[11507] in bugtraq
4.4 BSD issue -- chflags
daemon@ATHENA.MIT.EDU (Sami Lehtinen)
Wed Aug 25 04:22:16 1999
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="CpNjGBIMCN"
Content-Transfer-Encoding: 7bit
Message-Id: <14257.53084.887601.757696@johto.ssh.fi>
Date: Wed, 11 Aug 1999 22:30:36 +0300
Reply-To: Sami Lehtinen <sjl@SSH.FI>
From: Sami Lehtinen <sjl@SSH.FI>
X-To: lumpy <lumpy@BLUE.9MM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9908051915240.30466-100000@blue.9mm.com>
--CpNjGBIMCN
Content-Type: text/plain; charset=us-ascii
Content-Description: message body text
Content-Transfer-Encoding: 7bit
lumpy writes:
: Title:
: BSD File Flags and Programming Techniques
:
: Systems Affected:
:
: 4.4BSD based operating systems.
: A majority of the programs that implement a method of login
: on 4.4BSD based operating systems.
:
: Patches to the following are listed
: at the end of the advisory:
:
: FreeBSD, OpenBSD, NetBSD, BSD/OS
:
: Status information on the following are
: listed at the end of the advisory:
:
: SSH, XFree86, screen
:
: Synopsis:
:
: Programmers don't check the return values of calls
: and cause big security holes.
[SNIP]
: SSH
: I have heard some reports that ssh(d) does not properly deal
: with flags set, but have no official feedback.
[SNIP]
I have made patches for ssh-2.0.13, {f-secure-ssh, ssh}-2.0.12 and
ssh-1.2.27 (this patch should work with f-secure-ssh-1.3.[67], too,
though I didn't test that).
These essentially fix this problem by clearing the user-settable flags
from the files if chown() fails, and re-trying.
The patches include information on how to apply them.
Enjoy.
--CpNjGBIMCN
Content-Type: text/plain
Content-Description: patch for ssh-2.0.13
Content-Disposition: inline;
filename="patch-ssh-2.0.13-bsd.tty.chown"
Content-Transfer-Encoding: 7bit
Patch for problem with tty ownership with chflags and chown in BSD 4.4
variants. Fixes a security bug in tty allocation.
This patch works for ssh-2.0.13 (note: doesn't work for ssh-2.0.12. Use
patch-ssh-2.0.12-bsd.tty.chown for that).
Apply with the following commands:
% cd /wherever/you/hold/your/sources/ssh-2.0.13
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-2.0.13-bsd.tty.chown
% ./configure --whatever-config-flags-you-use
% make clean
% make
% su
Password: ***********
# make install
# kill -HUP `cat /var/run/sshd2_22.pid`
You should be all set.
Sami Lehtinen <sjl@ssh.fi>
--begin patch--
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/apps/ssh/agentpath.c ssh-2.0.13/apps/ssh/agentpath.c
--- ssh-2.0.13.orig/apps/ssh/agentpath.c Sun Jan 31 14:40:44 1999
+++ ssh-2.0.13/apps/ssh/agentpath.c Wed Aug 11 15:34:03 1999
@@ -78,10 +78,16 @@
}
else
{
- (void)chown(socket_dir_name, uid, 0);
+ /* We don't do anything special if this fails. (for example,
+ in BSD's this always fails.)*/
+ if (chown(socket_dir_name, uid, 0) < 0)
+ {
+ SSH_TRACE(2, ("chown failed for %s, error: %s", \
+ socket_dir_name, strerror(errno)));
+ }
}
}
-
+
/* Check the owner and permissions */
if (stat(socket_dir_name, &st) != 0 || st.st_uid != uid ||
(st.st_mode & 077) != 0)
@@ -132,8 +138,18 @@
if (listener)
{
- (void)chown(path, uid, 0);
- (void)chmod(path, S_IRUSR | S_IWUSR);
+ if (chown(path, uid, 0) < 0)
+ {
+ /* This fails always with BSD. */
+ SSH_DEBUG(2, ("chown failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
+
+ if (chmod(path, S_IRUSR | S_IWUSR) < 0)
+ {
+ SSH_DEBUG(2, ("chmod failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
}
else
{
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/apps/ssh/sshchsession.c ssh-2.0.13/apps/ssh/sshchsession.c
--- ssh-2.0.13.orig/apps/ssh/sshchsession.c Fri May 7 14:02:03 1999
+++ ssh-2.0.13/apps/ssh/sshchsession.c Tue Aug 10 17:28:35 1999
@@ -1303,8 +1303,12 @@
/* If we have a pseudo-terminal, log that we are now logged out. */
if (session->have_pty)
{
- ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
- ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ if (session->stream != NULL)
+ {
+ SSH_TRACE(2, ("Destroying session stream, and logging user out."));
+ ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
+ ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ }
}
#ifdef SSH_CHANNEL_X11
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/configure.in ssh-2.0.13/configure.in
--- ssh-2.0.13.orig/configure.in Tue May 11 11:34:37 1999
+++ ssh-2.0.13/configure.in Wed Aug 11 16:50:55 1999
@@ -851,7 +851,7 @@
AC_CHECK_HEADERS(sys/stream.h sys/conf.h)
AC_CHECK_FUNCS(revoke openpty _getpty setpgrp setpgid ttyslot authenticate)
AC_CHECK_FUNCS(makeutx setlogin openpty _getpty innetgr initgroups setpgrp)
-AC_CHECK_FUNCS(signal setrlimit getrlimit setluid getpt)
+AC_CHECK_FUNCS(signal setrlimit getrlimit setluid getpt chflags)
AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt))
AC_CHECK_LIB(sec, getspnam)
AC_CHECK_LIB(seq, get_process_stats)
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/lib/sshsession/sshunixptystream.c ssh-2.0.13/lib/sshsession/sshunixptystream.c
--- ssh-2.0.13.orig/lib/sshsession/sshunixptystream.c Tue May 11 11:35:23 1999
+++ ssh-2.0.13/lib/sshsession/sshunixptystream.c Wed Aug 11 18:04:48 1999
@@ -128,10 +128,86 @@
tty_gid = owner_gid;
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
}
-
+
+ retry_chown:
/* Change ownership of the tty. */
- (void)chown(namebuf, owner_uid, tty_gid);
- (void)chmod(namebuf, tty_mode);
+ if (chown(namebuf, owner_uid, tty_gid) < 0)
+ {
+ /* chown failed. Atleast two possibilities. Either we are not
+ running as root, in which case this is OK, or we are running
+ on BSD, and somebody has put some flags to the tty. */
+
+ /* Check whether we are root or not.*/
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is OK. */
+ SSH_DEBUG(2, ("chown failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+#ifdef HAVE_CHFLAGS
+ static Boolean retrying = FALSE;
+ struct stat st;
+
+ if (!retrying)
+ {
+ SSH_TRACE(0, ("chown failed for %s, error: %s. Removing " \
+ "user-settable flags, and retrying.", \
+ namebuf, strerror(errno)));
+
+ if (stat(namebuf, &st) < 0)
+ {
+ ssh_warning("stat failed for %s, error: %s",
+ namebuf, strerror(errno));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Removing user-settable flags with chflags."));
+ /* Remove user definable flags. */
+ if (chflags(namebuf, st.st_flags &
+ ~(UF_NODUMP | UF_IMMUTABLE |
+ UF_APPEND | UF_OPAQUE)) < 0)
+ {
+ SSH_TRACE(0, ("chflags failed for %s, error: %s", \
+ namebuf, strerror(errno)));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Retrying..."));
+ retrying = TRUE;
+ goto retry_chown;
+ }
+ }
+ }
+ else
+ {
+ SSH_TRACE(0, ("chown failed even with retry. error: %s", \
+ strerror(errno)));
+ }
+
+#endif /* HAVE_CHFLAGS */
+ ssh_warning("ssh_pty_allocate_and_fork: chown failed for %s.",
+ namebuf);
+ return SSH_PTY_ERROR;
+ }
+ }
+
+ if (chmod(namebuf, tty_mode) < 0)
+ {
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is (probably) OK. */
+ SSH_DEBUG(2, ("chmod failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+ ssh_warning("ssh_pty_allocate_and_fork: chmod %s: %s",
+ namebuf, strerror(errno));
+ return SSH_PTY_ERROR;
+ }
+ }
/* Initialize SIGCHLD handling. This will ensure the SIGCHLD won't get
delivered until we register the handler for the new process below. */
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/lib/sshutil/sshfilexfers.c ssh-2.0.13/lib/sshutil/sshfilexfers.c
--- ssh-2.0.13.orig/lib/sshutil/sshfilexfers.c Tue May 4 14:05:01 1999
+++ ssh-2.0.13/lib/sshutil/sshfilexfers.c Tue Aug 10 16:58:37 1999
@@ -328,7 +328,7 @@
{
#ifdef HAVE_FCHOWN
/* Note: we ignore the return value. */
- fchown(fd, attrs->uid, attrs->gid);
+ (void)fchown(fd, attrs->uid, attrs->gid);
#endif /* HAVE_FCHOWN */
}
@@ -735,7 +735,7 @@
#endif /* HAVE_FUTIMES */
}
- /* XXX some operation(s) may fail (for example chmod() in BSD fails
+ /* XXX some operation(s) may fail (for example chown() in BSD fails
always if not super-user), but that is no excuse to stop executing
them alltogether. So, we need some system to inform the user of
the error(s). This is not it. */
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/sshconf.h.in ssh-2.0.13/sshconf.h.in
--- ssh-2.0.13.orig/sshconf.h.in Tue May 11 11:34:56 1999
+++ ssh-2.0.13/sshconf.h.in Wed Aug 11 17:08:17 1999
@@ -287,6 +287,9 @@
/* Define if you have the authenticate function. */
#undef HAVE_AUTHENTICATE
+/* Define if you have the chflags function. */
+#undef HAVE_CHFLAGS
+
/* Define if you have the chmod function. */
#undef HAVE_CHMOD
diff -u ssh-2.0.13.orig/configure ssh-2.0.13/configure
--- ssh-2.0.13.orig/configure Tue May 11 11:34:58 1999
+++ ssh-2.0.13/configure Wed Aug 11 17:07:05 1999
@@ -6011,7 +6011,7 @@
fi
done
-for ac_func in signal setrlimit getrlimit setluid getpt
+for ac_func in signal setrlimit getrlimit setluid getpt chflags
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:6018: checking for $ac_func" >&5
--CpNjGBIMCN
Content-Type: text/plain
Content-Description: patch for ssh-2.0.12
Content-Disposition: inline;
filename="patch-ssh-2.0.12-bsd.tty.chown"
Content-Transfer-Encoding: 7bit
Patch for problem with tty ownership with chflags and chown in BSD 4.4
variants. Fixes a security bug in tty allocation.
This patch works for ssh-2.0.12 (note: doesn't work for ssh-2.0.13. Use
patch-ssh-2.0.13-bsd.tty.chown for that).
Apply with the following commands:
% cd /wherever/you/hold/your/sources/ssh-2.0.12
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-2.0.12-bsd.tty.chown
% ./configure --whatever-config-flags-you-use
% make clean
% make
% su
Password: ***********
# make install
# kill -HUP `cat /var/run/sshd2_22.pid`
You should be all set.
Sami Lehtinen <sjl@ssh.fi>
--begin patch--
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/apps/ssh/agentpath.c f-secure-ssh-2.0.12/apps/ssh/agentpath.c
--- f-secure-ssh-2.0.12.orig/apps/ssh/agentpath.c Fri Oct 30 15:16:38 1998
+++ f-secure-ssh-2.0.12/apps/ssh/agentpath.c Wed Aug 11 19:14:43 1999
@@ -78,10 +78,16 @@
}
else
{
- (void)chown(socket_dir_name, uid, 0);
+ /* We don't do anything special if this fails. (for example,
+ in BSD's this always fails.)*/
+ if (chown(socket_dir_name, uid, 0) < 0)
+ {
+ SSH_TRACE(2, ("chown failed for %s, error: %s", \
+ socket_dir_name, strerror(errno)));
+ }
}
}
-
+
/* Check the owner and permissions */
if (stat(socket_dir_name, &st) != 0 || st.st_uid != uid ||
(st.st_mode & 077) != 0)
@@ -132,8 +138,18 @@
if (listener)
{
- (void)chown(path, uid, 0);
- (void)chmod(path, S_IRUSR | S_IWUSR);
+ if (chown(path, uid, 0) < 0)
+ {
+ /* This fails always with BSD. */
+ SSH_DEBUG(2, ("chown failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
+
+ if (chmod(path, S_IRUSR | S_IWUSR) < 0)
+ {
+ SSH_DEBUG(2, ("chmod failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
}
else
{
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/apps/ssh/sshchsession.c f-secure-ssh-2.0.12/apps/ssh/sshchsession.c
--- f-secure-ssh-2.0.12.orig/apps/ssh/sshchsession.c Mon Jan 18 12:32:24 1999
+++ f-secure-ssh-2.0.12/apps/ssh/sshchsession.c Wed Aug 11 19:14:44 1999
@@ -1288,8 +1288,12 @@
/* If we have a pseudo-terminal, log that we are now logged out. */
if (session->have_pty)
{
- ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
- ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ if (session->stream != NULL)
+ {
+ SSH_TRACE(2, ("Destroying session stream, and logging user out."));
+ ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
+ ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ }
}
#ifdef SSH_CHANNEL_X11
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/configure.in f-secure-ssh-2.0.12/configure.in
--- f-secure-ssh-2.0.12.orig/configure.in Fri Jan 29 13:34:29 1999
+++ f-secure-ssh-2.0.12/configure.in Wed Aug 11 19:14:44 1999
@@ -864,7 +864,7 @@
AC_CHECK_HEADERS(sia.h sys/mkdev.h util.h shadow.h)
AC_CHECK_FUNCS(revoke openpty _getpty setpgrp setpgid ttyslot authenticate)
AC_CHECK_FUNCS(makeutx setlogin openpty _getpty innetgr initgroups setpgrp)
-AC_CHECK_FUNCS(signal setrlimit getrlimit)
+AC_CHECK_FUNCS(signal setrlimit getrlimit chflags)
AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt))
AC_CHECK_LIB(sec, getspnam)
AC_CHECK_LIB(seq, get_process_stats)
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/lib/sshsession/sshunixptystream.c f-secure-ssh-2.0.12/lib/sshsession/sshunixptystream.c
--- f-secure-ssh-2.0.12.orig/lib/sshsession/sshunixptystream.c Fri Jan 29 13:35:43 1999
+++ f-secure-ssh-2.0.12/lib/sshsession/sshunixptystream.c Wed Aug 11 19:18:54 1999
@@ -22,6 +22,8 @@
#include "sshtimeouts.h"
#include "sigchld.h"
+#define SSH_DEBUG_MODULE "SshUnixPtyStream"
+
typedef enum {
SSH_PTY_NORMAL,
SSH_PTY_BSD_PACKET
@@ -126,10 +128,86 @@
tty_gid = owner_gid;
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
}
-
+
+ retry_chown:
/* Change ownership of the tty. */
- (void)chown(namebuf, owner_uid, tty_gid);
- (void)chmod(namebuf, tty_mode);
+ if (chown(namebuf, owner_uid, tty_gid) < 0)
+ {
+ /* chown failed. Atleast two possibilities. Either we are not
+ running as root, in which case this is OK, or we are running
+ on BSD, and somebody has put some flags to the tty. */
+
+ /* Check whether we are root or not.*/
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is OK. */
+ SSH_DEBUG(2, ("chown failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+#ifdef HAVE_CHFLAGS
+ static Boolean retrying = FALSE;
+ struct stat st;
+
+ if (!retrying)
+ {
+ SSH_TRACE(0, ("chown failed for %s, error: %s. Removing " \
+ "user-settable flags, and retrying.", \
+ namebuf, strerror(errno)));
+
+ if (stat(namebuf, &st) < 0)
+ {
+ ssh_warning("stat failed for %s, error: %s",
+ namebuf, strerror(errno));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Removing user-settable flags with chflags."));
+ /* Remove user definable flags. */
+ if (chflags(namebuf, st.st_flags &
+ ~(UF_NODUMP | UF_IMMUTABLE |
+ UF_APPEND | UF_OPAQUE)) < 0)
+ {
+ SSH_TRACE(0, ("chflags failed for %s, error: %s", \
+ namebuf, strerror(errno)));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Retrying..."));
+ retrying = TRUE;
+ goto retry_chown;
+ }
+ }
+ }
+ else
+ {
+ SSH_TRACE(0, ("chown failed even with retry. error: %s", \
+ strerror(errno)));
+ }
+
+#endif /* HAVE_CHFLAGS */
+ ssh_warning("ssh_pty_allocate_and_fork: chown failed for %s.",
+ namebuf);
+ return SSH_PTY_ERROR;
+ }
+ }
+
+ if (chmod(namebuf, tty_mode) < 0)
+ {
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is (probably) OK. */
+ SSH_DEBUG(2, ("chmod failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+ ssh_warning("ssh_pty_allocate_and_fork: chmod %s: %s",
+ namebuf, strerror(errno));
+ return SSH_PTY_ERROR;
+ }
+ }
/* Initialize SIGCHLD handling. This will ensure the SIGCHLD won't get
delivered until we register the handler for the new process below. */
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/lib/sshutil/sshfilexfers.c f-secure-ssh-2.0.12/lib/sshutil/sshfilexfers.c
--- f-secure-ssh-2.0.12.orig/lib/sshutil/sshfilexfers.c Mon Jan 18 13:07:26 1999
+++ f-secure-ssh-2.0.12/lib/sshutil/sshfilexfers.c Wed Aug 11 19:14:44 1999
@@ -327,7 +327,7 @@
{
#ifdef HAVE_FCHOWN
/* Note: we ignore the return value. */
- fchown(fd, attrs->uid, attrs->gid);
+ (void)fchown(fd, attrs->uid, attrs->gid);
#endif /* HAVE_FCHOWN */
}
@@ -734,7 +734,7 @@
#endif /* HAVE_FUTIMES */
}
- /* XXX some operation(s) may fail (for example chmod() in BSD fails
+ /* XXX some operation(s) may fail (for example chown() in BSD fails
always if not super-user), but that is no excuse to stop executing
them alltogether. So, we need some system to inform the user of
the error(s). This is not it. */
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/sshconf.h.in f-secure-ssh-2.0.12/sshconf.h.in
--- f-secure-ssh-2.0.12.orig/sshconf.h.in Fri Jan 29 13:34:59 1999
+++ f-secure-ssh-2.0.12/sshconf.h.in Wed Aug 11 19:14:44 1999
@@ -279,6 +279,9 @@
/* Define if you have the authenticate function. */
#undef HAVE_AUTHENTICATE
+/* Define if you have the chflags function. */
+#undef HAVE_CHFLAGS
+
/* Define if you have the chmod function. */
#undef HAVE_CHMOD
diff -u f-secure-ssh-2.0.12.orig/configure f-secure-ssh-2.0.12/configure
--- f-secure-ssh-2.0.12.orig/configure Fri Jan 29 13:35:02 1999
+++ f-secure-ssh-2.0.12/configure Wed Aug 11 19:07:25 1999
@@ -6054,7 +6054,7 @@
fi
done
-for ac_func in signal setrlimit getrlimit
+for ac_func in signal setrlimit getrlimit chflags
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:6061: checking for $ac_func" >&5
--CpNjGBIMCN
Content-Type: text/plain
Content-Description: patch for ssh-1.2.27
Content-Disposition: inline;
filename="patch-ssh-1.2.27-bsd.tty.chown"
Content-Transfer-Encoding: 7bit
Patch for problem with tty ownership with chflags and chown in BSD 4.4
variants. Fixes a security bug in tty allocation.
This patch works for ssh-1.2.27.
Apply with the following commands:
% cd /wherever/you/hold/your/sources/ssh-1.2.27
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-1.2.27-bsd.tty.chown
% ./configure --whatever-config-flags-you-use
% make clean
% make
% su
Password: ***********
# make install
# kill -HUP `cat /var/run/sshd.pid`
You should be all set.
Sami Lehtinen <sjl@ssh.fi>
--begin patch--
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/auth-passwd.c ssh-1.2.27/auth-passwd.c
--- ssh-1.2.27.orig/auth-passwd.c Wed May 12 14:19:23 1999
+++ ssh-1.2.27/auth-passwd.c Wed Aug 11 19:49:32 1999
@@ -613,7 +613,13 @@
/* get_name pulls out just the name not the
type */
strcpy(ccname + 5, krb5_cc_get_name(ssh_context, ccache));
- (void) chown(ccname + 5, pw->pw_uid, pw->pw_gid);
+ if (chown(ccname + 5, pw->pw_uid, pw->pw_gid) < 0)
+ {
+ log_msg("Kerberos: chown failed for %s, error: %s",
+ ccname + 5, strerror(errno));
+ packet_send_debug("Kerberos: chown failed for %s", ccname + 5);
+ goto errout;
+ }
/* If tgt was passed unlink file */
if (ticket)
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/config.h.in ssh-1.2.27/config.h.in
--- ssh-1.2.27.orig/config.h.in Wed May 12 14:20:04 1999
+++ ssh-1.2.27/config.h.in Wed Aug 11 20:20:51 1999
@@ -360,6 +360,9 @@
/* Define if you have the authenticate function. */
#undef HAVE_AUTHENTICATE
+/* Define if you have the chflags function. */
+#undef HAVE_CHFLAGS
+
/* Define if you have the clock function. */
#undef HAVE_CLOCK
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/configure.in ssh-1.2.27/configure.in
--- ssh-1.2.27.orig/configure.in Wed May 12 14:20:02 1999
+++ ssh-1.2.27/configure.in Wed Aug 11 20:05:13 1999
@@ -433,6 +433,7 @@
AC_CHECK_FUNCS(strchr memcpy setlogin openpty _getpty clock fchmod ulimit)
AC_CHECK_FUNCS(gethostname getdtablesize umask innetgr initgroups setpgrp)
AC_CHECK_FUNCS(setpgid daemon waitpid ttyslot authenticate getpt isastream)
+AC_CHECK_FUNCS(chflags)
AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf)
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/sshd.c ssh-1.2.27/sshd.c
--- ssh-1.2.27.orig/sshd.c Wed May 12 14:19:29 1999
+++ ssh-1.2.27/sshd.c Wed Aug 11 20:26:31 1999
@@ -2897,9 +2897,87 @@
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
}
+ retry_chown:
+
/* Change ownership of the tty. */
- (void)chown(ttyname, pw->pw_uid, tty_gid);
- (void)chmod(ttyname, tty_mode);
+ if (chown(ttyname, pw->pw_uid, tty_gid) < 0)
+ {
+ /* chown failed. Atleast two possibilities. Either we are not
+ running as root, in which case this is OK, or we are running
+ on BSD, and somebody has put some flags to the tty. */
+
+ /* Check whether we are root or not.*/
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is OK. */
+ debug("chown failed (but we're not root anyway) for "
+ "%s, error %s", ttyname, strerror(errno));
+ }
+ else
+ {
+#ifdef HAVE_CHFLAGS
+ static int retrying = 0;
+ struct stat st;
+
+ if (!retrying)
+ {
+ debug("chown failed for %s, error: %s. Removing "
+ "user-settable flags, and retrying.",
+ ttyname, strerror(errno));
+
+ if (stat(ttyname, &st) < 0)
+ {
+ error("stat failed for %s, error: %s",
+ ttyname, strerror(errno));
+ }
+ else
+ {
+ debug("Removing user-settable flags with "
+ "chflags.");
+ /* Remove user definable flags. */
+ if (chflags(ttyname, st.st_flags &
+ ~(UF_NODUMP | UF_IMMUTABLE |
+ UF_APPEND | UF_OPAQUE)) < 0)
+ {
+ debug("chflags failed for %s, error: %s",
+ ttyname, strerror(errno));
+ }
+ else
+ {
+ debug("Retrying...");
+ retrying = 1;
+ goto retry_chown;
+ }
+ }
+ }
+ else
+ {
+ debug("chown failed even with retry. error: %s",
+ strerror(errno));
+ }
+
+#endif /* HAVE_CHFLAGS */
+ error("ssh_pty_allocate_and_fork: chown failed for %s.",
+ ttyname);
+ goto fail;
+ }
+ }
+
+ if (chmod(ttyname, tty_mode) < 0)
+ {
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is (probably) OK. */
+ debug("chmod failed (but we're not root anyway) for "
+ "%s, error %s", ttyname, strerror(errno));
+ }
+ else
+ {
+ error("ssh_pty_allocate_and_fork: chmod %s: %s",
+ ttyname, strerror(errno));
+ goto fail;
+ }
+ }
/* Get TERM from the packet. Note that the value may be of arbitrary
length. */
diff -u ssh-1.2.27.orig/configure ssh-1.2.27/configure
--- ssh-1.2.27.orig/configure Wed May 12 14:20:06 1999
+++ ssh-1.2.27/configure Wed Aug 11 20:08:14 1999
@@ -4512,16 +4512,71 @@
fi
done
+for ac_func in chflags
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:4519: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4524 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4547: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
for ac_func in strerror memmove remove random putenv crypt socketpair snprintf
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:4520: checking for $ac_func" >&5
+echo "configure:4575: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 4525 "configure"
+#line 4580 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -4544,7 +4599,7 @@
; return 0; }
EOF
-if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4603: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -4572,7 +4627,7 @@
echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6
-echo "configure:4576: checking whether ln -s works" >&5
+echo "configure:4631: checking whether ln -s works" >&5
if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4603,7 +4658,7 @@
# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
# ./install, which can be erroneously created by make from ./install.sh.
echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:4607: checking for a BSD compatible install" >&5
+echo "configure:4662: checking for a BSD compatible install" >&5
if test -z "$INSTALL"; then
if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -4655,7 +4710,7 @@
# Extract the first word of "ar", so it can be a program name with args.
set dummy ar; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:4659: checking for $ac_word" >&5
+echo "configure:4714: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4685,7 +4740,7 @@
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:4689: checking for $ac_word" >&5
+echo "configure:4744: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4719,7 +4774,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:4723: checking for $ac_word" >&5
+echo "configure:4778: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4754,7 +4809,7 @@
# Uses ac_ vars as temps to allow command line to override cache and checks.
# --without-x overrides everything else, but does not touch the cache.
echo $ac_n "checking for X""... $ac_c" 1>&6
-echo "configure:4758: checking for X" >&5
+echo "configure:4813: checking for X" >&5
# Check whether --with-x or --without-x was given.
if test "${with_x+set}" = set; then
@@ -4816,12 +4871,12 @@
# First, try using that file with no special directory specified.
cat > conftest.$ac_ext <<EOF
-#line 4820 "configure"
+#line 4875 "configure"
#include "confdefs.h"
#include <$x_direct_test_include>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4880: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -4890,14 +4945,14 @@
ac_save_LIBS="$LIBS"
LIBS="-l$x_direct_test_library $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 4894 "configure"
+#line 4949 "configure"
#include "confdefs.h"
int main() {
${x_direct_test_function}()
; return 0; }
EOF
-if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4956: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
LIBS="$ac_save_LIBS"
# We can link X programs with no special library path.
@@ -5003,17 +5058,17 @@
case "`(uname -sr) 2>/dev/null`" in
"SunOS 5"*)
echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
-echo "configure:5007: checking whether -R must be followed by a space" >&5
+echo "configure:5062: checking whether -R must be followed by a space" >&5
ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
cat > conftest.$ac_ext <<EOF
-#line 5010 "configure"
+#line 5065 "configure"
#include "confdefs.h"
int main() {
; return 0; }
EOF
-if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5072: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
ac_R_nospace=yes
else
@@ -5029,14 +5084,14 @@
else
LIBS="$ac_xsave_LIBS -R $x_libraries"
cat > conftest.$ac_ext <<EOF
-#line 5033 "configure"
+#line 5088 "configure"
#include "confdefs.h"
int main() {
; return 0; }
EOF
-if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5095: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
ac_R_space=yes
else
@@ -5068,7 +5123,7 @@
# libraries were built with DECnet support. And karl@cs.umb.edu says
# the Alpha needs dnet_stub (dnet does not exist).
echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
-echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5
+echo "configure:5127: checking for dnet_ntoa in -ldnet" >&5
ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5076,7 +5131,7 @@
ac_save_LIBS="$LIBS"
LIBS="-ldnet $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5080 "configure"
+#line 5135 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5087,7 +5142,7 @@
dnet_ntoa()
; return 0; }
EOF
-if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5109,7 +5164,7 @@
if test $ac_cv_lib_dnet_dnet_ntoa = no; then
echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
-echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5
+echo "configure:5168: checking for dnet_ntoa in -ldnet_stub" >&5
ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5117,7 +5172,7 @@
ac_save_LIBS="$LIBS"
LIBS="-ldnet_stub $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5121 "configure"
+#line 5176 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5128,7 +5183,7 @@
dnet_ntoa()
; return 0; }
EOF
-if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5187: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5157,12 +5212,12 @@
# The nsl library prevents programs from opening the X display
# on Irix 5.2, according to dickey@clark.net.
echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
-echo "configure:5161: checking for gethostbyname" >&5
+echo "configure:5216: checking for gethostbyname" >&5
if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5166 "configure"
+#line 5221 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char gethostbyname(); below. */
@@ -5185,7 +5240,7 @@
; return 0; }
EOF
-if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5244: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_gethostbyname=yes"
else
@@ -5206,7 +5261,7 @@
if test $ac_cv_func_gethostbyname = no; then
echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
-echo "configure:5210: checking for gethostbyname in -lnsl" >&5
+echo "configure:5265: checking for gethostbyname in -lnsl" >&5
ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5214,7 +5269,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lnsl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5218 "configure"
+#line 5273 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5225,7 +5280,7 @@
gethostbyname()
; return 0; }
EOF
-if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5284: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5255,12 +5310,12 @@
# -lsocket must be given before -lnsl if both are needed.
# We assume that if connect needs -lnsl, so does gethostbyname.
echo $ac_n "checking for connect""... $ac_c" 1>&6
-echo "configure:5259: checking for connect" >&5
+echo "configure:5314: checking for connect" >&5
if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5264 "configure"
+#line 5319 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char connect(); below. */
@@ -5283,7 +5338,7 @@
; return 0; }
EOF
-if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_connect=yes"
else
@@ -5304,7 +5359,7 @@
if test $ac_cv_func_connect = no; then
echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
-echo "configure:5308: checking for connect in -lsocket" >&5
+echo "configure:5363: checking for connect in -lsocket" >&5
ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5312,7 +5367,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5316 "configure"
+#line 5371 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5323,7 +5378,7 @@
connect()
; return 0; }
EOF
-if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5347,12 +5402,12 @@
# gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX.
echo $ac_n "checking for remove""... $ac_c" 1>&6
-echo "configure:5351: checking for remove" >&5
+echo "configure:5406: checking for remove" >&5
if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5356 "configure"
+#line 5411 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char remove(); below. */
@@ -5375,7 +5430,7 @@
; return 0; }
EOF
-if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5434: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_remove=yes"
else
@@ -5396,7 +5451,7 @@
if test $ac_cv_func_remove = no; then
echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
-echo "configure:5400: checking for remove in -lposix" >&5
+echo "configure:5455: checking for remove in -lposix" >&5
ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5404,7 +5459,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lposix $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5408 "configure"
+#line 5463 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5415,7 +5470,7 @@
remove()
; return 0; }
EOF
-if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5474: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5439,12 +5494,12 @@
# BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
echo $ac_n "checking for shmat""... $ac_c" 1>&6
-echo "configure:5443: checking for shmat" >&5
+echo "configure:5498: checking for shmat" >&5
if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5448 "configure"
+#line 5503 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char shmat(); below. */
@@ -5467,7 +5522,7 @@
; return 0; }
EOF
-if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5526: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_shmat=yes"
else
@@ -5488,7 +5543,7 @@
if test $ac_cv_func_shmat = no; then
echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
-echo "configure:5492: checking for shmat in -lipc" >&5
+echo "configure:5547: checking for shmat in -lipc" >&5
ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5496,7 +5551,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lipc $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5500 "configure"
+#line 5555 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5507,7 +5562,7 @@
shmat()
; return 0; }
EOF
-if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5540,7 +5595,7 @@
# libraries we check for below, so use a different variable.
# --interran@uluru.Stanford.EDU, kb@cs.umb.edu.
echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
-echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5
+echo "configure:5599: checking for IceConnectionNumber in -lICE" >&5
ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5548,7 +5603,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lICE $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5552 "configure"
+#line 5607 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5559,7 +5614,7 @@
IceConnectionNumber()
; return 0; }
EOF
-if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5618: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5587,7 +5642,7 @@
# Extract the first word of "passwd", so it can be a program name with args.
set dummy passwd; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:5591: checking for $ac_word" >&5
+echo "configure:5646: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -5625,7 +5680,7 @@
# Extract the first word of "xauth", so it can be a program name with args.
set dummy xauth; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:5629: checking for $ac_word" >&5
+echo "configure:5684: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -5669,7 +5724,7 @@
X_PROGRAMS="ssh-askpass"
fi
echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6
-echo "configure:5673: checking for X11 unix domain socket directory" >&5
+echo "configure:5728: checking for X11 unix domain socket directory" >&5
if test '!' -d /tmp/.X11-unix; then
if test -d /var/X/.X11-unix; then
@@ -5698,7 +5753,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:5702: checking for $ac_word" >&5
+echo "configure:5757: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -5739,12 +5794,12 @@
for ac_func in getpseudotty
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5743: checking for $ac_func" >&5
+echo "configure:5798: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5748 "configure"
+#line 5803 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -5767,7 +5822,7 @@
; return 0; }
EOF
-if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -5792,7 +5847,7 @@
done
echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6
-echo "configure:5796: checking for pseudo ttys" >&5
+echo "configure:5851: checking for pseudo ttys" >&5
if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes
then
cat >> confdefs.h <<\EOF
@@ -5832,7 +5887,7 @@
fi
echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6
-echo "configure:5836: checking for /etc/default/login" >&5
+echo "configure:5891: checking for /etc/default/login" >&5
if test -f /etc/default/login; then
cat >> confdefs.h <<\EOF
#define HAVE_ETC_DEFAULT_LOGIN 1
@@ -5845,7 +5900,7 @@
if test -z "$no_shadows_password_checking"; then
echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6
-echo "configure:5849: checking for shadow passwords" >&5
+echo "configure:5904: checking for shadow passwords" >&5
if test -f /etc/shadow; then
# If we don't have shadow.h, this might be some nonstandard
# kludging... So better check it out.
@@ -5859,7 +5914,7 @@
# have getspent in a system library. However, a libshadow.a library
# contaning these is publicly available.
echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6
-echo "configure:5863: checking for getspent in -lshadow" >&5
+echo "configure:5918: checking for getspent in -lshadow" >&5
ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5867,7 +5922,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lshadow $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5871 "configure"
+#line 5926 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5878,7 +5933,7 @@
getspent()
; return 0; }
EOF
-if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5937: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5906,9 +5961,9 @@
fi
echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6
-echo "configure:5910: checking whether spwd have sp_expire field" >&5
+echo "configure:5965: checking whether spwd have sp_expire field" >&5
cat > conftest.$ac_ext <<EOF
-#line 5912 "configure"
+#line 5967 "configure"
#include "confdefs.h"
#include <shadow.h>
EOF
@@ -5927,9 +5982,9 @@
rm -f conftest*
echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6
-echo "configure:5931: checking whether spwd have sp_inact field" >&5
+echo "configure:5986: checking whether spwd have sp_inact field" >&5
cat > conftest.$ac_ext <<EOF
-#line 5933 "configure"
+#line 5988 "configure"
#include "confdefs.h"
#include <shadow.h>
EOF
@@ -5968,7 +6023,7 @@
fi
echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6
-echo "configure:5972: checking location of mail spool files" >&5
+echo "configure:6027: checking location of mail spool files" >&5
for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE
do
if test "$dir" = "FILE"; then
@@ -6007,7 +6062,7 @@
done
echo $ac_n "checking location of utmp""... $ac_c" 1>&6
-echo "configure:6011: checking location of utmp" >&5
+echo "configure:6066: checking location of utmp" >&5
if test -f /var/run/utmp; then
cat >> confdefs.h <<\EOF
#define SSH_UTMP "/var/run/utmp"
@@ -6043,7 +6098,7 @@
fi
echo $ac_n "checking location of wtmp""... $ac_c" 1>&6
-echo "configure:6047: checking location of wtmp" >&5
+echo "configure:6102: checking location of wtmp" >&5
if test -f /var/log/wtmp; then
cat >> confdefs.h <<\EOF
#define SSH_WTMP "/var/log/wtmp"
@@ -6077,7 +6132,7 @@
fi
echo $ac_n "checking location of lastlog""... $ac_c" 1>&6
-echo "configure:6081: checking location of lastlog" >&5
+echo "configure:6136: checking location of lastlog" >&5
if test -f /var/log/lastlog || test -d /var/log/lastlog; then
cat >> confdefs.h <<\EOF
#define SSH_LASTLOG "/var/log/lastlog"
@@ -6132,7 +6187,7 @@
fi
echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6
-echo "configure:6136: checking whether $LASTLOG is a directory" >&5
+echo "configure:6191: checking whether $LASTLOG is a directory" >&5
if test -d $LASTLOG
then
echo "$ac_t""yes" 1>&6
@@ -6145,7 +6200,7 @@
fi
echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6
-echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5
+echo "configure:6204: checking whether to include the IDEA encryption algorithm" >&5
# Check whether --with-idea or --without-idea was given.
if test "${with_idea+set}" = set; then
withval="$with_idea"
@@ -6179,7 +6234,7 @@
echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6
-echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5
+echo "configure:6238: checking whether to include the Blowfish encryption algorithm" >&5
# Check whether --with-blowfish or --without-blowfish was given.
if test "${with_blowfish+set}" = set; then
withval="$with_blowfish"
@@ -6206,7 +6261,7 @@
echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6
-echo "configure:6210: checking whether to include the DES encryption algorithm" >&5
+echo "configure:6265: checking whether to include the DES encryption algorithm" >&5
# Check whether --with-des or --without-des was given.
if test "${with_des+set}" = set; then
withval="$with_des"
@@ -6229,7 +6284,7 @@
echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6
-echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5
+echo "configure:6288: checking whether to include the ARCFOUR encryption algorithm" >&5
# Check whether --with-arcfour or --without-arcfour was given.
if test "${with_arcfour+set}" = set; then
withval="$with_arcfour"
@@ -6252,7 +6307,7 @@
echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6
-echo "configure:6256: checking whether to include the none encryption algorithm" >&5
+echo "configure:6311: checking whether to include the none encryption algorithm" >&5
# Check whether --with-none or --without-none was given.
if test "${with_none+set}" = set; then
withval="$with_none"
@@ -6275,7 +6330,7 @@
echo $ac_n "checking whether to use login""... $ac_c" 1>&6
-echo "configure:6279: checking whether to use login" >&5
+echo "configure:6334: checking whether to use login" >&5
# Check whether --with-login or --without-login was given.
if test "${with_login+set}" = set; then
withval="$with_login"
@@ -6290,7 +6345,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:6294: checking for $ac_word" >&5
+echo "configure:6349: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -6349,7 +6404,7 @@
echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6
-echo "configure:6353: checking whether to use rsh" >&5
+echo "configure:6408: checking whether to use rsh" >&5
# Check whether --with-rsh or --without-rsh was given.
if test "${with_rsh+set}" = set; then
withval="$with_rsh"
@@ -6364,7 +6419,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:6368: checking for $ac_word" >&5
+echo "configure:6423: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -6416,7 +6471,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:6420: checking for $ac_word" >&5
+echo "configure:6475: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -6465,7 +6520,7 @@
# Code to permit setting default path for users (alden@math.ohio-state.edu)
echo $ac_n "checking default path""... $ac_c" 1>&6
-echo "configure:6469: checking default path" >&5
+echo "configure:6524: checking default path" >&5
# Check whether --with-path or --without-path was given.
if test "${with_path+set}" = set; then
withval="$with_path"
@@ -6488,7 +6543,7 @@
echo $ac_n "checking etcdir""... $ac_c" 1>&6
-echo "configure:6492: checking etcdir" >&5
+echo "configure:6547: checking etcdir" >&5
# Check whether --with-etcdir or --without-etcdir was given.
if test "${with_etcdir+set}" = set; then
withval="$with_etcdir"
@@ -6513,7 +6568,7 @@
echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6
-echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5
+echo "configure:6572: checking whether to use nologin.allow file to override nologin" >&5
# Check whether --with-nologin-allow or --without-nologin-allow was given.
if test "${with_nologin_allow+set}" = set; then
withval="$with_nologin_allow"
@@ -6543,7 +6598,7 @@
echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6
-echo "configure:6547: checking whether to support SecurID" >&5
+echo "configure:6602: checking whether to support SecurID" >&5
# Check whether --with-securid or --without-securid was given.
if test "${with_securid+set}" = set; then
withval="$with_securid"
@@ -6586,7 +6641,7 @@
echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6
-echo "configure:6590: checking whether to support TIS authentication server" >&5
+echo "configure:6645: checking whether to support TIS authentication server" >&5
# Check whether --with-tis or --without-tis was given.
if test "${with_tis+set}" = set; then
withval="$with_tis"
@@ -6617,7 +6672,7 @@
echo $ac_n "checking whether to use Kerberos""... $ac_c" 1>&6
-echo "configure:6621: checking whether to use Kerberos" >&5
+echo "configure:6676: checking whether to use Kerberos" >&5
# Check whether --with-kerberos5 or --without-kerberos5 was given.
if test "${with_kerberos5+set}" = set; then
withval="$with_kerberos5"
@@ -6649,7 +6704,7 @@
KERBEROS_INCS="-I${KERBEROS_ROOT}/include"
KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
echo $ac_n "checking for dbm_open in -lndbm""... $ac_c" 1>&6
-echo "configure:6653: checking for dbm_open in -lndbm" >&5
+echo "configure:6708: checking for dbm_open in -lndbm" >&5
ac_lib_var=`echo ndbm'_'dbm_open | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -6657,7 +6712,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lndbm $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 6661 "configure"
+#line 6716 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -6668,7 +6723,7 @@
dbm_open()
; return 0; }
EOF
-if { (eval echo configure:6672: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6727: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -6697,7 +6752,7 @@
echo $ac_n "checking whether to enable passing the Kerberos TGT""... $ac_c" 1>&6
-echo "configure:6701: checking whether to enable passing the Kerberos TGT" >&5
+echo "configure:6756: checking whether to enable passing the Kerberos TGT" >&5
# Check whether --enable-kerberos-tgt-passing or --disable-kerberos-tgt-passing was given.
if test "${enable_kerberos_tgt_passing+set}" = set; then
enableval="$enable_kerberos_tgt_passing"
@@ -6725,7 +6780,7 @@
echo $ac_n "checking whether to use libwrap""... $ac_c" 1>&6
-echo "configure:6729: checking whether to use libwrap" >&5
+echo "configure:6784: checking whether to use libwrap" >&5
# Check whether --with-libwrap or --without-libwrap was given.
if test "${with_libwrap+set}" = set; then
withval="$with_libwrap"
@@ -6736,7 +6791,7 @@
yes)
echo "$ac_t""yes" 1>&6
echo $ac_n "checking for request_init in -lwrap""... $ac_c" 1>&6
-echo "configure:6740: checking for request_init in -lwrap" >&5
+echo "configure:6795: checking for request_init in -lwrap" >&5
ac_lib_var=`echo wrap'_'request_init | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -6744,7 +6799,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lwrap $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 6748 "configure"
+#line 6803 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -6755,7 +6810,7 @@
request_init()
; return 0; }
EOF
-if { (eval echo configure:6759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -6799,14 +6854,14 @@
OLDLIBS="$LIBS"
LIBS="$WRAPLIBS $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 6803 "configure"
+#line 6858 "configure"
#include "confdefs.h"
int allow_severity; int deny_severity;
int main() {
hosts_access();
; return 0; }
EOF
-if { (eval echo configure:6810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6865: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
:
else
echo "configure: failed program was:" >&5
@@ -6827,7 +6882,7 @@
echo $ac_n "checking whether to support SOCKS""... $ac_c" 1>&6
-echo "configure:6831: checking whether to support SOCKS" >&5
+echo "configure:6886: checking whether to support SOCKS" >&5
# Check whether --with-socks or --without-socks was given.
if test "${with_socks+set}" = set; then
withval="$with_socks"
@@ -6838,7 +6893,7 @@
yes)
echo "$ac_t""yes" 1>&6
echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6
-echo "configure:6842: checking for SOCKSconnect in -lsocks5" >&5
+echo "configure:6897: checking for SOCKSconnect in -lsocks5" >&5
ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -6846,7 +6901,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lsocks5 $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 6850 "configure"
+#line 6905 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -6857,7 +6912,7 @@
SOCKSconnect()
; return 0; }
EOF
-if { (eval echo configure:6861: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6916: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -6879,7 +6934,7 @@
echo "$ac_t""no" 1>&6
echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6
-echo "configure:6883: checking for Rconnect in -lsocks" >&5
+echo "configure:6938: checking for Rconnect in -lsocks" >&5
ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -6887,7 +6942,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lsocks $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 6891 "configure"
+#line 6946 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -6898,7 +6953,7 @@
Rconnect()
; return 0; }
EOF
-if { (eval echo configure:6902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:6957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -6934,7 +6989,7 @@
if test "x$socks" = "x"; then
echo $ac_n "checking whether to support SOCKS5""... $ac_c" 1>&6
-echo "configure:6938: checking whether to support SOCKS5" >&5
+echo "configure:6993: checking whether to support SOCKS5" >&5
# Check whether --with-socks5 or --without-socks5 was given.
if test "${with_socks5+set}" = set; then
withval="$with_socks5"
@@ -6968,14 +7023,14 @@
TMPLIBS="$LIBS"
LIBS="$LIBS $KERBEROS_LIBS"
cat > conftest.$ac_ext <<EOF
-#line 6972 "configure"
+#line 7027 "configure"
#include "confdefs.h"
int main() {
SOCKSconnect();
; return 0; }
EOF
-if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7034: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
:
else
echo "configure: failed program was:" >&5
@@ -6996,7 +7051,7 @@
if test "x$socks" = "x"; then
echo $ac_n "checking whether to support SOCKS4""... $ac_c" 1>&6
-echo "configure:7000: checking whether to support SOCKS4" >&5
+echo "configure:7055: checking whether to support SOCKS4" >&5
# Check whether --with-socks4 or --without-socks4 was given.
if test "${with_socks4+set}" = set; then
withval="$with_socks4"
@@ -7016,14 +7071,14 @@
fi
LIBS="$withval $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 7020 "configure"
+#line 7075 "configure"
#include "confdefs.h"
int main() {
Rconnect();
; return 0; }
EOF
-if { (eval echo configure:7027: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:7082: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
:
else
echo "configure: failed program was:" >&5
@@ -7150,7 +7205,7 @@
fi
echo $ac_n "checking whether to use rsaref""... $ac_c" 1>&6
-echo "configure:7154: checking whether to use rsaref" >&5
+echo "configure:7209: checking whether to use rsaref" >&5
# Check whether --with-rsaref or --without-rsaref was given.
if test "${with_rsaref+set}" = set; then
withval="$with_rsaref"
@@ -7184,7 +7239,7 @@
# This allows group writeability in userfile_check_owner_permissions()
echo $ac_n "checking whether to allow group writeability""... $ac_c" 1>&6
-echo "configure:7188: checking whether to allow group writeability" >&5
+echo "configure:7243: checking whether to allow group writeability" >&5
# Check whether --enable-group-writeability or --disable-group-writeability was given.
if test "${enable_group_writeability+set}" = set; then
enableval="$enable_group_writeability"
@@ -7200,7 +7255,7 @@
echo $ac_n "checking whether to disable forwardings in server""... $ac_c" 1>&6
-echo "configure:7204: checking whether to disable forwardings in server" >&5
+echo "configure:7259: checking whether to disable forwardings in server" >&5
# Check whether --enable-server-port-forwardings or --disable-server-port-forwardings was given.
if test "${enable_server_port_forwardings+set}" = set; then
enableval="$enable_server_port_forwardings"
@@ -7222,7 +7277,7 @@
echo $ac_n "checking whether to disable forwardings in client""... $ac_c" 1>&6
-echo "configure:7226: checking whether to disable forwardings in client" >&5
+echo "configure:7281: checking whether to disable forwardings in client" >&5
# Check whether --enable-client-port-forwardings or --disable-client-port-forwardings was given.
if test "${enable_client_port_forwardings+set}" = set; then
enableval="$enable_client_port_forwardings"
@@ -7244,7 +7299,7 @@
echo $ac_n "checking whether to disable X11 forwarding in server""... $ac_c" 1>&6
-echo "configure:7248: checking whether to disable X11 forwarding in server" >&5
+echo "configure:7303: checking whether to disable X11 forwarding in server" >&5
# Check whether --enable-server-x11-forwarding or --disable-server-x11-forwarding was given.
if test "${enable_server_x11_forwarding+set}" = set; then
enableval="$enable_server_x11_forwarding"
@@ -7266,7 +7321,7 @@
echo $ac_n "checking whether to disable X11 forwarding in client""... $ac_c" 1>&6
-echo "configure:7270: checking whether to disable X11 forwarding in client" >&5
+echo "configure:7325: checking whether to disable X11 forwarding in client" >&5
# Check whether --enable-client-x11-forwarding or --disable-client-x11-forwarding was given.
if test "${enable_client_x11_forwarding+set}" = set; then
enableval="$enable_client_x11_forwarding"
@@ -7288,7 +7343,7 @@
echo $ac_n "checking whether to install ssh as suid root""... $ac_c" 1>&6
-echo "configure:7292: checking whether to install ssh as suid root" >&5
+echo "configure:7347: checking whether to install ssh as suid root" >&5
# Check whether --enable-suid-ssh or --disable-suid-ssh was given.
if test "${enable_suid_ssh+set}" = set; then
enableval="$enable_suid_ssh"
@@ -7309,7 +7364,7 @@
echo $ac_n "checking whether to enable TCP_NODELAY""... $ac_c" 1>&6
-echo "configure:7313: checking whether to enable TCP_NODELAY" >&5
+echo "configure:7368: checking whether to enable TCP_NODELAY" >&5
# Check whether --enable-tcp-nodelay or --disable-tcp-nodelay was given.
if test "${enable_tcp_nodelay+set}" = set; then
enableval="$enable_tcp_nodelay"
@@ -7335,7 +7390,7 @@
echo $ac_n "checking whether to enable SO_LINGER""... $ac_c" 1>&6
-echo "configure:7339: checking whether to enable SO_LINGER" >&5
+echo "configure:7394: checking whether to enable SO_LINGER" >&5
# Check whether --enable-so-linger or --disable-so-linger was given.
if test "${enable_so_linger+set}" = set; then
enableval="$enable_so_linger"
@@ -7357,7 +7412,7 @@
echo $ac_n "checking whether to include scp statistics at all""... $ac_c" 1>&6
-echo "configure:7361: checking whether to include scp statistics at all" >&5
+echo "configure:7416: checking whether to include scp statistics at all" >&5
# Check whether --with-scp-stats or --without-scp-stats was given.
if test "${with_scp_stats+set}" = set; then
withval="$with_scp_stats"
@@ -7383,7 +7438,7 @@
echo $ac_n "checking whether to enable scp statistics""... $ac_c" 1>&6
-echo "configure:7387: checking whether to enable scp statistics" >&5
+echo "configure:7442: checking whether to enable scp statistics" >&5
# Check whether --enable-scp-stats or --disable-scp-stats was given.
if test "${enable_scp_stats+set}" = set; then
enableval="$enable_scp_stats"
@@ -7409,7 +7464,7 @@
echo $ac_n "checking whether to enable scp statistics for all files""... $ac_c" 1>&6
-echo "configure:7413: checking whether to enable scp statistics for all files" >&5
+echo "configure:7468: checking whether to enable scp statistics for all files" >&5
# Check whether --enable-all-scp-stats or --disable-all-scp-stats was given.
if test "${enable_all_scp_stats+set}" = set; then
enableval="$enable_all_scp_stats"
@@ -7445,7 +7500,7 @@
PIDDIR="/var/run"
echo $ac_n "checking where to put sshd.pid""... $ac_c" 1>&6
-echo "configure:7449: checking where to put sshd.pid" >&5
+echo "configure:7504: checking where to put sshd.pid" >&5
if test '!' -d $PIDDIR; then
PIDDIR="$ETCDIR"
fi
--CpNjGBIMCN
Content-Type: text/plain; charset=us-ascii
Content-Description: .signature
Content-Transfer-Encoding: 7bit
--
[sjl@ssh.fi -- Sami J. Lehtinen -- sjl@iki.fi]
[work:+358 9 43543214][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Ltd. http://www.ssh.fi/]
--CpNjGBIMCN--
