var}_value - case $ac_old_set,$ac_new_set in - set,) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,set) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} - ac_cache_corrupted=: ;; - ,);; - *) - if test "x$ac_old_val" != "x$ac_new_val"; then - # differences in whitespace do not lead to failure. - ac_old_val_w=`echo x $ac_old_val` - ac_new_val_w=`echo x $ac_new_val` - if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} - ac_cache_corrupted=: - else - { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} - eval $ac_var=\$ac_old_val - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} - fi;; - esac - # Pass precious variables to config.status. - if test "$ac_new_set" = set; then - case $ac_new_val in - *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; - *) ac_arg=$ac_var=$ac_new_val ;; - esac - case " $ac_configure_args " in - *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. - *) as_fn_append ac_configure_args " '$ac_arg'" ;; - esac - fi -done -if $ac_cache_corrupted; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 -fi -## -------------------- ## -## Main body of script. ## -## -------------------- ## - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -ac_config_headers="$ac_config_headers config.h" - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. -set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_CC"; then - ac_ct_CC=$CC - # Extract the first word of "gcc", so it can be a program name with args. -set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -else - CC="$ac_cv_prog_CC" -fi - -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. -set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - fi -fi -if test -z "$CC"; then - # Extract the first word of "cc", so it can be a program name with args. -set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else - ac_prog_rejected=no -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -if test $ac_prog_rejected = yes; then - # We found a bogon in the path, so make sure we never use it. - set dummy $ac_cv_prog_CC - shift - if test $# != 0; then - # We chose a different compiler from the bogus one. - # However, it has the same basename, so the bogon will be chosen - # first if we set CC to just the basename; use the full file name. - shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" - fi -fi -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$CC"; then - if test -n "$ac_tool_prefix"; then - for ac_prog in cl.exe - do - # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. -set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$CC"; then - ac_cv_prog_CC="$CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -CC=$ac_cv_prog_CC -if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$CC" && break - done -fi -if test -z "$CC"; then - ac_ct_CC=$CC - for ac_prog in cl.exe -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_CC"; then - ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_CC=$ac_cv_prog_ac_ct_CC -if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$ac_ct_CC" && break -done - - if test "x$ac_ct_CC" = x; then - CC="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - CC=$ac_ct_CC - fi -fi - -fi - - -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } - -# Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 -set X $ac_compile -ac_compiler=$2 -for ac_option in --version -v -V -qversion; do - { { ac_try="$ac_compiler $ac_option >&5" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compiler $ac_option >&5") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - sed '10a\ -... rest of stderr output deleted ... - 10q' conftest.err >conftest.er1 - cat conftest.er1 >&5 - fi - rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } -done - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" -# Try to create an executable without -o first, disregard a.out. -# It will help us diagnose broken compilers, and finding out an intuition -# of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` - -# The possible output files: -ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" - -ac_rmfiles= -for ac_file in $ac_files -do - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - * ) ac_rmfiles="$ac_rmfiles $ac_file";; - esac -done -rm -f $ac_rmfiles - -if { { ac_try="$ac_link_default" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link_default") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' -# in a Makefile. We should not override ac_cv_exeext if it was cached, -# so that the user can short-circuit this test for compilers unknown to -# Autoconf. -for ac_file in $ac_files '' -do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) - ;; - [ab].out ) - # We found the default executable, but exeext='' is most - # certainly right. - break;; - *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; - then :; else - ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - fi - # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' - # argument, so we may need to know it at that point already. - # Even if this section looks crufty: it has the advantage of - # actually working. - break;; - * ) - break;; - esac -done -test "$ac_cv_exeext" = no && ac_cv_exeext= - -else - ac_file='' -fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } -ac_exeext=$ac_cv_exeext - -rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } -if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. -for ac_file in conftest.exe conftest conftest.*; do - test -f "$ac_file" || continue - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; - *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` - break;; - * ) break;; - esac -done -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } - -rm -f conftest.$ac_ext -EXEEXT=$ac_cv_exeext -ac_exeext=$EXEEXT -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <stdio.h> -int -main () -{ -FILE *f = fopen ("conftest.out", "w"); - return ferror (f) || fclose (f) != 0; - - ; - return 0; -} -_ACEOF -ac_clean_files="$ac_clean_files conftest.out" -# Check that the compiler produces executables we can run. If not, either -# the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } -if test "$cross_compiling" != yes; then - { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - if { ac_try='./conftest$ac_cv_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - cross_compiling=no - else - if test "$cross_compiling" = maybe; then - cross_compiling=yes - else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } - fi - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } - -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out -ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -rm -f conftest.o conftest.obj -if { { ac_try="$ac_compile" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_compile") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : - for ac_file in conftest.o conftest.obj conftest.*; do - test -f "$ac_file" || continue; - case $ac_file in - *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; - *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` - break;; - esac -done -else - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } -fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } -OBJEXT=$ac_cv_objext -ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ -#ifndef __GNUC__ - choke me -#endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_compiler_gnu=yes -else - ac_compiler_gnu=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -ac_cv_c_compiler_gnu=$ac_compiler_gnu - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } -if test $ac_compiler_gnu = yes; then - GCC=yes -else - GCC= -fi -ac_test_CFLAGS=${CFLAGS+set} -ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_save_c_werror_flag=$ac_c_werror_flag - ac_c_werror_flag=yes - ac_cv_prog_cc_g=no - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -else - CFLAGS="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - -else - ac_c_werror_flag=$ac_save_c_werror_flag - CFLAGS="-g" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_g=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then - CFLAGS=$ac_save_CFLAGS -elif test $ac_cv_prog_cc_g = yes; then - if test "$GCC" = yes; then - CFLAGS="-g -O2" - else - CFLAGS="-g" - fi -else - if test "$GCC" = yes; then - CFLAGS="-O2" - else - CFLAGS= - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no -ac_save_CC=$CC -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <stdarg.h> -#include <stdio.h> -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} -_ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" -do - CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_prog_cc_c89=$ac_arg -fi -rm -f core conftest.err conftest.$ac_objext - test "x$ac_cv_prog_cc_c89" != "xno" && break -done -rm -f conftest.$ac_ext -CC=$ac_save_CC - -fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : - -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 -fi - -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. - - -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_build_alias=$build_alias -test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` -test "x$ac_build_alias" = x && - as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } -case $ac_cv_build in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; -esac -build=$ac_cv_build -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_build -shift -build_cpu=$1 -build_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -build_os=$* -IFS=$ac_save_IFS -case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "x$host_alias" = x; then - ac_cv_host=$ac_cv_build -else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } -case $ac_cv_host in -*-*-*) ;; -*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; -esac -host=$ac_cv_host -ac_save_IFS=$IFS; IFS='-' -set x $ac_cv_host -shift -host_cpu=$1 -host_vendor=$2 -shift; shift -# Remember, the first character of IFS is used to create $*, -# except with old shells: -host_os=$* -IFS=$ac_save_IFS -case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - # <limits.h> exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - # <limits.h> exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <stdlib.h> -#include <stdarg.h> -#include <string.h> -#include <float.h> - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <string.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <stdlib.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ctype.h> -#include <stdlib.h> -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "#define STDC_HEADERS 1" >>confdefs.h - -fi - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 -$as_echo_n "checking whether byte ordering is bigendian... " >&6; } -if ${ac_cv_c_bigendian+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_bigendian=unknown - # See if we're dealing with a universal compiler. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifndef __APPLE_CC__ - not a universal capable compiler - #endif - typedef int dummy; - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - # Check for potential -arch flags. It is not universal unless - # there are at least two -arch flags with different values. - ac_arch= - ac_prev= - for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do - if test -n "$ac_prev"; then - case $ac_word in - i?86 | x86_64 | ppc | ppc64) - if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then - ac_arch=$ac_word - else - ac_cv_c_bigendian=universal - break - fi - ;; - esac - ac_prev= - elif test "x$ac_word" = "x-arch"; then - ac_prev=arch - fi - done -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test $ac_cv_c_bigendian = unknown; then - # See if sys/param.h defines the BYTE_ORDER macro. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - #include <sys/param.h> - -int -main () -{ -#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ - && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ - && LITTLE_ENDIAN) - bogus endian macros - #endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - # It does; now see whether it defined to BIG_ENDIAN or not. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - #include <sys/param.h> - -int -main () -{ -#if BYTE_ORDER != BIG_ENDIAN - not big endian - #endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_bigendian=yes -else - ac_cv_c_bigendian=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - if test $ac_cv_c_bigendian = unknown; then - # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <limits.h> - -int -main () -{ -#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) - bogus endian macros - #endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - # It does; now see whether it defined to _BIG_ENDIAN or not. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <limits.h> - -int -main () -{ -#ifndef _BIG_ENDIAN - not big endian - #endif - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_bigendian=yes -else - ac_cv_c_bigendian=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - if test $ac_cv_c_bigendian = unknown; then - # Compile a test program. - if test "$cross_compiling" = yes; then : - # Try to guess by grepping values from an object file. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -short int ascii_mm[] = - { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; - short int ascii_ii[] = - { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; - int use_ascii (int i) { - return ascii_mm[i] + ascii_ii[i]; - } - short int ebcdic_ii[] = - { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; - short int ebcdic_mm[] = - { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; - int use_ebcdic (int i) { - return ebcdic_mm[i] + ebcdic_ii[i]; - } - extern int foo; - -int -main () -{ -return use_ascii (foo) == use_ebcdic (foo); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then - ac_cv_c_bigendian=yes - fi - if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then - if test "$ac_cv_c_bigendian" = unknown; then - ac_cv_c_bigendian=no - else - # finding both strings is unlikely to happen, but who knows? - ac_cv_c_bigendian=unknown - fi - fi -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ - - /* Are we little or big endian? From Harbison&Steele. */ - union - { - long int l; - char c[sizeof (long int)]; - } u; - u.l = 1; - return u.c[sizeof (long int) - 1] == 1; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_c_bigendian=no -else - ac_cv_c_bigendian=yes -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 -$as_echo "$ac_cv_c_bigendian" >&6; } - case $ac_cv_c_bigendian in #( - yes) - $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h -;; #( - no) - ;; #( - universal) - -$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h - - ;; #( - *) - as_fn_error $? "unknown endianness - presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; - esac - - -# Checks for programs. -for ac_prog in gawk mawk nawk awk -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$AWK"; then - ac_cv_prog_AWK="$AWK" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -AWK=$ac_cv_prog_AWK -if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$AWK" && break -done - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - # <limits.h> exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - # <limits.h> exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - # Broken: success on invalid input. -continue -else - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : - -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. -set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$RANLIB"; then - ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -RANLIB=$ac_cv_prog_RANLIB -if test -n "$RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -$as_echo "$RANLIB" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_prog_RANLIB"; then - ac_ct_RANLIB=$RANLIB - # Extract the first word of "ranlib", so it can be a program name with args. -set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$ac_ct_RANLIB"; then - ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - -fi -fi -ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB -if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -$as_echo "$ac_ct_RANLIB" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_ct_RANLIB" = x; then - RANLIB=":" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - RANLIB=$ac_ct_RANLIB - fi -else - RANLIB="$ac_cv_prog_RANLIB" -fi - -# Find a good install program. We prefer a C program (faster), -# so one script is as good as another. But avoid the broken or -# incompatible versions: -# SysV /etc/install, /usr/sbin/install -# SunOS /usr/etc/install -# IRIX /sbin/install -# AIX /bin/install -# AmigaOS /C/install, which installs bootblocks on floppy discs -# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag -# AFS /usr/afsws/bin/install, which mishandles nonexistent args -# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" -# OS/2's system install, which has a completely different semantic -# ./install, which can be erroneously created by make from ./install.sh. -# Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } -if test -z "$INSTALL"; then -if ${ac_cv_path_install+:} false; then : - $as_echo_n "(cached) " >&6 -else - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in #(( - ./ | .// | /[cC]/* | \ - /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ - ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ - /usr/ucb/* ) ;; - *) - # OSF1 and SCO ODT 3.0 have their own names for install. - # Don't use installbsd from OSF since it installs stuff as root - # by default. - for ac_prog in ginstall scoinst install; do - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then - if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # AIX install. It has an incompatible calling convention. - : - elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then - # program-specific install script used by HP pwplus--don't use. - : - else - rm -rf conftest.one conftest.two conftest.dir - echo one > conftest.one - echo two > conftest.two - mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && - test -s conftest.one && test -s conftest.two && - test -s conftest.dir/conftest.one && - test -s conftest.dir/conftest.two - then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" - break 3 - fi - fi - fi - done - done - ;; -esac - - done -IFS=$as_save_IFS - -rm -rf conftest.one conftest.two conftest.dir - -fi - if test "${ac_cv_path_install+set}" = set; then - INSTALL=$ac_cv_path_install - else - # As a last resort, use the slow shell script. Don't cache a - # value for INSTALL within a source directory, because that will - # break other packages using the cache if that directory is - # removed, or if the value is a relative name. - INSTALL=$ac_install_sh - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } - -# Use test -z because SunOS4 sh mishandles braces in ${var-val}. -# It thinks the first close brace ends the variable substitution. -test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' - -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' - -test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - $as_echo_n 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - -# Extract the first word of "ar", so it can be a program name with args. -set dummy ar; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $AR in - [\\/]* | ?:[\\/]*) - ac_cv_path_AR="$AR" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_AR="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -AR=$ac_cv_path_AR -if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "cat", so it can be a program name with args. -set dummy cat; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_CAT+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $CAT in - [\\/]* | ?:[\\/]*) - ac_cv_path_CAT="$CAT" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -CAT=$ac_cv_path_CAT -if test -n "$CAT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5 -$as_echo "$CAT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "kill", so it can be a program name with args. -set dummy kill; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_KILL+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $KILL in - [\\/]* | ?:[\\/]*) - ac_cv_path_KILL="$KILL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -KILL=$ac_cv_path_KILL -if test -n "$KILL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 -$as_echo "$KILL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -for ac_prog in perl5 perl -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PERL+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PERL in - [\\/]* | ?:[\\/]*) - ac_cv_path_PERL="$PERL" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PERL=$ac_cv_path_PERL -if test -n "$PERL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 -$as_echo "$PERL" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$PERL" && break -done - -# Extract the first word of "sed", so it can be a program name with args. -set dummy sed; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $SED in - [\\/]* | ?:[\\/]*) - ac_cv_path_SED="$SED" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -SED=$ac_cv_path_SED -if test -n "$SED"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5 -$as_echo "$SED" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - -# Extract the first word of "ent", so it can be a program name with args. -set dummy ent; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ENT+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ENT in - [\\/]* | ?:[\\/]*) - ac_cv_path_ENT="$ENT" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ENT=$ac_cv_path_ENT -if test -n "$ENT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5 -$as_echo "$ENT" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - -# Extract the first word of "bash", so it can be a program name with args. -set dummy bash; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $TEST_MINUS_S_SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH -if test -n "$TEST_MINUS_S_SH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 -$as_echo "$TEST_MINUS_S_SH" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "ksh", so it can be a program name with args. -set dummy ksh; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $TEST_MINUS_S_SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH -if test -n "$TEST_MINUS_S_SH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 -$as_echo "$TEST_MINUS_S_SH" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "sh", so it can be a program name with args. -set dummy sh; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $TEST_MINUS_S_SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH -if test -n "$TEST_MINUS_S_SH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5 -$as_echo "$TEST_MINUS_S_SH" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "sh", so it can be a program name with args. -set dummy sh; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_SH+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $SH in - [\\/]* | ?:[\\/]*) - ac_cv_path_SH="$SH" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -SH=$ac_cv_path_SH -if test -n "$SH"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5 -$as_echo "$SH" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "groff", so it can be a program name with args. -set dummy groff; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_GROFF+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $GROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -GROFF=$ac_cv_path_GROFF -if test -n "$GROFF"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5 -$as_echo "$GROFF" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "nroff", so it can be a program name with args. -set dummy nroff; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_NROFF+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $NROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -NROFF=$ac_cv_path_NROFF -if test -n "$NROFF"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 -$as_echo "$NROFF" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "mandoc", so it can be a program name with args. -set dummy mandoc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_MANDOC+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $MANDOC in - [\\/]* | ?:[\\/]*) - ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -MANDOC=$ac_cv_path_MANDOC -if test -n "$MANDOC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5 -$as_echo "$MANDOC" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -TEST_SHELL=sh - - -if test "x$MANDOC" != "x" ; then - MANFMT="$MANDOC" -elif test "x$NROFF" != "x" ; then - MANFMT="$NROFF -mandoc" -elif test "x$GROFF" != "x" ; then - MANFMT="$GROFF -mandoc -Tascii" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5 -$as_echo "$as_me: WARNING: no manpage formatted found" >&2;} - MANFMT="false" -fi - - -# Extract the first word of "groupadd", so it can be a program name with args. -set dummy groupadd; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PATH_GROUPADD_PROG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /usr/sbin${PATH_SEPARATOR}/etc -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd" - ;; -esac -fi -PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG -if test -n "$PATH_GROUPADD_PROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5 -$as_echo "$PATH_GROUPADD_PROG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "useradd", so it can be a program name with args. -set dummy useradd; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PATH_USERADD_PROG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PATH_USERADD_PROG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in /usr/sbin${PATH_SEPARATOR}/etc -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd" - ;; -esac -fi -PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG -if test -n "$PATH_USERADD_PROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5 -$as_echo "$PATH_USERADD_PROG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -# Extract the first word of "pkgmk", so it can be a program name with args. -set dummy pkgmk; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$MAKE_PACKAGE_SUPPORTED"; then - ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no" -fi -fi -MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED -if test -n "$MAKE_PACKAGE_SUPPORTED"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5 -$as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test -x /sbin/sh; then - STARTUP_SCRIPT_SHELL=/sbin/sh - -else - STARTUP_SCRIPT_SHELL=/bin/sh - -fi - -# System features -# Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then : - enableval=$enable_largefile; -fi - -if test "$enable_largefile" != no; then - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -$as_echo_n "checking for special C compiler options needed for large files... " >&6; } -if ${ac_cv_sys_largefile_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_sys_largefile_CC=no - if test "$GCC" != yes; then - ac_save_CC=$CC - while :; do - # IRIX 6.2 and later do not support large files by default, - # so use the C compiler's -n32 option if that helps. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF - if ac_fn_c_try_compile "$LINENO"; then : - break -fi -rm -f core conftest.err conftest.$ac_objext - CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_largefile_CC=' -n32'; break -fi -rm -f core conftest.err conftest.$ac_objext - break - done - CC=$ac_save_CC - rm -f conftest.$ac_ext - fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -$as_echo "$ac_cv_sys_largefile_CC" >&6; } - if test "$ac_cv_sys_largefile_CC" != no; then - CC=$CC$ac_cv_sys_largefile_CC - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if ${ac_cv_sys_file_offset_bits+:} false; then : - $as_echo_n "(cached) " >&6 -else - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_file_offset_bits=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _FILE_OFFSET_BITS 64 -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_file_offset_bits=64; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_file_offset_bits=unknown - break -done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -$as_echo "$ac_cv_sys_file_offset_bits" >&6; } -case $ac_cv_sys_file_offset_bits in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF -;; -esac -rm -rf conftest* - if test $ac_cv_sys_file_offset_bits = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } -if ${ac_cv_sys_large_files+:} false; then : - $as_echo_n "(cached) " >&6 -else - while :; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_large_files=no; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#define _LARGE_FILES 1 -#include <sys/types.h> - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_sys_large_files=1; break -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - ac_cv_sys_large_files=unknown - break -done -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -$as_echo "$ac_cv_sys_large_files" >&6; } -case $ac_cv_sys_large_files in #( - no | unknown) ;; - *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF -;; -esac -rm -rf conftest* - fi - - -fi - - -if test -z "$AR" ; then - as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5 -fi - -# Use LOGIN_PROGRAM from environment if possible -if test ! -z "$LOGIN_PROGRAM" ; then - -cat >>confdefs.h <<_ACEOF -#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM" -_ACEOF - -else - # Search for login - # Extract the first word of "login", so it can be a program name with args. -set dummy login; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_LOGIN_PROGRAM_FALLBACK+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $LOGIN_PROGRAM_FALLBACK in - [\\/]* | ?:[\\/]*) - ac_cv_path_LOGIN_PROGRAM_FALLBACK="$LOGIN_PROGRAM_FALLBACK" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_LOGIN_PROGRAM_FALLBACK="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK -if test -n "$LOGIN_PROGRAM_FALLBACK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LOGIN_PROGRAM_FALLBACK" >&5 -$as_echo "$LOGIN_PROGRAM_FALLBACK" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then - cat >>confdefs.h <<_ACEOF -#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM_FALLBACK" -_ACEOF - - fi -fi - -# Extract the first word of "passwd", so it can be a program name with args. -set dummy passwd; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PATH_PASSWD_PROG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG -if test -n "$PATH_PASSWD_PROG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5 -$as_echo "$PATH_PASSWD_PROG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -if test ! -z "$PATH_PASSWD_PROG" ; then - -cat >>confdefs.h <<_ACEOF -#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG" -_ACEOF - -fi - -if test -z "$LD" ; then - LD=$CC -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 -$as_echo_n "checking for inline... " >&6; } -if ${ac_cv_c_inline+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_c_inline=no -for ac_kw in inline __inline__ __inline; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifndef __cplusplus -typedef int foo_t; -static $ac_kw foo_t static_foo () {return 0; } -$ac_kw foo_t foo () {return 0; } -#endif - -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_c_inline=$ac_kw -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - test "$ac_cv_c_inline" != no && break -done - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 -$as_echo "$ac_cv_c_inline" >&6; } - -case $ac_cv_c_inline in - inline | yes) ;; - *) - case $ac_cv_c_inline in - no) ac_val=;; - *) ac_val=$ac_cv_c_inline;; - esac - cat >>confdefs.h <<_ACEOF -#ifndef __cplusplus -#define inline $ac_val -#endif -_ACEOF - ;; -esac - - -ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h> -" -if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : - have_llong_max=1 -fi - -ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" " - #include <sys/types.h> - #include <sys/param.h> - #include <dev/systrace.h> - -" -if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then : - have_systr_policy_kill=1 -fi - -ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" " - #include <sys/types.h> - #include <sys/resource.h> - -" -if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then : - -$as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h - -fi - - -use_stack_protector=1 - -# Check whether --with-stackprotect was given. -if test "${with_stackprotect+set}" = set; then : - withval=$with_stackprotect; - if test "x$withval" = "xno"; then - use_stack_protector=0 - fi -fi - - - -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5 -$as_echo_n "checking if $CC supports -Wall... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wall" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wall" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-arith" >&5 -$as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wpointer-arith" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wuninitialized" >&5 -$as_echo_n "checking if $CC supports -Wuninitialized... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wuninitialized" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wuninitialized" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsign-compare" >&5 -$as_echo_n "checking if $CC supports -Wsign-compare... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wsign-compare" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wsign-compare" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-security" >&5 -$as_echo_n "checking if $CC supports -Wformat-security... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wformat-security" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wformat-security" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-sign" >&5 -$as_echo_n "checking if $CC supports -Wpointer-sign... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wpointer-sign" - _define_flag="-Wno-pointer-sign" - test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunused-result" >&5 -$as_echo_n "checking if $CC supports -Wunused-result... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -Wunused-result" - _define_flag="-Wno-unused-result" - test "x$_define_flag" = "x" && _define_flag="-Wunused-result" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -fno-strict-aliasing" >&5 -$as_echo_n "checking if $CC supports -fno-strict-aliasing... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fno-strict-aliasing" - _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -int main(void) { return 0; } -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -} - { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 -$as_echo_n "checking gcc version... " >&6; } - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) no_attrib_nonnull=1 ;; - 2.8* | 2.9*) - no_attrib_nonnull=1 - ;; - 2.*) no_attrib_nonnull=1 ;; - *) ;; - esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 -$as_echo "$GCC_VER" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5 -$as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fno-builtin-memset" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <string.h> -int -main () -{ - char b[10]; memset(b, 0, sizeof(b)); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CFLAGS="$saved_CFLAGS" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - # -fstack-protector-all doesn't always work for some GCC versions - # and/or platforms, so we test if we can. If it's not supported - # on a given platform gcc will emit a warning so we use -Werror. -# if test "x$use_stack_protector" = "x1"; then -# for t in -fstack-protector-all -fstack-protector; do -# AC_MSG_CHECKING([if $CC supports $t]) -# saved_CFLAGS="$CFLAGS" -# saved_LDFLAGS="$LDFLAGS" -# CFLAGS="$CFLAGS $t -Werror" -# LDFLAGS="$LDFLAGS $t -Werror" -# AC_LINK_IFELSE( -# [AC_LANG_PROGRAM([[ #include <stdio.h> ]], -# [[ -# char x[256]; -# snprintf(x, sizeof(x), "XXX"); -# ]])], -# [ AC_MSG_RESULT([yes]) -# CFLAGS="$saved_CFLAGS $t" -# LDFLAGS="$saved_LDFLAGS $t" -# AC_MSG_CHECKING([if $t works]) -# AC_RUN_IFELSE( -# [AC_LANG_PROGRAM([[ #include <stdio.h> ]], -# [[ -# char x[256]; -# snprintf(x, sizeof(x), "XXX"); -# ]])], -# [ AC_MSG_RESULT([yes]) -# break ], -# [ AC_MSG_RESULT([no]) ], -# [ AC_MSG_WARN([cross compiling: cannot test]) -# break ] -# ) -# ], -# [ AC_MSG_RESULT([no]) ] -# ) -# CFLAGS="$saved_CFLAGS" -# LDFLAGS="$saved_LDFLAGS" -# done -# fi - - if test -z "$have_llong_max"; then - # retry LLONG_MAX with -std=gnu99, needed on some Linuxes - unset ac_cv_have_decl_LLONG_MAX - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -std=gnu99" - ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h> - -" -if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then : - have_llong_max=1 -else - CFLAGS="$saved_CFLAGS" -fi - - fi -fi - -if test "x$no_attrib_nonnull" != "x1" ; then - -$as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h - -fi - - -# Check whether --with-rpath was given. -if test "${with_rpath+set}" = set; then : - withval=$with_rpath; - if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 - fi - - -fi - - -# Allow user to specify flags - -# Check whether --with-cflags was given. -if test "${with_cflags+set}" = set; then : - withval=$with_cflags; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - - -fi - - -# Check whether --with-cppflags was given. -if test "${with_cppflags+set}" = set; then : - withval=$with_cppflags; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - - -fi - - -# Check whether --with-ldflags was given. -if test "${with_ldflags+set}" = set; then : - withval=$with_ldflags; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - - -fi - - -# Check whether --with-libs was given. -if test "${with_libs+set}" = set; then : - withval=$with_libs; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - - -fi - - -# Check whether --with-Werror was given. -if test "${with_Werror+set}" = set; then : - withval=$with_Werror; - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - - -fi - - -for ac_header in \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - poll.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/poll.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/statvfs.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - ucred.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ - -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -# lastlog.h requires sys/time.h to be included first on Solaris -for ac_header in lastlog.h -do : - ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" " -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif - -" -if test "x$ac_cv_header_lastlog_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LASTLOG_H 1 -_ACEOF - -fi - -done - - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -for ac_header in sys/ptms.h -do : - ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" " -#ifdef HAVE_SYS_STREAM_H -# include <sys/stream.h> -#endif - -" -if test "x$ac_cv_header_sys_ptms_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_PTMS_H 1 -_ACEOF - -fi - -done - - -# login_cap.h requires sys/types.h on NetBSD -for ac_header in login_cap.h -do : - ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" " -#include <sys/types.h> - -" -if test "x$ac_cv_header_login_cap_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LOGIN_CAP_H 1 -_ACEOF - -fi - -done - - -# older BSDs need sys/param.h before sys/mount.h -for ac_header in sys/mount.h -do : - ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" " -#include <sys/param.h> - -" -if test "x$ac_cv_header_sys_mount_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_MOUNT_H 1 -_ACEOF - -fi - -done - - -# Messages for features tested for in target-specific section -SIA_MSG="no" -SPC_MSG="no" -SP_MSG="no" - -# Check for some target-specific stuff -case "$host" in -*-*-aix*) - # Some versions of VAC won't allow macro redefinitions at - # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that - # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are - # not fatal. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5 -$as_echo_n "checking if compiler allows macro redefinitions... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#define testmacro foo -#define testmacro bar -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" - CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" - CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" - - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5 -$as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; } - if (test -z "$blibpath"); then - blibpath="/usr/lib:/lib" - fi - saved_LDFLAGS="$LDFLAGS" - if test "$GCC" = "yes"; then - flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" - else - flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," - fi - for tryflags in $flags ;do - if (test -z "$blibflags"); then - LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - blibflags=$tryflags -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - fi - done - if (test -z "$blibflags"); then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5 -$as_echo "$blibflags" >&6; } - fi - LDFLAGS="$saved_LDFLAGS" - ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate" -if test "x$ac_cv_func_authenticate" = xyes; then : - -$as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5 -$as_echo_n "checking for authenticate in -ls... " >&6; } -if ${ac_cv_lib_s_authenticate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ls $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char authenticate (); -int -main () -{ -return authenticate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_s_authenticate=yes -else - ac_cv_lib_s_authenticate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5 -$as_echo "$ac_cv_lib_s_authenticate" >&6; } -if test "x$ac_cv_lib_s_authenticate" = xyes; then : - $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h - - LIBS="$LIBS -ls" - -fi - - -fi - - ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h> -" -if test "x$ac_cv_have_decl_authenticate" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_AUTHENTICATE $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h> -" -if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h> -" -if test "x$ac_cv_have_decl_loginsuccess" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINSUCCESS $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h> -" -if test "x$ac_cv_have_decl_passwdexpired" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h> -" -if test "x$ac_cv_have_decl_setauthdb" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SETAUTHDB $ac_have_decl -_ACEOF - - ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h> - -" -if test "x$ac_cv_have_decl_loginfailed" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_LOGINFAILED $ac_have_decl -_ACEOF -if test $ac_have_decl = 1; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5 -$as_echo_n "checking if loginfailed takes 4 arguments... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <usersec.h> -int -main () -{ - (void)loginfailed("user","host","tty",0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - for ac_func in getgrset setauthdb -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h> - #include <fcntl.h> - -" -if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then : - -$as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h - -fi - - check_for_aix_broken_getaddrinfo=1 - -$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h - - -$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - -$as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - -$as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - -$as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h - - -$as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h - - -$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h - - -$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h - - -$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h - - ;; -*-*-cygwin*) - check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textreadmode.o" - -$as_echo "#define HAVE_CYGWIN 1" >>confdefs.h - - -$as_echo "#define USE_PIPES 1" >>confdefs.h - - -$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h - - -$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h - - -$as_echo "#define NO_IPPORT_RESERVED_CONCEPT 1" >>confdefs.h - - -$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - -$as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h - - -$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h - - ;; -*-*-dgux*) - -$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - ;; -*-*-mingw32*) - LIBS="$LIBS -lws2_32 -lgdi32 -lNetAPI32 -luserenv -lsecur32 -lshlwapi" - CFLAGS="$CFLAGS -I$PWD/contrib/win32/win32compat/includes -I$PWD/openbsd-compat -I$PWD/contrib/win32/win32compat/includes -I$PWD/libkrb" - LDFLAGS="$LDFLAGS" - - -$as_echo "#define USE_PIPES 1" >>confdefs.h - - -$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h - - -$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h - - -$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h - - -$as_echo "#define NO_IPPORT_RESERVED_CONCEPT 1" >>confdefs.h - - -$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - -$as_echo "#define DISABLE_UTMP 1" >>confdefs.h - - -$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h - - -$as_echo "#define ENABLE_PKCS11 1" >>confdefs.h - - - # - # We have no krb5-config tool and we don't want - # linking to -lkrb5 on Windows. - # - - SkipGssapiLibsCheck=1 - - ;; -*-*-darwin*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5 -$as_echo_n "checking if we have working getaddrinfo... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5 -$as_echo "assume it is working" >&6; } -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <mach-o/dyld.h> -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - exit(0); - else - exit(1); -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5 -$as_echo "working" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5 -$as_echo "buggy" >&6; } - -$as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - -$as_echo "#define BROKEN_GLOB 1" >>confdefs.h - - -cat >>confdefs.h <<_ACEOF -#define BIND_8_COMPAT 1 -_ACEOF - - -$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h - - -$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h - - -$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h - - - ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" -if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then : - -else - -$as_echo "#define AU_IPv4 0" >>confdefs.h - - #include <bsm/audit.h> - -$as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h - - -fi - - -$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h - - for ac_func in sandbox_init -do : - ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init" -if test "x$ac_cv_func_sandbox_init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SANDBOX_INIT 1 -_ACEOF - -fi -done - - for ac_header in sandbox.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default" -if test "x$ac_cv_header_sandbox_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SANDBOX_H 1 -_ACEOF - -fi - -done - - ;; -*-*-dragonfly*) - SSHDLIBS="$SSHDLIBS -lcrypt" - ;; -*-*-haiku*) - LIBS="$LIBS -lbsd " - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5 -$as_echo_n "checking for socket in -lnetwork... " >&6; } -if ${ac_cv_lib_network_socket+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnetwork $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char socket (); -int -main () -{ -return socket (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_network_socket=yes -else - ac_cv_lib_network_socket=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5 -$as_echo "$ac_cv_lib_network_socket" >&6; } -if test "x$ac_cv_lib_network_socket" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBNETWORK 1 -_ACEOF - - LIBS="-lnetwork $LIBS" - -fi - - $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h - - MANTYPE=man - ;; -*-*-hpux*) - # first we define all of the options common to all HP-UX releases - CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" - IPADDR_IN_DISPLAY=yes - $as_echo "#define USE_PIPES 1" >>confdefs.h - - -$as_echo "#define LOGIN_NO_ENDOPT 1" >>confdefs.h - - $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h - - -$as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h - - $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h - - maildir="/var/mail" - LIBS="$LIBS -lsec" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5 -$as_echo_n "checking for t_error in -lxnet... " >&6; } -if ${ac_cv_lib_xnet_t_error+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lxnet $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char t_error (); -int -main () -{ -return t_error (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_xnet_t_error=yes -else - ac_cv_lib_xnet_t_error=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5 -$as_echo "$ac_cv_lib_xnet_t_error" >&6; } -if test "x$ac_cv_lib_xnet_t_error" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBXNET 1 -_ACEOF - - LIBS="-lxnet $LIBS" - -else - as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5 -fi - - - # next, we define all of the options specific to major releases - case "$host" in - *-*-hpux10*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -Ae" - fi - ;; - *-*-hpux11*) - -$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h - - -$as_echo "#define DISABLE_UTMP 1" >>confdefs.h - - -$as_echo "#define USE_BTMP 1" >>confdefs.h - - check_for_hpux_broken_getaddrinfo=1 - check_for_conflicting_getspnam=1 - ;; - esac - - # lastly, we define options specific to minor releases - case "$host" in - *-*-hpux10.26) - -$as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h - - disable_ptmx_check=yes - LIBS="$LIBS -lsecpw" - ;; - esac - ;; -*-*-irix5*) - PATH="$PATH:/usr/etc" - -$as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - -$as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h - - $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h - - ;; -*-*-irix6*) - PATH="$PATH:/usr/etc" - -$as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h - - -$as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h - - -$as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h - - ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob" -if test "x$ac_cv_func_jlimit_startjob" = xyes; then : - -$as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h - -fi - - $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - -$as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h - - $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h - - $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h - - ;; -*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) - check_for_libcrypt_later=1 - $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h - - $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h - - $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h - - -$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h - - -$as_echo "#define USE_BTMP 1" >>confdefs.h - - ;; -*-*-linux*) - no_dev_ptmx=1 - check_for_libcrypt_later=1 - check_for_openpty_ctty_bug=1 - -$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h - - -$as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h - - $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h - - -$as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h - - -$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h - - $as_echo "#define USE_BTMP 1" >>confdefs.h - - -$as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h - - inet6_default_4in6=yes - case `uname -r` in - 1.*|2.0.*) - -$as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h - - ;; - esac - # tun(4) forwarding compat code - for ac_header in linux/if_tun.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default" -if test "x$ac_cv_header_linux_if_tun_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LINUX_IF_TUN_H 1 -_ACEOF - -fi - -done - - if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then - -$as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h - - -$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h - - -$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h - - fi - ;; -mips-sony-bsd|mips-sony-newsos4) - -$as_echo "#define NEED_SETPGRP 1" >>confdefs.h - - SONY=1 - ;; -*-*-netbsd*) - check_for_libcrypt_before=1 - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - -$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h - - ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" -if test "x$ac_cv_header_net_if_tap_h" = xyes; then : - -else - -$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h - -fi - - - -$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h - - ;; -*-*-freebsd*) - check_for_libcrypt_later=1 - -$as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h - - -$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h - - ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default" -if test "x$ac_cv_header_net_if_tap_h" = xyes; then : - -else - -$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h - -fi - - - -$as_echo "#define BROKEN_GLOB 1" >>confdefs.h - - ;; -*-*-bsdi*) - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - ;; -*-next-*) - conf_lastlog_location="/usr/adm/lastlog" - conf_utmp_location=/etc/utmp - conf_wtmp_location=/usr/adm/wtmp - maildir=/usr/spool/mail - -$as_echo "#define HAVE_NEXT 1" >>confdefs.h - - $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - -$as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h - - ;; -*-*-openbsd*) - -$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h - - -$as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h - - -$as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h - - -$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h - - ;; -*-*-solaris*) - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h - - $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h - - -$as_echo "#define LOGIN_NEEDS_TERM 1" >>confdefs.h - - $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h - - -$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h - - $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h - - # Pushing STREAMS modules will cause sshd to acquire a controlling tty. - -$as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h - - -$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h - - -$as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h - - external_path_file=/etc/default/login - # hardwire lastlog location (can't detect it on some versions) - conf_lastlog_location="/var/adm/lastlog" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5 -$as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; } - sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` - if test "$sol2ver" -ge 8; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define DISABLE_UTMP 1" >>confdefs.h - - -$as_echo "#define DISABLE_WTMP 1" >>confdefs.h - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - -# Check whether --with-solaris-contracts was given. -if test "${with_solaris_contracts+set}" = set; then : - withval=$with_solaris_contracts; - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5 -$as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; } -if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcontract $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ct_tmpl_activate (); -int -main () -{ -return ct_tmpl_activate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_contract_ct_tmpl_activate=yes -else - ac_cv_lib_contract_ct_tmpl_activate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5 -$as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; } -if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then : - -$as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h - - SSHDLIBS="$SSHDLIBS -lcontract" - SPC_MSG="yes" -fi - - -fi - - -# Check whether --with-solaris-projects was given. -if test "${with_solaris_projects+set}" = set; then : - withval=$with_solaris_projects; - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5 -$as_echo_n "checking for setproject in -lproject... " >&6; } -if ${ac_cv_lib_project_setproject+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lproject $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setproject (); -int -main () -{ -return setproject (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_project_setproject=yes -else - ac_cv_lib_project_setproject=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5 -$as_echo "$ac_cv_lib_project_setproject" >&6; } -if test "x$ac_cv_lib_project_setproject" = xyes; then : - -$as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h - - SSHDLIBS="$SSHDLIBS -lproject" - SP_MSG="yes" -fi - - -fi - - ;; -*-*-sunos4*) - CPPFLAGS="$CPPFLAGS -DSUNOS4" - for ac_func in getpwanam -do : - ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam" -if test "x$ac_cv_func_getpwanam" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETPWANAM 1 -_ACEOF - -fi -done - - $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h - - conf_utmp_location=/etc/utmp - conf_wtmp_location=/var/adm/wtmp - conf_lastlog_location=/var/adm/lastlog - $as_echo "#define USE_PIPES 1" >>confdefs.h - - ;; -*-ncr-sysv*) - LIBS="$LIBS -lc89" - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - ;; -*-sni-sysv*) - # /usr/ucblib MUST NOT be searched on ReliantUNIX - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5 -$as_echo_n "checking for dlsym in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlsym+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlsym (); -int -main () -{ -return dlsym (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dl_dlsym=yes -else - ac_cv_lib_dl_dlsym=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5 -$as_echo "$ac_cv_lib_dl_dlsym" >&6; } -if test "x$ac_cv_lib_dl_dlsym" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDL 1 -_ACEOF - - LIBS="-ldl $LIBS" - -fi - - # -lresolv needs to be at the end of LIBS or DNS lookups break - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 -$as_echo_n "checking for res_query in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_res_query+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char res_query (); -int -main () -{ -return res_query (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolv_res_query=yes -else - ac_cv_lib_resolv_res_query=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5 -$as_echo "$ac_cv_lib_resolv_res_query" >&6; } -if test "x$ac_cv_lib_resolv_res_query" = xyes; then : - LIBS="$LIBS -lresolv" -fi - - IPADDR_IN_DISPLAY=yes - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h - - external_path_file=/etc/default/login - # /usr/ucblib/libucb.a no longer needed on ReliantUNIX - # Attention: always take care to bind libsocket and libnsl before libc, - # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog - ;; -# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. -*-*-sysv4.2*) - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - -$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h - - $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h - - ;; -# UnixWare 7.x, OpenUNIX 8 -*-*-sysv5*) - CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" - -$as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h - - case "$host" in - *-*-sysv5SCO_SV*) # SCO OpenServer 6.x - maildir=/var/spool/mail - TEST_SHELL=/u95/bin/sh - -$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h - - $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5 -$as_echo_n "checking for getluid in -lprot... " >&6; } -if ${ac_cv_lib_prot_getluid+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lprot $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getluid (); -int -main () -{ -return getluid (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_prot_getluid=yes -else - ac_cv_lib_prot_getluid=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5 -$as_echo "$ac_cv_lib_prot_getluid" >&6; } -if test "x$ac_cv_lib_prot_getluid" = xyes; then : - LIBS="$LIBS -lprot" - for ac_func in getluid setluid -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h - - $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h - - -fi - - ;; - *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h - - check_for_libcrypt_later=1 - ;; - esac - ;; -*-*-sysv*) - ;; -# SCO UNIX and OEM versions of SCO UNIX -*-*-sco3.2v4*) - as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5 - ;; -# SCO OpenServer 5.x -*-*-sco3.2v5*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -belf" - fi - LIBS="$LIBS -lprot -lx -ltinfo -lm" - no_dev_ptmx=1 - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h - - $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h - - $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h - - $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h - - for ac_func in getluid setluid -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - MANTYPE=man - TEST_SHELL=ksh - ;; -*-*-unicosmk*) - -$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h - - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-dec-osf*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5 -$as_echo_n "checking for Digital Unix SIA... " >&6; } - no_osfsia="" - -# Check whether --with-osfsia was given. -if test "${with_osfsia+set}" = set; then : - withval=$with_osfsia; - if test "x$withval" = "xno" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 -$as_echo "disabled" >&6; } - no_osfsia=1 - fi - -fi - - if test -z "$no_osfsia" ; then - if test -f /etc/sia/matrix.conf; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h - - -$as_echo "#define DISABLE_LOGIN 1" >>confdefs.h - - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - LIBS="$LIBS -lsecurity -ldb -lm -laud" - SIA_MSG="yes" - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h - - fi - fi - $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h - - $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h - - $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h - - -$as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h - - ;; - -*-*-nto-qnx*) - $as_echo "#define USE_PIPES 1" >>confdefs.h - - $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h - - -$as_echo "#define MISSING_NFDBITS 1" >>confdefs.h - - -$as_echo "#define MISSING_HOWMANY 1" >>confdefs.h - - -$as_echo "#define MISSING_FD_MASK 1" >>confdefs.h - - $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h - - $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h - - -$as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h - - enable_etc_default_login=no # has incompatible /etc/default/login - case "$host" in - *-*-nto-qnx6*) - $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h - - ;; - esac - ;; - -*-*-ultrix*) - -$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h - - -$as_echo "#define BROKEN_MMAP 1" >>confdefs.h - - $as_echo "#define NEED_SETPGRP 1" >>confdefs.h - - -$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h - - ;; - -*-*-lynxos) - CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" - $as_echo "#define MISSING_HOWMANY 1" >>confdefs.h - - -$as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h - - ;; -esac - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5 -$as_echo_n "checking compiler and flags for sanity... " >&6; } -if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <stdio.h> -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5 - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -# Checks for libraries. -ac_fn_c_check_func "$LINENO" "yp_match" "ac_cv_func_yp_match" -if test "x$ac_cv_func_yp_match" = xyes; then : - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yp_match in -lnsl" >&5 -$as_echo_n "checking for yp_match in -lnsl... " >&6; } -if ${ac_cv_lib_nsl_yp_match+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lnsl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char yp_match (); -int -main () -{ -return yp_match (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nsl_yp_match=yes -else - ac_cv_lib_nsl_yp_match=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_yp_match" >&5 -$as_echo "$ac_cv_lib_nsl_yp_match" >&6; } -if test "x$ac_cv_lib_nsl_yp_match" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBNSL 1 -_ACEOF - - LIBS="-lnsl $LIBS" - -fi - -fi - -ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt" -if test "x$ac_cv_func_setsockopt" = xyes; then : - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5 -$as_echo_n "checking for setsockopt in -lsocket... " >&6; } -if ${ac_cv_lib_socket_setsockopt+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lsocket $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setsockopt (); -int -main () -{ -return setsockopt (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_socket_setsockopt=yes -else - ac_cv_lib_socket_setsockopt=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5 -$as_echo "$ac_cv_lib_socket_setsockopt" >&6; } -if test "x$ac_cv_lib_socket_setsockopt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSOCKET 1 -_ACEOF - - LIBS="-lsocket $LIBS" - -fi - -fi - - -for ac_func in dirname -do : - ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname" -if test "x$ac_cv_func_dirname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DIRNAME 1 -_ACEOF - for ac_header in libgen.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" -if test "x$ac_cv_header_libgen_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBGEN_H 1 -_ACEOF - -fi - -done - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5 -$as_echo_n "checking for dirname in -lgen... " >&6; } -if ${ac_cv_lib_gen_dirname+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgen $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dirname (); -int -main () -{ -return dirname (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gen_dirname=yes -else - ac_cv_lib_gen_dirname=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5 -$as_echo "$ac_cv_lib_gen_dirname" >&6; } -if test "x$ac_cv_lib_gen_dirname" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5 -$as_echo_n "checking for broken dirname... " >&6; } -if ${ac_cv_have_broken_dirname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - save_LIBS="$LIBS" - LIBS="$LIBS -lgen" - if test "$cross_compiling" = yes; then : - ac_cv_have_broken_dirname="no" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <libgen.h> -#include <string.h> - -int main(int argc, char **argv) { - char *s, buf[32]; - - strncpy(buf,"/etc", 32); - s = dirname(buf); - if (!s || strncmp(s, "/", 32) != 0) { - exit(1); - } else { - exit(0); - } -} - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_have_broken_dirname="no" -else - ac_cv_have_broken_dirname="yes" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - LIBS="$save_LIBS" - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5 -$as_echo "$ac_cv_have_broken_dirname" >&6; } - if test "x$ac_cv_have_broken_dirname" = "xno" ; then - LIBS="$LIBS -lgen" - $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h - - for ac_header in libgen.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default" -if test "x$ac_cv_header_libgen_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBGEN_H 1 -_ACEOF - -fi - -done - - fi - -fi - - -fi -done - - -ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam" -if test "x$ac_cv_func_getspnam" = xyes; then : - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5 -$as_echo_n "checking for getspnam in -lgen... " >&6; } -if ${ac_cv_lib_gen_getspnam+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgen $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getspnam (); -int -main () -{ -return getspnam (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gen_getspnam=yes -else - ac_cv_lib_gen_getspnam=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5 -$as_echo "$ac_cv_lib_gen_getspnam" >&6; } -if test "x$ac_cv_lib_gen_getspnam" = xyes; then : - LIBS="$LIBS -lgen" -fi - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5 -$as_echo_n "checking for library containing basename... " >&6; } -if ${ac_cv_search_basename+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char basename (); -int -main () -{ -return basename (); - ; - return 0; -} -_ACEOF -for ac_lib in '' gen; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_basename=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_basename+:} false; then : - break -fi -done -if ${ac_cv_search_basename+:} false; then : - -else - ac_cv_search_basename=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5 -$as_echo "$ac_cv_search_basename" >&6; } -ac_res=$ac_cv_search_basename -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -$as_echo "#define HAVE_BASENAME 1" >>confdefs.h - -fi - - - -# Check whether --with-zlib was given. -if test "${with_zlib+set}" = set; then : - withval=$with_zlib; if test "x$withval" = "xno" ; then - as_fn_error $? "*** zlib is required ***" "$LINENO" 5 - elif test "x$withval" != "xyes"; then - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - -fi - - -ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" -if test "x$ac_cv_header_zlib_h" = xyes; then : - -else - as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5 -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5 -$as_echo_n "checking for deflate in -lz... " >&6; } -if ${ac_cv_lib_z_deflate+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lz $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char deflate (); -int -main () -{ -return deflate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_z_deflate=yes -else - ac_cv_lib_z_deflate=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5 -$as_echo "$ac_cv_lib_z_deflate" >&6; } -if test "x$ac_cv_lib_z_deflate" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBZ 1 -_ACEOF - - LIBS="-lz $LIBS" - -else - - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" - save_LIBS="$LIBS" - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" - LIBS="$LIBS -lz" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char deflate (); -int -main () -{ -return deflate (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - $as_echo "#define HAVE_LIBZ 1" >>confdefs.h - -else - - as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5 - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - -fi - - - -# Check whether --with-zlib-version-check was given. -if test "${with_zlib_version_check+set}" = set; then : - withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then - zlib_check_nonfatal=1 - fi - - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5 -$as_echo_n "checking for possibly buggy zlib... " >&6; } -if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <zlib.h> - -int -main () -{ - - int a=0, b=0, c=0, d=0, n, v; - n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); - if (n != 3 && n != 4) - exit(1); - v = a*1000000 + b*10000 + c*100 + d; - fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); - - /* 1.1.4 is OK */ - if (a == 1 && b == 1 && c >= 4) - exit(0); - - /* 1.2.3 and up are OK */ - if (v >= 1020300) - exit(0); - - exit(2); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - if test -z "$zlib_check_nonfatal" ; then - as_fn_error $? "*** zlib too old - check config.log *** -Your reported zlib version has known security problems. It's possible your -vendor has fixed these problems without changing the version number. If you -are sure this is the case, you can disable the check by running -\"./configure --without-zlib-version-check\". -If you are in doubt, upgrade zlib to version 1.2.3 or greater. -See http://www.gzip.org/zlib/ for details." "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5 -$as_echo "$as_me: WARNING: zlib version may have security problems" >&2;} - fi - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" -if test "x$ac_cv_func_strcasecmp" = xyes; then : - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5 -$as_echo_n "checking for strcasecmp in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_strcasecmp+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lresolv $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strcasecmp (); -int -main () -{ -return strcasecmp (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_resolv_strcasecmp=yes -else - ac_cv_lib_resolv_strcasecmp=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5 -$as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; } -if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then : - LIBS="$LIBS -lresolv" -fi - - -fi - -for ac_func in utimes -do : - ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes" -if test "x$ac_cv_func_utimes" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UTIMES 1 -_ACEOF - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5 -$as_echo_n "checking for utimes in -lc89... " >&6; } -if ${ac_cv_lib_c89_utimes+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lc89 $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char utimes (); -int -main () -{ -return utimes (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_c89_utimes=yes -else - ac_cv_lib_c89_utimes=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5 -$as_echo "$ac_cv_lib_c89_utimes" >&6; } -if test "x$ac_cv_lib_c89_utimes" = xyes; then : - $as_echo "#define HAVE_UTIMES 1" >>confdefs.h - - LIBS="$LIBS -lc89" -fi - - -fi -done - - - - # - # WIN32_FIXME - # - - case "$host" in - *-*-mingw32*) - ;; - *) - for ac_header in libutil.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "libutil.h" "ac_cv_header_libutil_h" "$ac_includes_default" -if test "x$ac_cv_header_libutil_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBUTIL_H 1 -_ACEOF - -fi - -done - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 -$as_echo_n "checking for library containing login... " >&6; } -if ${ac_cv_search_login+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char login (); -int -main () -{ -return login (); - ; - return 0; -} -_ACEOF -for ac_lib in '' util bsd; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_login=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_login+:} false; then : - break -fi -done -if ${ac_cv_search_login+:} false; then : - -else - ac_cv_search_login=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5 -$as_echo "$ac_cv_search_login" >&6; } -ac_res=$ac_cv_search_login -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -$as_echo "#define HAVE_LOGIN 1" >>confdefs.h - -fi - - for ac_func in fmt_scaled logout updwtmp logwtmp -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - ;; - esac - - # - # END FIXME - # - -for ac_func in strftime -do : - ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" -if test "x$ac_cv_func_strftime" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRFTIME 1 -_ACEOF - -else - # strftime is in -lintl on SCO UNIX. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 -$as_echo_n "checking for strftime in -lintl... " >&6; } -if ${ac_cv_lib_intl_strftime+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lintl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char strftime (); -int -main () -{ -return strftime (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_intl_strftime=yes -else - ac_cv_lib_intl_strftime=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 -$as_echo "$ac_cv_lib_intl_strftime" >&6; } -if test "x$ac_cv_lib_intl_strftime" = xyes; then : - $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h - -LIBS="-lintl $LIBS" -fi - -fi -done - - -# Check for ALTDIRFUNC glob() extension -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5 -$as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include <glob.h> - #ifdef GLOB_ALTDIRFUNC - FOUNDIT - #endif - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "FOUNDIT" >/dev/null 2>&1; then : - - -$as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - - -fi -rm -f conftest* - - -# Check for g.gl_matchc glob() extension -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5 -$as_echo_n "checking for gl_matchc field in glob_t... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <glob.h> -int -main () -{ - glob_t g; g.gl_matchc = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - -$as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -# Check for g.gl_statv glob() extension -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5 -$as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <glob.h> -int -main () -{ - -#ifndef GLOB_KEEPSTAT -#error "glob does not support GLOB_KEEPSTAT extension" -#endif -glob_t g; -g.gl_statv = NULL; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - -$as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h> -" -if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl -_ACEOF - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5 -$as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; } -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5 -$as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;} - $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h - - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <dirent.h> -int -main () -{ - - struct dirent d; - exit(sizeof(d.d_name)<=sizeof(char)); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5 -$as_echo_n "checking for /proc/pid/fd directory... " >&6; } -if test -d "/proc/$$/fd" ; then - -$as_echo "#define HAVE_PROC_PID 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - -# Check whether user wants S/Key support -SKEY_MSG="no" - -# Check whether --with-skey was given. -if test "${with_skey+set}" = set; then : - withval=$with_skey; - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - -$as_echo "#define SKEY 1" >>confdefs.h - - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5 -$as_echo_n "checking for s/key support... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <skey.h> - -int -main () -{ - - char *ff = skey_keyinfo(""); ff=""; - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5 - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5 -$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <skey.h> - -int -main () -{ - - (void)skeychallenge(NULL,"name","",0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - - -fi - - -# Check whether user wants TCP wrappers support -TCPW_MSG="no" - -# Check whether --with-tcp-wrappers was given. -if test "${with_tcp_wrappers+set}" = set; then : - withval=$with_tcp_wrappers; - if test "x$withval" != "xno" ; then - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" - saved_CPPFLAGS="$CPPFLAGS" - if test -n "${withval}" && \ - test "x${withval}" != "xyes"; then - if test -d "${withval}/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "${withval}/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - LIBS="-lwrap $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libwrap" >&5 -$as_echo_n "checking for libwrap... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <tcpd.h> -int deny_severity = 0, allow_severity = 0; - -int -main () -{ - - hosts_access(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define LIBWRAP 1" >>confdefs.h - - SSHDLIBS="$SSHDLIBS -lwrap" - TCPW_MSG="yes" - -else - - as_fn_error $? "*** libwrap missing" "$LINENO" 5 - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$saved_LIBS" - fi - - -fi - - -# Check whether user wants libedit support -LIBEDIT_MSG="no" - -# Check whether --with-libedit was given. -if test "${with_libedit+set}" = set; then : - withval=$with_libedit; if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKGCONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKGCONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no" - ;; -esac -fi -PKGCONFIG=$ac_cv_path_PKGCONFIG -if test -n "$PKGCONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 -$as_echo "$PKGCONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test "x$PKGCONFIG" != "xno"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 -$as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; } - if "$PKGCONFIG" libedit; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - use_pkgconfig_for_libedit=yes - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - fi - else - CPPFLAGS="$CPPFLAGS -I${withval}/include" - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi - if test "x$use_pkgconfig_for_libedit" = "xyes"; then - LIBEDIT=`$PKGCONFIG --libs-only-l libedit` - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" - else - LIBEDIT="-ledit -lcurses" - fi - OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5 -$as_echo_n "checking for el_init in -ledit... " >&6; } -if ${ac_cv_lib_edit_el_init+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ledit $OTHERLIBS - $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char el_init (); -int -main () -{ -return el_init (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_edit_el_init=yes -else - ac_cv_lib_edit_el_init=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5 -$as_echo "$ac_cv_lib_edit_el_init" >&6; } -if test "x$ac_cv_lib_edit_el_init" = xyes; then : - -$as_echo "#define USE_LIBEDIT 1" >>confdefs.h - - LIBEDIT_MSG="yes" - - -else - as_fn_error $? "libedit not found" "$LINENO" 5 -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5 -$as_echo_n "checking if libedit version is compatible... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <histedit.h> -int -main () -{ - - int i = H_SETSIZE; - el_init("", NULL, NULL, NULL); - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "libedit version is not compatible" "$LINENO" 5 - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - -fi - - -AUDIT_MODULE=none - -# Check whether --with-audit was given. -if test "${with_audit+set}" = set; then : - withval=$with_audit; - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5 -$as_echo_n "checking for supported audit module... " >&6; } - case "$withval" in - bsm) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5 -$as_echo "bsm" >&6; } - AUDIT_MODULE=bsm - for ac_header in bsm/audit.h -do : - ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" " -#ifdef HAVE_TIME_H -# include <time.h> -#endif - - -" -if test "x$ac_cv_header_bsm_audit_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_BSM_AUDIT_H 1 -_ACEOF - -else - as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5 -fi - -done - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5 -$as_echo_n "checking for getaudit in -lbsm... " >&6; } -if ${ac_cv_lib_bsm_getaudit+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lbsm $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getaudit (); -int -main () -{ -return getaudit (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_bsm_getaudit=yes -else - ac_cv_lib_bsm_getaudit=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5 -$as_echo "$ac_cv_lib_bsm_getaudit" >&6; } -if test "x$ac_cv_lib_bsm_getaudit" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBBSM 1 -_ACEOF - - LIBS="-lbsm $LIBS" - -else - as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5 -fi - - for ac_func in getaudit -do : - ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit" -if test "x$ac_cv_func_getaudit" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETAUDIT 1 -_ACEOF - -else - as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5 -fi -done - - # These are optional - for ac_func in getaudit_addr aug_get_machine -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h - - ;; - linux) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5 -$as_echo "linux" >&6; } - AUDIT_MODULE=linux - for ac_header in libaudit.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default" -if test "x$ac_cv_header_libaudit_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBAUDIT_H 1 -_ACEOF - -fi - -done - - SSHDLIBS="$SSHDLIBS -laudit" - -$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h - - ;; - debug) - AUDIT_MODULE=debug - { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5 -$as_echo "debug" >&6; } - -$as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h - - ;; - no) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - *) - as_fn_error $? "Unknown audit module $withval" "$LINENO" 5 - ;; - esac - -fi - - -for ac_func in \ - arc4random \ - arc4random_buf \ - arc4random_uniform \ - asprintf \ - b64_ntop \ - __b64_ntop \ - b64_pton \ - __b64_pton \ - bcopy \ - bindresvport_sa \ - clock \ - closefrom \ - dirfd \ - fchmod \ - fchown \ - freeaddrinfo \ - fstatvfs \ - futimes \ - getaddrinfo \ - getcwd \ - getgrouplist \ - getnameinfo \ - getopt \ - getpeereid \ - getpeerucred \ - _getpty \ - getrlimit \ - getttyent \ - glob \ - group_from_gid \ - inet_aton \ - inet_ntoa \ - inet_ntop \ - innetgr \ - login_getcapbool \ - md5_crypt \ - memmove \ - mkdtemp \ - mmap \ - ngetaddrinfo \ - nsleep \ - ogetaddrinfo \ - openlog_r \ - openpty \ - poll \ - prctl \ - pstat \ - readpassphrase \ - realpath \ - recvmsg \ - rresvport_af \ - sendmsg \ - setdtablesize \ - setegid \ - setenv \ - seteuid \ - setgroupent \ - setgroups \ - setlogin \ - setpassent\ - setpcred \ - setproctitle \ - setregid \ - setreuid \ - setrlimit \ - setsid \ - setvbuf \ - sigaction \ - sigvec \ - snprintf \ - socketpair \ - statfs \ - statvfs \ - strdup \ - strerror \ - strlcat \ - strlcpy \ - strmode \ - strnvis \ - strptime \ - strtonum \ - strtoll \ - strtoul \ - swap32 \ - sysconf \ - tcgetpgrp \ - timingsafe_bcmp \ - truncate \ - unsetenv \ - updwtmpx \ - user_from_uid \ - vasprintf \ - vhangup \ - vsnprintf \ - waitpid \ - -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <ctype.h> -int -main () -{ - return (isblank('a')); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - -$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -# PKCS#11 support requires dlopen() and co -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 -$as_echo_n "checking for library containing dlopen... " >&6; } -if ${ac_cv_search_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dlopen=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dlopen+:} false; then : - break -fi -done -if ${ac_cv_search_dlopen+:} false; then : - -else - ac_cv_search_dlopen=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 -$as_echo "$ac_cv_search_dlopen" >&6; } -ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h - - -fi - - -# IRIX has a const char return value for gai_strerror() -for ac_func in gai_strerror -do : - ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror" -if test "x$ac_cv_func_gai_strerror" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GAI_STRERROR 1 -_ACEOF - - $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - -const char *gai_strerror(int); - -int -main () -{ - - char *str; - str = gai_strerror(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - -$as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -done - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 -$as_echo_n "checking for library containing nanosleep... " >&6; } -if ${ac_cv_search_nanosleep+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char nanosleep (); -int -main () -{ -return nanosleep (); - ; - return 0; -} -_ACEOF -for ac_lib in '' rt posix4; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_nanosleep=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_nanosleep+:} false; then : - break -fi -done -if ${ac_cv_search_nanosleep+:} false; then : - -else - ac_cv_search_nanosleep=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 -$as_echo "$ac_cv_search_nanosleep" >&6; } -ac_res=$ac_cv_search_nanosleep -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -$as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h - -fi - - -ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" -if test "x$ac_cv_have_decl_getrusage" = xyes; then : - for ac_func in getrusage -do : - ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage" -if test "x$ac_cv_func_getrusage" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETRUSAGE 1 -_ACEOF - -fi -done - -fi - -ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" " -#ifdef HAVE_STRING_H -# include <string.h> -#endif - -" -if test "x$ac_cv_have_decl_strsep" = xyes; then : - for ac_func in strsep -do : - ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep" -if test "x$ac_cv_func_strsep" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRSEP 1 -_ACEOF - -fi -done - -fi - - -ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h> - -" -if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then : - $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h - -else - for ac_func in tcsendbreak -do : - ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak" -if test "x$ac_cv_func_tcsendbreak" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_TCSENDBREAK 1 -_ACEOF - -fi -done - -fi - - -ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h> -" -if test "x$ac_cv_have_decl_h_errno" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_H_ERRNO $ac_have_decl -_ACEOF - - -ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" " -#include <sys/types.h> -#include <sys/socket.h> - -" -if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SHUT_RD $ac_have_decl -_ACEOF - - -ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" " -#include <sys/types.h> -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> -#endif -#ifdef HAVE_FCNTL_H -# include <fcntl.h> -#endif - -" -if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_O_NONBLOCK $ac_have_decl -_ACEOF - - -ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" " -#include <sys/types.h> -#include <sys/uio.h> -#include <unistd.h> - -" -if test "x$ac_cv_have_decl_writev" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_WRITEV $ac_have_decl -_ACEOF - - -ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" " -#include <sys/param.h> - -" -if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_MAXSYMLINKS $ac_have_decl -_ACEOF - - -ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" " -#include <stddef.h> - -" -if test "x$ac_cv_have_decl_offsetof" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_OFFSETOF $ac_have_decl -_ACEOF - - -for ac_func in setresuid -do : - ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" -if test "x$ac_cv_func_setresuid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETRESUID 1 -_ACEOF - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5 -$as_echo_n "checking if setresuid seems to work... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdlib.h> -#include <errno.h> - -int -main () -{ - - errno=0; - setresuid(0,0,0); - if (errno==ENOSYS) - exit(1); - else - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - -$as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 -$as_echo "not implemented" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -fi -done - - -for ac_func in setresgid -do : - ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" -if test "x$ac_cv_func_setresgid" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SETRESGID 1 -_ACEOF - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5 -$as_echo_n "checking if setresgid seems to work... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdlib.h> -#include <errno.h> - -int -main () -{ - - errno=0; - setresgid(0,0,0); - if (errno==ENOSYS) - exit(1); - else - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - -$as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5 -$as_echo "not implemented" >&6; } -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -fi -done - - -for ac_func in gettimeofday time -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -for ac_func in endutent getutent getutid getutline pututline setutent -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -for ac_func in utmpname -do : - ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname" -if test "x$ac_cv_func_utmpname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_UTMPNAME 1 -_ACEOF - -fi -done - -for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -for ac_func in setutxdb setutxent utmpxname -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - -for ac_func in getlastlogxbyname -do : - ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname" -if test "x$ac_cv_func_getlastlogxbyname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GETLASTLOGXBYNAME 1 -_ACEOF - -fi -done - - -ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" -if test "x$ac_cv_func_daemon" = xyes; then : - -$as_echo "#define HAVE_DAEMON 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5 -$as_echo_n "checking for daemon in -lbsd... " >&6; } -if ${ac_cv_lib_bsd_daemon+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lbsd $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char daemon (); -int -main () -{ -return daemon (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_bsd_daemon=yes -else - ac_cv_lib_bsd_daemon=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5 -$as_echo "$ac_cv_lib_bsd_daemon" >&6; } -if test "x$ac_cv_lib_bsd_daemon" = xyes; then : - LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h - -fi - - -fi - - -ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" -if test "x$ac_cv_func_getpagesize" = xyes; then : - -$as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5 -$as_echo_n "checking for getpagesize in -lucb... " >&6; } -if ${ac_cv_lib_ucb_getpagesize+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lucb $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getpagesize (); -int -main () -{ -return getpagesize (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ucb_getpagesize=yes -else - ac_cv_lib_ucb_getpagesize=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5 -$as_echo "$ac_cv_lib_ucb_getpagesize" >&6; } -if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then : - LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h - -fi - - -fi - - -# Check for broken snprintf -if test "x$ac_cv_func_snprintf" = "xyes" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5 -$as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 -$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <stdio.h> -int -main () -{ - - char b[5]; - snprintf(b,5,"123456789"); - exit(b[4]!='\0'); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 -$as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -# If we don't have a working asprintf, then we strongly depend on vsnprintf -# returning the right thing on overflow: the number of characters it tried to -# create (as per SUSv3) -if test "x$ac_cv_func_asprintf" != "xyes" && \ - test "x$ac_cv_func_vsnprintf" = "xyes" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5 -$as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; } - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5 -$as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <stdio.h> -#include <stdarg.h> - -int x_snprintf(char *str,size_t count,const char *fmt,...) -{ - size_t ret; va_list ap; - va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); - return ret; -} - -int -main () -{ - - char x[1]; - exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5 -$as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;} - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -# On systems where [v]snprintf is broken, but is declared in stdio, -# check that the fmt argument is const char * or just char *. -# This is only useful for when BROKEN_SNPRINTF -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5 -$as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -int snprintf(char *a, size_t b, const char *c, ...) { return 0; } - -int -main () -{ - - snprintf(0, 0, 0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define SNPRINTF_CONST const" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -# Check for missing getpeereid (or equiv) support -NO_PEERCHECK="" -if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5 -$as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -int -main () -{ -int i = SO_PEERCRED; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - NO_PEERCHECK=1 - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if test "x$ac_cv_func_mkdtemp" = "xyes" ; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5 -$as_echo_n "checking for (overly) strict mkstemp... " >&6; } -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h - - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdlib.h> - -int -main () -{ - - char template[]="conftest.mkstemp-test"; - if (mkstemp(template) == -1) - exit(1); - unlink(template); - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -if test ! -z "$check_for_openpty_ctty_bug"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5 -$as_echo_n "checking if openpty correctly handles controlling tty... " >&6; } - if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 -$as_echo "cross-compiling, assuming yes" >&6; } - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <sys/fcntl.h> -#include <sys/types.h> -#include <sys/wait.h> - -int -main () -{ - - pid_t pid; - int fd, ptyfd, ttyfd, status; - - pid = fork(); - if (pid < 0) { /* failed */ - exit(1); - } else if (pid > 0) { /* parent */ - waitpid(pid, &status, 0); - if (WIFEXITED(status)) - exit(WEXITSTATUS(status)); - else - exit(2); - } else { /* child */ - close(0); close(1); close(2); - setsid(); - openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) - exit(3); /* Acquired ctty: broken */ - else - exit(0); /* Did not acquire ctty: OK */ - } - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 -$as_echo_n "checking if getaddrinfo seems to work... " >&6; } - if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5 -$as_echo "cross-compiling, assuming yes" >&6; } - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - -int -main () -{ - - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (err != 0) { - if (err == EAI_SYSTEM) - perror("getnameinfo EAI_SYSTEM"); - else - fprintf(stderr, "getnameinfo failed: %s\n", - gai_strerror(err)); - exit(2); - } - - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) - perror("socket"); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (errno == EBADF) - exit(3); - } - } - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_aix_broken_getaddrinfo" = "x1"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5 -$as_echo_n "checking if getaddrinfo seems to work... " >&6; } - if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5 -$as_echo "cross-compiling, assuming no" >&6; } - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - -int -main () -{ - - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (ai->ai_family == AF_INET && err != 0) { - perror("getnameinfo"); - exit(2); - } - } - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h - - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h - - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - -if test "x$check_for_conflicting_getspnam" = "x1"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5 -$as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <shadow.h> -int -main () -{ - exit(0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h - - - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5 -$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; } -if ${ac_cv_func_getpgrp_void+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Use it with a single arg. -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -int -main () -{ -getpgrp (0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_func_getpgrp_void=no -else - ac_cv_func_getpgrp_void=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5 -$as_echo "$ac_cv_func_getpgrp_void" >&6; } -if test $ac_cv_func_getpgrp_void = yes; then - -$as_echo "#define GETPGRP_VOID 1" >>confdefs.h - -fi - - -# Search for OpenSSL -saved_CPPFLAGS="$CPPFLAGS" -saved_LDFLAGS="$LDFLAGS" - -# Check whether --with-ssl-dir was given. -if test "${with_ssl_dir+set}" = set; then : - withval=$with_ssl_dir; - if test "x$withval" != "xno" ; then - case "$withval" in - # Relative paths - ./*|../*) withval="`pwd`/$withval" - esac - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - elif test -d "$withval/lib64"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - - -fi - -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char RAND_add (); -int -main () -{ -return RAND_add (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - -$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h - -else - - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" - ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then : - -else - as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5 -fi - - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char RAND_add (); -int -main () -{ -return RAND_add (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h - -else - - as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5 - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -# Determine OpenSSL header version -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5 -$as_echo_n "checking OpenSSL header version... " >&6; } -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#define DATA "conftest.sslincver" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) - exit(1); - - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - ssl_header_ver=`cat conftest.sslincver` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5 -$as_echo "$ssl_header_ver" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - as_fn_error $? "OpenSSL version header not found." "$LINENO" 5 - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -# Determine OpenSSL library version -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5 -$as_echo_n "checking OpenSSL library version... " >&6; } -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#include <openssl/crypto.h> -#define DATA "conftest.ssllibver" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) - exit(1); - - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - ssl_library_ver=`cat conftest.ssllibver` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 -$as_echo "$ssl_library_ver" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - as_fn_error $? "OpenSSL library not found." "$LINENO" 5 - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - - -# Check whether --with-openssl-header-check was given. -if test "${with_openssl_header_check+set}" = set; then : - withval=$with_openssl_header_check; if test "x$withval" = "xno" ; then - openssl_check_nonfatal=1 - fi - - -fi - - -# Sanity check OpenSSL headers -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5 -$as_echo_n "checking whether OpenSSL's headers match the library... " >&6; } -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <string.h> -#include <openssl/opensslv.h> - -int -main () -{ - - exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - if test "x$openssl_check_nonfatal" = "x"; then - as_fn_error $? "Your OpenSSL headers do not match your -library. Check config.log for details. -If you are sure your installation is consistent, you can disable the check -by running \"./configure --without-openssl-header-check\". -Also see contrib/findssl.sh for help identifying header/library mismatches. -" "$LINENO" 5 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your -library. Check config.log for details. -Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 -$as_echo "$as_me: WARNING: Your OpenSSL headers do not match your -library. Check config.log for details. -Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;} - fi - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5 -$as_echo_n "checking if programs using OpenSSL functions will link... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <openssl/evp.h> -int -main () -{ - SSLeay_add_all_algorithms(); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - saved_LIBS="$LIBS" - LIBS="$LIBS -ldl" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5 -$as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <openssl/evp.h> -int -main () -{ - SSLeay_add_all_algorithms(); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$saved_LIBS" - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -for ac_func in RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - - -# Check whether --with-ssl-engine was given. -if test "${with_ssl_engine+set}" = set; then : - withval=$with_ssl_engine; if test "x$withval" != "xno" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5 -$as_echo_n "checking for OpenSSL ENGINE support... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <openssl/engine.h> - -int -main () -{ - - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h - - -else - as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5 - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi - -fi - - -# Check for OpenSSL without EVP_aes_{192,256}_cbc -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5 -$as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <string.h> -#include <openssl/evp.h> - -int -main () -{ - - exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h - - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5 -$as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <string.h> -#include <openssl/evp.h> - -int -main () -{ - - if(EVP_DigestUpdate(NULL, NULL,0)) - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h - - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, -# because the system crypt() is more featureful. -if test "x$check_for_libcrypt_before" = "x1"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 -$as_echo_n "checking for crypt in -lcrypt... " >&6; } -if ${ac_cv_lib_crypt_crypt+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char crypt (); -int -main () -{ -return crypt (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypt_crypt=yes -else - ac_cv_lib_crypt_crypt=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 -$as_echo "$ac_cv_lib_crypt_crypt" >&6; } -if test "x$ac_cv_lib_crypt_crypt" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBCRYPT 1 -_ACEOF - - LIBS="-lcrypt $LIBS" - -fi - -fi - -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the -# version in OpenSSL. -if test "x$check_for_libcrypt_later" = "x1"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5 -$as_echo_n "checking for crypt in -lcrypt... " >&6; } -if ${ac_cv_lib_crypt_crypt+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypt $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char crypt (); -int -main () -{ -return crypt (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypt_crypt=yes -else - ac_cv_lib_crypt_crypt=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5 -$as_echo "$ac_cv_lib_crypt_crypt" >&6; } -if test "x$ac_cv_lib_crypt_crypt" = xyes; then : - LIBS="$LIBS -lcrypt" -fi - -fi - -# Search for SHA256 support in libc and/or OpenSSL -for ac_func in SHA256_Update EVP_sha256 -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - TEST_SSH_SHA256=yes -else - TEST_SSH_SHA256=no -fi -done - - - -# Check complete ECC support in OpenSSL -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has complete ECC support" >&5 -$as_echo_n "checking whether OpenSSL has complete ECC support... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <openssl/ec.h> -#include <openssl/ecdh.h> -#include <openssl/ecdsa.h> -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/opensslv.h> -#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ -# error "OpenSSL < 0.9.8g has unreliable ECC code" -#endif - -int -main () -{ - - EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); - const EVP_MD *m = EVP_sha512(); /* We need this too */ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h - - TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - TEST_SSH_ECC=no - COMMENT_OUT_ECC="#no ecc#" - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - - -saved_LIBS="$LIBS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5 -$as_echo_n "checking for ia_openinfo in -liaf... " >&6; } -if ${ac_cv_lib_iaf_ia_openinfo+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-liaf $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ia_openinfo (); -int -main () -{ -return ia_openinfo (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_iaf_ia_openinfo=yes -else - ac_cv_lib_iaf_ia_openinfo=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5 -$as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; } -if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then : - - LIBS="$LIBS -liaf" - for ac_func in set_id -do : - ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id" -if test "x$ac_cv_func_set_id" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SET_ID 1 -_ACEOF - SSHDLIBS="$SSHDLIBS -liaf" - -$as_echo "#define HAVE_LIBIAF 1" >>confdefs.h - - -fi -done - - -fi - -LIBS="$saved_LIBS" - -### Configure cryptographic random number support - -# Check wheter OpenSSL seeds itself -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5 -$as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; } -if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 -$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} - # This is safe, since we will fatal() at runtime if - # OpenSSL is not seeded correctly. - OPENSSL_SEEDS_ITSELF=yes - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <string.h> -#include <openssl/rand.h> - -int -main () -{ - - exit(RAND_status() == 1 ? 0 : 1); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - OPENSSL_SEEDS_ITSELF=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - -# PRNGD TCP socket - -# Check whether --with-prngd-port was given. -if test "${with_prngd_port+set}" = set; then : - withval=$with_prngd_port; - case "$withval" in - no) - withval="" - ;; - [0-9]*) - ;; - *) - as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5 - ;; - esac - if test ! -z "$withval" ; then - PRNGD_PORT="$withval" - -cat >>confdefs.h <<_ACEOF -#define PRNGD_PORT $PRNGD_PORT -_ACEOF - - fi - - -fi - - -# PRNGD Unix domain socket - -# Check whether --with-prngd-socket was given. -if test "${with_prngd_socket+set}" = set; then : - withval=$with_prngd_socket; - case "$withval" in - yes) - withval="/var/run/egd-pool" - ;; - no) - withval="" - ;; - /*) - ;; - *) - as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5 - ;; - esac - - if test ! -z "$withval" ; then - if test ! -z "$PRNGD_PORT" ; then - as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5 - fi - if test ! -r "$withval" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5 -$as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;} - fi - PRNGD_SOCKET="$withval" - -cat >>confdefs.h <<_ACEOF -#define PRNGD_SOCKET "$PRNGD_SOCKET" -_ACEOF - - fi - -else - - # Check for existing socket only if we don't have a random device already - if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5 -$as_echo_n "checking for PRNGD/EGD socket... " >&6; } - # Insert other locations here - for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do - if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then - PRNGD_SOCKET="$sock" - cat >>confdefs.h <<_ACEOF -#define PRNGD_SOCKET "$PRNGD_SOCKET" -_ACEOF - - break; - fi - done - if test ! -z "$PRNGD_SOCKET" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5 -$as_echo "$PRNGD_SOCKET" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - fi - fi - - -fi - - -# Which randomness source do we use? -if test ! -z "$PRNGD_PORT" ; then - RAND_MSG="PRNGd port $PRNGD_PORT" -elif test ! -z "$PRNGD_SOCKET" ; then - RAND_MSG="PRNGd socket $PRNGD_SOCKET" -elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then - -$as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h - - RAND_MSG="OpenSSL internal ONLY" -else - as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5 -fi - -# Check for PAM libs -PAM_MSG="no" - -# Check whether --with-pam was given. -if test "${with_pam+set}" = set; then : - withval=$with_pam; - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - as_fn_error $? "PAM headers not found" "$LINENO" 5 - fi - - saved_LIBS="$LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_dl_dlopen=yes -else - ac_cv_lib_dl_dlopen=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDL 1 -_ACEOF - - LIBS="-ldl $LIBS" - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5 -$as_echo_n "checking for pam_set_item in -lpam... " >&6; } -if ${ac_cv_lib_pam_pam_set_item+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lpam $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char pam_set_item (); -int -main () -{ -return pam_set_item (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_pam_pam_set_item=yes -else - ac_cv_lib_pam_pam_set_item=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5 -$as_echo "$ac_cv_lib_pam_pam_set_item" >&6; } -if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBPAM 1 -_ACEOF - - LIBS="-lpam $LIBS" - -else - as_fn_error $? "*** libpam missing" "$LINENO" 5 -fi - - for ac_func in pam_getenvlist -do : - ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist" -if test "x$ac_cv_func_pam_getenvlist" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PAM_GETENVLIST 1 -_ACEOF - -fi -done - - for ac_func in pam_putenv -do : - ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv" -if test "x$ac_cv_func_pam_putenv" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PAM_PUTENV 1 -_ACEOF - -fi -done - - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - SSHDLIBS="$SSHDLIBS -lpam" - -$as_echo "#define USE_PAM 1" >>confdefs.h - - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - SSHDLIBS="$SSHDLIBS -ldl" - ;; - esac - fi - fi - - -fi - - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5 -$as_echo_n "checking whether pam_strerror takes only one argument... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdlib.h> -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include <security/pam_appl.h> -#elif defined (HAVE_PAM_PAM_APPL_H) -#include <pam/pam_appl.h> -#endif - -int -main () -{ - -(void)pam_strerror((pam_handle_t *)NULL, -1); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -else - - -$as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - PAM_MSG="yes (old library)" - - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -SSH_PRIVSEP_USER=sshd - -# Check whether --with-privsep-user was given. -if test "${with_privsep_user+set}" = set; then : - withval=$with_privsep_user; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - SSH_PRIVSEP_USER=$withval - fi - - -fi - - -cat >>confdefs.h <<_ACEOF -#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER" -_ACEOF - - - -# Decide which sandbox style to use -sandbox_arg="" - -# Check whether --with-sandbox was given. -if test "${with_sandbox+set}" = set; then : - withval=$with_sandbox; - if test "x$withval" = "xyes" ; then - sandbox_arg="" - else - sandbox_arg="$withval" - fi - - -fi - -if test "x$sandbox_arg" = "xsystrace" || \ - ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then - test "x$have_systr_policy_kill" != "x1" && \ - as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5 - SANDBOX_STYLE="systrace" - -$as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h - -elif test "x$sandbox_arg" = "xdarwin" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ - test "x$ac_cv_header_sandbox_h" = "xyes") ; then - test "x$ac_cv_func_sandbox_init" != "xyes" -o \ - "x$ac_cv_header_sandbox_h" != "xyes" && \ - as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5 - SANDBOX_STYLE="darwin" - -$as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h - -elif test "x$sandbox_arg" = "xrlimit" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then - test "x$ac_cv_func_setrlimit" != "xyes" && \ - as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 - SANDBOX_STYLE="rlimit" - -$as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h - -elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ - test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then - SANDBOX_STYLE="none" - -$as_echo "#define SANDBOX_NULL 1" >>confdefs.h - -else - as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5 -fi - -# Cheap hack to ensure NEWS-OS libraries are arranged right. -if test ! -z "$SONY" ; then - LIBS="$LIBS -liberty"; -fi - -# Check for long long datatypes -ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default" -if test "x$ac_cv_type_long_long" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_LONG_LONG 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default" -if test "x$ac_cv_type_unsigned_long_long" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_UNSIGNED_LONG_LONG 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default" -if test "x$ac_cv_type_long_double" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_LONG_DOUBLE 1 -_ACEOF - - -fi - - -# Check datatype sizes -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char" >&5 -$as_echo_n "checking size of char... " >&6; } -if ${ac_cv_sizeof_char+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char))" "ac_cv_sizeof_char" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_char" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (char) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_char=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char" >&5 -$as_echo "$ac_cv_sizeof_char" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_CHAR $ac_cv_sizeof_char -_ACEOF - - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5 -$as_echo_n "checking size of short int... " >&6; } -if ${ac_cv_sizeof_short_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_short_int" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (short int) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_short_int=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5 -$as_echo "$ac_cv_sizeof_short_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int -_ACEOF - - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 -$as_echo_n "checking size of int... " >&6; } -if ${ac_cv_sizeof_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_int" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (int) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_int=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 -$as_echo "$ac_cv_sizeof_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_INT $ac_cv_sizeof_int -_ACEOF - - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5 -$as_echo_n "checking size of long int... " >&6; } -if ${ac_cv_sizeof_long_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_long_int" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (long int) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_long_int=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5 -$as_echo "$ac_cv_sizeof_long_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int -_ACEOF - - -# The cast to long int works around a bug in the HP C Compiler -# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects -# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -# This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5 -$as_echo_n "checking size of long long int... " >&6; } -if ${ac_cv_sizeof_long_long_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then : - -else - if test "$ac_cv_type_long_long_int" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error 77 "cannot compute sizeof (long long int) -See \`config.log' for more details" "$LINENO" 5; } - else - ac_cv_sizeof_long_long_int=0 - fi -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5 -$as_echo "$ac_cv_sizeof_long_long_int" >&6; } - - - -cat >>confdefs.h <<_ACEOF -#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int -_ACEOF - - - -# Sanity check long long for some platforms (AIX) -if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then - ac_cv_sizeof_long_long_int=0 -fi - -# compute LLONG_MIN and LLONG_MAX if we don't know them. -if test -z "$have_llong_max"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5 -$as_echo_n "checking for max value of long long... " >&6; } - if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;} - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -/* Why is this so damn hard? */ -#ifdef __GNUC__ -# undef __GNUC__ -#endif -#define __USE_ISOC99 -#include <limits.h> -#define DATA "conftest.llminmax" -#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) - -/* - * printf in libc on some platforms (eg old Tru64) does not understand %lld so - * we do this the hard way. - */ -static int -fprint_ll(FILE *f, long long n) -{ - unsigned int i; - int l[sizeof(long long) * 8]; - - if (n < 0) - if (fprintf(f, "-") < 0) - return -1; - for (i = 0; n != 0; i++) { - l[i] = my_abs(n % 10); - n /= 10; - } - do { - if (fprintf(f, "%d", l[--i]) < 0) - return -1; - } while (i != 0); - if (fprintf(f, " ") < 0) - return -1; - return 0; -} - -int -main () -{ - - FILE *f; - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) - exit(1); - -#if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); - llmin = LLONG_MIN; - llmax = LLONG_MAX; -#else - fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); - /* This will work on one's complement and two's complement */ - for (i = 1; i > llmax; i <<= 1, i++) - llmax = i; - llmin = llmax + 1LL; /* wrap */ -#endif - - /* Sanity check */ - if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax || llmin == llmax || llmin == 0 - || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { - fprintf(f, "unknown unknown\n"); - exit(2); - } - - if (fprint_ll(f, llmin) < 0) - exit(3); - if (fprint_ll(f, llmax) < 0) - exit(4); - if (fclose(f) < 0) - exit(5); - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - llong_min=`$AWK '{print $1}' conftest.llminmax` - llong_max=`$AWK '{print $2}' conftest.llminmax` - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5 -$as_echo "$llong_max" >&6; } - -cat >>confdefs.h <<_ACEOF -#define LLONG_MAX ${llong_max}LL -_ACEOF - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5 -$as_echo_n "checking for min value of long long... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5 -$as_echo "$llong_min" >&6; } - -cat >>confdefs.h <<_ACEOF -#define LLONG_MIN ${llong_min}LL -_ACEOF - - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - - -# More checks for data types -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5 -$as_echo_n "checking for u_int type... " >&6; } -if ${ac_cv_have_u_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - u_int a; a = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_u_int="yes" -else - ac_cv_have_u_int="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5 -$as_echo "$ac_cv_have_u_int" >&6; } -if test "x$ac_cv_have_u_int" = "xyes" ; then - -$as_echo "#define HAVE_U_INT 1" >>confdefs.h - - have_u_int=1 -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5 -$as_echo_n "checking for intXX_t types... " >&6; } -if ${ac_cv_have_intxx_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - int8_t a; int16_t b; int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_intxx_t="yes" -else - ac_cv_have_intxx_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5 -$as_echo "$ac_cv_have_intxx_t" >&6; } -if test "x$ac_cv_have_intxx_t" = "xyes" ; then - -$as_echo "#define HAVE_INTXX_T 1" >>confdefs.h - - have_intxx_t=1 -fi - -if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") -then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5 -$as_echo_n "checking for intXX_t types in stdint.h... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <stdint.h> -int -main () -{ - int8_t a; int16_t b; int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5 -$as_echo_n "checking for int64_t type... " >&6; } -if ${ac_cv_have_int64_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#ifdef HAVE_STDINT_H -# include <stdint.h> -#endif -#include <sys/socket.h> -#ifdef HAVE_SYS_BITYPES_H -# include <sys/bitypes.h> -#endif - -int -main () -{ - -int64_t a; a = 1; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_int64_t="yes" -else - ac_cv_have_int64_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5 -$as_echo "$ac_cv_have_int64_t" >&6; } -if test "x$ac_cv_have_int64_t" = "xyes" ; then - -$as_echo "#define HAVE_INT64_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5 -$as_echo_n "checking for u_intXX_t types... " >&6; } -if ${ac_cv_have_u_intxx_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_u_intxx_t="yes" -else - ac_cv_have_u_intxx_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5 -$as_echo "$ac_cv_have_u_intxx_t" >&6; } -if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then - -$as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h - - have_u_intxx_t=1 -fi - -if test -z "$have_u_intxx_t" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5 -$as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/socket.h> -int -main () -{ - u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5 -$as_echo_n "checking for u_int64_t types... " >&6; } -if ${ac_cv_have_u_int64_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - u_int64_t a; a = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_u_int64_t="yes" -else - ac_cv_have_u_int64_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5 -$as_echo "$ac_cv_have_u_int64_t" >&6; } -if test "x$ac_cv_have_u_int64_t" = "xyes" ; then - -$as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h - - have_u_int64_t=1 -fi - -if test -z "$have_u_int64_t" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5 -$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/bitypes.h> -int -main () -{ - u_int64_t a; a = 1 - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if test -z "$have_u_intxx_t" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5 -$as_echo_n "checking for uintXX_t types... " >&6; } -if ${ac_cv_have_uintxx_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> - -int -main () -{ - - uint8_t a; - uint16_t b; - uint32_t c; - a = b = c = 1; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_uintxx_t="yes" -else - ac_cv_have_uintxx_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5 -$as_echo "$ac_cv_have_uintxx_t" >&6; } - if test "x$ac_cv_have_uintxx_t" = "xyes" ; then - -$as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h - - fi -fi - -if test -z "$have_uintxx_t" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5 -$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <stdint.h> -int -main () -{ - uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - -if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") -then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 -$as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/bitypes.h> - -int -main () -{ - - int8_t a; int16_t b; int32_t c; - u_int8_t e; u_int16_t f; u_int32_t g; - a = b = c = e = f = g = 1; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h - - $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5 -$as_echo_n "checking for u_char... " >&6; } -if ${ac_cv_have_u_char+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - u_char foo; foo = 125; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_u_char="yes" -else - ac_cv_have_u_char="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5 -$as_echo "$ac_cv_have_u_char" >&6; } -if test "x$ac_cv_have_u_char" = "xyes" ; then - -$as_echo "#define HAVE_U_CHAR 1" >>confdefs.h - -fi - -# -# WIN32_FIXME -# - -case "$host" in -*-*-mingw32*) - ;; -*) - - ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h> -#include <sys/socket.h> -" -if test "x$ac_cv_type_socklen_t" = xyes; then : - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 -$as_echo_n "checking for socklen_t equivalent... " >&6; } - if ${curl_cv_socklen_t_equiv+:} false; then : - $as_echo_n "(cached) " >&6 -else - - # Systems have either "struct sockaddr *" or - # "void *" as the second argument to getpeername - curl_cv_socklen_t_equiv= - for arg2 in "struct sockaddr" void; do - for t in int size_t unsigned long "unsigned long"; do - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include <sys/types.h> - #include <sys/socket.h> - - int getpeername (int, $arg2 *, $t *); - -int -main () -{ - - $t len; - getpeername(0,0,&len); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - - curl_cv_socklen_t_equiv="$t" - break - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - done - done - - if test "x$curl_cv_socklen_t_equiv" = x; then - as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 - fi - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5 -$as_echo "$curl_cv_socklen_t_equiv" >&6; } - -cat >>confdefs.h <<_ACEOF -#define socklen_t $curl_cv_socklen_t_equiv -_ACEOF - -fi - - - ;; -esac - -# -# END FIXME -# - -ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h> -" -if test "x$ac_cv_type_sig_atomic_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_SIG_ATOMIC_T 1 -_ACEOF - - -fi - -ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" " -#include <sys/types.h> -#ifdef HAVE_SYS_BITYPES_H -#include <sys/bitypes.h> -#endif -#ifdef HAVE_SYS_STATFS_H -#include <sys/statfs.h> -#endif -#ifdef HAVE_SYS_STATVFS_H -#include <sys/statvfs.h> -#endif - -" -if test "x$ac_cv_type_fsblkcnt_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_FSBLKCNT_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" " -#include <sys/types.h> -#ifdef HAVE_SYS_BITYPES_H -#include <sys/bitypes.h> -#endif -#ifdef HAVE_SYS_STATFS_H -#include <sys/statfs.h> -#endif -#ifdef HAVE_SYS_STATVFS_H -#include <sys/statvfs.h> -#endif - -" -if test "x$ac_cv_type_fsfilcnt_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_FSFILCNT_T 1 -_ACEOF - - -fi - - -ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h> -#include <netinet/in.h> -" -if test "x$ac_cv_type_in_addr_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_IN_ADDR_T 1 -_ACEOF - - -fi -ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h> -#include <netinet/in.h> -" -if test "x$ac_cv_type_in_port_t" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_IN_PORT_T 1 -_ACEOF - - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5 -$as_echo_n "checking for size_t... " >&6; } -if ${ac_cv_have_size_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - size_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_size_t="yes" -else - ac_cv_have_size_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5 -$as_echo "$ac_cv_have_size_t" >&6; } -if test "x$ac_cv_have_size_t" = "xyes" ; then - -$as_echo "#define HAVE_SIZE_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 -$as_echo_n "checking for ssize_t... " >&6; } -if ${ac_cv_have_ssize_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - ssize_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_ssize_t="yes" -else - ac_cv_have_ssize_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5 -$as_echo "$ac_cv_have_ssize_t" >&6; } -if test "x$ac_cv_have_ssize_t" = "xyes" ; then - -$as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5 -$as_echo_n "checking for clock_t... " >&6; } -if ${ac_cv_have_clock_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <time.h> -int -main () -{ - clock_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_clock_t="yes" -else - ac_cv_have_clock_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5 -$as_echo "$ac_cv_have_clock_t" >&6; } -if test "x$ac_cv_have_clock_t" = "xyes" ; then - -$as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5 -$as_echo_n "checking for sa_family_t... " >&6; } -if ${ac_cv_have_sa_family_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> - -int -main () -{ - sa_family_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_sa_family_t="yes" -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> - -int -main () -{ - sa_family_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_sa_family_t="yes" -else - ac_cv_have_sa_family_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5 -$as_echo "$ac_cv_have_sa_family_t" >&6; } -if test "x$ac_cv_have_sa_family_t" = "xyes" ; then - -$as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5 -$as_echo_n "checking for pid_t... " >&6; } -if ${ac_cv_have_pid_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - pid_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_pid_t="yes" -else - ac_cv_have_pid_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5 -$as_echo "$ac_cv_have_pid_t" >&6; } -if test "x$ac_cv_have_pid_t" = "xyes" ; then - -$as_echo "#define HAVE_PID_T 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5 -$as_echo_n "checking for mode_t... " >&6; } -if ${ac_cv_have_mode_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/types.h> -int -main () -{ - mode_t foo; foo = 1235; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_mode_t="yes" -else - ac_cv_have_mode_t="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5 -$as_echo "$ac_cv_have_mode_t" >&6; } -if test "x$ac_cv_have_mode_t" = "xyes" ; then - -$as_echo "#define HAVE_MODE_T 1" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 -$as_echo_n "checking for struct sockaddr_storage... " >&6; } -if ${ac_cv_have_struct_sockaddr_storage+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> - -int -main () -{ - struct sockaddr_storage s; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_struct_sockaddr_storage="yes" -else - ac_cv_have_struct_sockaddr_storage="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5 -$as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; } -if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then - -$as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5 -$as_echo_n "checking for struct sockaddr_in6... " >&6; } -if ${ac_cv_have_struct_sockaddr_in6+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <netinet/in.h> - -int -main () -{ - struct sockaddr_in6 s; s.sin6_family = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_struct_sockaddr_in6="yes" -else - ac_cv_have_struct_sockaddr_in6="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5 -$as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; } -if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - -$as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5 -$as_echo_n "checking for struct in6_addr... " >&6; } -if ${ac_cv_have_struct_in6_addr+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <netinet/in.h> - -int -main () -{ - struct in6_addr s; s.s6_addr[0] = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_struct_in6_addr="yes" -else - ac_cv_have_struct_in6_addr="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5 -$as_echo "$ac_cv_have_struct_in6_addr" >&6; } -if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - -$as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h - - - ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" " -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif -#include <netinet/in.h> - -" -if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 -_ACEOF - - -fi - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5 -$as_echo_n "checking for struct addrinfo... " >&6; } -if ${ac_cv_have_struct_addrinfo+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - -int -main () -{ - struct addrinfo s; s.ai_flags = AI_PASSIVE; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_struct_addrinfo="yes" -else - ac_cv_have_struct_addrinfo="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5 -$as_echo "$ac_cv_have_struct_addrinfo" >&6; } -if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - -$as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 -$as_echo_n "checking for struct timeval... " >&6; } -if ${ac_cv_have_struct_timeval+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <sys/time.h> -int -main () -{ - struct timeval tv; tv.tv_sec = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_struct_timeval="yes" -else - ac_cv_have_struct_timeval="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5 -$as_echo "$ac_cv_have_struct_timeval" >&6; } -if test "x$ac_cv_have_struct_timeval" = "xyes" ; then - -$as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h - - have_struct_timeval=1 -fi - -ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default" -if test "x$ac_cv_type_struct_timespec" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_TIMESPEC 1 -_ACEOF - - -fi - - -# We need int64_t or else certian parts of the compile will fail. -if test "x$ac_cv_have_int64_t" = "xno" && \ - test "x$ac_cv_sizeof_long_int" != "x8" && \ - test "x$ac_cv_sizeof_long_long_int" = "x0" ; then - echo "OpenSSH requires int64_t support. Contact your vendor or install" - echo "an alternative compiler (I.E., GCC) before continuing." - echo "" - exit 1; -else - if test "$cross_compiling" = yes; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5 -$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;} - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <string.h> -#ifdef HAVE_SNPRINTF -main() -{ - char buf[50]; - char expected_out[50]; - int mazsize = 50 ; -#if (SIZEOF_LONG_INT == 8) - long int num = 0x7fffffffffffffff; -#else - long long num = 0x7fffffffffffffffll; -#endif - strcpy(expected_out, "9223372036854775807"); - snprintf(buf, mazsize, "%lld", num); - if(strcmp(buf, expected_out) != 0) - exit(1); - exit(0); -} -#else -main() { exit(0); } -#endif - -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - true -else - $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi - - -# look for field 'ut_host' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5 -$as_echo_n "checking for ut_host field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_host" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_host' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5 -$as_echo_n "checking for ut_host field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_host" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'syslen' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"syslen - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5 -$as_echo_n "checking for syslen field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "syslen" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_pid' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5 -$as_echo_n "checking for ut_pid field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_pid" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_type' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5 -$as_echo_n "checking for ut_type field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_type" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_type' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5 -$as_echo_n "checking for ut_type field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_type" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_tv' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5 -$as_echo_n "checking for ut_tv field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_tv" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_id' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5 -$as_echo_n "checking for ut_id field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_id" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_id' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5 -$as_echo_n "checking for ut_id field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_id" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_addr' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5 -$as_echo_n "checking for ut_addr field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_addr' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5 -$as_echo_n "checking for ut_addr field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_addr_v6' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5 -$as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr_v6" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_addr_v6' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5 -$as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr_v6" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_exit' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5 -$as_echo_n "checking for ut_exit field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_exit" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_time' in header 'utmp.h' - ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5 -$as_echo_n "checking for ut_time field in utmp.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmp.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_time" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_time' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5 -$as_echo_n "checking for ut_time field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_time" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -# look for field 'ut_tv' in header 'utmpx.h' - ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` - ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5 -$as_echo_n "checking for ut_tv field in utmpx.h... " >&6; } - if eval \${$ossh_varname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <utmpx.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_tv" >/dev/null 2>&1; then : - eval "$ossh_varname=yes" -else - eval "$ossh_varname=no" -fi -rm -f conftest* - -fi - - ossh_result=`eval 'echo $'"$ossh_varname"` - if test -n "`echo $ossh_varname`"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5 -$as_echo "$ossh_result" >&6; } - if test "x$ossh_result" = "xyes"; then - -$as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h - - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - - -ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default" -if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then : - -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_STAT_ST_BLKSIZE 1 -_ACEOF - - -fi - -ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " -#include <stdio.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <resolv.h> - -" -if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then : - -else - -$as_echo "#define __res_state state" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5 -$as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; } -if ${ac_cv_have_ss_family_in_struct_ss+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> - -int -main () -{ - struct sockaddr_storage s; s.ss_family = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_ss_family_in_struct_ss="yes" -else - ac_cv_have_ss_family_in_struct_ss="no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5 -$as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; } -if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then - -$as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5 -$as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; } -if ${ac_cv_have___ss_family_in_struct_ss+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> - -int -main () -{ - struct sockaddr_storage s; s.__ss_family = 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have___ss_family_in_struct_ss="yes" -else - ac_cv_have___ss_family_in_struct_ss="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5 -$as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; } -if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then - -$as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_class field in struct passwd" >&5 -$as_echo_n "checking for pw_class field in struct passwd... " >&6; } -if ${ac_cv_have_pw_class_in_struct_passwd+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <pwd.h> -int -main () -{ - struct passwd p; p.pw_class = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_pw_class_in_struct_passwd="yes" -else - ac_cv_have_pw_class_in_struct_passwd="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 -$as_echo "$ac_cv_have_pw_class_in_struct_passwd" >&6; } -if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then - -$as_echo "#define HAVE_PW_CLASS_IN_PASSWD 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_expire field in struct passwd" >&5 -$as_echo_n "checking for pw_expire field in struct passwd... " >&6; } -if ${ac_cv_have_pw_expire_in_struct_passwd+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <pwd.h> -int -main () -{ - struct passwd p; p.pw_expire = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_pw_expire_in_struct_passwd="yes" -else - ac_cv_have_pw_expire_in_struct_passwd="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 -$as_echo "$ac_cv_have_pw_expire_in_struct_passwd" >&6; } -if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then - -$as_echo "#define HAVE_PW_EXPIRE_IN_PASSWD 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_change field in struct passwd" >&5 -$as_echo_n "checking for pw_change field in struct passwd... " >&6; } -if ${ac_cv_have_pw_change_in_struct_passwd+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <pwd.h> -int -main () -{ - struct passwd p; p.pw_change = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_pw_change_in_struct_passwd="yes" -else - ac_cv_have_pw_change_in_struct_passwd="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 -$as_echo "$ac_cv_have_pw_change_in_struct_passwd" >&6; } -if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then - -$as_echo "#define HAVE_PW_CHANGE_IN_PASSWD 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 -$as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } -if ${ac_cv_have_accrights_in_msghdr+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> - -int -main () -{ - -#ifdef msg_accrights -#error "msg_accrights is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_accrights = 0; -exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_accrights_in_msghdr="yes" -else - ac_cv_have_accrights_in_msghdr="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5 -$as_echo "$ac_cv_have_accrights_in_msghdr" >&6; } -if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then - -$as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5 -$as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/stat.h> -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif -#ifdef HAVE_SYS_MOUNT_H -#include <sys/mount.h> -#endif -#ifdef HAVE_SYS_STATVFS_H -#include <sys/statvfs.h> -#endif - -int -main () -{ - struct statvfs s; s.f_fsid = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5 -$as_echo_n "checking if fsid_t has member val... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/statvfs.h> - -int -main () -{ - fsid_t t; t.val[0] = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define FSID_HAS_VAL 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5 -$as_echo_n "checking if f_fsid has member __val... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/statvfs.h> - -int -main () -{ - fsid_t t; t.__val[0] = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define FSID_HAS___VAL 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5 -$as_echo_n "checking for msg_control field in struct msghdr... " >&6; } -if ${ac_cv_have_control_in_msghdr+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> - -int -main () -{ - -#ifdef msg_control -#error "msg_control is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_control = 0; -exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_have_control_in_msghdr="yes" -else - ac_cv_have_control_in_msghdr="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5 -$as_echo "$ac_cv_have_control_in_msghdr" >&6; } -if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then - -$as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5 -$as_echo_n "checking if libc defines __progname... " >&6; } -if ${ac_cv_libc_defines___progname+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - extern char *__progname; printf("%s", __progname); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_libc_defines___progname="yes" -else - ac_cv_libc_defines___progname="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5 -$as_echo "$ac_cv_libc_defines___progname" >&6; } -if test "x$ac_cv_libc_defines___progname" = "xyes" ; then - -$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5 -$as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; } -if ${ac_cv_cc_implements___FUNCTION__+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <stdio.h> -int -main () -{ - printf("%s", __FUNCTION__); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_cc_implements___FUNCTION__="yes" -else - ac_cv_cc_implements___FUNCTION__="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5 -$as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; } -if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then - -$as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5 -$as_echo_n "checking whether $CC implements __func__... " >&6; } -if ${ac_cv_cc_implements___func__+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <stdio.h> -int -main () -{ - printf("%s", __func__); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_cc_implements___func__="yes" -else - ac_cv_cc_implements___func__="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5 -$as_echo "$ac_cv_cc_implements___func__" >&6; } -if test "x$ac_cv_cc_implements___func__" = "xyes" ; then - -$as_echo "#define HAVE___func__ 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5 -$as_echo_n "checking whether va_copy exists... " >&6; } -if ${ac_cv_have_va_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdarg.h> -va_list x,y; - -int -main () -{ - va_copy(x,y); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_have_va_copy="yes" -else - ac_cv_have_va_copy="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5 -$as_echo "$ac_cv_have_va_copy" >&6; } -if test "x$ac_cv_have_va_copy" = "xyes" ; then - -$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5 -$as_echo_n "checking whether __va_copy exists... " >&6; } -if ${ac_cv_have___va_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdarg.h> -va_list x,y; - -int -main () -{ - __va_copy(x,y); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_have___va_copy="yes" -else - ac_cv_have___va_copy="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5 -$as_echo "$ac_cv_have___va_copy" >&6; } -if test "x$ac_cv_have___va_copy" = "xyes" ; then - -$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5 -$as_echo_n "checking whether getopt has optreset support... " >&6; } -if ${ac_cv_have_getopt_optreset+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <getopt.h> -int -main () -{ - extern int optreset; optreset = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_have_getopt_optreset="yes" -else - ac_cv_have_getopt_optreset="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5 -$as_echo "$ac_cv_have_getopt_optreset" >&6; } -if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then - -$as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5 -$as_echo_n "checking if libc defines sys_errlist... " >&6; } -if ${ac_cv_libc_defines_sys_errlist+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_libc_defines_sys_errlist="yes" -else - ac_cv_libc_defines_sys_errlist="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5 -$as_echo "$ac_cv_libc_defines_sys_errlist" >&6; } -if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then - -$as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5 -$as_echo_n "checking if libc defines sys_nerr... " >&6; } -if ${ac_cv_libc_defines_sys_nerr+:} false; then : - $as_echo_n "(cached) " >&6 -else - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - extern int sys_nerr; printf("%i", sys_nerr); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_libc_defines_sys_nerr="yes" -else - ac_cv_libc_defines_sys_nerr="no" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5 -$as_echo "$ac_cv_libc_defines_sys_nerr" >&6; } -if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then - -$as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h - -fi - -# -# WIN32_FIXME -# - -# Check libraries needed by DNS fingerprint support -case "$host" in -*-*-mingw32*) - ;; -*) -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5 -$as_echo_n "checking for library containing getrrsetbyname... " >&6; } -if ${ac_cv_search_getrrsetbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char getrrsetbyname (); -int -main () -{ -return getrrsetbyname (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_getrrsetbyname=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_getrrsetbyname+:} false; then : - break -fi -done -if ${ac_cv_search_getrrsetbyname+:} false; then : - -else - ac_cv_search_getrrsetbyname=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5 -$as_echo "$ac_cv_search_getrrsetbyname" >&6; } -ac_res=$ac_cv_search_getrrsetbyname -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -$as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h - -else - - # Needed by our getrrsetbyname() - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5 -$as_echo_n "checking for library containing res_query... " >&6; } -if ${ac_cv_search_res_query+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char res_query (); -int -main () -{ -return res_query (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_res_query=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_res_query+:} false; then : - break -fi -done -if ${ac_cv_search_res_query+:} false; then : - -else - ac_cv_search_res_query=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5 -$as_echo "$ac_cv_search_res_query" >&6; } -ac_res=$ac_cv_search_res_query -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 -$as_echo_n "checking for library containing dn_expand... " >&6; } -if ${ac_cv_search_dn_expand+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dn_expand (); -int -main () -{ -return dn_expand (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dn_expand=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dn_expand+:} false; then : - break -fi -done -if ${ac_cv_search_dn_expand+:} false; then : - -else - ac_cv_search_dn_expand=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 -$as_echo "$ac_cv_search_dn_expand" >&6; } -ac_res=$ac_cv_search_dn_expand -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5 -$as_echo_n "checking if res_query will link... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <netdb.h> -#include <resolv.h> - -int -main () -{ - - res_query (0, 0, 0, 0, 0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - saved_LIBS="$LIBS" - LIBS="$LIBS -lresolv" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5 -$as_echo_n "checking for res_query in -lresolv... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <netdb.h> -#include <resolv.h> - -int -main () -{ - - res_query (0, 0, 0, 0, 0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - LIBS="$saved_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - for ac_func in _getshort _getlong -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h> - #include <arpa/nameser.h> -" -if test "x$ac_cv_have_decl__getshort" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__GETSHORT $ac_have_decl -_ACEOF -ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h> - #include <arpa/nameser.h> -" -if test "x$ac_cv_have_decl__getlong" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL__GETLONG $ac_have_decl -_ACEOF - - ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h> -" -if test "x$ac_cv_member_HEADER_ad" = xyes; then : - -$as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h - -fi - - -fi - - ;; -esac - -# -# END FIXME -# - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5 -$as_echo_n "checking if struct __res_state _res is an extern... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <resolv.h> -extern struct __res_state _res; - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -# Check whether user wants SELinux support -SELINUX_MSG="no" -LIBSELINUX="" - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then : - withval=$with_selinux; if test "x$withval" != "xno" ; then - save_LIBS="$LIBS" - -$as_echo "#define WITH_SELINUX 1" >>confdefs.h - - SELINUX_MSG="yes" - ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" -if test "x$ac_cv_header_selinux_selinux_h" = xyes; then : - -else - as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5 -fi - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5 -$as_echo_n "checking for setexeccon in -lselinux... " >&6; } -if ${ac_cv_lib_selinux_setexeccon+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lselinux $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char setexeccon (); -int -main () -{ -return setexeccon (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_selinux_setexeccon=yes -else - ac_cv_lib_selinux_setexeccon=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5 -$as_echo "$ac_cv_lib_selinux_setexeccon" >&6; } -if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then : - LIBSELINUX="-lselinux" - LIBS="$LIBS -lselinux" - -else - as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5 -fi - - SSHLIBS="$SSHLIBS $LIBSELINUX" - SSHDLIBS="$SSHDLIBS $LIBSELINUX" - for ac_func in getseuserbyname get_default_context_with_level -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -fi -done - - LIBS="$save_LIBS" - fi - -fi - - - - -# Check whether user wants Kerberos 5 support -KRB5_MSG="no" - -# Check whether --with-kerberos5 was given. -if test "${with_kerberos5+set}" = set; then : - withval=$with_kerberos5; if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi - - -$as_echo "#define KRB5 1" >>confdefs.h - - KRB5_MSG="yes" - - -# -# WIN32_FIXME -# - -# -# We have no krb5-config on Windows. -# Dont link to kerberos libs, becouse we loads -# them in runtime. -# - -if test "$SkipGssapiLibsCheck" = "1" ; then - - -$as_echo "#define GSSAPI 1" >>confdefs.h - - - CFLAGS="$CFLAGS -I$KRB5ROOT" - -else - - # Extract the first word of "krb5-config", so it can be a program name with args. -set dummy krb5-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_KRB5CONF+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $KRB5CONF in - [\\/]* | ?:[\\/]*) - ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_dummy="$KRB5ROOT/bin:$PATH" -for as_dir in $as_dummy -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - test -z "$ac_cv_path_KRB5CONF" && ac_cv_path_KRB5CONF="$KRB5ROOT/bin/krb5-config" - ;; -esac -fi -KRB5CONF=$ac_cv_path_KRB5CONF -if test -n "$KRB5CONF"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5 -$as_echo "$KRB5CONF" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if test -x $KRB5CONF ; then - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5 -$as_echo_n "checking for gssapi support... " >&6; } - if $KRB5CONF | grep gssapi >/dev/null ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define GSSAPI 1" >>confdefs.h - - k5confopts=gssapi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - k5confopts="" - fi - K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" - K5LIBS="`$KRB5CONF --libs $k5confopts`" - CPPFLAGS="$CPPFLAGS $K5CFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 -$as_echo_n "checking whether we are using Heimdal... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <krb5.h> - -int -main () -{ - char *tmp = heimdal_version; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HEIMDAL 1" >>confdefs.h - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - else - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5 -$as_echo_n "checking whether we are using Heimdal... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - #include <krb5.h> - -int -main () -{ - char *tmp = heimdal_version; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - $as_echo "#define HEIMDAL 1" >>confdefs.h - - K5LIBS="-lkrb5" - K5LIBS="$K5LIBS -lcom_err -lasn1" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5 -$as_echo_n "checking for net_write in -lroken... " >&6; } -if ${ac_cv_lib_roken_net_write+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lroken $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char net_write (); -int -main () -{ -return net_write (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_roken_net_write=yes -else - ac_cv_lib_roken_net_write=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5 -$as_echo "$ac_cv_lib_roken_net_write" >&6; } -if test "x$ac_cv_lib_roken_net_write" = xyes; then : - K5LIBS="$K5LIBS -lroken" -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5 -$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; } -if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldes $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char des_cbc_encrypt (); -int -main () -{ -return des_cbc_encrypt (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_des_des_cbc_encrypt=yes -else - ac_cv_lib_des_des_cbc_encrypt=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 -$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; } -if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then : - K5LIBS="$K5LIBS -ldes" -fi - - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5 -$as_echo_n "checking for library containing dn_expand... " >&6; } -if ${ac_cv_search_dn_expand+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dn_expand (); -int -main () -{ -return dn_expand (); - ; - return 0; -} -_ACEOF -for ac_lib in '' resolv; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dn_expand=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dn_expand+:} false; then : - break -fi -done -if ${ac_cv_search_dn_expand+:} false; then : - -else - ac_cv_search_dn_expand=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5 -$as_echo "$ac_cv_search_dn_expand" >&6; } -ac_res=$ac_cv_search_dn_expand -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5 -$as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; } -if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgssapi_krb5 $K5LIBS $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gss_init_sec_context (); -int -main () -{ -return gss_init_sec_context (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes -else - ac_cv_lib_gssapi_krb5_gss_init_sec_context=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 -$as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; } -if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then : - $as_echo "#define GSSAPI 1" >>confdefs.h - - K5LIBS="-lgssapi_krb5 $K5LIBS" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5 -$as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; } -if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgssapi $K5LIBS $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gss_init_sec_context (); -int -main () -{ -return gss_init_sec_context (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gssapi_gss_init_sec_context=yes -else - ac_cv_lib_gssapi_gss_init_sec_context=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 -$as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; } -if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then : - $as_echo "#define GSSAPI 1" >>confdefs.h - - K5LIBS="-lgssapi $K5LIBS" -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 -$as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} -fi - - -fi - - -fi - -# -# END FIXME -# - - ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" -if test "x$ac_cv_header_gssapi_h" = xyes; then : - -else - unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - for ac_header in gssapi.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default" -if test "x$ac_cv_header_gssapi_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GSSAPI_H 1 -_ACEOF - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 -$as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} - -fi - -done - - - -fi - - - - oldCPP="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default" -if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then : - -else - CPPFLAGS="$oldCPP" -fi - - - - fi - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi - -# -# Fix header found, but not usable on MinGW. -# - - case "$host" in - *-*-mingw32*) - - for ac_header in gssapi.h gssapi/gssapi.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " #define _W64 long long -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " #define _W64 long long -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - for ac_header in gssapi_generic.h gssapi/gssapi_generic.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " #define _W64 long long -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - ;; - *) - - for ac_header in gssapi.h gssapi/gssapi.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - for ac_header in gssapi_generic.h gssapi/gssapi_generic.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - - ;; - esac - - - LIBS="$LIBS $K5LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5 -$as_echo_n "checking for library containing k_hasafs... " >&6; } -if ${ac_cv_search_k_hasafs+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char k_hasafs (); -int -main () -{ -return k_hasafs (); - ; - return 0; -} -_ACEOF -for ac_lib in '' kafs; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_k_hasafs=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_k_hasafs+:} false; then : - break -fi -done -if ${ac_cv_search_k_hasafs+:} false; then : - -else - ac_cv_search_k_hasafs=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5 -$as_echo "$ac_cv_search_k_hasafs" >&6; } -ac_res=$ac_cv_search_k_hasafs -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -$as_echo "#define USE_AFS 1" >>confdefs.h - -fi - - fi - - -fi - - -# Looking for programs, paths and files - -PRIVSEP_PATH=/var/empty - -# Check whether --with-privsep-path was given. -if test "${with_privsep_path+set}" = set; then : - withval=$with_privsep_path; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - PRIVSEP_PATH=$withval - fi - - -fi - - - - -# Check whether --with-xauth was given. -if test "${with_xauth+set}" = set; then : - withval=$with_xauth; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - xauth_path=$withval - fi - -else - - TestPath="$PATH" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" - # Extract the first word of "xauth", so it can be a program name with args. -set dummy xauth; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_xauth_path+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $xauth_path in - [\\/]* | ?:[\\/]*) - ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $TestPath -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -xauth_path=$ac_cv_path_xauth_path -if test -n "$xauth_path"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5 -$as_echo "$xauth_path" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then - xauth_path="/usr/openwin/bin/xauth" - fi - - -fi - - -STRIP_OPT=-s -# Check whether --enable-strip was given. -if test "${enable_strip+set}" = set; then : - enableval=$enable_strip; - if test "x$enableval" = "xno" ; then - STRIP_OPT= - fi - - -fi - - - -if test -z "$xauth_path" ; then - XAUTH_PATH="undefined" - -else - -cat >>confdefs.h <<_ACEOF -#define XAUTH_PATH "$xauth_path" -_ACEOF - - XAUTH_PATH=$xauth_path - -fi - -# Check for mail directory - -# Check whether --with-maildir was given. -if test "${with_maildir+set}" = set; then : - withval=$with_maildir; - if test "X$withval" != X && test "x$withval" != xno && \ - test "x${withval}" != xyes; then - -cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "$withval" -_ACEOF - - fi - -else - - if test "X$maildir" != "X"; then - cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "$maildir" -_ACEOF - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5 -$as_echo_n "checking Discovering system mail directory... " >&6; } - if test "$cross_compiling" = yes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5 -$as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;} - - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <stdio.h> -#include <string.h> -#ifdef HAVE_PATHS_H -#include <paths.h> -#endif -#ifdef HAVE_MAILLOCK_H -#include <maillock.h> -#endif -#define DATA "conftest.maildir" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - -#if defined (_PATH_MAILDIR) - if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) - exit(1); -#elif defined (MAILDIR) - if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) - exit(1); -#elif defined (_PATH_MAIL) - if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) - exit(1); -#else - exit (2); -#endif - - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - - maildir_what=`awk -F: '{print $1}' conftest.maildir` - maildir=`awk -F: '{print $2}' conftest.maildir \ - | sed 's|/$||'` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5 -$as_echo "Using: $maildir from $maildir_what" >&6; } - if test "x$maildir_what" != "x_PATH_MAILDIR"; then - cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "$maildir" -_ACEOF - - fi - -else - - if test "X$ac_status" = "X2";then -# our test program didn't find it. Default to /var/spool/mail - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5 -$as_echo "Using: default value of /var/spool/mail" >&6; } - cat >>confdefs.h <<_ACEOF -#define MAIL_DIRECTORY "/var/spool/mail" -_ACEOF - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5 -$as_echo "*** not found ***" >&6; } - fi - -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - - fi - - -fi - # maildir - -if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5 -$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;} - disable_ptmx_check=yes -fi -if test -z "$no_dev_ptmx" ; then - if test "x$disable_ptmx_check" != "xyes" ; then - as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 -$as_echo_n "checking for \"/dev/ptmx\"... " >&6; } -if eval \${$as_ac_File+:} false; then : - $as_echo_n "(cached) " >&6 -else - test "$cross_compiling" = yes && - as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 -if test -r ""/dev/ptmx""; then - eval "$as_ac_File=yes" -else - eval "$as_ac_File=no" -fi -fi -eval ac_res=\$$as_ac_File - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : - - -cat >>confdefs.h <<_ACEOF -#define HAVE_DEV_PTMX 1 -_ACEOF - - have_dev_ptmx=1 - - -fi - - fi -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then - as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 -$as_echo_n "checking for \"/dev/ptc\"... " >&6; } -if eval \${$as_ac_File+:} false; then : - $as_echo_n "(cached) " >&6 -else - test "$cross_compiling" = yes && - as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 -if test -r ""/dev/ptc""; then - eval "$as_ac_File=yes" -else - eval "$as_ac_File=no" -fi -fi -eval ac_res=\$$as_ac_File - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : - - -cat >>confdefs.h <<_ACEOF -#define HAVE_DEV_PTS_AND_PTC 1 -_ACEOF - - have_dev_ptc=1 - - -fi - -else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5 -$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;} -fi - -# Options from here on. Some of these are preset by platform above - -# Check whether --with-mantype was given. -if test "${with_mantype+set}" = set; then : - withval=$with_mantype; - case "$withval" in - man|cat|doc) - MANTYPE=$withval - ;; - *) - as_fn_error $? "invalid man type: $withval" "$LINENO" 5 - ;; - esac - - -fi - -if test -z "$MANTYPE"; then - TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" - for ac_prog in nroff awf -do - # Extract the first word of "$ac_prog", so it can be a program name with args. -set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_NROFF+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $NROFF in - [\\/]* | ?:[\\/]*) - ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $TestPath -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -NROFF=$ac_cv_path_NROFF -if test -n "$NROFF"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5 -$as_echo "$NROFF" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - - test -n "$NROFF" && break -done -test -n "$NROFF" || NROFF="/bin/false" - - if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=doc - elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=man - else - MANTYPE=cat - fi -fi - -if test "$MANTYPE" = "doc"; then - mansubdir=man; -else - mansubdir=$MANTYPE; -fi - - -# Check whether to enable MD5 passwords -MD5_MSG="no" - -# Check whether --with-md5-passwords was given. -if test "${with_md5_passwords+set}" = set; then : - withval=$with_md5_passwords; - if test "x$withval" != "xno" ; then - -$as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h - - MD5_MSG="yes" - fi - - -fi - - -# Whether to disable shadow password support - -# Check whether --with-shadow was given. -if test "${with_shadow+set}" = set; then : - withval=$with_shadow; - if test "x$withval" = "xno" ; then - $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h - - disable_shadow=yes - fi - - -fi - - -if test -z "$disable_shadow" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5 -$as_echo_n "checking if the systems has expire shadow information... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <shadow.h> -struct spwd sp; - -int -main () -{ - sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - sp_expire_available=yes -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - - if test "x$sp_expire_available" = "xyes" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h - - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi -fi - -# Use ip address instead of hostname in $DISPLAY -if test ! -z "$IPADDR_IN_DISPLAY" ; then - DISPLAY_HACK_MSG="yes" - -$as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h - -else - DISPLAY_HACK_MSG="no" - -# Check whether --with-ipaddr-display was given. -if test "${with_ipaddr_display+set}" = set; then : - withval=$with_ipaddr_display; - if test "x$withval" != "xno" ; then - $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h - - DISPLAY_HACK_MSG="yes" - fi - - -fi - -fi - -# check for /etc/default/login and use it if present. -# Check whether --enable-etc-default-login was given. -if test "${enable_etc_default_login+set}" = set; then : - enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5 -$as_echo "$as_me: /etc/default/login handling disabled" >&6;} - etc_default_login=no - else - etc_default_login=yes - fi -else - if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; - then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5 -$as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;} - etc_default_login=no - else - etc_default_login=yes - fi - -fi - - -if test "x$etc_default_login" != "xno"; then - as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5 -$as_echo_n "checking for \"/etc/default/login\"... " >&6; } -if eval \${$as_ac_File+:} false; then : - $as_echo_n "(cached) " >&6 -else - test "$cross_compiling" = yes && - as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 -if test -r ""/etc/default/login""; then - eval "$as_ac_File=yes" -else - eval "$as_ac_File=no" -fi -fi -eval ac_res=\$$as_ac_File - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : - external_path_file=/etc/default/login -fi - - if test "x$external_path_file" = "x/etc/default/login"; then - -$as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h - - fi -fi - -if test $ac_cv_func_login_getcapbool = "yes" && \ - test $ac_cv_header_login_cap_h = "yes" ; then - external_path_file=/etc/login.conf -fi - -# Whether to mess with the default path -SERVER_PATH_MSG="(default)" - -# Check whether --with-default-path was given. -if test "${with_default_path+set}" = set; then : - withval=$with_default_path; - if test "x$external_path_file" = "x/etc/login.conf" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead." >&5 -$as_echo "$as_me: WARNING: ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead." >&2;} - elif test "x$withval" != "xno" ; then - if test ! -z "$external_path_file" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file ." >&5 -$as_echo "$as_me: WARNING: ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file ." >&2;} - fi - user_path="$withval" - SERVER_PATH_MSG="$withval" - fi - -else - if test "x$external_path_file" = "x/etc/login.conf" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 -$as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} - else - if test ! -z "$external_path_file" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work." >&5 -$as_echo "$as_me: WARNING: -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work." >&2;} - fi - if test "$cross_compiling" = yes; then : - user_path="/usr/bin:/bin:/usr/sbin:/sbin" - -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* find out what STDPATH is */ -#include <stdio.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifndef _PATH_STDPATH -# ifdef _PATH_USERPATH /* Irix */ -# define _PATH_STDPATH _PATH_USERPATH -# else -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" -# endif -#endif -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#define DATA "conftest.stdpath" - -int -main () -{ - - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) - exit(1); - - exit(0); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - user_path=`cat conftest.stdpath` -else - user_path="/usr/bin:/bin:/usr/sbin:/sbin" -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -# make sure $bindir is in USER_PATH so scp will work - t_bindir=`eval echo ${bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; - esac - echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - user_path=$user_path:$t_bindir - { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5 -$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; } - fi - fi - fi - -fi - -if test "x$external_path_file" != "x/etc/login.conf" ; then - -cat >>confdefs.h <<_ACEOF -#define USER_PATH "$user_path" -_ACEOF - - -fi - -# Set superuser path separately to user path - -# Check whether --with-superuser-path was given. -if test "${with_superuser_path+set}" = set; then : - withval=$with_superuser_path; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - -cat >>confdefs.h <<_ACEOF -#define SUPERUSER_PATH "$withval" -_ACEOF - - superuser_path=$withval - fi - - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 -$as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; } -IPV4_IN6_HACK_MSG="no" - -# Check whether --with-4in6 was given. -if test "${with_4in6+set}" = set; then : - withval=$with_4in6; - if test "x$withval" != "xno" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h - - IPV4_IN6_HACK_MSG="yes" - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - -else - - if test "x$inet6_default_4in6" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 -$as_echo "yes (default)" >&6; } - $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h - - IPV4_IN6_HACK_MSG="yes" - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5 -$as_echo "no (default)" >&6; } - fi - - -fi - - -# Whether to enable BSD auth support -BSD_AUTH_MSG=no - -# Check whether --with-bsd-auth was given. -if test "${with_bsd_auth+set}" = set; then : - withval=$with_bsd_auth; - if test "x$withval" != "xno" ; then - -$as_echo "#define BSD_AUTH 1" >>confdefs.h - - BSD_AUTH_MSG=yes - fi - - -fi - - -# Where to place sshd.pid -piddir=/var/run -# make sure the directory exists -if test ! -d $piddir ; then - piddir=`eval echo ${sysconfdir}` - case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; - esac -fi - - -# Check whether --with-pid-dir was given. -if test "${with_pid_dir+set}" = set; then : - withval=$with_pid_dir; - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - piddir=$withval - if test ! -d $piddir ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5 -$as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} - fi - fi - - -fi - - - -cat >>confdefs.h <<_ACEOF -#define _PATH_SSH_PIDDIR "$piddir" -_ACEOF - - - -# Check whether --enable-lastlog was given. -if test "${enable_lastlog+set}" = set; then : - enableval=$enable_lastlog; - if test "x$enableval" = "xno" ; then - $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-utmp was given. -if test "${enable_utmp+set}" = set; then : - enableval=$enable_utmp; - if test "x$enableval" = "xno" ; then - $as_echo "#define DISABLE_UTMP 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-utmpx was given. -if test "${enable_utmpx+set}" = set; then : - enableval=$enable_utmpx; - if test "x$enableval" = "xno" ; then - -$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-wtmp was given. -if test "${enable_wtmp+set}" = set; then : - enableval=$enable_wtmp; - if test "x$enableval" = "xno" ; then - $as_echo "#define DISABLE_WTMP 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-wtmpx was given. -if test "${enable_wtmpx+set}" = set; then : - enableval=$enable_wtmpx; - if test "x$enableval" = "xno" ; then - -$as_echo "#define DISABLE_WTMPX 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-libutil was given. -if test "${enable_libutil+set}" = set; then : - enableval=$enable_libutil; - if test "x$enableval" = "xno" ; then - $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-pututline was given. -if test "${enable_pututline+set}" = set; then : - enableval=$enable_pututline; - if test "x$enableval" = "xno" ; then - -$as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h - - fi - - -fi - -# Check whether --enable-pututxline was given. -if test "${enable_pututxline+set}" = set; then : - enableval=$enable_pututxline; - if test "x$enableval" = "xno" ; then - -$as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h - - fi - - -fi - - -# Check whether --with-lastlog was given. -if test "${with_lastlog+set}" = set; then : - withval=$with_lastlog; - if test "x$withval" = "xno" ; then - $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h - - elif test -n "$withval" && test "x${withval}" != "xyes"; then - conf_lastlog_location=$withval - fi - - -fi - - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5 -$as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifdef HAVE_LOGIN_H -# include <login.h> -#endif - -int -main () -{ - char *lastlog = LASTLOG_FILE; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5 -$as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - -int -main () -{ - char *lastlog = _PATH_LASTLOG; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - system_lastlog_path=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test -z "$conf_lastlog_location"; then - if test x"$system_lastlog_path" = x"no" ; then - for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do - if (test -d "$f" || test -f "$f") ; then - conf_lastlog_location=$f - fi - done - if test -z "$conf_lastlog_location"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5 -$as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} - fi - fi -fi - -if test -n "$conf_lastlog_location"; then - -cat >>confdefs.h <<_ACEOF -#define CONF_LASTLOG_FILE "$conf_lastlog_location" -_ACEOF - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5 -$as_echo_n "checking if your system defines UTMP_FILE... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - -int -main () -{ - char *utmp = UTMP_FILE; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - system_utmp_path=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_utmp_location"; then - if test x"$system_utmp_path" = x"no" ; then - for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do - if test -f $f ; then - conf_utmp_location=$f - fi - done - if test -z "$conf_utmp_location"; then - $as_echo "#define DISABLE_UTMP 1" >>confdefs.h - - fi - fi -fi -if test -n "$conf_utmp_location"; then - -cat >>confdefs.h <<_ACEOF -#define CONF_UTMP_FILE "$conf_utmp_location" -_ACEOF - -fi - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5 -$as_echo_n "checking if your system defines WTMP_FILE... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - -int -main () -{ - char *wtmp = WTMP_FILE; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - system_wtmp_path=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_wtmp_location"; then - if test x"$system_wtmp_path" = x"no" ; then - for f in /usr/adm/wtmp /var/log/wtmp; do - if test -f $f ; then - conf_wtmp_location=$f - fi - done - if test -z "$conf_wtmp_location"; then - $as_echo "#define DISABLE_WTMP 1" >>confdefs.h - - fi - fi -fi -if test -n "$conf_wtmp_location"; then - -cat >>confdefs.h <<_ACEOF -#define CONF_WTMP_FILE "$conf_wtmp_location" -_ACEOF - -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5 -$as_echo_n "checking if your system defines WTMPX_FILE... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - -int -main () -{ - char *wtmpx = WTMPX_FILE; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - system_wtmpx_path=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -if test -z "$conf_wtmpx_location"; then - if test x"$system_wtmpx_path" = x"no" ; then - $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h - - fi -else - -cat >>confdefs.h <<_ACEOF -#define CONF_WTMPX_FILE "$conf_wtmpx_location" -_ACEOF - -fi - - -if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS $blibflags$blibpath" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 -$as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} -fi - -CFLAGS="$CFLAGS $werror_flags" - -# -# WIN32_FIXME -# - -case "$host" in -*-*-mingw32*) - ;; -*) - -$as_echo "#define HAVE_TTY 1" >>confdefs.h - - -$as_echo "#define HAVE_PRIV_CONCEPT 1" >>confdefs.h - - -$as_echo "#define USE_SANITISE_STDFD 1" >>confdefs.h - - ;; -esac - - - - - -case "$host" in -*-*-mingw32*) - LINKWIN32COMPAT="-lwin32compat" - LIBWIN32COMPAT="libwin32compat.a" - LIBWIN32COMPATDEPEND="contrib/win32/win32compat/libwin32compat.a" - WIN32COMPAT="win32compat" - ;; -*) - ;; -esac - -# -# End of WIN32_FIXME. -# - -if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then - TEST_SSH_IPV6=no -else - TEST_SSH_IPV6=yes -fi -ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default" -if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then : - TEST_SSH_IPV6=no -fi - -TEST_SSH_IPV6=$TEST_SSH_IPV6 - - - - -# -# WIN32_FIXME -# - -files="Makefile buildpkg.sh opensshd.init openssh.xml \ - openbsd-compat/Makefile openbsd-compat/regress/Makefile \ - survey.sh" - -case "$host" in -*-*-mingw32*) - files="$files contrib/win32/win32compat/Makefile" - ;; -*) - ;; -esac - -ac_config_files="$ac_config_files $files" - - -# -# END FIXME -# - -cat >confcache <<\_ACEOF -# This file is a shell script that caches the results of configure -# tests run on this system so they can be shared between configure -# scripts and configure runs, see configure's option --config-cache. -# It is not useful on other systems. If it contains results you don't -# want to keep, you may remove or edit it. -# -# config.status only pays attention to the cache file if you give it -# the --recheck option to rerun configure. -# -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the -# following values. - -_ACEOF - -# The following way of writing the cache mishandles newlines in values, -# but we know of no workaround that is simple, portable, and efficient. -# So, we kill variables containing newlines. -# Ultrix sh set writes to stderr and can't be redirected directly, -# and sets the high bit in the cache file unless we assign to the vars. -( - for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do - eval ac_val=\$$ac_var - case $ac_val in #( - *${as_nl}*) - case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; - esac - case $ac_var in #( - _ | IFS | as_nl) ;; #( - BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( - *) { eval $ac_var=; unset $ac_var;} ;; - esac ;; - esac - done - - (set) 2>&1 | - case $as_nl`(ac_space=' '; set) 2>&1` in #( - *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote - # substitution turns \\\\ into \\, and sed turns \\ into \. - sed -n \ - "s/'/'\\\\''/g; - s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" - ;; #( - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" - ;; - esac | - sort -) | - sed ' - /^ac_cv_env_/b end - t clear - :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ - t end - s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ - :end' >>confcache -if diff "$cache_file" confcache >/dev/null 2>&1; then :; else - if test -w "$cache_file"; then - if test "x$cache_file" != "x/dev/null"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -$as_echo "$as_me: updating cache $cache_file" >&6;} - if test ! -f "$cache_file" || test -h "$cache_file"; then - cat confcache >"$cache_file" - else - case $cache_file in #( - */* | ?:*) - mv -f confcache "$cache_file"$$ && - mv -f "$cache_file"$$ "$cache_file" ;; #( - *) - mv -f confcache "$cache_file" ;; - esac - fi - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} - fi -fi -rm -f confcache - -test "x$prefix" = xNONE && prefix=$ac_default_prefix -# Let make expand exec_prefix. -test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' - -DEFS=-DHAVE_CONFIG_H - -ac_libobjs= -ac_ltlibobjs= -U= -for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue - # 1. Remove the extension, and $U if already installed. - ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`$as_echo "$ac_i" | sed "$ac_script"` - # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR - # will be set to the directory where LIBOBJS objects are built. - as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" - as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' -done -LIBOBJS=$ac_libobjs - -LTLIBOBJS=$ac_ltlibobjs - - - - -: "${CONFIG_STATUS=./config.status}" -ac_write_fail=0 -ac_clean_files_save=$ac_clean_files -ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} -as_write_fail=0 -cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 -#! $SHELL -# Generated by $as_me. -# Run this file to recreate the current configuration. -# Compiler output produced by configure, useful for debugging -# configure, is in config.log if it exists. - -debug=false -ac_cs_recheck=false -ac_cs_silent=false - -SHELL=\${CONFIG_SHELL-$SHELL} -export SHELL -_ASEOF -cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 -## -------------------- ## -## M4sh Initialization. ## -## -------------------- ## - -# Be more Bourne compatible -DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : - emulate sh - NULLCMD=: - # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which - # is contrary to our usage. Disable this feature. - alias -g '${1+"$@"}'='"$@"' - setopt NO_GLOB_SUBST -else - case `(set -o) 2>/dev/null` in #( - *posix*) : - set -o posix ;; #( - *) : - ;; -esac -fi - - -as_nl=' -' -export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi - -# The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then - PATH_SEPARATOR=: - (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { - (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || - PATH_SEPARATOR=';' - } -fi - - -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - -# Find who we are. Look in the path if we contain no directory separator. -as_myself= -case $0 in #(( - *[\\/]* ) as_myself=$0 ;; - *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break - done -IFS=$as_save_IFS - - ;; -esac -# We did not find ourselves, most probably we were run as `sh COMMAND' -# in which case we are not to be found in the path. -if test "x$as_myself" = x; then - as_myself=$0 -fi -if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 - exit 1 -fi - -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH - - -# as_fn_error STATUS ERROR [LINENO LOG_FD] -# ---------------------------------------- -# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are -# provided, also output the error to LOG_FD, referencing LINENO. Then exit the -# script with STATUS, using 1 if that was 0. -as_fn_error () -{ - as_status=$1; test $as_status -eq 0 && as_status=1 - if test "$4"; then - as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 - fi - $as_echo "$as_me: error: $2" >&2 - as_fn_exit $as_status -} # as_fn_error - - -# as_fn_set_status STATUS -# ----------------------- -# Set $? to STATUS, without forking. -as_fn_set_status () -{ - return $1 -} # as_fn_set_status - -# as_fn_exit STATUS -# ----------------- -# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. -as_fn_exit () -{ - set +e - as_fn_set_status $1 - exit $1 -} # as_fn_exit - -# as_fn_unset VAR -# --------------- -# Portably unset VAR. -as_fn_unset () -{ - { eval $1=; unset $1;} -} -as_unset=as_fn_unset -# as_fn_append VAR VALUE -# ---------------------- -# Append the text in VALUE to the end of the definition contained in VAR. Take -# advantage of any shell optimizations that allow amortized linear growth over -# repeated appends, instead of the typical quadratic growth present in naive -# implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : - eval 'as_fn_append () - { - eval $1+=\$2 - }' -else - as_fn_append () - { - eval $1=\$$1\$2 - } -fi # as_fn_append - -# as_fn_arith ARG... -# ------------------ -# Perform arithmetic evaluation on the ARGs, and store the result in the -# global $as_val. Take advantage of shells that can avoid forks. The arguments -# must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : - eval 'as_fn_arith () - { - as_val=$(( $* )) - }' -else - as_fn_arith () - { - as_val=`expr "$@" || test $? -eq 1` - } -fi # as_fn_arith - - -if expr a : '\(a\)' >/dev/null 2>&1 && - test "X`expr 00001 : '.*\(...\)'`" = X001; then - as_expr=expr -else - as_expr=false -fi - -if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then - as_basename=basename -else - as_basename=false -fi - -if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then - as_dirname=dirname -else - as_dirname=false -fi - -as_me=`$as_basename -- "$0" || -$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ - X"$0" : 'X\(//\)$' \| \ - X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | - sed '/^.*\/\([^/][^/]*\)\/*$/{ - s//\1/ - q - } - /^X\/\(\/\/\)$/{ - s//\1/ - q - } - /^X\/\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - -# Avoid depending upon Character Ranges. -as_cr_letters='abcdefghijklmnopqrstuvwxyz' -as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' -as_cr_Letters=$as_cr_letters$as_cr_LETTERS -as_cr_digits='0123456789' -as_cr_alnum=$as_cr_Letters$as_cr_digits - -ECHO_C= ECHO_N= ECHO_T= -case `echo -n x` in #((((( --n*) - case `echo 'xy\c'` in - *c*) ECHO_T=' ';; # ECHO_T is single tab character. - xy) ECHO_C='\c';; - *) echo `echo ksh88 bug on AIX 6.1` > /dev/null - ECHO_T=' ';; - esac;; -*) - ECHO_N='-n';; -esac - -rm -f conf$$ conf$$.exe conf$$.file -if test -d conf$$.dir; then - rm -f conf$$.dir/conf$$.file -else - rm -f conf$$.dir - mkdir conf$$.dir 2>/dev/null -fi -if (echo >conf$$.file) 2>/dev/null; then - if ln -s conf$$.file conf$$ 2>/dev/null; then - as_ln_s='ln -s' - # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. - ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || - as_ln_s='cp -pR' - elif ln conf$$.file conf$$ 2>/dev/null; then - as_ln_s=ln - else - as_ln_s='cp -pR' - fi -else - as_ln_s='cp -pR' -fi -rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file -rmdir conf$$.dir 2>/dev/null - - -# as_fn_mkdir_p -# ------------- -# Create "$as_dir" as a directory, including parents if necessary. -as_fn_mkdir_p () -{ - - case $as_dir in #( - -*) as_dir=./$as_dir;; - esac - test -d "$as_dir" || eval $as_mkdir_p || { - as_dirs= - while :; do - case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( - *) as_qdir=$as_dir;; - esac - as_dirs="'$as_qdir' $as_dirs" - as_dir=`$as_dirname -- "$as_dir" || -$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$as_dir" : 'X\(//\)[^/]' \| \ - X"$as_dir" : 'X\(//\)$' \| \ - X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - test -d "$as_dir" && break - done - test -z "$as_dirs" || eval "mkdir $as_dirs" - } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" - - -} # as_fn_mkdir_p -if mkdir -p . 2>/dev/null; then - as_mkdir_p='mkdir -p "$as_dir"' -else - test -d ./-p && rmdir ./-p - as_mkdir_p=false -fi - - -# as_fn_executable_p FILE -# ----------------------- -# Test if FILE is an executable regular file. -as_fn_executable_p () -{ - test -f "$1" && test -x "$1" -} # as_fn_executable_p -as_test_x='test -x' -as_executable_p=as_fn_executable_p - -# Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" - -# Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" - - -exec 6>&1 -## ----------------------------------- ## -## Main body of $CONFIG_STATUS script. ## -## ----------------------------------- ## -_ASEOF -test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# Save the log message, to keep $0 and so on meaningful, and to -# report actual input values of CONFIG_FILES etc. instead of their -# values after options handling. -ac_log=" -This file was extended by OpenSSH $as_me Portable, which was -generated by GNU Autoconf 2.69. Invocation command line was - - CONFIG_FILES = $CONFIG_FILES - CONFIG_HEADERS = $CONFIG_HEADERS - CONFIG_LINKS = $CONFIG_LINKS - CONFIG_COMMANDS = $CONFIG_COMMANDS - $ $0 $@ - -on `(hostname || uname -n) 2>/dev/null | sed 1q` -" - -_ACEOF - -case $ac_config_files in *" -"*) set x $ac_config_files; shift; ac_config_files=$*;; -esac - -case $ac_config_headers in *" -"*) set x $ac_config_headers; shift; ac_config_headers=$*;; -esac - - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -# Files that config.status was made for. -config_files="$ac_config_files" -config_headers="$ac_config_headers" - -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions -from templates according to the current configuration. Unless the files -and actions are specified as TAGs, all are instantiated by default. - -Usage: $0 [OPTION]... [TAG]... - - -h, --help print this help, then exit - -V, --version print version number and configuration settings, then exit - --config print configuration, then exit - -q, --quiet, --silent - do not print progress messages - -d, --debug don't remove temporary files - --recheck update $as_me by reconfiguring in the same conditions - --file=FILE[:TEMPLATE] - instantiate the configuration file FILE - --header=FILE[:TEMPLATE] - instantiate the configuration header FILE - -Configuration files: -$config_files - -Configuration headers: -$config_headers - -Report bugs to <openssh-unix-dev@mindrot.org>." - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" -ac_cs_version="\\ -OpenSSH config.status Portable -configured by $0, generated by GNU Autoconf 2.69, - with options \\"\$ac_cs_config\\" - -Copyright (C) 2012 Free Software Foundation, Inc. -This config.status script is free software; the Free Software Foundation -gives unlimited permission to copy, distribute and modify it." - -ac_pwd='$ac_pwd' -srcdir='$srcdir' -INSTALL='$INSTALL' -AWK='$AWK' -test -n "\$AWK" || AWK=awk -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# The default lists apply if the user does not specify any file. -ac_need_defaults=: -while test $# != 0 -do - case $1 in - --*=?*) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` - ac_shift=: - ;; - --*=) - ac_option=`expr "X$1" : 'X\([^=]*\)='` - ac_optarg= - ac_shift=: - ;; - *) - ac_option=$1 - ac_optarg=$2 - ac_shift=shift - ;; - esac - - case $ac_option in - # Handling of the options. - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - ac_cs_recheck=: ;; - --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; - --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; - --debug | --debu | --deb | --de | --d | -d ) - debug=: ;; - --file | --fil | --fi | --f ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - '') as_fn_error $? "missing file argument" ;; - esac - as_fn_append CONFIG_FILES " '$ac_optarg'" - ac_need_defaults=false;; - --header | --heade | --head | --hea ) - $ac_shift - case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; - esac - as_fn_append CONFIG_HEADERS " '$ac_optarg'" - ac_need_defaults=false;; - --he | --h) - # Conflict between --help and --header - as_fn_error $? "ambiguous option: \`$1' -Try \`$0 --help' for more information.";; - --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; - -q | -quiet | --quiet | --quie | --qui | --qu | --q \ - | -silent | --silent | --silen | --sile | --sil | --si | --s) - ac_cs_silent=: ;; - - # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; - - *) as_fn_append ac_config_targets " $1" - ac_need_defaults=false ;; - - esac - shift -done - -ac_configure_extra_args= - -if $ac_cs_silent; then - exec 6>/dev/null - ac_configure_extra_args="$ac_configure_extra_args --silent" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -if \$ac_cs_recheck; then - set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion - shift - \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 - CONFIG_SHELL='$SHELL' - export CONFIG_SHELL - exec "\$@" -fi - -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -exec 5>>config.log -{ - echo - sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX -## Running $as_me. ## -_ASBOX - $as_echo "$ac_log" -} >&5 - -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - -# Handling of arguments. -for ac_config_target in $ac_config_targets -do - case $ac_config_target in - "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; - "$files") CONFIG_FILES="$CONFIG_FILES $files" ;; - - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; - esac -done - - -# If the user did not use the arguments to specify the items to instantiate, -# then the envvar interface is used. Set only those that are not. -# We use the long form for the default assignment because of an extremely -# bizarre bug on SunOS 4.1.3. -if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers -fi - -# Have a temporary directory for convenience. Make it in the build tree -# simply because there is no reason against having it here, and in addition, -# creating and moving files from /tmp can sometimes cause problems. -# Hook for its removal unless debugging. -# Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. -$debug || -{ - tmp= ac_tmp= - trap 'exit_status=$? - : "${ac_tmp:=$tmp}" - { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status -' 0 - trap 'as_fn_exit 1' 1 2 13 15 -} -# Create a (secure) tmp directory for tmp files. - -{ - tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && - test -d "$tmp" -} || -{ - tmp=./conf$$-$RANDOM - (umask 077 && mkdir "$tmp") -} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 -ac_tmp=$tmp - -# Set up the scripts for CONFIG_FILES section. -# No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. -if test -n "$CONFIG_FILES"; then - - -ac_cr=`echo X | tr X '\015'` -# On cygwin, bash can eat \r inside `` if the user requested igncr. -# But we know of no other shell where ac_cr would be empty at this -# point, so we can use a bashism as a fallback. -if test "x$ac_cr" = x; then - eval ac_cr=\$\'\\r\' -fi -ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null` -if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then - ac_cs_awk_cr='\\r' -else - ac_cs_awk_cr=$ac_cr -fi - -echo 'BEGIN {' >"$ac_tmp/subs1.awk" && -_ACEOF - - -{ - echo "cat >conf$$subs.awk <<_ACEOF" && - echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && - echo "_ACEOF" -} >conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 -ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` -ac_delim='%!_!# ' -for ac_last_try in false false false false false :; do - . ./conf$$subs.sh || - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - - ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` - if test $ac_delim_n = $ac_delim_num; then - break - elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done -rm -f conf$$subs.sh - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && -_ACEOF -sed -n ' -h -s/^/S["/; s/!.*/"]=/ -p -g -s/^[^!]*!// -:repl -t repl -s/'"$ac_delim"'$// -t delim -:nl -h -s/\(.\{148\}\)..*/\1/ -t more1 -s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ -p -n -b repl -:more1 -s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -p -g -s/.\{148\}// -t nl -:delim -h -s/\(.\{148\}\)..*/\1/ -t more2 -s/["\\]/\\&/g; s/^/"/; s/$/"/ -p -b -:more2 -s/["\\]/\\&/g; s/^/"/; s/$/"\\/ -p -g -s/.\{148\}// -t delim -' <conf$$subs.awk | sed ' -/^[^""]/{ - N - s/\n// -} -' >>$CONFIG_STATUS || ac_write_fail=1 -rm -f conf$$subs.awk -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -_ACAWK -cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && - for (key in S) S_is_set[key] = 1 - FS = "" - -} -{ - line = $ 0 - nfields = split(line, field, "@") - substed = 0 - len = length(field[1]) - for (i = 2; i < nfields; i++) { - key = field[i] - keylen = length(key) - if (S_is_set[key]) { - value = S[key] - line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) - len += length(value) + length(field[++i]) - substed = 1 - } else - len += 1 + keylen - } - - print line -} - -_ACAWK -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then - sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" -else - cat -fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ - || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 -_ACEOF - -# VPATH may cause trouble with some makes, so we remove sole $(srcdir), -# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and -# trailing colons and then remove the whole line if VPATH becomes empty -# (actually we leave an empty line to preserve line numbers). -if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ -h -s/// -s/^/:/ -s/[ ]*$/:/ -s/:\$(srcdir):/:/g -s/:\${srcdir}:/:/g -s/:@srcdir@:/:/g -s/^:*// -s/:*$// -x -s/\(=[ ]*\).*/\1/ -G -s/\n// -s/^[^=]*=[ ]*$// -}' -fi - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -fi # test -n "$CONFIG_FILES" - -# Set up the scripts for CONFIG_HEADERS section. -# No need to generate them if there are no CONFIG_HEADERS. -# This happens for instance with `./config.status Makefile'. -if test -n "$CONFIG_HEADERS"; then -cat >"$ac_tmp/defines.awk" <<\_ACAWK || -BEGIN { -_ACEOF - -# Transform confdefs.h into an awk script `defines.awk', embedded as -# here-document in config.status, that substitutes the proper values into -# config.h.in to produce config.h. - -# Create a delimiter string that does not exist in confdefs.h, to ease -# handling of long lines. -ac_delim='%!_!# ' -for ac_last_try in false false :; do - ac_tt=`sed -n "/$ac_delim/p" confdefs.h` - if test -z "$ac_tt"; then - break - elif $ac_last_try; then - as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 - else - ac_delim="$ac_delim!$ac_delim _$ac_delim!! " - fi -done - -# For the awk script, D is an array of macro values keyed by name, -# likewise P contains macro parameters if any. Preserve backslash -# newline sequences. - -ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* -sed -n ' -s/.\{148\}/&'"$ac_delim"'/g -t rset -:rset -s/^[ ]*#[ ]*define[ ][ ]*/ / -t def -d -:def -s/\\$// -t bsnl -s/["\\]/\\&/g -s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ -D["\1"]=" \3"/p -s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p -d -:bsnl -s/["\\]/\\&/g -s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ -D["\1"]=" \3\\\\\\n"\\/p -t cont -s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p -t cont -d -:cont -n -s/.\{148\}/&'"$ac_delim"'/g -t clear -:clear -s/\\$// -t bsnlc -s/["\\]/\\&/g; s/^/"/; s/$/"/p -d -:bsnlc -s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p -b cont -' <confdefs.h | sed ' -s/'"$ac_delim"'/"\\\ -"/g' >>$CONFIG_STATUS || ac_write_fail=1 - -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - for (key in D) D_is_set[key] = 1 - FS = "" -} -/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { - line = \$ 0 - split(line, arg, " ") - if (arg[1] == "#") { - defundef = arg[2] - mac1 = arg[3] - } else { - defundef = substr(arg[1], 2) - mac1 = arg[2] - } - split(mac1, mac2, "(") #) - macro = mac2[1] - prefix = substr(line, 1, index(line, defundef) - 1) - if (D_is_set[macro]) { - # Preserve the white space surrounding the "#". - print prefix "define", macro P[macro] D[macro] - next - } else { - # Replace #undef with comments. This is necessary, for example, - # in the case of _POSIX_SOURCE, which is predefined and required - # on some systems where configure will not decide to define it. - if (defundef == "undef") { - print "/*", prefix defundef, macro, "*/" - next - } - } -} -{ print } -_ACAWK -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 - as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 -fi # test -n "$CONFIG_HEADERS" - - -eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " -shift -for ac_tag -do - case $ac_tag in - :[FHLC]) ac_mode=$ac_tag; continue;; - esac - case $ac_mode$ac_tag in - :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; - :[FH]-) ac_tag=-:-;; - :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; - esac - ac_save_IFS=$IFS - IFS=: - set x $ac_tag - IFS=$ac_save_IFS - shift - ac_file=$1 - shift - - case $ac_mode in - :L) ac_source=$1;; - :[FH]) - ac_file_inputs= - for ac_f - do - case $ac_f in - -) ac_f="$ac_tmp/stdin";; - *) # Look for the file first in the build tree, then in the source tree - # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. - test -f "$ac_f" || - case $ac_f in - [\\/$]*) false;; - *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; - esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; - esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac - as_fn_append ac_file_inputs " '$ac_f'" - done - - # Let's still pretend it is `configure' which instantiates (i.e., don't - # use $as_me), people would be surprised to read: - # /* config.h. Generated by config.status. */ - configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' - `' by configure.' - if test x"$ac_file" != x-; then - configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} - fi - # Neutralize special characters interpreted by sed in replacement strings. - case $configure_input in #( - *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | - sed 's/[\\\\&|]/\\\\&/g'`;; #( - *) ac_sed_conf_input=$configure_input;; - esac - - case $ac_tag in - *:-:* | *:-) cat >"$ac_tmp/stdin" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; - esac - ;; - esac - - ac_dir=`$as_dirname -- "$ac_file" || -$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$ac_file" : 'X\(//\)[^/]' \| \ - X"$ac_file" : 'X\(//\)$' \| \ - X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q'` - as_dir="$ac_dir"; as_fn_mkdir_p - ac_builddir=. - -case "$ac_dir" in -.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; -*) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` - # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` - case $ac_top_builddir_sub in - "") ac_top_builddir_sub=. ac_top_build_prefix= ;; - *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; - esac ;; -esac -ac_abs_top_builddir=$ac_pwd -ac_abs_builddir=$ac_pwd$ac_dir_suffix -# for backward compatibility: -ac_top_builddir=$ac_top_build_prefix - -case $srcdir in - .) # We are building in place. - ac_srcdir=. - ac_top_srcdir=$ac_top_builddir_sub - ac_abs_top_srcdir=$ac_pwd ;; - [\\/]* | ?:[\\/]* ) # Absolute name. - ac_srcdir=$srcdir$ac_dir_suffix; - ac_top_srcdir=$srcdir - ac_abs_top_srcdir=$srcdir ;; - *) # Relative name. - ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix - ac_top_srcdir=$ac_top_build_prefix$srcdir - ac_abs_top_srcdir=$ac_pwd/$srcdir ;; -esac -ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix - - - case $ac_mode in - :F) - # - # CONFIG_FILE - # - - case $INSTALL in - [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; - *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; - esac -_ACEOF - -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -# If the template does not know about datarootdir, expand it. -# FIXME: This hack should be removed a few years after 2.60. -ac_datarootdir_hack=; ac_datarootdir_seen= -ac_sed_dataroot=' -/datarootdir/ { - p - q -} -/@datadir@/p -/@docdir@/p -/@infodir@/p -/@localedir@/p -/@mandir@/p' -case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in -*datarootdir*) ac_datarootdir_seen=yes;; -*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} -_ACEOF -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 - ac_datarootdir_hack=' - s&@datadir@&$datadir&g - s&@docdir@&$docdir&g - s&@infodir@&$infodir&g - s&@localedir@&$localedir&g - s&@mandir@&$mandir&g - s&\\\${datarootdir}&$datarootdir&g' ;; -esac -_ACEOF - -# Neutralize VPATH when `$srcdir' = `.'. -# Shell code in configure.ac might set extrasub. -# FIXME: do we really want to maintain this feature? -cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_sed_extra="$ac_vpsub -$extrasub -_ACEOF -cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 -:t -/@[a-zA-Z_][a-zA-Z_0-9]*@/!b -s|@configure_input@|$ac_sed_conf_input|;t t -s&@top_builddir@&$ac_top_builddir_sub&;t t -s&@top_build_prefix@&$ac_top_build_prefix&;t t -s&@srcdir@&$ac_srcdir&;t t -s&@abs_srcdir@&$ac_abs_srcdir&;t t -s&@top_srcdir@&$ac_top_srcdir&;t t -s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t -s&@builddir@&$ac_builddir&;t t -s&@abs_builddir@&$ac_abs_builddir&;t t -s&@abs_top_builddir@&$ac_abs_top_builddir&;t t -s&@INSTALL@&$ac_INSTALL&;t t -$ac_datarootdir_hack -" -eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ - >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - -test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && - { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && - { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ - "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' -which seems to be undefined. Please make sure it is defined" >&2;} - - rm -f "$ac_tmp/stdin" - case $ac_file in - -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; - *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; - esac \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - ;; - :H) - # - # CONFIG_HEADER - # - if test x"$ac_file" != x-; then - { - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" - } >"$ac_tmp/config.h" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} - else - rm -f "$ac_file" - mv "$ac_tmp/config.h" "$ac_file" \ - || as_fn_error $? "could not create $ac_file" "$LINENO" 5 - fi - else - $as_echo "/* $configure_input */" \ - && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ - || as_fn_error $? "could not create -" "$LINENO" 5 - fi - ;; - - - esac - -done # for ac_tag - - -as_fn_exit 0 -_ACEOF -ac_clean_files=$ac_clean_files_save - -test $ac_write_fail = 0 || - as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 - - -# configure is writing to config.log, and then calls config.status. -# config.status does its own redirection, appending to config.log. -# Unfortunately, on DOS this fails, as config.log is still kept open -# by configure, so config.status won't be able to write to it; its -# output is simply discarded. So we exec the FD to /dev/null, -# effectively closing config.log, so it can be properly (re)opened and -# appended to by config.status. When coming back to configure, we -# need to make the FD available again. -if test "$no_create" != yes; then - ac_cs_success=: - ac_config_status_args= - test "$silent" = yes && - ac_config_status_args="$ac_config_status_args --quiet" - exec 5>/dev/null - $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false - exec 5>>config.log - # Use ||, not &&, to avoid exiting from the if with $? = 1, which - # would make configure fail if this is the last instruction. - $ac_cs_success || as_fn_exit 1 -fi -if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} -fi - - -# Print summary of options - -# Someone please show me a better way :) -A=`eval echo ${prefix}` ; A=`eval echo ${A}` -B=`eval echo ${bindir}` ; B=`eval echo ${B}` -C=`eval echo ${sbindir}` ; C=`eval echo ${C}` -D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` -E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` -F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` -G=`eval echo ${piddir}` ; G=`eval echo ${G}` -H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` -I=`eval echo ${user_path}` ; I=`eval echo ${I}` -J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` - -echo "" -echo "OpenSSH has been configured with the following options:" -echo " User binaries: $B" -echo " System binaries: $C" -echo " Configuration files: $D" -echo " Askpass program: $E" -echo " Manual pages: $F" -echo " PID file: $G" -echo " Privilege separation chroot path: $H" -if test "x$external_path_file" = "x/etc/login.conf" ; then -echo " At runtime, sshd will use the path defined in $external_path_file" -echo " Make sure the path to scp is present, otherwise scp will not work" -else -echo " sshd default user PATH: $I" - if test ! -z "$external_path_file"; then -echo " (If PATH is set in $external_path_file it will be used instead. If" -echo " used, ensure the path to scp is present, otherwise scp will not work.)" - fi -fi -if test ! -z "$superuser_path" ; then -echo " sshd superuser user PATH: $J" -fi -echo " Manpage format: $MANTYPE" -echo " PAM support: $PAM_MSG" -echo " OSF SIA support: $SIA_MSG" -echo " KerberosV support: $KRB5_MSG" -echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" -echo " S/KEY support: $SKEY_MSG" -echo " TCP Wrappers support: $TCPW_MSG" -echo " MD5 password support: $MD5_MSG" -echo " libedit support: $LIBEDIT_MSG" -echo " Solaris process contract support: $SPC_MSG" -echo " Solaris project support: $SP_MSG" -echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" -echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" -echo " BSD Auth support: $BSD_AUTH_MSG" -echo " Random number source: $RAND_MSG" -echo " Privsep sandbox style: $SANDBOX_STYLE" - -echo "" - -echo " Host: ${host}" -echo " Compiler: ${CC}" -echo " Compiler flags: ${CFLAGS}" -echo "Preprocessor flags: ${CPPFLAGS}" -echo " Linker flags: ${LDFLAGS}" -echo " Libraries: ${LIBS}" -if test ! -z "${SSHDLIBS}"; then -echo " +for sshd: ${SSHDLIBS}" -fi -if test ! -z "${SSHLIBS}"; then -echo " +for ssh: ${SSHLIBS}" -fi - -echo "" - -if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"" - echo "" -fi - -if test "x$PAM_MSG" = "xyes" ; then - echo "PAM is enabled. You may need to install a PAM control file " - echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " - echo "subdirectory" - echo "" -fi - -if test ! -z "$NO_PEERCHECK" ; then - echo "WARNING: the operating system that you are using does not" - echo "appear to support getpeereid(), getpeerucred() or the" - echo "SO_PEERCRED getsockopt() option. These facilities are used to" - echo "enforce security checks to prevent unauthorised connections to" - echo "ssh-agent. Their absence increases the risk that a malicious" - echo "user can connect to your agent." - echo "" -fi - -if test "$AUDIT_MODULE" = "bsm" ; then - echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." - echo "See the Solaris section in README.platform for details." -fi diff --git a/win32_configure.ac b/win32_configure.ac deleted file mode 100644 index 45e4678..0000000 --- a/win32_configure.ac +++ /dev/null @@ -1,4465 +0,0 @@ -# $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $ -# -# Copyright (c) 1999-2004 Damien Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) - -AC_REVISION($Revision: 1.480 $) -AC_CONFIG_SRCDIR([ssh.c]) -AC_LANG([C]) - -AC_CONFIG_HEADER([config.h]) -AC_PROG_CC -AC_CANONICAL_HOST -AC_C_BIGENDIAN - -# Checks for programs. -AC_PROG_AWK -AC_PROG_CPP -AC_PROG_RANLIB -AC_PROG_INSTALL -AC_PROG_EGREP -AC_PATH_PROG([AR], [ar]) -AC_PATH_PROG([CAT], [cat]) -AC_PATH_PROG([KILL], [kill]) -AC_PATH_PROGS([PERL], [perl5 perl]) -AC_PATH_PROG([SED], [sed]) -AC_SUBST([PERL]) -AC_PATH_PROG([ENT], [ent]) -AC_SUBST([ENT]) -AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) -AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) -AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) -AC_PATH_PROG([SH], [sh]) -AC_PATH_PROG([GROFF], [groff]) -AC_PATH_PROG([NROFF], [nroff]) -AC_PATH_PROG([MANDOC], [mandoc]) -AC_SUBST([TEST_SHELL], [sh]) - -dnl select manpage formatter -if test "x$MANDOC" != "x" ; then - MANFMT="$MANDOC" -elif test "x$NROFF" != "x" ; then - MANFMT="$NROFF -mandoc" -elif test "x$GROFF" != "x" ; then - MANFMT="$GROFF -mandoc -Tascii" -else - AC_MSG_WARN([no manpage formatted found]) - MANFMT="false" -fi -AC_SUBST([MANFMT]) - -dnl for buildpkg.sh -AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], - [/usr/sbin${PATH_SEPARATOR}/etc]) -AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], - [/usr/sbin${PATH_SEPARATOR}/etc]) -AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) -if test -x /sbin/sh; then - AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) -else - AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) -fi - -# System features -AC_SYS_LARGEFILE - -if test -z "$AR" ; then - AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) -fi - -# Use LOGIN_PROGRAM from environment if possible -if test ! -z "$LOGIN_PROGRAM" ; then - AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], - [If your header files don't define LOGIN_PROGRAM, - then use this (detected) from environment and PATH]) -else - # Search for login - AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) - if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then - AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) - fi -fi - -AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) -if test ! -z "$PATH_PASSWD_PROG" ; then - AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], - [Full path of your "passwd" program]) -fi - -if test -z "$LD" ; then - LD=$CC -fi -AC_SUBST([LD]) - -AC_C_INLINE - -AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) -AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ - #include <sys/types.h> - #include <sys/param.h> - #include <dev/systrace.h> -]) -AC_CHECK_DECL([RLIMIT_NPROC], - [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ - #include <sys/types.h> - #include <sys/resource.h> -]) - -use_stack_protector=1 -AC_ARG_WITH([stackprotect], - [ --without-stackprotect Don't use compiler's stack protection], [ - if test "x$withval" = "xno"; then - use_stack_protector=0 - fi ]) - - -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then - OSSH_CHECK_CFLAG_COMPILE([-Wall]) - OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) - OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) - OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) - OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) - OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) - OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) - OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) - AC_MSG_CHECKING([gcc version]) - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) no_attrib_nonnull=1 ;; - 2.8* | 2.9*) - no_attrib_nonnull=1 - ;; - 2.*) no_attrib_nonnull=1 ;; - *) ;; - esac - AC_MSG_RESULT([$GCC_VER]) - - AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -fno-builtin-memset" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], - [[ char b[10]; memset(b, 0, sizeof(b)); ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - CFLAGS="$saved_CFLAGS" ] - ) - - # -fstack-protector-all doesn't always work for some GCC versions - # and/or platforms, so we test if we can. If it's not supported - # on a given platform gcc will emit a warning so we use -Werror. -# if test "x$use_stack_protector" = "x1"; then -# for t in -fstack-protector-all -fstack-protector; do -# AC_MSG_CHECKING([if $CC supports $t]) -# saved_CFLAGS="$CFLAGS" -# saved_LDFLAGS="$LDFLAGS" -# CFLAGS="$CFLAGS $t -Werror" -# LDFLAGS="$LDFLAGS $t -Werror" -# AC_LINK_IFELSE( -# [AC_LANG_PROGRAM([[ #include <stdio.h> ]], -# [[ -# char x[256]; -# snprintf(x, sizeof(x), "XXX"); -# ]])], -# [ AC_MSG_RESULT([yes]) -# CFLAGS="$saved_CFLAGS $t" -# LDFLAGS="$saved_LDFLAGS $t" -# AC_MSG_CHECKING([if $t works]) -# AC_RUN_IFELSE( -# [AC_LANG_PROGRAM([[ #include <stdio.h> ]], -# [[ -# char x[256]; -# snprintf(x, sizeof(x), "XXX"); -# ]])], -# [ AC_MSG_RESULT([yes]) -# break ], -# [ AC_MSG_RESULT([no]) ], -# [ AC_MSG_WARN([cross compiling: cannot test]) -# break ] -# ) -# ], -# [ AC_MSG_RESULT([no]) ] -# ) -# CFLAGS="$saved_CFLAGS" -# LDFLAGS="$saved_LDFLAGS" -# done -# fi - - if test -z "$have_llong_max"; then - # retry LLONG_MAX with -std=gnu99, needed on some Linuxes - unset ac_cv_have_decl_LLONG_MAX - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -std=gnu99" - AC_CHECK_DECL([LLONG_MAX], - [have_llong_max=1], - [CFLAGS="$saved_CFLAGS"], - [#include <limits.h>] - ) - fi -fi - -if test "x$no_attrib_nonnull" != "x1" ; then - AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) -fi - -AC_ARG_WITH([rpath], - [ --without-rpath Disable auto-added -R linker paths], - [ - if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 - fi - ] -) - -# Allow user to specify flags -AC_ARG_WITH([cflags], - [ --with-cflags Specify additional flags to pass to compiler], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - ] -) -AC_ARG_WITH([cppflags], - [ --with-cppflags Specify additional flags to pass to preprocessor] , - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - ] -) -AC_ARG_WITH([ldflags], - [ --with-ldflags Specify additional flags to pass to linker], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - ] -) -AC_ARG_WITH([libs], - [ --with-libs Specify additional libraries to link with], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - ] -) -AC_ARG_WITH([Werror], - [ --with-Werror Build main code with -Werror], - [ - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - ] -) - -AC_CHECK_HEADERS([ \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - poll.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/poll.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/statvfs.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - ucred.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ -]) - -# lastlog.h requires sys/time.h to be included first on Solaris -AC_CHECK_HEADERS([lastlog.h], [], [], [ -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif -]) - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -AC_CHECK_HEADERS([sys/ptms.h], [], [], [ -#ifdef HAVE_SYS_STREAM_H -# include <sys/stream.h> -#endif -]) - -# login_cap.h requires sys/types.h on NetBSD -AC_CHECK_HEADERS([login_cap.h], [], [], [ -#include <sys/types.h> -]) - -# older BSDs need sys/param.h before sys/mount.h -AC_CHECK_HEADERS([sys/mount.h], [], [], [ -#include <sys/param.h> -]) - -# Messages for features tested for in target-specific section -SIA_MSG="no" -SPC_MSG="no" -SP_MSG="no" - -# Check for some target-specific stuff -case "$host" in -*-*-aix*) - # Some versions of VAC won't allow macro redefinitions at - # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that - # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are - # not fatal. - AC_MSG_CHECKING([if compiler allows macro redefinitions]) - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([[ -#define testmacro foo -#define testmacro bar]], - [[ exit(0); ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" - CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" - CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" - ] - ) - - AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) - if (test -z "$blibpath"); then - blibpath="/usr/lib:/lib" - fi - saved_LDFLAGS="$LDFLAGS" - if test "$GCC" = "yes"; then - flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" - else - flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," - fi - for tryflags in $flags ;do - if (test -z "$blibflags"); then - LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], - [blibflags=$tryflags], []) - fi - done - if (test -z "$blibflags"); then - AC_MSG_RESULT([not found]) - AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) - else - AC_MSG_RESULT([$blibflags]) - fi - LDFLAGS="$saved_LDFLAGS" - dnl Check for authenticate. Might be in libs.a on older AIXes - AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], - [Define if you want to enable AIX4's authenticate function])], - [AC_CHECK_LIB([s], [authenticate], - [ AC_DEFINE([WITH_AIXAUTHENTICATE]) - LIBS="$LIBS -ls" - ]) - ]) - dnl Check for various auth function declarations in headers. - AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, - passwdexpired, setauthdb], , , [#include <usersec.h>]) - dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECLS([loginfailed], - [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], - [[ (void)loginfailed("user","host","tty",0); ]])], - [AC_MSG_RESULT([yes]) - AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], - [Define if your AIX loginfailed() function - takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) - ])], - [], - [#include <usersec.h>] - ) - AC_CHECK_FUNCS([getgrset setauthdb]) - AC_CHECK_DECL([F_CLOSEM], - AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), - [], - [ #include <limits.h> - #include <fcntl.h> ] - ) - check_for_aix_broken_getaddrinfo=1 - AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) - AC_DEFINE([SETEUID_BREAKS_SETUID], [1], - [Define if your platform breaks doing a seteuid before a setuid]) - AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) - AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) - dnl AIX handles lastlog as part of its login message - AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) - AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], - [Some systems need a utmpx entry for /bin/login to work]) - AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], - [Define to a Set Process Title type if your system is - supported by bsd-setproctitle.c]) - AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], - [AIX 5.2 and 5.3 (and presumably newer) require this]) - AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) - ;; -*-*-cygwin*) - check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textreadmode.o" - AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) - AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) - AC_DEFINE([DISABLE_SHADOW], [1], - [Define if you want to disable shadow passwords]) - AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], - [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], - [Define if the concept of ports only accessible to - superusers isn't known]) - AC_DEFINE([DISABLE_FD_PASSING], [1], - [Define if your platform needs to skip post auth - file descriptor passing]) - AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) - AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) - ;; -*-*-dgux*) - AC_DEFINE([IP_TOS_IS_BROKEN], [1], - [Define if your system choked on IP TOS setting]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - ;; -*-*-mingw32*) - LIBS="$LIBS -lws2_32 -lgdi32 -lNetAPI32 -luserenv -lsecur32 -lshlwapi" - CFLAGS="$CFLAGS -I$PWD/contrib/win32/win32compat/includes -I$PWD/openbsd-compat -I$PWD/contrib/win32/win32compat/includes -I$PWD/libkrb" - LDFLAGS="$LDFLAGS" - - AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) - AC_DEFINE(DISABLE_SHADOW, 1, - [Define if you want to disable shadow passwords]) - AC_DEFINE(IP_TOS_IS_BROKEN, 1, - [Define if your system choked on IP TOS setting]) - AC_DEFINE(NO_X11_UNIX_SOCKETS, 1, - [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1, - [Define if the concept of ports only accessible to - superusers isn't known]) - AC_DEFINE(DISABLE_FD_PASSING, 1, - [Define if your platform needs to skip post auth - file descriptor passing]) - AC_DEFINE([DISABLE_UTMP], [1], - [Define if you don't want to use utmp]) - AC_DEFINE([DISABLE_UTMPX], [1], - [Define if you don't want to use utmpx]) - AC_DEFINE([ENABLE_PKCS11], [1], - [Enable for PKCS#11, smart card support]) - - # - # We have no krb5-config tool and we don't want - # linking to -lkrb5 on Windows. - # - - SkipGssapiLibsCheck=1 - - ;; -*-*-darwin*) - AC_MSG_CHECKING([if we have working getaddrinfo]) - AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - exit(0); - else - exit(1); -} - ]])], - [AC_MSG_RESULT([working])], - [AC_MSG_RESULT([buggy]) - AC_DEFINE([BROKEN_GETADDRINFO], [1], - [getaddrinfo is broken (if present)]) - ], - [AC_MSG_RESULT([assume it is working])]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) - AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], - [Define if your resolver libs need this for getrrsetbyname]) - AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) - AC_DEFINE([SSH_TUN_COMPAT_AF], [1], - [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE([SSH_TUN_PREPEND_AF], [1], - [Prepend the address family to IP tunnel traffic]) - m4_pattern_allow([AU_IPv]) - AC_CHECK_DECL([AU_IPv4], [], - AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) - [#include <bsm/audit.h>] - AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], - [Define if pututxline updates lastlog too]) - ) - AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], - [Define to a Set Process Title type if your system is - supported by bsd-setproctitle.c]) - AC_CHECK_FUNCS([sandbox_init]) - AC_CHECK_HEADERS([sandbox.h]) - ;; -*-*-dragonfly*) - SSHDLIBS="$SSHDLIBS -lcrypt" - ;; -*-*-haiku*) - LIBS="$LIBS -lbsd " - AC_CHECK_LIB([network], [socket]) - AC_DEFINE([HAVE_U_INT64_T]) - MANTYPE=man - ;; -*-*-hpux*) - # first we define all of the options common to all HP-UX releases - CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" - IPADDR_IN_DISPLAY=yes - AC_DEFINE([USE_PIPES]) - AC_DEFINE([LOGIN_NO_ENDOPT], [1], - [Define if your login program cannot handle end of options ("--")]) - AC_DEFINE([LOGIN_NEEDS_UTMPX]) - AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], - [String used in /etc/passwd to denote locked account]) - AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) - maildir="/var/mail" - LIBS="$LIBS -lsec" - AC_CHECK_LIB([xnet], [t_error], , - [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) - - # next, we define all of the options specific to major releases - case "$host" in - *-*-hpux10*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -Ae" - fi - ;; - *-*-hpux11*) - AC_DEFINE([PAM_SUN_CODEBASE], [1], - [Define if you are using Solaris-derived PAM which - passes pam_messages to the conversation function - with an extra level of indirection]) - AC_DEFINE([DISABLE_UTMP], [1], - [Define if you don't want to use utmp]) - AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) - check_for_hpux_broken_getaddrinfo=1 - check_for_conflicting_getspnam=1 - ;; - esac - - # lastly, we define options specific to minor releases - case "$host" in - *-*-hpux10.26) - AC_DEFINE([HAVE_SECUREWARE], [1], - [Define if you have SecureWare-based - protected password database]) - disable_ptmx_check=yes - LIBS="$LIBS -lsecpw" - ;; - esac - ;; -*-*-irix5*) - PATH="$PATH:/usr/etc" - AC_DEFINE([BROKEN_INET_NTOA], [1], - [Define if you system's inet_ntoa is busted - (e.g. Irix gcc issue)]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([WITH_ABBREV_NO_TTY], [1], - [Define if you shouldn't strip 'tty' from your - ttyname in [uw]tmp]) - AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) - ;; -*-*-irix6*) - PATH="$PATH:/usr/etc" - AC_DEFINE([WITH_IRIX_ARRAY], [1], - [Define if you have/want arrays - (cluster-wide session managment, not C arrays)]) - AC_DEFINE([WITH_IRIX_PROJECT], [1], - [Define if you want IRIX project management]) - AC_DEFINE([WITH_IRIX_AUDIT], [1], - [Define if you want IRIX audit trails]) - AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], - [Define if you want IRIX kernel jobs])]) - AC_DEFINE([BROKEN_INET_NTOA]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) - AC_DEFINE([WITH_ABBREV_NO_TTY]) - AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) - ;; -*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) - check_for_libcrypt_later=1 - AC_DEFINE([PAM_TTY_KLUDGE]) - AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) - AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) - AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) - AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) - ;; -*-*-linux*) - no_dev_ptmx=1 - check_for_libcrypt_later=1 - check_for_openpty_ctty_bug=1 - AC_DEFINE([PAM_TTY_KLUDGE], [1], - [Work around problematic Linux PAM modules handling of PAM_TTY]) - AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], - [String used in /etc/passwd to denote locked account]) - AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) - AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], - [Define to whatever link() returns for "not supported" - if it doesn't return EOPNOTSUPP.]) - AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) - AC_DEFINE([USE_BTMP]) - AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) - inet6_default_4in6=yes - case `uname -r` in - 1.*|2.0.*) - AC_DEFINE([BROKEN_CMSG_TYPE], [1], - [Define if cmsg_type is not passed correctly]) - ;; - esac - # tun(4) forwarding compat code - AC_CHECK_HEADERS([linux/if_tun.h]) - if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then - AC_DEFINE([SSH_TUN_LINUX], [1], - [Open tunnel devices the Linux tun/tap way]) - AC_DEFINE([SSH_TUN_COMPAT_AF], [1], - [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE([SSH_TUN_PREPEND_AF], [1], - [Prepend the address family to IP tunnel traffic]) - fi - ;; -mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) - SONY=1 - ;; -*-*-netbsd*) - check_for_libcrypt_before=1 - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) - AC_DEFINE([SSH_TUN_PREPEND_AF], [1], - [Prepend the address family to IP tunnel traffic]) - ;; -*-*-freebsd*) - check_for_libcrypt_later=1 - AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) - AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) - AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) - ;; -*-*-bsdi*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - ;; -*-next-*) - conf_lastlog_location="/usr/adm/lastlog" - conf_utmp_location=/etc/utmp - conf_wtmp_location=/usr/adm/wtmp - maildir=/usr/spool/mail - AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) - AC_DEFINE([BROKEN_REALPATH]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) - ;; -*-*-openbsd*) - AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) - AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) - AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) - AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], - [syslog_r function is safe to use in in a signal handler]) - ;; -*-*-solaris*) - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - AC_DEFINE([PAM_SUN_CODEBASE]) - AC_DEFINE([LOGIN_NEEDS_UTMPX]) - AC_DEFINE([LOGIN_NEEDS_TERM], [1], - [Some versions of /bin/login need the TERM supplied - on the commandline]) - AC_DEFINE([PAM_TTY_KLUDGE]) - AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], - [Define if pam_chauthtok wants real uid set - to the unpriv'ed user]) - AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) - # Pushing STREAMS modules will cause sshd to acquire a controlling tty. - AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], - [Define if sshd somehow reacquires a controlling TTY - after setsid()]) - AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd - in case the name is longer than 8 chars]) - AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) - external_path_file=/etc/default/login - # hardwire lastlog location (can't detect it on some versions) - conf_lastlog_location="/var/adm/lastlog" - AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) - sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` - if test "$sol2ver" -ge 8; then - AC_MSG_RESULT([yes]) - AC_DEFINE([DISABLE_UTMP]) - AC_DEFINE([DISABLE_WTMP], [1], - [Define if you don't want to use wtmp]) - else - AC_MSG_RESULT([no]) - fi - AC_ARG_WITH([solaris-contracts], - [ --with-solaris-contracts Enable Solaris process contracts (experimental)], - [ - AC_CHECK_LIB([contract], [ct_tmpl_activate], - [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], - [Define if you have Solaris process contracts]) - SSHDLIBS="$SSHDLIBS -lcontract" - SPC_MSG="yes" ], ) - ], - ) - AC_ARG_WITH([solaris-projects], - [ --with-solaris-projects Enable Solaris projects (experimental)], - [ - AC_CHECK_LIB([project], [setproject], - [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], - [Define if you have Solaris projects]) - SSHDLIBS="$SSHDLIBS -lproject" - SP_MSG="yes" ], ) - ], - ) - ;; -*-*-sunos4*) - CPPFLAGS="$CPPFLAGS -DSUNOS4" - AC_CHECK_FUNCS([getpwanam]) - AC_DEFINE([PAM_SUN_CODEBASE]) - conf_utmp_location=/etc/utmp - conf_wtmp_location=/var/adm/wtmp - conf_lastlog_location=/var/adm/lastlog - AC_DEFINE([USE_PIPES]) - ;; -*-ncr-sysv*) - LIBS="$LIBS -lc89" - AC_DEFINE([USE_PIPES]) - AC_DEFINE([SSHD_ACQUIRES_CTTY]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - ;; -*-sni-sysv*) - # /usr/ucblib MUST NOT be searched on ReliantUNIX - AC_CHECK_LIB([dl], [dlsym], ,) - # -lresolv needs to be at the end of LIBS or DNS lookups break - AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) - IPADDR_IN_DISPLAY=yes - AC_DEFINE([USE_PIPES]) - AC_DEFINE([IP_TOS_IS_BROKEN]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([SSHD_ACQUIRES_CTTY]) - external_path_file=/etc/default/login - # /usr/ucblib/libucb.a no longer needed on ReliantUNIX - # Attention: always take care to bind libsocket and libnsl before libc, - # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog - ;; -# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. -*-*-sysv4.2*) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) - AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) - ;; -# UnixWare 7.x, OpenUNIX 8 -*-*-sysv5*) - CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" - AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_GETADDRINFO]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([PASSWD_NEEDS_USERNAME]) - case "$host" in - *-*-sysv5SCO_SV*) # SCO OpenServer 6.x - maildir=/var/spool/mail - TEST_SHELL=/u95/bin/sh - AC_DEFINE([BROKEN_LIBIAF], [1], - [ia_uinfo routines not supported by OS yet]) - AC_DEFINE([BROKEN_UPDWTMPX]) - AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" - AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) - AC_DEFINE([HAVE_SECUREWARE]) - AC_DEFINE([DISABLE_SHADOW]) - ], , ) - ;; - *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) - check_for_libcrypt_later=1 - ;; - esac - ;; -*-*-sysv*) - ;; -# SCO UNIX and OEM versions of SCO UNIX -*-*-sco3.2v4*) - AC_MSG_ERROR("This Platform is no longer supported.") - ;; -# SCO OpenServer 5.x -*-*-sco3.2v5*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -belf" - fi - LIBS="$LIBS -lprot -lx -ltinfo -lm" - no_dev_ptmx=1 - AC_DEFINE([USE_PIPES]) - AC_DEFINE([HAVE_SECUREWARE]) - AC_DEFINE([DISABLE_SHADOW]) - AC_DEFINE([DISABLE_FD_PASSING]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_GETADDRINFO]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([WITH_ABBREV_NO_TTY]) - AC_DEFINE([BROKEN_UPDWTMPX]) - AC_DEFINE([PASSWD_NEEDS_USERNAME]) - AC_CHECK_FUNCS([getluid setluid]) - MANTYPE=man - TEST_SHELL=ksh - ;; -*-*-unicosmk*) - AC_DEFINE([NO_SSH_LASTLOG], [1], - [Define if you don't want to use lastlog in session.c]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([WITH_ABBREV_NO_TTY]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([DISABLE_FD_PASSING]) - AC_DEFINE([NO_SSH_LASTLOG]) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-dec-osf*) - AC_MSG_CHECKING([for Digital Unix SIA]) - no_osfsia="" - AC_ARG_WITH([osfsia], - [ --with-osfsia Enable Digital Unix SIA], - [ - if test "x$withval" = "xno" ; then - AC_MSG_RESULT([disabled]) - no_osfsia=1 - fi - ], - ) - if test -z "$no_osfsia" ; then - if test -f /etc/sia/matrix.conf; then - AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_OSF_SIA], [1], - [Define if you have Digital Unix Security - Integration Architecture]) - AC_DEFINE([DISABLE_LOGIN], [1], - [Define if you don't want to use your - system's login() call]) - AC_DEFINE([DISABLE_FD_PASSING]) - LIBS="$LIBS -lsecurity -ldb -lm -laud" - SIA_MSG="yes" - else - AC_MSG_RESULT([no]) - AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], - [String used in /etc/passwd to denote locked account]) - fi - fi - AC_DEFINE([BROKEN_GETADDRINFO]) - AC_DEFINE([SETEUID_BREAKS_SETUID]) - AC_DEFINE([BROKEN_SETREUID]) - AC_DEFINE([BROKEN_SETREGID]) - AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) - ;; - -*-*-nto-qnx*) - AC_DEFINE([USE_PIPES]) - AC_DEFINE([NO_X11_UNIX_SOCKETS]) - AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems]) - AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems]) - AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems]) - AC_DEFINE([DISABLE_LASTLOG]) - AC_DEFINE([SSHD_ACQUIRES_CTTY]) - AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) - enable_etc_default_login=no # has incompatible /etc/default/login - case "$host" in - *-*-nto-qnx6*) - AC_DEFINE([DISABLE_FD_PASSING]) - ;; - esac - ;; - -*-*-ultrix*) - AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) - AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) - AC_DEFINE([NEED_SETPGRP]) - AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) - ;; - -*-*-lynxos) - CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" - AC_DEFINE([MISSING_HOWMANY]) - AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) - ;; -esac - -AC_MSG_CHECKING([compiler and flags for sanity]) -AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], - [ AC_MSG_RESULT([yes]) ], - [ - AC_MSG_RESULT([no]) - AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ], - [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] -) - -dnl Checks for header files. -# Checks for libraries. -AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) -AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) - -dnl IRIX and Solaris 2.5.1 have dirname() in libgen -AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ - AC_CHECK_LIB([gen], [dirname], [ - AC_CACHE_CHECK([for broken dirname], - ac_cv_have_broken_dirname, [ - save_LIBS="$LIBS" - LIBS="$LIBS -lgen" - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <libgen.h> -#include <string.h> - -int main(int argc, char **argv) { - char *s, buf[32]; - - strncpy(buf,"/etc", 32); - s = dirname(buf); - if (!s || strncmp(s, "/", 32) != 0) { - exit(1); - } else { - exit(0); - } -} - ]])], - [ ac_cv_have_broken_dirname="no" ], - [ ac_cv_have_broken_dirname="yes" ], - [ ac_cv_have_broken_dirname="no" ], - ) - LIBS="$save_LIBS" - ]) - if test "x$ac_cv_have_broken_dirname" = "xno" ; then - LIBS="$LIBS -lgen" - AC_DEFINE([HAVE_DIRNAME]) - AC_CHECK_HEADERS([libgen.h]) - fi - ]) -]) - -AC_CHECK_FUNC([getspnam], , - [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) -AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], - [Define if you have the basename function.])]) - -dnl zlib is required -AC_ARG_WITH([zlib], - [ --with-zlib=PATH Use zlib in PATH], - [ if test "x$withval" = "xno" ; then - AC_MSG_ERROR([*** zlib is required ***]) - elif test "x$withval" != "xyes"; then - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi ] -) - -AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) -AC_CHECK_LIB([z], [deflate], , - [ - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" - save_LIBS="$LIBS" - dnl Check default zlib install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" - LIBS="$LIBS -lz" - AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], - [ - AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) - ] - ) - ] -) - -AC_ARG_WITH([zlib-version-check], - [ --without-zlib-version-check Disable zlib version check], - [ if test "x$withval" = "xno" ; then - zlib_check_nonfatal=1 - fi - ] -) - -AC_MSG_CHECKING([for possibly buggy zlib]) -AC_RUN_IFELSE([AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <zlib.h> - ]], - [[ - int a=0, b=0, c=0, d=0, n, v; - n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); - if (n != 3 && n != 4) - exit(1); - v = a*1000000 + b*10000 + c*100 + d; - fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); - - /* 1.1.4 is OK */ - if (a == 1 && b == 1 && c >= 4) - exit(0); - - /* 1.2.3 and up are OK */ - if (v >= 1020300) - exit(0); - - exit(2); - ]])], - AC_MSG_RESULT([no]), - [ AC_MSG_RESULT([yes]) - if test -z "$zlib_check_nonfatal" ; then - AC_MSG_ERROR([*** zlib too old - check config.log *** -Your reported zlib version has known security problems. It's possible your -vendor has fixed these problems without changing the version number. If you -are sure this is the case, you can disable the check by running -"./configure --without-zlib-version-check". -If you are in doubt, upgrade zlib to version 1.2.3 or greater. -See http://www.gzip.org/zlib/ for details.]) - else - AC_MSG_WARN([zlib version may have security problems]) - fi - ], - [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] -) - -dnl UnixWare 2.x -AC_CHECK_FUNC([strcasecmp], - [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] -) -AC_CHECK_FUNCS([utimes], - [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) - LIBS="$LIBS -lc89"]) ] -) - -dnl Checks for libutil functions - - # - # WIN32_FIXME - # - - case "$host" in - *-*-mingw32*) - ;; - *) - AC_CHECK_HEADERS([libutil.h]) - AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1], - [Define if your libraries define login()])]) - AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp]) - ;; - esac - - # - # END FIXME - # - -AC_FUNC_STRFTIME - -# Check for ALTDIRFUNC glob() extension -AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) -AC_EGREP_CPP([FOUNDIT], - [ - #include <glob.h> - #ifdef GLOB_ALTDIRFUNC - FOUNDIT - #endif - ], - [ - AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], - [Define if your system glob() function has - the GLOB_ALTDIRFUNC extension]) - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - ] -) - -# Check for g.gl_matchc glob() extension -AC_MSG_CHECKING([for gl_matchc field in glob_t]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], - [[ glob_t g; g.gl_matchc = 1; ]])], - [ - AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], - [Define if your system glob() function has - gl_matchc options in glob_t]) - AC_MSG_RESULT([yes]) - ], [ - AC_MSG_RESULT([no]) -]) - -# Check for g.gl_statv glob() extension -AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ -#ifndef GLOB_KEEPSTAT -#error "glob does not support GLOB_KEEPSTAT extension" -#endif -glob_t g; -g.gl_statv = NULL; -]])], - [ - AC_DEFINE([GLOB_HAS_GL_STATV], [1], - [Define if your system glob() function has - gl_statv options in glob_t]) - AC_MSG_RESULT([yes]) - ], [ - AC_MSG_RESULT([no]) - -]) - -AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) - -AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <dirent.h>]], - [[ - struct dirent d; - exit(sizeof(d.d_name)<=sizeof(char)); - ]])], - [AC_MSG_RESULT([yes])], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], - [Define if your struct dirent expects you to - allocate extra space for d_name]) - ], - [ - AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) - AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) - ] -) - -AC_MSG_CHECKING([for /proc/pid/fd directory]) -if test -d "/proc/$$/fd" ; then - AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) - AC_MSG_RESULT([yes]) -else - AC_MSG_RESULT([no]) -fi - -# Check whether user wants S/Key support -SKEY_MSG="no" -AC_ARG_WITH([skey], - [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - AC_MSG_CHECKING([for s/key support]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <skey.h> - ]], [[ - char *ff = skey_keyinfo(""); ff=""; - exit(0); - ]])], - [AC_MSG_RESULT([yes])], - [ - AC_MSG_RESULT([no]) - AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) - ]) - AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <skey.h> - ]], [[ - (void)skeychallenge(NULL,"name","",0); - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([SKEYCHALLENGE_4ARG], [1], - [Define if your skeychallenge() - function takes 4 arguments (NetBSD)])], - [ - AC_MSG_RESULT([no]) - ]) - fi - ] -) - -# Check whether user wants TCP wrappers support -TCPW_MSG="no" -AC_ARG_WITH([tcp-wrappers], - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" - saved_CPPFLAGS="$CPPFLAGS" - if test -n "${withval}" && \ - test "x${withval}" != "xyes"; then - if test -d "${withval}/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "${withval}/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - LIBS="-lwrap $LIBS" - AC_MSG_CHECKING([for libwrap]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <tcpd.h> -int deny_severity = 0, allow_severity = 0; - ]], [[ - hosts_access(0); - ]])], [ - AC_MSG_RESULT([yes]) - AC_DEFINE([LIBWRAP], [1], - [Define if you want - TCP Wrappers support]) - SSHDLIBS="$SSHDLIBS -lwrap" - TCPW_MSG="yes" - ], [ - AC_MSG_ERROR([*** libwrap missing]) - - ]) - LIBS="$saved_LIBS" - fi - ] -) - -# Check whether user wants libedit support -LIBEDIT_MSG="no" -AC_ARG_WITH([libedit], - [ --with-libedit[[=PATH]] Enable libedit support for sftp], - [ if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - AC_PATH_PROG([PKGCONFIG], [pkg-config], [no]) - if test "x$PKGCONFIG" != "xno"; then - AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) - if "$PKGCONFIG" libedit; then - AC_MSG_RESULT([yes]) - use_pkgconfig_for_libedit=yes - else - AC_MSG_RESULT([no]) - fi - fi - else - CPPFLAGS="$CPPFLAGS -I${withval}/include" - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi - if test "x$use_pkgconfig_for_libedit" = "xyes"; then - LIBEDIT=`$PKGCONFIG --libs-only-l libedit` - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" - else - LIBEDIT="-ledit -lcurses" - fi - OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` - AC_CHECK_LIB([edit], [el_init], - [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) - LIBEDIT_MSG="yes" - AC_SUBST([LIBEDIT]) - ], - [ AC_MSG_ERROR([libedit not found]) ], - [ $OTHERLIBS ] - ) - AC_MSG_CHECKING([if libedit version is compatible]) - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([[ #include <histedit.h> ]], - [[ - int i = H_SETSIZE; - el_init("", NULL, NULL, NULL); - exit(0); - ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - AC_MSG_ERROR([libedit version is not compatible]) ] - ) - fi ] -) - -AUDIT_MODULE=none -AC_ARG_WITH([audit], - [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], - [ - AC_MSG_CHECKING([for supported audit module]) - case "$withval" in - bsm) - AC_MSG_RESULT([bsm]) - AUDIT_MODULE=bsm - dnl Checks for headers, libs and functions - AC_CHECK_HEADERS([bsm/audit.h], [], - [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], - [ -#ifdef HAVE_TIME_H -# include <time.h> -#endif - ] -) - AC_CHECK_LIB([bsm], [getaudit], [], - [AC_MSG_ERROR([BSM enabled and required library not found])]) - AC_CHECK_FUNCS([getaudit], [], - [AC_MSG_ERROR([BSM enabled and required function not found])]) - # These are optional - AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) - AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) - ;; - linux) - AC_MSG_RESULT([linux]) - AUDIT_MODULE=linux - dnl Checks for headers, libs and functions - AC_CHECK_HEADERS([libaudit.h]) - SSHDLIBS="$SSHDLIBS -laudit" - AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) - ;; - debug) - AUDIT_MODULE=debug - AC_MSG_RESULT([debug]) - AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) - ;; - no) - AC_MSG_RESULT([no]) - ;; - *) - AC_MSG_ERROR([Unknown audit module $withval]) - ;; - esac ] -) - -dnl Checks for library functions. Please keep in alphabetical order -AC_CHECK_FUNCS([ \ - arc4random \ - arc4random_buf \ - arc4random_uniform \ - asprintf \ - b64_ntop \ - __b64_ntop \ - b64_pton \ - __b64_pton \ - bcopy \ - bindresvport_sa \ - clock \ - closefrom \ - dirfd \ - fchmod \ - fchown \ - freeaddrinfo \ - fstatvfs \ - futimes \ - getaddrinfo \ - getcwd \ - getgrouplist \ - getnameinfo \ - getopt \ - getpeereid \ - getpeerucred \ - _getpty \ - getrlimit \ - getttyent \ - glob \ - group_from_gid \ - inet_aton \ - inet_ntoa \ - inet_ntop \ - innetgr \ - login_getcapbool \ - md5_crypt \ - memmove \ - mkdtemp \ - mmap \ - ngetaddrinfo \ - nsleep \ - ogetaddrinfo \ - openlog_r \ - openpty \ - poll \ - prctl \ - pstat \ - readpassphrase \ - realpath \ - recvmsg \ - rresvport_af \ - sendmsg \ - setdtablesize \ - setegid \ - setenv \ - seteuid \ - setgroupent \ - setgroups \ - setlogin \ - setpassent\ - setpcred \ - setproctitle \ - setregid \ - setreuid \ - setrlimit \ - setsid \ - setvbuf \ - sigaction \ - sigvec \ - snprintf \ - socketpair \ - statfs \ - statvfs \ - strdup \ - strerror \ - strlcat \ - strlcpy \ - strmode \ - strnvis \ - strptime \ - strtonum \ - strtoll \ - strtoul \ - swap32 \ - sysconf \ - tcgetpgrp \ - timingsafe_bcmp \ - truncate \ - unsetenv \ - updwtmpx \ - user_from_uid \ - vasprintf \ - vhangup \ - vsnprintf \ - waitpid \ -]) - -AC_LINK_IFELSE( - [AC_LANG_PROGRAM( - [[ #include <ctype.h> ]], - [[ return (isblank('a')); ]])], - [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) -]) - -# PKCS#11 support requires dlopen() and co -AC_SEARCH_LIBS([dlopen], [dl], - [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] -) - -# IRIX has a const char return value for gai_strerror() -AC_CHECK_FUNCS([gai_strerror], [ - AC_DEFINE([HAVE_GAI_STRERROR]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - -const char *gai_strerror(int); - ]], [[ - char *str; - str = gai_strerror(0); - ]])], [ - AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], - [Define if gai_strerror() returns const char *])], [])]) - -AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], - [Some systems put nanosleep outside of libc])]) - -dnl Make sure prototypes are defined for these before using them. -AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) -AC_CHECK_DECL([strsep], - [AC_CHECK_FUNCS([strsep])], - [], - [ -#ifdef HAVE_STRING_H -# include <string.h> -#endif - ]) - -dnl tcsendbreak might be a macro -AC_CHECK_DECL([tcsendbreak], - [AC_DEFINE([HAVE_TCSENDBREAK])], - [AC_CHECK_FUNCS([tcsendbreak])], - [#include <termios.h>] -) - -AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) - -AC_CHECK_DECLS([SHUT_RD], , , - [ -#include <sys/types.h> -#include <sys/socket.h> - ]) - -AC_CHECK_DECLS([O_NONBLOCK], , , - [ -#include <sys/types.h> -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> -#endif -#ifdef HAVE_FCNTL_H -# include <fcntl.h> -#endif - ]) - -AC_CHECK_DECLS([writev], , , [ -#include <sys/types.h> -#include <sys/uio.h> -#include <unistd.h> - ]) - -AC_CHECK_DECLS([MAXSYMLINKS], , , [ -#include <sys/param.h> - ]) - -AC_CHECK_DECLS([offsetof], , , [ -#include <stddef.h> - ]) - -AC_CHECK_FUNCS([setresuid], [ - dnl Some platorms have setresuid that isn't implemented, test for this - AC_MSG_CHECKING([if setresuid seems to work]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdlib.h> -#include <errno.h> - ]], [[ - errno=0; - setresuid(0,0,0); - if (errno==ENOSYS) - exit(1); - else - exit(0); - ]])], - [AC_MSG_RESULT([yes])], - [AC_DEFINE([BROKEN_SETRESUID], [1], - [Define if your setresuid() is broken]) - AC_MSG_RESULT([not implemented])], - [AC_MSG_WARN([cross compiling: not checking setresuid])] - ) -]) - -AC_CHECK_FUNCS([setresgid], [ - dnl Some platorms have setresgid that isn't implemented, test for this - AC_MSG_CHECKING([if setresgid seems to work]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdlib.h> -#include <errno.h> - ]], [[ - errno=0; - setresgid(0,0,0); - if (errno==ENOSYS) - exit(1); - else - exit(0); - ]])], - [AC_MSG_RESULT([yes])], - [AC_DEFINE([BROKEN_SETRESGID], [1], - [Define if your setresgid() is broken]) - AC_MSG_RESULT([not implemented])], - [AC_MSG_WARN([cross compiling: not checking setresuid])] - ) -]) - -dnl Checks for time functions -AC_CHECK_FUNCS([gettimeofday time]) -dnl Checks for utmp functions -AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) -AC_CHECK_FUNCS([utmpname]) -dnl Checks for utmpx functions -AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) -AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) -dnl Checks for lastlog functions -AC_CHECK_FUNCS([getlastlogxbyname]) - -AC_CHECK_FUNC([daemon], - [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], - [AC_CHECK_LIB([bsd], [daemon], - [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] -) - -AC_CHECK_FUNC([getpagesize], - [AC_DEFINE([HAVE_GETPAGESIZE], [1], - [Define if your libraries define getpagesize()])], - [AC_CHECK_LIB([ucb], [getpagesize], - [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] -) - -# Check for broken snprintf -if test "x$ac_cv_func_snprintf" = "xyes" ; then - AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ #include <stdio.h> ]], - [[ - char b[5]; - snprintf(b,5,"123456789"); - exit(b[4]!='\0'); - ]])], - [AC_MSG_RESULT([yes])], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([BROKEN_SNPRINTF], [1], - [Define if your snprintf is busted]) - AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ], - [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] - ) -fi - -# If we don't have a working asprintf, then we strongly depend on vsnprintf -# returning the right thing on overflow: the number of characters it tried to -# create (as per SUSv3) -if test "x$ac_cv_func_asprintf" != "xyes" && \ - test "x$ac_cv_func_vsnprintf" = "xyes" ; then - AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <stdio.h> -#include <stdarg.h> - -int x_snprintf(char *str,size_t count,const char *fmt,...) -{ - size_t ret; va_list ap; - va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); - return ret; -} - ]], [[ - char x[1]; - exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); - ]])], - [AC_MSG_RESULT([yes])], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([BROKEN_SNPRINTF], [1], - [Define if your snprintf is busted]) - AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) - ], - [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] - ) -fi - -# On systems where [v]snprintf is broken, but is declared in stdio, -# check that the fmt argument is const char * or just char *. -# This is only useful for when BROKEN_SNPRINTF -AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <stdio.h> -int snprintf(char *a, size_t b, const char *c, ...) { return 0; } - ]], [[ - snprintf(0, 0, 0); - ]])], - [AC_MSG_RESULT([yes]) - AC_DEFINE([SNPRINTF_CONST], [const], - [Define as const if snprintf() can declare const char *fmt])], - [AC_MSG_RESULT([no]) - AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) - -# Check for missing getpeereid (or equiv) support -NO_PEERCHECK="" -if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then - AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], - [ AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) - ], [AC_MSG_RESULT([no]) - NO_PEERCHECK=1 - ]) -fi - -dnl see whether mkstemp() requires XXXXXX -if test "x$ac_cv_func_mkdtemp" = "xyes" ; then -AC_MSG_CHECKING([for (overly) strict mkstemp]) -AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdlib.h> - ]], [[ - char template[]="conftest.mkstemp-test"; - if (mkstemp(template) == -1) - exit(1); - unlink(template); - exit(0); - ]])], - [ - AC_MSG_RESULT([no]) - ], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) - ], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_STRICT_MKSTEMP]) - ] -) -fi - -dnl make sure that openpty does not reacquire controlling terminal -if test ! -z "$check_for_openpty_ctty_bug"; then - AC_MSG_CHECKING([if openpty correctly handles controlling tty]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <sys/fcntl.h> -#include <sys/types.h> -#include <sys/wait.h> - ]], [[ - pid_t pid; - int fd, ptyfd, ttyfd, status; - - pid = fork(); - if (pid < 0) { /* failed */ - exit(1); - } else if (pid > 0) { /* parent */ - waitpid(pid, &status, 0); - if (WIFEXITED(status)) - exit(WEXITSTATUS(status)); - else - exit(2); - } else { /* child */ - close(0); close(1); close(2); - setsid(); - openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) - exit(3); /* Acquired ctty: broken */ - else - exit(0); /* Did not acquire ctty: OK */ - } - ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([SSHD_ACQUIRES_CTTY]) - ], - [ - AC_MSG_RESULT([cross-compiling, assuming yes]) - ] - ) -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then - AC_MSG_CHECKING([if getaddrinfo seems to work]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - ]], [[ - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (err != 0) { - if (err == EAI_SYSTEM) - perror("getnameinfo EAI_SYSTEM"); - else - fprintf(stderr, "getnameinfo failed: %s\n", - gai_strerror(err)); - exit(2); - } - - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) - perror("socket"); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (errno == EBADF) - exit(3); - } - } - exit(0); - ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([BROKEN_GETADDRINFO]) - ], - [ - AC_MSG_RESULT([cross-compiling, assuming yes]) - ] - ) -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_aix_broken_getaddrinfo" = "x1"; then - AC_MSG_CHECKING([if getaddrinfo seems to work]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - ]], [[ - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (ai->ai_family == AF_INET && err != 0) { - perror("getnameinfo"); - exit(2); - } - } - exit(0); - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], - [Define if you have a getaddrinfo that fails - for the all-zeros IPv6 address]) - ], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([BROKEN_GETADDRINFO]) - ], - [ - AC_MSG_RESULT([cross-compiling, assuming no]) - ] - ) -fi - -if test "x$check_for_conflicting_getspnam" = "x1"; then - AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], - [[ exit(0); ]])], - [ - AC_MSG_RESULT([no]) - ], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], - [Conflicting defs for getspnam]) - ] - ) -fi - -AC_FUNC_GETPGRP - -# Search for OpenSSL -saved_CPPFLAGS="$CPPFLAGS" -saved_LDFLAGS="$LDFLAGS" -AC_ARG_WITH([ssl-dir], - [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], - [ - if test "x$withval" != "xno" ; then - case "$withval" in - # Relative paths - ./*|../*) withval="`pwd`/$withval" - esac - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - elif test -d "$withval/lib64"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - ] -) -LIBS="-lcrypto $LIBS" -AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], - [Define if your ssl headers are included - with #include <openssl/header.h>])], - [ - dnl Check default openssl install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" - AC_CHECK_HEADER([openssl/opensslv.h], , - [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) - AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], - [ - AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) - ] - ) - ] -) - -# Determine OpenSSL header version -AC_MSG_CHECKING([OpenSSL header version]) -AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#define DATA "conftest.sslincver" - ]], [[ - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) - exit(1); - - exit(0); - ]])], - [ - ssl_header_ver=`cat conftest.sslincver` - AC_MSG_RESULT([$ssl_header_ver]) - ], - [ - AC_MSG_RESULT([not found]) - AC_MSG_ERROR([OpenSSL version header not found.]) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -# Determine OpenSSL library version -AC_MSG_CHECKING([OpenSSL library version]) -AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#include <openssl/crypto.h> -#define DATA "conftest.ssllibver" - ]], [[ - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) - exit(1); - - exit(0); - ]])], - [ - ssl_library_ver=`cat conftest.ssllibver` - AC_MSG_RESULT([$ssl_library_ver]) - ], - [ - AC_MSG_RESULT([not found]) - AC_MSG_ERROR([OpenSSL library not found.]) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -AC_ARG_WITH([openssl-header-check], - [ --without-openssl-header-check Disable OpenSSL version consistency check], - [ if test "x$withval" = "xno" ; then - openssl_check_nonfatal=1 - fi - ] -) - -# Sanity check OpenSSL headers -AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <string.h> -#include <openssl/opensslv.h> - ]], [[ - exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); - ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - if test "x$openssl_check_nonfatal" = "x"; then - AC_MSG_ERROR([Your OpenSSL headers do not match your -library. Check config.log for details. -If you are sure your installation is consistent, you can disable the check -by running "./configure --without-openssl-header-check". -Also see contrib/findssl.sh for help identifying header/library mismatches. -]) - else - AC_MSG_WARN([Your OpenSSL headers do not match your -library. Check config.log for details. -Also see contrib/findssl.sh for help identifying header/library mismatches.]) - fi - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -AC_MSG_CHECKING([if programs using OpenSSL functions will link]) -AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], - [[ SSLeay_add_all_algorithms(); ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - saved_LIBS="$LIBS" - LIBS="$LIBS -ldl" - AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], - [[ SSLeay_add_all_algorithms(); ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - LIBS="$saved_LIBS" - ] - ) - ] -) - -AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method]) - -AC_ARG_WITH([ssl-engine], - [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], - [ if test "x$withval" != "xno" ; then - AC_MSG_CHECKING([for OpenSSL ENGINE support]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <openssl/engine.h> - ]], [[ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - ]])], - [ AC_MSG_RESULT([yes]) - AC_DEFINE([USE_OPENSSL_ENGINE], [1], - [Enable OpenSSL engine support]) - ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) - ]) - fi ] -) - -# Check for OpenSSL without EVP_aes_{192,256}_cbc -AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) -AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ -#include <string.h> -#include <openssl/evp.h> - ]], [[ - exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); - ]])], - [ - AC_MSG_RESULT([no]) - ], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], - [libcrypto is missing AES 192 and 256 bit functions]) - ] -) - -AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) -AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ -#include <string.h> -#include <openssl/evp.h> - ]], [[ - if(EVP_DigestUpdate(NULL, NULL,0)) - exit(0); - ]])], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], - [Define if EVP_DigestUpdate returns void]) - ] -) - -# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, -# because the system crypt() is more featureful. -if test "x$check_for_libcrypt_before" = "x1"; then - AC_CHECK_LIB([crypt], [crypt]) -fi - -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the -# version in OpenSSL. -if test "x$check_for_libcrypt_later" = "x1"; then - AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) -fi - -# Search for SHA256 support in libc and/or OpenSSL -AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes], - [TEST_SSH_SHA256=no]) -AC_SUBST([TEST_SSH_SHA256]) - -# Check complete ECC support in OpenSSL -AC_MSG_CHECKING([whether OpenSSL has complete ECC support]) -AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[ -#include <openssl/ec.h> -#include <openssl/ecdh.h> -#include <openssl/ecdsa.h> -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/opensslv.h> -#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ -# error "OpenSSL < 0.9.8g has unreliable ECC code" -#endif - ]], [[ - EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); - const EVP_MD *m = EVP_sha512(); /* We need this too */ - ]])], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE([OPENSSL_HAS_ECC], [1], - [libcrypto includes complete ECC support]) - TEST_SSH_ECC=yes - COMMENT_OUT_ECC="" - ], - [ - AC_MSG_RESULT([no]) - TEST_SSH_ECC=no - COMMENT_OUT_ECC="#no ecc#" - ] -) -AC_SUBST([TEST_SSH_ECC]) -AC_SUBST([COMMENT_OUT_ECC]) - -saved_LIBS="$LIBS" -AC_CHECK_LIB([iaf], [ia_openinfo], [ - LIBS="$LIBS -liaf" - AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" - AC_DEFINE([HAVE_LIBIAF], [1], - [Define if system has libiaf that supports set_id]) - ]) -]) -LIBS="$saved_LIBS" - -### Configure cryptographic random number support - -# Check wheter OpenSSL seeds itself -AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <string.h> -#include <openssl/rand.h> - ]], [[ - exit(RAND_status() == 1 ? 0 : 1); - ]])], - [ - OPENSSL_SEEDS_ITSELF=yes - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - ], - [ - AC_MSG_WARN([cross compiling: assuming yes]) - # This is safe, since we will fatal() at runtime if - # OpenSSL is not seeded correctly. - OPENSSL_SEEDS_ITSELF=yes - ] -) - -# PRNGD TCP socket -AC_ARG_WITH([prngd-port], - [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], - [ - case "$withval" in - no) - withval="" - ;; - [[0-9]]*) - ;; - *) - AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) - ;; - esac - if test ! -z "$withval" ; then - PRNGD_PORT="$withval" - AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], - [Port number of PRNGD/EGD random number socket]) - fi - ] -) - -# PRNGD Unix domain socket -AC_ARG_WITH([prngd-socket], - [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], - [ - case "$withval" in - yes) - withval="/var/run/egd-pool" - ;; - no) - withval="" - ;; - /*) - ;; - *) - AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) - ;; - esac - - if test ! -z "$withval" ; then - if test ! -z "$PRNGD_PORT" ; then - AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) - fi - if test ! -r "$withval" ; then - AC_MSG_WARN([Entropy socket is not readable]) - fi - PRNGD_SOCKET="$withval" - AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], - [Location of PRNGD/EGD random number socket]) - fi - ], - [ - # Check for existing socket only if we don't have a random device already - if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then - AC_MSG_CHECKING([for PRNGD/EGD socket]) - # Insert other locations here - for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do - if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then - PRNGD_SOCKET="$sock" - AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) - break; - fi - done - if test ! -z "$PRNGD_SOCKET" ; then - AC_MSG_RESULT([$PRNGD_SOCKET]) - else - AC_MSG_RESULT([not found]) - fi - fi - ] -) - -# Which randomness source do we use? -if test ! -z "$PRNGD_PORT" ; then - RAND_MSG="PRNGd port $PRNGD_PORT" -elif test ! -z "$PRNGD_SOCKET" ; then - RAND_MSG="PRNGd socket $PRNGD_SOCKET" -elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then - AC_DEFINE([OPENSSL_PRNG_ONLY], [1], - [Define if you want OpenSSL's internally seeded PRNG only]) - RAND_MSG="OpenSSL internal ONLY" -else - AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) -fi - -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH([pam], - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB([dl], [dlopen], , ) - AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) - AC_CHECK_FUNCS([pam_getenvlist]) - AC_CHECK_FUNCS([pam_putenv]) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - SSHDLIBS="$SSHDLIBS -lpam" - AC_DEFINE([USE_PAM], [1], - [Define if you want to enable PAM support]) - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - SSHDLIBS="$SSHDLIBS -ldl" - ;; - esac - fi - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <stdlib.h> -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include <security/pam_appl.h> -#elif defined (HAVE_PAM_PAM_APPL_H) -#include <pam/pam_appl.h> -#endif - ]], [[ -(void)pam_strerror((pam_handle_t *)NULL, -1); - ]])], [AC_MSG_RESULT([no])], [ - AC_DEFINE([HAVE_OLD_PAM], [1], - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT([yes]) - PAM_MSG="yes (old library)" - - ]) -fi - -SSH_PRIVSEP_USER=sshd -AC_ARG_WITH([privsep-user], - [ --with-privsep-user=user Specify non-privileged user for privilege separation], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - SSH_PRIVSEP_USER=$withval - fi - ] -) -AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], - [non-privileged user for privilege separation]) -AC_SUBST([SSH_PRIVSEP_USER]) - -# Decide which sandbox style to use -sandbox_arg="" -AC_ARG_WITH([sandbox], - [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)], - [ - if test "x$withval" = "xyes" ; then - sandbox_arg="" - else - sandbox_arg="$withval" - fi - ] -) -if test "x$sandbox_arg" = "xsystrace" || \ - ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then - test "x$have_systr_policy_kill" != "x1" && \ - AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) - SANDBOX_STYLE="systrace" - AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) -elif test "x$sandbox_arg" = "xdarwin" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ - test "x$ac_cv_header_sandbox_h" = "xyes") ; then - test "x$ac_cv_func_sandbox_init" != "xyes" -o \ - "x$ac_cv_header_sandbox_h" != "xyes" && \ - AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) - SANDBOX_STYLE="darwin" - AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) -elif test "x$sandbox_arg" = "xrlimit" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then - test "x$ac_cv_func_setrlimit" != "xyes" && \ - AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) - SANDBOX_STYLE="rlimit" - AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) -elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ - test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then - SANDBOX_STYLE="none" - AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) -else - AC_MSG_ERROR([unsupported --with-sandbox]) -fi - -# Cheap hack to ensure NEWS-OS libraries are arranged right. -if test ! -z "$SONY" ; then - LIBS="$LIBS -liberty"; -fi - -# Check for long long datatypes -AC_CHECK_TYPES([long long, unsigned long long, long double]) - -# Check datatype sizes -AC_CHECK_SIZEOF([char], [1]) -AC_CHECK_SIZEOF([short int], [2]) -AC_CHECK_SIZEOF([int], [4]) -AC_CHECK_SIZEOF([long int], [4]) -AC_CHECK_SIZEOF([long long int], [8]) - -# Sanity check long long for some platforms (AIX) -if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then - ac_cv_sizeof_long_long_int=0 -fi - -# compute LLONG_MIN and LLONG_MAX if we don't know them. -if test -z "$have_llong_max"; then - AC_MSG_CHECKING([for max value of long long]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -/* Why is this so damn hard? */ -#ifdef __GNUC__ -# undef __GNUC__ -#endif -#define __USE_ISOC99 -#include <limits.h> -#define DATA "conftest.llminmax" -#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) - -/* - * printf in libc on some platforms (eg old Tru64) does not understand %lld so - * we do this the hard way. - */ -static int -fprint_ll(FILE *f, long long n) -{ - unsigned int i; - int l[sizeof(long long) * 8]; - - if (n < 0) - if (fprintf(f, "-") < 0) - return -1; - for (i = 0; n != 0; i++) { - l[i] = my_abs(n % 10); - n /= 10; - } - do { - if (fprintf(f, "%d", l[--i]) < 0) - return -1; - } while (i != 0); - if (fprintf(f, " ") < 0) - return -1; - return 0; -} - ]], [[ - FILE *f; - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) - exit(1); - -#if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); - llmin = LLONG_MIN; - llmax = LLONG_MAX; -#else - fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); - /* This will work on one's complement and two's complement */ - for (i = 1; i > llmax; i <<= 1, i++) - llmax = i; - llmin = llmax + 1LL; /* wrap */ -#endif - - /* Sanity check */ - if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax || llmin == llmax || llmin == 0 - || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { - fprintf(f, "unknown unknown\n"); - exit(2); - } - - if (fprint_ll(f, llmin) < 0) - exit(3); - if (fprint_ll(f, llmax) < 0) - exit(4); - if (fclose(f) < 0) - exit(5); - exit(0); - ]])], - [ - llong_min=`$AWK '{print $1}' conftest.llminmax` - llong_max=`$AWK '{print $2}' conftest.llminmax` - - AC_MSG_RESULT([$llong_max]) - AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], - [max value of long long calculated by configure]) - AC_MSG_CHECKING([for min value of long long]) - AC_MSG_RESULT([$llong_min]) - AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], - [min value of long long calculated by configure]) - ], - [ - AC_MSG_RESULT([not found]) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] - ) -fi - - -# More checks for data types -AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ u_int a; a = 1;]])], - [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" - ]) -]) -if test "x$ac_cv_have_u_int" = "xyes" ; then - AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) - have_u_int=1 -fi - -AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], - [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" - ]) -]) -if test "x$ac_cv_have_intxx_t" = "xyes" ; then - AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) - have_intxx_t=1 -fi - -if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") -then - AC_MSG_CHECKING([for intXX_t types in stdint.h]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], - [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], - [ - AC_DEFINE([HAVE_INTXX_T]) - AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) - ]) -fi - -AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#ifdef HAVE_STDINT_H -# include <stdint.h> -#endif -#include <sys/socket.h> -#ifdef HAVE_SYS_BITYPES_H -# include <sys/bitypes.h> -#endif - ]], [[ -int64_t a; a = 1; - ]])], - [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" - ]) -]) -if test "x$ac_cv_have_int64_t" = "xyes" ; then - AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) -fi - -AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], - [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" - ]) -]) -if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then - AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) - have_u_intxx_t=1 -fi - -if test -z "$have_u_intxx_t" ; then - AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], - [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], - [ - AC_DEFINE([HAVE_U_INTXX_T]) - AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) - ]) -fi - -AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ u_int64_t a; a = 1;]])], - [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" - ]) -]) -if test "x$ac_cv_have_u_int64_t" = "xyes" ; then - AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) - have_u_int64_t=1 -fi - -if test -z "$have_u_int64_t" ; then - AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], - [[ u_int64_t a; a = 1]])], - [ - AC_DEFINE([HAVE_U_INT64_T]) - AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) - ]) -fi - -if test -z "$have_u_intxx_t" ; then - AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> - ]], [[ - uint8_t a; - uint16_t b; - uint32_t c; - a = b = c = 1; - ]])], - [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" - ]) - ]) - if test "x$ac_cv_have_uintxx_t" = "xyes" ; then - AC_DEFINE([HAVE_UINTXX_T], [1], - [define if you have uintxx_t data type]) - fi -fi - -if test -z "$have_uintxx_t" ; then - AC_MSG_CHECKING([for uintXX_t types in stdint.h]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], - [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], - [ - AC_DEFINE([HAVE_UINTXX_T]) - AC_MSG_RESULT([yes]) - ], [ AC_MSG_RESULT([no]) - ]) -fi - -if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") -then - AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/bitypes.h> - ]], [[ - int8_t a; int16_t b; int32_t c; - u_int8_t e; u_int16_t f; u_int32_t g; - a = b = c = e = f = g = 1; - ]])], - [ - AC_DEFINE([HAVE_U_INTXX_T]) - AC_DEFINE([HAVE_INTXX_T]) - AC_MSG_RESULT([yes]) - ], [AC_MSG_RESULT([no]) - ]) -fi - - -AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ u_char foo; foo = 125; ]])], - [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" - ]) -]) -if test "x$ac_cv_have_u_char" = "xyes" ; then - AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) -fi - -# -# WIN32_FIXME -# - -case "$host" in -*-*-mingw32*) - ;; -*) - TYPE_SOCKLEN_T - ;; -esac - -# -# END FIXME -# - -AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) -AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ -#include <sys/types.h> -#ifdef HAVE_SYS_BITYPES_H -#include <sys/bitypes.h> -#endif -#ifdef HAVE_SYS_STATFS_H -#include <sys/statfs.h> -#endif -#ifdef HAVE_SYS_STATVFS_H -#include <sys/statvfs.h> -#endif -]) - -AC_CHECK_TYPES([in_addr_t, in_port_t], , , -[#include <sys/types.h> -#include <netinet/in.h>]) - -AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ size_t foo; foo = 1235; ]])], - [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" - ]) -]) -if test "x$ac_cv_have_size_t" = "xyes" ; then - AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) -fi - -AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ ssize_t foo; foo = 1235; ]])], - [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" - ]) -]) -if test "x$ac_cv_have_ssize_t" = "xyes" ; then - AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) -fi - -AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], - [[ clock_t foo; foo = 1235; ]])], - [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" - ]) -]) -if test "x$ac_cv_have_clock_t" = "xyes" ; then - AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) -fi - -AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> - ]], [[ sa_family_t foo; foo = 1235; ]])], - [ ac_cv_have_sa_family_t="yes" ], - [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> - ]], [[ sa_family_t foo; foo = 1235; ]])], - [ ac_cv_have_sa_family_t="yes" ], - [ ac_cv_have_sa_family_t="no" ] - ) - ]) -]) -if test "x$ac_cv_have_sa_family_t" = "xyes" ; then - AC_DEFINE([HAVE_SA_FAMILY_T], [1], - [define if you have sa_family_t data type]) -fi - -AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ pid_t foo; foo = 1235; ]])], - [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" - ]) -]) -if test "x$ac_cv_have_pid_t" = "xyes" ; then - AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) -fi - -AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], - [[ mode_t foo; foo = 1235; ]])], - [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" - ]) -]) -if test "x$ac_cv_have_mode_t" = "xyes" ; then - AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) -fi - - -AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> - ]], [[ struct sockaddr_storage s; ]])], - [ ac_cv_have_struct_sockaddr_storage="yes" ], - [ ac_cv_have_struct_sockaddr_storage="no" - ]) -]) -if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then - AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], - [define if you have struct sockaddr_storage data type]) -fi - -AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <netinet/in.h> - ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], - [ ac_cv_have_struct_sockaddr_in6="yes" ], - [ ac_cv_have_struct_sockaddr_in6="no" - ]) -]) -if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], - [define if you have struct sockaddr_in6 data type]) -fi - -AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <netinet/in.h> - ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], - [ ac_cv_have_struct_in6_addr="yes" ], - [ ac_cv_have_struct_in6_addr="no" - ]) -]) -if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], - [define if you have struct in6_addr data type]) - -dnl Now check for sin6_scope_id - AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , - [ -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif -#include <netinet/in.h> - ]) -fi - -AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], - [ ac_cv_have_struct_addrinfo="yes" ], - [ ac_cv_have_struct_addrinfo="no" - ]) -]) -if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], - [define if you have struct addrinfo data type]) -fi - -AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], - [[ struct timeval tv; tv.tv_sec = 1;]])], - [ ac_cv_have_struct_timeval="yes" ], - [ ac_cv_have_struct_timeval="no" - ]) -]) -if test "x$ac_cv_have_struct_timeval" = "xyes" ; then - AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) - have_struct_timeval=1 -fi - -AC_CHECK_TYPES([struct timespec]) - -# We need int64_t or else certian parts of the compile will fail. -if test "x$ac_cv_have_int64_t" = "xno" && \ - test "x$ac_cv_sizeof_long_int" != "x8" && \ - test "x$ac_cv_sizeof_long_long_int" = "x0" ; then - echo "OpenSSH requires int64_t support. Contact your vendor or install" - echo "an alternative compiler (I.E., GCC) before continuing." - echo "" - exit 1; -else -dnl test snprintf (broken on SCO w/gcc) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#ifdef HAVE_SNPRINTF -main() -{ - char buf[50]; - char expected_out[50]; - int mazsize = 50 ; -#if (SIZEOF_LONG_INT == 8) - long int num = 0x7fffffffffffffff; -#else - long long num = 0x7fffffffffffffffll; -#endif - strcpy(expected_out, "9223372036854775807"); - snprintf(buf, mazsize, "%lld", num); - if(strcmp(buf, expected_out) != 0) - exit(1); - exit(0); -} -#else -main() { exit(0); } -#endif - ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], - AC_MSG_WARN([cross compiling: Assuming working snprintf()]) - ) -fi - -dnl Checks for structure members -OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) -OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) - -AC_CHECK_MEMBERS([struct stat.st_blksize]) -AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], - [Define if we don't have struct __res_state in resolv.h])], -[ -#include <stdio.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <resolv.h> -]) - -AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], - ac_cv_have_ss_family_in_struct_ss, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> - ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], - [ ac_cv_have_ss_family_in_struct_ss="yes" ], - [ ac_cv_have_ss_family_in_struct_ss="no" ]) -]) -if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) -fi - -AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], - ac_cv_have___ss_family_in_struct_ss, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> - ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], - [ ac_cv_have___ss_family_in_struct_ss="yes" ], - [ ac_cv_have___ss_family_in_struct_ss="no" - ]) -]) -if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], - [Fields in struct sockaddr_storage]) -fi - -AC_CACHE_CHECK([for pw_class field in struct passwd], - ac_cv_have_pw_class_in_struct_passwd, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], - [[ struct passwd p; p.pw_class = 0; ]])], - [ ac_cv_have_pw_class_in_struct_passwd="yes" ], - [ ac_cv_have_pw_class_in_struct_passwd="no" - ]) -]) -if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then - AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1], - [Define if your password has a pw_class field]) -fi - -AC_CACHE_CHECK([for pw_expire field in struct passwd], - ac_cv_have_pw_expire_in_struct_passwd, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], - [[ struct passwd p; p.pw_expire = 0; ]])], - [ ac_cv_have_pw_expire_in_struct_passwd="yes" ], - [ ac_cv_have_pw_expire_in_struct_passwd="no" - ]) -]) -if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then - AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1], - [Define if your password has a pw_expire field]) -fi - -AC_CACHE_CHECK([for pw_change field in struct passwd], - ac_cv_have_pw_change_in_struct_passwd, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], - [[ struct passwd p; p.pw_change = 0; ]])], - [ ac_cv_have_pw_change_in_struct_passwd="yes" ], - [ ac_cv_have_pw_change_in_struct_passwd="no" - ]) -]) -if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then - AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1], - [Define if your password has a pw_change field]) -fi - -dnl make sure we're using the real structure members and not defines -AC_CACHE_CHECK([for msg_accrights field in struct msghdr], - ac_cv_have_accrights_in_msghdr, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> - ]], [[ -#ifdef msg_accrights -#error "msg_accrights is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_accrights = 0; -exit(0); - ]])], - [ ac_cv_have_accrights_in_msghdr="yes" ], - [ ac_cv_have_accrights_in_msghdr="no" ] - ) -]) -if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then - AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], - [Define if your system uses access rights style - file descriptor passing]) -fi - -AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/stat.h> -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif -#ifdef HAVE_SYS_MOUNT_H -#include <sys/mount.h> -#endif -#ifdef HAVE_SYS_STATVFS_H -#include <sys/statvfs.h> -#endif - ]], [[ struct statvfs s; s.f_fsid = 0; ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - - AC_MSG_CHECKING([if fsid_t has member val]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/statvfs.h> - ]], [[ fsid_t t; t.val[0] = 0; ]])], - [ AC_MSG_RESULT([yes]) - AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], - [ AC_MSG_RESULT([no]) ]) - - AC_MSG_CHECKING([if f_fsid has member __val]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/statvfs.h> - ]], [[ fsid_t t; t.__val[0] = 0; ]])], - [ AC_MSG_RESULT([yes]) - AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], - [ AC_MSG_RESULT([no]) ]) -]) - -AC_CACHE_CHECK([for msg_control field in struct msghdr], - ac_cv_have_control_in_msghdr, [ - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> - ]], [[ -#ifdef msg_control -#error "msg_control is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_control = 0; -exit(0); - ]])], - [ ac_cv_have_control_in_msghdr="yes" ], - [ ac_cv_have_control_in_msghdr="no" ] - ) -]) -if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then - AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], - [Define if your system uses ancillary data style - file descriptor passing]) -fi - -AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], - [[ extern char *__progname; printf("%s", __progname); ]])], - [ ac_cv_libc_defines___progname="yes" ], - [ ac_cv_libc_defines___progname="no" - ]) -]) -if test "x$ac_cv_libc_defines___progname" = "xyes" ; then - AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) -fi - -AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], - [[ printf("%s", __FUNCTION__); ]])], - [ ac_cv_cc_implements___FUNCTION__="yes" ], - [ ac_cv_cc_implements___FUNCTION__="no" - ]) -]) -if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then - AC_DEFINE([HAVE___FUNCTION__], [1], - [Define if compiler implements __FUNCTION__]) -fi - -AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], - [[ printf("%s", __func__); ]])], - [ ac_cv_cc_implements___func__="yes" ], - [ ac_cv_cc_implements___func__="no" - ]) -]) -if test "x$ac_cv_cc_implements___func__" = "xyes" ; then - AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) -fi - -AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <stdarg.h> -va_list x,y; - ]], [[ va_copy(x,y); ]])], - [ ac_cv_have_va_copy="yes" ], - [ ac_cv_have_va_copy="no" - ]) -]) -if test "x$ac_cv_have_va_copy" = "xyes" ; then - AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) -fi - -AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <stdarg.h> -va_list x,y; - ]], [[ __va_copy(x,y); ]])], - [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" - ]) -]) -if test "x$ac_cv_have___va_copy" = "xyes" ; then - AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) -fi - -AC_CACHE_CHECK([whether getopt has optreset support], - ac_cv_have_getopt_optreset, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], - [[ extern int optreset; optreset = 0; ]])], - [ ac_cv_have_getopt_optreset="yes" ], - [ ac_cv_have_getopt_optreset="no" - ]) -]) -if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then - AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], - [Define if your getopt(3) defines and uses optreset]) -fi - -AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], -[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], - [ ac_cv_libc_defines_sys_errlist="yes" ], - [ ac_cv_libc_defines_sys_errlist="no" - ]) -]) -if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then - AC_DEFINE([HAVE_SYS_ERRLIST], [1], - [Define if your system defines sys_errlist[]]) -fi - - -AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], -[[ extern int sys_nerr; printf("%i", sys_nerr);]])], - [ ac_cv_libc_defines_sys_nerr="yes" ], - [ ac_cv_libc_defines_sys_nerr="no" - ]) -]) -if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then - AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) -fi - -# -# WIN32_FIXME -# - -# Check libraries needed by DNS fingerprint support -case "$host" in -*-*-mingw32*) - ;; -*) -AC_SEARCH_LIBS([getrrsetbyname], [resolv], - [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], - [Define if getrrsetbyname() exists])], - [ - # Needed by our getrrsetbyname() - AC_SEARCH_LIBS([res_query], [resolv]) - AC_SEARCH_LIBS([dn_expand], [resolv]) - AC_MSG_CHECKING([if res_query will link]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <netdb.h> -#include <resolv.h> - ]], [[ - res_query (0, 0, 0, 0, 0); - ]])], - AC_MSG_RESULT([yes]), - [AC_MSG_RESULT([no]) - saved_LIBS="$LIBS" - LIBS="$LIBS -lresolv" - AC_MSG_CHECKING([for res_query in -lresolv]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <netdb.h> -#include <resolv.h> - ]], [[ - res_query (0, 0, 0, 0, 0); - ]])], - [AC_MSG_RESULT([yes])], - [LIBS="$saved_LIBS" - AC_MSG_RESULT([no])]) - ]) - AC_CHECK_FUNCS([_getshort _getlong]) - AC_CHECK_DECLS([_getshort, _getlong], , , - [#include <sys/types.h> - #include <arpa/nameser.h>]) - AC_CHECK_MEMBER([HEADER.ad], - [AC_DEFINE([HAVE_HEADER_AD], [1], - [Define if HEADER.ad exists in arpa/nameser.h])], , - [#include <arpa/nameser.h>]) - ]) - ;; -esac - -# -# END FIXME -# - -AC_MSG_CHECKING([if struct __res_state _res is an extern]) -AC_LINK_IFELSE([AC_LANG_PROGRAM([[ -#include <stdio.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <resolv.h> -extern struct __res_state _res; - ]], [[ ]])], - [AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE__RES_EXTERN], [1], - [Define if you have struct __res_state _res as an extern]) - ], - [ AC_MSG_RESULT([no]) ] -) - -# Check whether user wants SELinux support -SELINUX_MSG="no" -LIBSELINUX="" -AC_ARG_WITH([selinux], - [ --with-selinux Enable SELinux support], - [ if test "x$withval" != "xno" ; then - save_LIBS="$LIBS" - AC_DEFINE([WITH_SELINUX], [1], - [Define if you want SELinux support.]) - SELINUX_MSG="yes" - AC_CHECK_HEADER([selinux/selinux.h], , - AC_MSG_ERROR([SELinux support requires selinux.h header])) - AC_CHECK_LIB([selinux], [setexeccon], - [ LIBSELINUX="-lselinux" - LIBS="$LIBS -lselinux" - ], - AC_MSG_ERROR([SELinux support requires libselinux library])) - SSHLIBS="$SSHLIBS $LIBSELINUX" - SSHDLIBS="$SSHDLIBS $LIBSELINUX" - AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) - LIBS="$save_LIBS" - fi ] -) -AC_SUBST([SSHLIBS]) -AC_SUBST([SSHDLIBS]) - -# Check whether user wants Kerberos 5 support -KRB5_MSG="no" -AC_ARG_WITH([kerberos5], - [ --with-kerberos5=PATH Enable Kerberos 5 support], - [ if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi - - AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) - KRB5_MSG="yes" - - -# -# WIN32_FIXME -# - -# -# We have no krb5-config on Windows. -# Dont link to kerberos libs, becouse we loads -# them in runtime. -# - -if test "$SkipGssapiLibsCheck" = "1" ; then - - AC_DEFINE(GSSAPI, 1, [Define this if you want GSSAPI support in the version 2 protocol]) - - CFLAGS="$CFLAGS -I$KRB5ROOT" - -else - - AC_PATH_PROG([KRB5CONF], [krb5-config], - [$KRB5ROOT/bin/krb5-config], - [$KRB5ROOT/bin:$PATH]) - if test -x $KRB5CONF ; then - - AC_MSG_CHECKING([for gssapi support]) - if $KRB5CONF | grep gssapi >/dev/null ; then - AC_MSG_RESULT([yes]) - AC_DEFINE([GSSAPI], [1], - [Define this if you want GSSAPI - support in the version 2 protocol]) - k5confopts=gssapi - else - AC_MSG_RESULT([no]) - k5confopts="" - fi - K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" - K5LIBS="`$KRB5CONF --libs $k5confopts`" - CPPFLAGS="$CPPFLAGS $K5CFLAGS" - AC_MSG_CHECKING([whether we are using Heimdal]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> - ]], [[ char *tmp = heimdal_version; ]])], - [ AC_MSG_RESULT([yes]) - AC_DEFINE([HEIMDAL], [1], - [Define this if you are using the Heimdal - version of Kerberos V5]) ], - [AC_MSG_RESULT([no]) - ]) - else - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_MSG_CHECKING([whether we are using Heimdal]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> - ]], [[ char *tmp = heimdal_version; ]])], - [ AC_MSG_RESULT([yes]) - AC_DEFINE([HEIMDAL]) - K5LIBS="-lkrb5" - K5LIBS="$K5LIBS -lcom_err -lasn1" - AC_CHECK_LIB([roken], [net_write], - [K5LIBS="$K5LIBS -lroken"]) - AC_CHECK_LIB([des], [des_cbc_encrypt], - [K5LIBS="$K5LIBS -ldes"]) - ], [ AC_MSG_RESULT([no]) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - - ]) - AC_SEARCH_LIBS([dn_expand], [resolv]) - - AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], - [ AC_DEFINE([GSSAPI]) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], - [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], - [ AC_DEFINE([GSSAPI]) - K5LIBS="-lgssapi $K5LIBS" ], - AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), - $K5LIBS) - ], - $K5LIBS) - -fi - -# -# END FIXME -# - - AC_CHECK_HEADER([gssapi.h], , - [ unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - AC_CHECK_HEADERS([gssapi.h], , - AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) - ) - ] - ) - - oldCPP="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - AC_CHECK_HEADER([gssapi_krb5.h], , - [ CPPFLAGS="$oldCPP" ]) - - fi - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi - -# -# Fix header found, but not usable on MinGW. -# - - case "$host" in - *-*-mingw32*) - - AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h], [], [], [ #define _W64 long long ] ) - AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h], [], [], [ #define _W64 long long ] ) - AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h], [], [], [ #define _W64 long long ] ) - - ;; - *) - - AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) - AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) - AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) - - ;; - esac - - - LIBS="$LIBS $K5LIBS" - AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], - [Define this if you want to use libkafs' AFS support])]) - fi - ] -) - -# Looking for programs, paths and files - -PRIVSEP_PATH=/var/empty -AC_ARG_WITH([privsep-path], - [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - PRIVSEP_PATH=$withval - fi - ] -) -AC_SUBST([PRIVSEP_PATH]) - -AC_ARG_WITH([xauth], - [ --with-xauth=PATH Specify path to xauth program ], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - xauth_path=$withval - fi - ], - [ - TestPath="$PATH" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" - AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) - if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then - xauth_path="/usr/openwin/bin/xauth" - fi - ] -) - -STRIP_OPT=-s -AC_ARG_ENABLE([strip], - [ --disable-strip Disable calling strip(1) on install], - [ - if test "x$enableval" = "xno" ; then - STRIP_OPT= - fi - ] -) -AC_SUBST([STRIP_OPT]) - -if test -z "$xauth_path" ; then - XAUTH_PATH="undefined" - AC_SUBST([XAUTH_PATH]) -else - AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], - [Define if xauth is found in your path]) - XAUTH_PATH=$xauth_path - AC_SUBST([XAUTH_PATH]) -fi - -dnl # --with-maildir=/path/to/mail gets top priority. -dnl # if maildir is set in the platform case statement above we use that. -dnl # Otherwise we run a program to get the dir from system headers. -dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL -dnl # If we find _PATH_MAILDIR we do nothing because that is what -dnl # session.c expects anyway. Otherwise we set to the value found -dnl # stripping any trailing slash. If for some strage reason our program -dnl # does not find what it needs, we default to /var/spool/mail. -# Check for mail directory -AC_ARG_WITH([maildir], - [ --with-maildir=/path/to/mail Specify your system mail directory], - [ - if test "X$withval" != X && test "x$withval" != xno && \ - test "x${withval}" != xyes; then - AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], - [Set this to your mail directory if you do not have _PATH_MAILDIR]) - fi - ],[ - if test "X$maildir" != "X"; then - AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) - else - AC_MSG_CHECKING([Discovering system mail directory]) - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -#include <stdio.h> -#include <string.h> -#ifdef HAVE_PATHS_H -#include <paths.h> -#endif -#ifdef HAVE_MAILLOCK_H -#include <maillock.h> -#endif -#define DATA "conftest.maildir" - ]], [[ - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - -#if defined (_PATH_MAILDIR) - if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) - exit(1); -#elif defined (MAILDIR) - if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) - exit(1); -#elif defined (_PATH_MAIL) - if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) - exit(1); -#else - exit (2); -#endif - - exit(0); - ]])], - [ - maildir_what=`awk -F: '{print $1}' conftest.maildir` - maildir=`awk -F: '{print $2}' conftest.maildir \ - | sed 's|/$||'` - AC_MSG_RESULT([Using: $maildir from $maildir_what]) - if test "x$maildir_what" != "x_PATH_MAILDIR"; then - AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) - fi - ], - [ - if test "X$ac_status" = "X2";then -# our test program didn't find it. Default to /var/spool/mail - AC_MSG_RESULT([Using: default value of /var/spool/mail]) - AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) - else - AC_MSG_RESULT([*** not found ***]) - fi - ], - [ - AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) - ] - ) - fi - ] -) # maildir - -if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then - AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) - disable_ptmx_check=yes -fi -if test -z "$no_dev_ptmx" ; then - if test "x$disable_ptmx_check" != "xyes" ; then - AC_CHECK_FILE(["/dev/ptmx"], - [ - AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], - [Define if you have /dev/ptmx]) - have_dev_ptmx=1 - ] - ) - fi -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then - AC_CHECK_FILE(["/dev/ptc"], - [ - AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], - [Define if you have /dev/ptc]) - have_dev_ptc=1 - ] - ) -else - AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) -fi - -# Options from here on. Some of these are preset by platform above -AC_ARG_WITH([mantype], - [ --with-mantype=man|cat|doc Set man page type], - [ - case "$withval" in - man|cat|doc) - MANTYPE=$withval - ;; - *) - AC_MSG_ERROR([invalid man type: $withval]) - ;; - esac - ] -) -if test -z "$MANTYPE"; then - TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" - AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) - if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=doc - elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=man - else - MANTYPE=cat - fi -fi -AC_SUBST([MANTYPE]) -if test "$MANTYPE" = "doc"; then - mansubdir=man; -else - mansubdir=$MANTYPE; -fi -AC_SUBST([mansubdir]) - -# Check whether to enable MD5 passwords -MD5_MSG="no" -AC_ARG_WITH([md5-passwords], - [ --with-md5-passwords Enable use of MD5 passwords], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE([HAVE_MD5_PASSWORDS], [1], - [Define if you want to allow MD5 passwords]) - MD5_MSG="yes" - fi - ] -) - -# Whether to disable shadow password support -AC_ARG_WITH([shadow], - [ --without-shadow Disable shadow password support], - [ - if test "x$withval" = "xno" ; then - AC_DEFINE([DISABLE_SHADOW]) - disable_shadow=yes - fi - ] -) - -if test -z "$disable_shadow" ; then - AC_MSG_CHECKING([if the systems has expire shadow information]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <shadow.h> -struct spwd sp; - ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], - [ sp_expire_available=yes ]) - - if test "x$sp_expire_available" = "xyes" ; then - AC_MSG_RESULT([yes]) - AC_DEFINE([HAS_SHADOW_EXPIRE], [1], - [Define if you want to use shadow password expire field]) - else - AC_MSG_RESULT([no]) - fi -fi - -# Use ip address instead of hostname in $DISPLAY -if test ! -z "$IPADDR_IN_DISPLAY" ; then - DISPLAY_HACK_MSG="yes" - AC_DEFINE([IPADDR_IN_DISPLAY], [1], - [Define if you need to use IP address - instead of hostname in $DISPLAY]) -else - DISPLAY_HACK_MSG="no" - AC_ARG_WITH([ipaddr-display], - [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE([IPADDR_IN_DISPLAY]) - DISPLAY_HACK_MSG="yes" - fi - ] - ) -fi - -# check for /etc/default/login and use it if present. -AC_ARG_ENABLE([etc-default-login], - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], - [ if test "x$enableval" = "xno"; then - AC_MSG_NOTICE([/etc/default/login handling disabled]) - etc_default_login=no - else - etc_default_login=yes - fi ], - [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; - then - AC_MSG_WARN([cross compiling: not checking /etc/default/login]) - etc_default_login=no - else - etc_default_login=yes - fi ] -) - -if test "x$etc_default_login" != "xno"; then - AC_CHECK_FILE(["/etc/default/login"], - [ external_path_file=/etc/default/login ]) - if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], - [Define if your system has /etc/default/login]) - fi -fi - -dnl BSD systems use /etc/login.conf so --with-default-path= has no effect -if test $ac_cv_func_login_getcapbool = "yes" && \ - test $ac_cv_header_login_cap_h = "yes" ; then - external_path_file=/etc/login.conf -fi - -# Whether to mess with the default path -SERVER_PATH_MSG="(default)" -AC_ARG_WITH([default-path], - [ --with-default-path= Specify default \$PATH environment for server], - [ - if test "x$external_path_file" = "x/etc/login.conf" ; then - AC_MSG_WARN([ ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead.]) - elif test "x$withval" != "xno" ; then - if test ! -z "$external_path_file" ; then - AC_MSG_WARN([ ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file .]) - fi - user_path="$withval" - SERVER_PATH_MSG="$withval" - fi - ], - [ if test "x$external_path_file" = "x/etc/login.conf" ; then - AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) - else - if test ! -z "$external_path_file" ; then - AC_MSG_WARN([ -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work.]) - fi - AC_RUN_IFELSE( - [AC_LANG_PROGRAM([[ -/* find out what STDPATH is */ -#include <stdio.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifndef _PATH_STDPATH -# ifdef _PATH_USERPATH /* Irix */ -# define _PATH_STDPATH _PATH_USERPATH -# else -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" -# endif -#endif -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#define DATA "conftest.stdpath" - ]], [[ - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) - exit(1); - - exit(0); - ]])], - [ user_path=`cat conftest.stdpath` ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] - ) -# make sure $bindir is in USER_PATH so scp will work - t_bindir=`eval echo ${bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; - esac - echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - user_path=$user_path:$t_bindir - AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) - fi - fi - fi ] -) -if test "x$external_path_file" != "x/etc/login.conf" ; then - AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) - AC_SUBST([user_path]) -fi - -# Set superuser path separately to user path -AC_ARG_WITH([superuser-path], - [ --with-superuser-path= Specify different path for super-user], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], - [Define if you want a different $PATH - for the superuser]) - superuser_path=$withval - fi - ] -) - - -AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) -IPV4_IN6_HACK_MSG="no" -AC_ARG_WITH(4in6, - [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], - [ - if test "x$withval" != "xno" ; then - AC_MSG_RESULT([yes]) - AC_DEFINE([IPV4_IN_IPV6], [1], - [Detect IPv4 in IPv6 mapped addresses - and treat as IPv4]) - IPV4_IN6_HACK_MSG="yes" - else - AC_MSG_RESULT([no]) - fi - ], [ - if test "x$inet6_default_4in6" = "xyes"; then - AC_MSG_RESULT([yes (default)]) - AC_DEFINE([IPV4_IN_IPV6]) - IPV4_IN6_HACK_MSG="yes" - else - AC_MSG_RESULT([no (default)]) - fi - ] -) - -# Whether to enable BSD auth support -BSD_AUTH_MSG=no -AC_ARG_WITH([bsd-auth], - [ --with-bsd-auth Enable BSD auth support], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE([BSD_AUTH], [1], - [Define if you have BSD auth support]) - BSD_AUTH_MSG=yes - fi - ] -) - -# Where to place sshd.pid -piddir=/var/run -# make sure the directory exists -if test ! -d $piddir ; then - piddir=`eval echo ${sysconfdir}` - case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; - esac -fi - -AC_ARG_WITH([pid-dir], - [ --with-pid-dir=PATH Specify location of ssh.pid file], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - piddir=$withval - if test ! -d $piddir ; then - AC_MSG_WARN([** no $piddir directory on this system **]) - fi - fi - ] -) - -AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], - [Specify location of ssh.pid]) -AC_SUBST([piddir]) - -dnl allow user to disable some login recording features -AC_ARG_ENABLE([lastlog], - [ --disable-lastlog disable use of lastlog even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_LASTLOG]) - fi - ] -) -AC_ARG_ENABLE([utmp], - [ --disable-utmp disable use of utmp even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_UTMP]) - fi - ] -) -AC_ARG_ENABLE([utmpx], - [ --disable-utmpx disable use of utmpx even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_UTMPX], [1], - [Define if you don't want to use utmpx]) - fi - ] -) -AC_ARG_ENABLE([wtmp], - [ --disable-wtmp disable use of wtmp even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_WTMP]) - fi - ] -) -AC_ARG_ENABLE([wtmpx], - [ --disable-wtmpx disable use of wtmpx even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_WTMPX], [1], - [Define if you don't want to use wtmpx]) - fi - ] -) -AC_ARG_ENABLE([libutil], - [ --disable-libutil disable use of libutil (login() etc.) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_LOGIN]) - fi - ] -) -AC_ARG_ENABLE([pututline], - [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_PUTUTLINE], [1], - [Define if you don't want to use pututline() - etc. to write [uw]tmp]) - fi - ] -) -AC_ARG_ENABLE([pututxline], - [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE([DISABLE_PUTUTXLINE], [1], - [Define if you don't want to use pututxline() - etc. to write [uw]tmpx]) - fi - ] -) -AC_ARG_WITH([lastlog], - [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], - [ - if test "x$withval" = "xno" ; then - AC_DEFINE([DISABLE_LASTLOG]) - elif test -n "$withval" && test "x${withval}" != "xyes"; then - conf_lastlog_location=$withval - fi - ] -) - -dnl lastlog, [uw]tmpx? detection -dnl NOTE: set the paths in the platform section to avoid the -dnl need for command-line parameters -dnl lastlog and [uw]tmp are subject to a file search if all else fails - -dnl lastlog detection -dnl NOTE: the code itself will detect if lastlog is a directory -AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifdef HAVE_LOGIN_H -# include <login.h> -#endif - ]], [[ char *lastlog = LASTLOG_FILE; ]])], - [ AC_MSG_RESULT([yes]) ], - [ - AC_MSG_RESULT([no]) - AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ]], [[ char *lastlog = _PATH_LASTLOG; ]])], - [ AC_MSG_RESULT([yes]) ], - [ - AC_MSG_RESULT([no]) - system_lastlog_path=no - ]) -]) - -if test -z "$conf_lastlog_location"; then - if test x"$system_lastlog_path" = x"no" ; then - for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do - if (test -d "$f" || test -f "$f") ; then - conf_lastlog_location=$f - fi - done - if test -z "$conf_lastlog_location"; then - AC_MSG_WARN([** Cannot find lastlog **]) - dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx - fi - fi -fi - -if test -n "$conf_lastlog_location"; then - AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], - [Define if you want to specify the path to your lastlog file]) -fi - -dnl utmp detection -AC_MSG_CHECKING([if your system defines UTMP_FILE]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ]], [[ char *utmp = UTMP_FILE; ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - system_utmp_path=no -]) -if test -z "$conf_utmp_location"; then - if test x"$system_utmp_path" = x"no" ; then - for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do - if test -f $f ; then - conf_utmp_location=$f - fi - done - if test -z "$conf_utmp_location"; then - AC_DEFINE([DISABLE_UTMP]) - fi - fi -fi -if test -n "$conf_utmp_location"; then - AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], - [Define if you want to specify the path to your utmp file]) -fi - -dnl wtmp detection -AC_MSG_CHECKING([if your system defines WTMP_FILE]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ]], [[ char *wtmp = WTMP_FILE; ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - system_wtmp_path=no -]) -if test -z "$conf_wtmp_location"; then - if test x"$system_wtmp_path" = x"no" ; then - for f in /usr/adm/wtmp /var/log/wtmp; do - if test -f $f ; then - conf_wtmp_location=$f - fi - done - if test -z "$conf_wtmp_location"; then - AC_DEFINE([DISABLE_WTMP]) - fi - fi -fi -if test -n "$conf_wtmp_location"; then - AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], - [Define if you want to specify the path to your wtmp file]) -fi - - -dnl wtmpx detection -AC_MSG_CHECKING([if your system defines WTMPX_FILE]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ]], [[ char *wtmpx = WTMPX_FILE; ]])], - [ AC_MSG_RESULT([yes]) ], - [ AC_MSG_RESULT([no]) - system_wtmpx_path=no -]) -if test -z "$conf_wtmpx_location"; then - if test x"$system_wtmpx_path" = x"no" ; then - AC_DEFINE([DISABLE_WTMPX]) - fi -else - AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], - [Define if you want to specify the path to your wtmpx file]) -fi - - -if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS $blibflags$blibpath" - AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) -fi - -dnl Adding -Werror to CFLAGS early prevents configure tests from running. -dnl Add now. -CFLAGS="$CFLAGS $werror_flags" - -# -# WIN32_FIXME -# - -dnl Add new defines for MinGW build -case "$host" in -*-*-mingw32*) - ;; -*) - AC_DEFINE(HAVE_TTY, 1, [Define to 1 if you have tty support]) - AC_DEFINE(HAVE_PRIV_CONCEPT, 1, [Define to 1 if you have priveleged-port concept]) - AC_DEFINE(USE_SANITISE_STDFD, 1, [Define if you want to sanitize fds]) - ;; -esac - -dnl Add any needed compatibility library. -AC_SUBST(LINKWIN32COMPAT) -AC_SUBST(LIBWIN32COMPAT) -AC_SUBST(LIBWIN32COMPATDEPEND) -AC_SUBST(WIN32COMPAT) -case "$host" in -*-*-mingw32*) - LINKWIN32COMPAT="-lwin32compat" - LIBWIN32COMPAT="libwin32compat.a" - LIBWIN32COMPATDEPEND="contrib/win32/win32compat/libwin32compat.a" - WIN32COMPAT="win32compat" - ;; -*) - ;; -esac - -# -# End of WIN32_FIXME. -# - -if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then - TEST_SSH_IPV6=no -else - TEST_SSH_IPV6=yes -fi -AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) -AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) - -AC_EXEEXT - -# -# WIN32_FIXME -# - -files="Makefile buildpkg.sh opensshd.init openssh.xml \ - openbsd-compat/Makefile openbsd-compat/regress/Makefile \ - survey.sh" - -case "$host" in -*-*-mingw32*) - files="$files contrib/win32/win32compat/Makefile" - ;; -*) - ;; -esac - -AC_CONFIG_FILES([ $files ]) - -# -# END FIXME -# - -AC_OUTPUT - -# Print summary of options - -# Someone please show me a better way :) -A=`eval echo ${prefix}` ; A=`eval echo ${A}` -B=`eval echo ${bindir}` ; B=`eval echo ${B}` -C=`eval echo ${sbindir}` ; C=`eval echo ${C}` -D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` -E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` -F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` -G=`eval echo ${piddir}` ; G=`eval echo ${G}` -H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` -I=`eval echo ${user_path}` ; I=`eval echo ${I}` -J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` - -echo "" -echo "OpenSSH has been configured with the following options:" -echo " User binaries: $B" -echo " System binaries: $C" -echo " Configuration files: $D" -echo " Askpass program: $E" -echo " Manual pages: $F" -echo " PID file: $G" -echo " Privilege separation chroot path: $H" -if test "x$external_path_file" = "x/etc/login.conf" ; then -echo " At runtime, sshd will use the path defined in $external_path_file" -echo " Make sure the path to scp is present, otherwise scp will not work" -else -echo " sshd default user PATH: $I" - if test ! -z "$external_path_file"; then -echo " (If PATH is set in $external_path_file it will be used instead. If" -echo " used, ensure the path to scp is present, otherwise scp will not work.)" - fi -fi -if test ! -z "$superuser_path" ; then -echo " sshd superuser user PATH: $J" -fi -echo " Manpage format: $MANTYPE" -echo " PAM support: $PAM_MSG" -echo " OSF SIA support: $SIA_MSG" -echo " KerberosV support: $KRB5_MSG" -echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" -echo " S/KEY support: $SKEY_MSG" -echo " TCP Wrappers support: $TCPW_MSG" -echo " MD5 password support: $MD5_MSG" -echo " libedit support: $LIBEDIT_MSG" -echo " Solaris process contract support: $SPC_MSG" -echo " Solaris project support: $SP_MSG" -echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" -echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" -echo " BSD Auth support: $BSD_AUTH_MSG" -echo " Random number source: $RAND_MSG" -echo " Privsep sandbox style: $SANDBOX_STYLE" - -echo "" - -echo " Host: ${host}" -echo " Compiler: ${CC}" -echo " Compiler flags: ${CFLAGS}" -echo "Preprocessor flags: ${CPPFLAGS}" -echo " Linker flags: ${LDFLAGS}" -echo " Libraries: ${LIBS}" -if test ! -z "${SSHDLIBS}"; then -echo " +for sshd: ${SSHDLIBS}" -fi -if test ! -z "${SSHLIBS}"; then -echo " +for ssh: ${SSHLIBS}" -fi - -echo "" - -if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"" - echo "" -fi - -if test "x$PAM_MSG" = "xyes" ; then - echo "PAM is enabled. You may need to install a PAM control file " - echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " - echo "subdirectory" - echo "" -fi - -if test ! -z "$NO_PEERCHECK" ; then - echo "WARNING: the operating system that you are using does not" - echo "appear to support getpeereid(), getpeerucred() or the" - echo "SO_PEERCRED getsockopt() option. These facilities are used to" - echo "enforce security checks to prevent unauthorised connections to" - echo "ssh-agent. Their absence increases the risk that a malicious" - echo "user can connect to your agent." - echo "" -fi - -if test "$AUDIT_MODULE" = "bsm" ; then - echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." - echo "See the Solaris section in README.platform for details." -fi diff --git a/xmalloc.c b/xmalloc.c index 98cbf87..b583236 100644 --- a/xmalloc.c +++ b/xmalloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.c,v 1.32 2015/04/24 01:36:01 deraadt Exp $ */ +/* $OpenBSD: xmalloc.c,v 1.33 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -26,6 +26,16 @@ #include "xmalloc.h" #include "log.h" +void +ssh_malloc_init(void) +{ +#if defined(__OpenBSD__) + extern char *malloc_options; + + malloc_options = "S"; +#endif /* __OpenBSD__ */ +} + void * xmalloc(size_t size) { diff --git a/xmalloc.h b/xmalloc.h index 2bec77b..e499289 100644 --- a/xmalloc.h +++ b/xmalloc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: xmalloc.h,v 1.15 2015/04/24 01:36:01 deraadt Exp $ */ +/* $OpenBSD: xmalloc.h,v 1.16 2016/02/15 09:47:49 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -16,6 +16,7 @@ * called by a name other than "ssh" or "Secure Shell". */ +void ssh_malloc_init(void); void *xmalloc(size_t); void *xcalloc(size_t, size_t); void *xreallocarray(void *, size_t, size_t);