diff -r -u -b -w ssh-1.2.22-orig/Makefile.in ssh-1.2.22-pl2/Makefile.in --- ssh-1.2.22-orig/Makefile.in Tue Jan 20 07:24:13 1998 +++ ssh-1.2.22-pl2/Makefile.in Thu Feb 5 16:17:29 1998 @@ -227,7 +227,7 @@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ DEFS = @DEFS@ $(COMMERCIAL) -LIBS = @LIBS@ +LIBS = @LIBS@ @HESIOD_LIBS@ LIBOBJS = @LIBOBJS@ CONFOBJS = @CONFOBJS@ @@ -246,6 +246,9 @@ KERBEROS_LIBS = @KERBEROS_LIBS@ KERBEROS_OBJS = @KERBEROS_OBJS@ +HESIOD_ROOT = @HESIOD_ROOT@ +HESIOD_INCS = @HESIOD_INCS@ + RSAREFDEP = @RSAREFDEP@ WRAPLIBS = @WRAPLIBS@ @@ -283,7 +286,7 @@ rsa.o randoms.o md5.o buffer.o emulate.o packet.o compress.o \ xmalloc.o ttymodes.o newchannels.o bufaux.o authfd.o authfile.o \ crc32.o rsaglue.o tss.o cipher.o des.o match.o arcfour.o mpaux.o \ - userfile.o signals.o blowfish.o + userfile.o signals.o blowfish.o radix.o SSHD_OBJS = sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o \ log-server.o login.o hostfile.o canohost.o servconf.o tildexpand.o \ serverloop.o $(COMMON_OBJS) $(KERBEROS_OBJS) @@ -371,7 +374,7 @@ $(CC) -o rfc-pg rfc-pg.o .c.o: - $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< + $(CC) -c -I. $(HESIOD_INCS) $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd diff -r -u -b -w ssh-1.2.22-orig/README.AFS-KERBEROS ssh-1.2.22-pl2/README.AFS-KERBEROS --- ssh-1.2.22-orig/README.AFS-KERBEROS Wed Feb 4 06:07:07 1998 +++ ssh-1.2.22-pl2/README.AFS-KERBEROS Wed Feb 18 14:01:03 1998 @@ -0,0 +1,47 @@ + +ssh-1.2.22-afs-kerberos.patch-2 +AFS, Kerberos v4 support for SSH + +Here are the extra flags to configure, and what they do: + +--with-krb4[=PATH] Compile in Kerberos v4 support: + Kerberos v4 authentication + Kerberos v4 password authentication + Kerberos v4 ~/.klogin authorization + +These are all enabled by the 'KerberosAuthentication' config option. +Kerberos v4 and Kerberos v5 support are mutually exclusive for now. +PATH default is /usr/kerberos. + +--with-hesiod[=PATH] Compile in support for Hesiod: + getpwnam(), getpwuid() replacements + +--with-afs Compile in AFS support (requires KTH krb4): + ticket/token passing + process authentication groups + local Xauthority files (for AFS home dirs) + /ticket TKT_ROOT directory (if it exists) + +Binaries built with AFS support will work just fine on non-AFS machines! +You will need to use the KTH krb4 libs (ftp://ftp.pdc.kth.se/pub/krb/src), +or just their libkafs, also available separately from CMU as libkrbafs +(http://andrew2.andrew.cmu.edu/dist/krbafs.html). + +Additional Kerberos client and server config options (and their defaults): + + KerberosAuthentication yes + KerberosOrLocalPassword no + KerberosTgtPassing yes + AFSTokenPassing yes + KerberosTicketCleanup yes + +See sshd(8) and ssh(1) for details. + +The latest version of this patch can be found at + + http://www-personal.umich.edu/~dugsong/ssh-afs-kerberos.html +or + ftp://ftp.monkey.org/pub/users/dugsong/ + + +dugsong@UMICH.EDU diff -r -u -b -w ssh-1.2.22-orig/acconfig.h ssh-1.2.22-pl2/acconfig.h --- ssh-1.2.22-orig/acconfig.h Tue Jan 20 07:23:46 1998 +++ ssh-1.2.22-pl2/acconfig.h Thu Feb 5 16:17:29 1998 @@ -349,16 +349,23 @@ /* Define this if your gettimeofday doesn't have TZ parameter */ #undef HAVE_NO_TZ_IN_GETTIMEOFDAY -/* Define this if you want to compile in Kerberos support. */ -#undef KERBEROS - /* Define this if you want to compile in Kerberos V5 support. - KERBEROS must be compiled in as well. This can be done at configure - time with the --with-kerberos5 argument*/ + This can be done at configure time with the --with-krb5 argument. */ #undef KRB5 -/* Define this if you want to pass the Kerberos TGT. */ -#undef KERBEROS_TGT_PASSING +/* Define this if you want to compile in Kerberos V4 support. + This can be done at configure time with the --with-krb4 argument. */ +#undef KRB4 + +/* Define this if you what to build ssh with Hesiod support. */ +#undef HESIOD + +/* Define this if you want to compile in AFS support. + This can be done at configure time with the --with-afs argument. */ +#undef AFS + +/* Define this if you have the AFS lifetime conversion routines. */ +#undef HAVE_KRB_LIFE_TO_TIME /* Define this if you dont have SIGINFO as signal but some other macro */ #undef HAVE_INCOMPATIBLE_SIGINFO diff -r -u -b -w ssh-1.2.22-orig/auth-kerberos.c ssh-1.2.22-pl2/auth-kerberos.c --- ssh-1.2.22-orig/auth-kerberos.c Wed Feb 4 06:07:07 1998 +++ ssh-1.2.22-pl2/auth-kerberos.c Thu Feb 5 16:20:55 1998 @@ -30,14 +30,13 @@ #include "xmalloc.h" #include "ssh.h" -#ifdef KERBEROS -#if defined (KRB5) +#ifdef KRB5 #include extern krb5_context ssh_context; extern krb5_auth_context auth_context; -int auth_kerberos(char *server_user, krb5_data *auth, krb5_principal *client) +int auth_krb5(char *server_user, krb5_data *auth, krb5_principal *client) { krb5_error_code problem; krb5_ticket *ticket; @@ -152,11 +151,116 @@ return 1; } #endif /* KRB5 */ -#endif /* KERBEROS */ -#ifdef KERBEROS_TGT_PASSING -#if defined (KRB5) -int auth_kerberos_tgt( char *server_user, krb5_data *krb5data) +#ifdef KRB4 +#include +#include + +int ssh_tf_init(uid_t uid) +{ + extern char *ticket; + char *tkt_root = TKT_ROOT; + struct stat st; + int fd; + + /* Set unique ticket string manually since we're still root. */ + ticket = xmalloc(MAXPATHLEN); +#ifdef AFS + if (lstat("/ticket", &st) != -1) + tkt_root = "/ticket/"; +#endif /* AFS */ + sprintf(ticket, "%s%d%d", tkt_root, uid, getpid()); + (void) krb_set_tkt_string(ticket); + + /* Make sure we own this ticket file, and we created it. */ + if (lstat(ticket, &st) < 0 && errno == ENOENT) { + /* good, no ticket file exists. create it. */ + if ((fd = open(ticket, O_RDWR|O_CREAT|O_EXCL, 0600)) != -1) { + close(fd); + return 1; + } + } + else { + /* file exists. make sure server_user owns it (e.g. just passed ticket), + and that it isn't a symlink, and that it is mode 600. */ + if (S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode) && + (st.st_mode & (S_IRUSR|S_IRUSR)) && st.st_uid == uid) + return 1; + } + /* Failure. */ + log_msg("WARNING: Couldn't open ticket file %s", ticket); + return 0; +} + +int auth_krb4(const char *server_user, KTEXT auth, char **client) +{ + AUTH_DAT adat = { 0 }; + KTEXT_ST reply; + char instance[INST_SZ]; + int r, s; + u_long cksum; + Key_schedule schedule; + struct sockaddr_in local, foreign; + + s = packet_get_connection_in(); + + r = sizeof(local); + memset(&local, 0, sizeof(local)); + if (getsockname(s, (struct sockaddr *) &local, &r) < 0) + debug("getsockname failed: %.100s", strerror(errno)); + r = sizeof(foreign); + memset(&foreign, 0, sizeof(foreign)); + if (getpeername(s, (struct sockaddr *)&foreign, &r) < 0) + debug("getpeername failed: %.100s", strerror(errno)); + + instance[0] = '*'; instance[1] = 0; + + /* Get the encrypted request, challenge, and session key. */ + if (r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, "")) { + packet_send_debug("Kerberos V4 krb_rd_req: %s", krb_err_txt[r]); + return 0; + } + des_key_sched((des_cblock *)adat.session, schedule); + + *client = xmalloc(MAX_K_NAME_SZ); + (void) sprintf(*client, "%s%s%s@%s", adat.pname, *adat.pinst ? "." : "", + adat.pinst, adat.prealm); + + /* Check ~/.klogin authorization now. */ + if (kuserok(&adat, (char *)server_user) != KSUCCESS) { + packet_send_debug("Kerberos V4 .klogin authorization failed!"); + log_msg("Kerberos V4 .klogin authorization failed for %s to account %s", + *client, server_user); + return 0; + } + /* Increment the checksum, and return it encrypted with the session key. */ + cksum = adat.checksum + 1; + cksum = htonl(cksum); + + /* If we can't successfully encrypt the checksum, we send back an empty + message, admitting our failure. */ + if ((r = krb_mk_priv((u_char *)&cksum, reply.dat, sizeof(cksum)+1, + schedule, &adat.session, &local, &foreign)) < 0) { + packet_send_debug("Kerberos V4 mk_priv: (%d) %s", r, krb_err_txt[r]); + reply.dat[0] = 0; + reply.length = 0; + } + else + reply.length = r; + + /* Clear session key. */ + memset(&adat.session, 0, sizeof(&adat.session)); + + packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); + packet_put_string((char *) reply.dat, reply.length); + packet_send(); + packet_write_wait(); + return 1; +} +#endif /* KRB4 */ + +#ifdef KRB5 +int auth_krb5_tgt( char *server_user, krb5_data *krb5data) { krb5_creds **creds; krb5_error_code retval; @@ -255,5 +359,94 @@ } #endif /* KRB5 */ -#endif /* KERBEROS_TGT_PASSING */ + +#ifdef AFS +#include + +int auth_kerberos_tgt(struct passwd *pw, const char *string) +{ + CREDENTIALS creds; + extern char *ticket; + int r; + + if (!radix_to_creds(string, &creds)) { + log_msg("Protocol error decoding Kerberos V4 tgt"); + packet_send_debug("Protocol error decoding Kerberos V4 tgt"); + goto auth_kerberos_tgt_failure; + } + if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ + strcpy(creds.service, "krbtgt"); + + if (strcmp(creds.service, "krbtgt")) { + log_msg("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", + creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm, + pw->pw_uid); + packet_send_debug("Kerberos V4 tgt (%s%s%s@%s) rejected for uid %d", + creds.pname, creds.pinst[0] ? "." : "", creds.pinst, + creds.realm, pw->pw_uid); + goto auth_kerberos_tgt_failure; + } + if (!ssh_tf_init(pw->pw_uid) || + (r = in_tkt(creds.pname, creds.pinst)) || + (r = save_credentials(creds.service,creds.instance,creds.realm, + creds.session,creds.lifetime,creds.kvno, + &creds.ticket_st,creds.issue_date))) { + xfree(ticket); + ticket = NULL; + packet_send_debug("Kerberos V4 tgt refused: couldn't save credentials"); + goto auth_kerberos_tgt_failure; + } + /* Successful authentication, passed all checks. */ + chown(ticket, pw->pw_uid, pw->pw_gid); + packet_send_debug("Kerberos V4 tgt accepted (%s.%s@%s, %s%s%s@%s)", + creds.service,creds.instance,creds.realm, + creds.pname,creds.pinst[0] ? "." : "", + creds.pinst,creds.realm); + + packet_start(SSH_SMSG_SUCCESS); + packet_send(); + packet_write_wait(); + return 1; + +auth_kerberos_tgt_failure: + memset(&creds, 0, sizeof(creds)); + packet_start(SSH_SMSG_FAILURE); + packet_send(); + packet_write_wait(); + return 0; +} + +int auth_afs_token(char *server_user, uid_t uid, const char *string) +{ + CREDENTIALS creds; + + if (!radix_to_creds(string, &creds)) { + log_msg("Protocol error decoding AFS token"); + packet_send_debug("Protocol error decoding AFS token"); + packet_start(SSH_SMSG_FAILURE); + packet_send(); + packet_write_wait(); + return 0; + } + if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ + strcpy(creds.service, "afs"); + + if (kafs_settoken(creds.realm, uid, &creds)) { + log_msg("AFS token (%s@%s) rejected for uid %d", creds.pname, + creds.realm, uid); + packet_send_debug("AFS token (%s@%s) rejected for uid %d", creds.pname, + creds.realm, uid); + packet_start(SSH_SMSG_FAILURE); + packet_send(); + packet_write_wait(); + return 0; + } + packet_send_debug("AFS token accepted (%s@%s, %s@%s)", creds.service, + creds.realm, creds.pname, creds.realm); + packet_start(SSH_SMSG_SUCCESS); + packet_send(); + packet_write_wait(); + return 1; +} +#endif /* AFS */ diff -r -u -b -w ssh-1.2.22-orig/auth-passwd.c ssh-1.2.22-pl2/auth-passwd.c --- ssh-1.2.22-orig/auth-passwd.c Tue Jan 20 07:23:48 1998 +++ ssh-1.2.22-pl2/auth-passwd.c Thu Feb 5 16:20:09 1998 @@ -258,29 +258,25 @@ static int securid_initialized = 0; #endif /* HAVE_SECURID */ -#ifdef KERBEROS -#if defined(KRB5) +#ifdef KRB5 #include extern krb5_context ssh_context; extern krb5_auth_context auth_context; -#else -#include #endif /* KRB5 */ -#endif /* KERBEROS */ -#ifdef AFS -#include -#include -#endif /* AFS */ +#ifdef KRB4 +#include +#include +#endif /* KRB4 */ -#if defined(KERBEROS) || defined(AFS_KERBEROS) +#if defined(KRB4) || defined(KRB5) extern char *ticket; -#endif /* KERBEROS || AFS_KERBEROS */ +#endif /* KRB4 || KRB5 */ /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ -#if defined(KERBEROS) && defined(KRB5) +#ifdef KRB5 /* * This routine with some modification is from the MIT V5B6 appl/bsd/login.c * @@ -436,18 +432,18 @@ 0 }; #endif krb5_preauthtype * preauth = preauth_list; -#endif /* KERBEROS */ +#endif /* KRB5 */ /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ -#ifdef KERBEROS +#ifdef KRB5 int auth_password(const char *server_user, const char *password, krb5_principal client) -#else /* KERBEROS */ +#else int auth_password(const char *server_user, const char *password) -#endif /* KERBEROS */ +#endif /* KRB5 */ { -#ifdef KERBEROS +#ifdef KRB5 krb5_error_code problem; int krb5_options = KDC_OPT_RENEWABLE | KDC_OPT_FORWARDABLE; krb5_deltat rlife = 0; @@ -457,7 +453,7 @@ krb5_ccache ccache; char ccname[80]; int results; -#endif /* KERBEROS */ +#endif /* KRB5 */ extern ServerOptions options; extern char *crypt(const char *key, const char *salt); struct passwd *pw; @@ -478,10 +474,9 @@ saved_pw_name = xstrdup(pw->pw_name); saved_pw_passwd = xstrdup(pw->pw_passwd); -#if defined(KERBEROS) +#if defined(KRB5) if (options.kerberos_authentication) { -#if defined(KRB5) sprintf(ccname, "FILE:/tmp/krb5cc_l%d", getpid()); if (problem = krb5_cc_resolve(ssh_context, ccname, &ccache)) @@ -598,9 +593,96 @@ return 0; } } + } #endif /* KRB5 */ +#ifdef KRB4 + if (options.kerberos_authentication) + { + AUTH_DAT adata; + KTEXT_ST tkt; + struct hostent *hp; + unsigned long faddr; + char localhost[MAXHOSTNAMELEN]; /* local host name */ + char phost[INST_SZ]; /* host instance */ + char realm[REALM_SZ]; /* local Kerberos realm */ + int r; + + /* Try Kerberos password authentication only for non-root + users and only if Kerberos is installed. */ + if (pw->pw_uid != 0 && krb_get_lrealm(realm, 0) == KSUCCESS) { + + /* Set up our ticket file. */ + if (!ssh_tf_init(pw->pw_uid)) { + log_msg("Couldn't initialize Kerberos ticket file for %s!", + server_user); + goto kerberos_auth_failure; + } + /* Try to get TGT using our password. */ + if ((r = krb_get_pw_in_tkt(server_user, "", realm, "krbtgt", realm, + DEFAULT_TKT_LIFE, password)) != INTK_OK) { + packet_send_debug("Kerberos V4 password authentication for %s " + "failed: %s", server_user, krb_err_txt[r]); + goto kerberos_auth_failure; + } + /* Successful authentication. */ + chown(ticket, pw->pw_uid, pw->pw_gid); + + (void) gethostname(localhost, sizeof(localhost)); + (void) strncpy(phost, (char *)krb_get_phost(localhost), INST_SZ); + phost[INST_SZ-1] = NULL; + + /* Now that we have a TGT, try to get a local "rcmd" ticket to + ensure that we are not talking to a bogus Kerberos server. */ + r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); + + if (r == KSUCCESS) { + if (!(hp = gethostbyname(localhost))) { + log_msg("Couldn't get local host address!"); + goto kerberos_auth_failure; + } + memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); + + /* Verify our "rcmd" ticket. */ + r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, ""); + if (r == RD_AP_UNDEC) { + /* Probably didn't have a srvtab on localhost. Allow login. */ + log_msg("Kerberos V4 TGT for %s unverifiable, no srvtab? " + "krb_rd_req: %s", server_user, krb_err_txt[r]); + } + else if (r != KSUCCESS) { + log_msg("Kerberos V4 %s ticket unverifiable: %s", + KRB4_SERVICE_NAME, krb_err_txt[r]); + goto kerberos_auth_failure; + } + } + else if (r == KDC_PR_UNKNOWN) { + /* Allow login if no rcmd service exists, but log the error. */ + log_msg("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " + "not registered, or srvtab is wrong?", server_user, + krb_err_txt[r], KRB4_SERVICE_NAME, phost); + } + else { + /* TGT is bad, forget it. Possibly spoofed. */ + packet_send_debug("WARNING: Kerberos V4 TGT possibly spoofed for" + "%s: %s", server_user, krb_err_txt[r]); + goto kerberos_auth_failure; + } + + /* Authentication succeeded. */ + return 1; + + kerberos_auth_failure: + (void) dest_tkt(); + xfree(ticket); + ticket = NULL; + if (!options.kerberos_or_local_passwd ) return 0; + } + else /* Logging in as root or no local Kerberos realm. */ + packet_send_debug("Unable to authenticate to Kerberos."); + + /* Fall back to ordinary passwd authentication. */ } -#endif /* KERBEROS */ +#endif /* KRB4 */ #ifdef HAVE_SECURID /* Support for Security Dynamics SecurId card. diff -r -u -b -w ssh-1.2.22-orig/cipher.c ssh-1.2.22-pl2/cipher.c --- ssh-1.2.22-orig/cipher.c Tue Jan 20 07:23:57 1998 +++ ssh-1.2.22-pl2/cipher.c Thu Feb 5 16:17:32 1998 @@ -206,7 +206,7 @@ used. */ if (keylen < 8) error("Key length %d is insufficient for DES.", keylen); - des_set_key(padded, &context->u.des.key); + ssh_des_set_key(padded, &context->u.des.key); memset(context->u.des.iv, 0, sizeof(context->u.des.iv)); break; #endif /* WITH_DES */ @@ -217,12 +217,12 @@ used (first and last keys are the same). */ if (keylen < 16) error("Key length %d is insufficient for 3DES.", keylen); - des_set_key(padded, &context->u.des3.key1); - des_set_key(padded + 8, &context->u.des3.key2); + ssh_des_set_key(padded, &context->u.des3.key1); + ssh_des_set_key(padded + 8, &context->u.des3.key2); if (keylen <= 16) - des_set_key(padded, &context->u.des3.key3); + ssh_des_set_key(padded, &context->u.des3.key3); else - des_set_key(padded + 16, &context->u.des3.key3); + ssh_des_set_key(padded + 16, &context->u.des3.key3); memset(context->u.des3.iv1, 0, sizeof(context->u.des3.iv1)); memset(context->u.des3.iv2, 0, sizeof(context->u.des3.iv2)); memset(context->u.des3.iv3, 0, sizeof(context->u.des3.iv3)); @@ -275,12 +275,12 @@ #ifdef WITH_DES case SSH_CIPHER_DES: - des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); + ssh_des_cbc_encrypt(&context->u.des.key, context->u.des.iv, dest, src, len); break; #endif /* WITH_DES */ case SSH_CIPHER_3DES: - des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, + ssh_des_3cbc_encrypt(&context->u.des3.key1, context->u.des3.iv1, &context->u.des3.key2, context->u.des3.iv2, &context->u.des3.key3, context->u.des3.iv3, dest, src, len); @@ -330,12 +330,12 @@ #ifdef WITH_DES case SSH_CIPHER_DES: - des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); + ssh_des_cbc_decrypt(&context->u.des.key, context->u.des.iv, dest, src, len); break; #endif /* WITH_DES */ case SSH_CIPHER_3DES: - des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, + ssh_des_3cbc_decrypt(&context->u.des3.key1, context->u.des3.iv1, &context->u.des3.key2, context->u.des3.iv2, &context->u.des3.key3, context->u.des3.iv3, dest, src, len); diff -r -u -b -w ssh-1.2.22-orig/cipher.h ssh-1.2.22-pl2/cipher.h --- ssh-1.2.22-orig/cipher.h Tue Jan 20 07:23:57 1998 +++ ssh-1.2.22-pl2/cipher.h Thu Feb 5 16:17:34 1998 @@ -51,7 +51,7 @@ #ifndef WITHOUT_IDEA #include "idea.h" #endif /* WITHOUT_IDEA */ -#include "des.h" +#include "ssh-des.h" #ifdef WITH_TSS #include "tss.h" #endif /* WITH_TSS */ diff -r -u -b -w ssh-1.2.22-orig/config.h.in ssh-1.2.22-pl2/config.h.in --- ssh-1.2.22-orig/config.h.in Tue Jan 20 07:24:14 1998 +++ ssh-1.2.22-pl2/config.h.in Thu Feb 5 16:17:29 1998 @@ -10,10 +10,7 @@ */ /* - * $Log: config.h.in,v $ - * Revision 1.25 1998/01/14 16:40:30 kivinen - * Added HAVE_GETESPWNAM. - * + * $Log: acconfig.h,v $ * Revision 1.16 1997/05/13 22:32:06 kivinen * Added SOCKS4 and SOCKS5. * @@ -343,12 +340,6 @@ /* Support for Secure RPC */ #undef SECURE_RPC -/* Support for Secure NFS */ -#undef SECURE_NFS - -/* Support for NIS+ */ -#undef NIS_PLUS - /* Define this to disable all port forwardings in server (except X11) */ #undef SSHD_NO_PORT_FORWARDING @@ -395,16 +386,23 @@ /* Define this if your gettimeofday doesn't have TZ parameter */ #undef HAVE_NO_TZ_IN_GETTIMEOFDAY -/* Define this if you want to compile in Kerberos support. */ -#undef KERBEROS - /* Define this if you want to compile in Kerberos V5 support. - KERBEROS must be compiled in as well. This can be done at configure - time with the --with-kerberos5 argument*/ + This can be done at configure time with the --with-krb5 argument. */ #undef KRB5 -/* Define this if you want to pass the Kerberos TGT. */ -#undef KERBEROS_TGT_PASSING +/* Define this if you want to compile in Kerberos V4 support. + This can be done at configure time with the --with-krb4 argument. */ +#undef KRB4 + +/* Define this if you what to build ssh with Hesiod support. */ +#undef HESIOD + +/* Define this if you want to compile in AFS support. + This can be done at configure time with the --with-afs argument. */ +#undef AFS + +/* Define this if you have the AFS lifetime conversion routines. */ +#undef HAVE_KRB_LIFE_TO_TIME /* Define this if you dont have SIGINFO as signal but some other macro */ #undef HAVE_INCOMPATIBLE_SIGINFO @@ -570,6 +568,9 @@ /* Define if you have the header file. */ #undef HAVE_SYS_DIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FILIO_H /* Define if you have the header file. */ #undef HAVE_SYS_IOCTL_H diff -r -u -b -w ssh-1.2.22-orig/configure ssh-1.2.22-pl2/configure --- ssh-1.2.22-orig/configure Tue Jan 20 07:24:14 1998 +++ ssh-1.2.22-pl2/configure Wed Feb 18 08:07:45 1998 @@ -50,9 +50,13 @@ ac_help="$ac_help --with-tis[=DIR] Enable support for TIS authentication server." ac_help="$ac_help - --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support." + --with-krb4[=PATH] Compile in Kerberos v4 support." ac_help="$ac_help - --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket." + --with-krb5[=PATH] Compile in Kerberos v5 support." +ac_help="$ac_help + --with-afs Compile in AFS support (requires KTH krb4)." +ac_help="$ac_help + --with-hesiod[=PATH] Compile in Hesiod support." ac_help="$ac_help --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support." ac_help="$ac_help @@ -593,6 +597,11 @@ +# SSH DES and AFS/Kerberos DES conflict. Yes, this is bogus. +if test -f $srcdir/des.h; then + mv -f $srcdir/des.h $srcdir/ssh-des.h +fi + # So many systems seem to need this that it is better do it here automatically. LIBS="-L/usr/local/lib $LIBS" @@ -622,7 +631,7 @@ fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:626: checking host system type" >&5 +echo "configure:635: checking host system type" >&5 host_alias=$host case "$host_alias" in @@ -643,7 +652,7 @@ echo "$ac_t""$host" 1>&6 echo $ac_n "checking cached information""... $ac_c" 1>&6 -echo "configure:647: checking cached information" >&5 +echo "configure:656: checking cached information" >&5 hostcheck="$host" if eval "test \"`echo '$''{'ac_cv_hostcheck'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -662,7 +671,7 @@ # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:666: checking for $ac_word" >&5 +echo "configure:675: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -691,7 +700,7 @@ # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:695: checking for $ac_word" >&5 +echo "configure:704: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -739,7 +748,7 @@ fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:743: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:752: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -749,11 +758,11 @@ cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:766: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -773,12 +782,12 @@ { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:777: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:786: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:782: checking whether we are using GNU C" >&5 +echo "configure:791: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -787,7 +796,7 @@ yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:791: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:800: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -802,7 +811,7 @@ ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:806: checking whether ${CC-cc} accepts -g" >&5 +echo "configure:815: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -830,7 +839,7 @@ fi echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:834: checking for POSIXized ISC" >&5 +echo "configure:843: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then @@ -867,20 +876,12 @@ ;; *-*-solaris*) # solaris stuff. appro@fy.chalmers.se - cat >> confdefs.h <<\EOF -#define SECURE_RPC 1 -EOF - - cat >> confdefs.h <<\EOF -#define SECURE_NFS 1 -EOF - +# this stuff breaks AFS/Kerberos. YUCK. +# AC_DEFINE(SECURE_RPC) +# AC_DEFINE(SECURE_NFS) # NIS+ is forced so that we don't have to recompile # if we move to NIS+. appro@fy.chalmers.se - cat >> confdefs.h <<\EOF -#define NIS_PLUS 1 -EOF - +# AC_DEFINE(NIS_PLUS) ;; *-*-sunos*) os_sunos=yes @@ -924,7 +925,7 @@ *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4) os_aix=yes echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 -echo "configure:928: checking for getuserattr in -ls" >&5 +echo "configure:929: checking for getuserattr in -ls" >&5 ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -932,7 +933,7 @@ ac_save_LIBS="$LIBS" LIBS="-ls $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:948: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -975,7 +976,7 @@ no_utmpx=yes os_aix=yes echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 -echo "configure:979: checking for getuserattr in -ls" >&5 +echo "configure:980: checking for getuserattr in -ls" >&5 ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -983,7 +984,7 @@ ac_save_LIBS="$LIBS" LIBS="-ls $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:999: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1025,7 +1026,7 @@ *-ibm-aix*) os_aix=yes echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 -echo "configure:1029: checking for getuserattr in -ls" >&5 +echo "configure:1030: checking for getuserattr in -ls" >&5 ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1033,7 +1034,7 @@ ac_save_LIBS="$LIBS" LIBS="-ls $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1049: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1094,7 +1095,7 @@ # Ultrix shadow passwords implemented in auth-passwd.c. no_shadows_password_checking=yes echo $ac_n "checking for authenticate_user in -lauth""... $ac_c" 1>&6 -echo "configure:1098: checking for authenticate_user in -lauth" >&5 +echo "configure:1099: checking for authenticate_user in -lauth" >&5 ac_lib_var=`echo auth'_'authenticate_user | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1102,7 +1103,7 @@ ac_save_LIBS="$LIBS" LIBS="-lauth $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1118: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1141,14 +1142,14 @@ fi cat > conftest.$ac_ext < int main() { int foo = LOG_DAEMON; ; return 0; } EOF -if { (eval echo configure:1152: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1153: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then : else echo "configure: failed program was:" >&5 @@ -1182,7 +1183,7 @@ CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" fi echo $ac_n "checking for HPUX tcb auth option""... $ac_c" 1>&6 -echo "configure:1186: checking for HPUX tcb auth option" >&5 +echo "configure:1187: checking for HPUX tcb auth option" >&5 if test -f /tcb/files/auth/system/pw_id_map; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -1194,7 +1195,7 @@ echo "$ac_t""no" 1>&6 fi echo $ac_n "checking for keyserv""... $ac_c" 1>&6 -echo "configure:1198: checking for keyserv" >&5 +echo "configure:1199: checking for keyserv" >&5 if test -f /usr/sbin/keyserv; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -1217,7 +1218,7 @@ EOF echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 -echo "configure:1221: checking for set_auth_parameters in -lsecurity" >&5 +echo "configure:1222: checking for set_auth_parameters in -lsecurity" >&5 ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1225,7 +1226,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsecurity $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1241: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1266,12 +1267,12 @@ for ac_func in setluid getespwnam do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1270: checking for $ac_func" >&5 +echo "configure:1271: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1299: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1320,7 +1321,7 @@ no_utmpx=yes echo $ac_n "checking for OSF/1 C2 security package""... $ac_c" 1>&6 -echo "configure:1324: checking for OSF/1 C2 security package" >&5 +echo "configure:1325: checking for OSF/1 C2 security package" >&5 osfc2sec=`/usr/sbin/setld -i | grep '^OSFC2SEC' | grep 'installed'` if test -n "$osfc2sec"; then echo "$ac_t""yes" 1>&6 @@ -1332,7 +1333,7 @@ OLD_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -I." cat > conftest.$ac_ext < #include @@ -1341,7 +1342,7 @@ ; return 0; } EOF -if { (eval echo configure:1345: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1346: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then : else echo "configure: failed program was:" >&5 @@ -1372,12 +1373,12 @@ ;; *-*-linux*) echo $ac_n "checking for getspnam""... $ac_c" 1>&6 -echo "configure:1376: checking for getspnam" >&5 +echo "configure:1377: checking for getspnam" >&5 if eval "test \"`echo '$''{'ac_cv_func_getspnam'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1405: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_getspnam=yes" else @@ -1421,7 +1422,7 @@ if test $ac_cv_func_getspnam = no; then echo $ac_n "checking for getspnam in -lshadow""... $ac_c" 1>&6 -echo "configure:1425: checking for getspnam in -lshadow" >&5 +echo "configure:1426: checking for getspnam in -lshadow" >&5 ac_lib_var=`echo shadow'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1429,7 +1430,7 @@ ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1478,12 +1479,12 @@ for ac_func in pw_encrypt do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1482: checking for $ac_func" >&5 +echo "configure:1483: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1532,7 +1533,7 @@ if test $ac_cv_func_pw_encrypt = no; then echo $ac_n "checking for pw_encrypt in -lshadow""... $ac_c" 1>&6 -echo "configure:1536: checking for pw_encrypt in -lshadow" >&5 +echo "configure:1537: checking for pw_encrypt in -lshadow" >&5 ac_lib_var=`echo shadow'_'pw_encrypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1540,7 +1541,7 @@ ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1556: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1575,7 +1576,7 @@ fi echo $ac_n "checking whether to enable pw_encrypt""... $ac_c" 1>&6 -echo "configure:1579: checking whether to enable pw_encrypt" >&5 +echo "configure:1580: checking whether to enable pw_encrypt" >&5 # Check whether --enable-deprecated-linux-pw-encrypt or --disable-deprecated-linux-pw-encrypt was given. if test "${enable_deprecated_linux_pw_encrypt+set}" = set; then enableval="$enable_deprecated_linux_pw_encrypt" @@ -1644,7 +1645,7 @@ ;; *-*-sysv4*) echo $ac_n "checking for openlog in -lgen""... $ac_c" 1>&6 -echo "configure:1648: checking for openlog in -lgen" >&5 +echo "configure:1649: checking for openlog in -lgen" >&5 ac_lib_var=`echo gen'_'openlog | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1652,7 +1653,7 @@ ac_save_LIBS="$LIBS" LIBS="-lgen $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:1668: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1767,16 +1768,16 @@ echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 -echo "configure:1771: checking that the compiler works" >&5 +echo "configure:1772: checking that the compiler works" >&5 if test "$cross_compiling" = yes; then { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:1781: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo "$ac_t""yes" 1>&6 else @@ -1793,18 +1794,18 @@ if test -z "$no_pipe"; then if test -n "$GCC"; then echo $ac_n "checking if the compiler understands -pipe""... $ac_c" 1>&6 -echo "configure:1797: checking if the compiler understands -pipe" >&5 +echo "configure:1798: checking if the compiler understands -pipe" >&5 OLDCC="$CC" CC="$CC -pipe" cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1809: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* echo "$ac_t""yes" 1>&6 else @@ -1819,7 +1820,7 @@ fi echo $ac_n "checking whether to enable -Wall""... $ac_c" 1>&6 -echo "configure:1823: checking whether to enable -Wall" >&5 +echo "configure:1824: checking whether to enable -Wall" >&5 # Check whether --enable-warnings or --disable-warnings was given. if test "${enable_warnings+set}" = set; then enableval="$enable_warnings" @@ -1833,12 +1834,12 @@ echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:1837: checking return type of signal handlers" >&5 +echo "configure:1838: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1855,7 +1856,7 @@ int i; ; return 0; } EOF -if { (eval echo configure:1859: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1860: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -1874,7 +1875,7 @@ echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1878: checking how to run the C preprocessor" >&5 +echo "configure:1879: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -1889,13 +1890,13 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1899: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1900: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -1906,13 +1907,13 @@ rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1916: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1917: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : @@ -1935,12 +1936,12 @@ echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:1939: checking for ANSI C header files" >&5 +echo "configure:1940: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -1948,7 +1949,7 @@ #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1952: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1953: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -1965,7 +1966,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -1983,7 +1984,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -2004,7 +2005,7 @@ : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -2015,7 +2016,7 @@ exit (0); } EOF -if { (eval echo configure:2019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2020: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then : else @@ -2039,12 +2040,12 @@ fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:2043: checking for size_t" >&5 +echo "configure:2044: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -2072,12 +2073,12 @@ fi echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:2076: checking for uid_t in sys/types.h" >&5 +echo "configure:2077: checking for uid_t in sys/types.h" >&5 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF @@ -2106,12 +2107,12 @@ fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:2110: checking for off_t" >&5 +echo "configure:2111: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -2139,12 +2140,12 @@ fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:2143: checking for mode_t" >&5 +echo "configure:2144: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -2172,12 +2173,12 @@ fi echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 -echo "configure:2176: checking for st_blksize in struct stat" >&5 +echo "configure:2177: checking for st_blksize in struct stat" >&5 if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -2185,7 +2186,7 @@ struct stat s; s.st_blksize; ; return 0; } EOF -if { (eval echo configure:2189: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2190: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_struct_st_blksize=yes else @@ -2207,12 +2208,12 @@ echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:2211: checking for working const" >&5 +echo "configure:2212: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2266: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -2282,21 +2283,21 @@ fi echo $ac_n "checking for inline""... $ac_c" 1>&6 -echo "configure:2286: checking for inline" >&5 +echo "configure:2287: checking for inline" >&5 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2301: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_inline=$ac_kw; break else @@ -2322,14 +2323,14 @@ esac echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:2326: checking whether byte ordering is bigendian" >&5 +echo "configure:2327: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext < #include @@ -2340,11 +2341,11 @@ #endif ; return 0; } EOF -if { (eval echo configure:2344: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2345: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext < #include @@ -2355,7 +2356,7 @@ #endif ; return 0; } EOF -if { (eval echo configure:2359: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2360: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else @@ -2375,7 +2376,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2393: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else @@ -2412,7 +2413,7 @@ fi echo $ac_n "checking size of long""... $ac_c" 1>&6 -echo "configure:2416: checking size of long" >&5 +echo "configure:2417: checking size of long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2420,7 +2421,7 @@ ac_cv_sizeof_long=4 else cat > conftest.$ac_ext < main() @@ -2431,7 +2432,7 @@ exit(0); } EOF -if { (eval echo configure:2435: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2436: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long=`cat conftestval` else @@ -2451,7 +2452,7 @@ echo $ac_n "checking size of int""... $ac_c" 1>&6 -echo "configure:2455: checking size of int" >&5 +echo "configure:2456: checking size of int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2459,7 +2460,7 @@ ac_cv_sizeof_int=4 else cat > conftest.$ac_ext < main() @@ -2470,7 +2471,7 @@ exit(0); } EOF -if { (eval echo configure:2474: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2475: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int=`cat conftestval` else @@ -2490,7 +2491,7 @@ echo $ac_n "checking size of short""... $ac_c" 1>&6 -echo "configure:2494: checking size of short" >&5 +echo "configure:2495: checking size of short" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2498,7 +2499,7 @@ ac_cv_sizeof_short=2 else cat > conftest.$ac_ext < main() @@ -2509,7 +2510,7 @@ exit(0); } EOF -if { (eval echo configure:2513: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2514: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_short=`cat conftestval` else @@ -2534,17 +2535,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2538: checking for $ac_hdr" >&5 +echo "configure:2539: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2548: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2549: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2577,17 +2578,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2581: checking for $ac_hdr" >&5 +echo "configure:2582: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2591: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2592: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2616,12 +2617,12 @@ fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:2620: checking for ANSI C header files" >&5 +echo "configure:2621: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -2629,7 +2630,7 @@ #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2633: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2634: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2646,7 +2647,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -2664,7 +2665,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -2685,7 +2686,7 @@ : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -2696,7 +2697,7 @@ exit (0); } EOF -if { (eval echo configure:2700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2701: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then : else @@ -2720,12 +2721,12 @@ fi echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 -echo "configure:2724: checking for sys/wait.h that is POSIX.1 compatible" >&5 +echo "configure:2725: checking for sys/wait.h that is POSIX.1 compatible" >&5 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -2741,7 +2742,7 @@ s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } EOF -if { (eval echo configure:2745: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2746: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_sys_wait_h=yes else @@ -2765,17 +2766,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2769: checking for $ac_hdr" >&5 +echo "configure:2770: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2779: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2780: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2801,21 +2802,21 @@ fi done -for ac_hdr in sgtty.h sys/select.h sys/ioctl.h machine/endian.h +for ac_hdr in sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2809: checking for $ac_hdr" >&5 +echo "configure:2810: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2819: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2820: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2845,17 +2846,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2849: checking for $ac_hdr" >&5 +echo "configure:2850: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2859: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2860: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2885,17 +2886,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2889: checking for $ac_hdr" >&5 +echo "configure:2890: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2899: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2900: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2925,17 +2926,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2929: checking for $ac_hdr" >&5 +echo "configure:2930: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2939: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -2962,12 +2963,12 @@ done echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 -echo "configure:2966: checking whether time.h and sys/time.h may both be included" >&5 +echo "configure:2967: checking whether time.h and sys/time.h may both be included" >&5 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -2976,7 +2977,7 @@ struct tm *tp; ; return 0; } EOF -if { (eval echo configure:2980: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2981: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_time=yes else @@ -3001,12 +3002,12 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:3005: checking for $ac_hdr that defines DIR" >&5 +echo "configure:3006: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> @@ -3014,7 +3015,7 @@ DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:3018: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3019: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -3039,7 +3040,7 @@ # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:3043: checking for opendir in -ldir" >&5 +echo "configure:3044: checking for opendir in -ldir" >&5 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3047,7 +3048,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3080,7 +3081,7 @@ else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:3084: checking for opendir in -lx" >&5 +echo "configure:3085: checking for opendir in -lx" >&5 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3088,7 +3089,7 @@ ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3104: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3122,12 +3123,12 @@ fi echo $ac_n "checking whether stat file-mode macros are broken""... $ac_c" 1>&6 -echo "configure:3126: checking whether stat file-mode macros are broken" >&5 +echo "configure:3127: checking whether stat file-mode macros are broken" >&5 if eval "test \"`echo '$''{'ac_cv_header_stat_broken'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3178,9 +3179,9 @@ fi echo $ac_n "checking whether utmp have ut_pid field""... $ac_c" 1>&6 -echo "configure:3182: checking whether utmp have ut_pid field" >&5 +echo "configure:3183: checking whether utmp have ut_pid field" >&5 cat > conftest.$ac_ext < EOF @@ -3199,9 +3200,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_name field""... $ac_c" 1>&6 -echo "configure:3203: checking whether utmp have ut_name field" >&5 +echo "configure:3204: checking whether utmp have ut_name field" >&5 cat > conftest.$ac_ext < EOF @@ -3220,9 +3221,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_id field""... $ac_c" 1>&6 -echo "configure:3224: checking whether utmp have ut_id field" >&5 +echo "configure:3225: checking whether utmp have ut_id field" >&5 cat > conftest.$ac_ext < EOF @@ -3241,9 +3242,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_host field""... $ac_c" 1>&6 -echo "configure:3245: checking whether utmp have ut_host field" >&5 +echo "configure:3246: checking whether utmp have ut_host field" >&5 cat > conftest.$ac_ext < EOF @@ -3262,9 +3263,9 @@ rm -f conftest* echo $ac_n "checking whether utmp have ut_addr field""... $ac_c" 1>&6 -echo "configure:3266: checking whether utmp have ut_addr field" >&5 +echo "configure:3267: checking whether utmp have ut_addr field" >&5 cat > conftest.$ac_ext < EOF @@ -3283,9 +3284,9 @@ rm -f conftest* echo $ac_n "checking whether you have incompatible SIGINFO macro""... $ac_c" 1>&6 -echo "configure:3287: checking whether you have incompatible SIGINFO macro" >&5 +echo "configure:3288: checking whether you have incompatible SIGINFO macro" >&5 cat > conftest.$ac_ext < SIGINFO(p,1) @@ -3306,7 +3307,7 @@ echo $ac_n "checking for crypt in -lc""... $ac_c" 1>&6 -echo "configure:3310: checking for crypt in -lc" >&5 +echo "configure:3311: checking for crypt in -lc" >&5 ac_lib_var=`echo c'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3314,7 +3315,7 @@ ac_save_LIBS="$LIBS" LIBS="-lc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3330: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3344,7 +3345,7 @@ else echo "$ac_t""no" 1>&6 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:3348: checking for crypt in -lcrypt" >&5 +echo "configure:3349: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3352,7 +3353,7 @@ ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3368: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3393,7 +3394,7 @@ fi echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 -echo "configure:3397: checking for getspnam in -lsec" >&5 +echo "configure:3398: checking for getspnam in -lsec" >&5 ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3401,7 +3402,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsec $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3417: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3440,7 +3441,7 @@ fi echo $ac_n "checking for get_process_stats in -lseq""... $ac_c" 1>&6 -echo "configure:3444: checking for get_process_stats in -lseq" >&5 +echo "configure:3445: checking for get_process_stats in -lseq" >&5 ac_lib_var=`echo seq'_'get_process_stats | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3448,7 +3449,7 @@ ac_save_LIBS="$LIBS" LIBS="-lseq $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3464: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3487,7 +3488,7 @@ fi echo $ac_n "checking for bcopy in -lbsd""... $ac_c" 1>&6 -echo "configure:3491: checking for bcopy in -lbsd" >&5 +echo "configure:3492: checking for bcopy in -lbsd" >&5 ac_lib_var=`echo bsd'_'bcopy | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3495,7 +3496,7 @@ ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3535,7 +3536,7 @@ if test -z "$no_libnsl"; then echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:3539: checking for main in -lnsl" >&5 +echo "configure:3540: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3543,14 +3544,14 @@ ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3555: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3580,7 +3581,7 @@ fi if test -n "$test_libinet"; then echo $ac_n "checking for inet_network in -linet""... $ac_c" 1>&6 -echo "configure:3584: checking for inet_network in -linet" >&5 +echo "configure:3585: checking for inet_network in -linet" >&5 ac_lib_var=`echo inet'_'inet_network | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3588,7 +3589,7 @@ ac_save_LIBS="$LIBS" LIBS="-linet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3604: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3629,7 +3630,7 @@ fi if test -z "$no_libsocket"; then echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:3633: checking for socket in -lsocket" >&5 +echo "configure:3634: checking for socket in -lsocket" >&5 ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3637,7 +3638,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3653: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3678,7 +3679,7 @@ fi if test -z "$no_libsun"; then echo $ac_n "checking for getpwnam in -lsun""... $ac_c" 1>&6 -echo "configure:3682: checking for getpwnam in -lsun" >&5 +echo "configure:3683: checking for getpwnam in -lsun" >&5 ac_lib_var=`echo sun'_'getpwnam | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3686,7 +3687,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsun $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3702: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3727,7 +3728,7 @@ fi if test -z "$no_libbsd"; then echo $ac_n "checking for openpty in -lbsd""... $ac_c" 1>&6 -echo "configure:3731: checking for openpty in -lbsd" >&5 +echo "configure:3732: checking for openpty in -lbsd" >&5 ac_lib_var=`echo bsd'_'openpty | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3735,7 +3736,7 @@ ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3751: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3775,7 +3776,7 @@ fi echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 -echo "configure:3779: checking for login in -lutil" >&5 +echo "configure:3780: checking for login in -lutil" >&5 ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3783,7 +3784,7 @@ ac_save_LIBS="$LIBS" LIBS="-lutil $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3799: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3823,12 +3824,12 @@ for ac_func in vhangup do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3827: checking for $ac_func" >&5 +echo "configure:3828: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3856: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3881,12 +3882,12 @@ for ac_func in setsid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3885: checking for $ac_func" >&5 +echo "configure:3886: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3914: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3938,12 +3939,12 @@ for ac_func in gettimeofday times getrusage ftruncate revoke makeutx do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3942: checking for $ac_func" >&5 +echo "configure:3943: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3971: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3993,12 +3994,12 @@ for ac_func in strchr memcpy setlogin openpty _getpty clock fchmod ulimit do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3997: checking for $ac_func" >&5 +echo "configure:3998: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4026: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4048,12 +4049,12 @@ for ac_func in gethostname getdtablesize umask innetgr initgroups setpgrp do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4052: checking for $ac_func" >&5 +echo "configure:4053: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4081: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4103,12 +4104,12 @@ for ac_func in setpgid daemon waitpid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4107: checking for $ac_func" >&5 +echo "configure:4108: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4136: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4159,12 +4160,12 @@ for ac_func in strerror memmove remove random putenv crypt socketpair do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4163: checking for $ac_func" >&5 +echo "configure:4164: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4192: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4215,7 +4216,7 @@ echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 -echo "configure:4219: checking whether ln -s works" >&5 +echo "configure:4220: checking whether ln -s works" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4246,7 +4247,7 @@ # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:4250: checking for a BSD compatible install" >&5 +echo "configure:4251: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4298,7 +4299,7 @@ # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4302: checking for $ac_word" >&5 +echo "configure:4303: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4328,7 +4329,7 @@ # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4332: checking for $ac_word" >&5 +echo "configure:4333: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4362,7 +4363,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:4366: checking for $ac_word" >&5 +echo "configure:4367: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4397,7 +4398,7 @@ # Uses ac_ vars as temps to allow command line to override cache and checks. # --without-x overrides everything else, but does not touch the cache. echo $ac_n "checking for X""... $ac_c" 1>&6 -echo "configure:4401: checking for X" >&5 +echo "configure:4402: checking for X" >&5 # Check whether --with-x or --without-x was given. if test "${with_x+set}" = set; then @@ -4459,12 +4460,12 @@ # First, try using that file with no special directory specified. cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4468: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4469: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* @@ -4533,14 +4534,14 @@ ac_save_LIBS="$LIBS" LIBS="-l$x_direct_test_library $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* LIBS="$ac_save_LIBS" # We can link X programs with no special library path. @@ -4646,17 +4647,17 @@ case "`(uname -sr) 2>/dev/null`" in "SunOS 5"*) echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 -echo "configure:4650: checking whether -R must be followed by a space" >&5 +echo "configure:4651: checking whether -R must be followed by a space" >&5 ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4661: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_R_nospace=yes else @@ -4672,14 +4673,14 @@ else LIBS="$ac_xsave_LIBS -R $x_libraries" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4684: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* ac_R_space=yes else @@ -4711,7 +4712,7 @@ # libraries were built with DECnet support. And karl@cs.umb.edu says # the Alpha needs dnet_stub (dnet does not exist). echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 -echo "configure:4715: checking for dnet_ntoa in -ldnet" >&5 +echo "configure:4716: checking for dnet_ntoa in -ldnet" >&5 ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4719,7 +4720,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldnet $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4752,7 +4753,7 @@ if test $ac_cv_lib_dnet_dnet_ntoa = no; then echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 -echo "configure:4756: checking for dnet_ntoa in -ldnet_stub" >&5 +echo "configure:4757: checking for dnet_ntoa in -ldnet_stub" >&5 ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4760,7 +4761,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldnet_stub $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4800,12 +4801,12 @@ # The nsl library prevents programs from opening the X display # on Irix 5.2, according to dickey@clark.net. echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 -echo "configure:4804: checking for gethostbyname" >&5 +echo "configure:4805: checking for gethostbyname" >&5 if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4833: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_gethostbyname=yes" else @@ -4849,7 +4850,7 @@ if test $ac_cv_func_gethostbyname = no; then echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 -echo "configure:4853: checking for gethostbyname in -lnsl" >&5 +echo "configure:4854: checking for gethostbyname in -lnsl" >&5 ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4857,7 +4858,7 @@ ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4873: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4898,12 +4899,12 @@ # -lsocket must be given before -lnsl if both are needed. # We assume that if connect needs -lnsl, so does gethostbyname. echo $ac_n "checking for connect""... $ac_c" 1>&6 -echo "configure:4902: checking for connect" >&5 +echo "configure:4903: checking for connect" >&5 if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_connect=yes" else @@ -4947,7 +4948,7 @@ if test $ac_cv_func_connect = no; then echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 -echo "configure:4951: checking for connect in -lsocket" >&5 +echo "configure:4952: checking for connect in -lsocket" >&5 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -4955,7 +4956,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocket $X_EXTRA_LIBS $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4971: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -4990,12 +4991,12 @@ # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. echo $ac_n "checking for remove""... $ac_c" 1>&6 -echo "configure:4994: checking for remove" >&5 +echo "configure:4995: checking for remove" >&5 if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_remove=yes" else @@ -5039,7 +5040,7 @@ if test $ac_cv_func_remove = no; then echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 -echo "configure:5043: checking for remove in -lposix" >&5 +echo "configure:5044: checking for remove in -lposix" >&5 ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5047,7 +5048,7 @@ ac_save_LIBS="$LIBS" LIBS="-lposix $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5082,12 +5083,12 @@ # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. echo $ac_n "checking for shmat""... $ac_c" 1>&6 -echo "configure:5086: checking for shmat" >&5 +echo "configure:5087: checking for shmat" >&5 if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5115: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_shmat=yes" else @@ -5131,7 +5132,7 @@ if test $ac_cv_func_shmat = no; then echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 -echo "configure:5135: checking for shmat in -lipc" >&5 +echo "configure:5136: checking for shmat in -lipc" >&5 ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5139,7 +5140,7 @@ ac_save_LIBS="$LIBS" LIBS="-lipc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5155: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5183,7 +5184,7 @@ # libraries we check for below, so use a different variable. # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 -echo "configure:5187: checking for IceConnectionNumber in -lICE" >&5 +echo "configure:5188: checking for IceConnectionNumber in -lICE" >&5 ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5191,7 +5192,7 @@ ac_save_LIBS="$LIBS" LIBS="-lICE $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5207: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5230,7 +5231,7 @@ # Extract the first word of "xauth", so it can be a program name with args. set dummy xauth; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5234: checking for $ac_word" >&5 +echo "configure:5235: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5280,7 +5281,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5284: checking for $ac_word" >&5 +echo "configure:5285: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5321,12 +5322,12 @@ for ac_func in getpseudotty do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5325: checking for $ac_func" >&5 +echo "configure:5326: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5354: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5374,7 +5375,7 @@ done echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6 -echo "configure:5378: checking for pseudo ttys" >&5 +echo "configure:5379: checking for pseudo ttys" >&5 if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes then cat >> confdefs.h <<\EOF @@ -5414,7 +5415,7 @@ fi echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 -echo "configure:5418: checking for /etc/default/login" >&5 +echo "configure:5419: checking for /etc/default/login" >&5 if test -f /etc/default/login; then cat >> confdefs.h <<\EOF #define HAVE_ETC_DEFAULT_LOGIN 1 @@ -5427,7 +5428,7 @@ if test -z "$no_shadows_password_checking"; then echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6 -echo "configure:5431: checking for shadow passwords" >&5 +echo "configure:5432: checking for shadow passwords" >&5 if test -f /etc/shadow; then # If we don't have shadow.h, this might be some nonstandard # kludging... So better check it out. @@ -5441,7 +5442,7 @@ # have getspent in a system library. However, a libshadow.a library # contaning these is publicly available. echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6 -echo "configure:5445: checking for getspent in -lshadow" >&5 +echo "configure:5446: checking for getspent in -lshadow" >&5 ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5449,7 +5450,7 @@ ac_save_LIBS="$LIBS" LIBS="-lshadow $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:5465: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5488,9 +5489,9 @@ fi echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6 -echo "configure:5492: checking whether spwd have sp_expire field" >&5 +echo "configure:5493: checking whether spwd have sp_expire field" >&5 cat > conftest.$ac_ext < EOF @@ -5509,9 +5510,9 @@ rm -f conftest* echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6 -echo "configure:5513: checking whether spwd have sp_inact field" >&5 +echo "configure:5514: checking whether spwd have sp_inact field" >&5 cat > conftest.$ac_ext < EOF @@ -5550,7 +5551,7 @@ fi echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6 -echo "configure:5554: checking location of mail spool files" >&5 +echo "configure:5555: checking location of mail spool files" >&5 for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE do if test "$dir" = "FILE"; then @@ -5589,7 +5590,7 @@ done echo $ac_n "checking location of utmp""... $ac_c" 1>&6 -echo "configure:5593: checking location of utmp" >&5 +echo "configure:5594: checking location of utmp" >&5 if test -f /var/run/utmp; then cat >> confdefs.h <<\EOF #define SSH_UTMP "/var/run/utmp" @@ -5625,7 +5626,7 @@ fi echo $ac_n "checking location of wtmp""... $ac_c" 1>&6 -echo "configure:5629: checking location of wtmp" >&5 +echo "configure:5630: checking location of wtmp" >&5 if test -f /var/log/wtmp; then cat >> confdefs.h <<\EOF #define SSH_WTMP "/var/log/wtmp" @@ -5659,7 +5660,7 @@ fi echo $ac_n "checking location of lastlog""... $ac_c" 1>&6 -echo "configure:5663: checking location of lastlog" >&5 +echo "configure:5664: checking location of lastlog" >&5 if test -f /var/log/lastlog || test -d /var/log/lastlog; then cat >> confdefs.h <<\EOF #define SSH_LASTLOG "/var/log/lastlog" @@ -5714,7 +5715,7 @@ fi echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6 -echo "configure:5718: checking whether $LASTLOG is a directory" >&5 +echo "configure:5719: checking whether $LASTLOG is a directory" >&5 if test -d $LASTLOG then echo "$ac_t""yes" 1>&6 @@ -5727,7 +5728,7 @@ fi echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6 -echo "configure:5731: checking whether to include the IDEA encryption algorithm" >&5 +echo "configure:5732: checking whether to include the IDEA encryption algorithm" >&5 # Check whether --with-idea or --without-idea was given. if test "${with_idea+set}" = set; then withval="$with_idea" @@ -5761,7 +5762,7 @@ echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6 -echo "configure:5765: checking whether to include the Blowfish encryption algorithm" >&5 +echo "configure:5766: checking whether to include the Blowfish encryption algorithm" >&5 # Check whether --with-blowfish or --without-blowfish was given. if test "${with_blowfish+set}" = set; then withval="$with_blowfish" @@ -5788,7 +5789,7 @@ echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6 -echo "configure:5792: checking whether to include the DES encryption algorithm" >&5 +echo "configure:5793: checking whether to include the DES encryption algorithm" >&5 # Check whether --with-des or --without-des was given. if test "${with_des+set}" = set; then withval="$with_des" @@ -5811,7 +5812,7 @@ echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6 -echo "configure:5815: checking whether to include the ARCFOUR encryption algorithm" >&5 +echo "configure:5816: checking whether to include the ARCFOUR encryption algorithm" >&5 # Check whether --with-arcfour or --without-arcfour was given. if test "${with_arcfour+set}" = set; then withval="$with_arcfour" @@ -5834,7 +5835,7 @@ echo $ac_n "checking whether to include the TSS encryption algorithm""... $ac_c" 1>&6 -echo "configure:5838: checking whether to include the TSS encryption algorithm" >&5 +echo "configure:5839: checking whether to include the TSS encryption algorithm" >&5 # Check whether --with-tss or --without-tss was given. if test "${with_tss+set}" = set; then withval="$with_tss" @@ -5857,7 +5858,7 @@ echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6 -echo "configure:5861: checking whether to include the none encryption algorithm" >&5 +echo "configure:5862: checking whether to include the none encryption algorithm" >&5 # Check whether --with-none or --without-none was given. if test "${with_none+set}" = set; then withval="$with_none" @@ -5880,7 +5881,7 @@ echo $ac_n "checking whether to use login""... $ac_c" 1>&6 -echo "configure:5884: checking whether to use login" >&5 +echo "configure:5885: checking whether to use login" >&5 # Check whether --with-login or --without-login was given. if test "${with_login+set}" = set; then withval="$with_login" @@ -5895,7 +5896,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5899: checking for $ac_word" >&5 +echo "configure:5900: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5954,7 +5955,7 @@ echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6 -echo "configure:5958: checking whether to use rsh" >&5 +echo "configure:5959: checking whether to use rsh" >&5 # Check whether --with-rsh or --without-rsh was given. if test "${with_rsh+set}" = set; then withval="$with_rsh" @@ -5969,7 +5970,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:5973: checking for $ac_word" >&5 +echo "configure:5974: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6021,7 +6022,7 @@ # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:6025: checking for $ac_word" >&5 +echo "configure:6026: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6070,7 +6071,7 @@ # Code to permit setting default path for users (alden@math.ohio-state.edu) echo $ac_n "checking default path""... $ac_c" 1>&6 -echo "configure:6074: checking default path" >&5 +echo "configure:6075: checking default path" >&5 # Check whether --with-path or --without-path was given. if test "${with_path+set}" = set; then withval="$with_path" @@ -6093,7 +6094,7 @@ echo $ac_n "checking etcdir""... $ac_c" 1>&6 -echo "configure:6097: checking etcdir" >&5 +echo "configure:6098: checking etcdir" >&5 # Check whether --with-etcdir or --without-etcdir was given. if test "${with_etcdir+set}" = set; then withval="$with_etcdir" @@ -6118,7 +6119,7 @@ echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6 -echo "configure:6122: checking whether to support SecurID" >&5 +echo "configure:6123: checking whether to support SecurID" >&5 # Check whether --with-securid or --without-securid was given. if test "${with_securid+set}" = set; then withval="$with_securid" @@ -6161,7 +6162,7 @@ echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6 -echo "configure:6165: checking whether to support TIS authentication server" >&5 +echo "configure:6166: checking whether to support TIS authentication server" >&5 # Check whether --with-tis or --without-tis was given. if test "${with_tis+set}" = set; then withval="$with_tis" @@ -6189,40 +6190,138 @@ fi -echo $ac_n "checking whether to use Kerberos""... $ac_c" 1>&6 -echo "configure:6194: checking whether to use Kerberos" >&5 -# Check whether --with-kerberos5 or --without-kerberos5 was given. -if test "${with_kerberos5+set}" = set; then - withval="$with_kerberos5" +echo $ac_n "checking whether to use Kerberos v4""... $ac_c" 1>&6 +echo "configure:6195: checking whether to use Kerberos v4" >&5 +# Check whether --with-krb4 or --without-krb4 was given. +if test "${with_krb4+set}" = set; then + withval="$with_krb4" case "$withval" in yes) - with_kerberos5=/usr/local + with_krb4=/usr/kerberos ;; esac else - with_kerberos5=no + with_krb4=no fi -case "$with_kerberos5" in +case "$with_krb4" in no) echo "$ac_t""no" 1>&6 ;; *) echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF -#define KERBEROS 1 +#define KRB4 1 +EOF + + KERBEROS_ROOT="$with_krb4" + KERBEROS_INCS="-I\$(KERBEROS_ROOT)/include" + KERBEROS_LIBS="-L\$(KERBEROS_ROOT)/lib -lkrb -ldes" + KERBEROS_OBJS="auth-kerberos.o" + echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 +echo "configure:6224: checking for dn_expand in -lresolv" >&5 +ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lresolv $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + KERBEROS_LIBS="$KERBEROS_LIBS -lresolv" +else + echo "$ac_t""no" 1>&6 +fi + + echo $ac_n "checking whether AFS lifetime conversion routines are present""... $ac_c" 1>&6 +echo "configure:6264: checking whether AFS lifetime conversion routines are present" >&5 + keeplibs="$LIBS" + keepcflags="$CFLAGS" + LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" + CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" + cat > conftest.$ac_ext < +int main() { + krb_life_to_time(10, 10); +; return 0; } +EOF +if { (eval echo configure:6277: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_KRB_LIFE_TO_TIME 1 +EOF + +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + echo "$ac_t""no" 1>&6 +fi +rm -f conftest* + LIBS="$keeplibs" + CFLAGS="$keepcflags" + ;; +esac + +echo $ac_n "checking whether to use Kerberos v5""... $ac_c" 1>&6 +echo "configure:6297: checking whether to use Kerberos v5" >&5 +# Check whether --with-krb5 or --without-krb5 was given. +if test "${with_krb5+set}" = set; then + withval="$with_krb5" + case "$withval" in + yes) + with_krb5=/usr/local + ;; + esac +else + with_krb5=no + +fi + +case "$with_krb5" in +no) + echo "$ac_t""no" 1>&6 + ;; +*) + echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF #define KRB5 1 EOF - KERBEROS_ROOT="$with_kerberos5" + KERBEROS_ROOT="$with_krb5" KERBEROS_INCS="-I${KERBEROS_ROOT}/include" KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb5 -lcrypto -lcom_err" echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6 -echo "configure:6226: checking for dbm_open in -lndbm" >&5 +echo "configure:6325: checking for dbm_open in -lndbm" >&5 ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6230,7 +6329,7 @@ ac_save_LIBS="$LIBS" LIBS="-lndbm $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6344: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6265,40 +6364,66 @@ ;; esac +echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 +echo "configure:6369: checking whether to use AFS" >&5 +# Check whether --with-afs or --without-afs was given. +if test "${with_afs+set}" = set; then + withval="$with_afs" + if test "$with_afs" = no; then + echo "$ac_t""no" 1>&6 +else + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define AFS 1 +EOF + if test "$with_krb4" = no; then + echo "$ac_t""no" 1>&6 + echo "configure: warning: "AFS requires Kerberos v4 support."" 1>&2 + else + KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" + if test -n "$os_aix"; then + KERBEROS_LIBS="${KERBEROS_LIBS} -lld" + fi + fi +fi +fi -echo $ac_n "checking whether to enable passing the Kerberos TGT""... $ac_c" 1>&6 -echo "configure:6274: checking whether to enable passing the Kerberos TGT" >&5 -# Check whether --enable-kerberos-tgt-passing or --disable-kerberos-tgt-passing was given. -if test "${enable_kerberos_tgt_passing+set}" = set; then - enableval="$enable_kerberos_tgt_passing" - case "$enableval" in +echo $ac_n "checking whether to use Hesiod""... $ac_c" 1>&6 +echo "configure:6396: checking whether to use Hesiod" >&5 +# Check whether --with-hesiod or --without-hesiod was given. +if test "${with_hesiod+set}" = set; then + withval="$with_hesiod" + case "$withval" in + yes) + with_hesiod=/usr/local/athena + ;; + esac +else + with_hesiod=no + +fi + +case "$with_hesiod" in no) echo "$ac_t""no" 1>&6 ;; *) - if test "$with_kerberos5" = no ; then - echo "$ac_t""no" 1>&6 - echo "configure: warning: "Passing Kerberos TGT requires Kerberos5 support."" 1>&2 - else echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF -#define KERBEROS_TGT_PASSING 1 +#define HESIOD 1 EOF - fi + HESIOD_ROOT="$with_hesiod" + HESIOD_INCS="-I\$(HESIOD_ROOT)/include" + HESIOD_LIBS="-L\$(HESIOD_ROOT)/lib -lhesiod" ;; esac -else - echo "$ac_t""no" 1>&6 - -fi - echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6 -echo "configure:6302: checking whether to use libwrap" >&5 +echo "configure:6427: checking whether to use libwrap" >&5 # Check whether --with-libwrap or --without-libwrap was given. if test "${with_libwrap+set}" = set; then withval="$with_libwrap" @@ -6309,7 +6434,7 @@ yes) echo "$ac_t""yes" 1>&6 echo $ac_n "checking for request_init in -lwrap""... $ac_c" 1>&6 -echo "configure:6313: checking for request_init in -lwrap" >&5 +echo "configure:6438: checking for request_init in -lwrap" >&5 ac_lib_var=`echo wrap'_'request_init | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6317,7 +6442,7 @@ ac_save_LIBS="$LIBS" LIBS="-lwrap $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6372,14 +6497,14 @@ OLDLIBS="$LIBS" LIBS="$WRAPLIBS $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6508: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then : else echo "configure: failed program was:" >&5 @@ -6400,7 +6525,7 @@ echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6 -echo "configure:6404: checking whether to support SOCKS" >&5 +echo "configure:6529: checking whether to support SOCKS" >&5 # Check whether --with-socks or --without-socks was given. if test "${with_socks+set}" = set; then withval="$with_socks" @@ -6411,7 +6536,7 @@ yes) echo "$ac_t""yes" 1>&6 echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6 -echo "configure:6415: checking for SOCKSconnect in -lsocks5" >&5 +echo "configure:6540: checking for SOCKSconnect in -lsocks5" >&5 ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6419,7 +6544,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocks5 $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6559: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6452,7 +6577,7 @@ echo "$ac_t""no" 1>&6 echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6 -echo "configure:6456: checking for Rconnect in -lsocks" >&5 +echo "configure:6581: checking for Rconnect in -lsocks" >&5 ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6460,7 +6585,7 @@ ac_save_LIBS="$LIBS" LIBS="-lsocks $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6600: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6507,7 +6632,7 @@ if test "x$socks" = "x"; then echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6 -echo "configure:6511: checking whether to support SOCKS5" >&5 +echo "configure:6636: checking whether to support SOCKS5" >&5 # Check whether --with-socks5 or --without-socks5 was given. if test "${with_socks5+set}" = set; then withval="$with_socks5" @@ -6527,14 +6652,14 @@ fi LIBS="$withval $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6663: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then : else echo "configure: failed program was:" >&5 @@ -6554,7 +6679,7 @@ if test "x$socks" = "x"; then echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6 -echo "configure:6558: checking whether to support SOCKS4" >&5 +echo "configure:6683: checking whether to support SOCKS4" >&5 # Check whether --with-socks4 or --without-socks4 was given. if test "${with_socks4+set}" = set; then withval="$with_socks4" @@ -6574,14 +6699,14 @@ fi LIBS="$withval $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:6710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then : else echo "configure: failed program was:" >&5 @@ -6708,7 +6833,7 @@ fi echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6 -echo "configure:6712: checking whether to use rsaref" >&5 +echo "configure:6837: checking whether to use rsaref" >&5 # Check whether --with-rsaref or --without-rsaref was given. if test "${with_rsaref+set}" = set; then withval="$with_rsaref" @@ -6742,7 +6867,7 @@ # This allows group writeability in userfile_check_owner_permissions() echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6 -echo "configure:6746: checking whether to allow group writeability" >&5 +echo "configure:6871: checking whether to allow group writeability" >&5 # Check whether --enable-group-writeability or --disable-group-writeability was given. if test "${enable_group_writeability+set}" = set; then enableval="$enable_group_writeability" @@ -6758,7 +6883,7 @@ echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6 -echo "configure:6762: checking whether to disable forwardings in server" >&5 +echo "configure:6887: checking whether to disable forwardings in server" >&5 # Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given. if test "${enable_server_port_forwardings+set}" = set; then enableval="$enable_server_port_forwardings" @@ -6780,7 +6905,7 @@ echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6 -echo "configure:6784: checking whether to disable forwardings in client" >&5 +echo "configure:6909: checking whether to disable forwardings in client" >&5 # Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given. if test "${enable_client_port_forwardings+set}" = set; then enableval="$enable_client_port_forwardings" @@ -6802,7 +6927,7 @@ echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6 -echo "configure:6806: checking whether to disable X11 forwarding in server" >&5 +echo "configure:6931: checking whether to disable X11 forwarding in server" >&5 # Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given. if test "${enable_server_x11_forwarding+set}" = set; then enableval="$enable_server_x11_forwarding" @@ -6824,7 +6949,7 @@ echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6 -echo "configure:6828: checking whether to disable X11 forwarding in client" >&5 +echo "configure:6953: checking whether to disable X11 forwarding in client" >&5 # Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given. if test "${enable_client_x11_forwarding+set}" = set; then enableval="$enable_client_x11_forwarding" @@ -6846,7 +6971,7 @@ echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6 -echo "configure:6850: checking whether to install ssh as suid root" >&5 +echo "configure:6975: checking whether to install ssh as suid root" >&5 # Check whether --enable-suid-ssh or --disable-suid-ssh was given. if test "${enable_suid_ssh+set}" = set; then enableval="$enable_suid_ssh" @@ -6877,7 +7002,7 @@ PIDDIR="/var/run" echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6 -echo "configure:6881: checking where to put sshd.pid" >&5 +echo "configure:7006: checking where to put sshd.pid" >&5 if test '!' -d $PIDDIR; then PIDDIR="$ETCDIR" fi @@ -7070,6 +7195,9 @@ s%@KERBEROS_INCS@%$KERBEROS_INCS%g s%@KERBEROS_LIBS@%$KERBEROS_LIBS%g s%@KERBEROS_OBJS@%$KERBEROS_OBJS%g +s%@HESIOD_ROOT@%$HESIOD_ROOT%g +s%@HESIOD_INCS@%$HESIOD_INCS%g +s%@HESIOD_LIBS@%$HESIOD_LIBS%g s%@WRAPLIBS@%$WRAPLIBS%g s%@subdirs@%$subdirs%g s%@ETCDIR@%$ETCDIR%g diff -r -u -b -w ssh-1.2.22-orig/configure.in ssh-1.2.22-pl2/configure.in --- ssh-1.2.22-orig/configure.in Tue Jan 20 07:24:14 1998 +++ ssh-1.2.22-pl2/configure.in Wed Feb 18 08:07:21 1998 @@ -351,6 +351,11 @@ AC_CONFIG_HEADER(config.h) AC_PREREQ(2.10) +# SSH DES and AFS/Kerberos DES conflict. Yes, this is bogus. +if test -f $srcdir/des.h; then + mv -f $srcdir/des.h $srcdir/ssh-des.h +fi + # So many systems seem to need this that it is better do it here automatically. LIBS="-L/usr/local/lib $LIBS" @@ -379,11 +384,12 @@ ;; *-*-solaris*) # solaris stuff. appro@fy.chalmers.se - AC_DEFINE(SECURE_RPC) - AC_DEFINE(SECURE_NFS) +# this stuff breaks AFS/Kerberos. YUCK. +# AC_DEFINE(SECURE_RPC) +# AC_DEFINE(SECURE_NFS) # NIS+ is forced so that we don't have to recompile # if we move to NIS+. appro@fy.chalmers.se - AC_DEFINE(NIS_PLUS) +# AC_DEFINE(NIS_PLUS) ;; *-*-sunos*) os_sunos=yes @@ -691,7 +697,7 @@ AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) -AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) +AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h sys/filio.h machine/endian.h) AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_CHECK_HEADERS(sys/resource.h) @@ -1206,55 +1212,117 @@ AC_MSG_RESULT(no) ) -AC_MSG_CHECKING(whether to use Kerberos) -AC_ARG_WITH(kerberos5, -[ --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support.], +AC_MSG_CHECKING(whether to use Kerberos v4) +AC_ARG_WITH(krb4, +[ --with-krb4[=PATH] Compile in Kerberos v4 support.], [ case "$withval" in yes) - with_kerberos5=/usr/local + with_krb4=/usr/kerberos ;; esac ], -[ with_kerberos5=no ] +[ with_krb4=no ] ) -case "$with_kerberos5" in +case "$with_krb4" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) - AC_DEFINE(KERBEROS) - AC_DEFINE(KRB5) - KERBEROS_ROOT="$with_kerberos5" - KERBEROS_INCS="-I${KERBEROS_ROOT}/include" - KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb5 -lcrypto -lcom_err" - AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") + AC_DEFINE(KRB4) + KERBEROS_ROOT="$with_krb4" + KERBEROS_INCS="-I\$(KERBEROS_ROOT)/include" + KERBEROS_LIBS="-L\$(KERBEROS_ROOT)/lib -lkrb -ldes" KERBEROS_OBJS="auth-kerberos.o" + AC_CHECK_LIB(resolv, dn_expand, KERBEROS_LIBS="$KERBEROS_LIBS -lresolv") + dnl Check whether or not the AFS lifetime conversion routines exist. + AC_MSG_CHECKING(whether AFS lifetime conversion routines are present) + keeplibs="$LIBS" + keepcflags="$CFLAGS" + LIBS="-L${KERBEROS_ROOT}/lib -lkrb -ldes $LIBS" + CFLAGS="-I${KERBEROS_ROOT}/include $CFLAGS" + AC_TRY_LINK([#include ], [ krb_life_to_time(10, 10);], + [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_KRB_LIFE_TO_TIME)], + [AC_MSG_RESULT(no)]) + LIBS="$keeplibs" + CFLAGS="$keepcflags" ;; esac -AC_SUBST(KERBEROS_ROOT) -AC_SUBST(KERBEROS_INCS) -AC_SUBST(KERBEROS_LIBS) -AC_SUBST(KERBEROS_OBJS) -AC_MSG_CHECKING(whether to enable passing the Kerberos TGT) -AC_ARG_ENABLE(kerberos-tgt-passing, -[ --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket.], -[ case "$enableval" in +AC_MSG_CHECKING(whether to use Kerberos v5) +AC_ARG_WITH(krb5, +[ --with-krb5[=PATH] Compile in Kerberos v5 support.], +[ case "$withval" in + yes) + with_krb5=/usr/local + ;; + esac ], +[ with_krb5=no ] +) +case "$with_krb5" in no) AC_MSG_RESULT(no) ;; *) - if test "$with_kerberos5" = no ; then + AC_MSG_RESULT(yes) + AC_DEFINE(KRB5) + KERBEROS_ROOT="$with_krb5" + KERBEROS_INCS="-I${KERBEROS_ROOT}/include" + KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb5 -lcrypto -lcom_err" + AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") + KERBEROS_OBJS="auth-kerberos.o" + ;; +esac + +AC_MSG_CHECKING(whether to use AFS) +AC_ARG_WITH(afs, +[ --with-afs Compile in AFS support (requires KTH krb4).], +if test "$with_afs" = no; then AC_MSG_RESULT(no) - AC_MSG_WARN("Passing Kerberos TGT requires Kerberos5 support.") else AC_MSG_RESULT(yes) - AC_DEFINE(KERBEROS_TGT_PASSING) + AC_DEFINE(AFS) + if test "$with_krb4" = no; then + AC_MSG_RESULT(no) + AC_MSG_WARN("AFS requires Kerberos v4 support.") + else + KERBEROS_LIBS="${KERBEROS_LIBS} -lkafs" + if test -n "$os_aix"; then + KERBEROS_LIBS="${KERBEROS_LIBS} -lld" fi + fi +fi +) +AC_SUBST(KERBEROS_ROOT)dnl +AC_SUBST(KERBEROS_INCS)dnl +AC_SUBST(KERBEROS_LIBS)dnl +AC_SUBST(KERBEROS_OBJS)dnl + +AC_MSG_CHECKING(whether to use Hesiod) +AC_ARG_WITH(hesiod, +[ --with-hesiod[=PATH] Compile in Hesiod support.], +[ case "$withval" in + yes) + with_hesiod=/usr/local/athena ;; esac ], - AC_MSG_RESULT(no) +[ with_hesiod=no ] ) +case "$with_hesiod" in +no) + AC_MSG_RESULT(no) + ;; +*) + AC_MSG_RESULT(yes) + AC_DEFINE(HESIOD) + HESIOD_ROOT="$with_hesiod" + HESIOD_INCS="-I\$(HESIOD_ROOT)/include" + HESIOD_LIBS="-L\$(HESIOD_ROOT)/lib -lhesiod" + ;; +esac +AC_SUBST(HESIOD_ROOT)dnl +AC_SUBST(HESIOD_INCS)dnl +AC_SUBST(HESIOD_LIBS)dnl AC_MSG_CHECKING(whether to use libwrap) AC_ARG_WITH(libwrap, diff -r -u -b -w ssh-1.2.22-orig/des.c ssh-1.2.22-pl2/des.c --- ssh-1.2.22-orig/des.c Tue Jan 20 07:24:01 1998 +++ ssh-1.2.22-pl2/des.c Thu Feb 5 16:17:32 1998 @@ -38,7 +38,7 @@ #include "includes.h" #include "getput.h" -#include "des.h" +#include "ssh-des.h" /* Table for key generation. This used to be in sk.h. */ /* Copyright (C) 1993 Eric Young - see README for more details */ @@ -400,7 +400,7 @@ /* This part is based on code that used to be in ecb_enc.c. */ /* Copyright (C) 1993 Eric Young - see README for more details */ -void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, +void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, int encrypt) { register word32 t,u; @@ -452,7 +452,7 @@ #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ (a)=(a)^(t)^(t>>(16-(n)))) -void des_set_key(unsigned char *key, DESContext *ks) +void ssh_des_set_key(unsigned char *key, DESContext *ks) { register word32 c, d, t, s, shifts; register int i; @@ -507,7 +507,7 @@ } } -void des_cbc_encrypt(DESContext *ks, unsigned char *iv, +void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, const unsigned char *src, unsigned int len) { @@ -523,7 +523,7 @@ { iv0 ^= GET_32BIT_LSB_FIRST(src + i); iv1 ^= GET_32BIT_LSB_FIRST(src + i + 4); - des_encrypt(iv0, iv1, out, ks, 1); + ssh_des_encrypt(iv0, iv1, out, ks, 1); iv0 = out[0]; iv1 = out[1]; PUT_32BIT_LSB_FIRST(dest + i, iv0); @@ -533,7 +533,7 @@ PUT_32BIT_LSB_FIRST(iv + 4, iv1); } -void des_cbc_decrypt(DESContext *ks, unsigned char *iv, +void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, const unsigned char *src, unsigned int len) { @@ -549,7 +549,7 @@ { d0 = GET_32BIT_LSB_FIRST(src + i); d1 = GET_32BIT_LSB_FIRST(src + i + 4); - des_encrypt(d0, d1, out, ks, 0); + ssh_des_encrypt(d0, d1, out, ks, 0); iv0 ^= out[0]; iv1 ^= out[1]; PUT_32BIT_LSB_FIRST(dest + i, iv0); @@ -561,38 +561,38 @@ PUT_32BIT_LSB_FIRST(iv + 4, iv1); } -void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, +void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, DESContext *ks2, unsigned char *iv2, DESContext *ks3, unsigned char *iv3, unsigned char *dest, const unsigned char *src, unsigned int len) { - des_cbc_encrypt(ks1, iv1, dest, src, len); - des_cbc_decrypt(ks2, iv2, dest, dest, len); - des_cbc_encrypt(ks3, iv3, dest, dest, len); + ssh_des_cbc_encrypt(ks1, iv1, dest, src, len); + ssh_des_cbc_decrypt(ks2, iv2, dest, dest, len); + ssh_des_cbc_encrypt(ks3, iv3, dest, dest, len); } -void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, +void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, DESContext *ks2, unsigned char *iv2, DESContext *ks3, unsigned char *iv3, unsigned char *dest, const unsigned char *src, unsigned int len) { - des_cbc_decrypt(ks3, iv3, dest, src, len); - des_cbc_encrypt(ks2, iv2, dest, dest, len); - des_cbc_decrypt(ks1, iv1, dest, dest, len); + ssh_des_cbc_decrypt(ks3, iv3, dest, src, len); + ssh_des_cbc_encrypt(ks2, iv2, dest, dest, len); + ssh_des_cbc_decrypt(ks1, iv1, dest, dest, len); } -#ifdef DES_TEST +#ifdef SSH_DES_TEST -void des_encrypt_buf(DESContext *ks, unsigned char *out, +void ssh_des_encrypt_buf(DESContext *ks, unsigned char *out, const unsigned char *in, int encrypt) { word32 in0, in1, output[0]; in0 = GET_32BIT_LSB_FIRST(in); in1 = GET_32BIT_LSB_FIRST(in + 4); - des_encrypt(in0, in1, output, ks, encrypt); + ssh_des_encrypt(in0, in1, output, ks, encrypt); PUT_32BIT_LSB_FIRST(out, output[0]); PUT_32BIT_LSB_FIRST(out + 4, output[1]); } @@ -634,15 +634,15 @@ } result[i] = value; } - des_set_key(key, &ks); - des_encrypt_buf(&ks, output, data, 1); + ssh_des_set_key(key, &ks); + ssh_des_encrypt_buf(&ks, output, data, 1); if (memcmp(output, result, 8) != 0) fprintf(stderr, "Encrypt failed: %s", line); - des_encrypt_buf(&ks, output, result, 0); + ssh_des_encrypt_buf(&ks, output, result, 0); if (memcmp(output, data, 8) != 0) fprintf(stderr, "Decrypt failed: %s", line); } exit(0); } -#endif /* DES_TEST */ +#endif /* SSH_DES_TEST */ diff -r -u -b -w ssh-1.2.22-orig/des.h ssh-1.2.22-pl2/des.h --- ssh-1.2.22-orig/des.h Tue Jan 20 07:24:01 1998 +++ ssh-1.2.22-pl2/des.h Thu Feb 5 16:17:35 1998 @@ -25,8 +25,8 @@ * $Endlog$ */ -#ifndef DES_H -#define DES_H +#ifndef SSH_DES_H +#define SSH_DES_H typedef struct { @@ -35,40 +35,40 @@ /* Sets the des key for the context. Initializes the context. The least significant bit of each byte of the key is ignored as parity. */ -void des_set_key(unsigned char *key, DESContext *ks); +void ssh_des_set_key(unsigned char *key, DESContext *ks); /* Encrypts 32 bits in l,r, and stores the result in output[0] and output[1]. Performs encryption if encrypt is non-zero, and decryption if it is zero. - The key context must have been initialized previously with des_set_key. */ -void des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, + The key context must have been initialized previously with ssh_des_set_key. */ +void ssh_des_encrypt(word32 l, word32 r, word32 *output, DESContext *ks, int encrypt); /* Encrypts len bytes from src to dest in CBC modes. Len must be a multiple of 8. iv will be modified at end to a value suitable for continuing encryption. */ -void des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, +void ssh_des_cbc_encrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, const unsigned char *src, unsigned int len); /* Decrypts len bytes from src to dest in CBC modes. Len must be a multiple of 8. iv will be modified at end to a value suitable for continuing decryption. */ -void des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, +void ssh_des_cbc_decrypt(DESContext *ks, unsigned char *iv, unsigned char *dest, const unsigned char *src, unsigned int len); /* Encrypts in CBC mode using triple-DES. */ -void des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, +void ssh_des_3cbc_encrypt(DESContext *ks1, unsigned char *iv1, DESContext *ks2, unsigned char *iv2, DESContext *ks3, unsigned char *iv3, unsigned char *dest, const unsigned char *src, unsigned int len); /* Decrypts in CBC mode using triple-DES. */ -void des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, +void ssh_des_3cbc_decrypt(DESContext *ks1, unsigned char *iv1, DESContext *ks2, unsigned char *iv2, DESContext *ks3, unsigned char *iv3, unsigned char *dest, const unsigned char *src, unsigned int len); -#endif /* DES_H */ +#endif /* SSH_DES_H */ diff -r -u -b -w ssh-1.2.22-orig/log-server.c ssh-1.2.22-pl2/log-server.c --- ssh-1.2.22-orig/log-server.c Tue Jan 20 07:24:05 1998 +++ ssh-1.2.22-pl2/log-server.c Thu Feb 5 16:17:31 1998 @@ -257,9 +257,12 @@ { struct fatal_cleanup *cu, *next_cu; static int fatal_called = 0; -#ifdef KERBEROS +#if defined(KRB4) || defined(KRB5) extern char *ticket; -#endif +#ifdef AFS + extern char *xauthfile; +#endif /* AFS */ +#endif /* KRB4 || KRB5 */ if (!fatal_called) { @@ -273,7 +276,7 @@ (unsigned long)cu->proc, (unsigned long)cu->context); (*cu->proc)(cu->context); } -#ifdef KERBEROS +#if defined(KRB4) || defined(KRB5) /* If you forwarded a ticket you get one shot for proper authentication. */ /* If tgt was passed unlink file */ @@ -285,7 +288,11 @@ else ticket = NULL; } -#endif /* KERBEROS */ +#ifdef AFS + /* If local XAUTHORITY was created, remove it. */ + if (xauthfile) unlink(xauthfile); +#endif /* AFS */ +#endif /* KRB4 || KRB5 */ } } diff -r -u -b -w ssh-1.2.22-orig/radix.c ssh-1.2.22-pl2/radix.c --- ssh-1.2.22-orig/radix.c Wed Feb 4 06:07:07 1998 +++ ssh-1.2.22-pl2/radix.c Thu Feb 5 16:18:17 1998 @@ -0,0 +1,267 @@ +/* + radix.c + + base-64 encoding pinched from lynx2-7-2, who pinched it from rpem. + Originally written by Mark Riordan 12 August 1990 and 17 Feb 1991 + and placed in the public domain. + + dugsong@UMICH.EDU +*/ + +#include "includes.h" + +#ifdef AFS +#include +#include + +char six2pr[64] = { + 'A','B','C','D','E','F','G','H','I','J','K','L','M', + 'N','O','P','Q','R','S','T','U','V','W','X','Y','Z', + 'a','b','c','d','e','f','g','h','i','j','k','l','m', + 'n','o','p','q','r','s','t','u','v','w','x','y','z', + '0','1','2','3','4','5','6','7','8','9','+','/' +}; + +unsigned char pr2six[256]; + +int uuencode(unsigned char *bufin, unsigned int nbytes, char *bufcoded) +{ + /* ENC is the basic 1 character encoding function to make a char printing */ +#define ENC(c) six2pr[c] + + register char *outptr = bufcoded; + unsigned int i; + + for (i=0; i> 2); /* c1 */ + *(outptr++) = ENC(((*bufin << 4) & 060) | ((bufin[1] >> 4) & 017)); /*c2*/ + *(outptr++) = ENC(((bufin[1] << 2) & 074) | ((bufin[2] >> 6) & 03));/*c3*/ + *(outptr++) = ENC(bufin[2] & 077); /* c4 */ + bufin += 3; + } + if (i == nbytes+1) { + outptr[-1] = '='; + } else if (i == nbytes+2) { + outptr[-1] = '='; + outptr[-2] = '='; + } + *outptr = '\0'; + return(outptr - bufcoded); +} + +int uudecode(char *bufcoded, unsigned char *bufplain, int outbufsize) +{ + /* single character decode */ +#define DEC(c) pr2six[c] +#define MAXVAL 63 + + static int first = 1; + int nbytesdecoded, j; + register char *bufin = bufcoded; + register unsigned char *bufout = bufplain; + register int nprbytes; + + /* If this is the first call, initialize the mapping table. */ + if (first) { + first = 0; + for(j=0; j<256; j++) pr2six[j] = MAXVAL+1; + for(j=0; j<64; j++) pr2six[(unsigned char)six2pr[j]] = (unsigned char)j; + } + + /* Strip leading whitespace. */ + while (*bufcoded==' ' || *bufcoded == '\t') bufcoded++; + + /* Figure out how many characters are in the input buffer. + If this would decode into more bytes than would fit into + the output buffer, adjust the number of input bytes downwards. */ + bufin = bufcoded; + while (pr2six[(unsigned char)*(bufin++)] <= MAXVAL); + nprbytes = bufin - bufcoded - 1; + nbytesdecoded = ((nprbytes+3)/4) * 3; + if (nbytesdecoded > outbufsize) + nprbytes = (outbufsize*4)/3; + + bufin = bufcoded; + + while (nprbytes > 0) { + *(bufout++) = (unsigned char) (DEC(*bufin) << 2 | DEC(bufin[1]) >> 4); + *(bufout++) = (unsigned char) (DEC(bufin[1]) << 4 | DEC(bufin[2]) >> 2); + *(bufout++) = (unsigned char) (DEC(bufin[2]) << 6 | DEC(bufin[3])); + bufin += 4; + nprbytes -= 4; + } + if (nprbytes & 03) { + if (pr2six[bufin[-2]] > MAXVAL) + nbytesdecoded -= 2; + else + nbytesdecoded -= 1; + } + return(nbytesdecoded); +} + +typedef unsigned char my_u_char; +typedef unsigned int my_u_int32_t; +typedef unsigned short my_u_short; + +/* Nasty macros from BIND-4.9.2 */ + +#define GETSHORT(s, cp) { \ + register my_u_char *t_cp = (my_u_char*)(cp); \ + (s) = (((my_u_short)t_cp[0]) << 8) \ + | (((my_u_short)t_cp[1])) \ + ; \ + (cp) += 2; \ +} + +#define GETLONG(l, cp) { \ + register my_u_char *t_cp = (my_u_char*)(cp); \ + (l) = (((my_u_int32_t)t_cp[0]) << 24) \ + | (((my_u_int32_t)t_cp[1]) << 16) \ + | (((my_u_int32_t)t_cp[2]) << 8) \ + | (((my_u_int32_t)t_cp[3])) \ + ; \ + (cp) += 4; \ +} + +#define PUTSHORT(s, cp) { \ + register my_u_short t_s = (my_u_short)(s); \ + register my_u_char *t_cp = (my_u_char*)(cp); \ + *t_cp++ = t_s >> 8; \ + *t_cp = t_s; \ + (cp) += 2; \ +} + +#define PUTLONG(l, cp) { \ + register my_u_int32_t t_l = (my_u_int32_t)(l); \ + register my_u_char *t_cp = (my_u_char*)(cp); \ + *t_cp++ = t_l >> 24; \ + *t_cp++ = t_l >> 16; \ + *t_cp++ = t_l >> 8; \ + *t_cp = t_l; \ + (cp) += 4; \ +} + +#define GETSTRING(s, p, p_l) { \ + register char* p_targ = (p) + p_l; \ + register char* s_c = (s); \ + register char* p_c = (p); \ + while (*p_c && (p_c < p_targ)) { \ + *s_c++ = *p_c++; \ + } \ + if (p_c == p_targ) { \ + return 1; \ + } \ + *s_c = *p_c++; \ + (p_l) = (p_l) - (p_c - (p)); \ + (p) = p_c; \ +} + + +int creds_to_radix(CREDENTIALS *creds, unsigned char *buf) +{ + char *p, *s; + int len; + char temp[2048]; + + p = temp; + *p++ = 1; /* version */ + s = creds->service; while (*s) *p++ = *s++; *p++ = *s; + s = creds->instance; while (*s) *p++ = *s++; *p++ = *s; + s = creds->realm; while (*s) *p++ = *s++; *p++ = *s; + + s = creds->pname; while (*s) *p++ = *s++; *p++ = *s; + s = creds->pinst; while (*s) *p++ = *s++; *p++ = *s; + /* Null string to repeat the realm. */ + *p++ = '\0'; + + PUTLONG(creds->issue_date,p); + { + unsigned long endTime ; +#ifdef HAVE_KRB_LIFE_TO_TIME + endTime = (unsigned long)krb_life_to_time(creds->issue_date, + creds->lifetime); +#else /* !HAVE_KRB_LIFE_TO_TIME */ + endTime = creds->issue_date + ((unsigned char)(creds->lifetime))*5*60; +#endif /* !HAVE_KRB_LIFE_TO_TIME */ + PUTLONG(endTime,p); + } + + memcpy(p,&creds->session, sizeof(creds->session)); + p += sizeof(creds->session); + + PUTSHORT(creds->kvno,p); + PUTLONG(creds->ticket_st.length,p); + + memcpy(p,creds->ticket_st.dat, creds->ticket_st.length); + p += creds->ticket_st.length; + len = p - temp; + + return(uuencode(temp, len, buf)); +} + +int radix_to_creds(char *buf, CREDENTIALS *creds) +{ + + char *p, *s; + int len, tl, status; + char version; + char temp[2048]; + + if (!(len = uudecode(buf, temp, sizeof(temp)))) + return 0; + + p = temp; + + /* check version and length! */ + if (len < 1) return 0; + version = *p; p++; len--; + + GETSTRING(creds->service, p, len); + GETSTRING(creds->instance, p, len); + GETSTRING(creds->realm, p, len); + + GETSTRING(creds->pname, p, len); + GETSTRING(creds->pinst, p, len); + /* Ignore possibly different realm. */ + while (*p && len) p++, len--; + if (len == 0) return 0; + p++, len--; + + /* Enough space for remaining fixed-length parts? */ + if (len < (4 + 4 + sizeof(creds->session) + 2 + 4)) + return 0; + + GETLONG(creds->issue_date,p); + len -= 4; + { + unsigned long endTime; + GETLONG(endTime,p); + len -= 4; +#ifdef HAVE_KRB_LIFE_TO_TIME + creds->lifetime = krb_time_to_life(creds->issue_date, endTime); +#else + creds->lifetime = ((endTime - creds->issue_date) + 5*60 - 1) / (5*60); +#endif + } + + memcpy(&creds->session, p, sizeof(creds->session)); + p += sizeof(creds->session); + len -= sizeof(creds->session); + + GETSHORT(creds->kvno,p); + len -= 2; + GETLONG(creds->ticket_st.length,p); + len -= 4; + + tl = creds->ticket_st.length; + if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat)) + return 0; + + memcpy(creds->ticket_st.dat, p, tl); + p += tl; + len -= tl; + + return 1; +} + +#endif /* AFS */ diff -r -u -b -w ssh-1.2.22-orig/readconf.c ssh-1.2.22-pl2/readconf.c --- ssh-1.2.22-orig/readconf.c Tue Jan 20 07:24:07 1998 +++ ssh-1.2.22-pl2/readconf.c Thu Feb 5 16:17:33 1998 @@ -157,6 +157,9 @@ oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oUsePriviledgedPort, oKerberosAuthentication, +#ifdef AFS + oAFSTokenPassing, +#endif /* AFS */ oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, oXauthPath } OpCodes; @@ -199,6 +202,9 @@ { "usepriviledgedport", oUsePriviledgedPort }, { "kerberosauthentication", oKerberosAuthentication }, { "kerberostgtpassing", oKerberosTgtPassing }, +#ifdef AFS + { "afstokenpassing", oAFSTokenPassing }, +#endif /* AFS */ { "clearallforwardings", oClearAllForwardings }, { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "xauthlocation", oXauthPath }, @@ -337,6 +343,12 @@ intptr = &options->kerberos_tgt_passing; goto parse_flag; +#ifdef AFS + case oAFSTokenPassing: + intptr = &options->afs_token_passing; + goto parse_flag; +#endif /* AFS */ + case oFallBackToRsh: intptr = &options->fallback_to_rsh; goto parse_flag; @@ -649,6 +661,9 @@ options->rsa_authentication = -1; options->kerberos_authentication = -1; options->kerberos_tgt_passing = -1; +#ifdef AFS + options->afs_token_passing = -1; +#endif /* AFS */ options->tis_authentication = -1; options->password_authentication = -1; options->rhosts_rsa_authentication = -1; @@ -692,17 +707,19 @@ if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->kerberos_authentication == -1) -#if defined(KERBEROS) && defined(KRB5) +#if defined(KRB4) || defined(KRB5) options->kerberos_authentication = 1; -#else /* defined(KERBEROS) && defined(KRB5) */ +#else options->kerberos_authentication = 0; -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* defined(KRB4) || defined(KRB5) */ if (options->kerberos_tgt_passing == -1) -#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) +#if defined(AFS) options->kerberos_tgt_passing = 1; -#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ + if (options->afs_token_passing == -1) + options->afs_token_passing = 1; +#else options->kerberos_tgt_passing = 0; -#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#endif /* AFS */ if (options->tis_authentication == -1) options->tis_authentication = 0; if (options->password_authentication == -1) diff -r -u -b -w ssh-1.2.22-orig/readconf.h ssh-1.2.22-pl2/readconf.h --- ssh-1.2.22-orig/readconf.h Tue Jan 20 07:24:07 1998 +++ ssh-1.2.22-pl2/readconf.h Thu Feb 5 16:17:35 1998 @@ -75,6 +75,9 @@ int rsa_authentication; /* Try RSA authentication. */ int kerberos_authentication; /* Try Kerberos authentication. */ int kerberos_tgt_passing; /* Try Kerberos tgt passing. */ +#ifdef AFS + int afs_token_passing; /* Try AFS token passing. */ +#endif /* AFS */ int tis_authentication; /* Try TIS authsrv authentication. */ int password_authentication; /* Try password authentication. */ int fallback_to_rsh; /* Use rsh if cannot connect with ssh. */ diff -r -u -b -w ssh-1.2.22-orig/scp.c ssh-1.2.22-pl2/scp.c --- ssh-1.2.22-orig/scp.c Tue Jan 20 07:24:08 1998 +++ ssh-1.2.22-pl2/scp.c Thu Feb 5 16:17:33 1998 @@ -142,6 +142,11 @@ #define STDERR_FILENO 2 #endif +#ifdef AFS +/* This is set to non-zero to disable authentication forwarding. */ +int nofwd = 0; +#endif /* AFS */ + /* This is set to non-zero to enable verbose mode. */ int verbose = 0; @@ -228,6 +233,10 @@ args[i++] = "-C"; if (batchmode) args[i++] = "-oBatchMode yes"; +#ifdef AFS + if (nofwd) + args[i++] = "-k"; +#endif /* AFS */ if (cipher != NULL) { args[i++] = "-c"; @@ -344,7 +353,11 @@ } fflag = tflag = 0; +#ifdef AFS + while ((ch = getopt(argc, argv, "kdfprtvBCc:i:P:o:S:")) != EOF) +#else while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:o:S:")) != EOF) +#endif /* AFS */ switch(ch) { /* User-visible flags. */ case 'S': ssh_program = optarg; @@ -379,6 +392,11 @@ iamrecursive = 1; break; /* Server options. */ +#ifdef AFS + case 'k': + nofwd = 1; + break; +#endif /* AFS */ case 'd': targetshouldbedirectory = 1; break; diff -r -u -b -w ssh-1.2.22-orig/servconf.c ssh-1.2.22-pl2/servconf.c --- ssh-1.2.22-orig/servconf.c Tue Jan 20 07:24:08 1998 +++ ssh-1.2.22-pl2/servconf.c Thu Feb 5 16:17:31 1998 @@ -96,6 +96,12 @@ options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_tgt_passing = -1; +#if defined(KRB4) + options->kerberos_ticket_cleanup = -1; +#endif /* KRB4 */ +#ifdef AFS + options->afs_token_passing = -1; +#endif options->tis_authentication = -1; options->allow_tcp_forwarding = -1; options->password_authentication = -1; @@ -173,19 +179,27 @@ if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->kerberos_authentication == -1) -#if defined(KERBEROS) && defined(KRB5) +#if defined(KRB4) || defined(KRB5) options->kerberos_authentication = 1; -#else /* defined(KERBEROS) && defined(KRB5) */ +#else options->kerberos_authentication = 0; -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* defined(KRB4 || KRB5 */ if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 0; if (options->kerberos_tgt_passing == -1) -#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) +#if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = 1; -#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#else options->kerberos_tgt_passing = 0; -#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#endif /* AFS || KRB5 */ +#if defined(KRB4) + if (options->kerberos_ticket_cleanup == -1) + options->kerberos_ticket_cleanup = 1; +#endif /* KRB4 */ +#ifdef AFS + if (options->afs_token_passing == -1) + options->afs_token_passing = 1; +#endif /* AFS */ if (options->allow_tcp_forwarding == -1) options->allow_tcp_forwarding = 1; if (options->tis_authentication == -1) @@ -226,6 +240,12 @@ sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, sForcedPasswd, sUmask, sSilentDeny, sIdleTimeout, sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTgtPassing, +#ifdef KRB4 + sKerberosTicketCleanup, +#ifdef AFS + sAFSTokenPassing, +#endif /* AFS */ +#endif /* KRB4 */ sAllowTcpForwarding, sAllowUsers, sDenyUsers, sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, #ifdef F_SECURE_COMMERCIAL @@ -285,6 +305,12 @@ { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberostgtpassing", sKerberosTgtPassing }, +#ifdef KRB4 + { "kerberosticketcleanup", sKerberosTicketCleanup }, +#endif +#ifdef AFS + { "afstokenpassing", sAFSTokenPassing }, +#endif { "allowtcpforwarding", sAllowTcpForwarding }, { "xauthlocation", sXauthPath }, { "checkmail", sCheckMail }, @@ -537,6 +563,18 @@ case sKerberosTgtPassing: intptr = &options->kerberos_tgt_passing; goto parse_flag; + +#ifdef KRB4 + case sKerberosTicketCleanup: + intptr = &options->kerberos_ticket_cleanup; + goto parse_flag; +#endif /* KRB4 */ + +#ifdef AFS + case sAFSTokenPassing: + intptr = &options->afs_token_passing; + goto parse_flag; +#endif /* AFS */ case sAllowTcpForwarding: intptr = &options->allow_tcp_forwarding; diff -r -u -b -w ssh-1.2.22-orig/servconf.h ssh-1.2.22-pl2/servconf.h --- ssh-1.2.22-orig/servconf.h Tue Jan 20 07:24:08 1998 +++ ssh-1.2.22-pl2/servconf.h Thu Feb 5 16:17:35 1998 @@ -98,6 +98,12 @@ password authentication mechanism, such as SecurID or /etc/passwd */ int kerberos_tgt_passing; /* If true, permit Kerberos tgt passing. */ +#ifdef KRB4 + int kerberos_ticket_cleanup; /* If true, destroy ticket file on logout. */ +#endif /* KRB4 */ +#ifdef AFS + int afs_token_passing; /* If true, permit AFS token passing. */ +#endif /* AFS */ int allow_tcp_forwarding; int tis_authentication; /* If true, permit TIS authsrv auth. */ int password_authentication; /* If true, permit password authentication. */ diff -r -u -b -w ssh-1.2.22-orig/ssh.1.in ssh-1.2.22-pl2/ssh.1.in --- ssh-1.2.22-orig/ssh.1.in Tue Jan 20 07:24:13 1998 +++ ssh-1.2.22-pl2/ssh.1.in Thu Feb 5 16:17:30 1998 @@ -449,7 +449,7 @@ .ne 3 .TP .B \-k -Disables forwarding of the kerberos tickets. This may +Disables forwarding of Kerberos tickets / AFS tokens. This may also be specified on a per-host basis in the configuration file. .ne 3 .TP @@ -738,11 +738,15 @@ .TP .B KerberosAuthentication -Specifies whether Kerberos V5 authentication will be used. +Specifies whether Kerberos authentication will be used. .TP .B KerberosTgtPassing -Specifies whether a Kerberos V5 TGT will be forwarded to the server. +Specifies whether a Kerberos TGT will be forwarded to the server. + +.TP +.B AFSTokenPassing +Specifies whether an AFS token will be forwarded to the server. .TP .B LocalForward diff -r -u -b -w ssh-1.2.22-orig/ssh.c ssh-1.2.22-pl2/ssh.c --- ssh-1.2.22-orig/ssh.c Tue Jan 20 07:24:09 1998 +++ ssh-1.2.22-pl2/ssh.c Thu Feb 5 16:17:33 1998 @@ -253,9 +253,9 @@ fprintf(stderr, " -l user Log in using this user name.\n"); fprintf(stderr, " -n Redirect input from /dev/null.\n"); fprintf(stderr, " -a Disable authentication agent forwarding.\n"); -#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) - fprintf(stderr, " -k Disable Kerberos ticket passing.\n"); -#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#ifdef AFS + fprintf(stderr, " -k Disable Kerberos ticket and AFS token passing.\n"); +#endif /* AFS */ #ifndef SSH_NO_X11_FORWARDING fprintf(stderr, " -x Disable X11 connection forwarding.\n"); #endif @@ -502,6 +502,9 @@ case 'k': options.kerberos_tgt_passing = 0; +#ifdef AFS + options.afs_token_passing = 0; +#endif /* AFS */ break; case 'i': diff -r -u -b -w ssh-1.2.22-orig/ssh.h ssh-1.2.22-pl2/ssh.h --- ssh-1.2.22-orig/ssh.h Tue Jan 20 07:24:10 1998 +++ ssh-1.2.22-pl2/ssh.h Thu Feb 5 16:17:35 1998 @@ -153,6 +153,16 @@ #include "randoms.h" #include "cipher.h" +#ifdef HESIOD +#include + +#define getpwnam(a) hes_getpwnam(a) +#define getpwuid(a) hes_getpwuid(a) + +extern struct passwd *hes_getpwnam(const char *name); +extern struct passwd *hes_getpwuid(uid_t uid); +#endif /* HESIOD */ + /* The default cipher used if IDEA is not supported by the remote host. It is recommended that this be one of the mandatory ciphers (DES, 3DES), though that is not required. */ @@ -279,12 +289,13 @@ protocol.) */ #define SSH_SESSION_KEY_LENGTH 32 -#ifdef KERBEROS #ifdef KRB5 #include -#define KRB_SERVICE_NAME "host" +#define KRB5_SERVICE_NAME "host" #endif /* KRB5 */ -#endif /* KERBEROS */ +#ifdef KRB4 +#define KRB4_SERVICE_NAME "rcmd" +#endif /* KRB4 */ /* Authentication methods. New types can be added, but old types should not be removed for compatibility. The maximum allowed value is 31. */ @@ -308,6 +319,10 @@ /* If you add new methods add them after this using random number between 16-31 so if someone else adds also new methods you dont use same number. */ +#ifdef AFS +#define SSH_PASS_AFS_TOKEN 21 +#endif /* AFS */ + /* Protocol flags. These are bit masks. */ #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ @@ -382,7 +397,9 @@ /* If ou add new messages add them starting from something after 64, better to use some random number between 64-127 so if someone else adds something else you dont use same numbers */ - +#ifdef AFS +#define SSH_CMSG_HAVE_AFS_TOKEN 65 +#endif /* AFS */ /* define this and debug() will print local hostname */ #define LOCAL_HOSTNAME_IN_DEBUG 1 @@ -450,12 +467,12 @@ /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ -#if defined(KERBEROS) && defined(KRB5) +#ifdef KRB5 int auth_password(const char *server_user, const char *password, krb5_principal client); -#else /* defined(KERBEROS) && defined(KRB5) */ +#else /* KRB5 */ int auth_password(const char *server_user, const char *password); -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* KRB5 */ /* Performs the RSA authentication dialog with the client. This returns 0 if the client could not be authenticated, and 1 if authentication was diff -r -u -b -w ssh-1.2.22-orig/sshconnect.c ssh-1.2.22-pl2/sshconnect.c --- ssh-1.2.22-orig/sshconnect.c Tue Jan 20 07:24:10 1998 +++ ssh-1.2.22-pl2/sshconnect.c Thu Feb 5 16:17:33 1998 @@ -185,7 +185,6 @@ #include "userfile.h" #include "emulate.h" -#ifdef KERBEROS #ifdef KRB5 #include @@ -193,7 +192,19 @@ krb5_context ssh_context = 0; krb5_auth_context auth_context = 0; #endif /* KRB5 */ -#endif /* KERBEROS */ + +#ifdef KRB4 +#include +#ifdef AFS +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef HAVE_SYS_FILIO_H +#include +#endif +#include +#endif /* AFS */ +#endif /* KRB4 */ /* Session id for the current session. */ unsigned char session_id[16]; @@ -901,10 +912,9 @@ return 0; } -#ifdef KERBEROS +#ifdef KRB5 int try_kerberos_authentication() { -#ifdef KRB5 char *remotehost; krb5_data auth; krb5_error_code r; @@ -1051,15 +1061,118 @@ krb5_free_ap_rep_enc_part(ssh_context, repl); return(ret_stat); +} #endif /* KRB5 */ + +#ifdef KRB4 +int try_kerberos_authentication() +{ + KTEXT_ST auth; /* Kerberos data */ + char *reply; + char inst[INST_SZ]; + char *realm; + char *service; + CREDENTIALS cred; + int r, type; + Key_schedule schedule; + u_long checksum, cksum; + MSG_DAT msg_data; + struct sockaddr_in local, foreign; + struct stat st; + + /* Don't do anything if we don't have any tickets. */ + if (stat(tkt_string(), &st) < 0) return 0; + + debug("Trying Kerberos authentication."); + strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); + + realm = (char *)krb_realmofhost(get_canonical_hostname()); + if (!realm) { + debug("Kerberos V4: no realm for %s", get_canonical_hostname()); + return 0; } -#endif /* KERBEROS */ + /* This can really be anything. */ + checksum = (u_long) getpid(); -#ifdef KERBEROS_TGT_PASSING + if (r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum)) { + debug("Kerberos V4 krb_mk_req failed: %s", krb_err_txt[r]); + return 0; + } + /* Get session key to decrypt the server's reply with. */ + if (r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred)) { + debug("get_cred failed: %s", krb_err_txt[r]); + return 0; + } + des_key_sched((des_cblock *)cred.session, schedule); + + /* Send authentication info to server. */ + packet_start(SSH_CMSG_AUTH_KERBEROS); + packet_put_string((char *)auth.dat, auth.length); + packet_send(); + packet_write_wait(); + + /* zero the buffer */ + (void) memset(auth.dat, 0, MAX_KTXT_LEN); + + r = sizeof(local); + memset(&local, 0, sizeof(local)); + if (getsockname(packet_get_connection_in(), + (struct sockaddr *) &local, &r) < 0) + debug("getsockname failed: %.100s", strerror(errno)); + + r = sizeof(foreign); + memset(&foreign, 0, sizeof(foreign)); + if (getpeername(packet_get_connection_in(), + (struct sockaddr *)&foreign, &r) < 0) + debug("getpeername failed: %.100s", strerror(errno)); + + /* Get server reply. */ + type = packet_read(); + switch(type) { + + case SSH_SMSG_FAILURE: /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */ + debug("Kerberos V4 authentication failed."); + return 0; + break; + + case SSH_SMSG_AUTH_KERBEROS_RESPONSE: /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */ + debug("Kerberos V4 authentication accepted."); + + /* Get server's response. */ + reply = packet_get_string((unsigned int *)&auth.length); + memcpy(auth.dat, reply, auth.length); + xfree(reply); + + /* If his response isn't properly encrypted with the session key, + and the decrypted checksum fails to match, he's bogus. Bail out. */ + if (r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session, + &foreign, &local, &msg_data)) { + debug("Kerberos V4 krb_rd_priv failed: %s", krb_err_txt[r]); + packet_disconnect("Kerberos V4 challenge failed!"); + } + /* fetch the (incremented) checksum that we supplied in the request */ + (void)memcpy((char *)&cksum, (char *)msg_data.app_data, sizeof(cksum)); + cksum = ntohl(cksum); + + /* If it matches, we're golden. */ + if (cksum == checksum + 1) { + debug("Kerberos V4 challenge successful."); + return 1; + } + else + packet_disconnect("Kerberos V4 challenge failed!"); + break; + + default: + packet_disconnect("Protocol error on Kerberos V4 response: %d", type); + } +} +#endif /* KRB4 */ + +#ifdef KRB5 /* Forward our local Kerberos tgt to the server. */ int send_kerberos_tgt() { -#ifdef KRB5 char *remotehost; krb5_principal client; krb5_principal server; @@ -1137,22 +1250,117 @@ krb5_free_principal(ssh_context, client); krb5_free_principal(ssh_context, server); - type = packet_read(); - if (type == SSH_SMSG_SUCCESS) - { - debug("Kerberos V5 TGT passing was successful."); return 1; } - else - if (type != SSH_SMSG_FAILURE) - packet_disconnect("Protocol error on Kerberos tgt response: %d", type); - else - debug("Kerberos V5 TGT passing failed."); +#endif /* KRB5 */ + +#ifdef AFS +int send_kerberos_tgt() +{ + CREDENTIALS *creds; + char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; + int r, type; + unsigned char buffer[8192]; + struct stat st; + + /* Don't do anything if we don't have any tickets. */ + if (stat(tkt_string(), &st) < 0) return 0; + creds = xmalloc(sizeof(CREDENTIALS)); + + if ((r=krb_get_tf_fullname(TKT_FILE,pname,pinst,prealm)) != KSUCCESS) { + debug("Kerberos V4 tf_fullname failed: %s",krb_err_txt[r]); return 0; -#endif /* KRB5 */ } -#endif /* KERBEROS_TGT_PASSING */ + if ((r=krb_get_cred("krbtgt", prealm, prealm, creds)) != GC_OK) { + debug("Kerberos V4 get_cred failed: %s", krb_err_txt[r]); + return 0; + } + if (time(0) > +#ifdef HAVE_KRB_LIFE_TO_TIME + (unsigned long)krb_life_to_time(creds->issue_date, creds->lifetime)) { +#else + (creds->issue_date + ((unsigned char)creds->lifetime * 5 * 60))) { +#endif /* HAVE_KRB_LIFE_TO_TIME */ + debug("Kerberos V4 ticket expired: %s", TKT_FILE); + return 0; + } + + creds_to_radix(creds, buffer); + xfree(creds); + + packet_start(SSH_CMSG_HAVE_KERBEROS_TGT); + packet_put_string((char *)buffer, strlen(buffer)); + packet_send(); + packet_write_wait(); + + return 1; +} + +/* Forwards our AFS tokens to the server. */ +void send_afs_tokens(void) +{ + CREDENTIALS creds; + struct ViceIoctl parms; + struct ClearToken ct; + int i, type; + long len; + char buf[2048], *p, *server_cell; + unsigned char buffer[8192]; + + /* Move over ktc_GetToken, here's something leaner. */ + for (i = 0; i < 100; i++) { /* just in case */ + parms.in = (char *)&i; + parms.in_size = sizeof(long); + parms.out = buf; + parms.out_size = sizeof(buf); + if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0) break; + p = buf; + + /* Get secret token. */ + memcpy(&creds.ticket_st.length, p, sizeof(unsigned int)); + if (creds.ticket_st.length > MAX_KTXT_LEN) break; + p += sizeof(unsigned int); + memcpy(creds.ticket_st.dat, p, creds.ticket_st.length); + p += creds.ticket_st.length; + + /* Get clear token. */ + memcpy(&len, p, sizeof(long)); + if (len != sizeof(struct ClearToken)) break; + p += sizeof(long); + memcpy(&ct, p, len); + p += len; + p += sizeof(long); /* primary flag */ + server_cell = p; + + /* Flesh out our credentials. */ + strcpy(creds.service, "afs"); + creds.instance[0] = '\0'; + strncpy(creds.realm, server_cell, REALM_SZ); + memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ); + creds.issue_date = ct.BeginTimestamp; + creds.lifetime = krb_time_to_life(creds.issue_date, ct.EndTimestamp); + creds.kvno = ct.AuthHandle; + sprintf(creds.pname, "AFS ID %d", ct.ViceId); + creds.pinst[0] = '\0'; + + /* Encode token, ship it off. */ + if (!creds_to_radix(&creds, buffer)) break; + packet_start(SSH_CMSG_HAVE_AFS_TOKEN); + packet_put_string((char *)buffer, strlen(buffer)); + packet_send(); + packet_write_wait(); + + /* Roger, Roger. Clearance, Clarence. What's your vector, Victor? */ + type = packet_read(); + + if (type == SSH_SMSG_FAILURE) + debug("AFS token for cell %s rejected.", server_cell); + else if (type != SSH_SMSG_SUCCESS) + packet_disconnect("Protocol error on AFS token response: %d", type); + } +} +#endif /* AFS */ /* Waits for the server identification string, and sends our own identification string. */ @@ -1250,14 +1458,12 @@ unsigned char check_bytes[8]; unsigned int supported_ciphers, supported_authentications, protocol_flags; HostStatus host_status; -#ifdef KERBEROS #ifdef KRB5 char *kuser; krb5_ccache ccache; krb5_error_code problem; krb5_principal client; -#endif -#endif +#endif /* KRB5 */ /* Convert the user-supplied hostname into all lowercase. */ host = xstrdup(orighost); @@ -1560,7 +1766,6 @@ debug("Received encrypted confirmation."); -#ifdef KERBEROS #ifdef KRB5 if (!ssh_context) { @@ -1592,7 +1797,6 @@ debug("Kerberos V5: could not get default ccache."); } #endif /* KRB5 */ -#endif /* KERBEROS */ /* Send the name of the user to log in as on the server. */ packet_start(SSH_CMSG_USER); @@ -1610,24 +1814,37 @@ packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type); -#ifdef KERBEROS_TGT_PASSING +#if defined(KRB5) || defined(AFS) /* Try Kerberos tgt passing if the server supports it. */ if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) && options->kerberos_tgt_passing) { if (options->cipher == SSH_CIPHER_NONE) log_msg("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!"); - (void)send_kerberos_tgt(); + if (send_kerberos_tgt()) { + type = packet_read(); + if (type == SSH_SMSG_FAILURE) + debug("Kerberos TGT passing failed."); + else if (type != SSH_SMSG_SUCCESS) + packet_disconnect("Protocol error on Kerberos tgt response: %d", type); + } } -#endif /* KERBEROS_TGT_PASSING */ +#endif /* KRB5 || AFS */ -#ifdef KERBEROS -#ifdef KRB5 +#ifdef AFS + /* Try AFS token passing if the server supports it. */ + if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) && + options->afs_token_passing && k_hasafs()) { + if (options->cipher == SSH_CIPHER_NONE) + log_msg("WARNING: Encryption is disabled! Token will be transmitted in the clear!"); + send_afs_tokens(); + } +#endif /* AFS */ + +#if defined(KRB4) || defined(KRB5) if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) && options->kerberos_authentication) { - debug("Trying Kerberos V5 authentication."); -#endif if (try_kerberos_authentication()) { /* The server should respond with success or failure. */ type = packet_read(); @@ -1636,10 +1853,8 @@ if (type != SSH_SMSG_FAILURE) packet_disconnect("Protocol error: got %d in response to Kerberos auth", type); } -#ifdef KRB5 } -#endif -#endif /* KERBEROS */ +#endif /* KRB4 || KRB5 */ /* Use rhosts authentication if running in privileged socket and we do not wish to remain anonymous. */ diff -r -u -b -w ssh-1.2.22-orig/sshd.8.in ssh-1.2.22-pl2/sshd.8.in --- ssh-1.2.22-orig/sshd.8.in Tue Jan 20 07:24:13 1998 +++ ssh-1.2.22-pl2/sshd.8.in Thu Feb 5 16:17:30 1998 @@ -451,10 +451,10 @@ .TP .B KerberosAuthentication -Specifies whether Kerberos V5 authentication is allowed. This can +Specifies whether Kerberos authentication is allowed. This can be in the form of a Kerberos ticket, or if PasswordAuthentication is yes, the password provided by the user will be validated through -the Kerberos KDC or DCE Security Server. Default is yes. +the Kerberos KDC / AFS kaserver / DCE Security Server. Default is yes. .TP .B KerberosOrLocalPasswd @@ -464,8 +464,18 @@ .TP .B KerberosTgtPassing -Specifies whether a Kerberos V5 TGT may be forwarded to the server. +Specifies whether a Kerberos TGT may be forwarded to the server. Default is yes. + +.TP +.B AFSTokenPassing +Specifies whether an AFS token may be forwarded to the server. +Default is yes. + +.TP +.B KerberosTicketCleanup +Specifies whether to automatically destroy the user's Kerberos v4 +ticket cache file on logout. Default is yes. .TP .B KeyRegenerationInterval diff -r -u -b -w ssh-1.2.22-orig/sshd.c ssh-1.2.22-pl2/sshd.c --- ssh-1.2.22-orig/sshd.c Tue Jan 20 07:24:10 1998 +++ ssh-1.2.22-pl2/sshd.c Wed Feb 18 00:45:00 1998 @@ -450,15 +450,26 @@ #define O_NOCTTY 0 #endif -#ifdef KERBEROS #ifdef KRB5 #include /* Global the contexts */ krb5_context ssh_context = 0; krb5_auth_context auth_context = 0; #endif /* KRB5 */ -char *ticket = "none\0"; -#endif /* KERBEROS */ + +#ifdef KRB4 +#include +#include +#ifdef AFS +#include +/* Local Xauthority file. */ +char *xauthfile = NULL; +#endif /* AFS */ +#endif /* KRB4 */ + +#if defined(KRB5) || defined(KRB4) +char *ticket = NULL; +#endif /* KRB5 || KRB4 */ /* Server configuration options. */ ServerOptions options; @@ -548,7 +559,6 @@ const char *display, const char *auth_proto, const char *auth_data, const char *ttyname); - /* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; the effect is to reread the configuration file (and to regenerate the server key). */ @@ -991,7 +1001,6 @@ /* Arrange SIGCHLD to be caught. */ signal(SIGCHLD, main_sigchld_handler); -#ifdef KERBEROS #ifdef KRB5 /* Initialize contexts and setup replay cache */ if (!ssh_context) @@ -1000,7 +1009,6 @@ krb5_init_ets(ssh_context); } #endif -#endif /* Stay listening for connections until the system crashes or the daemon is killed with a signal. */ @@ -1252,6 +1260,16 @@ /* Try to remove authentication socket and directory */ auth_delete_socket(NULL); +#ifdef KRB4 + /* Cleanup user's ticket cache file. */ + if (options.kerberos_ticket_cleanup) + (void) dest_tkt(); +#ifdef AFS + /* Cleanup user's local Xauthority file. */ + if (xauthfile) unlink(xauthfile); +#endif /* AFS */ +#endif /* KRB4 */ + /* The connection has been terminated. */ log_msg("Closing connection to %.100s", get_remote_ipaddr()); packet_close(); @@ -1315,17 +1333,17 @@ if (options.tis_authentication) auth_mask |= 1 << SSH_AUTH_TIS; #endif -#ifdef KERBEROS -#ifdef KRB5 +#if defined(KRB4) || defined(KRB5) if (options.kerberos_authentication) auth_mask |= 1 << SSH_AUTH_KERBEROS; #endif -#endif -#ifdef KERBEROS_TGT_PASSING -#ifdef KRB5 +#if defined(AFS) || defined(KRB5) if (options.kerberos_tgt_passing) auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; #endif +#ifdef AFS + if (options.afs_token_passing) + auth_mask |= 1 << SSH_PASS_AFS_TOKEN; #endif if (options.password_authentication) auth_mask |= 1 << SSH_AUTH_PASSWORD; @@ -1507,7 +1525,7 @@ enduserdb(); } #endif /* HAVE_USERSEC_H */ -#ifdef HAVE_ETC_SHADOW +#if defined(HAVE_ETC_SHADOW) && !defined(KRB4) && !defined(KRB5) { struct spwd *sp; @@ -1654,7 +1672,7 @@ } } - /* Check whether logins are deneid for this group. */ + /* Check whether logins are denied for this group. */ grp = getgrgid(pwd->pw_gid); if (grp) group = grp->gr_name; @@ -1766,16 +1784,24 @@ unsigned int client_host_key_bits; MP_INT client_host_key_e, client_host_key_n; int password_attempts = 0; -#if defined(KERBEROS) && defined(KRB5) +#ifdef KRB5 char kuser[128]; krb5_principal client = 0, tkt_client = 0; krb5_data krb5data; -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* KRB5 */ + +#ifdef AFS + /* If machine has AFS, set process authentication group. */ + if (k_hasafs()) { + k_setpag(); + k_unlog(); + } +#endif /* AFS */ if (strlen(user) > 255) do_authentication_fail_loop(); -#if defined(KERBEROS) && defined(KRB5) +#ifdef KRB5 /* For KRB5 allow the user to input fully qualified name i.e. "username@realm" as the local user name. Then use this name to call out to krb5_aname_to_localname to find if there is a localname @@ -1804,7 +1830,7 @@ } else krb5_parse_name(ssh_context, user, &client); -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* KRB5 */ /* Verify that the user is a valid user. We disallow usernames starting with any characters that are commonly used to start NIS entries. */ @@ -1842,13 +1868,16 @@ debug("Attempting authentication for %.100s.", user); -#if defined (KERBEROS) && defined (KRB5) - if (!options.kerberos_authentication && options.password_authentication && - auth_password(user, "", 0)) -#else /* defined(KERBEROS) && defined(KRB5) */ /* If the user has no password, accept authentication immediately. */ - if (options.password_authentication && auth_password(user, "")) -#endif /* defined(KERBEROS) && defined(KRB5) */ +#ifdef KRB5 + if (!options.kerberos_authentication && auth_password(user, "", 0)) +#else + if (options.password_authentication && +#ifdef KRB4 + options.kerberos_or_local_passwd && +#endif /* KRB4 */ + auth_password(user, "")) +#endif { /* Authentication with empty password succeeded. */ debug("Login for user %.100s accepted without authentication.", user); @@ -1873,19 +1902,22 @@ /* Process the packet. */ switch (type) { -#ifdef KERBEROS_TGT_PASSING -#ifdef KRB5 +#if defined(AFS) || defined(KRB5) case SSH_CMSG_HAVE_KERBEROS_TGT: +#ifdef KRB5 if (!options.kerberos_tgt_passing || (!(options.kerberos_authentication || options.password_authentication || options.rsa_authentication))) +#else + if (!options.kerberos_tgt_passing) +#endif /* KRB5 */ { packet_get_all(); log_msg("Kerberos tgt passing disabled."); break; } - +#ifdef KRB5 /* Accept Kerberos tgt. */ krb5data.data = packet_get_string((unsigned int *) &krb5data.length); @@ -1895,12 +1927,38 @@ debug("Kerberos tgt REFUSED for %s", user); } free(krb5data.data); -#endif continue; -#endif /* KERBEROS_TGT_PASSING */ +#else /* XXX - how to make these coexist? don't want to + bloat the protocol with k4,k5 messages... */ + { + /* Accept Kerberos tgt. */ + char *tgt = packet_get_string(NULL); + if (!auth_kerberos_tgt(pw, tgt)) + debug("Kerberos tgt REFUSED for %s", user); + xfree(tgt); + continue; + } +#endif /* KRB5 */ +#endif /* KRB5 || AFS */ -#ifdef KERBEROS -#ifdef KRB5 +#ifdef AFS + case SSH_CMSG_HAVE_AFS_TOKEN: + if (!k_hasafs() || !options.afs_token_passing) { + packet_get_all(); + log_msg("AFS token passing disabled."); + break; + } + else { + /* Accept AFS token. */ + char *token_string = packet_get_string(NULL); + if (!auth_afs_token(user, pw->pw_uid, token_string)) + debug("AFS token REFUSED for %s", user); + xfree(token_string); + continue; + } +#endif /* AFS */ + +#if defined(KRB4) || defined(KRB5) case SSH_CMSG_AUTH_KERBEROS: if (!options.kerberos_authentication) { @@ -1908,6 +1966,7 @@ log_msg("Kerberos authentication disabled."); break; } +#ifdef KRB5 /* Try Kerberos authentication. */ krb5data.data = packet_get_string((unsigned int *) &krb5data.length); if (auth_kerberos(user, &krb5data, &tkt_client)) @@ -1939,11 +1998,31 @@ } free(tkt_user); } -#endif /* KRB5 */ - debug("Kerberos authentication failed for %.100s from %.200s", - user, get_canonical_hostname()); +#else /* !KRB5 XXX - how to make these coexist? */ + else { + /* Try Kerberos v4 authentication. */ + KTEXT_ST auth; + char *tkt_user = NULL; + char *kdata = packet_get_string((unsigned int *)&auth.length); + + memcpy(auth.dat, kdata, auth.length); + xfree(kdata); + + if (auth_krb4(user, &auth, &tkt_user)) { + /* Client has successfully authenticated to us. */ + log_msg("Kerberos authentication accepted %s for account " + "%.100s from %.200s", tkt_user, user, + get_canonical_hostname()); + authentication_type = SSH_AUTH_KERBEROS; + authenticated = 1; + xfree(tkt_user); break; -#endif /* KERBEROS */ + } + log_msg("Kerberos authentication failed for account " + "%.100s from %.200s", user, get_canonical_hostname()); + } +#endif /* KRB5 */ +#endif /* KRB5 || KRB4 */ case SSH_CMSG_AUTH_RHOSTS: if (!options.rhosts_authentication) @@ -2244,11 +2323,11 @@ password_attempts++; /* Try authentication with the password. */ -#if defined(KERBEROS) && defined(KRB5) +#ifdef KRB5 if (auth_password(user, password, client)) -#else /* defined(KERBEROS) && defined(KRB5) */ +#else if (auth_password(user, password)) -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* KRB5 */ { /* Successful authentication. */ /* Clear the password from memory. */ @@ -2275,7 +2354,7 @@ if (authenticated) break; -#ifdef KERBEROS +#if defined(KRB5) /* If you forwarded a ticket you get one shot for proper authentication. */ /* If tgt was passed unlink file */ @@ -2286,7 +2365,7 @@ else ticket = NULL; } -#endif /* KERBEROS */ +#endif /* KRB5 */ /* Send a message indicating that the authentication attempt failed. */ packet_start(SSH_SMSG_FAILURE); @@ -2510,6 +2589,21 @@ display = x11_create_display_inet(screen); if (!display) goto fail; +#ifdef AFS + /* Setup to have a local .Xauthority, if homedir is in AFS. */ + { + struct stat st; + char cell[64], *xauthdir = "/ticket"; + + if (k_hasafs() && k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) { + xauthfile = xmalloc(MAXPATHLEN); + if (stat(xauthdir, &st) < 0) + xauthdir = "/tmp"; + sprintf(xauthfile, "%s/Xauth%d%d", xauthdir, pw->pw_uid, + getpid()); + } + } +#endif /* AFS */ break; #else /* XAUTH_PATH */ /* No xauth program; we won't accept forwarding with spoofing. */ @@ -3364,6 +3458,17 @@ and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; +#ifdef AFS + /* Try to get AFS tokens for the local cell. */ + if (k_hasafs()) { + char cell[64]; + + if (k_afs_cell_of_file(user_dir, cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } +#endif /* AFS */ + /* Initialize the environment. In the first part we allocate space for all environment variables. */ envsize = 100; @@ -3442,13 +3547,21 @@ if (display) child_set_env(&env, &envsize, "DISPLAY", display); -#ifdef KERBEROS - /* Set KRBTKFILE to point to our ticket */ + /* Set KRBTKFILE to point to our ticket. */ #ifdef KRB5 if (ticket) child_set_env(&env, &envsize, "KRB5CCNAME", ticket); #endif /* KRB5 */ -#endif /* KERBEROS */ +#ifdef KRB4 /* XXX - how to make these coexist? */ + if (ticket) + child_set_env(&env, &envsize, "KRBTKFILE", ticket); + +#ifdef AFS + /* Set XAUTHORITY to a local file, if homedir is in AFS. */ + if (xauthfile) + child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); +#endif /* AFS */ +#endif /* KRB4 */ /* Set variable for forwarded authentication connection, if we have one. */ if (auth_get_socket_name() != NULL)