summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2013-09-21 22:24:10 +0000
committerdes <des@FreeBSD.org>2013-09-21 22:24:10 +0000
commitb32fed86db62816ab222f56c1f859a444ac8648b (patch)
treefb81eca65d09d841e542cd6af66ff14c5004dbd8 /crypto/openssh
parenteaecb3d1ae60457bac557fd719cacb819f801159 (diff)
parentff2597d3eebc3da3f7cf2a638607274cad9b199e (diff)
downloadFreeBSD-src-b32fed86db62816ab222f56c1f859a444ac8648b.zip
FreeBSD-src-b32fed86db62816ab222f56c1f859a444ac8648b.tar.gz
Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them. This will make future merges from the vendor tree much easier. Approved by: re (gjb)
Diffstat (limited to 'crypto/openssh')
-rw-r--r--crypto/openssh/Makefile.in459
-rw-r--r--crypto/openssh/buildpkg.sh.in677
-rwxr-xr-xcrypto/openssh/config.sub1793
-rwxr-xr-xcrypto/openssh/configure18897
-rw-r--r--crypto/openssh/configure.ac4669
-rw-r--r--crypto/openssh/contrib/Makefile17
-rw-r--r--crypto/openssh/contrib/README70
-rw-r--r--crypto/openssh/contrib/aix/README50
-rwxr-xr-xcrypto/openssh/contrib/aix/buildbff.sh381
-rwxr-xr-xcrypto/openssh/contrib/aix/inventory.sh63
-rw-r--r--crypto/openssh/contrib/aix/pam.conf20
-rw-r--r--crypto/openssh/contrib/caldera/openssh.spec366
-rwxr-xr-xcrypto/openssh/contrib/caldera/ssh-host-keygen36
-rwxr-xr-xcrypto/openssh/contrib/caldera/sshd.init125
-rw-r--r--crypto/openssh/contrib/caldera/sshd.pam8
-rw-r--r--crypto/openssh/contrib/cygwin/Makefile77
-rw-r--r--crypto/openssh/contrib/cygwin/README91
-rw-r--r--crypto/openssh/contrib/cygwin/ssh-host-config758
-rw-r--r--crypto/openssh/contrib/cygwin/ssh-user-config266
-rw-r--r--crypto/openssh/contrib/cygwin/sshd-inetd4
-rwxr-xr-xcrypto/openssh/contrib/findssl.sh186
-rw-r--r--crypto/openssh/contrib/gnome-ssh-askpass1.c171
-rw-r--r--crypto/openssh/contrib/gnome-ssh-askpass2.c223
-rw-r--r--crypto/openssh/contrib/hpux/README45
-rw-r--r--crypto/openssh/contrib/hpux/egd15
-rwxr-xr-xcrypto/openssh/contrib/hpux/egd.rc98
-rw-r--r--crypto/openssh/contrib/hpux/sshd5
-rwxr-xr-xcrypto/openssh/contrib/hpux/sshd.rc90
-rw-r--r--crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh1
-rwxr-xr-xcrypto/openssh/contrib/redhat/gnome-ssh-askpass.sh2
-rw-r--r--crypto/openssh/contrib/redhat/openssh.spec812
-rwxr-xr-xcrypto/openssh/contrib/redhat/sshd.init106
-rwxr-xr-xcrypto/openssh/contrib/redhat/sshd.init.old172
-rw-r--r--crypto/openssh/contrib/redhat/sshd.pam6
-rw-r--r--crypto/openssh/contrib/redhat/sshd.pam.old8
-rwxr-xr-xcrypto/openssh/contrib/solaris/README30
-rw-r--r--crypto/openssh/contrib/ssh-copy-id300
-rw-r--r--crypto/openssh/contrib/ssh-copy-id.1186
-rw-r--r--crypto/openssh/contrib/sshd.pam.freebsd5
-rw-r--r--crypto/openssh/contrib/sshd.pam.generic8
-rw-r--r--crypto/openssh/contrib/suse/openssh.spec246
-rw-r--r--crypto/openssh/contrib/suse/rc.config.sshd5
-rw-r--r--crypto/openssh/contrib/suse/rc.sshd121
-rw-r--r--crypto/openssh/contrib/suse/sysconfig.ssh9
-rwxr-xr-xcrypto/openssh/install-sh251
-rw-r--r--crypto/openssh/mdoc2man.awk370
-rw-r--r--crypto/openssh/moduli.074
-rw-r--r--crypto/openssh/nchan.ms99
-rw-r--r--crypto/openssh/nchan2.ms88
-rw-r--r--crypto/openssh/openbsd-compat/Makefile.in42
-rw-r--r--crypto/openssh/openbsd-compat/regress/Makefile.in38
-rw-r--r--crypto/openssh/openbsd-compat/regress/closefromtest.c63
-rw-r--r--crypto/openssh/openbsd-compat/regress/snprintftest.c73
-rw-r--r--crypto/openssh/openbsd-compat/regress/strduptest.c45
-rw-r--r--crypto/openssh/openbsd-compat/regress/strtonumtest.c80
-rw-r--r--crypto/openssh/openssh.xml.in90
-rwxr-xr-xcrypto/openssh/opensshd.init.in88
-rw-r--r--crypto/openssh/regress/Makefile169
-rw-r--r--crypto/openssh/regress/README.regress104
-rwxr-xr-xcrypto/openssh/regress/addrmatch.sh56
-rw-r--r--crypto/openssh/regress/agent-getpeereid.sh45
-rwxr-xr-xcrypto/openssh/regress/agent-pkcs11.sh69
-rw-r--r--crypto/openssh/regress/agent-ptrace.sh53
-rw-r--r--crypto/openssh/regress/agent-timeout.sh36
-rw-r--r--crypto/openssh/regress/agent.sh75
-rw-r--r--crypto/openssh/regress/banner.sh44
-rw-r--r--crypto/openssh/regress/broken-pipe.sh15
-rw-r--r--crypto/openssh/regress/brokenkeys.sh23
-rwxr-xr-xcrypto/openssh/regress/cert-hostkey.sh256
-rwxr-xr-xcrypto/openssh/regress/cert-userkey.sh355
-rw-r--r--crypto/openssh/regress/cfgmatch.sh126
-rw-r--r--crypto/openssh/regress/cipher-speed.sh58
-rwxr-xr-xcrypto/openssh/regress/conch-ciphers.sh28
-rw-r--r--crypto/openssh/regress/connect-privsep.sh36
-rw-r--r--crypto/openssh/regress/connect.sh13
-rw-r--r--crypto/openssh/regress/dsa_ssh2.prv14
-rw-r--r--crypto/openssh/regress/dsa_ssh2.pub13
-rw-r--r--crypto/openssh/regress/dynamic-forward.sh59
-rw-r--r--crypto/openssh/regress/envpass.sh60
-rw-r--r--crypto/openssh/regress/exit-status.sh24
-rw-r--r--crypto/openssh/regress/forcecommand.sh42
-rwxr-xr-xcrypto/openssh/regress/forward-control.sh168
-rw-r--r--crypto/openssh/regress/forwarding.sh121
-rwxr-xr-xcrypto/openssh/regress/host-expand.sh18
-rwxr-xr-xcrypto/openssh/regress/integrity.sh76
-rwxr-xr-xcrypto/openssh/regress/kextype.sh30
-rwxr-xr-xcrypto/openssh/regress/key-options.sh71
-rw-r--r--crypto/openssh/regress/keygen-change.sh23
-rwxr-xr-xcrypto/openssh/regress/keygen-convert.sh33
-rwxr-xr-xcrypto/openssh/regress/keys-command.sh39
-rw-r--r--crypto/openssh/regress/keyscan.sh19
-rwxr-xr-xcrypto/openssh/regress/keytype.sh55
-rwxr-xr-xcrypto/openssh/regress/krl.sh157
-rwxr-xr-xcrypto/openssh/regress/localcommand.sh15
-rw-r--r--crypto/openssh/regress/login-timeout.sh29
-rwxr-xr-xcrypto/openssh/regress/modpipe.c175
-rw-r--r--crypto/openssh/regress/multiplex.sh143
-rwxr-xr-xcrypto/openssh/regress/portnum.sh34
-rw-r--r--crypto/openssh/regress/proto-mismatch.sh19
-rw-r--r--crypto/openssh/regress/proto-version.sh34
-rw-r--r--crypto/openssh/regress/proxy-connect.sh26
-rwxr-xr-xcrypto/openssh/regress/putty-ciphers.sh26
-rwxr-xr-xcrypto/openssh/regress/putty-kex.sh23
-rwxr-xr-xcrypto/openssh/regress/putty-transfer.sh41
-rw-r--r--crypto/openssh/regress/reconfigure.sh36
-rw-r--r--crypto/openssh/regress/reexec.sh73
-rw-r--r--crypto/openssh/regress/rekey.sh109
-rw-r--r--crypto/openssh/regress/rsa_openssh.prv15
-rw-r--r--crypto/openssh/regress/rsa_openssh.pub1
-rw-r--r--crypto/openssh/regress/rsa_ssh2.prv16
-rw-r--r--crypto/openssh/regress/scp-ssh-wrapper.sh57
-rw-r--r--crypto/openssh/regress/scp.sh125
-rw-r--r--crypto/openssh/regress/sftp-badcmds.sh65
-rw-r--r--crypto/openssh/regress/sftp-batch.sh55
-rwxr-xr-xcrypto/openssh/regress/sftp-chroot.sh25
-rw-r--r--crypto/openssh/regress/sftp-cmds.sh232
-rw-r--r--crypto/openssh/regress/sftp-glob.sh75
-rw-r--r--crypto/openssh/regress/sftp.sh32
-rw-r--r--crypto/openssh/regress/ssh-com-client.sh130
-rw-r--r--crypto/openssh/regress/ssh-com-keygen.sh74
-rw-r--r--crypto/openssh/regress/ssh-com-sftp.sh65
-rw-r--r--crypto/openssh/regress/ssh-com.sh119
-rwxr-xr-xcrypto/openssh/regress/ssh2putty.sh34
-rw-r--r--crypto/openssh/regress/sshd-log-wrapper.sh13
-rw-r--r--crypto/openssh/regress/stderr-after-eof.sh24
-rw-r--r--crypto/openssh/regress/stderr-data.sh29
-rw-r--r--crypto/openssh/regress/t4.ok1
-rw-r--r--crypto/openssh/regress/t5.ok1
-rw-r--r--crypto/openssh/regress/test-exec.sh474
-rw-r--r--crypto/openssh/regress/transfer.sh26
-rw-r--r--crypto/openssh/regress/try-ciphers.sh48
-rw-r--r--crypto/openssh/regress/yes-head.sh15
-rw-r--r--crypto/openssh/scp.0158
-rw-r--r--crypto/openssh/sftp-server.074
-rw-r--r--crypto/openssh/sftp.0349
-rw-r--r--crypto/openssh/ssh-add.0119
-rw-r--r--crypto/openssh/ssh-agent.0123
-rw-r--r--crypto/openssh/ssh-keygen.0546
-rw-r--r--crypto/openssh/ssh-keyscan.0109
-rw-r--r--crypto/openssh/ssh-keysign.051
-rw-r--r--crypto/openssh/ssh-pkcs11-helper.025
-rw-r--r--crypto/openssh/ssh.0935
-rw-r--r--crypto/openssh/ssh_config.0795
-rw-r--r--crypto/openssh/sshd.0640
-rw-r--r--crypto/openssh/sshd_config.0813
-rw-r--r--crypto/openssh/survey.sh.in69
146 files changed, 43001 insertions, 0 deletions
diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in
new file mode 100644
index 0000000..92c95a9
--- /dev/null
+++ b/crypto/openssh/Makefile.in
@@ -0,0 +1,459 @@
+# $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $
+
+# uncomment if you run a non bourne compatable shell. Ie. csh
+#SHELL = @SH@
+
+AUTORECONF=autoreconf
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+bindir=@bindir@
+sbindir=@sbindir@
+libexecdir=@libexecdir@
+datadir=@datadir@
+datarootdir=@datarootdir@
+mandir=@mandir@
+mansubdir=@mansubdir@
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+DESTDIR=
+VPATH=@srcdir@
+SSH_PROGRAM=@bindir@/ssh
+ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
+SFTP_SERVER=$(libexecdir)/sftp-server
+SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+PRIVSEP_PATH=@PRIVSEP_PATH@
+SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+STRIP_OPT=@STRIP_OPT@
+
+PATHS= -DSSHDIR=\"$(sysconfdir)\" \
+ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
+ -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
+ -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
+ -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
+ -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
+ -D_PATH_SSH_PIDDIR=\"$(piddir)\" \
+ -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
+
+CC=@CC@
+LD=@LD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+LIBS=@LIBS@
+K5LIBS=@K5LIBS@
+GSSLIBS=@GSSLIBS@
+SSHLIBS=@SSHLIBS@
+SSHDLIBS=@SSHDLIBS@
+LIBEDIT=@LIBEDIT@
+AR=@AR@
+AWK=@AWK@
+RANLIB=@RANLIB@
+INSTALL=@INSTALL@
+PERL=@PERL@
+SED=@SED@
+ENT=@ENT@
+XAUTH_PATH=@XAUTH_PATH@
+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+EXEEXT=@EXEEXT@
+MANFMT=@MANFMT@
+
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+
+LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ canohost.o channels.o cipher.o cipher-aes.o \
+ cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
+ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
+ log.o match.o md-sha256.o moduli.o nchan.o packet.o \
+ readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
+ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
+ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+ jpake.o schnorr.o ssh-pkcs11.o krl.o
+
+SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o mux.o \
+ roaming_common.o roaming_client.o
+
+SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+ audit.o audit-bsm.o audit-linux.o platform.o \
+ sshpty.o sshlogin.o servconf.o serverloop.o \
+ auth.o auth1.o auth2.o auth-options.o session.o \
+ auth-chall.o auth2-chall.o groupaccess.o \
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+ auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
+ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
+ auth-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ sftp-server.o sftp-common.o \
+ roaming_common.o roaming_serv.o \
+ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+ sandbox-seccomp-filter.o
+
+MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+MANTYPE = @MANTYPE@
+
+CONFIGFILES=sshd_config.out ssh_config.out moduli.out
+CONFIGFILES_IN=sshd_config ssh_config moduli
+
+PATHSUBS = \
+ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
+ -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
+ -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
+ -e 's|/usr/libexec|$(libexecdir)|g' \
+ -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
+ -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
+ -e 's|/etc/ssh/ssh_host_ecdsa_key|$(sysconfdir)/ssh_host_ecdsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
+ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
+ -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \
+ -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
+ -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \
+ -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
+ -e 's|/var/empty|$(PRIVSEP_PATH)|g' \
+ -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
+
+FIXPATHSCMD = $(SED) $(PATHSUBS)
+FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
+ @UNSUPPORTED_ALGORITHMS@
+
+all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+
+$(LIBSSH_OBJS): Makefile.in config.h
+$(SSHOBJS): Makefile.in config.h
+$(SSHDOBJS): Makefile.in config.h
+
+.c.o:
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+
+LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
+$(LIBCOMPAT): always
+ (cd openbsd-compat && $(MAKE))
+always:
+
+libssh.a: $(LIBSSH_OBJS)
+ $(AR) rv $@ $(LIBSSH_OBJS)
+ $(RANLIB) $@
+
+ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
+
+sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
+
+scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
+ $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
+ $(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readconf.o
+ $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+
+sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
+ $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+ $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
+
+# test driver for the loginrec code - not built by default
+logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
+ $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
+
+$(MANPAGES): $(MANPAGES_IN)
+ if test "$(MANTYPE)" = "cat"; then \
+ manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
+ else \
+ manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
+ fi; \
+ if test "$(MANTYPE)" = "man"; then \
+ $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \
+ $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
+ else \
+ $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \
+ fi
+
+$(CONFIGFILES): $(CONFIGFILES_IN)
+ conffile=`echo $@ | sed 's/.out$$//'`; \
+ $(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
+
+# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
+moduli:
+ echo
+
+# special case target for umac128
+umac128.o: umac.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) -o umac128.o -c $(srcdir)/umac.c \
+ -DUMAC_OUTPUT_LEN=16 -Dumac_new=umac128_new \
+ -Dumac_update=umac128_update -Dumac_final=umac128_final \
+ -Dumac_delete=umac128_delete
+
+clean: regressclean
+ rm -f *.o *.a $(TARGETS) logintest config.cache config.log
+ rm -f *.out core survey
+ (cd openbsd-compat && $(MAKE) clean)
+
+distclean: regressclean
+ rm -f *.o *.a $(TARGETS) logintest config.cache config.log
+ rm -f *.out core opensshd.init openssh.xml
+ rm -f Makefile buildpkg.sh config.h config.status
+ rm -f survey.sh openbsd-compat/regress/Makefile *~
+ rm -rf autom4te.cache
+ (cd openbsd-compat && $(MAKE) distclean)
+ if test -d pkg ; then \
+ rm -fr pkg ; \
+ fi
+
+veryclean: distclean
+ rm -f configure config.h.in *.0
+
+cleandir: veryclean
+
+mrproper: veryclean
+
+realclean: veryclean
+
+catman-do:
+ @for f in $(MANPAGES_IN) ; do \
+ base=`echo $$f | sed 's/\..*$$//'` ; \
+ echo "$$f -> $$base.0" ; \
+ $(MANFMT) $$f | cat -v | sed -e 's/.\^H//g' \
+ >$$base.0 ; \
+ done
+
+distprep: catman-do
+ $(AUTORECONF)
+ -rm -rf autom4te.cache
+
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
+install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
+install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
+
+check-config:
+ -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
+
+install-files:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+ (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+ $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+ $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+ $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+ $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
+ $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+ $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+ $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
+ $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
+ $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
+ $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+ $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(bindir)/slogin
+ ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+ ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+install-sysconf:
+ if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
+ fi
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \
+ $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \
+ fi
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
+ $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
+ fi
+ @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
+ if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
+ echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
+ mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \
+ else \
+ $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \
+ fi ; \
+ else \
+ echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
+ fi
+
+host-key: ssh-keygen$(EXEEXT)
+ @if [ -z "$(DESTDIR)" ] ; then \
+ if [ -f "$(sysconfdir)/ssh_host_key" ] ; then \
+ echo "$(sysconfdir)/ssh_host_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t rsa1 -f $(sysconfdir)/ssh_host_key -N "" ; \
+ fi ; \
+ if [ -f $(sysconfdir)/ssh_host_dsa_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t dsa -f $(sysconfdir)/ssh_host_dsa_key -N "" ; \
+ fi ; \
+ if [ -f $(sysconfdir)/ssh_host_rsa_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t rsa -f $(sysconfdir)/ssh_host_rsa_key -N "" ; \
+ fi ; \
+ if [ -z "@COMMENT_OUT_ECC@" ] ; then \
+ if [ -f $(sysconfdir)/ssh_host_ecdsa_key ] ; then \
+ echo "$(sysconfdir)/ssh_host_ecdsa_key already exists, skipping." ; \
+ else \
+ ./ssh-keygen -t ecdsa -f $(sysconfdir)/ssh_host_ecdsa_key -N "" ; \
+ fi ; \
+ fi ; \
+ fi ;
+
+host-key-force: ssh-keygen$(EXEEXT)
+ ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
+ ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
+ ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
+ test -z "@COMMENT_OUT_ECC@" && ./ssh-keygen -t ecdsa -f $(DESTDIR)$(sysconfdir)/ssh_host_ecdsa_key -N ""
+
+uninstallall: uninstall
+ -rm -f $(DESTDIR)$(sysconfdir)/ssh_config
+ -rm -f $(DESTDIR)$(sysconfdir)/sshd_config
+ -rmdir $(DESTDIR)$(sysconfdir)
+ -rmdir $(DESTDIR)$(bindir)
+ -rmdir $(DESTDIR)$(sbindir)
+ -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1
+ -rmdir $(DESTDIR)$(mandir)/$(mansubdir)8
+ -rmdir $(DESTDIR)$(mandir)
+ -rmdir $(DESTDIR)$(libexecdir)
+
+uninstall:
+ -rm -f $(DESTDIR)$(bindir)/slogin
+ -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
+ -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+ -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
+ -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+ [ -f `pwd`/regress/Makefile ] || \
+ ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
+ $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \
+ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
+tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT)
+ BUILDDIR=`pwd`; \
+ TEST_SHELL="@TEST_SHELL@"; \
+ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
+ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
+ TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
+ TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
+ TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
+ TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
+ TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
+ TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
+ TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
+ TEST_SSH_PLINK="plink"; \
+ TEST_SSH_PUTTYGEN="puttygen"; \
+ TEST_SSH_CONCH="conch"; \
+ TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
+ TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
+ TEST_SSH_SHA256="@TEST_SSH_SHA256@" ; \
+ cd $(srcdir)/regress || exit $$?; \
+ $(MAKE) \
+ .OBJDIR="$${BUILDDIR}/regress" \
+ .CURDIR="`pwd`" \
+ BUILDDIR="$${BUILDDIR}" \
+ OBJ="$${BUILDDIR}/regress/" \
+ PATH="$${BUILDDIR}:$${PATH}" \
+ TEST_SHELL="$${TEST_SHELL}" \
+ TEST_SSH_SSH="$${TEST_SSH_SSH}" \
+ TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
+ TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
+ TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \
+ TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \
+ TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
+ TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
+ TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
+ TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
+ TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
+ TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
+ TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
+ TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
+ TEST_SSH_ECC="$${TEST_SSH_ECC}" \
+ TEST_SSH_SHA256="$${TEST_SSH_SHA256}" \
+ EXEEXT="$(EXEEXT)" \
+ $@ && echo all tests passed
+
+compat-tests: $(LIBCOMPAT)
+ (cd openbsd-compat/regress && $(MAKE))
+
+regressclean:
+ if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \
+ (cd regress && $(MAKE) clean) \
+ fi
+
+survey: survey.sh ssh
+ @$(SHELL) ./survey.sh > survey
+ @echo 'The survey results have been placed in the file "survey" in the'
+ @echo 'current directory. Please review the file then send with'
+ @echo '"make send-survey".'
+
+send-survey: survey
+ mail portable-survey@mindrot.org <survey
+
+package: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+ if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \
+ sh buildpkg.sh; \
+ fi
+
diff --git a/crypto/openssh/buildpkg.sh.in b/crypto/openssh/buildpkg.sh.in
new file mode 100644
index 0000000..4b842b3
--- /dev/null
+++ b/crypto/openssh/buildpkg.sh.in
@@ -0,0 +1,677 @@
+#!/bin/sh
+#
+# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
+#
+# The following code has been provide under Public Domain License. I really
+# don't care what you use it for. Just as long as you don't complain to me
+# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
+#
+umask 022
+#
+# Options for building the package
+# You can create a openssh-config.local with your customized options
+#
+REMOVE_FAKE_ROOT_WHEN_DONE=yes
+#
+# uncommenting TEST_DIR and using
+# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
+# and
+# PKGNAME=tOpenSSH should allow testing a package without interfering
+# with a real OpenSSH package on a system. This is not needed on systems
+# that support the -R option to pkgadd.
+#TEST_DIR=/var/tmp # leave commented out for production build
+PKGNAME=OpenSSH
+# revisions within the same version (REV=a)
+#REV=
+SYSVINIT_NAME=opensshd
+AWK=${AWK:="nawk"}
+MAKE=${MAKE:="make"}
+SSHDUID=67 # Default privsep uid
+SSHDGID=67 # Default privsep gid
+# uncomment these next three as needed
+#PERMIT_ROOT_LOGIN=no
+#X11_FORWARDING=yes
+#USR_LOCAL_IS_SYMLINK=yes
+# System V init run levels
+SYSVINITSTART=S98
+SYSVINITSTOPT=K30
+# We will source these if they exist
+POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh
+POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
+# We'll be one level deeper looking for these
+PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
+PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local
+PKG_PREREMOVE_LOCAL=../pkg-preremove.local
+PKG_POSTREMOVE_LOCAL=../pkg-postremove.local
+PKG_REQUEST_LOCAL=../pkg-request.local
+# end of sourced files
+#
+OPENSSHD=opensshd.init
+OPENSSH_MANIFEST=openssh.xml
+OPENSSH_FMRI=svc:/site/${SYSVINIT_NAME}:default
+SMF_METHOD_DIR=/lib/svc/method/site
+SMF_MANIFEST_DIR=/var/svc/manifest/site
+
+PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
+PATH_USERADD_PROG=@PATH_USERADD_PROG@
+PATH_PASSWD_PROG=@PATH_PASSWD_PROG@
+#
+# list of system directories we do NOT want to change owner/group/perms
+# when installing our package
+SYSTEM_DIR="/etc \
+/etc/init.d \
+/etc/rcS.d \
+/etc/rc0.d \
+/etc/rc1.d \
+/etc/rc2.d \
+/etc/opt \
+/lib \
+/lib/svc \
+/lib/svc/method \
+/lib/svc/method/site \
+/opt \
+/opt/bin \
+/usr \
+/usr/bin \
+/usr/lib \
+/usr/sbin \
+/usr/share \
+/usr/share/man \
+/usr/share/man/man1 \
+/usr/share/man/man8 \
+/usr/local \
+/usr/local/bin \
+/usr/local/etc \
+/usr/local/libexec \
+/usr/local/man \
+/usr/local/man/man1 \
+/usr/local/man/man8 \
+/usr/local/sbin \
+/usr/local/share \
+/var \
+/var/opt \
+/var/run \
+/var/svc \
+/var/svc/manifest \
+/var/svc/manifest/site \
+/var/tmp \
+/tmp"
+
+# We may need to build as root so we make sure PATH is set up
+# only set the path if it's not set already
+[ -d /opt/bin ] && {
+ echo $PATH | grep ":/opt/bin" > /dev/null 2>&1
+ [ $? -ne 0 ] && PATH=$PATH:/opt/bin
+}
+[ -d /usr/local/bin ] && {
+ echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
+ [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
+}
+[ -d /usr/ccs/bin ] && {
+ echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
+ [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
+}
+export PATH
+#
+
+[ -f Makefile ] || {
+ echo "Please run this script from your build directory"
+ exit 1
+}
+
+# we will look for openssh-config.local to override the above options
+[ -s ./openssh-config.local ] && . ./openssh-config.local
+
+START=`pwd`
+FAKE_ROOT=$START/pkg
+
+## Fill in some details, like prefix and sysconfdir
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir
+do
+ eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
+done
+
+## Are we using Solaris' SMF?
+DO_SMF=0
+if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1
+then
+ DO_SMF=1
+fi
+
+## Collect value of privsep user
+for confvar in SSH_PRIVSEP_USER
+do
+ eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+done
+
+## Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+ SSH_PRIVSEP_USER=sshd
+fi
+
+## Extract common info requires for the 'info' part of the package.
+VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
+
+ARCH=`uname -m`
+DEF_MSG="\n"
+OS_VER=`uname -v`
+SCRIPT_SHELL=/sbin/sh
+UNAME_R=`uname -r`
+UNAME_S=`uname -s`
+case ${UNAME_S} in
+ SunOS) UNAME_S=Solaris
+ OS_VER=${UNAME_R}
+ ARCH=`uname -p`
+ RCS_D=yes
+ DEF_MSG="(default: n)"
+ ;;
+ SCO_SV) case ${UNAME_R} in
+ 3.2) UNAME_S=OpenServer5
+ OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'`
+ ;;
+ 5) UNAME_S=OpenServer6
+ ;;
+ esac
+ SCRIPT_SHELL=/bin/sh
+ RC1_D=no
+ DEF_MSG="(default: n)"
+ ;;
+esac
+
+case `basename $0` in
+ buildpkg.sh)
+## Start by faking root install
+echo "Faking root install..."
+[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
+mkdir $FAKE_ROOT
+${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
+if [ $? -gt 0 ]
+then
+ echo "Fake root install failed, stopping."
+ exit 1
+fi
+
+## Setup our run level stuff while we are at it.
+if [ $DO_SMF -eq 1 ]
+then
+ # For Solaris' SMF, /lib/svc/method/site is the preferred place
+ # for start/stop scripts that aren't supplied with the OS, and
+ # similarly /var/svc/manifest/site for manifests.
+ mkdir -p $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}
+ mkdir -p $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}
+
+ cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}/${SYSVINIT_NAME}
+ chmod 744 $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}/${SYSVINIT_NAME}
+
+ cat ${OPENSSH_MANIFEST} | \
+ sed -e "s|__SYSVINIT_NAME__|${SYSVINIT_NAME}|" \
+ -e "s|__SMF_METHOD_DIR__|${SMF_METHOD_DIR}|" \
+ > $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml
+ chmod 644 $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml
+else
+ mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
+
+ cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+ chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+fi
+
+[ "${PERMIT_ROOT_LOGIN}" = no ] && \
+ perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+ $FAKE_ROOT${sysconfdir}/sshd_config
+[ "${X11_FORWARDING}" = yes ] && \
+ perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+ $FAKE_ROOT${sysconfdir}/sshd_config
+# fix PrintMotd
+perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
+ $FAKE_ROOT${sysconfdir}/sshd_config
+
+# We don't want to overwrite config files on multiple installs
+mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default
+mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default
+
+# local tweeks here
+[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES}
+
+cd $FAKE_ROOT
+
+## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
+## whining.
+for i in *; do
+ PROTO_ARGS="$PROTO_ARGS $i=/$i";
+done
+
+## Build info file
+echo "Building pkginfo file..."
+cat > pkginfo << _EOF
+PKG=$PKGNAME
+NAME="OpenSSH Portable for ${UNAME_S}"
+DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
+VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
+ARCH=$ARCH
+VERSION=$VERSION$REV
+CATEGORY="Security,application"
+BASEDIR=/
+CLASSES="none"
+PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
+_EOF
+
+## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS
+echo "Building depend file..."
+touch depend
+
+## Build space file
+echo "Building space file..."
+if [ $DO_SMF -eq 1 ]
+then
+ # XXX Is this necessary? If not, remove space line from mk-proto.awk.
+ touch space
+else
+ cat > space << _EOF
+# extra space required by start/stop links added by installf
+# in postinstall
+$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
+$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
+_EOF
+ [ "$RC1_D" = no ] || \
+ echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+ [ "$RCS_D" = yes ] && \
+ echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+fi
+
+## Build preinstall file
+echo "Building preinstall file..."
+cat > preinstall << _EOF
+#! ${SCRIPT_SHELL}
+#
+_EOF
+
+# local preinstall changes here
+[ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL}
+
+cat >> preinstall << _EOF
+#
+if [ "\${PRE_INS_STOP}" = "yes" ]
+then
+ if [ $DO_SMF -eq 1 ]
+ then
+ svcadm disable $OPENSSH_FMRI
+ else
+ ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+ fi
+fi
+
+exit 0
+_EOF
+
+## Build postinstall file
+echo "Building postinstall file..."
+cat > postinstall << _EOF
+#! ${SCRIPT_SHELL}
+#
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
+ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
+ \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
+[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
+ cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
+ \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
+
+# make rc?.d dirs only if we are doing a test install
+[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
+ [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
+ mkdir -p ${TEST_DIR}/etc/rc0.d
+ [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
+ mkdir -p ${TEST_DIR}/etc/rc2.d
+}
+
+if [ $DO_SMF -eq 1 ]
+then
+ # Delete the existing service, if it exists, then import the
+ # new one.
+ if svcs $OPENSSH_FMRI > /dev/null 2>&1
+ then
+ svccfg delete -f $OPENSSH_FMRI
+ fi
+ # NOTE, The manifest disables sshd by default.
+ svccfg import ${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml
+else
+ if [ "\${USE_SYM_LINKS}" = yes ]
+ then
+ [ "$RCS_D" = yes ] && \\
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ [ "$RC1_D" = no ] || \\
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ else
+ [ "$RCS_D" = yes ] && \\
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ [ "$RC1_D" = no ] || \\
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ fi
+fi
+
+# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
+[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys
+
+_EOF
+
+# local postinstall changes here
+[ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL}
+
+cat >> postinstall << _EOF
+installf -f ${PKGNAME}
+
+# Use chroot to handle PKG_INSTALL_ROOT
+if [ ! -z "\${PKG_INSTALL_ROOT}" ]
+then
+ chroot="chroot \${PKG_INSTALL_ROOT}"
+fi
+# If this is a test build, we will skip the groupadd/useradd/passwd commands
+if [ ! -z "${TEST_DIR}" ]
+then
+ chroot=echo
+fi
+
+ echo "PrivilegeSeparation user always required."
+ if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+ then
+ echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+ SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\`
+ SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\`
+ else
+ DO_PASSWD=yes
+ fi
+ [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER
+
+ # group required?
+ if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null
+ then
+ echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists."
+ else
+ DO_GROUP=yes
+ fi
+
+ # create group if required
+ [ "\$DO_GROUP" = yes ] && {
+ # Use gid of 67 if possible
+ if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
+ then
+ :
+ else
+ sshdgid="-g $SSHDGID"
+ fi
+ echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP."
+ \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP
+ }
+
+ # Create user if required
+ [ "\$DO_PASSWD" = yes ] && {
+ # Use uid of 67 if possible
+ if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null
+ then
+ :
+ else
+ sshduid="-u $SSHDUID"
+ fi
+ echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+ \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
+ \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
+ }
+
+if [ "\${POST_INS_START}" = "yes" ]
+then
+ if [ $DO_SMF -eq 1 ]
+ then
+ svcadm enable $OPENSSH_FMRI
+ else
+ ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
+ fi
+fi
+exit 0
+_EOF
+
+## Build preremove file
+echo "Building preremove file..."
+cat > preremove << _EOF
+#! ${SCRIPT_SHELL}
+#
+if [ $DO_SMF -eq 1 ]
+then
+ svcadm disable $OPENSSH_FMRI
+else
+ ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+fi
+_EOF
+
+# local preremove changes here
+[ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL}
+
+cat >> preremove << _EOF
+exit 0
+_EOF
+
+## Build postremove file
+echo "Building postremove file..."
+cat > postremove << _EOF
+#! ${SCRIPT_SHELL}
+#
+if [ $DO_SMF -eq 1 ]
+then
+ if svcs $OPENSSH_FMRI > /dev/null 2>&1
+ then
+ svccfg delete -f $OPENSSH_FMRI
+ fi
+fi
+_EOF
+
+# local postremove changes here
+[ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL}
+
+cat >> postremove << _EOF
+exit 0
+_EOF
+
+## Build request file
+echo "Building request file..."
+cat > request << _EOF
+trap 'exit 3' 15
+
+_EOF
+
+[ -x /usr/bin/ckyorn ] || cat >> request << _EOF
+
+ckyorn() {
+# for some strange reason OpenServer5 has no ckyorn
+# We build a striped down version here
+
+DEFAULT=n
+PROMPT="Yes or No [yes,no,?,quit]"
+HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no."
+USAGE="usage: ckyorn [options]
+where options may include:
+ -d default
+ -h help
+ -p prompt
+"
+
+if [ \$# != 0 ]
+then
+ while getopts d:p:h: c
+ do
+ case \$c in
+ h) HELP_PROMPT="\$OPTARG" ;;
+ d) DEFAULT=\$OPTARG ;;
+ p) PROMPT=\$OPTARG ;;
+ \\?) echo "\$USAGE" 1>&2
+ exit 1 ;;
+ esac
+ done
+ shift \`expr \$OPTIND - 1\`
+fi
+
+while true
+do
+ echo "\${PROMPT}\\c " 1>&2
+ read key
+ [ -z "\$key" ] && key=\$DEFAULT
+ case \$key in
+ [n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c"
+ exit 0 ;;
+ \\?) echo \$HELP_PROMPT 1>&2 ;;
+ q|quit) echo "q\\c" 1>&2
+ exit 3 ;;
+ esac
+done
+
+}
+
+_EOF
+
+if [ $DO_SMF -eq 1 ]
+then
+ # This could get hairy, as the running sshd may not be under SMF.
+ # We'll assume an earlier version of OpenSSH started via SMF.
+ cat >> request << _EOF
+PRE_INS_STOP=no
+POST_INS_START=no
+# determine if should restart the daemon
+if [ -s ${piddir}/sshd.pid ] && \\
+ /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
+then
+ ans=\`ckyorn -d n \\
+-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) PRE_INS_STOP=yes
+ POST_INS_START=yes
+ ;;
+ esac
+
+else
+
+# determine if we should start sshd
+ ans=\`ckyorn -d n \\
+-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) POST_INS_START=yes ;;
+ esac
+fi
+
+# make parameters available to installation service,
+# and so to any other packaging scripts
+cat >\$1 <<!
+PRE_INS_STOP='\$PRE_INS_STOP'
+POST_INS_START='\$POST_INS_START'
+!
+
+_EOF
+else
+ cat >> request << _EOF
+USE_SYM_LINKS=no
+PRE_INS_STOP=no
+POST_INS_START=no
+# Use symbolic links?
+ans=\`ckyorn -d n \\
+-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
+case \$ans in
+ [y,Y]*) USE_SYM_LINKS=yes ;;
+esac
+
+# determine if should restart the daemon
+if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
+then
+ ans=\`ckyorn -d n \\
+-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) PRE_INS_STOP=yes
+ POST_INS_START=yes
+ ;;
+ esac
+
+else
+
+# determine if we should start sshd
+ ans=\`ckyorn -d n \\
+-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) POST_INS_START=yes ;;
+ esac
+fi
+
+# make parameters available to installation service,
+# and so to any other packaging scripts
+cat >\$1 <<!
+USE_SYM_LINKS='\$USE_SYM_LINKS'
+PRE_INS_STOP='\$PRE_INS_STOP'
+POST_INS_START='\$POST_INS_START'
+!
+
+_EOF
+fi
+
+# local request changes here
+[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}
+
+cat >> request << _EOF
+exit 0
+
+_EOF
+
+## Next Build our prototype
+echo "Building prototype file..."
+cat >mk-proto.awk << _EOF
+ BEGIN { print "i pkginfo"; print "i depend"; \\
+ print "i preinstall"; print "i postinstall"; \\
+ print "i preremove"; print "i postremove"; \\
+ print "i request"; print "i space"; \\
+ split("$SYSTEM_DIR",sys_files); }
+ {
+ for (dir in sys_files) { if ( \$3 != sys_files[dir] )
+ { if ( \$1 == "s" )
+ { \$5=""; \$6=""; }
+ else
+ { \$5="root"; \$6="sys"; }
+ }
+ else
+ { \$4="?"; \$5="?"; \$6="?"; break;}
+ } }
+ { print; }
+_EOF
+
+find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
+ pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype
+
+# /usr/local is a symlink on some systems
+[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
+ grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
+ mv prototype.new prototype
+}
+
+## Step back a directory and now build the package.
+cd ..
+# local prototype tweeks here
+[ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS}
+
+echo "Building package.."
+pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
+ ;;
+
+ justpkg.sh)
+rm -fr ${FAKE_ROOT}/${PKGNAME}
+grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp
+mv $$tmp $FAKE_ROOT/pkginfo
+cat >> $FAKE_ROOT/pkginfo << _EOF
+PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
+_EOF
+pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
+ ;;
+
+esac
+
+[ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT
+exit 0
+
diff --git a/crypto/openssh/config.sub b/crypto/openssh/config.sub
new file mode 100755
index 0000000..eee8dcc
--- /dev/null
+++ b/crypto/openssh/config.sub
@@ -0,0 +1,1793 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011, 2012, 2013 Free Software Foundation, Inc.
+
+timestamp='2012-12-23'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
+2012, 2013 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ android-linux)
+ os=-linux-android
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze*)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*178)
+ os=-lynxos178
+ ;;
+ -lynx*5)
+ os=-lynxos5
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | aarch64 | aarch64_be \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc \
+ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
+ | avr | avr32 \
+ | be32 | be64 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | epiphany \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | le32 | le64 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | open8 \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
+ | pyramid \
+ | rl78 | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
+ | we32k \
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+ xgate)
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | aarch64-* | aarch64_be-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | be32-* | be64-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | hexagon-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | le32-* | le64-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
+ | microblaze-* | microblazeel-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+ | pyramid-* \
+ | rl78-* | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile*-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze*)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw64)
+ basic_machine=x86_64-pc
+ os=-mingw64
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ msys)
+ basic_machine=i386-pc
+ os=-msys
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ nacl)
+ basic_machine=le32-unknown
+ os=-nacl
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc | ppcbe) basic_machine=powerpc-unknown
+ ;;
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos | rdos64)
+ basic_machine=x86_64-pc
+ os=-rdos
+ ;;
+ rdos32)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tile*)
+ basic_machine=$basic_machine-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -bitrig* | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-musl* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ hexagon-*)
+ os=-elf
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/crypto/openssh/configure b/crypto/openssh/configure
new file mode 100755
index 0000000..0d6fad5
--- /dev/null
+++ b/crypto/openssh/configure
@@ -0,0 +1,18897 @@
+#! /bin/sh
+# From configure.ac Revision: 1.536 .
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.68 for OpenSSH Portable.
+#
+# Report bugs to <openssh-unix-dev@mindrot.org>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ # Preserve -v and -x to the replacement shell.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+ esac
+ exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: openssh-unix-dev@mindrot.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='OpenSSH'
+PACKAGE_TARNAME='openssh'
+PACKAGE_VERSION='Portable'
+PACKAGE_STRING='OpenSSH Portable'
+PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org'
+PACKAGE_URL=''
+
+ac_unique_file="ssh.c"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+UNSUPPORTED_ALGORITHMS
+TEST_SSH_IPV6
+piddir
+user_path
+mansubdir
+MANTYPE
+XAUTH_PATH
+STRIP_OPT
+xauth_path
+PRIVSEP_PATH
+K5LIBS
+GSSLIBS
+KRB5CONF
+SSHDLIBS
+SSHLIBS
+SSH_PRIVSEP_USER
+COMMENT_OUT_ECC
+TEST_SSH_ECC
+TEST_SSH_SHA256
+LIBEDIT
+PKGCONFIG
+LD
+PATH_PASSWD_PROG
+LOGIN_PROGRAM_FALLBACK
+STARTUP_SCRIPT_SHELL
+MAKE_PACKAGE_SUPPORTED
+PATH_USERADD_PROG
+PATH_GROUPADD_PROG
+MANFMT
+TEST_SHELL
+MANDOC
+NROFF
+GROFF
+SH
+TEST_MINUS_S_SH
+ENT
+SED
+PERL
+KILL
+CAT
+AR
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+RANLIB
+AWK
+EGREP
+GREP
+CPP
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_largefile
+with_stackprotect
+with_rpath
+with_cflags
+with_cppflags
+with_ldflags
+with_libs
+with_Werror
+with_solaris_contracts
+with_solaris_projects
+with_osfsia
+with_zlib
+with_zlib_version_check
+with_skey
+with_tcp_wrappers
+with_ldns
+with_libedit
+with_audit
+with_ssl_dir
+with_openssl_header_check
+with_ssl_engine
+with_prngd_port
+with_prngd_socket
+with_pam
+with_privsep_user
+with_sandbox
+with_selinux
+with_kerberos5
+with_privsep_path
+with_xauth
+enable_strip
+with_maildir
+with_mantype
+with_md5_passwords
+with_shadow
+with_ipaddr_display
+enable_etc_default_login
+with_default_path
+with_superuser_path
+with_4in6
+with_bsd_auth
+with_pid_dir
+enable_lastlog
+enable_utmp
+enable_utmpx
+enable_wtmp
+enable_wtmpx
+enable_libutil
+enable_pututline
+enable_pututxline
+with_lastlog
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used" >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures OpenSSH Portable to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/openssh]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of OpenSSH Portable:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --disable-largefile omit support for large files
+ --disable-strip Disable calling strip(1) on install
+ --disable-etc-default-login Disable using PATH from /etc/default/login no
+ --disable-lastlog disable use of lastlog even if detected no
+ --disable-utmp disable use of utmp even if detected no
+ --disable-utmpx disable use of utmpx even if detected no
+ --disable-wtmp disable use of wtmp even if detected no
+ --disable-wtmpx disable use of wtmpx even if detected no
+ --disable-libutil disable use of libutil (login() etc.) no
+ --disable-pututline disable use of pututline() etc. (uwtmp) no
+ --disable-pututxline disable use of pututxline() etc. (uwtmpx) no
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --without-stackprotect Don't use compiler's stack protection
+ --without-rpath Disable auto-added -R linker paths
+ --with-cflags Specify additional flags to pass to compiler
+ --with-cppflags Specify additional flags to pass to preprocessor
+ --with-ldflags Specify additional flags to pass to linker
+ --with-libs Specify additional libraries to link with
+ --with-Werror Build main code with -Werror
+ --with-solaris-contracts Enable Solaris process contracts (experimental)
+ --with-solaris-projects Enable Solaris projects (experimental)
+ --with-osfsia Enable Digital Unix SIA
+ --with-zlib=PATH Use zlib in PATH
+ --without-zlib-version-check Disable zlib version check
+ --with-skey[=PATH] Enable S/Key support (optionally in PATH)
+ --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH)
+ --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
+ --with-libedit[=PATH] Enable libedit support for sftp
+ --with-audit=module Enable audit support (modules=debug,bsm,linux)
+ --with-ssl-dir=PATH Specify path to OpenSSL installation
+ --without-openssl-header-check Disable OpenSSL version consistency check
+ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support
+ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
+ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
+ --with-pam Enable PAM support
+ --with-privsep-user=user Specify non-privileged user for privilege separation
+ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)
+ --with-selinux Enable SELinux support
+ --with-kerberos5=PATH Enable Kerberos 5 support
+ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
+ --with-xauth=PATH Specify path to xauth program
+ --with-maildir=/path/to/mail Specify your system mail directory
+ --with-mantype=man|cat|doc Set man page type
+ --with-md5-passwords Enable use of MD5 passwords
+ --without-shadow Disable shadow password support
+ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY
+ --with-default-path= Specify default \$PATH environment for server
+ --with-superuser-path= Specify different path for super-user
+ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
+ --with-bsd-auth Enable BSD auth support
+ --with-pid-dir=PATH Specify location of ssh.pid file
+ --with-lastlog=FILE|DIR specify lastlog location common locations
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <openssh-unix-dev@mindrot.org>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+OpenSSH configure Portable
+generated by GNU Autoconf 2.68
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
+# ---------------------------------------------
+# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
+# accordingly.
+ac_fn_c_check_decl ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ as_decl_name=`echo $2|sed 's/ *(.*//'`
+ as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
+$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+#ifndef $as_decl_name
+#ifdef __cplusplus
+ (void) $as_decl_use;
+#else
+ (void) $as_decl_name;
+#endif
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_decl
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval \${$3+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## ------------------------------------------- ##
+## Report this to openssh-unix-dev@mindrot.org ##
+## ------------------------------------------- ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
+# ----------------------------------------------------
+# Tries to find if the field MEMBER exists in type AGGR, after including
+# INCLUDES, setting cache variable VAR accordingly.
+ac_fn_c_check_member ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
+$as_echo_n "checking for $2.$3... " >&6; }
+if eval \${$4+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (ac_aggr.$3)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$4=yes"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (sizeof ac_aggr.$3)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$4=yes"
+else
+ eval "$4=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$4
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_member
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by OpenSSH $as_me Portable, which was
+generated by GNU Autoconf 2.68. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
+$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
+if ${ac_cv_c_bigendian+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_bigendian=unknown
+ # See if we're dealing with a universal compiler.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __APPLE_CC__
+ not a universal capable compiler
+ #endif
+ typedef int dummy;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ # Check for potential -arch flags. It is not universal unless
+ # there are at least two -arch flags with different values.
+ ac_arch=
+ ac_prev=
+ for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
+ if test -n "$ac_prev"; then
+ case $ac_word in
+ i?86 | x86_64 | ppc | ppc64)
+ if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
+ ac_arch=$ac_word
+ else
+ ac_cv_c_bigendian=universal
+ break
+ fi
+ ;;
+ esac
+ ac_prev=
+ elif test "x$ac_word" = "x-arch"; then
+ ac_prev=arch
+ fi
+ done
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
+int
+main ()
+{
+#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
+ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
+ && LITTLE_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
+int
+main ()
+{
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+
+int
+main ()
+{
+#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to _BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+
+int
+main ()
+{
+#ifndef _BIG_ENDIAN
+ not big endian
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # Compile a test program.
+ if test "$cross_compiling" = yes; then :
+ # Try to guess by grepping values from an object file.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+short int ascii_mm[] =
+ { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+ short int ascii_ii[] =
+ { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+ int use_ascii (int i) {
+ return ascii_mm[i] + ascii_ii[i];
+ }
+ short int ebcdic_ii[] =
+ { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+ short int ebcdic_mm[] =
+ { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+ int use_ebcdic (int i) {
+ return ebcdic_mm[i] + ebcdic_ii[i];
+ }
+ extern int foo;
+
+int
+main ()
+{
+return use_ascii (foo) == use_ebcdic (foo);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
+ ac_cv_c_bigendian=yes
+ fi
+ if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+ if test "$ac_cv_c_bigendian" = unknown; then
+ ac_cv_c_bigendian=no
+ else
+ # finding both strings is unlikely to happen, but who knows?
+ ac_cv_c_bigendian=unknown
+ fi
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long int l;
+ char c[sizeof (long int)];
+ } u;
+ u.l = 1;
+ return u.c[sizeof (long int) - 1] == 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_bigendian=no
+else
+ ac_cv_c_bigendian=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
+$as_echo "$ac_cv_c_bigendian" >&6; }
+ case $ac_cv_c_bigendian in #(
+ yes)
+ $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
+;; #(
+ no)
+ ;; #(
+ universal)
+
+$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
+
+ ;; #(
+ *)
+ as_fn_error $? "unknown endianness
+ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
+ esac
+
+
+# Checks for programs.
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+# Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $AR in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_AR="$AR" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_AR="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+AR=$ac_cv_path_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "cat", so it can be a program name with args.
+set dummy cat; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_CAT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $CAT in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_CAT="$CAT" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_CAT="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+CAT=$ac_cv_path_CAT
+if test -n "$CAT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAT" >&5
+$as_echo "$CAT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "kill", so it can be a program name with args.
+set dummy kill; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_KILL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $KILL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_KILL="$KILL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+KILL=$ac_cv_path_KILL
+if test -n "$KILL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5
+$as_echo "$KILL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+for ac_prog in perl5 perl
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PERL+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PERL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PERL=$ac_cv_path_PERL
+if test -n "$PERL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+$as_echo "$PERL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$PERL" && break
+done
+
+# Extract the first word of "sed", so it can be a program name with args.
+set dummy sed; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SED+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SED in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SED="$SED" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+SED=$ac_cv_path_SED
+if test -n "$SED"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5
+$as_echo "$SED" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+# Extract the first word of "ent", so it can be a program name with args.
+set dummy ent; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ENT+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ENT in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ENT="$ENT" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ENT=$ac_cv_path_ENT
+if test -n "$ENT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ENT" >&5
+$as_echo "$ENT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+# Extract the first word of "bash", so it can be a program name with args.
+set dummy bash; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TEST_MINUS_S_SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
+if test -n "$TEST_MINUS_S_SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
+$as_echo "$TEST_MINUS_S_SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "ksh", so it can be a program name with args.
+set dummy ksh; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TEST_MINUS_S_SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
+if test -n "$TEST_MINUS_S_SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
+$as_echo "$TEST_MINUS_S_SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "sh", so it can be a program name with args.
+set dummy sh; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_TEST_MINUS_S_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TEST_MINUS_S_SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
+if test -n "$TEST_MINUS_S_SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TEST_MINUS_S_SH" >&5
+$as_echo "$TEST_MINUS_S_SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "sh", so it can be a program name with args.
+set dummy sh; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SH+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SH in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SH="$SH" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+SH=$ac_cv_path_SH
+if test -n "$SH"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SH" >&5
+$as_echo "$SH" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "groff", so it can be a program name with args.
+set dummy groff; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_GROFF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GROFF="$GROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GROFF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GROFF=$ac_cv_path_GROFF
+if test -n "$GROFF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GROFF" >&5
+$as_echo "$GROFF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "nroff", so it can be a program name with args.
+set dummy nroff; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_NROFF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $NROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+NROFF=$ac_cv_path_NROFF
+if test -n "$NROFF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
+$as_echo "$NROFF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "mandoc", so it can be a program name with args.
+set dummy mandoc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_MANDOC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MANDOC in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MANDOC="$MANDOC" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_MANDOC="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+MANDOC=$ac_cv_path_MANDOC
+if test -n "$MANDOC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANDOC" >&5
+$as_echo "$MANDOC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+TEST_SHELL=sh
+
+
+if test "x$MANDOC" != "x" ; then
+ MANFMT="$MANDOC"
+elif test "x$NROFF" != "x" ; then
+ MANFMT="$NROFF -mandoc"
+elif test "x$GROFF" != "x" ; then
+ MANFMT="$GROFF -mandoc -Tascii"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5
+$as_echo "$as_me: WARNING: no manpage formatted found" >&2;}
+ MANFMT="false"
+fi
+
+
+# Extract the first word of "groupadd", so it can be a program name with args.
+set dummy groupadd; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_GROUPADD_PROG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_GROUPADD_PROG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_GROUPADD_PROG="$PATH_GROUPADD_PROG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PATH_GROUPADD_PROG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_PATH_GROUPADD_PROG" && ac_cv_path_PATH_GROUPADD_PROG="groupadd"
+ ;;
+esac
+fi
+PATH_GROUPADD_PROG=$ac_cv_path_PATH_GROUPADD_PROG
+if test -n "$PATH_GROUPADD_PROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_GROUPADD_PROG" >&5
+$as_echo "$PATH_GROUPADD_PROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "useradd", so it can be a program name with args.
+set dummy useradd; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_USERADD_PROG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_USERADD_PROG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_USERADD_PROG="$PATH_USERADD_PROG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /usr/sbin${PATH_SEPARATOR}/etc
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PATH_USERADD_PROG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_PATH_USERADD_PROG" && ac_cv_path_PATH_USERADD_PROG="useradd"
+ ;;
+esac
+fi
+PATH_USERADD_PROG=$ac_cv_path_PATH_USERADD_PROG
+if test -n "$PATH_USERADD_PROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_USERADD_PROG" >&5
+$as_echo "$PATH_USERADD_PROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "pkgmk", so it can be a program name with args.
+set dummy pkgmk; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_MAKE_PACKAGE_SUPPORTED+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$MAKE_PACKAGE_SUPPORTED"; then
+ ac_cv_prog_MAKE_PACKAGE_SUPPORTED="$MAKE_PACKAGE_SUPPORTED" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_MAKE_PACKAGE_SUPPORTED="yes"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_prog_MAKE_PACKAGE_SUPPORTED" && ac_cv_prog_MAKE_PACKAGE_SUPPORTED="no"
+fi
+fi
+MAKE_PACKAGE_SUPPORTED=$ac_cv_prog_MAKE_PACKAGE_SUPPORTED
+if test -n "$MAKE_PACKAGE_SUPPORTED"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKE_PACKAGE_SUPPORTED" >&5
+$as_echo "$MAKE_PACKAGE_SUPPORTED" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test -x /sbin/sh; then
+ STARTUP_SCRIPT_SHELL=/sbin/sh
+
+else
+ STARTUP_SCRIPT_SHELL=/bin/sh
+
+fi
+
+# System features
+# Check whether --enable-largefile was given.
+if test "${enable_largefile+set}" = set; then :
+ enableval=$enable_largefile;
+fi
+
+if test "$enable_largefile" != no; then
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
+$as_echo_n "checking for special C compiler options needed for large files... " >&6; }
+if ${ac_cv_sys_largefile_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_sys_largefile_CC=no
+ if test "$GCC" != yes; then
+ ac_save_CC=$CC
+ while :; do
+ # IRIX 6.2 and later do not support large files by default,
+ # so use the C compiler's -n32 option if that helps.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ if ac_fn_c_try_compile "$LINENO"; then :
+ break
+fi
+rm -f core conftest.err conftest.$ac_objext
+ CC="$CC -n32"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_largefile_CC=' -n32'; break
+fi
+rm -f core conftest.err conftest.$ac_objext
+ break
+ done
+ CC=$ac_save_CC
+ rm -f conftest.$ac_ext
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
+$as_echo "$ac_cv_sys_largefile_CC" >&6; }
+ if test "$ac_cv_sys_largefile_CC" != no; then
+ CC=$CC$ac_cv_sys_largefile_CC
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
+if ${ac_cv_sys_file_offset_bits+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_file_offset_bits=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_file_offset_bits=64; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_file_offset_bits=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
+$as_echo "$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
+_ACEOF
+;;
+esac
+rm -rf conftest*
+ if test $ac_cv_sys_file_offset_bits = unknown; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
+$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; }
+if ${ac_cv_sys_large_files+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_large_files=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_sys_large_files=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_large_files=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
+$as_echo "$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGE_FILES $ac_cv_sys_large_files
+_ACEOF
+;;
+esac
+rm -rf conftest*
+ fi
+fi
+
+
+if test -z "$AR" ; then
+ as_fn_error $? "*** 'ar' missing, please install or fix your \$PATH ***" "$LINENO" 5
+fi
+
+# Use LOGIN_PROGRAM from environment if possible
+if test ! -z "$LOGIN_PROGRAM" ; then
+
+cat >>confdefs.h <<_ACEOF
+#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM"
+_ACEOF
+
+else
+ # Search for login
+ # Extract the first word of "login", so it can be a program name with args.
+set dummy login; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_LOGIN_PROGRAM_FALLBACK+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LOGIN_PROGRAM_FALLBACK in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LOGIN_PROGRAM_FALLBACK="$LOGIN_PROGRAM_FALLBACK" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LOGIN_PROGRAM_FALLBACK="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK
+if test -n "$LOGIN_PROGRAM_FALLBACK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LOGIN_PROGRAM_FALLBACK" >&5
+$as_echo "$LOGIN_PROGRAM_FALLBACK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
+ cat >>confdefs.h <<_ACEOF
+#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM_FALLBACK"
+_ACEOF
+
+ fi
+fi
+
+# Extract the first word of "passwd", so it can be a program name with args.
+set dummy passwd; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PATH_PASSWD_PROG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PATH_PASSWD_PROG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PATH_PASSWD_PROG="$PATH_PASSWD_PROG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PATH_PASSWD_PROG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG
+if test -n "$PATH_PASSWD_PROG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PATH_PASSWD_PROG" >&5
+$as_echo "$PATH_PASSWD_PROG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test ! -z "$PATH_PASSWD_PROG" ; then
+
+cat >>confdefs.h <<_ACEOF
+#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG"
+_ACEOF
+
+fi
+
+if test -z "$LD" ; then
+ LD=$CC
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+ ;;
+esac
+
+
+ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
+"
+if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
+ have_llong_max=1
+fi
+
+ac_fn_c_check_decl "$LINENO" "SYSTR_POLICY_KILL" "ac_cv_have_decl_SYSTR_POLICY_KILL" "
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <dev/systrace.h>
+
+"
+if test "x$ac_cv_have_decl_SYSTR_POLICY_KILL" = xyes; then :
+ have_systr_policy_kill=1
+fi
+
+ac_fn_c_check_decl "$LINENO" "RLIMIT_NPROC" "ac_cv_have_decl_RLIMIT_NPROC" "
+ #include <sys/types.h>
+ #include <sys/resource.h>
+
+"
+if test "x$ac_cv_have_decl_RLIMIT_NPROC" = xyes; then :
+
+$as_echo "#define HAVE_RLIMIT_NPROC /**/" >>confdefs.h
+
+fi
+
+ac_fn_c_check_decl "$LINENO" "PR_SET_NO_NEW_PRIVS" "ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" "
+ #include <sys/types.h>
+ #include <linux/prctl.h>
+
+"
+if test "x$ac_cv_have_decl_PR_SET_NO_NEW_PRIVS" = xyes; then :
+ have_linux_no_new_privs=1
+fi
+
+use_stack_protector=1
+
+# Check whether --with-stackprotect was given.
+if test "${with_stackprotect+set}" = set; then :
+ withval=$with_stackprotect;
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi
+fi
+
+
+
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Qunused-arguments -Werror" >&5
+$as_echo_n "checking if $CC supports -Qunused-arguments -Werror... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Qunused-arguments -Werror"
+ _define_flag="-Qunused-arguments"
+ test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunknown-warning-option -Werror" >&5
+$as_echo_n "checking if $CC supports -Wunknown-warning-option -Werror... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wunknown-warning-option -Werror"
+ _define_flag="-Wno-unknown-warning-option"
+ test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5
+$as_echo_n "checking if $CC supports -Wall... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wall"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wall"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-arith" >&5
+$as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wpointer-arith"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wpointer-arith"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wuninitialized" >&5
+$as_echo_n "checking if $CC supports -Wuninitialized... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wuninitialized"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wuninitialized"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsign-compare" >&5
+$as_echo_n "checking if $CC supports -Wsign-compare... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wsign-compare"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wsign-compare"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wformat-security" >&5
+$as_echo_n "checking if $CC supports -Wformat-security... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wformat-security"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wformat-security"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsizeof-pointer-memaccess" >&5
+$as_echo_n "checking if $CC supports -Wsizeof-pointer-memaccess... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wsizeof-pointer-memaccess"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wpointer-sign" >&5
+$as_echo_n "checking if $CC supports -Wpointer-sign... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wpointer-sign"
+ _define_flag="-Wno-pointer-sign"
+ test "x$_define_flag" = "x" && _define_flag="-Wpointer-sign"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunused-result" >&5
+$as_echo_n "checking if $CC supports -Wunused-result... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -Wunused-result"
+ _define_flag="-Wno-unused-result"
+ test "x$_define_flag" = "x" && _define_flag="-Wunused-result"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -fno-strict-aliasing" >&5
+$as_echo_n "checking if $CC supports -fno-strict-aliasing... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-strict-aliasing"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-fno-strict-aliasing"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ {
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -D_FORTIFY_SOURCE=2" >&5
+$as_echo_n "checking if $CC supports -D_FORTIFY_SOURCE=2... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
+ _define_flag=""
+ test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(void) { return 0; }
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if `grep -i "unrecognized option" conftest.err >/dev/null`
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5
+$as_echo_n "checking gcc version... " >&6; }
+ GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
+ case $GCC_VER in
+ 1.*) no_attrib_nonnull=1 ;;
+ 2.8* | 2.9*)
+ no_attrib_nonnull=1
+ ;;
+ 2.*) no_attrib_nonnull=1 ;;
+ *) ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5
+$as_echo "$GCC_VER" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5
+$as_echo_n "checking if $CC accepts -fno-builtin-memset... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <string.h>
+int
+main ()
+{
+ char b[10]; memset(b, 0, sizeof(b));
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a given platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports $t" >&5
+$as_echo_n "checking if $CC supports $t... " >&6; }
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $t works" >&5
+$as_echo_n "checking if $t works... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: cannot test" >&5
+$as_echo "$as_me: WARNING: cross compiling: cannot test" >&2;}
+ break
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ break
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
+ if test -z "$have_llong_max"; then
+ # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
+ unset ac_cv_have_decl_LLONG_MAX
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -std=gnu99"
+ ac_fn_c_check_decl "$LINENO" "LLONG_MAX" "ac_cv_have_decl_LLONG_MAX" "#include <limits.h>
+
+"
+if test "x$ac_cv_have_decl_LLONG_MAX" = xyes; then :
+ have_llong_max=1
+else
+ CFLAGS="$saved_CFLAGS"
+fi
+
+ fi
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows __attribute__ on return types" >&5
+$as_echo_n "checking if compiler allows __attribute__ on return types... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+__attribute__((__unused__)) static void foo(void){return;}
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define NO_ATTRIBUTE_ON_RETURN_TYPE 1" >>confdefs.h
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test "x$no_attrib_nonnull" != "x1" ; then
+
+$as_echo "#define HAVE_ATTRIBUTE__NONNULL__ 1" >>confdefs.h
+
+fi
+
+
+# Check whether --with-rpath was given.
+if test "${with_rpath+set}" = set; then :
+ withval=$with_rpath;
+ if test "x$withval" = "xno" ; then
+ need_dash_r=""
+ fi
+ if test "x$withval" = "xyes" ; then
+ need_dash_r=1
+ fi
+
+
+fi
+
+
+# Allow user to specify flags
+
+# Check whether --with-cflags was given.
+if test "${with_cflags+set}" = set; then :
+ withval=$with_cflags;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CFLAGS="$CFLAGS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-cppflags was given.
+if test "${with_cppflags+set}" = set; then :
+ withval=$with_cppflags;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-ldflags was given.
+if test "${with_ldflags+set}" = set; then :
+ withval=$with_ldflags;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LDFLAGS="$LDFLAGS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-libs was given.
+if test "${with_libs+set}" = set; then :
+ withval=$with_libs;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LIBS="$LIBS $withval"
+ fi
+
+
+fi
+
+
+# Check whether --with-Werror was given.
+if test "${with_Werror+set}" = set; then :
+ withval=$with_Werror;
+ if test -n "$withval" && test "x$withval" != "xno"; then
+ werror_flags="-Werror"
+ if test "x${withval}" != "xyes"; then
+ werror_flags="$withval"
+ fi
+ fi
+
+
+fi
+
+
+for ac_header in \
+ bstring.h \
+ crypt.h \
+ crypto/sha2.h \
+ dirent.h \
+ endian.h \
+ elf.h \
+ features.h \
+ fcntl.h \
+ floatingpoint.h \
+ getopt.h \
+ glob.h \
+ ia.h \
+ iaf.h \
+ limits.h \
+ locale.h \
+ login.h \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+ paths.h \
+ poll.h \
+ pty.h \
+ readpassphrase.h \
+ rpc/types.h \
+ security/pam_appl.h \
+ sha2.h \
+ shadow.h \
+ stddef.h \
+ stdint.h \
+ string.h \
+ strings.h \
+ sys/audit.h \
+ sys/bitypes.h \
+ sys/bsdtty.h \
+ sys/cdefs.h \
+ sys/dir.h \
+ sys/mman.h \
+ sys/ndir.h \
+ sys/poll.h \
+ sys/prctl.h \
+ sys/pstat.h \
+ sys/select.h \
+ sys/stat.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/strtio.h \
+ sys/statvfs.h \
+ sys/sysmacros.h \
+ sys/time.h \
+ sys/timers.h \
+ time.h \
+ tmpdir.h \
+ ttyent.h \
+ ucred.h \
+ unistd.h \
+ usersec.h \
+ util.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ vis.h \
+
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+# lastlog.h requires sys/time.h to be included first on Solaris
+for ac_header in lastlog.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "lastlog.h" "ac_cv_header_lastlog_h" "
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+
+"
+if test "x$ac_cv_header_lastlog_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LASTLOG_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+for ac_header in sys/ptms.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "sys/ptms.h" "ac_cv_header_sys_ptms_h" "
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+
+"
+if test "x$ac_cv_header_sys_ptms_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_PTMS_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# login_cap.h requires sys/types.h on NetBSD
+for ac_header in login_cap.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "
+#include <sys/types.h>
+
+"
+if test "x$ac_cv_header_login_cap_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LOGIN_CAP_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# older BSDs need sys/param.h before sys/mount.h
+for ac_header in sys/mount.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" "
+#include <sys/param.h>
+
+"
+if test "x$ac_cv_header_sys_mount_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_MOUNT_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# Android requires sys/socket.h to be included before sys/un.h
+for ac_header in sys/un.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" "
+#include <sys/types.h>
+#include <sys/socket.h>
+
+"
+if test "x$ac_cv_header_sys_un_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SYS_UN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+SP_MSG="no"
+
+# Check for some target-specific stuff
+case "$host" in
+*-*-aix*)
+ # Some versions of VAC won't allow macro redefinitions at
+ # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
+ # particularly with older versions of vac or xlc.
+ # It also throws errors about null macro argments, but these are
+ # not fatal.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if compiler allows macro redefinitions" >&5
+$as_echo_n "checking if compiler allows macro redefinitions... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#define testmacro foo
+#define testmacro bar
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
+ LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
+ CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to specify blibpath for linker ($LD)" >&5
+$as_echo_n "checking how to specify blibpath for linker ($LD)... " >&6; }
+ if (test -z "$blibpath"); then
+ blibpath="/usr/lib:/lib"
+ fi
+ saved_LDFLAGS="$LDFLAGS"
+ if test "$GCC" = "yes"; then
+ flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
+ else
+ flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
+ fi
+ for tryflags in $flags ;do
+ if (test -z "$blibflags"); then
+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ blibflags=$tryflags
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ done
+ if (test -z "$blibflags"); then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ as_fn_error $? "*** must be able to specify blibpath on AIX - check config.log" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $blibflags" >&5
+$as_echo "$blibflags" >&6; }
+ fi
+ LDFLAGS="$saved_LDFLAGS"
+ ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate"
+if test "x$ac_cv_func_authenticate" = xyes; then :
+
+$as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for authenticate in -ls" >&5
+$as_echo_n "checking for authenticate in -ls... " >&6; }
+if ${ac_cv_lib_s_authenticate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ls $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char authenticate ();
+int
+main ()
+{
+return authenticate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_s_authenticate=yes
+else
+ ac_cv_lib_s_authenticate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_s_authenticate" >&5
+$as_echo "$ac_cv_lib_s_authenticate" >&6; }
+if test "x$ac_cv_lib_s_authenticate" = xyes; then :
+ $as_echo "#define WITH_AIXAUTHENTICATE 1" >>confdefs.h
+
+ LIBS="$LIBS -ls"
+
+fi
+
+
+fi
+
+ ac_fn_c_check_decl "$LINENO" "authenticate" "ac_cv_have_decl_authenticate" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_authenticate" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_AUTHENTICATE $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "loginrestrictions" "ac_cv_have_decl_loginrestrictions" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_loginrestrictions" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINRESTRICTIONS $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "loginsuccess" "ac_cv_have_decl_loginsuccess" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_loginsuccess" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINSUCCESS $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "passwdexpired" "ac_cv_have_decl_passwdexpired" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_passwdexpired" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_PASSWDEXPIRED $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "setauthdb" "ac_cv_have_decl_setauthdb" "#include <usersec.h>
+"
+if test "x$ac_cv_have_decl_setauthdb" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SETAUTHDB $ac_have_decl
+_ACEOF
+
+ ac_fn_c_check_decl "$LINENO" "loginfailed" "ac_cv_have_decl_loginfailed" "#include <usersec.h>
+
+"
+if test "x$ac_cv_have_decl_loginfailed" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_LOGINFAILED $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if loginfailed takes 4 arguments" >&5
+$as_echo_n "checking if loginfailed takes 4 arguments... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <usersec.h>
+int
+main ()
+{
+ (void)loginfailed("user","host","tty",0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define AIX_LOGINFAILED_4ARG 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ for ac_func in getgrset setauthdb
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h>
+ #include <fcntl.h>
+
+"
+if test "x$ac_cv_have_decl_F_CLOSEM" = xyes; then :
+
+$as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h
+
+fi
+
+ check_for_aix_broken_getaddrinfo=1
+
+$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
+
+
+$as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+
+$as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
+
+
+$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+
+$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
+
+
+$as_echo "#define PTY_ZEROREAD 1" >>confdefs.h
+
+
+$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
+
+ ;;
+*-*-android*)
+
+$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ ;;
+*-*-cygwin*)
+ check_for_libcrypt_later=1
+ LIBS="$LIBS /usr/lib/textreadmode.o"
+
+$as_echo "#define HAVE_CYGWIN 1" >>confdefs.h
+
+
+$as_echo "#define USE_PIPES 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+
+$as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
+
+
+$as_echo "#define NO_IPPORT_RESERVED_CONCEPT 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+
+$as_echo "#define SSH_IOBUFSZ 65535" >>confdefs.h
+
+
+$as_echo "#define FILESYSTEM_NO_BACKSLASH 1" >>confdefs.h
+
+ ;;
+*-*-dgux*)
+
+$as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ ;;
+*-*-darwin*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have working getaddrinfo" >&5
+$as_echo_n "checking if we have working getaddrinfo... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: assume it is working" >&5
+$as_echo "assume it is working" >&6; }
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <mach-o/dyld.h>
+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ exit(0);
+ else
+ exit(1);
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: working" >&5
+$as_echo "working" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5
+$as_echo "buggy" >&6; }
+
+$as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
+
+
+cat >>confdefs.h <<_ACEOF
+#define BIND_8_COMPAT 1
+_ACEOF
+
+
+$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+
+
+ ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default"
+if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then :
+
+else
+
+$as_echo "#define AU_IPv4 0" >>confdefs.h
+
+ #include <bsm/audit.h>
+
+$as_echo "#define LASTLOG_WRITE_PUTUTXLINE 1" >>confdefs.h
+
+
+fi
+
+
+$as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+ for ac_func in sandbox_init
+do :
+ ac_fn_c_check_func "$LINENO" "sandbox_init" "ac_cv_func_sandbox_init"
+if test "x$ac_cv_func_sandbox_init" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SANDBOX_INIT 1
+_ACEOF
+
+fi
+done
+
+ for ac_header in sandbox.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default"
+if test "x$ac_cv_header_sandbox_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SANDBOX_H 1
+_ACEOF
+
+fi
+
+done
+
+ ;;
+*-*-dragonfly*)
+ SSHDLIBS="$SSHDLIBS -lcrypt"
+ ;;
+*-*-haiku*)
+ LIBS="$LIBS -lbsd "
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lnetwork" >&5
+$as_echo_n "checking for socket in -lnetwork... " >&6; }
+if ${ac_cv_lib_network_socket+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnetwork $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_network_socket=yes
+else
+ ac_cv_lib_network_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_socket" >&5
+$as_echo "$ac_cv_lib_network_socket" >&6; }
+if test "x$ac_cv_lib_network_socket" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNETWORK 1
+_ACEOF
+
+ LIBS="-lnetwork $LIBS"
+
+fi
+
+ $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
+
+ MANTYPE=man
+ ;;
+*-*-hpux*)
+ # first we define all of the options common to all HP-UX releases
+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+ IPADDR_IN_DISPLAY=yes
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+
+$as_echo "#define LOGIN_NO_ENDOPT 1" >>confdefs.h
+
+ $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
+
+
+$as_echo "#define LOCKED_PASSWD_STRING \"*\"" >>confdefs.h
+
+ $as_echo "#define SPT_TYPE SPT_PSTAT" >>confdefs.h
+
+
+$as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h
+
+ maildir="/var/mail"
+ LIBS="$LIBS -lsec"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for t_error in -lxnet" >&5
+$as_echo_n "checking for t_error in -lxnet... " >&6; }
+if ${ac_cv_lib_xnet_t_error+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lxnet $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char t_error ();
+int
+main ()
+{
+return t_error ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_xnet_t_error=yes
+else
+ ac_cv_lib_xnet_t_error=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_xnet_t_error" >&5
+$as_echo "$ac_cv_lib_xnet_t_error" >&6; }
+if test "x$ac_cv_lib_xnet_t_error" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBXNET 1
+_ACEOF
+
+ LIBS="-lxnet $LIBS"
+
+else
+ as_fn_error $? "*** -lxnet needed on HP-UX - check config.log ***" "$LINENO" 5
+fi
+
+
+ # next, we define all of the options specific to major releases
+ case "$host" in
+ *-*-hpux10*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ ;;
+ *-*-hpux11*)
+
+$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+
+$as_echo "#define USE_BTMP 1" >>confdefs.h
+
+ check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
+ ;;
+ esac
+
+ # lastly, we define options specific to minor releases
+ case "$host" in
+ *-*-hpux10.26)
+
+$as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
+
+ disable_ptmx_check=yes
+ LIBS="$LIBS -lsecpw"
+ ;;
+ esac
+ ;;
+*-*-irix5*)
+ PATH="$PATH:/usr/etc"
+
+$as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ ;;
+*-*-irix6*)
+ PATH="$PATH:/usr/etc"
+
+$as_echo "#define WITH_IRIX_ARRAY 1" >>confdefs.h
+
+
+$as_echo "#define WITH_IRIX_PROJECT 1" >>confdefs.h
+
+
+$as_echo "#define WITH_IRIX_AUDIT 1" >>confdefs.h
+
+ ac_fn_c_check_func "$LINENO" "jlimit_startjob" "ac_cv_func_jlimit_startjob"
+if test "x$ac_cv_func_jlimit_startjob" = xyes; then :
+
+$as_echo "#define WITH_IRIX_JOBS 1" >>confdefs.h
+
+fi
+
+ $as_echo "#define BROKEN_INET_NTOA 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
+
+ $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ ;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
+
+ $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+
+$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
+
+
+$as_echo "#define USE_BTMP 1" >>confdefs.h
+
+ ;;
+*-*-linux*)
+ no_dev_ptmx=1
+ check_for_libcrypt_later=1
+ check_for_openpty_ctty_bug=1
+
+$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
+
+
+$as_echo "#define LOCKED_PASSWD_PREFIX \"!\"" >>confdefs.h
+
+ $as_echo "#define SPT_TYPE SPT_REUSEARGV" >>confdefs.h
+
+
+$as_echo "#define LINK_OPNOTSUPP_ERRNO EPERM" >>confdefs.h
+
+
+$as_echo "#define _PATH_BTMP \"/var/log/btmp\"" >>confdefs.h
+
+ $as_echo "#define USE_BTMP 1" >>confdefs.h
+
+
+$as_echo "#define LINUX_OOM_ADJUST 1" >>confdefs.h
+
+ inet6_default_4in6=yes
+ case `uname -r` in
+ 1.*|2.0.*)
+
+$as_echo "#define BROKEN_CMSG_TYPE 1" >>confdefs.h
+
+ ;;
+ esac
+ # tun(4) forwarding compat code
+ for ac_header in linux/if_tun.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "linux/if_tun.h" "ac_cv_header_linux_if_tun_h" "$ac_includes_default"
+if test "x$ac_cv_header_linux_if_tun_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LINUX_IF_TUN_H 1
+_ACEOF
+
+fi
+
+done
+
+ if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
+
+$as_echo "#define SSH_TUN_LINUX 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+
+ fi
+ for ac_header in linux/seccomp.h linux/filter.h linux/audit.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h>
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_func in prctl
+do :
+ ac_fn_c_check_func "$LINENO" "prctl" "ac_cv_func_prctl"
+if test "x$ac_cv_func_prctl" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PRCTL 1
+_ACEOF
+
+fi
+done
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp architecture" >&5
+$as_echo_n "checking for seccomp architecture... " >&6; }
+ seccomp_audit_arch=
+ case "$host" in
+ x86_64-*)
+ seccomp_audit_arch=AUDIT_ARCH_X86_64
+ ;;
+ i*86-*)
+ seccomp_audit_arch=AUDIT_ARCH_I386
+ ;;
+ arm*-*)
+ seccomp_audit_arch=AUDIT_ARCH_ARM
+ ;;
+ esac
+ if test "x$seccomp_audit_arch" != "x" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$seccomp_audit_arch\"" >&5
+$as_echo "\"$seccomp_audit_arch\"" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define SECCOMP_AUDIT_ARCH $seccomp_audit_arch
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: architecture not supported" >&5
+$as_echo "architecture not supported" >&6; }
+ fi
+ ;;
+mips-sony-bsd|mips-sony-newsos4)
+
+$as_echo "#define NEED_SETPGRP 1" >>confdefs.h
+
+ SONY=1
+ ;;
+*-*-netbsd*)
+ check_for_libcrypt_before=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+
+$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
+
+ ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
+if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
+
+else
+
+$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
+
+fi
+
+
+
+$as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
+
+ ;;
+*-*-freebsd*)
+ check_for_libcrypt_later=1
+
+$as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_FREEBSD 1" >>confdefs.h
+
+ ac_fn_c_check_header_mongrel "$LINENO" "net/if_tap.h" "ac_cv_header_net_if_tap_h" "$ac_includes_default"
+if test "x$ac_cv_header_net_if_tap_h" = xyes; then :
+
+else
+
+$as_echo "#define SSH_TUN_NO_L2 1" >>confdefs.h
+
+fi
+
+
+
+$as_echo "#define BROKEN_GLOB 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_STRNVIS 1" >>confdefs.h
+
+ ;;
+*-*-bsdi*)
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ ;;
+*-next-*)
+ conf_lastlog_location="/usr/adm/lastlog"
+ conf_utmp_location=/etc/utmp
+ conf_wtmp_location=/usr/adm/wtmp
+ maildir=/usr/spool/mail
+
+$as_echo "#define HAVE_NEXT 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SAVED_UIDS 1" >>confdefs.h
+
+ ;;
+*-*-openbsd*)
+
+$as_echo "#define HAVE_ATTRIBUTE__SENTINEL__ 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_ATTRIBUTE__BOUNDED__ 1" >>confdefs.h
+
+
+$as_echo "#define SSH_TUN_OPENBSD 1" >>confdefs.h
+
+
+$as_echo "#define SYSLOG_R_SAFE_IN_SIGHAND 1" >>confdefs.h
+
+ ;;
+*-*-solaris*)
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+ $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
+
+ $as_echo "#define LOGIN_NEEDS_UTMPX 1" >>confdefs.h
+
+
+$as_echo "#define LOGIN_NEEDS_TERM 1" >>confdefs.h
+
+ $as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
+
+
+$as_echo "#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
+
+$as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+
+$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_TCGETATTR_ICANON 1" >>confdefs.h
+
+ external_path_file=/etc/default/login
+ # hardwire lastlog location (can't detect it on some versions)
+ conf_lastlog_location="/var/adm/lastlog"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for obsolete utmp and wtmp in solaris2.x" >&5
+$as_echo_n "checking for obsolete utmp and wtmp in solaris2.x... " >&6; }
+ sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'`
+ if test "$sol2ver" -ge 8; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+# Check whether --with-solaris-contracts was given.
+if test "${with_solaris_contracts+set}" = set; then :
+ withval=$with_solaris_contracts;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ct_tmpl_activate in -lcontract" >&5
+$as_echo_n "checking for ct_tmpl_activate in -lcontract... " >&6; }
+if ${ac_cv_lib_contract_ct_tmpl_activate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcontract $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ct_tmpl_activate ();
+int
+main ()
+{
+return ct_tmpl_activate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_contract_ct_tmpl_activate=yes
+else
+ ac_cv_lib_contract_ct_tmpl_activate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_contract_ct_tmpl_activate" >&5
+$as_echo "$ac_cv_lib_contract_ct_tmpl_activate" >&6; }
+if test "x$ac_cv_lib_contract_ct_tmpl_activate" = xyes; then :
+
+$as_echo "#define USE_SOLARIS_PROCESS_CONTRACTS 1" >>confdefs.h
+
+ SSHDLIBS="$SSHDLIBS -lcontract"
+ SPC_MSG="yes"
+fi
+
+
+fi
+
+
+# Check whether --with-solaris-projects was given.
+if test "${with_solaris_projects+set}" = set; then :
+ withval=$with_solaris_projects;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setproject in -lproject" >&5
+$as_echo_n "checking for setproject in -lproject... " >&6; }
+if ${ac_cv_lib_project_setproject+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lproject $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setproject ();
+int
+main ()
+{
+return setproject ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_project_setproject=yes
+else
+ ac_cv_lib_project_setproject=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_project_setproject" >&5
+$as_echo "$ac_cv_lib_project_setproject" >&6; }
+if test "x$ac_cv_lib_project_setproject" = xyes; then :
+
+$as_echo "#define USE_SOLARIS_PROJECTS 1" >>confdefs.h
+
+ SSHDLIBS="$SSHDLIBS -lproject"
+ SP_MSG="yes"
+fi
+
+
+fi
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+*-*-sunos4*)
+ CPPFLAGS="$CPPFLAGS -DSUNOS4"
+ for ac_func in getpwanam
+do :
+ ac_fn_c_check_func "$LINENO" "getpwanam" "ac_cv_func_getpwanam"
+if test "x$ac_cv_func_getpwanam" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETPWANAM 1
+_ACEOF
+
+fi
+done
+
+ $as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
+
+ conf_utmp_location=/etc/utmp
+ conf_wtmp_location=/var/adm/wtmp
+ conf_lastlog_location=/var/adm/lastlog
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ ;;
+*-ncr-sysv*)
+ LIBS="$LIBS -lc89"
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ ;;
+*-sni-sysv*)
+ # /usr/ucblib MUST NOT be searched on ReliantUNIX
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlsym in -ldl" >&5
+$as_echo_n "checking for dlsym in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlsym+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlsym ();
+int
+main ()
+{
+return dlsym ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlsym=yes
+else
+ ac_cv_lib_dl_dlsym=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlsym" >&5
+$as_echo "$ac_cv_lib_dl_dlsym" >&6; }
+if test "x$ac_cv_lib_dl_dlsym" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+fi
+
+ # -lresolv needs to be at the end of LIBS or DNS lookups break
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
+$as_echo_n "checking for res_query in -lresolv... " >&6; }
+if ${ac_cv_lib_resolv_res_query+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_query ();
+int
+main ()
+{
+return res_query ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_resolv_res_query=yes
+else
+ ac_cv_lib_resolv_res_query=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_query" >&5
+$as_echo "$ac_cv_lib_resolv_res_query" >&6; }
+if test "x$ac_cv_lib_resolv_res_query" = xyes; then :
+ LIBS="$LIBS -lresolv"
+fi
+
+ IPADDR_IN_DISPLAY=yes
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define IP_TOS_IS_BROKEN 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+ external_path_file=/etc/default/login
+ # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
+ # Attention: always take care to bind libsocket and libnsl before libc,
+ # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
+ ;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
+*-*-sysv4.2*)
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+ $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+# UnixWare 7.x, OpenUNIX 8
+*-*-sysv5*)
+ CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
+
+$as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ case "$host" in
+ *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
+ maildir=/var/spool/mail
+
+$as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getluid in -lprot" >&5
+$as_echo_n "checking for getluid in -lprot... " >&6; }
+if ${ac_cv_lib_prot_getluid+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lprot $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getluid ();
+int
+main ()
+{
+return getluid ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_prot_getluid=yes
+else
+ ac_cv_lib_prot_getluid=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_prot_getluid" >&5
+$as_echo "$ac_cv_lib_prot_getluid" >&6; }
+if test "x$ac_cv_lib_prot_getluid" = xyes; then :
+ LIBS="$LIBS -lprot"
+ for ac_func in getluid setluid
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+
+fi
+
+ ;;
+ *) $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h
+
+ check_for_libcrypt_later=1
+ ;;
+ esac
+ ;;
+*-*-sysv*)
+ ;;
+# SCO UNIX and OEM versions of SCO UNIX
+*-*-sco3.2v4*)
+ as_fn_error $? "\"This Platform is no longer supported.\"" "$LINENO" 5
+ ;;
+# SCO OpenServer 5.x
+*-*-sco3.2v5*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
+ LIBS="$LIBS -lprot -lx -ltinfo -lm"
+ no_dev_ptmx=1
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define HAVE_SECUREWARE 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_UPDWTMPX 1" >>confdefs.h
+
+ $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h
+
+ for ac_func in getluid setluid
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ MANTYPE=man
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ SKIP_DISABLE_LASTLOG_DEFINE=yes
+ ;;
+*-*-unicosmk*)
+
+$as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-*-unicosmp*)
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define WITH_ABBREV_NO_TTY 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lacid -ldb"
+ MANTYPE=cat
+ ;;
+*-*-unicos*)
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ $as_echo "#define NO_SSH_LASTLOG 1" >>confdefs.h
+
+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-dec-osf*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Digital Unix SIA" >&5
+$as_echo_n "checking for Digital Unix SIA... " >&6; }
+ no_osfsia=""
+
+# Check whether --with-osfsia was given.
+if test "${with_osfsia+set}" = set; then :
+ withval=$with_osfsia;
+ if test "x$withval" = "xno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
+$as_echo "disabled" >&6; }
+ no_osfsia=1
+ fi
+
+fi
+
+ if test -z "$no_osfsia" ; then
+ if test -f /etc/sia/matrix.conf; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_OSF_SIA 1" >>confdefs.h
+
+
+$as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ SIA_MSG="yes"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define LOCKED_PASSWD_SUBSTR \"Nologin\"" >>confdefs.h
+
+ fi
+ fi
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+ $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREUID 1" >>confdefs.h
+
+ $as_echo "#define BROKEN_SETREGID 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h
+
+ ;;
+
+*-*-nto-qnx*)
+ $as_echo "#define USE_PIPES 1" >>confdefs.h
+
+ $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_SHADOW_EXPIRE 1" >>confdefs.h
+
+ enable_etc_default_login=no # has incompatible /etc/default/login
+ case "$host" in
+ *-*-nto-qnx6*)
+ $as_echo "#define DISABLE_FD_PASSING 1" >>confdefs.h
+
+ ;;
+ esac
+ ;;
+
+*-*-ultrix*)
+
+$as_echo "#define BROKEN_GETGROUPS 1" >>confdefs.h
+
+
+$as_echo "#define BROKEN_MMAP 1" >>confdefs.h
+
+ $as_echo "#define NEED_SETPGRP 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h
+
+ ;;
+
+*-*-lynxos)
+ CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
+
+$as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h
+
+ ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compiler and flags for sanity" >&5
+$as_echo_n "checking compiler and flags for sanity... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking compiler sanity" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking compiler sanity" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "*** compiler cannot create working executables, check config.log ***" "$LINENO" 5
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+# Checks for libraries.
+ac_fn_c_check_func "$LINENO" "yp_match" "ac_cv_func_yp_match"
+if test "x$ac_cv_func_yp_match" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yp_match in -lnsl" >&5
+$as_echo_n "checking for yp_match in -lnsl... " >&6; }
+if ${ac_cv_lib_nsl_yp_match+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char yp_match ();
+int
+main ()
+{
+return yp_match ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_nsl_yp_match=yes
+else
+ ac_cv_lib_nsl_yp_match=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_yp_match" >&5
+$as_echo "$ac_cv_lib_nsl_yp_match" >&6; }
+if test "x$ac_cv_lib_nsl_yp_match" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBNSL 1
+_ACEOF
+
+ LIBS="-lnsl $LIBS"
+
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "setsockopt" "ac_cv_func_setsockopt"
+if test "x$ac_cv_func_setsockopt" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setsockopt in -lsocket" >&5
+$as_echo_n "checking for setsockopt in -lsocket... " >&6; }
+if ${ac_cv_lib_socket_setsockopt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setsockopt ();
+int
+main ()
+{
+return setsockopt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_socket_setsockopt=yes
+else
+ ac_cv_lib_socket_setsockopt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_setsockopt" >&5
+$as_echo "$ac_cv_lib_socket_setsockopt" >&6; }
+if test "x$ac_cv_lib_socket_setsockopt" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBSOCKET 1
+_ACEOF
+
+ LIBS="-lsocket $LIBS"
+
+fi
+
+fi
+
+
+for ac_func in dirname
+do :
+ ac_fn_c_check_func "$LINENO" "dirname" "ac_cv_func_dirname"
+if test "x$ac_cv_func_dirname" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DIRNAME 1
+_ACEOF
+ for ac_header in libgen.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
+if test "x$ac_cv_header_libgen_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGEN_H 1
+_ACEOF
+
+fi
+
+done
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dirname in -lgen" >&5
+$as_echo_n "checking for dirname in -lgen... " >&6; }
+if ${ac_cv_lib_gen_dirname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dirname ();
+int
+main ()
+{
+return dirname ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gen_dirname=yes
+else
+ ac_cv_lib_gen_dirname=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_dirname" >&5
+$as_echo "$ac_cv_lib_gen_dirname" >&6; }
+if test "x$ac_cv_lib_gen_dirname" = xyes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken dirname" >&5
+$as_echo_n "checking for broken dirname... " >&6; }
+if ${ac_cv_have_broken_dirname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lgen"
+ if test "$cross_compiling" = yes; then :
+ ac_cv_have_broken_dirname="no"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <libgen.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+ char *s, buf[32];
+
+ strncpy(buf,"/etc", 32);
+ s = dirname(buf);
+ if (!s || strncmp(s, "/", 32) != 0) {
+ exit(1);
+ } else {
+ exit(0);
+ }
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_have_broken_dirname="no"
+else
+ ac_cv_have_broken_dirname="yes"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ LIBS="$save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_broken_dirname" >&5
+$as_echo "$ac_cv_have_broken_dirname" >&6; }
+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+ LIBS="$LIBS -lgen"
+ $as_echo "#define HAVE_DIRNAME 1" >>confdefs.h
+
+ for ac_header in libgen.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "$ac_includes_default"
+if test "x$ac_cv_header_libgen_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGEN_H 1
+_ACEOF
+
+fi
+
+done
+
+ fi
+
+fi
+
+
+fi
+done
+
+
+ac_fn_c_check_func "$LINENO" "getspnam" "ac_cv_func_getspnam"
+if test "x$ac_cv_func_getspnam" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getspnam in -lgen" >&5
+$as_echo_n "checking for getspnam in -lgen... " >&6; }
+if ${ac_cv_lib_gen_getspnam+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgen $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getspnam ();
+int
+main ()
+{
+return getspnam ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gen_getspnam=yes
+else
+ ac_cv_lib_gen_getspnam=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_getspnam" >&5
+$as_echo "$ac_cv_lib_gen_getspnam" >&6; }
+if test "x$ac_cv_lib_gen_getspnam" = xyes; then :
+ LIBS="$LIBS -lgen"
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing basename" >&5
+$as_echo_n "checking for library containing basename... " >&6; }
+if ${ac_cv_search_basename+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char basename ();
+int
+main ()
+{
+return basename ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' gen; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_basename=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_basename+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_basename+:} false; then :
+
+else
+ ac_cv_search_basename=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_basename" >&5
+$as_echo "$ac_cv_search_basename" >&6; }
+ac_res=$ac_cv_search_basename
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_BASENAME 1" >>confdefs.h
+
+fi
+
+
+
+# Check whether --with-zlib was given.
+if test "${with_zlib+set}" = set; then :
+ withval=$with_zlib; if test "x$withval" = "xno" ; then
+ as_fn_error $? "*** zlib is required ***" "$LINENO" 5
+ elif test "x$withval" != "xyes"; then
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+
+fi
+
+
+ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_zlib_h" = xyes; then :
+
+else
+ as_fn_error $? "*** zlib.h missing - please install first or check config.log ***" "$LINENO" 5
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for deflate in -lz" >&5
+$as_echo_n "checking for deflate in -lz... " >&6; }
+if ${ac_cv_lib_z_deflate+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char deflate ();
+int
+main ()
+{
+return deflate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_z_deflate=yes
+else
+ ac_cv_lib_z_deflate=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_deflate" >&5
+$as_echo "$ac_cv_lib_z_deflate" >&6; }
+if test "x$ac_cv_lib_z_deflate" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBZ 1
+_ACEOF
+
+ LIBS="-lz $LIBS"
+
+else
+
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ save_LIBS="$LIBS"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+ LIBS="$LIBS -lz"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char deflate ();
+int
+main ()
+{
+return deflate ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_LIBZ 1" >>confdefs.h
+
+else
+
+ as_fn_error $? "*** zlib missing - please install first or check config.log ***" "$LINENO" 5
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+
+
+
+# Check whether --with-zlib-version-check was given.
+if test "${with_zlib_version_check+set}" = set; then :
+ withval=$with_zlib_version_check; if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for possibly buggy zlib" >&5
+$as_echo_n "checking for possibly buggy zlib... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking zlib version" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <zlib.h>
+
+int
+main ()
+{
+
+ int a=0, b=0, c=0, d=0, n, v;
+ n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
+ if (n != 3 && n != 4)
+ exit(1);
+ v = a*1000000 + b*10000 + c*100 + d;
+ fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
+
+ /* 1.1.4 is OK */
+ if (a == 1 && b == 1 && c >= 4)
+ exit(0);
+
+ /* 1.2.3 and up are OK */
+ if (v >= 1020300)
+ exit(0);
+
+ exit(2);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ if test -z "$zlib_check_nonfatal" ; then
+ as_fn_error $? "*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+\"./configure --without-zlib-version-check\".
+If you are in doubt, upgrade zlib to version 1.2.3 or greater.
+See http://www.gzip.org/zlib/ for details." "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib version may have security problems" >&5
+$as_echo "$as_me: WARNING: zlib version may have security problems" >&2;}
+ fi
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
+if test "x$ac_cv_func_strcasecmp" = xyes; then :
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lresolv" >&5
+$as_echo_n "checking for strcasecmp in -lresolv... " >&6; }
+if ${ac_cv_lib_resolv_strcasecmp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strcasecmp ();
+int
+main ()
+{
+return strcasecmp ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_resolv_strcasecmp=yes
+else
+ ac_cv_lib_resolv_strcasecmp=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_strcasecmp" >&5
+$as_echo "$ac_cv_lib_resolv_strcasecmp" >&6; }
+if test "x$ac_cv_lib_resolv_strcasecmp" = xyes; then :
+ LIBS="$LIBS -lresolv"
+fi
+
+
+fi
+
+for ac_func in utimes
+do :
+ ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes"
+if test "x$ac_cv_func_utimes" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UTIMES 1
+_ACEOF
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for utimes in -lc89" >&5
+$as_echo_n "checking for utimes in -lc89... " >&6; }
+if ${ac_cv_lib_c89_utimes+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lc89 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char utimes ();
+int
+main ()
+{
+return utimes ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_c89_utimes=yes
+else
+ ac_cv_lib_c89_utimes=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_utimes" >&5
+$as_echo "$ac_cv_lib_c89_utimes" >&6; }
+if test "x$ac_cv_lib_c89_utimes" = xyes; then :
+ $as_echo "#define HAVE_UTIMES 1" >>confdefs.h
+
+ LIBS="$LIBS -lc89"
+fi
+
+
+fi
+done
+
+
+for ac_header in bsd/libutil.h libutil.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing fmt_scaled" >&5
+$as_echo_n "checking for library containing fmt_scaled... " >&6; }
+if ${ac_cv_search_fmt_scaled+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char fmt_scaled ();
+int
+main ()
+{
+return fmt_scaled ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_fmt_scaled=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_fmt_scaled+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_fmt_scaled+:} false; then :
+
+else
+ ac_cv_search_fmt_scaled=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_fmt_scaled" >&5
+$as_echo "$ac_cv_search_fmt_scaled" >&6; }
+ac_res=$ac_cv_search_fmt_scaled
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5
+$as_echo_n "checking for library containing scan_scaled... " >&6; }
+if ${ac_cv_search_scan_scaled+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char scan_scaled ();
+int
+main ()
+{
+return scan_scaled ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_scan_scaled=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_scan_scaled+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_scan_scaled+:} false; then :
+
+else
+ ac_cv_search_scan_scaled=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5
+$as_echo "$ac_cv_search_scan_scaled" >&6; }
+ac_res=$ac_cv_search_scan_scaled
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5
+$as_echo_n "checking for library containing login... " >&6; }
+if ${ac_cv_search_login+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char login ();
+int
+main ()
+{
+return login ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_login=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_login+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_login+:} false; then :
+
+else
+ ac_cv_search_login=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_login" >&5
+$as_echo "$ac_cv_search_login" >&6; }
+ac_res=$ac_cv_search_login
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logout" >&5
+$as_echo_n "checking for library containing logout... " >&6; }
+if ${ac_cv_search_logout+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char logout ();
+int
+main ()
+{
+return logout ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_logout=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_logout+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_logout+:} false; then :
+
+else
+ ac_cv_search_logout=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logout" >&5
+$as_echo "$ac_cv_search_logout" >&6; }
+ac_res=$ac_cv_search_logout
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing logwtmp" >&5
+$as_echo_n "checking for library containing logwtmp... " >&6; }
+if ${ac_cv_search_logwtmp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char logwtmp ();
+int
+main ()
+{
+return logwtmp ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_logwtmp=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_logwtmp+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_logwtmp+:} false; then :
+
+else
+ ac_cv_search_logwtmp=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_logwtmp" >&5
+$as_echo "$ac_cv_search_logwtmp" >&6; }
+ac_res=$ac_cv_search_logwtmp
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5
+$as_echo_n "checking for library containing openpty... " >&6; }
+if ${ac_cv_search_openpty+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char openpty ();
+int
+main ()
+{
+return openpty ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_openpty=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_openpty+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_openpty+:} false; then :
+
+else
+ ac_cv_search_openpty=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5
+$as_echo "$ac_cv_search_openpty" >&6; }
+ac_res=$ac_cv_search_openpty
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing updwtmp" >&5
+$as_echo_n "checking for library containing updwtmp... " >&6; }
+if ${ac_cv_search_updwtmp+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char updwtmp ();
+int
+main ()
+{
+return updwtmp ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' util bsd; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_updwtmp=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_updwtmp+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_updwtmp+:} false; then :
+
+else
+ ac_cv_search_updwtmp=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_updwtmp" >&5
+$as_echo "$ac_cv_search_updwtmp" >&6; }
+ac_res=$ac_cv_search_updwtmp
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+for ac_func in strftime
+do :
+ ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
+if test "x$ac_cv_func_strftime" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+else
+ # strftime is in -lintl on SCO UNIX.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5
+$as_echo_n "checking for strftime in -lintl... " >&6; }
+if ${ac_cv_lib_intl_strftime+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strftime ();
+int
+main ()
+{
+return strftime ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_intl_strftime=yes
+else
+ ac_cv_lib_intl_strftime=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5
+$as_echo "$ac_cv_lib_intl_strftime" >&6; }
+if test "x$ac_cv_lib_intl_strftime" = xyes; then :
+ $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h
+
+LIBS="-lintl $LIBS"
+fi
+
+fi
+done
+
+
+# Check for ALTDIRFUNC glob() extension
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_ALTDIRFUNC support" >&5
+$as_echo_n "checking for GLOB_ALTDIRFUNC support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <glob.h>
+ #ifdef GLOB_ALTDIRFUNC
+ FOUNDIT
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "FOUNDIT" >/dev/null 2>&1; then :
+
+
+$as_echo "#define GLOB_HAS_ALTDIRFUNC 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f conftest*
+
+
+# Check for g.gl_matchc glob() extension
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_matchc field in glob_t" >&5
+$as_echo_n "checking for gl_matchc field in glob_t... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <glob.h>
+int
+main ()
+{
+ glob_t g; g.gl_matchc = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define GLOB_HAS_GL_MATCHC 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+# Check for g.gl_statv glob() extension
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gl_statv and GLOB_KEEPSTAT extensions for glob" >&5
+$as_echo_n "checking for gl_statv and GLOB_KEEPSTAT extensions for glob... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <glob.h>
+int
+main ()
+{
+
+#ifndef GLOB_KEEPSTAT
+#error "glob does not support GLOB_KEEPSTAT extension"
+#endif
+glob_t g;
+g.gl_statv = NULL;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define GLOB_HAS_GL_STATV 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ac_fn_c_check_decl "$LINENO" "GLOB_NOMATCH" "ac_cv_have_decl_GLOB_NOMATCH" "#include <glob.h>
+"
+if test "x$ac_cv_have_decl_GLOB_NOMATCH" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_GLOB_NOMATCH $ac_have_decl
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct dirent allocates space for d_name" >&5
+$as_echo_n "checking whether struct dirent allocates space for d_name... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME" >&2;}
+ $as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
+
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <dirent.h>
+int
+main ()
+{
+
+ struct dirent d;
+ exit(sizeof(d.d_name)<=sizeof(char));
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for /proc/pid/fd directory" >&5
+$as_echo_n "checking for /proc/pid/fd directory... " >&6; }
+if test -d "/proc/$$/fd" ; then
+
+$as_echo "#define HAVE_PROC_PID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+# Check whether user wants S/Key support
+SKEY_MSG="no"
+
+# Check whether --with-skey was given.
+if test "${with_skey+set}" = set; then :
+ withval=$with_skey;
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+
+$as_echo "#define SKEY 1" >>confdefs.h
+
+ LIBS="-lskey $LIBS"
+ SKEY_MSG="yes"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for s/key support" >&5
+$as_echo_n "checking for s/key support... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <skey.h>
+
+int
+main ()
+{
+
+ char *ff = skey_keyinfo(""); ff="";
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "** Incomplete or missing s/key libraries." "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if skeychallenge takes 4 arguments" >&5
+$as_echo_n "checking if skeychallenge takes 4 arguments... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <skey.h>
+
+int
+main ()
+{
+
+ (void)skeychallenge(NULL,"name","",0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define SKEYCHALLENGE_4ARG 1" >>confdefs.h
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+
+
+fi
+
+
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+
+# Check whether --with-tcp-wrappers was given.
+if test "${with_tcp_wrappers+set}" = set; then :
+ withval=$with_tcp_wrappers;
+ if test "x$withval" != "xno" ; then
+ saved_LIBS="$LIBS"
+ saved_LDFLAGS="$LDFLAGS"
+ saved_CPPFLAGS="$CPPFLAGS"
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
+ if test -d "${withval}/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "${withval}/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+ LIBS="-lwrap $LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libwrap" >&5
+$as_echo_n "checking for libwrap... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <tcpd.h>
+int deny_severity = 0, allow_severity = 0;
+
+int
+main ()
+{
+
+ hosts_access(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define LIBWRAP 1" >>confdefs.h
+
+ SSHDLIBS="$SSHDLIBS -lwrap"
+ TCPW_MSG="yes"
+
+else
+
+ as_fn_error $? "*** libwrap missing" "$LINENO" 5
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$saved_LIBS"
+ fi
+
+
+fi
+
+
+# Check whether user wants to use ldns
+LDNS_MSG="no"
+
+# Check whether --with-ldns was given.
+if test "${with_ldns+set}" = set; then :
+ withval=$with_ldns;
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+
+$as_echo "#define HAVE_LDNS 1" >>confdefs.h
+
+ LIBS="-lldns $LIBS"
+ LDNS_MSG="yes"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
+$as_echo_n "checking for ldns support... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <ldns/ldns.h>
+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
+
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "** Incomplete or missing ldns libraries." "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+
+
+fi
+
+
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+
+# Check whether --with-libedit was given.
+if test "${with_libedit+set}" = set; then :
+ withval=$with_libedit; if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKGCONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PKGCONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKGCONFIG=$ac_cv_path_PKGCONFIG
+if test -n "$PKGCONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5
+$as_echo "$PKGCONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKGCONFIG"; then
+ ac_pt_PKGCONFIG=$PKGCONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ac_pt_PKGCONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
+if test -n "$ac_pt_PKGCONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
+$as_echo "$ac_pt_PKGCONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKGCONFIG" = x; then
+ PKGCONFIG="no"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PKGCONFIG=$ac_pt_PKGCONFIG
+ fi
+else
+ PKGCONFIG="$ac_cv_path_PKGCONFIG"
+fi
+
+ if test "x$PKGCONFIG" != "xno"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5
+$as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; }
+ if "$PKGCONFIG" libedit; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ use_pkgconfig_for_libedit=yes
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ fi
+ else
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+ if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+ LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+ else
+ LIBEDIT="-ledit -lcurses"
+ fi
+ OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for el_init in -ledit" >&5
+$as_echo_n "checking for el_init in -ledit... " >&6; }
+if ${ac_cv_lib_edit_el_init+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ledit $OTHERLIBS
+ $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char el_init ();
+int
+main ()
+{
+return el_init ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_edit_el_init=yes
+else
+ ac_cv_lib_edit_el_init=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_edit_el_init" >&5
+$as_echo "$ac_cv_lib_edit_el_init" >&6; }
+if test "x$ac_cv_lib_edit_el_init" = xyes; then :
+
+$as_echo "#define USE_LIBEDIT 1" >>confdefs.h
+
+ LIBEDIT_MSG="yes"
+
+
+else
+ as_fn_error $? "libedit not found" "$LINENO" 5
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libedit version is compatible" >&5
+$as_echo_n "checking if libedit version is compatible... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <histedit.h>
+int
+main ()
+{
+
+ int i = H_SETSIZE;
+ el_init("", NULL, NULL, NULL);
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "libedit version is not compatible" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+
+fi
+
+
+AUDIT_MODULE=none
+
+# Check whether --with-audit was given.
+if test "${with_audit+set}" = set; then :
+ withval=$with_audit;
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported audit module" >&5
+$as_echo_n "checking for supported audit module... " >&6; }
+ case "$withval" in
+ bsm)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: bsm" >&5
+$as_echo "bsm" >&6; }
+ AUDIT_MODULE=bsm
+ for ac_header in bsm/audit.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "bsm/audit.h" "ac_cv_header_bsm_audit_h" "
+#ifdef HAVE_TIME_H
+# include <time.h>
+#endif
+
+
+"
+if test "x$ac_cv_header_bsm_audit_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_BSM_AUDIT_H 1
+_ACEOF
+
+else
+ as_fn_error $? "BSM enabled and bsm/audit.h not found" "$LINENO" 5
+fi
+
+done
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaudit in -lbsm" >&5
+$as_echo_n "checking for getaudit in -lbsm... " >&6; }
+if ${ac_cv_lib_bsm_getaudit+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsm $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getaudit ();
+int
+main ()
+{
+return getaudit ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_bsm_getaudit=yes
+else
+ ac_cv_lib_bsm_getaudit=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsm_getaudit" >&5
+$as_echo "$ac_cv_lib_bsm_getaudit" >&6; }
+if test "x$ac_cv_lib_bsm_getaudit" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBBSM 1
+_ACEOF
+
+ LIBS="-lbsm $LIBS"
+
+else
+ as_fn_error $? "BSM enabled and required library not found" "$LINENO" 5
+fi
+
+ for ac_func in getaudit
+do :
+ ac_fn_c_check_func "$LINENO" "getaudit" "ac_cv_func_getaudit"
+if test "x$ac_cv_func_getaudit" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETAUDIT 1
+_ACEOF
+
+else
+ as_fn_error $? "BSM enabled and required function not found" "$LINENO" 5
+fi
+done
+
+ # These are optional
+ for ac_func in getaudit_addr aug_get_machine
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+$as_echo "#define USE_BSM_AUDIT 1" >>confdefs.h
+
+ if test "$sol2ver" -eq 11; then
+ SSHDLIBS="$SSHDLIBS -lscf"
+
+$as_echo "#define BROKEN_BSM_API 1" >>confdefs.h
+
+ fi
+ ;;
+ linux)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: linux" >&5
+$as_echo "linux" >&6; }
+ AUDIT_MODULE=linux
+ for ac_header in libaudit.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default"
+if test "x$ac_cv_header_libaudit_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBAUDIT_H 1
+_ACEOF
+
+fi
+
+done
+
+ SSHDLIBS="$SSHDLIBS -laudit"
+
+$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h
+
+ ;;
+ debug)
+ AUDIT_MODULE=debug
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
+$as_echo "debug" >&6; }
+
+$as_echo "#define SSH_AUDIT_EVENTS 1" >>confdefs.h
+
+ ;;
+ no)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ *)
+ as_fn_error $? "Unknown audit module $withval" "$LINENO" 5
+ ;;
+ esac
+
+fi
+
+
+for ac_func in \
+ arc4random \
+ arc4random_buf \
+ arc4random_uniform \
+ asprintf \
+ b64_ntop \
+ __b64_ntop \
+ b64_pton \
+ __b64_pton \
+ bcopy \
+ bindresvport_sa \
+ clock \
+ closefrom \
+ dirfd \
+ endgrent \
+ fchmod \
+ fchown \
+ freeaddrinfo \
+ fstatvfs \
+ futimes \
+ getaddrinfo \
+ getcwd \
+ getgrouplist \
+ getnameinfo \
+ getopt \
+ getpeereid \
+ getpeerucred \
+ getpgid \
+ getpgrp \
+ _getpty \
+ getrlimit \
+ getttyent \
+ glob \
+ group_from_gid \
+ inet_aton \
+ inet_ntoa \
+ inet_ntop \
+ innetgr \
+ login_getcapbool \
+ mblen \
+ md5_crypt \
+ memmove \
+ mkdtemp \
+ mmap \
+ ngetaddrinfo \
+ nsleep \
+ ogetaddrinfo \
+ openlog_r \
+ poll \
+ prctl \
+ pstat \
+ readpassphrase \
+ realpath \
+ recvmsg \
+ rresvport_af \
+ sendmsg \
+ setdtablesize \
+ setegid \
+ setenv \
+ seteuid \
+ setgroupent \
+ setgroups \
+ setlinebuf \
+ setlogin \
+ setpassent\
+ setpcred \
+ setproctitle \
+ setregid \
+ setreuid \
+ setrlimit \
+ setsid \
+ setvbuf \
+ sigaction \
+ sigvec \
+ snprintf \
+ socketpair \
+ statfs \
+ statvfs \
+ strdup \
+ strerror \
+ strlcat \
+ strlcpy \
+ strmode \
+ strnlen \
+ strnvis \
+ strptime \
+ strtonum \
+ strtoll \
+ strtoul \
+ strtoull \
+ swap32 \
+ sysconf \
+ tcgetpgrp \
+ timingsafe_bcmp \
+ truncate \
+ unsetenv \
+ updwtmpx \
+ user_from_uid \
+ usleep \
+ vasprintf \
+ vhangup \
+ vsnprintf \
+ waitpid \
+
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <ctype.h>
+int
+main ()
+{
+ return (isblank('a'));
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# PKCS#11 support requires dlopen() and co
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5
+$as_echo_n "checking for library containing dlopen... " >&6; }
+if ${ac_cv_search_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' dl; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dlopen=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dlopen+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dlopen+:} false; then :
+
+else
+ ac_cv_search_dlopen=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5
+$as_echo "$ac_cv_search_dlopen" >&6; }
+ac_res=$ac_cv_search_dlopen
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define ENABLE_PKCS11 /**/" >>confdefs.h
+
+
+fi
+
+
+# IRIX has a const char return value for gai_strerror()
+for ac_func in gai_strerror
+do :
+ ac_fn_c_check_func "$LINENO" "gai_strerror" "ac_cv_func_gai_strerror"
+if test "x$ac_cv_func_gai_strerror" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GAI_STRERROR 1
+_ACEOF
+
+ $as_echo "#define HAVE_GAI_STRERROR 1" >>confdefs.h
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);
+
+int
+main ()
+{
+
+ char *str;
+ str = gai_strerror(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define HAVE_CONST_GAI_STRERROR_PROTO 1" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+done
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5
+$as_echo_n "checking for library containing nanosleep... " >&6; }
+if ${ac_cv_search_nanosleep+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char nanosleep ();
+int
+main ()
+{
+return nanosleep ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' rt posix4; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_nanosleep=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_nanosleep+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_nanosleep+:} false; then :
+
+else
+ ac_cv_search_nanosleep=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5
+$as_echo "$ac_cv_search_nanosleep" >&6; }
+ac_res=$ac_cv_search_nanosleep
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
+$as_echo_n "checking for library containing clock_gettime... " >&6; }
+if ${ac_cv_search_clock_gettime+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime ();
+int
+main ()
+{
+return clock_gettime ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' rt; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_clock_gettime=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_clock_gettime+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_clock_gettime+:} false; then :
+
+else
+ ac_cv_search_clock_gettime=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
+$as_echo "$ac_cv_search_clock_gettime" >&6; }
+ac_res=$ac_cv_search_clock_gettime
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h
+
+fi
+
+
+ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default"
+if test "x$ac_cv_have_decl_getrusage" = xyes; then :
+ for ac_func in getrusage
+do :
+ ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage"
+if test "x$ac_cv_func_getrusage" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETRUSAGE 1
+_ACEOF
+
+fi
+done
+
+fi
+
+ac_fn_c_check_decl "$LINENO" "strsep" "ac_cv_have_decl_strsep" "
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_strsep" = xyes; then :
+ for ac_func in strsep
+do :
+ ac_fn_c_check_func "$LINENO" "strsep" "ac_cv_func_strsep"
+if test "x$ac_cv_func_strsep" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRSEP 1
+_ACEOF
+
+fi
+done
+
+fi
+
+
+ac_fn_c_check_decl "$LINENO" "tcsendbreak" "ac_cv_have_decl_tcsendbreak" "#include <termios.h>
+
+"
+if test "x$ac_cv_have_decl_tcsendbreak" = xyes; then :
+ $as_echo "#define HAVE_TCSENDBREAK 1" >>confdefs.h
+
+else
+ for ac_func in tcsendbreak
+do :
+ ac_fn_c_check_func "$LINENO" "tcsendbreak" "ac_cv_func_tcsendbreak"
+if test "x$ac_cv_func_tcsendbreak" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TCSENDBREAK 1
+_ACEOF
+
+fi
+done
+
+fi
+
+
+ac_fn_c_check_decl "$LINENO" "h_errno" "ac_cv_have_decl_h_errno" "#include <netdb.h>
+"
+if test "x$ac_cv_have_decl_h_errno" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_H_ERRNO $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "SHUT_RD" "ac_cv_have_decl_SHUT_RD" "
+#include <sys/types.h>
+#include <sys/socket.h>
+
+"
+if test "x$ac_cv_have_decl_SHUT_RD" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SHUT_RD $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "O_NONBLOCK" "ac_cv_have_decl_O_NONBLOCK" "
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_O_NONBLOCK" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_O_NONBLOCK $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "writev" "ac_cv_have_decl_writev" "
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+"
+if test "x$ac_cv_have_decl_writev" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_WRITEV $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "MAXSYMLINKS" "ac_cv_have_decl_MAXSYMLINKS" "
+#include <sys/param.h>
+
+"
+if test "x$ac_cv_have_decl_MAXSYMLINKS" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_MAXSYMLINKS $ac_have_decl
+_ACEOF
+
+
+ac_fn_c_check_decl "$LINENO" "offsetof" "ac_cv_have_decl_offsetof" "
+#include <stddef.h>
+
+"
+if test "x$ac_cv_have_decl_offsetof" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_OFFSETOF $ac_have_decl
+_ACEOF
+
+
+# extra bits for select(2)
+ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" "
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_howmany" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_HOWMANY $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" "
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_NFDBITS" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_NFDBITS $ac_have_decl
+_ACEOF
+
+ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" "
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+"
+if test "x$ac_cv_type_fd_mask" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FD_MASK 1
+_ACEOF
+
+
+fi
+
+
+for ac_func in setresuid
+do :
+ ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
+if test "x$ac_cv_func_setresuid" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETRESUID 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresuid seems to work" >&5
+$as_echo_n "checking if setresuid seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <errno.h>
+
+int
+main ()
+{
+
+ errno=0;
+ setresuid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+$as_echo "#define BROKEN_SETRESUID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
+$as_echo "not implemented" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+done
+
+
+for ac_func in setresgid
+do :
+ ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid"
+if test "x$ac_cv_func_setresgid" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SETRESGID 1
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if setresgid seems to work" >&5
+$as_echo_n "checking if setresgid seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking setresuid" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking setresuid" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#include <errno.h>
+
+int
+main ()
+{
+
+ errno=0;
+ setresgid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+$as_echo "#define BROKEN_SETRESGID 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not implemented" >&5
+$as_echo "not implemented" >&6; }
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+done
+
+
+for ac_func in gettimeofday time
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in endutent getutent getutid getutline pututline setutent
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in utmpname
+do :
+ ac_fn_c_check_func "$LINENO" "utmpname" "ac_cv_func_utmpname"
+if test "x$ac_cv_func_utmpname" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_UTMPNAME 1
+_ACEOF
+
+fi
+done
+
+for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in setutxdb setutxent utmpxname
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in getlastlogxbyname
+do :
+ ac_fn_c_check_func "$LINENO" "getlastlogxbyname" "ac_cv_func_getlastlogxbyname"
+if test "x$ac_cv_func_getlastlogxbyname" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETLASTLOGXBYNAME 1
+_ACEOF
+
+fi
+done
+
+
+ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon"
+if test "x$ac_cv_func_daemon" = xyes; then :
+
+$as_echo "#define HAVE_DAEMON 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for daemon in -lbsd" >&5
+$as_echo_n "checking for daemon in -lbsd... " >&6; }
+if ${ac_cv_lib_bsd_daemon+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsd $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char daemon ();
+int
+main ()
+{
+return daemon ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_bsd_daemon=yes
+else
+ ac_cv_lib_bsd_daemon=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_daemon" >&5
+$as_echo "$ac_cv_lib_bsd_daemon" >&6; }
+if test "x$ac_cv_lib_bsd_daemon" = xyes; then :
+ LIBS="$LIBS -lbsd"; $as_echo "#define HAVE_DAEMON 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize"
+if test "x$ac_cv_func_getpagesize" = xyes; then :
+
+$as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize in -lucb" >&5
+$as_echo_n "checking for getpagesize in -lucb... " >&6; }
+if ${ac_cv_lib_ucb_getpagesize+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lucb $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getpagesize ();
+int
+main ()
+{
+return getpagesize ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_ucb_getpagesize=yes
+else
+ ac_cv_lib_ucb_getpagesize=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ucb_getpagesize" >&5
+$as_echo "$ac_cv_lib_ucb_getpagesize" >&6; }
+if test "x$ac_cv_lib_ucb_getpagesize" = xyes; then :
+ LIBS="$LIBS -lucb"; $as_echo "#define HAVE_GETPAGESIZE 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+# Check for broken snprintf
+if test "x$ac_cv_func_snprintf" = "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf correctly terminates long strings" >&5
+$as_echo_n "checking whether snprintf correctly terminates long strings... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
+$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+
+ char b[5];
+ snprintf(b,5,"123456789");
+ exit(b[4]!='\0');
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
+$as_echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+# If we don't have a working asprintf, then we strongly depend on vsnprintf
+# returning the right thing on overflow: the number of characters it tried to
+# create (as per SUSv3)
+if test "x$ac_cv_func_asprintf" != "xyes" && \
+ test "x$ac_cv_func_vsnprintf" = "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether vsnprintf returns correct values on overflow" >&5
+$as_echo_n "checking whether vsnprintf returns correct values on overflow... " >&6; }
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working vsnprintf()" >&5
+$as_echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+int x_snprintf(char *str,size_t count,const char *fmt,...)
+{
+ size_t ret; va_list ap;
+ va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
+ return ret;
+}
+
+int
+main ()
+{
+
+ char x[1];
+ exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5
+$as_echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;}
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+# On systems where [v]snprintf is broken, but is declared in stdio,
+# check that the fmt argument is const char * or just char *.
+# This is only useful for when BROKEN_SNPRINTF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf can declare const char *fmt" >&5
+$as_echo_n "checking whether snprintf can declare const char *fmt... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
+
+int
+main ()
+{
+
+ snprintf(0, 0, 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define SNPRINTF_CONST const" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define SNPRINTF_CONST /* not const */" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system supports SO_PEERCRED getsockopt" >&5
+$as_echo_n "checking whether system supports SO_PEERCRED getsockopt... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+int
+main ()
+{
+int i = SO_PEERCRED;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NO_PEERCHECK=1
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for (overly) strict mkstemp" >&5
+$as_echo_n "checking for (overly) strict mkstemp... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
+
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ char template[]="conftest.mkstemp-test";
+ if (mkstemp(template) == -1)
+ exit(1);
+ unlink(template);
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE_STRICT_MKSTEMP 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test ! -z "$check_for_openpty_ctty_bug"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if openpty correctly handles controlling tty" >&5
+$as_echo_n "checking if openpty correctly handles controlling tty... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
+$as_echo "cross-compiling, assuming yes" >&6; }
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+int
+main ()
+{
+
+ pid_t pid;
+ int fd, ptyfd, ttyfd, status;
+
+ pid = fork();
+ if (pid < 0) { /* failed */
+ exit(1);
+ } else if (pid > 0) { /* parent */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
+ else
+ exit(2);
+ } else { /* child */
+ close(0); close(1); close(2);
+ setsid();
+ openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
+ if (fd >= 0)
+ exit(3); /* Acquired ctty: broken */
+ else
+ exit(0); /* Did not acquire ctty: OK */
+ }
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
+$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
+$as_echo "cross-compiling, assuming yes" >&6; }
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main ()
+{
+
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if getaddrinfo seems to work" >&5
+$as_echo_n "checking if getaddrinfo seems to work... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming no" >&5
+$as_echo "cross-compiling, assuming no" >&6; }
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main ()
+{
+
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (ai->ai_family == AF_INET && err != 0) {
+ perror("getnameinfo");
+ exit(2);
+ }
+ }
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define AIX_GETNAMEINFO_HACK 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ $as_echo "#define BROKEN_GETADDRINFO 1" >>confdefs.h
+
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for conflicting getspnam in shadow.h" >&5
+$as_echo_n "checking for conflicting getspnam in shadow.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <shadow.h>
+int
+main ()
+{
+ exit(0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define GETSPNAM_CONFLICTING_DEFS 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getpgrp requires zero arguments" >&5
+$as_echo_n "checking whether getpgrp requires zero arguments... " >&6; }
+if ${ac_cv_func_getpgrp_void+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Use it with a single arg.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+getpgrp (0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_func_getpgrp_void=no
+else
+ ac_cv_func_getpgrp_void=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getpgrp_void" >&5
+$as_echo "$ac_cv_func_getpgrp_void" >&6; }
+if test $ac_cv_func_getpgrp_void = yes; then
+
+$as_echo "#define GETPGRP_VOID 1" >>confdefs.h
+
+fi
+
+
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
+
+# Check whether --with-ssl-dir was given.
+if test "${with_ssl_dir+set}" = set; then :
+ withval=$with_ssl_dir;
+ if test "x$withval" != "xno" ; then
+ case "$withval" in
+ # Relative paths
+ ./*|../*) withval="`pwd`/$withval"
+ esac
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ elif test -d "$withval/lib64"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+
+
+fi
+
+LIBS="-lcrypto $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_add ();
+int
+main ()
+{
+return RAND_add ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
+
+else
+
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
+if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then :
+
+else
+ as_fn_error $? "*** OpenSSL headers missing - please install first or check config.log ***" "$LINENO" 5
+fi
+
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char RAND_add ();
+int
+main ()
+{
+return RAND_add ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
+
+else
+
+ as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Determine OpenSSL header version
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5
+$as_echo_n "checking OpenSSL header version... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#define DATA "conftest.sslincver"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
+ exit(1);
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ ssl_header_ver=`cat conftest.sslincver`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_header_ver" >&5
+$as_echo "$ssl_header_ver" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ as_fn_error $? "OpenSSL version header not found." "$LINENO" 5
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+# Determine OpenSSL library version
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5
+$as_echo_n "checking OpenSSL library version... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#define DATA "conftest.ssllibver"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+ exit(1);
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ ssl_library_ver=`cat conftest.ssllibver`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
+$as_echo "$ssl_library_ver" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ as_fn_error $? "OpenSSL library not found." "$LINENO" 5
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+
+# Check whether --with-openssl-header-check was given.
+if test "${with_openssl_header_check+set}" = set; then :
+ withval=$with_openssl_header_check; if test "x$withval" = "xno" ; then
+ openssl_check_nonfatal=1
+ fi
+
+
+fi
+
+
+# Sanity check OpenSSL headers
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's headers match the library" >&5
+$as_echo_n "checking whether OpenSSL's headers match the library... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/opensslv.h>
+
+int
+main ()
+{
+
+ exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ if test "x$openssl_check_nonfatal" = "x"; then
+ as_fn_error $? "Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running \"./configure --without-openssl-header-check\".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your OpenSSL headers do not match your
+library. Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches." >&5
+$as_echo "$as_me: WARNING: Your OpenSSL headers do not match your
+library. Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches." >&2;}
+ fi
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL functions will link" >&5
+$as_echo_n "checking if programs using OpenSSL functions will link... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <openssl/evp.h>
+int
+main ()
+{
+ SSLeay_add_all_algorithms();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -ldl"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if programs using OpenSSL need -ldl" >&5
+$as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <openssl/evp.h>
+int
+main ()
+{
+ SSLeay_add_all_algorithms();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBS="$saved_LIBS"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+for ac_func in RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+# Check whether --with-ssl-engine was given.
+if test "${with_ssl_engine+set}" = set; then :
+ withval=$with_ssl_engine; if test "x$withval" != "xno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5
+$as_echo_n "checking for OpenSSL ENGINE support... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <openssl/engine.h>
+
+int
+main ()
+{
+
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define USE_OPENSSL_ENGINE 1" >>confdefs.h
+
+
+else
+ as_fn_error $? "OpenSSL ENGINE support not found" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+
+fi
+
+
+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5
+$as_echo_n "checking whether OpenSSL has crippled AES support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_LOBOTOMISED_AES 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Check for OpenSSL with EVP_aes_*ctr
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES CTR via EVP" >&5
+$as_echo_n "checking whether OpenSSL has AES CTR via EVP... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ exit(EVP_aes_128_ctr() == NULL ||
+ EVP_aes_192_cbc() == NULL ||
+ EVP_aes_256_cbc() == NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_HAVE_EVPCTR 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Check for OpenSSL with EVP_aes_*gcm
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has AES GCM via EVP" >&5
+$as_echo_n "checking whether OpenSSL has AES GCM via EVP... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ exit(EVP_aes_128_gcm() == NULL ||
+ EVP_aes_256_gcm() == NULL ||
+ EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
+ EVP_CTRL_GCM_IV_GEN == 0 ||
+ EVP_CTRL_GCM_SET_TAG == 0 ||
+ EVP_CTRL_GCM_GET_TAG == 0 ||
+ EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_HAVE_EVPGCM 1" >>confdefs.h
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ unsupported_algorithms="$unsupported_cipers \
+ aes128-gcm@openssh.com aes256-gcm@openssh.com"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5
+$as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; }
+if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char EVP_CIPHER_CTX_ctrl ();
+int
+main ()
+{
+return EVP_CIPHER_CTX_ctrl ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' crypto; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
+
+else
+ ac_cv_search_EVP_CIPHER_CTX_ctrl=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5
+$as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; }
+ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5
+$as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/evp.h>
+
+int
+main ()
+{
+
+ if(EVP_DigestUpdate(NULL, NULL,0))
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define OPENSSL_EVP_DIGESTUPDATE_VOID 1" >>confdefs.h
+
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
+$as_echo_n "checking for crypt in -lcrypt... " >&6; }
+if ${ac_cv_lib_crypt_crypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypt $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypt_crypt=yes
+else
+ ac_cv_lib_crypt_crypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
+$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
+if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBCRYPT 1
+_ACEOF
+
+ LIBS="-lcrypt $LIBS"
+
+fi
+
+fi
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
+# version in OpenSSL.
+if test "x$check_for_libcrypt_later" = "x1"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypt in -lcrypt" >&5
+$as_echo_n "checking for crypt in -lcrypt... " >&6; }
+if ${ac_cv_lib_crypt_crypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcrypt $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_crypt_crypt=yes
+else
+ ac_cv_lib_crypt_crypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypt_crypt" >&5
+$as_echo "$ac_cv_lib_crypt_crypt" >&6; }
+if test "x$ac_cv_lib_crypt_crypt" = xyes; then :
+ LIBS="$LIBS -lcrypt"
+fi
+
+fi
+for ac_func in crypt DES_crypt
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+# Search for SHA256 support in libc and/or OpenSSL
+for ac_func in SHA256_Update EVP_sha256
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ TEST_SSH_SHA256=yes
+else
+ TEST_SSH_SHA256=no
+ unsupported_algorithms="$unsupported_algorithms \
+ hmac-sha2-256 hmac-sha2-512 \
+ diffie-hellman-group-exchange-sha256 \
+ hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
+
+
+fi
+done
+
+
+
+# Check complete ECC support in OpenSSL
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has complete ECC support" >&5
+$as_echo_n "checking whether OpenSSL has complete ECC support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+
+int
+main ()
+{
+
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
+ const EVP_MD *m = EVP_sha512(); /* We need this too */
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
+
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ TEST_SSH_ECC=no
+ COMMENT_OUT_ECC="#no ecc#"
+ unsupported_algorithms="$unsupported_algorithms \
+ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp256-cert-v01@openssh.com \
+ ecdsa-sha2-nistp384-cert-v01@openssh.com \
+ ecdsa-sha2-nistp521-cert-v01@openssh.com \
+ ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+
+
+saved_LIBS="$LIBS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ia_openinfo in -liaf" >&5
+$as_echo_n "checking for ia_openinfo in -liaf... " >&6; }
+if ${ac_cv_lib_iaf_ia_openinfo+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-liaf $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ia_openinfo ();
+int
+main ()
+{
+return ia_openinfo ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_iaf_ia_openinfo=yes
+else
+ ac_cv_lib_iaf_ia_openinfo=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iaf_ia_openinfo" >&5
+$as_echo "$ac_cv_lib_iaf_ia_openinfo" >&6; }
+if test "x$ac_cv_lib_iaf_ia_openinfo" = xyes; then :
+
+ LIBS="$LIBS -liaf"
+ for ac_func in set_id
+do :
+ ac_fn_c_check_func "$LINENO" "set_id" "ac_cv_func_set_id"
+if test "x$ac_cv_func_set_id" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SET_ID 1
+_ACEOF
+ SSHDLIBS="$SSHDLIBS -liaf"
+
+$as_echo "#define HAVE_LIBIAF 1" >>confdefs.h
+
+
+fi
+done
+
+
+fi
+
+LIBS="$saved_LIBS"
+
+### Configure cryptographic random number support
+
+# Check wheter OpenSSL seeds itself
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL's PRNG is internally seeded" >&5
+$as_echo_n "checking whether OpenSSL's PRNG is internally seeded... " >&6; }
+if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+ # This is safe, since we will fatal() at runtime if
+ # OpenSSL is not seeded correctly.
+ OPENSSL_SEEDS_ITSELF=yes
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <string.h>
+#include <openssl/rand.h>
+
+int
+main ()
+{
+
+ exit(RAND_status() == 1 ? 0 : 1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ OPENSSL_SEEDS_ITSELF=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+# PRNGD TCP socket
+
+# Check whether --with-prngd-port was given.
+if test "${with_prngd_port+set}" = set; then :
+ withval=$with_prngd_port;
+ case "$withval" in
+ no)
+ withval=""
+ ;;
+ [0-9]*)
+ ;;
+ *)
+ as_fn_error $? "You must specify a numeric port number for --with-prngd-port" "$LINENO" 5
+ ;;
+ esac
+ if test ! -z "$withval" ; then
+ PRNGD_PORT="$withval"
+
+cat >>confdefs.h <<_ACEOF
+#define PRNGD_PORT $PRNGD_PORT
+_ACEOF
+
+ fi
+
+
+fi
+
+
+# PRNGD Unix domain socket
+
+# Check whether --with-prngd-socket was given.
+if test "${with_prngd_socket+set}" = set; then :
+ withval=$with_prngd_socket;
+ case "$withval" in
+ yes)
+ withval="/var/run/egd-pool"
+ ;;
+ no)
+ withval=""
+ ;;
+ /*)
+ ;;
+ *)
+ as_fn_error $? "You must specify an absolute path to the entropy socket" "$LINENO" 5
+ ;;
+ esac
+
+ if test ! -z "$withval" ; then
+ if test ! -z "$PRNGD_PORT" ; then
+ as_fn_error $? "You may not specify both a PRNGD/EGD port and socket" "$LINENO" 5
+ fi
+ if test ! -r "$withval" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Entropy socket is not readable" >&5
+$as_echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
+ fi
+ PRNGD_SOCKET="$withval"
+
+cat >>confdefs.h <<_ACEOF
+#define PRNGD_SOCKET "$PRNGD_SOCKET"
+_ACEOF
+
+ fi
+
+else
+
+ # Check for existing socket only if we don't have a random device already
+ if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PRNGD/EGD socket" >&5
+$as_echo_n "checking for PRNGD/EGD socket... " >&6; }
+ # Insert other locations here
+ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
+ PRNGD_SOCKET="$sock"
+ cat >>confdefs.h <<_ACEOF
+#define PRNGD_SOCKET "$PRNGD_SOCKET"
+_ACEOF
+
+ break;
+ fi
+ done
+ if test ! -z "$PRNGD_SOCKET" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PRNGD_SOCKET" >&5
+$as_echo "$PRNGD_SOCKET" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+ fi
+ fi
+
+
+fi
+
+
+# Which randomness source do we use?
+if test ! -z "$PRNGD_PORT" ; then
+ RAND_MSG="PRNGd port $PRNGD_PORT"
+elif test ! -z "$PRNGD_SOCKET" ; then
+ RAND_MSG="PRNGd socket $PRNGD_SOCKET"
+elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
+
+$as_echo "#define OPENSSL_PRNG_ONLY 1" >>confdefs.h
+
+ RAND_MSG="OpenSSL internal ONLY"
+else
+ as_fn_error $? "OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options" "$LINENO" 5
+fi
+
+# Check for PAM libs
+PAM_MSG="no"
+
+# Check whether --with-pam was given.
+if test "${with_pam+set}" = set; then :
+ withval=$with_pam;
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ as_fn_error $? "PAM headers not found" "$LINENO" 5
+ fi
+
+ saved_LIBS="$LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_set_item in -lpam" >&5
+$as_echo_n "checking for pam_set_item in -lpam... " >&6; }
+if ${ac_cv_lib_pam_pam_set_item+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpam $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pam_set_item ();
+int
+main ()
+{
+return pam_set_item ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pam_pam_set_item=yes
+else
+ ac_cv_lib_pam_pam_set_item=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_set_item" >&5
+$as_echo "$ac_cv_lib_pam_pam_set_item" >&6; }
+if test "x$ac_cv_lib_pam_pam_set_item" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPAM 1
+_ACEOF
+
+ LIBS="-lpam $LIBS"
+
+else
+ as_fn_error $? "*** libpam missing" "$LINENO" 5
+fi
+
+ for ac_func in pam_getenvlist
+do :
+ ac_fn_c_check_func "$LINENO" "pam_getenvlist" "ac_cv_func_pam_getenvlist"
+if test "x$ac_cv_func_pam_getenvlist" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PAM_GETENVLIST 1
+_ACEOF
+
+fi
+done
+
+ for ac_func in pam_putenv
+do :
+ ac_fn_c_check_func "$LINENO" "pam_putenv" "ac_cv_func_pam_putenv"
+if test "x$ac_cv_func_pam_putenv" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_PAM_PUTENV 1
+_ACEOF
+
+fi
+done
+
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ SSHDLIBS="$SSHDLIBS -lpam"
+
+$as_echo "#define USE_PAM 1" >>confdefs.h
+
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ SSHDLIBS="$SSHDLIBS -ldl"
+ ;;
+ esac
+ fi
+ fi
+
+
+fi
+
+
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pam_strerror takes only one argument" >&5
+$as_echo_n "checking whether pam_strerror takes only one argument... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+
+int
+main ()
+{
+
+(void)pam_strerror((pam_handle_t *)NULL, -1);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+
+
+$as_echo "#define HAVE_OLD_PAM 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ PAM_MSG="yes (old library)"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+SSH_PRIVSEP_USER=sshd
+
+# Check whether --with-privsep-user was given.
+if test "${with_privsep_user+set}" = set; then :
+ withval=$with_privsep_user;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ SSH_PRIVSEP_USER=$withval
+ fi
+
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER"
+_ACEOF
+
+
+
+if test "x$have_linux_no_new_privs" = "x1" ; then
+ac_fn_c_check_decl "$LINENO" "SECCOMP_MODE_FILTER" "ac_cv_have_decl_SECCOMP_MODE_FILTER" "
+ #include <sys/types.h>
+ #include <linux/seccomp.h>
+
+"
+if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then :
+ have_seccomp_filter=1
+fi
+
+fi
+if test "x$have_seccomp_filter" = "x1" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
+$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <errno.h>
+ #include <elf.h>
+ #include <linux/audit.h>
+ #include <linux/seccomp.h>
+ #include <stdlib.h>
+ #include <sys/prctl.h>
+
+int
+main ()
+{
+ int i = $seccomp_audit_arch;
+ errno = 0;
+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+ exit(errno == EFAULT ? 0 : 1);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ # Disable seccomp filter as a target
+ have_seccomp_filter=0
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+
+# Decide which sandbox style to use
+sandbox_arg=""
+
+# Check whether --with-sandbox was given.
+if test "${with_sandbox+set}" = set; then :
+ withval=$with_sandbox;
+ if test "x$withval" = "xyes" ; then
+ sandbox_arg=""
+ else
+ sandbox_arg="$withval"
+ fi
+
+
+fi
+
+
+# Some platforms (seems to be the ones that have a kernel poll(2)-type
+# function with which they implement select(2)) use an extra file descriptor
+# when calling select(2), which means we can't use the rlimit sandbox.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5
+$as_echo_n "checking if select works with descriptor rlimit... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+ struct timeval tv;
+
+ fd = open("/dev/null", O_RDONLY);
+ FD_ZERO(&fds);
+ FD_SET(fd, &fds);
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ setrlimit(RLIMIT_FSIZE, &rl_zero);
+ setrlimit(RLIMIT_NOFILE, &rl_zero);
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ r = select(fd+1, &fds, NULL, NULL, &tv);
+ exit (r == -1 ? 1 : 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ select_works_with_rlimit=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ select_works_with_rlimit=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit(RLIMIT_NOFILE,{0,0}) works" >&5
+$as_echo_n "checking if setrlimit(RLIMIT_NOFILE,{0,0}) works... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#include <errno.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ r = setrlimit(RLIMIT_NOFILE, &rl_zero);
+ exit (r == -1 ? 1 : 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ rlimit_nofile_zero_works=yes
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ rlimit_nofile_zero_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5
+$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; }
+if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+ struct rlimit rl_zero;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+if test "x$sandbox_arg" = "xsystrace" || \
+ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
+ test "x$have_systr_policy_kill" != "x1" && \
+ as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
+ SANDBOX_STYLE="systrace"
+
+$as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
+
+elif test "x$sandbox_arg" = "xdarwin" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
+ test "x$ac_cv_header_sandbox_h" = "xyes") ; then
+ test "x$ac_cv_func_sandbox_init" != "xyes" -o \
+ "x$ac_cv_header_sandbox_h" != "xyes" && \
+ as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
+ SANDBOX_STYLE="darwin"
+
+$as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
+
+elif test "x$sandbox_arg" = "xseccomp_filter" || \
+ ( test -z "$sandbox_arg" && \
+ test "x$have_seccomp_filter" = "x1" && \
+ test "x$ac_cv_header_elf_h" = "xyes" && \
+ test "x$ac_cv_header_linux_audit_h" = "xyes" && \
+ test "x$ac_cv_header_linux_filter_h" = "xyes" && \
+ test "x$seccomp_audit_arch" != "x" && \
+ test "x$have_linux_no_new_privs" = "x1" && \
+ test "x$ac_cv_func_prctl" = "xyes" ) ; then
+ test "x$seccomp_audit_arch" = "x" && \
+ as_fn_error $? "seccomp_filter sandbox not supported on $host" "$LINENO" 5
+ test "x$have_linux_no_new_privs" != "x1" && \
+ as_fn_error $? "seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS" "$LINENO" 5
+ test "x$have_seccomp_filter" != "x1" && \
+ as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
+ test "x$ac_cv_func_prctl" != "xyes" && \
+ as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
+ SANDBOX_STYLE="seccomp_filter"
+
+$as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
+
+elif test "x$sandbox_arg" = "xrlimit" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
+ test "x$select_works_with_rlimit" = "xyes" && \
+ test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
+ test "x$ac_cv_func_setrlimit" != "xyes" && \
+ as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
+ test "x$select_works_with_rlimit" != "xyes" && \
+ as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5
+ SANDBOX_STYLE="rlimit"
+
+$as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
+
+elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
+ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
+ SANDBOX_STYLE="none"
+
+$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
+
+else
+ as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
+fi
+
+# Cheap hack to ensure NEWS-OS libraries are arranged right.
+if test ! -z "$SONY" ; then
+ LIBS="$LIBS -liberty";
+fi
+
+# Check for long long datatypes
+ac_fn_c_check_type "$LINENO" "long long" "ac_cv_type_long_long" "$ac_includes_default"
+if test "x$ac_cv_type_long_long" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_LONG 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "unsigned long long" "ac_cv_type_unsigned_long_long" "$ac_includes_default"
+if test "x$ac_cv_type_unsigned_long_long" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UNSIGNED_LONG_LONG 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "long double" "ac_cv_type_long_double" "$ac_includes_default"
+if test "x$ac_cv_type_long_double" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LONG_DOUBLE 1
+_ACEOF
+
+
+fi
+
+
+# Check datatype sizes
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short int" >&5
+$as_echo_n "checking size of short int... " >&6; }
+if ${ac_cv_sizeof_short_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short int))" "ac_cv_sizeof_short_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_short_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (short int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_short_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short_int" >&5
+$as_echo "$ac_cv_sizeof_short_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
+$as_echo_n "checking size of int... " >&6; }
+if ${ac_cv_sizeof_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
+$as_echo "$ac_cv_sizeof_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_INT $ac_cv_sizeof_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
+$as_echo_n "checking size of long int... " >&6; }
+if ${ac_cv_sizeof_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long int" >&5
+$as_echo_n "checking size of long long int... " >&6; }
+if ${ac_cv_sizeof_long_long_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long int))" "ac_cv_sizeof_long_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long long int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_long_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int
+_ACEOF
+
+
+
+# Sanity check long long for some platforms (AIX)
+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
+ ac_cv_sizeof_long_long_int=0
+fi
+
+# compute LLONG_MIN and LLONG_MAX if we don't know them.
+if test -z "$have_llong_max"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for max value of long long" >&5
+$as_echo_n "checking for max value of long long... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+/* Why is this so damn hard? */
+#ifdef __GNUC__
+# undef __GNUC__
+#endif
+#define __USE_ISOC99
+#include <limits.h>
+#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+
+int
+main ()
+{
+
+ FILE *f;
+ long long i, llmin, llmax = 0;
+
+ if((f = fopen(DATA,"w")) == NULL)
+ exit(1);
+
+#if defined(LLONG_MIN) && defined(LLONG_MAX)
+ fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
+ llmin = LLONG_MIN;
+ llmax = LLONG_MAX;
+#else
+ fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
+ /* This will work on one's complement and two's complement */
+ for (i = 1; i > llmax; i <<= 1, i++)
+ llmax = i;
+ llmin = llmax + 1LL; /* wrap */
+#endif
+
+ /* Sanity check */
+ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
+ fprintf(f, "unknown unknown\n");
+ exit(2);
+ }
+
+ if (fprint_ll(f, llmin) < 0)
+ exit(3);
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ llong_min=`$AWK '{print $1}' conftest.llminmax`
+ llong_max=`$AWK '{print $2}' conftest.llminmax`
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_max" >&5
+$as_echo "$llong_max" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define LLONG_MAX ${llong_max}LL
+_ACEOF
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for min value of long long" >&5
+$as_echo_n "checking for min value of long long... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $llong_min" >&5
+$as_echo "$llong_min" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define LLONG_MIN ${llong_min}LL
+_ACEOF
+
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+
+# More checks for data types
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int type" >&5
+$as_echo_n "checking for u_int type... " >&6; }
+if ${ac_cv_have_u_int+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_int a; a = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_int="yes"
+else
+ ac_cv_have_u_int="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int" >&5
+$as_echo "$ac_cv_have_u_int" >&6; }
+if test "x$ac_cv_have_u_int" = "xyes" ; then
+
+$as_echo "#define HAVE_U_INT 1" >>confdefs.h
+
+ have_u_int=1
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types" >&5
+$as_echo_n "checking for intXX_t types... " >&6; }
+if ${ac_cv_have_intxx_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ int8_t a; int16_t b; int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_intxx_t="yes"
+else
+ ac_cv_have_intxx_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_intxx_t" >&5
+$as_echo "$ac_cv_have_intxx_t" >&6; }
+if test "x$ac_cv_have_intxx_t" = "xyes" ; then
+
+$as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
+
+ have_intxx_t=1
+fi
+
+if (test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_stdint_h" = "xyes")
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t types in stdint.h" >&5
+$as_echo_n "checking for intXX_t types in stdint.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdint.h>
+int
+main ()
+{
+ int8_t a; int16_t b; int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for int64_t type" >&5
+$as_echo_n "checking for int64_t type... " >&6; }
+if ${ac_cv_have_int64_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <sys/socket.h>
+#ifdef HAVE_SYS_BITYPES_H
+# include <sys/bitypes.h>
+#endif
+
+int
+main ()
+{
+
+int64_t a; a = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_int64_t="yes"
+else
+ ac_cv_have_int64_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_int64_t" >&5
+$as_echo "$ac_cv_have_int64_t" >&6; }
+if test "x$ac_cv_have_int64_t" = "xyes" ; then
+
+$as_echo "#define HAVE_INT64_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types" >&5
+$as_echo_n "checking for u_intXX_t types... " >&6; }
+if ${ac_cv_have_u_intxx_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_intxx_t="yes"
+else
+ ac_cv_have_u_intxx_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_intxx_t" >&5
+$as_echo "$ac_cv_have_u_intxx_t" >&6; }
+if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
+
+$as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
+
+ have_u_intxx_t=1
+fi
+
+if test -z "$have_u_intxx_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_intXX_t types in sys/socket.h" >&5
+$as_echo_n "checking for u_intXX_t types in sys/socket.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/socket.h>
+int
+main ()
+{
+ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t types" >&5
+$as_echo_n "checking for u_int64_t types... " >&6; }
+if ${ac_cv_have_u_int64_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_int64_t a; a = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_int64_t="yes"
+else
+ ac_cv_have_u_int64_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_int64_t" >&5
+$as_echo "$ac_cv_have_u_int64_t" >&6; }
+if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
+
+$as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
+
+ have_u_int64_t=1
+fi
+
+if test -z "$have_u_int64_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_int64_t type in sys/bitypes.h" >&5
+$as_echo_n "checking for u_int64_t type in sys/bitypes.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/bitypes.h>
+int
+main ()
+{
+ u_int64_t a; a = 1
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_U_INT64_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if test -z "$have_u_intxx_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types" >&5
+$as_echo_n "checking for uintXX_t types... " >&6; }
+if ${ac_cv_have_uintxx_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+
+int
+main ()
+{
+
+ uint8_t a;
+ uint16_t b;
+ uint32_t c;
+ a = b = c = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_uintxx_t="yes"
+else
+ ac_cv_have_uintxx_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_uintxx_t" >&5
+$as_echo "$ac_cv_have_uintxx_t" >&6; }
+ if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
+
+$as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
+
+ fi
+fi
+
+if test -z "$have_uintxx_t" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uintXX_t types in stdint.h" >&5
+$as_echo_n "checking for uintXX_t types in stdint.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdint.h>
+int
+main ()
+{
+ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_UINTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
+$as_echo_n "checking for intXX_t and u_intXX_t types in sys/bitypes.h... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/bitypes.h>
+
+int
+main ()
+{
+
+ int8_t a; int16_t b; int32_t c;
+ u_int8_t e; u_int16_t f; u_int32_t g;
+ a = b = c = e = f = g = 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ $as_echo "#define HAVE_U_INTXX_T 1" >>confdefs.h
+
+ $as_echo "#define HAVE_INTXX_T 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for u_char" >&5
+$as_echo_n "checking for u_char... " >&6; }
+if ${ac_cv_have_u_char+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ u_char foo; foo = 125;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_u_char="yes"
+else
+ ac_cv_have_u_char="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_u_char" >&5
+$as_echo "$ac_cv_have_u_char" >&6; }
+if test "x$ac_cv_have_u_char" = "xyes" ; then
+
+$as_echo "#define HAVE_U_CHAR 1" >>confdefs.h
+
+fi
+
+
+ ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" "#include <sys/types.h>
+#include <sys/socket.h>
+"
+if test "x$ac_cv_type_socklen_t" = xyes; then :
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5
+$as_echo_n "checking for socklen_t equivalent... " >&6; }
+ if ${curl_cv_socklen_t_equiv+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ # Systems have either "struct sockaddr *" or
+ # "void *" as the second argument to getpeername
+ curl_cv_socklen_t_equiv=
+ for arg2 in "struct sockaddr" void; do
+ for t in int size_t unsigned long "unsigned long"; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <sys/types.h>
+ #include <sys/socket.h>
+
+ int getpeername (int, $arg2 *, $t *);
+
+int
+main ()
+{
+
+ $t len;
+ getpeername(0,0,&len);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ curl_cv_socklen_t_equiv="$t"
+ break
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+ done
+
+ if test "x$curl_cv_socklen_t_equiv" = x; then
+ as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5
+ fi
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_socklen_t_equiv" >&5
+$as_echo "$curl_cv_socklen_t_equiv" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define socklen_t $curl_cv_socklen_t_equiv
+_ACEOF
+
+fi
+
+
+
+ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <signal.h>
+"
+if test "x$ac_cv_type_sig_atomic_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SIG_ATOMIC_T 1
+_ACEOF
+
+
+fi
+
+ac_fn_c_check_type "$LINENO" "fsblkcnt_t" "ac_cv_type_fsblkcnt_t" "
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+"
+if test "x$ac_cv_type_fsblkcnt_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FSBLKCNT_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "fsfilcnt_t" "ac_cv_type_fsfilcnt_t" "
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+"
+if test "x$ac_cv_type_fsfilcnt_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_FSFILCNT_T 1
+_ACEOF
+
+
+fi
+
+
+ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" "#include <sys/types.h>
+#include <netinet/in.h>
+"
+if test "x$ac_cv_type_in_addr_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_IN_ADDR_T 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_type "$LINENO" "in_port_t" "ac_cv_type_in_port_t" "#include <sys/types.h>
+#include <netinet/in.h>
+"
+if test "x$ac_cv_type_in_port_t" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_IN_PORT_T 1
+_ACEOF
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
+$as_echo_n "checking for size_t... " >&6; }
+if ${ac_cv_have_size_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ size_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_size_t="yes"
+else
+ ac_cv_have_size_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_size_t" >&5
+$as_echo "$ac_cv_have_size_t" >&6; }
+if test "x$ac_cv_have_size_t" = "xyes" ; then
+
+$as_echo "#define HAVE_SIZE_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5
+$as_echo_n "checking for ssize_t... " >&6; }
+if ${ac_cv_have_ssize_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ ssize_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_ssize_t="yes"
+else
+ ac_cv_have_ssize_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ssize_t" >&5
+$as_echo "$ac_cv_have_ssize_t" >&6; }
+if test "x$ac_cv_have_ssize_t" = "xyes" ; then
+
+$as_echo "#define HAVE_SSIZE_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_t" >&5
+$as_echo_n "checking for clock_t... " >&6; }
+if ${ac_cv_have_clock_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <time.h>
+int
+main ()
+{
+ clock_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_clock_t="yes"
+else
+ ac_cv_have_clock_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_clock_t" >&5
+$as_echo "$ac_cv_have_clock_t" >&6; }
+if test "x$ac_cv_have_clock_t" = "xyes" ; then
+
+$as_echo "#define HAVE_CLOCK_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sa_family_t" >&5
+$as_echo_n "checking for sa_family_t... " >&6; }
+if ${ac_cv_have_sa_family_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ sa_family_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_sa_family_t="yes"
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+ sa_family_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_sa_family_t="yes"
+else
+ ac_cv_have_sa_family_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_sa_family_t" >&5
+$as_echo "$ac_cv_have_sa_family_t" >&6; }
+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
+
+$as_echo "#define HAVE_SA_FAMILY_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pid_t" >&5
+$as_echo_n "checking for pid_t... " >&6; }
+if ${ac_cv_have_pid_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ pid_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_pid_t="yes"
+else
+ ac_cv_have_pid_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pid_t" >&5
+$as_echo "$ac_cv_have_pid_t" >&6; }
+if test "x$ac_cv_have_pid_t" = "xyes" ; then
+
+$as_echo "#define HAVE_PID_T 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mode_t" >&5
+$as_echo_n "checking for mode_t... " >&6; }
+if ${ac_cv_have_mode_t+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/types.h>
+int
+main ()
+{
+ mode_t foo; foo = 1235;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_mode_t="yes"
+else
+ ac_cv_have_mode_t="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_mode_t" >&5
+$as_echo "$ac_cv_have_mode_t" >&6; }
+if test "x$ac_cv_have_mode_t" = "xyes" ; then
+
+$as_echo "#define HAVE_MODE_T 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5
+$as_echo_n "checking for struct sockaddr_storage... " >&6; }
+if ${ac_cv_have_struct_sockaddr_storage+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ struct sockaddr_storage s;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_sockaddr_storage="yes"
+else
+ ac_cv_have_struct_sockaddr_storage="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_storage" >&5
+$as_echo "$ac_cv_have_struct_sockaddr_storage" >&6; }
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_SOCKADDR_STORAGE 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_in6" >&5
+$as_echo_n "checking for struct sockaddr_in6... " >&6; }
+if ${ac_cv_have_struct_sockaddr_in6+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+ struct sockaddr_in6 s; s.sin6_family = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_sockaddr_in6="yes"
+else
+ ac_cv_have_struct_sockaddr_in6="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_sockaddr_in6" >&5
+$as_echo "$ac_cv_have_struct_sockaddr_in6" >&6; }
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_SOCKADDR_IN6 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct in6_addr" >&5
+$as_echo_n "checking for struct in6_addr... " >&6; }
+if ${ac_cv_have_struct_in6_addr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+int
+main ()
+{
+ struct in6_addr s; s.s6_addr[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_in6_addr="yes"
+else
+ ac_cv_have_struct_in6_addr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_in6_addr" >&5
+$as_echo "$ac_cv_have_struct_in6_addr" >&6; }
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_IN6_ADDR 1" >>confdefs.h
+
+
+ ac_fn_c_check_member "$LINENO" "struct sockaddr_in6" "sin6_scope_id" "ac_cv_member_struct_sockaddr_in6_sin6_scope_id" "
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+
+"
+if test "x$ac_cv_member_struct_sockaddr_in6_sin6_scope_id" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+_ACEOF
+
+
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct addrinfo" >&5
+$as_echo_n "checking for struct addrinfo... " >&6; }
+if ${ac_cv_have_struct_addrinfo+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+int
+main ()
+{
+ struct addrinfo s; s.ai_flags = AI_PASSIVE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_addrinfo="yes"
+else
+ ac_cv_have_struct_addrinfo="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_addrinfo" >&5
+$as_echo "$ac_cv_have_struct_addrinfo" >&6; }
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5
+$as_echo_n "checking for struct timeval... " >&6; }
+if ${ac_cv_have_struct_timeval+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <sys/time.h>
+int
+main ()
+{
+ struct timeval tv; tv.tv_sec = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_struct_timeval="yes"
+else
+ ac_cv_have_struct_timeval="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_struct_timeval" >&5
+$as_echo "$ac_cv_have_struct_timeval" >&6; }
+if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
+
+$as_echo "#define HAVE_STRUCT_TIMEVAL 1" >>confdefs.h
+
+ have_struct_timeval=1
+fi
+
+ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "$ac_includes_default"
+if test "x$ac_cv_type_struct_timespec" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_TIMESPEC 1
+_ACEOF
+
+
+fi
+
+
+# We need int64_t or else certian parts of the compile will fail.
+if test "x$ac_cv_have_int64_t" = "xno" && \
+ test "x$ac_cv_sizeof_long_int" != "x8" && \
+ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
+else
+ if test "$cross_compiling" = yes; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Assuming working snprintf()" >&5
+$as_echo "$as_me: WARNING: cross compiling: Assuming working snprintf()" >&2;}
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_SNPRINTF
+main()
+{
+ char buf[50];
+ char expected_out[50];
+ int mazsize = 50 ;
+#if (SIZEOF_LONG_INT == 8)
+ long int num = 0x7fffffffffffffff;
+#else
+ long long num = 0x7fffffffffffffffll;
+#endif
+ strcpy(expected_out, "9223372036854775807");
+ snprintf(buf, mazsize, "%lld", num);
+ if(strcmp(buf, expected_out) != 0)
+ exit(1);
+ exit(0);
+}
+#else
+main() { exit(0); }
+#endif
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ true
+else
+ $as_echo "#define BROKEN_SNPRINTF 1" >>confdefs.h
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+
+
+# look for field 'ut_host' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmp.h" >&5
+$as_echo_n "checking for ut_host field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_host" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_HOST_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_host' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_host field in utmpx.h" >&5
+$as_echo_n "checking for ut_host field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_host" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_HOST_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'syslen' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"syslen
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslen field in utmpx.h" >&5
+$as_echo_n "checking for syslen field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "syslen" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_SYSLEN_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_pid' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_pid field in utmp.h" >&5
+$as_echo_n "checking for ut_pid field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_pid" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_PID_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_type' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmp.h" >&5
+$as_echo_n "checking for ut_type field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_type" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TYPE_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_type' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_type field in utmpx.h" >&5
+$as_echo_n "checking for ut_type field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_type" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TYPE_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_tv' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmp.h" >&5
+$as_echo_n "checking for ut_tv field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_tv" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TV_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_id' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmp.h" >&5
+$as_echo_n "checking for ut_id field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_id" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ID_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_id' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_id field in utmpx.h" >&5
+$as_echo_n "checking for ut_id field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_id" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ID_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmp.h" >&5
+$as_echo_n "checking for ut_addr field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr field in utmpx.h" >&5
+$as_echo_n "checking for ut_addr field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr_v6' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmp.h" >&5
+$as_echo_n "checking for ut_addr_v6 field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_V6_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_addr_v6' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_addr_v6 field in utmpx.h" >&5
+$as_echo_n "checking for ut_addr_v6 field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_addr_v6" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_ADDR_V6_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_exit' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_exit field in utmp.h" >&5
+$as_echo_n "checking for ut_exit field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_exit" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_EXIT_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_time' in header 'utmp.h'
+ ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmp.h" >&5
+$as_echo_n "checking for ut_time field in utmp.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmp.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_time" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TIME_IN_UTMP 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_time' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_time field in utmpx.h" >&5
+$as_echo_n "checking for ut_time field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_time" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TIME_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+# look for field 'ut_tv' in header 'utmpx.h'
+ ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
+ ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ut_tv field in utmpx.h" >&5
+$as_echo_n "checking for ut_tv field in utmpx.h... " >&6; }
+ if eval \${$ossh_varname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <utmpx.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "ut_tv" >/dev/null 2>&1; then :
+ eval "$ossh_varname=yes"
+else
+ eval "$ossh_varname=no"
+fi
+rm -f conftest*
+
+fi
+
+ ossh_result=`eval 'echo $'"$ossh_varname"`
+ if test -n "`echo $ossh_varname`"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ossh_result" >&5
+$as_echo "$ossh_result" >&6; }
+ if test "x$ossh_result" = "xyes"; then
+
+$as_echo "#define HAVE_TV_IN_UTMPX 1" >>confdefs.h
+
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+
+ac_fn_c_check_member "$LINENO" "struct stat" "st_blksize" "ac_cv_member_struct_stat_st_blksize" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_blksize" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
+_ACEOF
+
+
+fi
+
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_GECOS 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_CLASS 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_CHANGE 1
+_ACEOF
+
+
+fi
+ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" "
+#include <sys/types.h>
+#include <pwd.h>
+
+"
+if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1
+_ACEOF
+
+
+fi
+
+
+ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" "
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+
+"
+if test "x$ac_cv_member_struct___res_state_retrans" = xyes; then :
+
+else
+
+$as_echo "#define __res_state state" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ss_family field in struct sockaddr_storage" >&5
+$as_echo_n "checking for ss_family field in struct sockaddr_storage... " >&6; }
+if ${ac_cv_have_ss_family_in_struct_ss+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ struct sockaddr_storage s; s.ss_family = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_ss_family_in_struct_ss="yes"
+else
+ ac_cv_have_ss_family_in_struct_ss="no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_ss_family_in_struct_ss" >&5
+$as_echo "$ac_cv_have_ss_family_in_struct_ss" >&6; }
+if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
+
+$as_echo "#define HAVE_SS_FAMILY_IN_SS 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __ss_family field in struct sockaddr_storage" >&5
+$as_echo_n "checking for __ss_family field in struct sockaddr_storage... " >&6; }
+if ${ac_cv_have___ss_family_in_struct_ss+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+int
+main ()
+{
+ struct sockaddr_storage s; s.__ss_family = 1;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have___ss_family_in_struct_ss="yes"
+else
+ ac_cv_have___ss_family_in_struct_ss="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___ss_family_in_struct_ss" >&5
+$as_echo "$ac_cv_have___ss_family_in_struct_ss" >&6; }
+if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
+
+$as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5
+$as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; }
+if ${ac_cv_have_accrights_in_msghdr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+int
+main ()
+{
+
+#ifdef msg_accrights
+#error "msg_accrights is a macro"
+exit(1);
+#endif
+struct msghdr m;
+m.msg_accrights = 0;
+exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_accrights_in_msghdr="yes"
+else
+ ac_cv_have_accrights_in_msghdr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_accrights_in_msghdr" >&5
+$as_echo "$ac_cv_have_accrights_in_msghdr" >&6; }
+if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
+
+$as_echo "#define HAVE_ACCRIGHTS_IN_MSGHDR 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct statvfs.f_fsid is integral type" >&5
+$as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+
+int
+main ()
+{
+ struct statvfs s; s.f_fsid = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if fsid_t has member val" >&5
+$as_echo_n "checking if fsid_t has member val... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/statvfs.h>
+
+int
+main ()
+{
+ fsid_t t; t.val[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define FSID_HAS_VAL 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if f_fsid has member __val" >&5
+$as_echo_n "checking if f_fsid has member __val... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/statvfs.h>
+
+int
+main ()
+{
+ fsid_t t; t.__val[0] = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define FSID_HAS___VAL 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_control field in struct msghdr" >&5
+$as_echo_n "checking for msg_control field in struct msghdr... " >&6; }
+if ${ac_cv_have_control_in_msghdr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+int
+main ()
+{
+
+#ifdef msg_control
+#error "msg_control is a macro"
+exit(1);
+#endif
+struct msghdr m;
+m.msg_control = 0;
+exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_have_control_in_msghdr="yes"
+else
+ ac_cv_have_control_in_msghdr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_control_in_msghdr" >&5
+$as_echo "$ac_cv_have_control_in_msghdr" >&6; }
+if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
+
+$as_echo "#define HAVE_CONTROL_IN_MSGHDR 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines __progname" >&5
+$as_echo_n "checking if libc defines __progname... " >&6; }
+if ${ac_cv_libc_defines___progname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+ extern char *__progname; printf("%s", __progname);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libc_defines___progname="yes"
+else
+ ac_cv_libc_defines___progname="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines___progname" >&5
+$as_echo "$ac_cv_libc_defines___progname" >&6; }
+if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
+
+$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __FUNCTION__" >&5
+$as_echo_n "checking whether $CC implements __FUNCTION__... " >&6; }
+if ${ac_cv_cc_implements___FUNCTION__+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+ printf("%s", __FUNCTION__);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_cc_implements___FUNCTION__="yes"
+else
+ ac_cv_cc_implements___FUNCTION__="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___FUNCTION__" >&5
+$as_echo "$ac_cv_cc_implements___FUNCTION__" >&6; }
+if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
+
+$as_echo "#define HAVE___FUNCTION__ 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC implements __func__" >&5
+$as_echo_n "checking whether $CC implements __func__... " >&6; }
+if ${ac_cv_cc_implements___func__+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <stdio.h>
+int
+main ()
+{
+ printf("%s", __func__);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_cc_implements___func__="yes"
+else
+ ac_cv_cc_implements___func__="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cc_implements___func__" >&5
+$as_echo "$ac_cv_cc_implements___func__" >&6; }
+if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
+
+$as_echo "#define HAVE___func__ 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_copy exists" >&5
+$as_echo_n "checking whether va_copy exists... " >&6; }
+if ${ac_cv_have_va_copy+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdarg.h>
+va_list x,y;
+
+int
+main ()
+{
+ va_copy(x,y);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_have_va_copy="yes"
+else
+ ac_cv_have_va_copy="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_va_copy" >&5
+$as_echo "$ac_cv_have_va_copy" >&6; }
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+
+$as_echo "#define HAVE_VA_COPY 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __va_copy exists" >&5
+$as_echo_n "checking whether __va_copy exists... " >&6; }
+if ${ac_cv_have___va_copy+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdarg.h>
+va_list x,y;
+
+int
+main ()
+{
+ __va_copy(x,y);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_have___va_copy="yes"
+else
+ ac_cv_have___va_copy="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have___va_copy" >&5
+$as_echo "$ac_cv_have___va_copy" >&6; }
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+
+$as_echo "#define HAVE___VA_COPY 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getopt has optreset support" >&5
+$as_echo_n "checking whether getopt has optreset support... " >&6; }
+if ${ac_cv_have_getopt_optreset+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <getopt.h>
+int
+main ()
+{
+ extern int optreset; optreset = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_have_getopt_optreset="yes"
+else
+ ac_cv_have_getopt_optreset="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_getopt_optreset" >&5
+$as_echo "$ac_cv_have_getopt_optreset" >&6; }
+if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
+
+$as_echo "#define HAVE_GETOPT_OPTRESET 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_errlist" >&5
+$as_echo_n "checking if libc defines sys_errlist... " >&6; }
+if ${ac_cv_libc_defines_sys_errlist+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libc_defines_sys_errlist="yes"
+else
+ ac_cv_libc_defines_sys_errlist="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_errlist" >&5
+$as_echo "$ac_cv_libc_defines_sys_errlist" >&6; }
+if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
+
+$as_echo "#define HAVE_SYS_ERRLIST 1" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libc defines sys_nerr" >&5
+$as_echo_n "checking if libc defines sys_nerr... " >&6; }
+if ${ac_cv_libc_defines_sys_nerr+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+ extern int sys_nerr; printf("%i", sys_nerr);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libc_defines_sys_nerr="yes"
+else
+ ac_cv_libc_defines_sys_nerr="no"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libc_defines_sys_nerr" >&5
+$as_echo "$ac_cv_libc_defines_sys_nerr" >&6; }
+if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
+
+$as_echo "#define HAVE_SYS_NERR 1" >>confdefs.h
+
+fi
+
+# Check libraries needed by DNS fingerprint support
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getrrsetbyname" >&5
+$as_echo_n "checking for library containing getrrsetbyname... " >&6; }
+if ${ac_cv_search_getrrsetbyname+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getrrsetbyname ();
+int
+main ()
+{
+return getrrsetbyname ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_getrrsetbyname=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_getrrsetbyname+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_getrrsetbyname+:} false; then :
+
+else
+ ac_cv_search_getrrsetbyname=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getrrsetbyname" >&5
+$as_echo "$ac_cv_search_getrrsetbyname" >&6; }
+ac_res=$ac_cv_search_getrrsetbyname
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define HAVE_GETRRSETBYNAME 1" >>confdefs.h
+
+else
+
+ # Needed by our getrrsetbyname()
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing res_query" >&5
+$as_echo_n "checking for library containing res_query... " >&6; }
+if ${ac_cv_search_res_query+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char res_query ();
+int
+main ()
+{
+return res_query ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_res_query=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_res_query+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_res_query+:} false; then :
+
+else
+ ac_cv_search_res_query=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_res_query" >&5
+$as_echo "$ac_cv_search_res_query" >&6; }
+ac_res=$ac_cv_search_res_query
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
+$as_echo_n "checking for library containing dn_expand... " >&6; }
+if ${ac_cv_search_dn_expand+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dn_expand ();
+int
+main ()
+{
+return dn_expand ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dn_expand=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dn_expand+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dn_expand+:} false; then :
+
+else
+ ac_cv_search_dn_expand=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
+$as_echo "$ac_cv_search_dn_expand" >&6; }
+ac_res=$ac_cv_search_dn_expand
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if res_query will link" >&5
+$as_echo_n "checking if res_query will link... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+
+int
+main ()
+{
+
+ res_query (0, 0, 0, 0, 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -lresolv"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
+$as_echo_n "checking for res_query in -lresolv... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+
+int
+main ()
+{
+
+ res_query (0, 0, 0, 0, 0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ LIBS="$saved_LIBS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ for ac_func in _getshort _getlong
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ ac_fn_c_check_decl "$LINENO" "_getshort" "ac_cv_have_decl__getshort" "#include <sys/types.h>
+ #include <arpa/nameser.h>
+"
+if test "x$ac_cv_have_decl__getshort" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__GETSHORT $ac_have_decl
+_ACEOF
+ac_fn_c_check_decl "$LINENO" "_getlong" "ac_cv_have_decl__getlong" "#include <sys/types.h>
+ #include <arpa/nameser.h>
+"
+if test "x$ac_cv_have_decl__getlong" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__GETLONG $ac_have_decl
+_ACEOF
+
+ ac_fn_c_check_member "$LINENO" "HEADER" "ad" "ac_cv_member_HEADER_ad" "#include <arpa/nameser.h>
+"
+if test "x$ac_cv_member_HEADER_ad" = xyes; then :
+
+$as_echo "#define HAVE_HEADER_AD 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if struct __res_state _res is an extern" >&5
+$as_echo_n "checking if struct __res_state _res is an extern... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+extern struct __res_state _res;
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAVE__RES_EXTERN 1" >>confdefs.h
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+
+# Check whether --with-selinux was given.
+if test "${with_selinux+set}" = set; then :
+ withval=$with_selinux; if test "x$withval" != "xno" ; then
+ save_LIBS="$LIBS"
+
+$as_echo "#define WITH_SELINUX 1" >>confdefs.h
+
+ SELINUX_MSG="yes"
+ ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default"
+if test "x$ac_cv_header_selinux_selinux_h" = xyes; then :
+
+else
+ as_fn_error $? "SELinux support requires selinux.h header" "$LINENO" 5
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon in -lselinux" >&5
+$as_echo_n "checking for setexeccon in -lselinux... " >&6; }
+if ${ac_cv_lib_selinux_setexeccon+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setexeccon ();
+int
+main ()
+{
+return setexeccon ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_selinux_setexeccon=yes
+else
+ ac_cv_lib_selinux_setexeccon=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon" >&5
+$as_echo "$ac_cv_lib_selinux_setexeccon" >&6; }
+if test "x$ac_cv_lib_selinux_setexeccon" = xyes; then :
+ LIBSELINUX="-lselinux"
+ LIBS="$LIBS -lselinux"
+
+else
+ as_fn_error $? "SELinux support requires libselinux library" "$LINENO" 5
+fi
+
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ for ac_func in getseuserbyname get_default_context_with_level
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ LIBS="$save_LIBS"
+ fi
+
+fi
+
+
+
+
+# Check whether user wants Kerberos 5 support
+KRB5_MSG="no"
+
+# Check whether --with-kerberos5 was given.
+if test "${with_kerberos5+set}" = set; then :
+ withval=$with_kerberos5; if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
+
+
+$as_echo "#define KRB5 1" >>confdefs.h
+
+ KRB5_MSG="yes"
+
+ # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_KRB5CONF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $KRB5CONF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_KRB5CONF="$KRB5CONF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$KRB5ROOT/bin:$PATH"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_KRB5CONF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_KRB5CONF" && ac_cv_path_KRB5CONF="$KRB5ROOT/bin/krb5-config"
+ ;;
+esac
+fi
+KRB5CONF=$ac_cv_path_KRB5CONF
+if test -n "$KRB5CONF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONF" >&5
+$as_echo "$KRB5CONF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test -x $KRB5CONF ; then
+ K5CFLAGS="`$KRB5CONF --cflags`"
+ K5LIBS="`$KRB5CONF --libs`"
+ CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gssapi support" >&5
+$as_echo_n "checking for gssapi support... " >&6; }
+ if $KRB5CONF | grep gssapi >/dev/null ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
+ GSSLIBS="`$KRB5CONF --libs gssapi`"
+ CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <krb5.h>
+
+int
+main ()
+{
+ char *tmp = heimdal_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HEIMDAL 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ else
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+ #include <krb5.h>
+
+int
+main ()
+{
+ char *tmp = heimdal_version;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ $as_echo "#define HEIMDAL 1" >>confdefs.h
+
+ K5LIBS="-lkrb5"
+ K5LIBS="$K5LIBS -lcom_err -lasn1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for net_write in -lroken" >&5
+$as_echo_n "checking for net_write in -lroken... " >&6; }
+if ${ac_cv_lib_roken_net_write+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lroken $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char net_write ();
+int
+main ()
+{
+return net_write ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_roken_net_write=yes
+else
+ ac_cv_lib_roken_net_write=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_net_write" >&5
+$as_echo "$ac_cv_lib_roken_net_write" >&6; }
+if test "x$ac_cv_lib_roken_net_write" = xyes; then :
+ K5LIBS="$K5LIBS -lroken"
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
+$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
+if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char des_cbc_encrypt ();
+int
+main ()
+{
+return des_cbc_encrypt ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_des_des_cbc_encrypt=yes
+else
+ ac_cv_lib_des_des_cbc_encrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
+$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
+if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then :
+ K5LIBS="$K5LIBS -ldes"
+fi
+
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dn_expand" >&5
+$as_echo_n "checking for library containing dn_expand... " >&6; }
+if ${ac_cv_search_dn_expand+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dn_expand ();
+int
+main ()
+{
+return dn_expand ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' resolv; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_dn_expand=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_dn_expand+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_dn_expand+:} false; then :
+
+else
+ ac_cv_search_dn_expand=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dn_expand" >&5
+$as_echo "$ac_cv_search_dn_expand" >&6; }
+ac_res=$ac_cv_search_dn_expand
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi_krb5" >&5
+$as_echo_n "checking for gss_init_sec_context in -lgssapi_krb5... " >&6; }
+if ${ac_cv_lib_gssapi_krb5_gss_init_sec_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi_krb5 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+int
+main ()
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes
+else
+ ac_cv_lib_gssapi_krb5_gss_init_sec_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5
+$as_echo "$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6; }
+if test "x$ac_cv_lib_gssapi_krb5_gss_init_sec_context" = xyes; then :
+ $as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSLIBS="-lgssapi_krb5"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgssapi" >&5
+$as_echo_n "checking for gss_init_sec_context in -lgssapi... " >&6; }
+if ${ac_cv_lib_gssapi_gss_init_sec_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+int
+main ()
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gssapi_gss_init_sec_context=yes
+else
+ ac_cv_lib_gssapi_gss_init_sec_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5
+$as_echo "$ac_cv_lib_gssapi_gss_init_sec_context" >&6; }
+if test "x$ac_cv_lib_gssapi_gss_init_sec_context" = xyes; then :
+ $as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSLIBS="-lgssapi"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_init_sec_context in -lgss" >&5
+$as_echo_n "checking for gss_init_sec_context in -lgss... " >&6; }
+if ${ac_cv_lib_gss_gss_init_sec_context+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgss $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_init_sec_context ();
+int
+main ()
+{
+return gss_init_sec_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_gss_gss_init_sec_context=yes
+else
+ ac_cv_lib_gss_gss_init_sec_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gss_gss_init_sec_context" >&5
+$as_echo "$ac_cv_lib_gss_gss_init_sec_context" >&6; }
+if test "x$ac_cv_lib_gss_gss_init_sec_context" = xyes; then :
+ $as_echo "#define GSSAPI 1" >>confdefs.h
+
+ GSSLIBS="-lgss"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api library - build may fail" >&5
+$as_echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;}
+fi
+
+
+fi
+
+
+fi
+
+
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_h" = xyes; then :
+
+else
+ unset ac_cv_header_gssapi_h
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ for ac_header in gssapi.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi.h" "ac_cv_header_gssapi_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_H 1
+_ACEOF
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cannot find any suitable gss-api header - build may fail" >&5
+$as_echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;}
+
+fi
+
+done
+
+
+
+fi
+
+
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi_krb5.h" "ac_cv_header_gssapi_krb5_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_krb5_h" = xyes; then :
+
+else
+ CPPFLAGS="$oldCPP"
+fi
+
+
+
+ fi
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+
+ for ac_header in gssapi.h gssapi/gssapi.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_header in gssapi_krb5.h gssapi/gssapi_krb5.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_header in gssapi_generic.h gssapi/gssapi_generic.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing k_hasafs" >&5
+$as_echo_n "checking for library containing k_hasafs... " >&6; }
+if ${ac_cv_search_k_hasafs+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char k_hasafs ();
+int
+main ()
+{
+return k_hasafs ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' kafs; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_k_hasafs=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_k_hasafs+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_k_hasafs+:} false; then :
+
+else
+ ac_cv_search_k_hasafs=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_k_hasafs" >&5
+$as_echo "$ac_cv_search_k_hasafs" >&6; }
+ac_res=$ac_cv_search_k_hasafs
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+$as_echo "#define USE_AFS 1" >>confdefs.h
+
+fi
+
+
+ ac_fn_c_check_decl "$LINENO" "GSS_C_NT_HOSTBASED_SERVICE" "ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" "
+#ifdef HAVE_GSSAPI_H
+# include <gssapi.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_H)
+# include <gssapi/gssapi.h>
+#endif
+
+#ifdef HAVE_GSSAPI_GENERIC_H
+# include <gssapi_generic.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
+# include <gssapi/gssapi_generic.h>
+#endif
+
+"
+if test "x$ac_cv_have_decl_GSS_C_NT_HOSTBASED_SERVICE" = xyes; then :
+ ac_have_decl=1
+else
+ ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl
+_ACEOF
+
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $K5LIBS"
+ for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+ LIBS="$saved_LIBS"
+
+ fi
+
+
+fi
+
+
+
+
+# Looking for programs, paths and files
+
+PRIVSEP_PATH=/var/empty
+
+# Check whether --with-privsep-path was given.
+if test "${with_privsep_path+set}" = set; then :
+ withval=$with_privsep_path;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ PRIVSEP_PATH=$withval
+ fi
+
+
+fi
+
+
+
+
+# Check whether --with-xauth was given.
+if test "${with_xauth+set}" = set; then :
+ withval=$with_xauth;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ xauth_path=$withval
+ fi
+
+else
+
+ TestPath="$PATH"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
+ # Extract the first word of "xauth", so it can be a program name with args.
+set dummy xauth; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_xauth_path+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $xauth_path in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $TestPath
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+xauth_path=$ac_cv_path_xauth_path
+if test -n "$xauth_path"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xauth_path" >&5
+$as_echo "$xauth_path" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
+ xauth_path="/usr/openwin/bin/xauth"
+ fi
+
+
+fi
+
+
+STRIP_OPT=-s
+# Check whether --enable-strip was given.
+if test "${enable_strip+set}" = set; then :
+ enableval=$enable_strip;
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+
+
+fi
+
+
+
+if test -z "$xauth_path" ; then
+ XAUTH_PATH="undefined"
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define XAUTH_PATH "$xauth_path"
+_ACEOF
+
+ XAUTH_PATH=$xauth_path
+
+fi
+
+# Check for mail directory
+
+# Check whether --with-maildir was given.
+if test "${with_maildir+set}" = set; then :
+ withval=$with_maildir;
+ if test "X$withval" != X && test "x$withval" != xno && \
+ test "x${withval}" != xyes; then
+
+cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "$withval"
+_ACEOF
+
+ fi
+
+else
+
+ if test "X$maildir" != "X"; then
+ cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "$maildir"
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking Discovering system mail directory" >&5
+$as_echo_n "checking Discovering system mail directory... " >&6; }
+ if test "$cross_compiling" = yes; then :
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&5
+$as_echo "$as_me: WARNING: cross compiling: use --with-maildir=/path/to/mail" >&2;}
+
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#define DATA "conftest.maildir"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+#if defined (_PATH_MAILDIR)
+ if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
+ exit(1);
+#elif defined (MAILDIR)
+ if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
+ exit(1);
+#elif defined (_PATH_MAIL)
+ if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
+ exit(1);
+#else
+ exit (2);
+#endif
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+ maildir_what=`awk -F: '{print $1}' conftest.maildir`
+ maildir=`awk -F: '{print $2}' conftest.maildir \
+ | sed 's|/$||'`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: $maildir from $maildir_what" >&5
+$as_echo "Using: $maildir from $maildir_what" >&6; }
+ if test "x$maildir_what" != "x_PATH_MAILDIR"; then
+ cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "$maildir"
+_ACEOF
+
+ fi
+
+else
+
+ if test "X$ac_status" = "X2";then
+# our test program didn't find it. Default to /var/spool/mail
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Using: default value of /var/spool/mail" >&5
+$as_echo "Using: default value of /var/spool/mail" >&6; }
+ cat >>confdefs.h <<_ACEOF
+#define MAIL_DIRECTORY "/var/spool/mail"
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** not found ***" >&5
+$as_echo "*** not found ***" >&6; }
+ fi
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+
+
+fi
+ # maildir
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptmx test" >&5
+$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptmx test" >&2;}
+ disable_ptmx_check=yes
+fi
+if test -z "$no_dev_ptmx" ; then
+ if test "x$disable_ptmx_check" != "xyes" ; then
+ as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5
+$as_echo_n "checking for \"/dev/ptmx\"... " >&6; }
+if eval \${$as_ac_File+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r ""/dev/ptmx""; then
+ eval "$as_ac_File=yes"
+else
+ eval "$as_ac_File=no"
+fi
+fi
+eval ac_res=\$$as_ac_File
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DEV_PTMX 1
+_ACEOF
+
+ have_dev_ptmx=1
+
+
+fi
+
+ fi
+fi
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+ as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5
+$as_echo_n "checking for \"/dev/ptc\"... " >&6; }
+if eval \${$as_ac_File+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r ""/dev/ptc""; then
+ eval "$as_ac_File=yes"
+else
+ eval "$as_ac_File=no"
+fi
+fi
+eval ac_res=\$$as_ac_File
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DEV_PTS_AND_PTC 1
+_ACEOF
+
+ have_dev_ptc=1
+
+
+fi
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: Disabling /dev/ptc test" >&5
+$as_echo "$as_me: WARNING: cross compiling: Disabling /dev/ptc test" >&2;}
+fi
+
+# Options from here on. Some of these are preset by platform above
+
+# Check whether --with-mantype was given.
+if test "${with_mantype+set}" = set; then :
+ withval=$with_mantype;
+ case "$withval" in
+ man|cat|doc)
+ MANTYPE=$withval
+ ;;
+ *)
+ as_fn_error $? "invalid man type: $withval" "$LINENO" 5
+ ;;
+ esac
+
+
+fi
+
+if test -z "$MANTYPE"; then
+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
+ for ac_prog in nroff awf
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_NROFF+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $NROFF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $TestPath
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+NROFF=$ac_cv_path_NROFF
+if test -n "$NROFF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
+$as_echo "$NROFF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$NROFF" && break
+done
+test -n "$NROFF" || NROFF="/bin/false"
+
+ if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
+ MANTYPE=doc
+ elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
+ MANTYPE=man
+ else
+ MANTYPE=cat
+ fi
+fi
+
+if test "$MANTYPE" = "doc"; then
+ mansubdir=man;
+else
+ mansubdir=$MANTYPE;
+fi
+
+
+# Check whether to enable MD5 passwords
+MD5_MSG="no"
+
+# Check whether --with-md5-passwords was given.
+if test "${with_md5_passwords+set}" = set; then :
+ withval=$with_md5_passwords;
+ if test "x$withval" != "xno" ; then
+
+$as_echo "#define HAVE_MD5_PASSWORDS 1" >>confdefs.h
+
+ MD5_MSG="yes"
+ fi
+
+
+fi
+
+
+# Whether to disable shadow password support
+
+# Check whether --with-shadow was given.
+if test "${with_shadow+set}" = set; then :
+ withval=$with_shadow;
+ if test "x$withval" = "xno" ; then
+ $as_echo "#define DISABLE_SHADOW 1" >>confdefs.h
+
+ disable_shadow=yes
+ fi
+
+
+fi
+
+
+if test -z "$disable_shadow" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the systems has expire shadow information" >&5
+$as_echo_n "checking if the systems has expire shadow information... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <shadow.h>
+struct spwd sp;
+
+int
+main ()
+{
+ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ sp_expire_available=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ if test "x$sp_expire_available" = "xyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAS_SHADOW_EXPIRE 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+fi
+
+# Use ip address instead of hostname in $DISPLAY
+if test ! -z "$IPADDR_IN_DISPLAY" ; then
+ DISPLAY_HACK_MSG="yes"
+
+$as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
+
+else
+ DISPLAY_HACK_MSG="no"
+
+# Check whether --with-ipaddr-display was given.
+if test "${with_ipaddr_display+set}" = set; then :
+ withval=$with_ipaddr_display;
+ if test "x$withval" != "xno" ; then
+ $as_echo "#define IPADDR_IN_DISPLAY 1" >>confdefs.h
+
+ DISPLAY_HACK_MSG="yes"
+ fi
+
+
+fi
+
+fi
+
+# check for /etc/default/login and use it if present.
+# Check whether --enable-etc-default-login was given.
+if test "${enable_etc_default_login+set}" = set; then :
+ enableval=$enable_etc_default_login; if test "x$enableval" = "xno"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: /etc/default/login handling disabled" >&5
+$as_echo "$as_me: /etc/default/login handling disabled" >&6;}
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi
+else
+ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: not checking /etc/default/login" >&5
+$as_echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;}
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi
+
+fi
+
+
+if test "x$etc_default_login" != "xno"; then
+ as_ac_File=`$as_echo "ac_cv_file_"/etc/default/login"" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/etc/default/login\"" >&5
+$as_echo_n "checking for \"/etc/default/login\"... " >&6; }
+if eval \${$as_ac_File+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ test "$cross_compiling" = yes &&
+ as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
+if test -r ""/etc/default/login""; then
+ eval "$as_ac_File=yes"
+else
+ eval "$as_ac_File=no"
+fi
+fi
+eval ac_res=\$$as_ac_File
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+ external_path_file=/etc/default/login
+fi
+
+ if test "x$external_path_file" = "x/etc/default/login"; then
+
+$as_echo "#define HAVE_ETC_DEFAULT_LOGIN 1" >>confdefs.h
+
+ fi
+fi
+
+if test $ac_cv_func_login_getcapbool = "yes" && \
+ test $ac_cv_header_login_cap_h = "yes" ; then
+ external_path_file=/etc/login.conf
+fi
+
+# Whether to mess with the default path
+SERVER_PATH_MSG="(default)"
+
+# Check whether --with-default-path was given.
+if test "${with_default_path+set}" = set; then :
+ withval=$with_default_path;
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead." >&5
+$as_echo "$as_me: WARNING:
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead." >&2;}
+ elif test "x$withval" != "xno" ; then
+ if test ! -z "$external_path_file" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file ." >&5
+$as_echo "$as_me: WARNING:
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file ." >&2;}
+ fi
+ user_path="$withval"
+ SERVER_PATH_MSG="$withval"
+ fi
+
+else
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
+$as_echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;}
+ else
+ if test ! -z "$external_path_file" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work." >&5
+$as_echo "$as_me: WARNING:
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work." >&2;}
+ fi
+ if test "$cross_compiling" = yes; then :
+ user_path="/usr/bin:/bin:/usr/sbin:/sbin"
+
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* find out what STDPATH is */
+#include <stdio.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifndef _PATH_STDPATH
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#define DATA "conftest.stdpath"
+
+int
+main ()
+{
+
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
+ exit(1);
+
+ exit(0);
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ user_path=`cat conftest.stdpath`
+else
+ user_path="/usr/bin:/bin:/usr/sbin:/sbin"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+# make sure $bindir is in USER_PATH so scp will work
+ t_bindir="${bindir}"
+ while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
+ t_bindir=`eval echo ${t_bindir}`
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
+ esac
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+ done
+ echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
+ if test $? -ne 0 ; then
+ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
+ if test $? -ne 0 ; then
+ user_path=$user_path:$t_bindir
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: Adding $t_bindir to USER_PATH so scp will work" >&5
+$as_echo "Adding $t_bindir to USER_PATH so scp will work" >&6; }
+ fi
+ fi
+ fi
+
+fi
+
+if test "x$external_path_file" != "x/etc/login.conf" ; then
+
+cat >>confdefs.h <<_ACEOF
+#define USER_PATH "$user_path"
+_ACEOF
+
+
+fi
+
+# Set superuser path separately to user path
+
+# Check whether --with-superuser-path was given.
+if test "${with_superuser_path+set}" = set; then :
+ withval=$with_superuser_path;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+
+cat >>confdefs.h <<_ACEOF
+#define SUPERUSER_PATH "$withval"
+_ACEOF
+
+ superuser_path=$withval
+ fi
+
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
+$as_echo_n "checking if we need to convert IPv4 in IPv6-mapped addresses... " >&6; }
+IPV4_IN6_HACK_MSG="no"
+
+# Check whether --with-4in6 was given.
+if test "${with_4in6+set}" = set; then :
+ withval=$with_4in6;
+ if test "x$withval" != "xno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
+
+ IPV4_IN6_HACK_MSG="yes"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+else
+
+ if test "x$inet6_default_4in6" = "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5
+$as_echo "yes (default)" >&6; }
+ $as_echo "#define IPV4_IN_IPV6 1" >>confdefs.h
+
+ IPV4_IN6_HACK_MSG="yes"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (default)" >&5
+$as_echo "no (default)" >&6; }
+ fi
+
+
+fi
+
+
+# Whether to enable BSD auth support
+BSD_AUTH_MSG=no
+
+# Check whether --with-bsd-auth was given.
+if test "${with_bsd_auth+set}" = set; then :
+ withval=$with_bsd_auth;
+ if test "x$withval" != "xno" ; then
+
+$as_echo "#define BSD_AUTH 1" >>confdefs.h
+
+ BSD_AUTH_MSG=yes
+ fi
+
+
+fi
+
+
+# Where to place sshd.pid
+piddir=/var/run
+# make sure the directory exists
+if test ! -d $piddir ; then
+ piddir=`eval echo ${sysconfdir}`
+ case $piddir in
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+fi
+
+
+# Check whether --with-pid-dir was given.
+if test "${with_pid_dir+set}" = set; then :
+ withval=$with_pid_dir;
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ piddir=$withval
+ if test ! -d $piddir ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** no $piddir directory on this system **" >&5
+$as_echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
+ fi
+ fi
+
+
+fi
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define _PATH_SSH_PIDDIR "$piddir"
+_ACEOF
+
+
+
+# Check whether --enable-lastlog was given.
+if test "${enable_lastlog+set}" = set; then :
+ enableval=$enable_lastlog;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-utmp was given.
+if test "${enable_utmp+set}" = set; then :
+ enableval=$enable_utmp;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-utmpx was given.
+if test "${enable_utmpx+set}" = set; then :
+ enableval=$enable_utmpx;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_UTMPX 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-wtmp was given.
+if test "${enable_wtmp+set}" = set; then :
+ enableval=$enable_wtmp;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-wtmpx was given.
+if test "${enable_wtmpx+set}" = set; then :
+ enableval=$enable_wtmpx;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-libutil was given.
+if test "${enable_libutil+set}" = set; then :
+ enableval=$enable_libutil;
+ if test "x$enableval" = "xno" ; then
+ $as_echo "#define DISABLE_LOGIN 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-pututline was given.
+if test "${enable_pututline+set}" = set; then :
+ enableval=$enable_pututline;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_PUTUTLINE 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+# Check whether --enable-pututxline was given.
+if test "${enable_pututxline+set}" = set; then :
+ enableval=$enable_pututxline;
+ if test "x$enableval" = "xno" ; then
+
+$as_echo "#define DISABLE_PUTUTXLINE 1" >>confdefs.h
+
+ fi
+
+
+fi
+
+
+# Check whether --with-lastlog was given.
+if test "${with_lastlog+set}" = set; then :
+ withval=$with_lastlog;
+ if test "x$withval" = "xno" ; then
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ elif test -n "$withval" && test "x${withval}" != "xyes"; then
+ conf_lastlog_location=$withval
+ fi
+
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines LASTLOG_FILE" >&5
+$as_echo_n "checking if your system defines LASTLOG_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+
+int
+main ()
+{
+ char *lastlog = LASTLOG_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines _PATH_LASTLOG" >&5
+$as_echo_n "checking if your system defines _PATH_LASTLOG... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *lastlog = _PATH_LASTLOG;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_lastlog_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test -z "$conf_lastlog_location"; then
+ if test x"$system_lastlog_path" = x"no" ; then
+ for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+ if (test -d "$f" || test -f "$f") ; then
+ conf_lastlog_location=$f
+ fi
+ done
+ if test -z "$conf_lastlog_location"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ** Cannot find lastlog **" >&5
+$as_echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
+ fi
+ fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_LASTLOG_FILE "$conf_lastlog_location"
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines UTMP_FILE" >&5
+$as_echo_n "checking if your system defines UTMP_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *utmp = UTMP_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_utmp_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test -z "$conf_utmp_location"; then
+ if test x"$system_utmp_path" = x"no" ; then
+ for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+ if test -f $f ; then
+ conf_utmp_location=$f
+ fi
+ done
+ if test -z "$conf_utmp_location"; then
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+ fi
+ fi
+fi
+if test -n "$conf_utmp_location"; then
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_UTMP_FILE "$conf_utmp_location"
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMP_FILE" >&5
+$as_echo_n "checking if your system defines WTMP_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *wtmp = WTMP_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_wtmp_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test -z "$conf_wtmp_location"; then
+ if test x"$system_wtmp_path" = x"no" ; then
+ for f in /usr/adm/wtmp /var/log/wtmp; do
+ if test -f $f ; then
+ conf_wtmp_location=$f
+ fi
+ done
+ if test -z "$conf_wtmp_location"; then
+ $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+ fi
+ fi
+fi
+if test -n "$conf_wtmp_location"; then
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_WTMP_FILE "$conf_wtmp_location"
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if your system defines WTMPX_FILE" >&5
+$as_echo_n "checking if your system defines WTMPX_FILE... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+
+int
+main ()
+{
+ char *wtmpx = WTMPX_FILE;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ system_wtmpx_path=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test -z "$conf_wtmpx_location"; then
+ if test x"$system_wtmpx_path" = x"no" ; then
+ $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h
+
+ fi
+else
+
+cat >>confdefs.h <<_ACEOF
+#define CONF_WTMPX_FILE "$conf_wtmpx_location"
+_ACEOF
+
+fi
+
+
+if test ! -z "$blibpath" ; then
+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5
+$as_echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;}
+fi
+
+ac_fn_c_check_member "$LINENO" "struct lastlog" "ll_line" "ac_cv_member_struct_lastlog_ll_line" "
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+"
+if test "x$ac_cv_member_struct_lastlog_ll_line" = xyes; then :
+
+else
+
+ if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
+ $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h
+
+ fi
+
+fi
+
+
+ac_fn_c_check_member "$LINENO" "struct utmp" "ut_line" "ac_cv_member_struct_utmp_ut_line" "
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+
+"
+if test "x$ac_cv_member_struct_utmp_ut_line" = xyes; then :
+
+else
+
+ $as_echo "#define DISABLE_UTMP 1" >>confdefs.h
+
+ $as_echo "#define DISABLE_WTMP 1" >>confdefs.h
+
+
+fi
+
+
+CFLAGS="$CFLAGS $werror_flags"
+
+if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ TEST_SSH_IPV6=no
+else
+ TEST_SSH_IPV6=yes
+fi
+ac_fn_c_check_decl "$LINENO" "BROKEN_GETADDRINFO" "ac_cv_have_decl_BROKEN_GETADDRINFO" "$ac_includes_default"
+if test "x$ac_cv_have_decl_BROKEN_GETADDRINFO" = xyes; then :
+ TEST_SSH_IPV6=no
+fi
+
+TEST_SSH_IPV6=$TEST_SSH_IPV6
+
+UNSUPPORTED_ALGORITHMS=$unsupported_algorithms
+
+
+
+ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ if test "x$cache_file" != "x/dev/null"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by OpenSSH $as_me Portable, which was
+generated by GNU Autoconf 2.68. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Report bugs to <openssh-unix-dev@mindrot.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+OpenSSH config.status Portable
+configured by $0, generated by GNU Autoconf 2.68,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "buildpkg.sh") CONFIG_FILES="$CONFIG_FILES buildpkg.sh" ;;
+ "opensshd.init") CONFIG_FILES="$CONFIG_FILES opensshd.init" ;;
+ "openssh.xml") CONFIG_FILES="$CONFIG_FILES openssh.xml" ;;
+ "openbsd-compat/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;;
+ "openbsd-compat/regress/Makefile") CONFIG_FILES="$CONFIG_FILES openbsd-compat/regress/Makefile" ;;
+ "survey.sh") CONFIG_FILES="$CONFIG_FILES survey.sh" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp= ac_tmp=
+ trap 'exit_status=$?
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = ""
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS "
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$ac_tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
+ case $ac_file in
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+ ;;
+
+
+ esac
+
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+# Print summary of options
+
+# Someone please show me a better way :)
+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
+E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
+
+echo ""
+echo "OpenSSH has been configured with the following options:"
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Privilege separation chroot path: $H"
+if test "x$external_path_file" = "x/etc/login.conf" ; then
+echo " At runtime, sshd will use the path defined in $external_path_file"
+echo " Make sure the path to scp is present, otherwise scp will not work"
+else
+echo " sshd default user PATH: $I"
+ if test ! -z "$external_path_file"; then
+echo " (If PATH is set in $external_path_file it will be used instead. If"
+echo " used, ensure the path to scp is present, otherwise scp will not work.)"
+ fi
+fi
+if test ! -z "$superuser_path" ; then
+echo " sshd superuser user PATH: $J"
+fi
+echo " Manpage format: $MANTYPE"
+echo " PAM support: $PAM_MSG"
+echo " OSF SIA support: $SIA_MSG"
+echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
+echo " Smartcard support: $SCARD_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " libedit support: $LIBEDIT_MSG"
+echo " Solaris process contract support: $SPC_MSG"
+echo " Solaris project support: $SP_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo " BSD Auth support: $BSD_AUTH_MSG"
+echo " Random number source: $RAND_MSG"
+echo " Privsep sandbox style: $SANDBOX_STYLE"
+
+echo ""
+
+echo " Host: ${host}"
+echo " Compiler: ${CC}"
+echo " Compiler flags: ${CFLAGS}"
+echo "Preprocessor flags: ${CPPFLAGS}"
+echo " Linker flags: ${LDFLAGS}"
+echo " Libraries: ${LIBS}"
+if test ! -z "${SSHDLIBS}"; then
+echo " +for sshd: ${SSHDLIBS}"
+fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
+
+echo ""
+
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+ echo "SVR4 style packages are supported with \"make package\""
+ echo ""
+fi
+
+if test "x$PAM_MSG" = "xyes" ; then
+ echo "PAM is enabled. You may need to install a PAM control file "
+ echo "for sshd, otherwise password authentication may fail. "
+ echo "Example PAM control files can be found in the contrib/ "
+ echo "subdirectory"
+ echo ""
+fi
+
+if test ! -z "$NO_PEERCHECK" ; then
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
+ echo ""
+fi
+
+if test "$AUDIT_MODULE" = "bsm" ; then
+ echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+ echo "See the Solaris section in README.platform for details."
+fi
diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac
new file mode 100644
index 0000000..4a1b503
--- /dev/null
+++ b/crypto/openssh/configure.ac
@@ -0,0 +1,4669 @@
+# $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $
+#
+# Copyright (c) 1999-2004 Damien Miller
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
+AC_REVISION($Revision: 1.536 $)
+AC_CONFIG_SRCDIR([ssh.c])
+AC_LANG([C])
+
+AC_CONFIG_HEADER([config.h])
+AC_PROG_CC
+AC_CANONICAL_HOST
+AC_C_BIGENDIAN
+
+# Checks for programs.
+AC_PROG_AWK
+AC_PROG_CPP
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_PROG_EGREP
+AC_PATH_PROG([AR], [ar])
+AC_PATH_PROG([CAT], [cat])
+AC_PATH_PROG([KILL], [kill])
+AC_PATH_PROGS([PERL], [perl5 perl])
+AC_PATH_PROG([SED], [sed])
+AC_SUBST([PERL])
+AC_PATH_PROG([ENT], [ent])
+AC_SUBST([ENT])
+AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
+AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
+AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
+AC_PATH_PROG([SH], [sh])
+AC_PATH_PROG([GROFF], [groff])
+AC_PATH_PROG([NROFF], [nroff])
+AC_PATH_PROG([MANDOC], [mandoc])
+AC_SUBST([TEST_SHELL], [sh])
+
+dnl select manpage formatter
+if test "x$MANDOC" != "x" ; then
+ MANFMT="$MANDOC"
+elif test "x$NROFF" != "x" ; then
+ MANFMT="$NROFF -mandoc"
+elif test "x$GROFF" != "x" ; then
+ MANFMT="$GROFF -mandoc -Tascii"
+else
+ AC_MSG_WARN([no manpage formatted found])
+ MANFMT="false"
+fi
+AC_SUBST([MANFMT])
+
+dnl for buildpkg.sh
+AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
+ [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
+ [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
+if test -x /sbin/sh; then
+ AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
+else
+ AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
+fi
+
+# System features
+AC_SYS_LARGEFILE
+
+if test -z "$AR" ; then
+ AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
+fi
+
+# Use LOGIN_PROGRAM from environment if possible
+if test ! -z "$LOGIN_PROGRAM" ; then
+ AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
+ [If your header files don't define LOGIN_PROGRAM,
+ then use this (detected) from environment and PATH])
+else
+ # Search for login
+ AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
+ if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
+ AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
+ fi
+fi
+
+AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
+if test ! -z "$PATH_PASSWD_PROG" ; then
+ AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
+ [Full path of your "passwd" program])
+fi
+
+if test -z "$LD" ; then
+ LD=$CC
+fi
+AC_SUBST([LD])
+
+AC_C_INLINE
+
+AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
+AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
+ #include <sys/types.h>
+ #include <sys/param.h>
+ #include <dev/systrace.h>
+])
+AC_CHECK_DECL([RLIMIT_NPROC],
+ [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
+ #include <sys/types.h>
+ #include <sys/resource.h>
+])
+AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
+ #include <sys/types.h>
+ #include <linux/prctl.h>
+])
+use_stack_protector=1
+AC_ARG_WITH([stackprotect],
+ [ --without-stackprotect Don't use compiler's stack protection], [
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi ])
+
+
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
+ OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror],
+ [-Qunused-arguments])
+ OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror],
+ [-Wno-unknown-warning-option])
+ OSSH_CHECK_CFLAG_COMPILE([-Wall])
+ OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
+ OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
+ OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
+ OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
+ OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
+ OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
+ OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
+ OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
+ OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2])
+ AC_MSG_CHECKING([gcc version])
+ GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
+ case $GCC_VER in
+ 1.*) no_attrib_nonnull=1 ;;
+ 2.8* | 2.9*)
+ no_attrib_nonnull=1
+ ;;
+ 2.*) no_attrib_nonnull=1 ;;
+ *) ;;
+ esac
+ AC_MSG_RESULT([$GCC_VER])
+
+ AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
+ [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ CFLAGS="$saved_CFLAGS" ]
+ )
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a given platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ AC_MSG_CHECKING([if $CC supports $t])
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ AC_MSG_CHECKING([if $t works])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[
+ char x[256];
+ snprintf(x, sizeof(x), "XXX");
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ break ],
+ [ AC_MSG_RESULT([no]) ],
+ [ AC_MSG_WARN([cross compiling: cannot test])
+ break ]
+ )
+ ],
+ [ AC_MSG_RESULT([no]) ]
+ )
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
+ if test -z "$have_llong_max"; then
+ # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
+ unset ac_cv_have_decl_LLONG_MAX
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -std=gnu99"
+ AC_CHECK_DECL([LLONG_MAX],
+ [have_llong_max=1],
+ [CFLAGS="$saved_CFLAGS"],
+ [#include <limits.h>]
+ )
+ fi
+fi
+
+AC_MSG_CHECKING([if compiler allows __attribute__ on return types])
+AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdlib.h>
+__attribute__((__unused__)) static void foo(void){return;}]],
+ [[ exit(0); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1,
+ [compiler does not accept __attribute__ on return types]) ]
+)
+
+if test "x$no_attrib_nonnull" != "x1" ; then
+ AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
+fi
+
+AC_ARG_WITH([rpath],
+ [ --without-rpath Disable auto-added -R linker paths],
+ [
+ if test "x$withval" = "xno" ; then
+ need_dash_r=""
+ fi
+ if test "x$withval" = "xyes" ; then
+ need_dash_r=1
+ fi
+ ]
+)
+
+# Allow user to specify flags
+AC_ARG_WITH([cflags],
+ [ --with-cflags Specify additional flags to pass to compiler],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CFLAGS="$CFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH([cppflags],
+ [ --with-cppflags Specify additional flags to pass to preprocessor] ,
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH([ldflags],
+ [ --with-ldflags Specify additional flags to pass to linker],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LDFLAGS="$LDFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH([libs],
+ [ --with-libs Specify additional libraries to link with],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LIBS="$LIBS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH([Werror],
+ [ --with-Werror Build main code with -Werror],
+ [
+ if test -n "$withval" && test "x$withval" != "xno"; then
+ werror_flags="-Werror"
+ if test "x${withval}" != "xyes"; then
+ werror_flags="$withval"
+ fi
+ fi
+ ]
+)
+
+AC_CHECK_HEADERS([ \
+ bstring.h \
+ crypt.h \
+ crypto/sha2.h \
+ dirent.h \
+ endian.h \
+ elf.h \
+ features.h \
+ fcntl.h \
+ floatingpoint.h \
+ getopt.h \
+ glob.h \
+ ia.h \
+ iaf.h \
+ limits.h \
+ locale.h \
+ login.h \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+ paths.h \
+ poll.h \
+ pty.h \
+ readpassphrase.h \
+ rpc/types.h \
+ security/pam_appl.h \
+ sha2.h \
+ shadow.h \
+ stddef.h \
+ stdint.h \
+ string.h \
+ strings.h \
+ sys/audit.h \
+ sys/bitypes.h \
+ sys/bsdtty.h \
+ sys/cdefs.h \
+ sys/dir.h \
+ sys/mman.h \
+ sys/ndir.h \
+ sys/poll.h \
+ sys/prctl.h \
+ sys/pstat.h \
+ sys/select.h \
+ sys/stat.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/strtio.h \
+ sys/statvfs.h \
+ sys/sysmacros.h \
+ sys/time.h \
+ sys/timers.h \
+ time.h \
+ tmpdir.h \
+ ttyent.h \
+ ucred.h \
+ unistd.h \
+ usersec.h \
+ util.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ vis.h \
+])
+
+# lastlog.h requires sys/time.h to be included first on Solaris
+AC_CHECK_HEADERS([lastlog.h], [], [], [
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+])
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+AC_CHECK_HEADERS([sys/ptms.h], [], [], [
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+])
+
+# login_cap.h requires sys/types.h on NetBSD
+AC_CHECK_HEADERS([login_cap.h], [], [], [
+#include <sys/types.h>
+])
+
+# older BSDs need sys/param.h before sys/mount.h
+AC_CHECK_HEADERS([sys/mount.h], [], [], [
+#include <sys/param.h>
+])
+
+# Android requires sys/socket.h to be included before sys/un.h
+AC_CHECK_HEADERS([sys/un.h], [], [], [
+#include <sys/types.h>
+#include <sys/socket.h>
+])
+
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+SP_MSG="no"
+
+# Check for some target-specific stuff
+case "$host" in
+*-*-aix*)
+ # Some versions of VAC won't allow macro redefinitions at
+ # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
+ # particularly with older versions of vac or xlc.
+ # It also throws errors about null macro argments, but these are
+ # not fatal.
+ AC_MSG_CHECKING([if compiler allows macro redefinitions])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[
+#define testmacro foo
+#define testmacro bar]],
+ [[ exit(0); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
+ LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
+ CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ ]
+ )
+
+ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
+ if (test -z "$blibpath"); then
+ blibpath="/usr/lib:/lib"
+ fi
+ saved_LDFLAGS="$LDFLAGS"
+ if test "$GCC" = "yes"; then
+ flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
+ else
+ flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
+ fi
+ for tryflags in $flags ;do
+ if (test -z "$blibflags"); then
+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [blibflags=$tryflags], [])
+ fi
+ done
+ if (test -z "$blibflags"); then
+ AC_MSG_RESULT([not found])
+ AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
+ else
+ AC_MSG_RESULT([$blibflags])
+ fi
+ LDFLAGS="$saved_LDFLAGS"
+ dnl Check for authenticate. Might be in libs.a on older AIXes
+ AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
+ [Define if you want to enable AIX4's authenticate function])],
+ [AC_CHECK_LIB([s], [authenticate],
+ [ AC_DEFINE([WITH_AIXAUTHENTICATE])
+ LIBS="$LIBS -ls"
+ ])
+ ])
+ dnl Check for various auth function declarations in headers.
+ AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
+ passwdexpired, setauthdb], , , [#include <usersec.h>])
+ dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
+ AC_CHECK_DECLS([loginfailed],
+ [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
+ [[ (void)loginfailed("user","host","tty",0); ]])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
+ [Define if your AIX loginfailed() function
+ takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
+ ])],
+ [],
+ [#include <usersec.h>]
+ )
+ AC_CHECK_FUNCS([getgrset setauthdb])
+ AC_CHECK_DECL([F_CLOSEM],
+ AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
+ [],
+ [ #include <limits.h>
+ #include <fcntl.h> ]
+ )
+ check_for_aix_broken_getaddrinfo=1
+ AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
+ AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
+ [Define if your platform breaks doing a seteuid before a setuid])
+ AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
+ AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
+ dnl AIX handles lastlog as part of its login message
+ AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
+ AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
+ [Some systems need a utmpx entry for /bin/login to work])
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
+ [Define to a Set Process Title type if your system is
+ supported by bsd-setproctitle.c])
+ AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
+ [AIX 5.2 and 5.3 (and presumably newer) require this])
+ AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
+ AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
+ ;;
+*-*-android*)
+ AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp])
+ AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp])
+ ;;
+*-*-cygwin*)
+ check_for_libcrypt_later=1
+ LIBS="$LIBS /usr/lib/textreadmode.o"
+ AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
+ AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
+ AC_DEFINE([DISABLE_SHADOW], [1],
+ [Define if you want to disable shadow passwords])
+ AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
+ [Define if X11 doesn't support AF_UNIX sockets on that system])
+ AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
+ [Define if the concept of ports only accessible to
+ superusers isn't known])
+ AC_DEFINE([DISABLE_FD_PASSING], [1],
+ [Define if your platform needs to skip post auth
+ file descriptor passing])
+ AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
+ AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
+ ;;
+*-*-dgux*)
+ AC_DEFINE([IP_TOS_IS_BROKEN], [1],
+ [Define if your system choked on IP TOS setting])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ ;;
+*-*-darwin*)
+ AC_MSG_CHECKING([if we have working getaddrinfo])
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ exit(0);
+ else
+ exit(1);
+}
+ ]])],
+ [AC_MSG_RESULT([working])],
+ [AC_MSG_RESULT([buggy])
+ AC_DEFINE([BROKEN_GETADDRINFO], [1],
+ [getaddrinfo is broken (if present)])
+ ],
+ [AC_MSG_RESULT([assume it is working])])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
+ AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
+ [Define if your resolver libs need this for getrrsetbyname])
+ AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
+ AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
+ [Prepend the address family to IP tunnel traffic])
+ m4_pattern_allow([AU_IPv])
+ AC_CHECK_DECL([AU_IPv4], [],
+ AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
+ [#include <bsm/audit.h>]
+ AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
+ [Define if pututxline updates lastlog too])
+ )
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
+ [Define to a Set Process Title type if your system is
+ supported by bsd-setproctitle.c])
+ AC_CHECK_FUNCS([sandbox_init])
+ AC_CHECK_HEADERS([sandbox.h])
+ ;;
+*-*-dragonfly*)
+ SSHDLIBS="$SSHDLIBS -lcrypt"
+ ;;
+*-*-haiku*)
+ LIBS="$LIBS -lbsd "
+ AC_CHECK_LIB([network], [socket])
+ AC_DEFINE([HAVE_U_INT64_T])
+ MANTYPE=man
+ ;;
+*-*-hpux*)
+ # first we define all of the options common to all HP-UX releases
+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+ IPADDR_IN_DISPLAY=yes
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([LOGIN_NO_ENDOPT], [1],
+ [Define if your login program cannot handle end of options ("--")])
+ AC_DEFINE([LOGIN_NEEDS_UTMPX])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
+ [String used in /etc/passwd to denote locked account])
+ AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
+ AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)])
+ maildir="/var/mail"
+ LIBS="$LIBS -lsec"
+ AC_CHECK_LIB([xnet], [t_error], ,
+ [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
+
+ # next, we define all of the options specific to major releases
+ case "$host" in
+ *-*-hpux10*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ ;;
+ *-*-hpux11*)
+ AC_DEFINE([PAM_SUN_CODEBASE], [1],
+ [Define if you are using Solaris-derived PAM which
+ passes pam_messages to the conversation function
+ with an extra level of indirection])
+ AC_DEFINE([DISABLE_UTMP], [1],
+ [Define if you don't want to use utmp])
+ AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
+ check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
+ ;;
+ esac
+
+ # lastly, we define options specific to minor releases
+ case "$host" in
+ *-*-hpux10.26)
+ AC_DEFINE([HAVE_SECUREWARE], [1],
+ [Define if you have SecureWare-based
+ protected password database])
+ disable_ptmx_check=yes
+ LIBS="$LIBS -lsecpw"
+ ;;
+ esac
+ ;;
+*-*-irix5*)
+ PATH="$PATH:/usr/etc"
+ AC_DEFINE([BROKEN_INET_NTOA], [1],
+ [Define if you system's inet_ntoa is busted
+ (e.g. Irix gcc issue)])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
+ [Define if you shouldn't strip 'tty' from your
+ ttyname in [uw]tmp])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
+ ;;
+*-*-irix6*)
+ PATH="$PATH:/usr/etc"
+ AC_DEFINE([WITH_IRIX_ARRAY], [1],
+ [Define if you have/want arrays
+ (cluster-wide session managment, not C arrays)])
+ AC_DEFINE([WITH_IRIX_PROJECT], [1],
+ [Define if you want IRIX project management])
+ AC_DEFINE([WITH_IRIX_AUDIT], [1],
+ [Define if you want IRIX audit trails])
+ AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
+ [Define if you want IRIX kernel jobs])])
+ AC_DEFINE([BROKEN_INET_NTOA])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
+ AC_DEFINE([WITH_ABBREV_NO_TTY])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
+ ;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ AC_DEFINE([PAM_TTY_KLUDGE])
+ AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
+ AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
+ AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
+ ;;
+*-*-linux*)
+ no_dev_ptmx=1
+ check_for_libcrypt_later=1
+ check_for_openpty_ctty_bug=1
+ AC_DEFINE([PAM_TTY_KLUDGE], [1],
+ [Work around problematic Linux PAM modules handling of PAM_TTY])
+ AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
+ [String used in /etc/passwd to denote locked account])
+ AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
+ AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
+ [Define to whatever link() returns for "not supported"
+ if it doesn't return EOPNOTSUPP.])
+ AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
+ AC_DEFINE([USE_BTMP])
+ AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
+ inet6_default_4in6=yes
+ case `uname -r` in
+ 1.*|2.0.*)
+ AC_DEFINE([BROKEN_CMSG_TYPE], [1],
+ [Define if cmsg_type is not passed correctly])
+ ;;
+ esac
+ # tun(4) forwarding compat code
+ AC_CHECK_HEADERS([linux/if_tun.h])
+ if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
+ AC_DEFINE([SSH_TUN_LINUX], [1],
+ [Open tunnel devices the Linux tun/tap way])
+ AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
+ [Prepend the address family to IP tunnel traffic])
+ fi
+ AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
+ [], [#include <linux/types.h>])
+ AC_CHECK_FUNCS([prctl])
+ AC_MSG_CHECKING([for seccomp architecture])
+ seccomp_audit_arch=
+ case "$host" in
+ x86_64-*)
+ seccomp_audit_arch=AUDIT_ARCH_X86_64
+ ;;
+ i*86-*)
+ seccomp_audit_arch=AUDIT_ARCH_I386
+ ;;
+ arm*-*)
+ seccomp_audit_arch=AUDIT_ARCH_ARM
+ ;;
+ esac
+ if test "x$seccomp_audit_arch" != "x" ; then
+ AC_MSG_RESULT(["$seccomp_audit_arch"])
+ AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch],
+ [Specify the system call convention in use])
+ else
+ AC_MSG_RESULT([architecture not supported])
+ fi
+ ;;
+mips-sony-bsd|mips-sony-newsos4)
+ AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
+ SONY=1
+ ;;
+*-*-netbsd*)
+ check_for_libcrypt_before=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+ AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
+ AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
+ [Prepend the address family to IP tunnel traffic])
+ ;;
+*-*-freebsd*)
+ check_for_libcrypt_later=1
+ AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
+ AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
+ AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
+ AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need])
+ ;;
+*-*-bsdi*)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ ;;
+*-next-*)
+ conf_lastlog_location="/usr/adm/lastlog"
+ conf_utmp_location=/etc/utmp
+ conf_wtmp_location=/usr/adm/wtmp
+ maildir=/usr/spool/mail
+ AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
+ AC_DEFINE([BROKEN_REALPATH])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
+ ;;
+*-*-openbsd*)
+ AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
+ AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
+ AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
+ AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
+ [syslog_r function is safe to use in in a signal handler])
+ ;;
+*-*-solaris*)
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+ AC_DEFINE([PAM_SUN_CODEBASE])
+ AC_DEFINE([LOGIN_NEEDS_UTMPX])
+ AC_DEFINE([LOGIN_NEEDS_TERM], [1],
+ [Some versions of /bin/login need the TERM supplied
+ on the commandline])
+ AC_DEFINE([PAM_TTY_KLUDGE])
+ AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
+ [Define if pam_chauthtok wants real uid set
+ to the unpriv'ed user])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
+ # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
+ AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
+ [Define if sshd somehow reacquires a controlling TTY
+ after setsid()])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
+ in case the name is longer than 8 chars])
+ AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
+ external_path_file=/etc/default/login
+ # hardwire lastlog location (can't detect it on some versions)
+ conf_lastlog_location="/var/adm/lastlog"
+ AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
+ sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
+ if test "$sol2ver" -ge 8; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([DISABLE_UTMP])
+ AC_DEFINE([DISABLE_WTMP], [1],
+ [Define if you don't want to use wtmp])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ AC_ARG_WITH([solaris-contracts],
+ [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
+ [
+ AC_CHECK_LIB([contract], [ct_tmpl_activate],
+ [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
+ [Define if you have Solaris process contracts])
+ SSHDLIBS="$SSHDLIBS -lcontract"
+ SPC_MSG="yes" ], )
+ ],
+ )
+ AC_ARG_WITH([solaris-projects],
+ [ --with-solaris-projects Enable Solaris projects (experimental)],
+ [
+ AC_CHECK_LIB([project], [setproject],
+ [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
+ [Define if you have Solaris projects])
+ SSHDLIBS="$SSHDLIBS -lproject"
+ SP_MSG="yes" ], )
+ ],
+ )
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+*-*-sunos4*)
+ CPPFLAGS="$CPPFLAGS -DSUNOS4"
+ AC_CHECK_FUNCS([getpwanam])
+ AC_DEFINE([PAM_SUN_CODEBASE])
+ conf_utmp_location=/etc/utmp
+ conf_wtmp_location=/var/adm/wtmp
+ conf_lastlog_location=/var/adm/lastlog
+ AC_DEFINE([USE_PIPES])
+ ;;
+*-ncr-sysv*)
+ LIBS="$LIBS -lc89"
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ ;;
+*-sni-sysv*)
+ # /usr/ucblib MUST NOT be searched on ReliantUNIX
+ AC_CHECK_LIB([dl], [dlsym], ,)
+ # -lresolv needs to be at the end of LIBS or DNS lookups break
+ AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
+ IPADDR_IN_DISPLAY=yes
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([IP_TOS_IS_BROKEN])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
+ external_path_file=/etc/default/login
+ # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
+ # Attention: always take care to bind libsocket and libnsl before libc,
+ # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
+ ;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
+*-*-sysv4.2*)
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
+ AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+# UnixWare 7.x, OpenUNIX 8
+*-*-sysv5*)
+ CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
+ AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME])
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ case "$host" in
+ *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
+ maildir=/var/spool/mail
+ AC_DEFINE([BROKEN_LIBIAF], [1],
+ [ia_uinfo routines not supported by OS yet])
+ AC_DEFINE([BROKEN_UPDWTMPX])
+ AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
+ AC_DEFINE([HAVE_SECUREWARE])
+ AC_DEFINE([DISABLE_SHADOW])
+ ], , )
+ ;;
+ *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
+ check_for_libcrypt_later=1
+ ;;
+ esac
+ ;;
+*-*-sysv*)
+ ;;
+# SCO UNIX and OEM versions of SCO UNIX
+*-*-sco3.2v4*)
+ AC_MSG_ERROR("This Platform is no longer supported.")
+ ;;
+# SCO OpenServer 5.x
+*-*-sco3.2v5*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
+ LIBS="$LIBS -lprot -lx -ltinfo -lm"
+ no_dev_ptmx=1
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([HAVE_SECUREWARE])
+ AC_DEFINE([DISABLE_SHADOW])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([WITH_ABBREV_NO_TTY])
+ AC_DEFINE([BROKEN_UPDWTMPX])
+ AC_DEFINE([PASSWD_NEEDS_USERNAME])
+ AC_CHECK_FUNCS([getluid setluid])
+ MANTYPE=man
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ SKIP_DISABLE_LASTLOG_DEFINE=yes
+ ;;
+*-*-unicosmk*)
+ AC_DEFINE([NO_SSH_LASTLOG], [1],
+ [Define if you don't want to use lastlog in session.c])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-*-unicosmp*)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([WITH_ABBREV_NO_TTY])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lacid -ldb"
+ MANTYPE=cat
+ ;;
+*-*-unicos*)
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ AC_DEFINE([NO_SSH_LASTLOG])
+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-dec-osf*)
+ AC_MSG_CHECKING([for Digital Unix SIA])
+ no_osfsia=""
+ AC_ARG_WITH([osfsia],
+ [ --with-osfsia Enable Digital Unix SIA],
+ [
+ if test "x$withval" = "xno" ; then
+ AC_MSG_RESULT([disabled])
+ no_osfsia=1
+ fi
+ ],
+ )
+ if test -z "$no_osfsia" ; then
+ if test -f /etc/sia/matrix.conf; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_OSF_SIA], [1],
+ [Define if you have Digital Unix Security
+ Integration Architecture])
+ AC_DEFINE([DISABLE_LOGIN], [1],
+ [Define if you don't want to use your
+ system's login() call])
+ AC_DEFINE([DISABLE_FD_PASSING])
+ LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ SIA_MSG="yes"
+ else
+ AC_MSG_RESULT([no])
+ AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
+ [String used in /etc/passwd to denote locked account])
+ fi
+ fi
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ AC_DEFINE([SETEUID_BREAKS_SETUID])
+ AC_DEFINE([BROKEN_SETREUID])
+ AC_DEFINE([BROKEN_SETREGID])
+ AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
+ ;;
+
+*-*-nto-qnx*)
+ AC_DEFINE([USE_PIPES])
+ AC_DEFINE([NO_X11_UNIX_SOCKETS])
+ AC_DEFINE([DISABLE_LASTLOG])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
+ AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
+ enable_etc_default_login=no # has incompatible /etc/default/login
+ case "$host" in
+ *-*-nto-qnx6*)
+ AC_DEFINE([DISABLE_FD_PASSING])
+ ;;
+ esac
+ ;;
+
+*-*-ultrix*)
+ AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
+ AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
+ AC_DEFINE([NEED_SETPGRP])
+ AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
+ ;;
+
+*-*-lynxos)
+ CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
+ AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
+ ;;
+esac
+
+AC_MSG_CHECKING([compiler and flags for sanity])
+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [
+ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
+)
+
+dnl Checks for header files.
+# Checks for libraries.
+AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
+AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
+
+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
+AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
+ AC_CHECK_LIB([gen], [dirname], [
+ AC_CACHE_CHECK([for broken dirname],
+ ac_cv_have_broken_dirname, [
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lgen"
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <libgen.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+ char *s, buf[32];
+
+ strncpy(buf,"/etc", 32);
+ s = dirname(buf);
+ if (!s || strncmp(s, "/", 32) != 0) {
+ exit(1);
+ } else {
+ exit(0);
+ }
+}
+ ]])],
+ [ ac_cv_have_broken_dirname="no" ],
+ [ ac_cv_have_broken_dirname="yes" ],
+ [ ac_cv_have_broken_dirname="no" ],
+ )
+ LIBS="$save_LIBS"
+ ])
+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+ LIBS="$LIBS -lgen"
+ AC_DEFINE([HAVE_DIRNAME])
+ AC_CHECK_HEADERS([libgen.h])
+ fi
+ ])
+])
+
+AC_CHECK_FUNC([getspnam], ,
+ [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
+AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
+ [Define if you have the basename function.])])
+
+dnl zlib is required
+AC_ARG_WITH([zlib],
+ [ --with-zlib=PATH Use zlib in PATH],
+ [ if test "x$withval" = "xno" ; then
+ AC_MSG_ERROR([*** zlib is required ***])
+ elif test "x$withval" != "xyes"; then
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi ]
+)
+
+AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
+AC_CHECK_LIB([z], [deflate], ,
+ [
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ save_LIBS="$LIBS"
+ dnl Check default zlib install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+ LIBS="$LIBS -lz"
+ AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
+ [
+ AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
+ ]
+ )
+ ]
+)
+
+AC_ARG_WITH([zlib-version-check],
+ [ --without-zlib-version-check Disable zlib version check],
+ [ if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
+ ]
+)
+
+AC_MSG_CHECKING([for possibly buggy zlib])
+AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <stdlib.h>
+#include <zlib.h>
+ ]],
+ [[
+ int a=0, b=0, c=0, d=0, n, v;
+ n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
+ if (n != 3 && n != 4)
+ exit(1);
+ v = a*1000000 + b*10000 + c*100 + d;
+ fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
+
+ /* 1.1.4 is OK */
+ if (a == 1 && b == 1 && c >= 4)
+ exit(0);
+
+ /* 1.2.3 and up are OK */
+ if (v >= 1020300)
+ exit(0);
+
+ exit(2);
+ ]])],
+ AC_MSG_RESULT([no]),
+ [ AC_MSG_RESULT([yes])
+ if test -z "$zlib_check_nonfatal" ; then
+ AC_MSG_ERROR([*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+"./configure --without-zlib-version-check".
+If you are in doubt, upgrade zlib to version 1.2.3 or greater.
+See http://www.gzip.org/zlib/ for details.])
+ else
+ AC_MSG_WARN([zlib version may have security problems])
+ fi
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
+)
+
+dnl UnixWare 2.x
+AC_CHECK_FUNC([strcasecmp],
+ [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
+)
+AC_CHECK_FUNCS([utimes],
+ [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
+ LIBS="$LIBS -lc89"]) ]
+)
+
+dnl Checks for libutil functions
+AC_CHECK_HEADERS([bsd/libutil.h libutil.h])
+AC_SEARCH_LIBS([fmt_scaled], [util bsd])
+AC_SEARCH_LIBS([scan_scaled], [util bsd])
+AC_SEARCH_LIBS([login], [util bsd])
+AC_SEARCH_LIBS([logout], [util bsd])
+AC_SEARCH_LIBS([logwtmp], [util bsd])
+AC_SEARCH_LIBS([openpty], [util bsd])
+AC_SEARCH_LIBS([updwtmp], [util bsd])
+AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp])
+
+AC_FUNC_STRFTIME
+
+# Check for ALTDIRFUNC glob() extension
+AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
+AC_EGREP_CPP([FOUNDIT],
+ [
+ #include <glob.h>
+ #ifdef GLOB_ALTDIRFUNC
+ FOUNDIT
+ #endif
+ ],
+ [
+ AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
+ [Define if your system glob() function has
+ the GLOB_ALTDIRFUNC extension])
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ]
+)
+
+# Check for g.gl_matchc glob() extension
+AC_MSG_CHECKING([for gl_matchc field in glob_t])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
+ [[ glob_t g; g.gl_matchc = 1; ]])],
+ [
+ AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
+ [Define if your system glob() function has
+ gl_matchc options in glob_t])
+ AC_MSG_RESULT([yes])
+ ], [
+ AC_MSG_RESULT([no])
+])
+
+# Check for g.gl_statv glob() extension
+AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
+#ifndef GLOB_KEEPSTAT
+#error "glob does not support GLOB_KEEPSTAT extension"
+#endif
+glob_t g;
+g.gl_statv = NULL;
+]])],
+ [
+ AC_DEFINE([GLOB_HAS_GL_STATV], [1],
+ [Define if your system glob() function has
+ gl_statv options in glob_t])
+ AC_MSG_RESULT([yes])
+ ], [
+ AC_MSG_RESULT([no])
+
+])
+
+AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
+
+AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <dirent.h>]],
+ [[
+ struct dirent d;
+ exit(sizeof(d.d_name)<=sizeof(char));
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
+ [Define if your struct dirent expects you to
+ allocate extra space for d_name])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
+ AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
+ ]
+)
+
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+ AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
+ AC_MSG_RESULT([yes])
+else
+ AC_MSG_RESULT([no])
+fi
+
+# Check whether user wants S/Key support
+SKEY_MSG="no"
+AC_ARG_WITH([skey],
+ [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+ AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
+ LIBS="-lskey $LIBS"
+ SKEY_MSG="yes"
+
+ AC_MSG_CHECKING([for s/key support])
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <skey.h>
+ ]], [[
+ char *ff = skey_keyinfo(""); ff="";
+ exit(0);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [
+ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
+ ])
+ AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <skey.h>
+ ]], [[
+ (void)skeychallenge(NULL,"name","",0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
+ [Define if your skeychallenge()
+ function takes 4 arguments (NetBSD)])],
+ [
+ AC_MSG_RESULT([no])
+ ])
+ fi
+ ]
+)
+
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+AC_ARG_WITH([tcp-wrappers],
+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+ saved_LIBS="$LIBS"
+ saved_LDFLAGS="$LDFLAGS"
+ saved_CPPFLAGS="$CPPFLAGS"
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
+ if test -d "${withval}/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "${withval}/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+ LIBS="-lwrap $LIBS"
+ AC_MSG_CHECKING([for libwrap])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <tcpd.h>
+int deny_severity = 0, allow_severity = 0;
+ ]], [[
+ hosts_access(0);
+ ]])], [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([LIBWRAP], [1],
+ [Define if you want
+ TCP Wrappers support])
+ SSHDLIBS="$SSHDLIBS -lwrap"
+ TCPW_MSG="yes"
+ ], [
+ AC_MSG_ERROR([*** libwrap missing])
+
+ ])
+ LIBS="$saved_LIBS"
+ fi
+ ]
+)
+
+# Check whether user wants to use ldns
+LDNS_MSG="no"
+AC_ARG_WITH(ldns,
+ [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+ AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support])
+ LIBS="-lldns $LIBS"
+ LDNS_MSG="yes"
+
+ AC_MSG_CHECKING([for ldns support])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <ldns/ldns.h>
+int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); }
+ ]])
+ ],
+ [AC_MSG_RESULT(yes)],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([** Incomplete or missing ldns libraries.])
+ ])
+ fi
+ ]
+)
+
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+AC_ARG_WITH([libedit],
+ [ --with-libedit[[=PATH]] Enable libedit support for sftp],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+ if test "x$PKGCONFIG" != "xno"; then
+ AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
+ if "$PKGCONFIG" libedit; then
+ AC_MSG_RESULT([yes])
+ use_pkgconfig_for_libedit=yes
+ else
+ AC_MSG_RESULT([no])
+ fi
+ fi
+ else
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+ if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+ LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+ else
+ LIBEDIT="-ledit -lcurses"
+ fi
+ OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
+ AC_CHECK_LIB([edit], [el_init],
+ [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
+ LIBEDIT_MSG="yes"
+ AC_SUBST([LIBEDIT])
+ ],
+ [ AC_MSG_ERROR([libedit not found]) ],
+ [ $OTHERLIBS ]
+ )
+ AC_MSG_CHECKING([if libedit version is compatible])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
+ [[
+ int i = H_SETSIZE;
+ el_init("", NULL, NULL, NULL);
+ exit(0);
+ ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([libedit version is not compatible]) ]
+ )
+ fi ]
+)
+
+AUDIT_MODULE=none
+AC_ARG_WITH([audit],
+ [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
+ [
+ AC_MSG_CHECKING([for supported audit module])
+ case "$withval" in
+ bsm)
+ AC_MSG_RESULT([bsm])
+ AUDIT_MODULE=bsm
+ dnl Checks for headers, libs and functions
+ AC_CHECK_HEADERS([bsm/audit.h], [],
+ [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
+ [
+#ifdef HAVE_TIME_H
+# include <time.h>
+#endif
+ ]
+)
+ AC_CHECK_LIB([bsm], [getaudit], [],
+ [AC_MSG_ERROR([BSM enabled and required library not found])])
+ AC_CHECK_FUNCS([getaudit], [],
+ [AC_MSG_ERROR([BSM enabled and required function not found])])
+ # These are optional
+ AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
+ AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
+ if test "$sol2ver" -eq 11; then
+ SSHDLIBS="$SSHDLIBS -lscf"
+ AC_DEFINE([BROKEN_BSM_API], [1],
+ [The system has incomplete BSM API])
+ fi
+ ;;
+ linux)
+ AC_MSG_RESULT([linux])
+ AUDIT_MODULE=linux
+ dnl Checks for headers, libs and functions
+ AC_CHECK_HEADERS([libaudit.h])
+ SSHDLIBS="$SSHDLIBS -laudit"
+ AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
+ ;;
+ debug)
+ AUDIT_MODULE=debug
+ AC_MSG_RESULT([debug])
+ AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
+ ;;
+ no)
+ AC_MSG_RESULT([no])
+ ;;
+ *)
+ AC_MSG_ERROR([Unknown audit module $withval])
+ ;;
+ esac ]
+)
+
+dnl Checks for library functions. Please keep in alphabetical order
+AC_CHECK_FUNCS([ \
+ arc4random \
+ arc4random_buf \
+ arc4random_uniform \
+ asprintf \
+ b64_ntop \
+ __b64_ntop \
+ b64_pton \
+ __b64_pton \
+ bcopy \
+ bindresvport_sa \
+ clock \
+ closefrom \
+ dirfd \
+ endgrent \
+ fchmod \
+ fchown \
+ freeaddrinfo \
+ fstatvfs \
+ futimes \
+ getaddrinfo \
+ getcwd \
+ getgrouplist \
+ getnameinfo \
+ getopt \
+ getpeereid \
+ getpeerucred \
+ getpgid \
+ getpgrp \
+ _getpty \
+ getrlimit \
+ getttyent \
+ glob \
+ group_from_gid \
+ inet_aton \
+ inet_ntoa \
+ inet_ntop \
+ innetgr \
+ login_getcapbool \
+ mblen \
+ md5_crypt \
+ memmove \
+ mkdtemp \
+ mmap \
+ ngetaddrinfo \
+ nsleep \
+ ogetaddrinfo \
+ openlog_r \
+ poll \
+ prctl \
+ pstat \
+ readpassphrase \
+ realpath \
+ recvmsg \
+ rresvport_af \
+ sendmsg \
+ setdtablesize \
+ setegid \
+ setenv \
+ seteuid \
+ setgroupent \
+ setgroups \
+ setlinebuf \
+ setlogin \
+ setpassent\
+ setpcred \
+ setproctitle \
+ setregid \
+ setreuid \
+ setrlimit \
+ setsid \
+ setvbuf \
+ sigaction \
+ sigvec \
+ snprintf \
+ socketpair \
+ statfs \
+ statvfs \
+ strdup \
+ strerror \
+ strlcat \
+ strlcpy \
+ strmode \
+ strnlen \
+ strnvis \
+ strptime \
+ strtonum \
+ strtoll \
+ strtoul \
+ strtoull \
+ swap32 \
+ sysconf \
+ tcgetpgrp \
+ timingsafe_bcmp \
+ truncate \
+ unsetenv \
+ updwtmpx \
+ user_from_uid \
+ usleep \
+ vasprintf \
+ vhangup \
+ vsnprintf \
+ waitpid \
+])
+
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[ #include <ctype.h> ]],
+ [[ return (isblank('a')); ]])],
+ [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
+])
+
+# PKCS#11 support requires dlopen() and co
+AC_SEARCH_LIBS([dlopen], [dl],
+ [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
+)
+
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS([gai_strerror], [
+ AC_DEFINE([HAVE_GAI_STRERROR])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);
+ ]], [[
+ char *str;
+ str = gai_strerror(0);
+ ]])], [
+ AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
+ [Define if gai_strerror() returns const char *])], [])])
+
+AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
+ [Some systems put nanosleep outside of libc])])
+
+AC_SEARCH_LIBS([clock_gettime], [rt],
+ [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])])
+
+dnl Make sure prototypes are defined for these before using them.
+AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
+AC_CHECK_DECL([strsep],
+ [AC_CHECK_FUNCS([strsep])],
+ [],
+ [
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+ ])
+
+dnl tcsendbreak might be a macro
+AC_CHECK_DECL([tcsendbreak],
+ [AC_DEFINE([HAVE_TCSENDBREAK])],
+ [AC_CHECK_FUNCS([tcsendbreak])],
+ [#include <termios.h>]
+)
+
+AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
+
+AC_CHECK_DECLS([SHUT_RD], , ,
+ [
+#include <sys/types.h>
+#include <sys/socket.h>
+ ])
+
+AC_CHECK_DECLS([O_NONBLOCK], , ,
+ [
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+ ])
+
+AC_CHECK_DECLS([writev], , , [
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+ ])
+
+AC_CHECK_DECLS([MAXSYMLINKS], , , [
+#include <sys/param.h>
+ ])
+
+AC_CHECK_DECLS([offsetof], , , [
+#include <stddef.h>
+ ])
+
+# extra bits for select(2)
+AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+#include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+ ]])
+AC_CHECK_TYPES([fd_mask], [], [], [[
+#include <sys/param.h>
+#include <sys/types.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+ ]])
+
+AC_CHECK_FUNCS([setresuid], [
+ dnl Some platorms have setresuid that isn't implemented, test for this
+ AC_MSG_CHECKING([if setresuid seems to work])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdlib.h>
+#include <errno.h>
+ ]], [[
+ errno=0;
+ setresuid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [AC_DEFINE([BROKEN_SETRESUID], [1],
+ [Define if your setresuid() is broken])
+ AC_MSG_RESULT([not implemented])],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
+ )
+])
+
+AC_CHECK_FUNCS([setresgid], [
+ dnl Some platorms have setresgid that isn't implemented, test for this
+ AC_MSG_CHECKING([if setresgid seems to work])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdlib.h>
+#include <errno.h>
+ ]], [[
+ errno=0;
+ setresgid(0,0,0);
+ if (errno==ENOSYS)
+ exit(1);
+ else
+ exit(0);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [AC_DEFINE([BROKEN_SETRESGID], [1],
+ [Define if your setresgid() is broken])
+ AC_MSG_RESULT([not implemented])],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
+ )
+])
+
+dnl Checks for time functions
+AC_CHECK_FUNCS([gettimeofday time])
+dnl Checks for utmp functions
+AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
+AC_CHECK_FUNCS([utmpname])
+dnl Checks for utmpx functions
+AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
+AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
+dnl Checks for lastlog functions
+AC_CHECK_FUNCS([getlastlogxbyname])
+
+AC_CHECK_FUNC([daemon],
+ [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
+ [AC_CHECK_LIB([bsd], [daemon],
+ [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
+)
+
+AC_CHECK_FUNC([getpagesize],
+ [AC_DEFINE([HAVE_GETPAGESIZE], [1],
+ [Define if your libraries define getpagesize()])],
+ [AC_CHECK_LIB([ucb], [getpagesize],
+ [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
+)
+
+# Check for broken snprintf
+if test "x$ac_cv_func_snprintf" = "xyes" ; then
+ AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[
+ char b[5];
+ snprintf(b,5,"123456789");
+ exit(b[4]!='\0');
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_SNPRINTF], [1],
+ [Define if your snprintf is busted])
+ AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
+ )
+fi
+
+# If we don't have a working asprintf, then we strongly depend on vsnprintf
+# returning the right thing on overflow: the number of characters it tried to
+# create (as per SUSv3)
+if test "x$ac_cv_func_asprintf" != "xyes" && \
+ test "x$ac_cv_func_vsnprintf" = "xyes" ; then
+ AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+int x_snprintf(char *str,size_t count,const char *fmt,...)
+{
+ size_t ret; va_list ap;
+ va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
+ return ret;
+}
+ ]], [[
+ char x[1];
+ exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_SNPRINTF], [1],
+ [Define if your snprintf is busted])
+ AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
+ )
+fi
+
+# On systems where [v]snprintf is broken, but is declared in stdio,
+# check that the fmt argument is const char * or just char *.
+# This is only useful for when BROKEN_SNPRINTF
+AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
+ ]], [[
+ snprintf(0, 0, 0);
+ ]])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([SNPRINTF_CONST], [const],
+ [Define as const if snprintf() can declare const char *fmt])],
+ [AC_MSG_RESULT([no])
+ AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
+
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
+ AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
+ ], [AC_MSG_RESULT([no])
+ NO_PEERCHECK=1
+ ])
+fi
+
+dnl see whether mkstemp() requires XXXXXX
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+AC_MSG_CHECKING([for (overly) strict mkstemp])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdlib.h>
+ ]], [[
+ char template[]="conftest.mkstemp-test";
+ if (mkstemp(template) == -1)
+ exit(1);
+ unlink(template);
+ exit(0);
+ ]])],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
+ ],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_STRICT_MKSTEMP])
+ ]
+)
+fi
+
+dnl make sure that openpty does not reacquire controlling terminal
+if test ! -z "$check_for_openpty_ctty_bug"; then
+ AC_MSG_CHECKING([if openpty correctly handles controlling tty])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+ ]], [[
+ pid_t pid;
+ int fd, ptyfd, ttyfd, status;
+
+ pid = fork();
+ if (pid < 0) { /* failed */
+ exit(1);
+ } else if (pid > 0) { /* parent */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
+ else
+ exit(2);
+ } else { /* child */
+ close(0); close(1); close(2);
+ setsid();
+ openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
+ if (fd >= 0)
+ exit(3); /* Acquired ctty: broken */
+ else
+ exit(0); /* Did not acquire ctty: OK */
+ }
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([SSHD_ACQUIRES_CTTY])
+ ],
+ [
+ AC_MSG_RESULT([cross-compiling, assuming yes])
+ ]
+ )
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING([if getaddrinfo seems to work])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+ ]], [[
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ ],
+ [
+ AC_MSG_RESULT([cross-compiling, assuming yes])
+ ]
+ )
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING([if getaddrinfo seems to work])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+ ]], [[
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (ai->ai_family == AF_INET && err != 0) {
+ perror("getnameinfo");
+ exit(2);
+ }
+ }
+ exit(0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
+ [Define if you have a getaddrinfo that fails
+ for the all-zeros IPv6 address])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([BROKEN_GETADDRINFO])
+ ],
+ [
+ AC_MSG_RESULT([cross-compiling, assuming no])
+ ]
+ )
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
+ [[ exit(0); ]])],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
+ [Conflicting defs for getspnam])
+ ]
+ )
+fi
+
+AC_FUNC_GETPGRP
+
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
+AC_ARG_WITH([ssl-dir],
+ [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
+ [
+ if test "x$withval" != "xno" ; then
+ case "$withval" in
+ # Relative paths
+ ./*|../*) withval="`pwd`/$withval"
+ esac
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ elif test -d "$withval/lib64"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+ ]
+)
+LIBS="-lcrypto $LIBS"
+AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
+ [Define if your ssl headers are included
+ with #include <openssl/header.h>])],
+ [
+ dnl Check default openssl install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_CHECK_HEADER([openssl/opensslv.h], ,
+ [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
+ AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
+ [
+ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
+ ]
+ )
+ ]
+)
+
+# Determine OpenSSL header version
+AC_MSG_CHECKING([OpenSSL header version])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#define DATA "conftest.sslincver"
+ ]], [[
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
+ exit(1);
+
+ exit(0);
+ ]])],
+ [
+ ssl_header_ver=`cat conftest.sslincver`
+ AC_MSG_RESULT([$ssl_header_ver])
+ ],
+ [
+ AC_MSG_RESULT([not found])
+ AC_MSG_ERROR([OpenSSL version header not found.])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
+# Determine OpenSSL library version
+AC_MSG_CHECKING([OpenSSL library version])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#define DATA "conftest.ssllibver"
+ ]], [[
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+ exit(1);
+
+ exit(0);
+ ]])],
+ [
+ ssl_library_ver=`cat conftest.ssllibver`
+ AC_MSG_RESULT([$ssl_library_ver])
+ ],
+ [
+ AC_MSG_RESULT([not found])
+ AC_MSG_ERROR([OpenSSL library not found.])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
+AC_ARG_WITH([openssl-header-check],
+ [ --without-openssl-header-check Disable OpenSSL version consistency check],
+ [ if test "x$withval" = "xno" ; then
+ openssl_check_nonfatal=1
+ fi
+ ]
+)
+
+# Sanity check OpenSSL headers
+AC_MSG_CHECKING([whether OpenSSL's headers match the library])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/opensslv.h>
+ ]], [[
+ exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ if test "x$openssl_check_nonfatal" = "x"; then
+ AC_MSG_ERROR([Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running "./configure --without-openssl-header-check".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+])
+ else
+ AC_MSG_WARN([Your OpenSSL headers do not match your
+library. Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches.])
+ fi
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
+AC_MSG_CHECKING([if programs using OpenSSL functions will link])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
+ [[ SSLeay_add_all_algorithms(); ]])],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -ldl"
+ AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
+ [[ SSLeay_add_all_algorithms(); ]])],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ LIBS="$saved_LIBS"
+ ]
+ )
+ ]
+)
+
+AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init])
+
+AC_ARG_WITH([ssl-engine],
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [ if test "x$withval" != "xno" ; then
+ AC_MSG_CHECKING([for OpenSSL ENGINE support])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <openssl/engine.h>
+ ]], [[
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+ ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([USE_OPENSSL_ENGINE], [1],
+ [Enable OpenSSL engine support])
+ ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
+ ])
+ fi ]
+)
+
+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+ ]], [[
+ exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
+ ]])],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
+ [libcrypto is missing AES 192 and 256 bit functions])
+ ]
+)
+
+# Check for OpenSSL with EVP_aes_*ctr
+AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+ ]], [[
+ exit(EVP_aes_128_ctr() == NULL ||
+ EVP_aes_192_cbc() == NULL ||
+ EVP_aes_256_cbc() == NULL);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1],
+ [libcrypto has EVP AES CTR])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ]
+)
+
+# Check for OpenSSL with EVP_aes_*gcm
+AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+ ]], [[
+ exit(EVP_aes_128_gcm() == NULL ||
+ EVP_aes_256_gcm() == NULL ||
+ EVP_CTRL_GCM_SET_IV_FIXED == 0 ||
+ EVP_CTRL_GCM_IV_GEN == 0 ||
+ EVP_CTRL_GCM_SET_TAG == 0 ||
+ EVP_CTRL_GCM_GET_TAG == 0 ||
+ EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1],
+ [libcrypto has EVP AES GCM])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ unsupported_algorithms="$unsupported_cipers \
+ aes128-gcm@openssh.com aes256-gcm@openssh.com"
+ ]
+)
+
+AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
+ [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
+ [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
+
+AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/evp.h>
+ ]], [[
+ if(EVP_DigestUpdate(NULL, NULL,0))
+ exit(0);
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
+ [Define if EVP_DigestUpdate returns void])
+ ]
+)
+
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ AC_CHECK_LIB([crypt], [crypt])
+fi
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
+# version in OpenSSL.
+if test "x$check_for_libcrypt_later" = "x1"; then
+ AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
+fi
+AC_CHECK_FUNCS([crypt DES_crypt])
+
+# Search for SHA256 support in libc and/or OpenSSL
+AC_CHECK_FUNCS([SHA256_Update EVP_sha256],
+ [TEST_SSH_SHA256=yes],
+ [TEST_SSH_SHA256=no
+ unsupported_algorithms="$unsupported_algorithms \
+ hmac-sha2-256 hmac-sha2-512 \
+ diffie-hellman-group-exchange-sha256 \
+ hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
+ ]
+)
+AC_SUBST([TEST_SSH_SHA256])
+
+# Check complete ECC support in OpenSSL
+AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
+# error "OpenSSL < 0.9.8g has unreliable ECC code"
+#endif
+ ]], [[
+ EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
+ const EVP_MD *m = EVP_sha512(); /* We need this too */
+ ]])],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_HAS_ECC], [1],
+ [libcrypto includes complete ECC support])
+ TEST_SSH_ECC=yes
+ COMMENT_OUT_ECC=""
+ ],
+ [
+ AC_MSG_RESULT([no])
+ TEST_SSH_ECC=no
+ COMMENT_OUT_ECC="#no ecc#"
+ unsupported_algorithms="$unsupported_algorithms \
+ ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \
+ ecdsa-sha2-nistp256-cert-v01@openssh.com \
+ ecdsa-sha2-nistp384-cert-v01@openssh.com \
+ ecdsa-sha2-nistp521-cert-v01@openssh.com \
+ ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521"
+ ]
+)
+AC_SUBST([TEST_SSH_ECC])
+AC_SUBST([COMMENT_OUT_ECC])
+
+saved_LIBS="$LIBS"
+AC_CHECK_LIB([iaf], [ia_openinfo], [
+ LIBS="$LIBS -liaf"
+ AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
+ AC_DEFINE([HAVE_LIBIAF], [1],
+ [Define if system has libiaf that supports set_id])
+ ])
+])
+LIBS="$saved_LIBS"
+
+### Configure cryptographic random number support
+
+# Check wheter OpenSSL seeds itself
+AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <string.h>
+#include <openssl/rand.h>
+ ]], [[
+ exit(RAND_status() == 1 ? 0 : 1);
+ ]])],
+ [
+ OPENSSL_SEEDS_ITSELF=yes
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming yes])
+ # This is safe, since we will fatal() at runtime if
+ # OpenSSL is not seeded correctly.
+ OPENSSL_SEEDS_ITSELF=yes
+ ]
+)
+
+# PRNGD TCP socket
+AC_ARG_WITH([prngd-port],
+ [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
+ [
+ case "$withval" in
+ no)
+ withval=""
+ ;;
+ [[0-9]]*)
+ ;;
+ *)
+ AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
+ ;;
+ esac
+ if test ! -z "$withval" ; then
+ PRNGD_PORT="$withval"
+ AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
+ [Port number of PRNGD/EGD random number socket])
+ fi
+ ]
+)
+
+# PRNGD Unix domain socket
+AC_ARG_WITH([prngd-socket],
+ [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
+ [
+ case "$withval" in
+ yes)
+ withval="/var/run/egd-pool"
+ ;;
+ no)
+ withval=""
+ ;;
+ /*)
+ ;;
+ *)
+ AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
+ ;;
+ esac
+
+ if test ! -z "$withval" ; then
+ if test ! -z "$PRNGD_PORT" ; then
+ AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
+ fi
+ if test ! -r "$withval" ; then
+ AC_MSG_WARN([Entropy socket is not readable])
+ fi
+ PRNGD_SOCKET="$withval"
+ AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
+ [Location of PRNGD/EGD random number socket])
+ fi
+ ],
+ [
+ # Check for existing socket only if we don't have a random device already
+ if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
+ AC_MSG_CHECKING([for PRNGD/EGD socket])
+ # Insert other locations here
+ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
+ PRNGD_SOCKET="$sock"
+ AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
+ break;
+ fi
+ done
+ if test ! -z "$PRNGD_SOCKET" ; then
+ AC_MSG_RESULT([$PRNGD_SOCKET])
+ else
+ AC_MSG_RESULT([not found])
+ fi
+ fi
+ ]
+)
+
+# Which randomness source do we use?
+if test ! -z "$PRNGD_PORT" ; then
+ RAND_MSG="PRNGd port $PRNGD_PORT"
+elif test ! -z "$PRNGD_SOCKET" ; then
+ RAND_MSG="PRNGd socket $PRNGD_SOCKET"
+elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
+ AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
+ [Define if you want OpenSSL's internally seeded PRNG only])
+ RAND_MSG="OpenSSL internal ONLY"
+else
+ AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
+fi
+
+# Check for PAM libs
+PAM_MSG="no"
+AC_ARG_WITH([pam],
+ [ --with-pam Enable PAM support ],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ AC_MSG_ERROR([PAM headers not found])
+ fi
+
+ saved_LIBS="$LIBS"
+ AC_CHECK_LIB([dl], [dlopen], , )
+ AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
+ AC_CHECK_FUNCS([pam_getenvlist])
+ AC_CHECK_FUNCS([pam_putenv])
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ SSHDLIBS="$SSHDLIBS -lpam"
+ AC_DEFINE([USE_PAM], [1],
+ [Define if you want to enable PAM support])
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ SSHDLIBS="$SSHDLIBS -ldl"
+ ;;
+ esac
+ fi
+ fi
+ ]
+)
+
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+ ]], [[
+(void)pam_strerror((pam_handle_t *)NULL, -1);
+ ]])], [AC_MSG_RESULT([no])], [
+ AC_DEFINE([HAVE_OLD_PAM], [1],
+ [Define if you have an old version of PAM
+ which takes only one argument to pam_strerror])
+ AC_MSG_RESULT([yes])
+ PAM_MSG="yes (old library)"
+
+ ])
+fi
+
+SSH_PRIVSEP_USER=sshd
+AC_ARG_WITH([privsep-user],
+ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ SSH_PRIVSEP_USER=$withval
+ fi
+ ]
+)
+AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
+ [non-privileged user for privilege separation])
+AC_SUBST([SSH_PRIVSEP_USER])
+
+if test "x$have_linux_no_new_privs" = "x1" ; then
+AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
+ #include <sys/types.h>
+ #include <linux/seccomp.h>
+])
+fi
+if test "x$have_seccomp_filter" = "x1" ; then
+AC_MSG_CHECKING([kernel for seccomp_filter support])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+ #include <errno.h>
+ #include <elf.h>
+ #include <linux/audit.h>
+ #include <linux/seccomp.h>
+ #include <stdlib.h>
+ #include <sys/prctl.h>
+ ]],
+ [[ int i = $seccomp_audit_arch;
+ errno = 0;
+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+ exit(errno == EFAULT ? 0 : 1); ]])],
+ [ AC_MSG_RESULT([yes]) ], [
+ AC_MSG_RESULT([no])
+ # Disable seccomp filter as a target
+ have_seccomp_filter=0
+ ]
+)
+fi
+
+# Decide which sandbox style to use
+sandbox_arg=""
+AC_ARG_WITH([sandbox],
+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)],
+ [
+ if test "x$withval" = "xyes" ; then
+ sandbox_arg=""
+ else
+ sandbox_arg="$withval"
+ fi
+ ]
+)
+
+# Some platforms (seems to be the ones that have a kernel poll(2)-type
+# function with which they implement select(2)) use an extra file descriptor
+# when calling select(2), which means we can't use the rlimit sandbox.
+AC_MSG_CHECKING([if select works with descriptor rlimit])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+ ]],[[
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+ struct timeval tv;
+
+ fd = open("/dev/null", O_RDONLY);
+ FD_ZERO(&fds);
+ FD_SET(fd, &fds);
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ setrlimit(RLIMIT_FSIZE, &rl_zero);
+ setrlimit(RLIMIT_NOFILE, &rl_zero);
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ r = select(fd+1, &fds, NULL, NULL, &tv);
+ exit (r == -1 ? 1 : 0);
+ ]])],
+ [AC_MSG_RESULT([yes])
+ select_works_with_rlimit=yes],
+ [AC_MSG_RESULT([no])
+ select_works_with_rlimit=no],
+ [AC_MSG_WARN([cross compiling: assuming yes])]
+)
+
+AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#include <errno.h>
+#include <stdlib.h>
+ ]],[[
+ struct rlimit rl_zero;
+ int fd, r;
+ fd_set fds;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ r = setrlimit(RLIMIT_NOFILE, &rl_zero);
+ exit (r == -1 ? 1 : 0);
+ ]])],
+ [AC_MSG_RESULT([yes])
+ rlimit_nofile_zero_works=yes],
+ [AC_MSG_RESULT([no])
+ rlimit_nofile_zero_works=no],
+ [AC_MSG_WARN([cross compiling: assuming yes])]
+)
+
+AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
+AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <stdlib.h>
+ ]],[[
+ struct rlimit rl_zero;
+
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+ exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])
+ AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
+ [setrlimit RLIMIT_FSIZE works])],
+ [AC_MSG_WARN([cross compiling: assuming yes])]
+)
+
+if test "x$sandbox_arg" = "xsystrace" || \
+ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
+ test "x$have_systr_policy_kill" != "x1" && \
+ AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
+ SANDBOX_STYLE="systrace"
+ AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
+elif test "x$sandbox_arg" = "xdarwin" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
+ test "x$ac_cv_header_sandbox_h" = "xyes") ; then
+ test "x$ac_cv_func_sandbox_init" != "xyes" -o \
+ "x$ac_cv_header_sandbox_h" != "xyes" && \
+ AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
+ SANDBOX_STYLE="darwin"
+ AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
+elif test "x$sandbox_arg" = "xseccomp_filter" || \
+ ( test -z "$sandbox_arg" && \
+ test "x$have_seccomp_filter" = "x1" && \
+ test "x$ac_cv_header_elf_h" = "xyes" && \
+ test "x$ac_cv_header_linux_audit_h" = "xyes" && \
+ test "x$ac_cv_header_linux_filter_h" = "xyes" && \
+ test "x$seccomp_audit_arch" != "x" && \
+ test "x$have_linux_no_new_privs" = "x1" && \
+ test "x$ac_cv_func_prctl" = "xyes" ) ; then
+ test "x$seccomp_audit_arch" = "x" && \
+ AC_MSG_ERROR([seccomp_filter sandbox not supported on $host])
+ test "x$have_linux_no_new_privs" != "x1" && \
+ AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS])
+ test "x$have_seccomp_filter" != "x1" && \
+ AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
+ test "x$ac_cv_func_prctl" != "xyes" && \
+ AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
+ SANDBOX_STYLE="seccomp_filter"
+ AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
+elif test "x$sandbox_arg" = "xrlimit" || \
+ ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
+ test "x$select_works_with_rlimit" = "xyes" && \
+ test "x$rlimit_nofile_zero_works" = "xyes" ) ; then
+ test "x$ac_cv_func_setrlimit" != "xyes" && \
+ AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
+ test "x$select_works_with_rlimit" != "xyes" && \
+ AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
+ SANDBOX_STYLE="rlimit"
+ AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
+elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
+ test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
+ SANDBOX_STYLE="none"
+ AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
+else
+ AC_MSG_ERROR([unsupported --with-sandbox])
+fi
+
+# Cheap hack to ensure NEWS-OS libraries are arranged right.
+if test ! -z "$SONY" ; then
+ LIBS="$LIBS -liberty";
+fi
+
+# Check for long long datatypes
+AC_CHECK_TYPES([long long, unsigned long long, long double])
+
+# Check datatype sizes
+AC_CHECK_SIZEOF([short int], [2])
+AC_CHECK_SIZEOF([int], [4])
+AC_CHECK_SIZEOF([long int], [4])
+AC_CHECK_SIZEOF([long long int], [8])
+
+# Sanity check long long for some platforms (AIX)
+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
+ ac_cv_sizeof_long_long_int=0
+fi
+
+# compute LLONG_MIN and LLONG_MAX if we don't know them.
+if test -z "$have_llong_max"; then
+ AC_MSG_CHECKING([for max value of long long])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+/* Why is this so damn hard? */
+#ifdef __GNUC__
+# undef __GNUC__
+#endif
+#define __USE_ISOC99
+#include <limits.h>
+#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+ ]], [[
+ FILE *f;
+ long long i, llmin, llmax = 0;
+
+ if((f = fopen(DATA,"w")) == NULL)
+ exit(1);
+
+#if defined(LLONG_MIN) && defined(LLONG_MAX)
+ fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
+ llmin = LLONG_MIN;
+ llmax = LLONG_MAX;
+#else
+ fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
+ /* This will work on one's complement and two's complement */
+ for (i = 1; i > llmax; i <<= 1, i++)
+ llmax = i;
+ llmin = llmax + 1LL; /* wrap */
+#endif
+
+ /* Sanity check */
+ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
+ fprintf(f, "unknown unknown\n");
+ exit(2);
+ }
+
+ if (fprint_ll(f, llmin) < 0)
+ exit(3);
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
+ exit(0);
+ ]])],
+ [
+ llong_min=`$AWK '{print $1}' conftest.llminmax`
+ llong_max=`$AWK '{print $2}' conftest.llminmax`
+
+ AC_MSG_RESULT([$llong_max])
+ AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
+ [max value of long long calculated by configure])
+ AC_MSG_CHECKING([for min value of long long])
+ AC_MSG_RESULT([$llong_min])
+ AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
+ [min value of long long calculated by configure])
+ ],
+ [
+ AC_MSG_RESULT([not found])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+ )
+fi
+
+
+# More checks for data types
+AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_int a; a = 1;]])],
+ [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
+ ])
+])
+if test "x$ac_cv_have_u_int" = "xyes" ; then
+ AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
+ have_u_int=1
+fi
+
+AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
+ [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
+ ])
+])
+if test "x$ac_cv_have_intxx_t" = "xyes" ; then
+ AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
+ have_intxx_t=1
+fi
+
+if (test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_stdint_h" = "xyes")
+then
+ AC_MSG_CHECKING([for intXX_t types in stdint.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
+ [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
+ [
+ AC_DEFINE([HAVE_INTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
+fi
+
+AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <sys/socket.h>
+#ifdef HAVE_SYS_BITYPES_H
+# include <sys/bitypes.h>
+#endif
+ ]], [[
+int64_t a; a = 1;
+ ]])],
+ [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
+ ])
+])
+if test "x$ac_cv_have_int64_t" = "xyes" ; then
+ AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
+fi
+
+AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
+ [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
+ ])
+])
+if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
+ AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
+ have_u_intxx_t=1
+fi
+
+if test -z "$have_u_intxx_t" ; then
+ AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
+ [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
+ [
+ AC_DEFINE([HAVE_U_INTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
+fi
+
+AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_int64_t a; a = 1;]])],
+ [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
+ ])
+])
+if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
+ AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
+ have_u_int64_t=1
+fi
+
+if test -z "$have_u_int64_t" ; then
+ AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
+ [[ u_int64_t a; a = 1]])],
+ [
+ AC_DEFINE([HAVE_U_INT64_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
+fi
+
+if test -z "$have_u_intxx_t" ; then
+ AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+ ]], [[
+ uint8_t a;
+ uint16_t b;
+ uint32_t c;
+ a = b = c = 1;
+ ]])],
+ [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
+ ])
+ ])
+ if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
+ AC_DEFINE([HAVE_UINTXX_T], [1],
+ [define if you have uintxx_t data type])
+ fi
+fi
+
+if test -z "$have_uintxx_t" ; then
+ AC_MSG_CHECKING([for uintXX_t types in stdint.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
+ [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
+ [
+ AC_DEFINE([HAVE_UINTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [ AC_MSG_RESULT([no])
+ ])
+fi
+
+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+then
+ AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/bitypes.h>
+ ]], [[
+ int8_t a; int16_t b; int32_t c;
+ u_int8_t e; u_int16_t f; u_int32_t g;
+ a = b = c = e = f = g = 1;
+ ]])],
+ [
+ AC_DEFINE([HAVE_U_INTXX_T])
+ AC_DEFINE([HAVE_INTXX_T])
+ AC_MSG_RESULT([yes])
+ ], [AC_MSG_RESULT([no])
+ ])
+fi
+
+
+AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ u_char foo; foo = 125; ]])],
+ [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
+ ])
+])
+if test "x$ac_cv_have_u_char" = "xyes" ; then
+ AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
+fi
+
+TYPE_SOCKLEN_T
+
+AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
+
+AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
+[#include <sys/types.h>
+#include <netinet/in.h>])
+
+AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ size_t foo; foo = 1235; ]])],
+ [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
+ ])
+])
+if test "x$ac_cv_have_size_t" = "xyes" ; then
+ AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
+fi
+
+AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ ssize_t foo; foo = 1235; ]])],
+ [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
+ ])
+])
+if test "x$ac_cv_have_ssize_t" = "xyes" ; then
+ AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
+fi
+
+AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
+ [[ clock_t foo; foo = 1235; ]])],
+ [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
+ ])
+])
+if test "x$ac_cv_have_clock_t" = "xyes" ; then
+ AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
+fi
+
+AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+ ]], [[ sa_family_t foo; foo = 1235; ]])],
+ [ ac_cv_have_sa_family_t="yes" ],
+ [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+ ]], [[ sa_family_t foo; foo = 1235; ]])],
+ [ ac_cv_have_sa_family_t="yes" ],
+ [ ac_cv_have_sa_family_t="no" ]
+ )
+ ])
+])
+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
+ AC_DEFINE([HAVE_SA_FAMILY_T], [1],
+ [define if you have sa_family_t data type])
+fi
+
+AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ pid_t foo; foo = 1235; ]])],
+ [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
+ ])
+])
+if test "x$ac_cv_have_pid_t" = "xyes" ; then
+ AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
+fi
+
+AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
+ [[ mode_t foo; foo = 1235; ]])],
+ [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
+ ])
+])
+if test "x$ac_cv_have_mode_t" = "xyes" ; then
+ AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
+fi
+
+
+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+ ]], [[ struct sockaddr_storage s; ]])],
+ [ ac_cv_have_struct_sockaddr_storage="yes" ],
+ [ ac_cv_have_struct_sockaddr_storage="no"
+ ])
+])
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+ AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
+ [define if you have struct sockaddr_storage data type])
+fi
+
+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+ ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
+ [ ac_cv_have_struct_sockaddr_in6="yes" ],
+ [ ac_cv_have_struct_sockaddr_in6="no"
+ ])
+])
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+ AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
+ [define if you have struct sockaddr_in6 data type])
+fi
+
+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+ ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
+ [ ac_cv_have_struct_in6_addr="yes" ],
+ [ ac_cv_have_struct_in6_addr="no"
+ ])
+])
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+ AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
+ [define if you have struct in6_addr data type])
+
+dnl Now check for sin6_scope_id
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
+ [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+ ])
+fi
+
+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+ ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
+ [ ac_cv_have_struct_addrinfo="yes" ],
+ [ ac_cv_have_struct_addrinfo="no"
+ ])
+])
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+ AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
+ [define if you have struct addrinfo data type])
+fi
+
+AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
+ [[ struct timeval tv; tv.tv_sec = 1;]])],
+ [ ac_cv_have_struct_timeval="yes" ],
+ [ ac_cv_have_struct_timeval="no"
+ ])
+])
+if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
+ AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
+ have_struct_timeval=1
+fi
+
+AC_CHECK_TYPES([struct timespec])
+
+# We need int64_t or else certian parts of the compile will fail.
+if test "x$ac_cv_have_int64_t" = "xno" && \
+ test "x$ac_cv_sizeof_long_int" != "x8" && \
+ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
+else
+dnl test snprintf (broken on SCO w/gcc)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_SNPRINTF
+main()
+{
+ char buf[50];
+ char expected_out[50];
+ int mazsize = 50 ;
+#if (SIZEOF_LONG_INT == 8)
+ long int num = 0x7fffffffffffffff;
+#else
+ long long num = 0x7fffffffffffffffll;
+#endif
+ strcpy(expected_out, "9223372036854775807");
+ snprintf(buf, mazsize, "%lld", num);
+ if(strcmp(buf, expected_out) != 0)
+ exit(1);
+ exit(0);
+}
+#else
+main() { exit(0); }
+#endif
+ ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
+ AC_MSG_WARN([cross compiling: Assuming working snprintf()])
+ )
+fi
+
+dnl Checks for structure members
+OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
+
+AC_CHECK_MEMBERS([struct stat.st_blksize])
+AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class,
+struct passwd.pw_change, struct passwd.pw_expire],
+[], [], [[
+#include <sys/types.h>
+#include <pwd.h>
+]])
+
+AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
+ [Define if we don't have struct __res_state in resolv.h])],
+[[
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+]])
+
+AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
+ ac_cv_have_ss_family_in_struct_ss, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+ ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
+ [ ac_cv_have_ss_family_in_struct_ss="yes" ],
+ [ ac_cv_have_ss_family_in_struct_ss="no" ])
+])
+if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
+ AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
+fi
+
+AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
+ ac_cv_have___ss_family_in_struct_ss, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+ ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
+ [ ac_cv_have___ss_family_in_struct_ss="yes" ],
+ [ ac_cv_have___ss_family_in_struct_ss="no"
+ ])
+])
+if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
+ AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
+ [Fields in struct sockaddr_storage])
+fi
+
+dnl make sure we're using the real structure members and not defines
+AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
+ ac_cv_have_accrights_in_msghdr, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+ ]], [[
+#ifdef msg_accrights
+#error "msg_accrights is a macro"
+exit(1);
+#endif
+struct msghdr m;
+m.msg_accrights = 0;
+exit(0);
+ ]])],
+ [ ac_cv_have_accrights_in_msghdr="yes" ],
+ [ ac_cv_have_accrights_in_msghdr="no" ]
+ )
+])
+if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
+ AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
+ [Define if your system uses access rights style
+ file descriptor passing])
+fi
+
+AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/param.h>
+#include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+ ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+
+ AC_MSG_CHECKING([if fsid_t has member val])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/statvfs.h>
+ ]], [[ fsid_t t; t.val[0] = 0; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
+ [ AC_MSG_RESULT([no]) ])
+
+ AC_MSG_CHECKING([if f_fsid has member __val])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/statvfs.h>
+ ]], [[ fsid_t t; t.__val[0] = 0; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
+ [ AC_MSG_RESULT([no]) ])
+])
+
+AC_CACHE_CHECK([for msg_control field in struct msghdr],
+ ac_cv_have_control_in_msghdr, [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+ ]], [[
+#ifdef msg_control
+#error "msg_control is a macro"
+exit(1);
+#endif
+struct msghdr m;
+m.msg_control = 0;
+exit(0);
+ ]])],
+ [ ac_cv_have_control_in_msghdr="yes" ],
+ [ ac_cv_have_control_in_msghdr="no" ]
+ )
+])
+if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
+ AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
+ [Define if your system uses ancillary data style
+ file descriptor passing])
+fi
+
+AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+ [[ extern char *__progname; printf("%s", __progname); ]])],
+ [ ac_cv_libc_defines___progname="yes" ],
+ [ ac_cv_libc_defines___progname="no"
+ ])
+])
+if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
+ AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
+fi
+
+AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[ printf("%s", __FUNCTION__); ]])],
+ [ ac_cv_cc_implements___FUNCTION__="yes" ],
+ [ ac_cv_cc_implements___FUNCTION__="no"
+ ])
+])
+if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
+ AC_DEFINE([HAVE___FUNCTION__], [1],
+ [Define if compiler implements __FUNCTION__])
+fi
+
+AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+ [[ printf("%s", __func__); ]])],
+ [ ac_cv_cc_implements___func__="yes" ],
+ [ ac_cv_cc_implements___func__="no"
+ ])
+])
+if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
+ AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
+fi
+
+AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+ ]], [[ va_copy(x,y); ]])],
+ [ ac_cv_have_va_copy="yes" ],
+ [ ac_cv_have_va_copy="no"
+ ])
+])
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+ AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
+fi
+
+AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+ ]], [[ __va_copy(x,y); ]])],
+ [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
+ ])
+])
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+ AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
+fi
+
+AC_CACHE_CHECK([whether getopt has optreset support],
+ ac_cv_have_getopt_optreset, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
+ [[ extern int optreset; optreset = 0; ]])],
+ [ ac_cv_have_getopt_optreset="yes" ],
+ [ ac_cv_have_getopt_optreset="no"
+ ])
+])
+if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
+ AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
+ [Define if your getopt(3) defines and uses optreset])
+fi
+
+AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
+ [ ac_cv_libc_defines_sys_errlist="yes" ],
+ [ ac_cv_libc_defines_sys_errlist="no"
+ ])
+])
+if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
+ AC_DEFINE([HAVE_SYS_ERRLIST], [1],
+ [Define if your system defines sys_errlist[]])
+fi
+
+
+AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+[[ extern int sys_nerr; printf("%i", sys_nerr);]])],
+ [ ac_cv_libc_defines_sys_nerr="yes" ],
+ [ ac_cv_libc_defines_sys_nerr="no"
+ ])
+])
+if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
+ AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
+fi
+
+# Check libraries needed by DNS fingerprint support
+AC_SEARCH_LIBS([getrrsetbyname], [resolv],
+ [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
+ [Define if getrrsetbyname() exists])],
+ [
+ # Needed by our getrrsetbyname()
+ AC_SEARCH_LIBS([res_query], [resolv])
+ AC_SEARCH_LIBS([dn_expand], [resolv])
+ AC_MSG_CHECKING([if res_query will link])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+ ]], [[
+ res_query (0, 0, 0, 0, 0);
+ ]])],
+ AC_MSG_RESULT([yes]),
+ [AC_MSG_RESULT([no])
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -lresolv"
+ AC_MSG_CHECKING([for res_query in -lresolv])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+ ]], [[
+ res_query (0, 0, 0, 0, 0);
+ ]])],
+ [AC_MSG_RESULT([yes])],
+ [LIBS="$saved_LIBS"
+ AC_MSG_RESULT([no])])
+ ])
+ AC_CHECK_FUNCS([_getshort _getlong])
+ AC_CHECK_DECLS([_getshort, _getlong], , ,
+ [#include <sys/types.h>
+ #include <arpa/nameser.h>])
+ AC_CHECK_MEMBER([HEADER.ad],
+ [AC_DEFINE([HAVE_HEADER_AD], [1],
+ [Define if HEADER.ad exists in arpa/nameser.h])], ,
+ [#include <arpa/nameser.h>])
+ ])
+
+AC_MSG_CHECKING([if struct __res_state _res is an extern])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+extern struct __res_state _res;
+ ]], [[ ]])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE__RES_EXTERN], [1],
+ [Define if you have struct __res_state _res as an extern])
+ ],
+ [ AC_MSG_RESULT([no]) ]
+)
+
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH([selinux],
+ [ --with-selinux Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ save_LIBS="$LIBS"
+ AC_DEFINE([WITH_SELINUX], [1],
+ [Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADER([selinux/selinux.h], ,
+ AC_MSG_ERROR([SELinux support requires selinux.h header]))
+ AC_CHECK_LIB([selinux], [setexeccon],
+ [ LIBSELINUX="-lselinux"
+ LIBS="$LIBS -lselinux"
+ ],
+ AC_MSG_ERROR([SELinux support requires libselinux library]))
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
+ LIBS="$save_LIBS"
+ fi ]
+)
+AC_SUBST([SSHLIBS])
+AC_SUBST([SSHDLIBS])
+
+# Check whether user wants Kerberos 5 support
+KRB5_MSG="no"
+AC_ARG_WITH([kerberos5],
+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
+
+ AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
+ KRB5_MSG="yes"
+
+ AC_PATH_PROG([KRB5CONF], [krb5-config],
+ [$KRB5ROOT/bin/krb5-config],
+ [$KRB5ROOT/bin:$PATH])
+ if test -x $KRB5CONF ; then
+ K5CFLAGS="`$KRB5CONF --cflags`"
+ K5LIBS="`$KRB5CONF --libs`"
+ CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+
+ AC_MSG_CHECKING([for gssapi support])
+ if $KRB5CONF | grep gssapi >/dev/null ; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([GSSAPI], [1],
+ [Define this if you want GSSAPI
+ support in the version 2 protocol])
+ GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
+ GSSLIBS="`$KRB5CONF --libs gssapi`"
+ CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
+ else
+ AC_MSG_RESULT([no])
+ fi
+ AC_MSG_CHECKING([whether we are using Heimdal])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
+ ]], [[ char *tmp = heimdal_version; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([HEIMDAL], [1],
+ [Define this if you are using the Heimdal
+ version of Kerberos V5]) ],
+ [AC_MSG_RESULT([no])
+ ])
+ else
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ AC_MSG_CHECKING([whether we are using Heimdal])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
+ ]], [[ char *tmp = heimdal_version; ]])],
+ [ AC_MSG_RESULT([yes])
+ AC_DEFINE([HEIMDAL])
+ K5LIBS="-lkrb5"
+ K5LIBS="$K5LIBS -lcom_err -lasn1"
+ AC_CHECK_LIB([roken], [net_write],
+ [K5LIBS="$K5LIBS -lroken"])
+ AC_CHECK_LIB([des], [des_cbc_encrypt],
+ [K5LIBS="$K5LIBS -ldes"])
+ ], [ AC_MSG_RESULT([no])
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+
+ ])
+ AC_SEARCH_LIBS([dn_expand], [resolv])
+
+ AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
+ [ AC_DEFINE([GSSAPI])
+ GSSLIBS="-lgssapi_krb5" ],
+ [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
+ [ AC_DEFINE([GSSAPI])
+ GSSLIBS="-lgssapi" ],
+ [ AC_CHECK_LIB([gss], [gss_init_sec_context],
+ [ AC_DEFINE([GSSAPI])
+ GSSLIBS="-lgss" ],
+ AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
+ ])
+ ])
+
+ AC_CHECK_HEADER([gssapi.h], ,
+ [ unset ac_cv_header_gssapi_h
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADERS([gssapi.h], ,
+ AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
+ )
+ ]
+ )
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADER([gssapi_krb5.h], ,
+ [ CPPFLAGS="$oldCPP" ])
+
+ fi
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+
+ AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
+ AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
+ AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
+
+ AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
+ [Define this if you want to use libkafs' AFS support])])
+
+ AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[
+#ifdef HAVE_GSSAPI_H
+# include <gssapi.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_H)
+# include <gssapi/gssapi.h>
+#endif
+
+#ifdef HAVE_GSSAPI_GENERIC_H
+# include <gssapi_generic.h>
+#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H)
+# include <gssapi/gssapi_generic.h>
+#endif
+ ]])
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS $K5LIBS"
+ AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message])
+ LIBS="$saved_LIBS"
+
+ fi
+ ]
+)
+AC_SUBST([GSSLIBS])
+AC_SUBST([K5LIBS])
+
+# Looking for programs, paths and files
+
+PRIVSEP_PATH=/var/empty
+AC_ARG_WITH([privsep-path],
+ [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ PRIVSEP_PATH=$withval
+ fi
+ ]
+)
+AC_SUBST([PRIVSEP_PATH])
+
+AC_ARG_WITH([xauth],
+ [ --with-xauth=PATH Specify path to xauth program ],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ xauth_path=$withval
+ fi
+ ],
+ [
+ TestPath="$PATH"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
+ AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
+ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
+ xauth_path="/usr/openwin/bin/xauth"
+ fi
+ ]
+)
+
+STRIP_OPT=-s
+AC_ARG_ENABLE([strip],
+ [ --disable-strip Disable calling strip(1) on install],
+ [
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+ ]
+)
+AC_SUBST([STRIP_OPT])
+
+if test -z "$xauth_path" ; then
+ XAUTH_PATH="undefined"
+ AC_SUBST([XAUTH_PATH])
+else
+ AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
+ [Define if xauth is found in your path])
+ XAUTH_PATH=$xauth_path
+ AC_SUBST([XAUTH_PATH])
+fi
+
+dnl # --with-maildir=/path/to/mail gets top priority.
+dnl # if maildir is set in the platform case statement above we use that.
+dnl # Otherwise we run a program to get the dir from system headers.
+dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
+dnl # If we find _PATH_MAILDIR we do nothing because that is what
+dnl # session.c expects anyway. Otherwise we set to the value found
+dnl # stripping any trailing slash. If for some strage reason our program
+dnl # does not find what it needs, we default to /var/spool/mail.
+# Check for mail directory
+AC_ARG_WITH([maildir],
+ [ --with-maildir=/path/to/mail Specify your system mail directory],
+ [
+ if test "X$withval" != X && test "x$withval" != xno && \
+ test "x${withval}" != xyes; then
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
+ [Set this to your mail directory if you do not have _PATH_MAILDIR])
+ fi
+ ],[
+ if test "X$maildir" != "X"; then
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
+ else
+ AC_MSG_CHECKING([Discovering system mail directory])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif
+#define DATA "conftest.maildir"
+ ]], [[
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+#if defined (_PATH_MAILDIR)
+ if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
+ exit(1);
+#elif defined (MAILDIR)
+ if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
+ exit(1);
+#elif defined (_PATH_MAIL)
+ if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
+ exit(1);
+#else
+ exit (2);
+#endif
+
+ exit(0);
+ ]])],
+ [
+ maildir_what=`awk -F: '{print $1}' conftest.maildir`
+ maildir=`awk -F: '{print $2}' conftest.maildir \
+ | sed 's|/$||'`
+ AC_MSG_RESULT([Using: $maildir from $maildir_what])
+ if test "x$maildir_what" != "x_PATH_MAILDIR"; then
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
+ fi
+ ],
+ [
+ if test "X$ac_status" = "X2";then
+# our test program didn't find it. Default to /var/spool/mail
+ AC_MSG_RESULT([Using: default value of /var/spool/mail])
+ AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
+ else
+ AC_MSG_RESULT([*** not found ***])
+ fi
+ ],
+ [
+ AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
+ ]
+ )
+ fi
+ ]
+) # maildir
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+ disable_ptmx_check=yes
+fi
+if test -z "$no_dev_ptmx" ; then
+ if test "x$disable_ptmx_check" != "xyes" ; then
+ AC_CHECK_FILE(["/dev/ptmx"],
+ [
+ AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
+ [Define if you have /dev/ptmx])
+ have_dev_ptmx=1
+ ]
+ )
+ fi
+fi
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+ AC_CHECK_FILE(["/dev/ptc"],
+ [
+ AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
+ [Define if you have /dev/ptc])
+ have_dev_ptc=1
+ ]
+ )
+else
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
+fi
+
+# Options from here on. Some of these are preset by platform above
+AC_ARG_WITH([mantype],
+ [ --with-mantype=man|cat|doc Set man page type],
+ [
+ case "$withval" in
+ man|cat|doc)
+ MANTYPE=$withval
+ ;;
+ *)
+ AC_MSG_ERROR([invalid man type: $withval])
+ ;;
+ esac
+ ]
+)
+if test -z "$MANTYPE"; then
+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
+ AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
+ if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
+ MANTYPE=doc
+ elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
+ MANTYPE=man
+ else
+ MANTYPE=cat
+ fi
+fi
+AC_SUBST([MANTYPE])
+if test "$MANTYPE" = "doc"; then
+ mansubdir=man;
+else
+ mansubdir=$MANTYPE;
+fi
+AC_SUBST([mansubdir])
+
+# Check whether to enable MD5 passwords
+MD5_MSG="no"
+AC_ARG_WITH([md5-passwords],
+ [ --with-md5-passwords Enable use of MD5 passwords],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
+ [Define if you want to allow MD5 passwords])
+ MD5_MSG="yes"
+ fi
+ ]
+)
+
+# Whether to disable shadow password support
+AC_ARG_WITH([shadow],
+ [ --without-shadow Disable shadow password support],
+ [
+ if test "x$withval" = "xno" ; then
+ AC_DEFINE([DISABLE_SHADOW])
+ disable_shadow=yes
+ fi
+ ]
+)
+
+if test -z "$disable_shadow" ; then
+ AC_MSG_CHECKING([if the systems has expire shadow information])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <shadow.h>
+struct spwd sp;
+ ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
+ [ sp_expire_available=yes ], [
+ ])
+
+ if test "x$sp_expire_available" = "xyes" ; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
+ [Define if you want to use shadow password expire field])
+ else
+ AC_MSG_RESULT([no])
+ fi
+fi
+
+# Use ip address instead of hostname in $DISPLAY
+if test ! -z "$IPADDR_IN_DISPLAY" ; then
+ DISPLAY_HACK_MSG="yes"
+ AC_DEFINE([IPADDR_IN_DISPLAY], [1],
+ [Define if you need to use IP address
+ instead of hostname in $DISPLAY])
+else
+ DISPLAY_HACK_MSG="no"
+ AC_ARG_WITH([ipaddr-display],
+ [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE([IPADDR_IN_DISPLAY])
+ DISPLAY_HACK_MSG="yes"
+ fi
+ ]
+ )
+fi
+
+# check for /etc/default/login and use it if present.
+AC_ARG_ENABLE([etc-default-login],
+ [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
+ [ if test "x$enableval" = "xno"; then
+ AC_MSG_NOTICE([/etc/default/login handling disabled])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ],
+ [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ AC_MSG_WARN([cross compiling: not checking /etc/default/login])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ]
+)
+
+if test "x$etc_default_login" != "xno"; then
+ AC_CHECK_FILE(["/etc/default/login"],
+ [ external_path_file=/etc/default/login ])
+ if test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
+ [Define if your system has /etc/default/login])
+ fi
+fi
+
+dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
+if test $ac_cv_func_login_getcapbool = "yes" && \
+ test $ac_cv_header_login_cap_h = "yes" ; then
+ external_path_file=/etc/login.conf
+fi
+
+# Whether to mess with the default path
+SERVER_PATH_MSG="(default)"
+AC_ARG_WITH([default-path],
+ [ --with-default-path= Specify default \$PATH environment for server],
+ [
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead.])
+ elif test "x$withval" != "xno" ; then
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file .])
+ fi
+ user_path="$withval"
+ SERVER_PATH_MSG="$withval"
+ fi
+ ],
+ [ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
+ else
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work.])
+ fi
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM([[
+/* find out what STDPATH is */
+#include <stdio.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifndef _PATH_STDPATH
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#define DATA "conftest.stdpath"
+ ]], [[
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
+ exit(1);
+
+ exit(0);
+ ]])],
+ [ user_path=`cat conftest.stdpath` ],
+ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
+ [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
+ )
+# make sure $bindir is in USER_PATH so scp will work
+ t_bindir="${bindir}"
+ while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
+ t_bindir=`eval echo ${t_bindir}`
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
+ esac
+ case $t_bindir in
+ NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+ done
+ echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
+ if test $? -ne 0 ; then
+ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
+ if test $? -ne 0 ; then
+ user_path=$user_path:$t_bindir
+ AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
+ fi
+ fi
+ fi ]
+)
+if test "x$external_path_file" != "x/etc/login.conf" ; then
+ AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
+ AC_SUBST([user_path])
+fi
+
+# Set superuser path separately to user path
+AC_ARG_WITH([superuser-path],
+ [ --with-superuser-path= Specify different path for super-user],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
+ [Define if you want a different $PATH
+ for the superuser])
+ superuser_path=$withval
+ fi
+ ]
+)
+
+
+AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
+IPV4_IN6_HACK_MSG="no"
+AC_ARG_WITH(4in6,
+ [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([IPV4_IN_IPV6], [1],
+ [Detect IPv4 in IPv6 mapped addresses
+ and treat as IPv4])
+ IPV4_IN6_HACK_MSG="yes"
+ else
+ AC_MSG_RESULT([no])
+ fi
+ ], [
+ if test "x$inet6_default_4in6" = "xyes"; then
+ AC_MSG_RESULT([yes (default)])
+ AC_DEFINE([IPV4_IN_IPV6])
+ IPV4_IN6_HACK_MSG="yes"
+ else
+ AC_MSG_RESULT([no (default)])
+ fi
+ ]
+)
+
+# Whether to enable BSD auth support
+BSD_AUTH_MSG=no
+AC_ARG_WITH([bsd-auth],
+ [ --with-bsd-auth Enable BSD auth support],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE([BSD_AUTH], [1],
+ [Define if you have BSD auth support])
+ BSD_AUTH_MSG=yes
+ fi
+ ]
+)
+
+# Where to place sshd.pid
+piddir=/var/run
+# make sure the directory exists
+if test ! -d $piddir ; then
+ piddir=`eval echo ${sysconfdir}`
+ case $piddir in
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+fi
+
+AC_ARG_WITH([pid-dir],
+ [ --with-pid-dir=PATH Specify location of ssh.pid file],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ piddir=$withval
+ if test ! -d $piddir ; then
+ AC_MSG_WARN([** no $piddir directory on this system **])
+ fi
+ fi
+ ]
+)
+
+AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
+ [Specify location of ssh.pid])
+AC_SUBST([piddir])
+
+dnl allow user to disable some login recording features
+AC_ARG_ENABLE([lastlog],
+ [ --disable-lastlog disable use of lastlog even if detected [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_LASTLOG])
+ fi
+ ]
+)
+AC_ARG_ENABLE([utmp],
+ [ --disable-utmp disable use of utmp even if detected [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_UTMP])
+ fi
+ ]
+)
+AC_ARG_ENABLE([utmpx],
+ [ --disable-utmpx disable use of utmpx even if detected [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_UTMPX], [1],
+ [Define if you don't want to use utmpx])
+ fi
+ ]
+)
+AC_ARG_ENABLE([wtmp],
+ [ --disable-wtmp disable use of wtmp even if detected [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_WTMP])
+ fi
+ ]
+)
+AC_ARG_ENABLE([wtmpx],
+ [ --disable-wtmpx disable use of wtmpx even if detected [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_WTMPX], [1],
+ [Define if you don't want to use wtmpx])
+ fi
+ ]
+)
+AC_ARG_ENABLE([libutil],
+ [ --disable-libutil disable use of libutil (login() etc.) [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_LOGIN])
+ fi
+ ]
+)
+AC_ARG_ENABLE([pututline],
+ [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_PUTUTLINE], [1],
+ [Define if you don't want to use pututline()
+ etc. to write [uw]tmp])
+ fi
+ ]
+)
+AC_ARG_ENABLE([pututxline],
+ [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE([DISABLE_PUTUTXLINE], [1],
+ [Define if you don't want to use pututxline()
+ etc. to write [uw]tmpx])
+ fi
+ ]
+)
+AC_ARG_WITH([lastlog],
+ [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
+ [
+ if test "x$withval" = "xno" ; then
+ AC_DEFINE([DISABLE_LASTLOG])
+ elif test -n "$withval" && test "x${withval}" != "xyes"; then
+ conf_lastlog_location=$withval
+ fi
+ ]
+)
+
+dnl lastlog, [uw]tmpx? detection
+dnl NOTE: set the paths in the platform section to avoid the
+dnl need for command-line parameters
+dnl lastlog and [uw]tmp are subject to a file search if all else fails
+
+dnl lastlog detection
+dnl NOTE: the code itself will detect if lastlog is a directory
+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+ ]], [[ char *lastlog = LASTLOG_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [
+ AC_MSG_RESULT([no])
+ AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+ ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [
+ AC_MSG_RESULT([no])
+ system_lastlog_path=no
+ ])
+])
+
+if test -z "$conf_lastlog_location"; then
+ if test x"$system_lastlog_path" = x"no" ; then
+ for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+ if (test -d "$f" || test -f "$f") ; then
+ conf_lastlog_location=$f
+ fi
+ done
+ if test -z "$conf_lastlog_location"; then
+ AC_MSG_WARN([** Cannot find lastlog **])
+ dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
+ fi
+ fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+ AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
+ [Define if you want to specify the path to your lastlog file])
+fi
+
+dnl utmp detection
+AC_MSG_CHECKING([if your system defines UTMP_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+ ]], [[ char *utmp = UTMP_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ system_utmp_path=no
+])
+if test -z "$conf_utmp_location"; then
+ if test x"$system_utmp_path" = x"no" ; then
+ for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+ if test -f $f ; then
+ conf_utmp_location=$f
+ fi
+ done
+ if test -z "$conf_utmp_location"; then
+ AC_DEFINE([DISABLE_UTMP])
+ fi
+ fi
+fi
+if test -n "$conf_utmp_location"; then
+ AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
+ [Define if you want to specify the path to your utmp file])
+fi
+
+dnl wtmp detection
+AC_MSG_CHECKING([if your system defines WTMP_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+ ]], [[ char *wtmp = WTMP_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ system_wtmp_path=no
+])
+if test -z "$conf_wtmp_location"; then
+ if test x"$system_wtmp_path" = x"no" ; then
+ for f in /usr/adm/wtmp /var/log/wtmp; do
+ if test -f $f ; then
+ conf_wtmp_location=$f
+ fi
+ done
+ if test -z "$conf_wtmp_location"; then
+ AC_DEFINE([DISABLE_WTMP])
+ fi
+ fi
+fi
+if test -n "$conf_wtmp_location"; then
+ AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
+ [Define if you want to specify the path to your wtmp file])
+fi
+
+dnl wtmpx detection
+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+ ]], [[ char *wtmpx = WTMPX_FILE; ]])],
+ [ AC_MSG_RESULT([yes]) ],
+ [ AC_MSG_RESULT([no])
+ system_wtmpx_path=no
+])
+if test -z "$conf_wtmpx_location"; then
+ if test x"$system_wtmpx_path" = x"no" ; then
+ AC_DEFINE([DISABLE_WTMPX])
+ fi
+else
+ AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
+ [Define if you want to specify the path to your wtmpx file])
+fi
+
+
+if test ! -z "$blibpath" ; then
+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
+ AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
+fi
+
+AC_CHECK_MEMBER([struct lastlog.ll_line], [], [
+ if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then
+ AC_DEFINE([DISABLE_LASTLOG])
+ fi
+ ], [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+ ])
+
+AC_CHECK_MEMBER([struct utmp.ut_line], [], [
+ AC_DEFINE([DISABLE_UTMP])
+ AC_DEFINE([DISABLE_WTMP])
+ ], [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#include <lastlog.h>
+#endif
+ ])
+
+dnl Adding -Werror to CFLAGS early prevents configure tests from running.
+dnl Add now.
+CFLAGS="$CFLAGS $werror_flags"
+
+if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ TEST_SSH_IPV6=no
+else
+ TEST_SSH_IPV6=yes
+fi
+AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
+AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
+AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms])
+
+AC_EXEEXT
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
+ openbsd-compat/Makefile openbsd-compat/regress/Makefile \
+ survey.sh])
+AC_OUTPUT
+
+# Print summary of options
+
+# Someone please show me a better way :)
+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
+E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
+
+echo ""
+echo "OpenSSH has been configured with the following options:"
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Privilege separation chroot path: $H"
+if test "x$external_path_file" = "x/etc/login.conf" ; then
+echo " At runtime, sshd will use the path defined in $external_path_file"
+echo " Make sure the path to scp is present, otherwise scp will not work"
+else
+echo " sshd default user PATH: $I"
+ if test ! -z "$external_path_file"; then
+echo " (If PATH is set in $external_path_file it will be used instead. If"
+echo " used, ensure the path to scp is present, otherwise scp will not work.)"
+ fi
+fi
+if test ! -z "$superuser_path" ; then
+echo " sshd superuser user PATH: $J"
+fi
+echo " Manpage format: $MANTYPE"
+echo " PAM support: $PAM_MSG"
+echo " OSF SIA support: $SIA_MSG"
+echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
+echo " Smartcard support: $SCARD_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " libedit support: $LIBEDIT_MSG"
+echo " Solaris process contract support: $SPC_MSG"
+echo " Solaris project support: $SP_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo " BSD Auth support: $BSD_AUTH_MSG"
+echo " Random number source: $RAND_MSG"
+echo " Privsep sandbox style: $SANDBOX_STYLE"
+
+echo ""
+
+echo " Host: ${host}"
+echo " Compiler: ${CC}"
+echo " Compiler flags: ${CFLAGS}"
+echo "Preprocessor flags: ${CPPFLAGS}"
+echo " Linker flags: ${LDFLAGS}"
+echo " Libraries: ${LIBS}"
+if test ! -z "${SSHDLIBS}"; then
+echo " +for sshd: ${SSHDLIBS}"
+fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
+
+echo ""
+
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+ echo "SVR4 style packages are supported with \"make package\""
+ echo ""
+fi
+
+if test "x$PAM_MSG" = "xyes" ; then
+ echo "PAM is enabled. You may need to install a PAM control file "
+ echo "for sshd, otherwise password authentication may fail. "
+ echo "Example PAM control files can be found in the contrib/ "
+ echo "subdirectory"
+ echo ""
+fi
+
+if test ! -z "$NO_PEERCHECK" ; then
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
+ echo ""
+fi
+
+if test "$AUDIT_MODULE" = "bsm" ; then
+ echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+ echo "See the Solaris section in README.platform for details."
+fi
diff --git a/crypto/openssh/contrib/Makefile b/crypto/openssh/contrib/Makefile
new file mode 100644
index 0000000..c6c48e7
--- /dev/null
+++ b/crypto/openssh/contrib/Makefile
@@ -0,0 +1,17 @@
+PKG_CONFIG = pkg-config
+
+all:
+ @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+
+gnome-ssh-askpass1: gnome-ssh-askpass1.c
+ $(CC) `gnome-config --cflags gnome gnomeui` \
+ gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
+ `gnome-config --libs gnome gnomeui`
+
+gnome-ssh-askpass2: gnome-ssh-askpass2.c
+ $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \
+ gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
+ `$(PKG_CONFIG) --libs gtk+-2.0 x11`
+
+clean:
+ rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
diff --git a/crypto/openssh/contrib/README b/crypto/openssh/contrib/README
new file mode 100644
index 0000000..c002238
--- /dev/null
+++ b/crypto/openssh/contrib/README
@@ -0,0 +1,70 @@
+Other patches and addons for OpenSSH. Please send submissions to
+djm@mindrot.org
+
+Externally maintained
+---------------------
+
+SSH Proxy Command -- connect.c
+
+Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
+which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
+https CONNECT style proxy server. His page for connect.c has extensive
+documentation on its use as well as compiled versions for Win32.
+
+http://www.taiyo.co.jp/~gotoh/ssh/connect.html
+
+
+X11 SSH Askpass:
+
+Jim Knoble <jmknoble@pobox.com> has written an excellent X11
+passphrase requester. This is highly recommended:
+
+http://www.jmknoble.net/software/x11-ssh-askpass/
+
+
+In this directory
+-----------------
+
+ssh-copy-id:
+
+Phil Hands' <phil@hands.com> shell script to automate the process of adding
+your public key to a remote machine's ~/.ssh/authorized_keys file.
+
+gnome-ssh-askpass[12]:
+
+A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
+"make gnome-ssh-askpass2" to build.
+
+sshd.pam.generic:
+
+A generic PAM config file which may be useful on your system. YMMV
+
+sshd.pam.freebsd:
+
+A PAM config file which works with FreeBSD's PAM port. Contributed by
+Dominik Brettnacher <domi@saargate.de>
+
+findssl.sh:
+
+Search for all instances of OpenSSL headers and libraries and print their
+versions. This is intended to help diagnose OpenSSH's "OpenSSL headers do not
+match your library" errors.
+
+aix:
+ Files to build an AIX native (installp or SMIT installable) package.
+
+caldera:
+ RPM spec file and scripts for building Caldera OpenLinuix packages
+
+cygwin:
+ Support files for Cygwin
+
+hpux:
+ Support files for HP-UX
+
+redhat:
+ RPM spec file and scripts for building Redhat packages
+
+suse:
+ RPM spec file and scripts for building SuSE packages
+
diff --git a/crypto/openssh/contrib/aix/README b/crypto/openssh/contrib/aix/README
new file mode 100644
index 0000000..2a29935
--- /dev/null
+++ b/crypto/openssh/contrib/aix/README
@@ -0,0 +1,50 @@
+Overview:
+
+This directory contains files to build an AIX native (installp or SMIT
+installable) openssh package.
+
+
+Directions:
+
+(optional) create config.local in your build dir
+./configure [options]
+contrib/aix/buildbff.sh
+
+The file config.local or the environment is read to set the following options
+(default first):
+PERMIT_ROOT_LOGIN=[no|yes]
+X11_FORWARDING=[no|yes]
+AIX_SRC=[no|yes]
+
+Acknowledgements:
+
+The contents of this directory are based on Ben Lindstrom's Solaris
+buildpkg.sh. Ben also supplied inventory.sh.
+
+Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's
+and for comparison with the output from this script, however no code
+from lppbuild is included and it is not required for operation.
+
+SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
+PrivSep account handling fixes contributed by W. Earl Allen.
+
+
+Other notes:
+
+The script treats all packages as USR packages (not ROOT+USR when
+appropriate). It seems to work, though......
+
+If there are any patches to this that have not yet been integrated they
+may be found at http://www.zip.com.au/~dtucker/openssh/.
+
+
+Disclaimer:
+
+It is hoped that it is useful but there is no warranty. If it breaks
+you get to keep both pieces.
+
+
+ - Darren Tucker (dtucker at zip dot com dot au)
+ 2002/03/01
+
+$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $
diff --git a/crypto/openssh/contrib/aix/buildbff.sh b/crypto/openssh/contrib/aix/buildbff.sh
new file mode 100755
index 0000000..81d8cc3
--- /dev/null
+++ b/crypto/openssh/contrib/aix/buildbff.sh
@@ -0,0 +1,381 @@
+#!/bin/sh
+#
+# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
+# $Id: buildbff.sh,v 1.13 2011/05/05 03:48:41 djm Exp $
+#
+# Author: Darren Tucker (dtucker at zip dot com dot au)
+# This file is placed in the public domain and comes with absolutely
+# no warranty.
+#
+# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
+#
+
+#
+# Tunable configuration settings
+# create a "config.local" in your build directory or set
+# environment variables to override these.
+#
+[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
+[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
+[ -z "$AIX_SRC" ] && AIX_SRC=no
+
+umask 022
+
+startdir=`pwd`
+
+perl -v >/dev/null || (echo perl required; exit 1)
+
+# Path to inventory.sh: same place as buildbff.sh
+if echo $0 | egrep '^/'
+then
+ inventory=`dirname $0`/inventory.sh # absolute path
+else
+ inventory=`pwd`/`dirname $0`/inventory.sh # relative path
+fi
+
+#
+# We still support running from contrib/aix, but this is deprecated
+#
+if pwd | egrep 'contrib/aix$'
+then
+ echo "Changing directory to `pwd`/../.."
+ echo "Please run buildbff.sh from your build directory in future."
+ cd ../..
+ contribaix=1
+fi
+
+if [ ! -f Makefile ]
+then
+ echo "Makefile not found (did you run configure?)"
+ exit 1
+fi
+
+#
+# Directories used during build:
+# current dir = $objdir directory you ran ./configure in.
+# $objdir/$PKGDIR/ directory package files are constructed in
+# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
+#
+objdir=`pwd`
+PKGNAME=openssh
+PKGDIR=package
+
+#
+# Collect local configuration settings to override defaults
+#
+if [ -s ./config.local ]
+then
+ echo Reading local settings from config.local
+ . ./config.local
+fi
+
+#
+# Fill in some details from Makefile, like prefix and sysconfdir
+# the eval also expands variables like sysconfdir=${prefix}/etc
+# provided they are eval'ed in the correct order
+#
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
+do
+ eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
+done
+
+#
+# Collect values of privsep user and privsep path
+# currently only found in config.h
+#
+for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
+do
+ eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
+done
+
+# Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+ SSH_PRIVSEP_USER=sshd
+fi
+if [ -z "$PRIVSEP_PATH" ]
+then
+ PRIVSEP_PATH=/var/empty
+fi
+
+# Clean package build directory
+rm -rf $objdir/$PKGDIR
+FAKE_ROOT=$objdir/$PKGDIR/root
+mkdir -p $FAKE_ROOT
+
+# Start by faking root install
+echo "Faking root install..."
+cd $objdir
+make install-nokeys DESTDIR=$FAKE_ROOT
+
+if [ $? -gt 0 ]
+then
+ echo "Fake root install failed, stopping."
+ exit 1
+fi
+
+#
+# Copy informational files to include in package
+#
+cp $srcdir/LICENCE $objdir/$PKGDIR/
+cp $srcdir/README* $objdir/$PKGDIR/
+
+#
+# Extract common info requires for the 'info' part of the package.
+# AIX requires 4-part version numbers
+#
+VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _`
+MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
+MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
+PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
+PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
+[ "$PATCH" = "" ] && PATCH=0
+[ "$PORTABLE" = "" ] && PORTABLE=0
+BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
+
+echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
+
+#
+# Set ssh and sshd parameters as per config.local
+#
+if [ "${PERMIT_ROOT_LOGIN}" = no ]
+then
+ perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+if [ "${X11_FORWARDING}" = yes ]
+then
+ perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+ $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+
+
+# Rename config files; postinstall script will copy them if necessary
+for cfgfile in ssh_config sshd_config
+do
+ mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
+done
+
+#
+# Generate lpp control files.
+# working dir is $FAKE_ROOT but files are generated in dir above
+# and moved into place just before creation of .bff
+#
+cd $FAKE_ROOT
+echo Generating LPP control files
+find . ! -name . -print >../openssh.al
+$inventory >../openssh.inventory
+
+cat <<EOD >../openssh.copyright
+This software is distributed under a BSD-style license.
+For the full text of the license, see /usr/lpp/openssh/LICENCE
+EOD
+
+#
+# openssh.size file allows filesystem expansion as required
+# generate list of directories containing files
+# then calculate disk usage for each directory and store in openssh.size
+#
+files=`find . -type f -print`
+dirs=`for file in $files; do dirname $file; done | sort -u`
+for dir in $dirs
+do
+ du $dir
+done > ../openssh.size
+
+#
+# Create postinstall script
+#
+cat <<EOF >>../openssh.post_i
+#!/bin/sh
+
+echo Creating configs from defaults if necessary.
+for cfgfile in ssh_config sshd_config
+do
+ if [ ! -f $sysconfdir/\$cfgfile ]
+ then
+ echo "Creating \$cfgfile from default"
+ cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
+ else
+ echo "\$cfgfile already exists."
+ fi
+done
+echo
+
+# Create PrivilegeSeparation user and group if not present
+echo Checking for PrivilegeSeparation user and group.
+if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+then
+ echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+else
+ echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+ mkgroup -A $SSH_PRIVSEP_USER
+fi
+
+# Create user if required
+if lsuser "$SSH_PRIVSEP_USER" >/dev/null
+then
+ echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+else
+ echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+ mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+fi
+
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+ echo UsePrivilegeSeparation not enabled, privsep directory not required.
+else
+ # create chroot directory if required
+ if [ -d $PRIVSEP_PATH ]
+ then
+ echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
+ else
+ echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
+ mkdir $PRIVSEP_PATH
+ chown 0 $PRIVSEP_PATH
+ chgrp 0 $PRIVSEP_PATH
+ chmod 755 $PRIVSEP_PATH
+ fi
+fi
+echo
+
+# Generate keys unless they already exist
+echo Creating host keys if required.
+if [ -f "$sysconfdir/ssh_host_key" ] ; then
+ echo "$sysconfdir/ssh_host_key already exists, skipping."
+else
+ $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
+fi
+if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
+ echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
+else
+ $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
+fi
+if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
+ echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
+else
+ $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
+fi
+echo
+
+# Set startup command depending on SRC support
+if [ "$AIX_SRC" = "yes" ]
+then
+ echo Creating SRC sshd subsystem.
+ rmssys -s sshd 2>&1 >/dev/null
+ mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
+ startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
+ oldstartcmd="$sbindir/sshd"
+else
+ startupcmd="$sbindir/sshd"
+ oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
+fi
+
+# If migrating to or from SRC, change previous startup command
+# otherwise add to rc.tcpip
+if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
+then
+ if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
+ then
+ chmod 0755 /etc/rc.tcpip.new
+ mv /etc/rc.tcpip /etc/rc.tcpip.old && \
+ mv /etc/rc.tcpip.new /etc/rc.tcpip
+ else
+ echo "Updating /etc/rc.tcpip failed, please check."
+ fi
+else
+ # Add to system startup if required
+ if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
+ then
+ echo "sshd found in rc.tcpip, not adding."
+ else
+ echo "Adding sshd to rc.tcpip"
+ echo >>/etc/rc.tcpip
+ echo "# Start sshd" >>/etc/rc.tcpip
+ echo "\$startupcmd" >>/etc/rc.tcpip
+ fi
+fi
+EOF
+
+#
+# Create liblpp.a and move control files into it
+#
+echo Creating liblpp.a
+(
+ cd ..
+ for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
+ do
+ ar -r liblpp.a $i
+ rm $i
+ done
+)
+
+#
+# Create lpp_name
+#
+# This will end up looking something like:
+# 4 R I OpenSSH {
+# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
+# [
+# %
+# /usr/local/bin 8073
+# /usr/local/etc 189
+# /usr/local/libexec 185
+# /usr/local/man/man1 145
+# /usr/local/man/man8 83
+# /usr/local/sbin 2105
+# /usr/local/share 3
+# %
+# ]
+# }
+
+echo Creating lpp_name
+cat <<EOF >../lpp_name
+4 R I $PKGNAME {
+$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
+[
+%
+EOF
+
+for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
+do
+ # get size in 512 byte blocks
+ if [ -d $FAKE_ROOT/$i ]
+ then
+ size=`du $FAKE_ROOT/$i | awk '{print $1}'`
+ echo "$i $size" >>../lpp_name
+ fi
+done
+
+echo '%' >>../lpp_name
+echo ']' >>../lpp_name
+echo '}' >>../lpp_name
+
+#
+# Move pieces into place
+#
+mkdir -p usr/lpp/openssh
+mv ../liblpp.a usr/lpp/openssh
+mv ../lpp_name .
+
+#
+# Now invoke backup to create .bff file
+# note: lpp_name needs to be the first file so we generate the
+# file list on the fly and feed it to backup using -i
+#
+echo Creating $PKGNAME-$VERSION.bff with backup...
+rm -f $PKGNAME-$VERSION.bff
+(
+ echo "./lpp_name"
+ find . ! -name lpp_name -a ! -name . -print
+) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
+
+#
+# Move package into final location and clean up
+#
+mv ../$PKGNAME-$VERSION.bff $startdir
+cd $startdir
+rm -rf $objdir/$PKGDIR
+
+echo $0: done.
+
diff --git a/crypto/openssh/contrib/aix/inventory.sh b/crypto/openssh/contrib/aix/inventory.sh
new file mode 100755
index 0000000..e2641e7
--- /dev/null
+++ b/crypto/openssh/contrib/aix/inventory.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# inventory.sh
+# $Id: inventory.sh,v 1.6 2003/11/21 12:48:56 djm Exp $
+#
+# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
+# This file is placed into the public domain.
+#
+# This will produce an AIX package inventory file, which looks like:
+#
+# /usr/local/bin:
+# class=apply,inventory,openssh
+# owner=root
+# group=system
+# mode=755
+# type=DIRECTORY
+# /usr/local/bin/slogin:
+# class=apply,inventory,openssh
+# owner=root
+# group=system
+# mode=777
+# type=SYMLINK
+# target=ssh
+# /usr/local/share/Ssh.bin:
+# class=apply,inventory,openssh
+# owner=root
+# group=system
+# mode=644
+# type=FILE
+# size=VOLATILE
+# checksum=VOLATILE
+
+find . ! -name . -print | perl -ne '{
+ chomp;
+ if ( -l $_ ) {
+ ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat;
+ } else {
+ ($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat;
+ }
+
+ # Start to display inventory information
+ $name = $_;
+ $name =~ s|^.||; # Strip leading dot from path
+ print "$name:\n";
+ print "\tclass=apply,inventory,openssh\n";
+ print "\towner=root\n";
+ print "\tgroup=system\n";
+ printf "\tmode=%lo\n", $mod & 07777; # Mask perm bits
+
+ if ( -l $_ ) {
+ # Entry is SymLink
+ print "\ttype=SYMLINK\n";
+ printf "\ttarget=%s\n", readlink($_);
+ } elsif ( -f $_ ) {
+ # Entry is File
+ print "\ttype=FILE\n";
+ print "\tsize=$sz\n";
+ print "\tchecksum=VOLATILE\n";
+ } elsif ( -d $_ ) {
+ # Entry is Directory
+ print "\ttype=DIRECTORY\n";
+ }
+}'
diff --git a/crypto/openssh/contrib/aix/pam.conf b/crypto/openssh/contrib/aix/pam.conf
new file mode 100644
index 0000000..f1528b0
--- /dev/null
+++ b/crypto/openssh/contrib/aix/pam.conf
@@ -0,0 +1,20 @@
+#
+# PAM configuration file /etc/pam.conf
+# Example for OpenSSH on AIX 5.2
+#
+
+# Authentication Management
+sshd auth required /usr/lib/security/pam_aix
+OTHER auth required /usr/lib/security/pam_aix
+
+# Account Management
+sshd account required /usr/lib/security/pam_aix
+OTHER account required /usr/lib/security/pam_aix
+
+# Password Management
+sshd password required /usr/lib/security/pam_aix
+OTHER password required /usr/lib/security/pam_aix
+
+# Session Management
+sshd session required /usr/lib/security/pam_aix
+OTHER session required /usr/lib/security/pam_aix
diff --git a/crypto/openssh/contrib/caldera/openssh.spec b/crypto/openssh/contrib/caldera/openssh.spec
new file mode 100644
index 0000000..b460bff
--- /dev/null
+++ b/crypto/openssh/contrib/caldera/openssh.spec
@@ -0,0 +1,366 @@
+
+# Some of this will need re-evaluation post-LSB. The SVIdir is there
+# because the link appeared broken. The rest is for easy compilation,
+# the tradeoff open to discussion. (LC957)
+
+%define SVIdir /etc/rc.d/init.d
+%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages}
+%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons}
+
+%define _mandir %{_prefix}/share/man/en
+%define _sysconfdir /etc/ssh
+%define _libexecdir %{_libdir}/ssh
+
+# Do we want to disable root_login? (1=yes 0=no)
+%define no_root_login 0
+
+#old cvs stuff. please update before use. may be deprecated.
+%define use_stable 1
+%define version 6.3p1
+%if %{use_stable}
+ %define cvs %{nil}
+ %define release 1
+%else
+ %define cvs cvs20050315
+ %define release 0r1
+%endif
+%define xsa x11-ssh-askpass
+%define askpass %{xsa}-1.2.4.1
+
+# OpenSSH privilege separation requires a user & group ID
+%define sshd_uid 67
+%define sshd_gid 67
+
+Name : openssh
+Version : %{version}%{cvs}
+Release : %{release}
+Group : System/Network
+
+Summary : OpenSSH free Secure Shell (SSH) implementation.
+Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH).
+Summary(es) : OpenSSH implementación libre de Secure Shell (SSH).
+Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH).
+Summary(it) : Implementazione gratuita OpenSSH della Secure Shell.
+Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH).
+Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH).
+
+Copyright : BSD
+Packager : Raymund Will <ray@caldera.de>
+URL : http://www.openssh.com/
+
+Obsoletes : ssh, ssh-clients, openssh-clients
+
+BuildRoot : /tmp/%{name}-%{version}
+BuildRequires : XFree86-imake
+
+# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
+# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
+Source0: see-above:/.../openssh-%{version}.tar.gz
+%if %{use_stable}
+Source1: see-above:/.../openssh-%{version}.tar.gz.asc
+%endif
+Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz
+Source3: http://www.openssh.com/faq.html
+
+%Package server
+Group : System/Network
+Requires : openssh = %{version}
+Obsoletes : ssh-server
+
+Summary : OpenSSH Secure Shell protocol server (sshd).
+Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd).
+Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd).
+Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd).
+Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd).
+Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
+Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd).
+
+
+%Package askpass
+Group : System/Network
+Requires : openssh = %{version}
+URL : http://www.jmknoble.net/software/x11-ssh-askpass/
+Obsoletes : ssh-extras
+
+Summary : OpenSSH X11 pass-phrase dialog.
+Summary(de) : OpenSSH X11 Passwort-Dialog.
+Summary(es) : Aplicación de petición de frase clave OpenSSH X11.
+Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH.
+Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH.
+Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH.
+Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH.
+
+
+%Description
+OpenSSH (Secure Shell) provides access to a remote system. It replaces
+telnet, rlogin, rexec, and rsh, and provides secure encrypted
+communications between two untrusted hosts over an insecure network.
+X11 connections and arbitrary TCP/IP ports can also be forwarded over
+the secure channel.
+
+%Description -l de
+OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
+telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte
+Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres
+Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso
+über den sicheren Channel weitergeleitet werden.
+
+%Description -l es
+OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
+telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
+entre dos equipos entre los que no se ha establecido confianza a través de una
+red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden
+ser canalizadas sobre el canal seguro.
+
+%Description -l fr
+OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace
+telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées
+securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des
+connexions X11 et des ports TCP/IP arbitraires peuvent également être
+transmis sur le canal sécurisé.
+
+%Description -l it
+OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
+Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
+e crittate tra due host non fidati su una rete non sicura. Le connessioni
+X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
+un canale sicuro.
+
+%Description -l pt
+OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas
+entre duas máquinas sem confiança mútua sobre uma rede insegura.
+Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados
+pelo canal seguro.
+
+%Description -l pt_BR
+O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
+telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas
+entre duas máquinas sem confiança mútua sobre uma rede insegura.
+Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas
+pelo canal seguro.
+
+%Description server
+This package installs the sshd, the server portion of OpenSSH.
+
+%Description -l de server
+Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
+
+%Description -l es server
+Este paquete instala sshd, la parte servidor de OpenSSH.
+
+%Description -l fr server
+Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
+
+%Description -l it server
+Questo pacchetto installa sshd, il server di OpenSSH.
+
+%Description -l pt server
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%Description -l pt_BR server
+Este pacote intala o sshd, o servidor do OpenSSH.
+
+%Description askpass
+This package contains an X11-based pass-phrase dialog used per
+default by ssh-add(1). It is based on %{askpass}
+by Jim Knoble <jmknoble@pobox.com>.
+
+
+%Prep
+%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
+%if ! %{use_stable}
+ autoreconf
+%endif
+
+
+%Build
+CFLAGS="$RPM_OPT_FLAGS" \
+%configure \
+ --with-pam \
+ --with-tcp-wrappers \
+ --with-privsep-path=%{_var}/empty/sshd \
+ #leave this line for easy edits.
+
+%__make
+
+cd %{askpass}
+%configure \
+ #leave this line for easy edits.
+
+xmkmf
+%__make includes
+%__make
+
+
+%Install
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
+
+make install DESTDIR=%{buildroot}
+%makeinstall -C %{askpass} \
+ BINDIR=%{_libexecdir} \
+ MANPATH=%{_mandir} \
+ DESTDIR=%{buildroot}
+
+# OpenLinux specific configuration
+mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
+mkdir -p %{buildroot}%{_var}/empty/sshd
+
+# enabling X11 forwarding on the server is convenient and okay,
+# on the client side it's a potential security risk!
+%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
+ %{buildroot}%{_sysconfdir}/sshd_config
+
+%if %{no_root_login}
+%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
+ %{buildroot}%{_sysconfdir}/sshd_config
+%endif
+
+install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
+# FIXME: disabled, find out why this doesn't work with nis
+%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
+ %{buildroot}/etc/pam.d/sshd
+
+install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
+
+# the last one is needless, but more future-proof
+find %{buildroot}%{SVIdir} -type f -exec \
+ %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
+ s:\@sysconfdir\@:%{_sysconfdir}:g; \
+ s:/usr/sbin:%{_sbindir}:g'\
+ \{\} \;
+
+cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
+ IDENT=sshd
+ DESCRIPTIVE="OpenSSH secure shell daemon"
+ # This service will be marked as 'skipped' on boot if there
+ # is no host key. Use ssh-host-keygen to generate one
+ ONBOOT="yes"
+ OPTIONS=""
+EoD
+
+SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
+install -m 0755 contrib/caldera/ssh-host-keygen $SKG
+# Fix up some path names in the keygen toy^Hol
+ %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
+ s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
+ %{buildroot}%{_sbindir}/ssh-host-keygen
+
+# This looks terrible. Expect it to change.
+# install remaining docs
+DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
+mkdir -p $DocD/%{askpass}
+cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
+install -p -m 0444 %{SOURCE3} $DocD/faq.html
+cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
+%if %{use_stable}
+ cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
+%else
+ cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
+ ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
+%endif
+
+find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
+rm %{buildroot}%{_mandir}/man1/slogin.1 && \
+ ln -s %{_mandir}/man1/ssh.1.gz \
+ %{buildroot}%{_mandir}/man1/slogin.1.gz
+
+
+%Clean
+#%{rmDESTDIR}
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
+
+%Post
+# Generate host key when none is present to get up and running,
+# both client and server require this for host-based auth!
+# ssh-host-keygen checks for existing keys.
+/usr/sbin/ssh-host-keygen
+: # to protect the rpm database
+
+%pre server
+%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
+ -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
+: # to protect the rpm database
+
+%Post server
+if [ -x %{LSBinit}-install ]; then
+ %{LSBinit}-install sshd
+else
+ lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
+fi
+
+! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
+: # to protect the rpm database
+
+
+%PreUn server
+[ "$1" = 0 ] || exit 0
+! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
+if [ -x %{LSBinit}-remove ]; then
+ %{LSBinit}-remove sshd
+else
+ lisa --SysV-init remove sshd $1
+fi
+: # to protect the rpm database
+
+%Files
+%defattr(-,root,root)
+%dir %{_sysconfdir}
+%config %{_sysconfdir}/ssh_config
+%{_bindir}/scp
+%{_bindir}/sftp
+%{_bindir}/ssh
+%{_bindir}/slogin
+%{_bindir}/ssh-add
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
+%{_bindir}/ssh-keygen
+%{_bindir}/ssh-keyscan
+%dir %{_libexecdir}
+%attr(4711,root,root) %{_libexecdir}/ssh-keysign
+%{_libexecdir}/ssh-pkcs11-helper
+%{_sbindir}/ssh-host-keygen
+%dir %{_defaultdocdir}/%{name}-%{version}
+%{_defaultdocdir}/%{name}-%{version}/CREDITS
+%{_defaultdocdir}/%{name}-%{version}/ChangeLog
+%{_defaultdocdir}/%{name}-%{version}/LICENCE
+%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
+%{_defaultdocdir}/%{name}-%{version}/README*
+%{_defaultdocdir}/%{name}-%{version}/TODO
+%{_defaultdocdir}/%{name}-%{version}/faq.html
+%{_mandir}/man1/*
+%{_mandir}/man8/ssh-keysign.8.gz
+%{_mandir}/man8/ssh-pkcs11-helper.8.gz
+%{_mandir}/man5/ssh_config.5.gz
+
+%Files server
+%defattr(-,root,root)
+%dir %{_var}/empty/sshd
+%config %{SVIdir}/sshd
+%config /etc/pam.d/sshd
+%config %{_sysconfdir}/moduli
+%config %{_sysconfdir}/sshd_config
+%config %{SVIcdir}/sshd
+%{_libexecdir}/sftp-server
+%{_sbindir}/sshd
+%{_mandir}/man5/moduli.5.gz
+%{_mandir}/man5/sshd_config.5.gz
+%{_mandir}/man8/sftp-server.8.gz
+%{_mandir}/man8/sshd.8.gz
+
+%Files askpass
+%defattr(-,root,root)
+%{_libexecdir}/ssh-askpass
+%{_libexecdir}/x11-ssh-askpass
+%{_defaultdocdir}/%{name}-%{version}/%{askpass}
+
+
+%ChangeLog
+* Tue Jan 18 2011 Tim Rice <tim@multitalents.net>
+- Use CFLAGS from Makefile instead of RPM so build completes.
+- Signatures were changed to .asc since 4.1p1.
+
+* Mon Jan 01 1998 ...
+Template Version: 1.31
+
+$Id: openssh.spec,v 1.80 2013/07/25 02:34:00 djm Exp $
diff --git a/crypto/openssh/contrib/caldera/ssh-host-keygen b/crypto/openssh/contrib/caldera/ssh-host-keygen
new file mode 100755
index 0000000..86382dd
--- /dev/null
+++ b/crypto/openssh/contrib/caldera/ssh-host-keygen
@@ -0,0 +1,36 @@
+#! /bin/sh
+#
+# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
+#
+# This script is normally run only *once* for a given host
+# (in a given period of time) -- on updates/upgrades/recovery
+# the ssh_host_key* files _should_ be retained! Otherwise false
+# "man-in-the-middle-attack" alerts will frighten unsuspecting
+# clients...
+
+keydir=@sysconfdir@
+keygen=@sshkeygen@
+
+if [ -f $keydir/ssh_host_key -o \
+ -f $keydir/ssh_host_key.pub ]; then
+ echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
+else
+ echo "Generating SSH1 RSA host key."
+ $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
+fi
+
+if [ -f $keydir/ssh_host_rsa_key -o \
+ -f $keydir/ssh_host_rsa_key.pub ]; then
+ echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
+else
+ echo "Generating SSH2 RSA host key."
+ $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
+fi
+
+if [ -f $keydir/ssh_host_dsa_key -o \
+ -f $keydir/ssh_host_dsa_key.pub ]; then
+ echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
+else
+ echo "Generating SSH2 DSA host key."
+ $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
+fi
diff --git a/crypto/openssh/contrib/caldera/sshd.init b/crypto/openssh/contrib/caldera/sshd.init
new file mode 100755
index 0000000..983146f
--- /dev/null
+++ b/crypto/openssh/contrib/caldera/sshd.init
@@ -0,0 +1,125 @@
+#! /bin/bash
+#
+# $Id: sshd.init,v 1.4 2003/11/21 12:48:57 djm Exp $
+#
+### BEGIN INIT INFO
+# Provides:
+# Required-Start: $network
+# Required-Stop:
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 2 6
+# Description: sshd
+# Bring up/down the OpenSSH secure shell daemon.
+### END INIT INFO
+#
+# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
+# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Modified for OpenLinux by Raymund Will <ray@caldera.de>
+
+NAME=sshd
+DAEMON=/usr/sbin/$NAME
+# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem
+# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
+# PR [linux/8278] for details...
+PIDF=/var/run/$NAME.pid
+NAME=$DAEMON
+
+_status() {
+ [ -z "$1" ] || local pidf="$1"
+ local ret=-1
+ local pid
+ if [ -n "$pidf" ] && [ -r "$pidf" ]; then
+ pid=$(head -1 $pidf)
+ else
+ pid=$(pidof $NAME)
+ fi
+
+ if [ ! -e $SVIlock ]; then
+ # no lock-file => not started == stopped?
+ ret=3
+ elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
+ # pid-file given but not present or no pid => died, but was not stopped
+ ret=2
+ elif [ -r /proc/$pid/cmdline ] &&
+ echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
+ # pid-file given and present or pid found => check process...
+ # but don't compare exe, as this will fail after an update!
+ # compares OK => all's well, that ends well...
+ ret=0
+ else
+ # no such process or exe does not match => stale pid-file or process died
+ # just recently...
+ ret=1
+ fi
+ return $ret
+}
+
+# Source function library (and set vital variables).
+. @SVIdir@/functions
+
+case "$1" in
+ start)
+ [ ! -e $SVIlock ] || exit 0
+ [ -x $DAEMON ] || exit 5
+ SVIemptyConfig @sysconfdir@/sshd_config && exit 6
+
+ if [ ! \( -f @sysconfdir@/ssh_host_key -a \
+ -f @sysconfdir@/ssh_host_key.pub \) -a \
+ ! \( -f @sysconfdir@/ssh_host_rsa_key -a \
+ -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
+ ! \( -f @sysconfdir@/ssh_host_dsa_key -a \
+ -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
+
+ echo "$SVIsubsys: host key not initialized: skipped!"
+ echo "$SVIsubsys: use ssh-host-keygen to generate one!"
+ exit 6
+ fi
+
+ echo -n "Starting $SVIsubsys services: "
+ ssd -S -x $DAEMON -n $NAME -- $OPTIONS
+ ret=$?
+
+ echo "."
+ touch $SVIlock
+ ;;
+
+ stop)
+ [ -e $SVIlock ] || exit 0
+
+ echo -n "Stopping $SVIsubsys services: "
+ ssd -K -p $PIDF -n $NAME
+ ret=$?
+
+ echo "."
+ rm -f $SVIlock
+ ;;
+
+ force-reload|reload)
+ [ -e $SVIlock ] || exit 0
+
+ echo "Reloading $SVIsubsys configuration files: "
+ ssd -K --signal 1 -q -p $PIDF -n $NAME
+ ret=$?
+ echo "done."
+ ;;
+
+ restart)
+ $0 stop
+ $0 start
+ ret=$?
+ ;;
+
+ status)
+ _status $PIDF
+ ret=$?
+ ;;
+
+ *)
+ echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
+ ret=2
+ ;;
+
+esac
+
+exit $ret
+
diff --git a/crypto/openssh/contrib/caldera/sshd.pam b/crypto/openssh/contrib/caldera/sshd.pam
new file mode 100644
index 0000000..f050a9a
--- /dev/null
+++ b/crypto/openssh/contrib/caldera/sshd.pam
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_pwdb.so shadow nodelay
+account required /lib/security/pam_nologin.so
+account required /lib/security/pam_pwdb.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+session required /lib/security/pam_pwdb.so
+session required /lib/security/pam_limits.so
diff --git a/crypto/openssh/contrib/cygwin/Makefile b/crypto/openssh/contrib/cygwin/Makefile
new file mode 100644
index 0000000..a0261f4
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/Makefile
@@ -0,0 +1,77 @@
+srcdir=../..
+copyidsrcdir=..
+prefix=/usr
+exec_prefix=$(prefix)
+bindir=$(prefix)/bin
+datadir=$(prefix)/share
+mandir=$(datadir)/man
+docdir=$(datadir)/doc
+sshdocdir=$(docdir)/openssh
+cygdocdir=$(docdir)/Cygwin
+sysconfdir=/etc
+defaultsdir=$(sysconfdir)/defaults/etc
+inetdefdir=$(defaultsdir)/inetd.d
+PRIVSEP_PATH=/var/empty
+INSTALL=/usr/bin/install -c
+
+DESTDIR=
+
+all:
+ @echo
+ @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
+ @echo "Be sure having DESTDIR set correctly!"
+ @echo
+
+move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
+
+remove-empty-dir:
+ rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+
+install-inetd-config:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(inetdefdir)
+ $(INSTALL) -m 644 sshd-inetd $(DESTDIR)$(inetdefdir)/sshd-inetd
+
+install-sshdoc:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
+ -$(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
+ -$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
+ -$(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
+ -$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys
+ -$(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux
+ -$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
+ -$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+ -$(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
+ -$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
+ -$(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun
+ -$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
+
+install-cygwindoc: README
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
+ $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
+
+install-doc: install-sshdoc install-cygwindoc
+
+install-scripts: ssh-host-config ssh-user-config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
+ $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
+
+install-copy-id: $(copyidsrcdir)/ssh-copy-id $(copyidsrcdir)/ssh-copy-id.1
+ $(INSTALL) -m 755 $(copyidsrcdir)/ssh-copy-id $(DESTDIR)$(bindir)/ssh-copy-id
+ $(INSTALL) -m 644 $(copyidsrcdir)/ssh-copy-id.1 $(DESTDIR)$(mandir)/man1/ssh-copy-id.1
+
+gzip-man-pages:
+ rm $(DESTDIR)$(mandir)/man1/slogin.1
+ gzip $(DESTDIR)$(mandir)/man1/*.1
+ gzip $(DESTDIR)$(mandir)/man5/*.5
+ gzip $(DESTDIR)$(mandir)/man8/*.8
+ cd $(DESTDIR)$(mandir)/man1 && ln -s ssh.1.gz slogin.1.gz
+
+cygwin-postinstall: move-config-files remove-empty-dir install-inetd-config install-doc install-scripts install-copy-id gzip-man-pages
+ @echo "Cygwin specific configuration finished."
diff --git a/crypto/openssh/contrib/cygwin/README b/crypto/openssh/contrib/cygwin/README
new file mode 100644
index 0000000..2562b61
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/README
@@ -0,0 +1,91 @@
+This package describes important Cygwin specific stuff concerning OpenSSH.
+
+The binary package is usually built for recent Cygwin versions and might
+not run on older versions. Please check http://cygwin.com/ for information
+about current Cygwin releases.
+
+==================
+Host configuration
+==================
+
+If you are installing OpenSSH the first time, you can generate global config
+files and server keys, as well as installing sshd as a service, by running
+
+ /usr/bin/ssh-host-config
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+To support testing and unattended installation ssh-host-config got
+some options:
+
+usage: ssh-host-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --cygwin -c <options> Use "options" as value for CYGWIN environment var.
+ --port -p <n> sshd listens on port n.
+ --user -u <account> privileged user for service, default 'cyg_server'.
+ --pwd -w <passwd> Use "pwd" as password for privileged user.
+ --privileged On Windows XP, require privileged user
+ instead of LocalSystem for sshd service.
+
+Installing sshd as daemon via ssh-host-config is recommended.
+
+Alternatively you can start sshd via inetd, if you have the inetutils
+package installed. Just run ssh-host-config, but answer "no" when asked
+to install sshd as service. The ssh-host-config script also adds the
+required lines to /etc/inetd.conf and /etc/services.
+
+==================
+User configuration
+==================
+
+Any user can simplify creating the own private and public keys by running
+
+ /usr/bin/ssh-user-config
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+ --debug -d Enable shell's debug output.
+ --yes -y Answer all questions with "yes" automatically.
+ --no -n Answer all questions with "no" automatically.
+ --passphrase -p word Use "word" as passphrase automatically.
+
+Please note that OpenSSH does never use the value of $HOME to
+search for the users configuration files! It always uses the
+value of the pw_dir field in /etc/passwd as the home directory.
+If no home diretory is set in /etc/passwd, the root directory
+is used instead!
+
+================
+Building OpenSSH
+================
+
+Building from source is easy. Just unpack the source archive, cd to that
+directory, and call cygport:
+
+ cygport openssh.cygport almostall
+
+You must have installed the following packages to be able to build OpenSSH
+with the aforementioned cygport script:
+
+ zlib
+ crypt
+ openssl-devel
+ libwrap-devel
+ libedit-devel
+ libkrb5-devel
+
+Please send requests, error reports etc. to cygwin@cygwin.com.
+
+
+Have fun,
+
+Corinna Vinschen
+Cygwin Developer
+Red Hat Inc.
diff --git a/crypto/openssh/contrib/cygwin/ssh-host-config b/crypto/openssh/contrib/cygwin/ssh-host-config
new file mode 100644
index 0000000..c542d5c
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/ssh-host-config
@@ -0,0 +1,758 @@
+#!/bin/bash
+#
+# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ======================================================================
+# Initialization
+# ======================================================================
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# List of apps used. This is checkad for existance in csih_sanity_check
+# Don't use *any* transient commands before sourcing the csih helper script,
+# otherwise the sanity checks are short-circuited.
+declare -a csih_required_commands=(
+ /usr/bin/basename coreutils
+ /usr/bin/cat coreutils
+ /usr/bin/chmod coreutils
+ /usr/bin/dirname coreutils
+ /usr/bin/id coreutils
+ /usr/bin/mv coreutils
+ /usr/bin/rm coreutils
+ /usr/bin/cygpath cygwin
+ /usr/bin/mount cygwin
+ /usr/bin/ps cygwin
+ /usr/bin/setfacl cygwin
+ /usr/bin/umount cygwin
+ /usr/bin/cmp diffutils
+ /usr/bin/grep grep
+ /usr/bin/awk gawk
+ /usr/bin/ssh-keygen openssh
+ /usr/sbin/sshd openssh
+ /usr/bin/sed sed
+)
+csih_sanity_check_server=yes
+source ${CSIH_SCRIPT}
+
+PROGNAME=$(/usr/bin/basename $0)
+_tdir=$(/usr/bin/dirname $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+LOCALSTATEDIR=/var
+
+port_number=22
+privsep_configured=no
+privsep_used=yes
+cygwin_value=""
+user_account=
+password_value=
+opt_force=no
+
+# ======================================================================
+# Routine: create_host_keys
+# ======================================================================
+create_host_keys() {
+ local ret=0
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
+ if ! /usr/bin/ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+ if ! /usr/bin/ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+ if ! /usr/bin/ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+
+ if [ ! -f "${SYSCONFDIR}/ssh_host_ecdsa_key" ]
+ then
+ csih_inform "Generating ${SYSCONFDIR}/ssh_host_ecdsa_key"
+ if ! /usr/bin/ssh-keygen -t ecdsa -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' > /dev/null
+ then
+ csih_warning "Generating ${SYSCONFDIR}/ssh_host_key failed!"
+ let ++ret
+ fi
+ fi
+ return $ret
+} # --- End of create_host_keys --- #
+
+# ======================================================================
+# Routine: update_services_file
+# ======================================================================
+update_services_file() {
+ local _my_etcdir="/ssh-host-config.$$"
+ local _win_etcdir
+ local _services
+ local _spaces
+ local _serv_tmp
+ local _wservices
+ local ret=0
+
+ _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
+ _services="${_my_etcdir}/services"
+ _spaces=" #"
+ _serv_tmp="${_my_etcdir}/srv.out.$$"
+
+ /usr/bin/mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}"
+
+ # Depends on the above mount
+ _wservices=`cygpath -w "${_services}"`
+
+ # Remove sshd 22/port from services
+ if [ `/usr/bin/grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
+ if [ -f "${_serv_tmp}" ]
+ then
+ if /usr/bin/mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Removing sshd from ${_wservices}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_serv_tmp}"
+ else
+ csih_warning "Removing sshd from ${_wservices} failed!"
+ let ++ret
+ fi
+ fi
+
+ # Add ssh 22/tcp and ssh 22/udp to services
+ if [ `/usr/bin/grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+ then
+ if /usr/bin/awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+ then
+ if /usr/bin/mv "${_serv_tmp}" "${_services}"
+ then
+ csih_inform "Added ssh to ${_wservices}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_serv_tmp}"
+ else
+ csih_warning "Adding ssh to ${_wservices} failed!"
+ let ++ret
+ fi
+ fi
+ /usr/bin/umount "${_my_etcdir}"
+ return $ret
+} # --- End of update_services_file --- #
+
+# ======================================================================
+# Routine: sshd_privsep
+# MODIFIES: privsep_configured privsep_used
+# ======================================================================
+sshd_privsep() {
+ local sshdconfig_tmp
+ local ret=0
+
+ if [ "${privsep_configured}" != "yes" ]
+ then
+ csih_inform "Privilege separation is set to yes by default since OpenSSH 3.3."
+ csih_inform "However, this requires a non-privileged account called 'sshd'."
+ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
+ if csih_request "Should privilege separation be used?"
+ then
+ privsep_used=yes
+ if ! csih_create_unprivileged_user sshd
+ then
+ csih_error_recoverable "Couldn't create user 'sshd'!"
+ csih_error_recoverable "Privilege separation set to 'no' again!"
+ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ privsep_used=no
+ fi
+ else
+ privsep_used=no
+ fi
+ fi
+
+ # Create default sshd_config from skeleton files in /etc/defaults/etc or
+ # modify to add the missing privsep configuration option
+ if /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+ then
+ csih_inform "Updating ${SYSCONFDIR}/sshd_config file"
+ sshdconfig_tmp=${SYSCONFDIR}/sshd_config.$$
+ /usr/bin/sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
+ s/^#Port 22/Port ${port_number}/
+ s/^#StrictModes yes/StrictModes no/" \
+ < ${SYSCONFDIR}/sshd_config \
+ > "${sshdconfig_tmp}"
+ if ! /usr/bin/mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
+ then
+ csih_warning "Setting privilege separation to 'yes' failed!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ fi
+ elif [ "${privsep_configured}" != "yes" ]
+ then
+ echo >> ${SYSCONFDIR}/sshd_config
+ if ! echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config
+ then
+ csih_warning "Setting privilege separation to 'yes' failed!"
+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+ let ++ret
+ fi
+ fi
+ return $ret
+} # --- End of sshd_privsep --- #
+
+# ======================================================================
+# Routine: update_inetd_conf
+# ======================================================================
+update_inetd_conf() {
+ local _inetcnf="${SYSCONFDIR}/inetd.conf"
+ local _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
+ local _inetcnf_dir="${SYSCONFDIR}/inetd.d"
+ local _sshd_inetd_conf="${_inetcnf_dir}/sshd-inetd"
+ local _sshd_inetd_conf_tmp="${_inetcnf_dir}/sshd-inetd.$$"
+ local _with_comment=1
+ local ret=0
+
+ if [ -d "${_inetcnf_dir}" ]
+ then
+ # we have inetutils-1.5 inetd.d support
+ if [ -f "${_inetcnf}" ]
+ then
+ /usr/bin/grep -q '^[ \t]*ssh' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd OR ssh in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed ssh[d] from ${_inetcnf}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+ fi
+
+ csih_install_config "${_sshd_inetd_conf}" "${SYSCONFDIR}/defaults"
+ if /usr/bin/cmp "${SYSCONFDIR}/defaults${_sshd_inetd_conf}" "${_sshd_inetd_conf}" >/dev/null 2>&1
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ /usr/bin/sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ else
+ /usr/bin/sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+ fi
+ if /usr/bin/mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
+ then
+ csih_inform "Updated ${_sshd_inetd_conf}"
+ else
+ csih_warning "Updating ${_sshd_inetd_conf} failed!"
+ let ++ret
+ fi
+ fi
+
+ elif [ -f "${_inetcnf}" ]
+ then
+ /usr/bin/grep -q '^[ \t]*sshd' "${_inetcnf}" && _with_comment=0
+
+ # check for sshd in top-level inetd.conf file, and remove
+ # will be replaced by a file in inetd.d/
+ if [ `/usr/bin/grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
+ then
+ /usr/bin/grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
+ if [ -f "${_inetcnf_tmp}" ]
+ then
+ if /usr/bin/mv "${_inetcnf_tmp}" "${_inetcnf}"
+ then
+ csih_inform "Removed sshd from ${_inetcnf}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ /usr/bin/rm -f "${_inetcnf_tmp}"
+ else
+ csih_warning "Removing sshd from ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+
+ # Add ssh line to inetd.conf
+ if [ `/usr/bin/grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
+ then
+ if [ "${_with_comment}" -eq 0 ]
+ then
+ echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ else
+ echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+ fi
+ if [ $? -eq 0 ]
+ then
+ csih_inform "Added ssh to ${_inetcnf}"
+ else
+ csih_warning "Adding ssh to ${_inetcnf} failed!"
+ let ++ret
+ fi
+ fi
+ fi
+ return $ret
+} # --- End of update_inetd_conf --- #
+
+# ======================================================================
+# Routine: check_service_files_ownership
+# Checks that the files in /etc and /var belong to the right owner
+# ======================================================================
+check_service_files_ownership() {
+ local run_service_as=$1
+ local ret=0
+
+ if [ -z "${run_service_as}" ]
+ then
+ accnt_name=$(/usr/bin/cygrunsrv -VQ sshd | /usr/bin/sed -ne 's/^Account *: *//gp')
+ if [ "${accnt_name}" = "LocalSystem" ]
+ then
+ # Convert "LocalSystem" to "SYSTEM" as is the correct account name
+ accnt_name="SYSTEM:"
+ elif [[ "${accnt_name}" =~ ^\.\\ ]]
+ then
+ # Convert "." domain to local machine name
+ accnt_name="U-${COMPUTERNAME}${accnt_name#.},"
+ fi
+ run_service_as=$(/usr/bin/grep -Fi "${accnt_name}" /etc/passwd | /usr/bin/awk -F: '{print $1;}')
+ if [ -z "${run_service_as}" ]
+ then
+ csih_warning "Couldn't determine name of user running sshd service from /etc/passwd!"
+ csih_warning "As a result, this script cannot make sure that the files used"
+ csih_warning "by the sshd service belong to the user running the service."
+ csih_warning "Please re-run the mkpasswd tool to make sure the /etc/passwd"
+ csih_warning "file is in a good shape."
+ return 1
+ fi
+ fi
+ for i in "${SYSCONFDIR}"/ssh_config "${SYSCONFDIR}"/sshd_config "${SYSCONFDIR}"/ssh_host_*key "${SYSCONFDIR}"/ssh_host_*key.pub
+ do
+ if [ -f "$i" ]
+ then
+ if ! chown "${run_service_as}".544 "$i" >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of $i!"
+ let ++ret
+ fi
+ fi
+ done
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/empty!"
+ let ++ret
+ fi
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/lastlog!"
+ let ++ret
+ fi
+ if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+ then
+ if ! chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log >/dev/null 2>&1
+ then
+ csih_warning "Couldn't change owner of ${LOCALSTATEDIR}/log/sshd.log!"
+ let ++ret
+ fi
+ fi
+ if [ $ret -ne 0 ]
+ then
+ csih_warning "Couldn't change owner of important files to ${run_service_as}!"
+ csih_warning "This may cause the sshd service to fail! Please make sure that"
+ csih_warning "you have suufficient permissions to change the ownership of files"
+ csih_warning "and try to run the ssh-host-config script again."
+ fi
+ return $ret
+} # --- End of check_service_files_ownership --- #
+
+# ======================================================================
+# Routine: install_service
+# Install sshd as a service
+# ======================================================================
+install_service() {
+ local run_service_as
+ local password
+ local ret=0
+
+ echo
+ if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ csih_inform "Sshd service is already installed."
+ check_service_files_ownership "" || let ret+=$?
+ else
+ echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
+ if csih_request "(Say \"no\" if it is already installed as a service)"
+ then
+ csih_get_cygenv "${cygwin_value}"
+
+ if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+ then
+ csih_inform "On Windows Server 2003, Windows Vista, and above, the"
+ csih_inform "SYSTEM account cannot setuid to other users -- a capability"
+ csih_inform "sshd requires. You need to have or to create a privileged"
+ csih_inform "account. This script will help you do so."
+ echo
+
+ [ "${opt_force}" = "yes" ] && opt_f=-f
+ [ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
+ csih_select_privileged_username ${opt_f} ${opt_u} sshd
+
+ if ! csih_create_privileged_user "${password_value}"
+ then
+ csih_error_recoverable "There was a serious problem creating a privileged user."
+ csih_request "Do you want to proceed anyway?" || exit 1
+ let ++ret
+ fi
+ fi
+
+ # Never returns empty if NT or above
+ run_service_as=$(csih_service_should_run_as)
+
+ if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
+ then
+ password="${csih_PRIVILEGED_PASSWORD}"
+ if [ -z "${password}" ]
+ then
+ csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
+ password="${csih_value}"
+ fi
+ fi
+
+ # At this point, we either have $run_service_as = "system" and
+ # $password is empty, or $run_service_as is some privileged user and
+ # (hopefully) $password contains the correct password. So, from here
+ # out, we use '-z "${password}"' to discriminate the two cases.
+
+ csih_check_user "${run_service_as}"
+
+ if [ -n "${csih_cygenv}" ]
+ then
+ cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
+ fi
+ if [ -z "${password}" ]
+ then
+ if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+ -a "-D" -y tcpip "${cygwin_env[@]}"
+ then
+ echo
+ csih_inform "The sshd service has been installed under the LocalSystem"
+ csih_inform "account (also known as SYSTEM). To start the service now, call"
+ csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
+ csih_inform "will start automatically after the next reboot."
+ fi
+ else
+ if /usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
+ -a "-D" -y tcpip "${cygwin_env[@]}" \
+ -u "${run_service_as}" -w "${password}"
+ then
+ /usr/bin/editrights -u "${run_service_as}" -a SeServiceLogonRight
+ echo
+ csih_inform "The sshd service has been installed under the '${run_service_as}'"
+ csih_inform "account. To start the service now, call \`net start sshd' or"
+ csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
+ csih_inform "after the next reboot."
+ fi
+ fi
+
+ if /usr/bin/cygrunsrv -Q sshd >/dev/null 2>&1
+ then
+ check_service_files_ownership "${run_service_as}" || let ret+=$?
+ else
+ csih_error_recoverable "Installing sshd as a service failed!"
+ let ++ret
+ fi
+ fi # user allowed us to install as service
+ fi # service not yet installed
+ return $ret
+} # --- End of install_service --- #
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_HOST_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+ opt_force=yes
+fi
+if [ -n "${SSH_HOST_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+ opt_force=yes
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
+while :
+do
+ case $# in
+ 0)
+ break
+ ;;
+ esac
+
+ option=$1
+ shift
+
+ case "${option}" in
+ -d | --debug )
+ set -x
+ csih_trace_on
+ ;;
+
+ -y | --yes )
+ csih_auto_answer=yes
+ opt_force=yes
+ ;;
+
+ -n | --no )
+ csih_auto_answer=no
+ opt_force=yes
+ ;;
+
+ -c | --cygwin )
+ cygwin_value="$1"
+ shift
+ ;;
+
+ -p | --port )
+ port_number=$1
+ shift
+ ;;
+
+ -u | --user )
+ user_account="$1"
+ shift
+ ;;
+
+ -w | --pwd )
+ password_value="$1"
+ shift
+ ;;
+
+ --privileged )
+ csih_FORCE_PRIVILEGED_USER=yes
+ ;;
+
+ *)
+ echo "usage: ${progname} [OPTION]..."
+ echo
+ echo "This script creates an OpenSSH host configuration."
+ echo
+ echo "Options:"
+ echo " --debug -d Enable shell's debug output."
+ echo " --yes -y Answer all questions with \"yes\" automatically."
+ echo " --no -n Answer all questions with \"no\" automatically."
+ echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var."
+ echo " --port -p <n> sshd listens on port n."
+ echo " --user -u <account> privileged user for service, default 'cyg_server'."
+ echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user."
+ echo " --privileged On Windows XP, require privileged user"
+ echo " instead of LocalSystem for sshd service."
+ echo
+ exit 1
+ ;;
+
+ esac
+done
+
+# ======================================================================
+# Action!
+# ======================================================================
+
+# Check for running ssh/sshd processes first. Refuse to do anything while
+# some ssh processes are still running
+if /usr/bin/ps -ef | /usr/bin/grep -q '/sshd\?$'
+then
+ echo
+ csih_error "There are still ssh processes running. Please shut them down first."
+fi
+
+# Make sure the user is running in an administrative context
+admin=$(/usr/bin/id -G | /usr/bin/grep -Eq '\<544\>' && echo yes || echo no)
+if [ "${admin}" != "yes" ]
+then
+ echo
+ csih_warning "Running this script typically requires administrator privileges!"
+ csih_warning "However, it seems your account does not have these privileges."
+ csih_warning "Here's the list of groups in your user token:"
+ echo
+ for i in $(/usr/bin/id -G)
+ do
+ /usr/bin/awk -F: "/[^:]*:[^:]*:$i:/{ print \" \" \$1; }" /etc/group
+ done
+ echo
+ csih_warning "This usually means you're running this script from a non-admin"
+ csih_warning "desktop session, or in a non-elevated shell under UAC control."
+ echo
+ csih_warning "Make sure you have the appropriate privileges right now,"
+ csih_warning "otherwise parts of this script will probably fail!"
+ echo
+ echo -e "${_csih_QUERY_STR} Are you sure you want to continue? (Say \"no\" if you're not sure"
+ if ! csih_request "you have the required privileges)"
+ then
+ echo
+ csih_inform "Ok. Exiting. Make sure to switch to an administrative account"
+ csih_inform "or to start this script from an elevated shell."
+ exit 1
+ fi
+fi
+
+echo
+
+warning_cnt=0
+
+# Check for ${SYSCONFDIR} directory
+csih_make_dir "${SYSCONFDIR}" "Cannot create global configuration files."
+if ! /usr/bin/chmod 775 "${SYSCONFDIR}" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${SYSCONFDIR}!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${SYSCONFDIR}" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${SYSCONFDIR}!"
+ let ++warning_cnt
+fi
+
+# Check for /var/log directory
+csih_make_dir "${LOCALSTATEDIR}/log" "Cannot create log directory."
+if ! /usr/bin/chmod 775 "${LOCALSTATEDIR}/log" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/log" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/log!"
+ let ++warning_cnt
+fi
+
+# Create /var/log/lastlog if not already exists
+if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
+then
+ echo
+ csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
+ "Cannot create ssh host configuration."
+fi
+if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
+then
+ /usr/bin/cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
+ if ! /usr/bin/chmod 644 ${LOCALSTATEDIR}/log/lastlog >/dev/null 2>&1
+ then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/log/lastlog!"
+ let ++warning_cnt
+ fi
+fi
+
+# Create /var/empty file used as chroot jail for privilege separation
+csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create ${LOCALSTATEDIR}/empty directory."
+if ! /usr/bin/chmod 755 "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
+then
+ csih_warning "Can't set permissions on ${LOCALSTATEDIR}/empty!"
+ let ++warning_cnt
+fi
+if ! /usr/bin/setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty" >/dev/null 2>&1
+then
+ csih_warning "Can't set extended permissions on ${LOCALSTATEDIR}/empty!"
+ let ++warning_cnt
+fi
+
+# host keys
+create_host_keys || let warning_cnt+=$?
+
+# handle ssh_config
+csih_install_config "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+if /usr/bin/cmp "${SYSCONFDIR}/ssh_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/ssh_config" >/dev/null 2>&1
+then
+ if [ "${port_number}" != "22" ]
+ then
+ csih_inform "Updating ${SYSCONFDIR}/ssh_config file with requested port"
+ echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
+ echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config
+ fi
+fi
+
+# handle sshd_config (and privsep)
+csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+then
+ /usr/bin/grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
+fi
+sshd_privsep || let warning_cnt+=$?
+
+update_services_file || let warning_cnt+=$?
+update_inetd_conf || let warning_cnt+=$?
+install_service || let warning_cnt+=$?
+
+echo
+if [ $warning_cnt -eq 0 ]
+then
+ csih_inform "Host configuration finished. Have fun!"
+else
+ csih_warning "Host configuration exited with ${warning_cnt} errors or warnings!"
+ csih_warning "Make sure that all problems reported are fixed,"
+ csih_warning "then re-run ssh-host-config."
+fi
+exit $warning_cnt
diff --git a/crypto/openssh/contrib/cygwin/ssh-user-config b/crypto/openssh/contrib/cygwin/ssh-user-config
new file mode 100644
index 0000000..8708b7a
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/ssh-user-config
@@ -0,0 +1,266 @@
+#!/bin/bash
+#
+# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
+# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ======================================================================
+# Initialization
+# ======================================================================
+PROGNAME=$(basename -- $0)
+_tdir=$(dirname -- $0)
+PROGDIR=$(cd $_tdir && pwd)
+
+CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
+source ${CSIH_SCRIPT}
+
+auto_passphrase="no"
+passphrase=""
+pwdhome=
+with_passphrase=
+
+# ======================================================================
+# Routine: create_identity
+# optionally create identity of type argument in ~/.ssh
+# optionally add result to ~/.ssh/authorized_keys
+# ======================================================================
+create_identity() {
+ local file="$1"
+ local type="$2"
+ local name="$3"
+ if [ ! -f "${pwdhome}/.ssh/${file}" ]
+ then
+ if csih_request "Shall I create a ${name} identity file for you?"
+ then
+ csih_inform "Generating ${pwdhome}/.ssh/${file}"
+ if [ "${with_passphrase}" = "yes" ]
+ then
+ ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
+ else
+ ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
+ fi
+ if csih_request "Do you want to use this identity to login to this machine?"
+ then
+ csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
+ cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
+ fi
+ fi
+ fi
+} # === End of create_ssh1_identity() === #
+readonly -f create_identity
+
+# ======================================================================
+# Routine: check_user_homedir
+# Perform various checks on the user's home directory
+# SETS GLOBAL VARIABLE:
+# pwdhome
+# ======================================================================
+check_user_homedir() {
+ local uid=$(id -u)
+ pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
+ if [ "X${pwdhome}" = "X" ]
+ then
+ csih_error_multi \
+ "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
+ 'Setting $HOME is not sufficient!'
+ fi
+
+ if [ ! -d "${pwdhome}" ]
+ then
+ csih_error_multi \
+ "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
+ 'but it is not a valid directory. Cannot create user identity files.'
+ fi
+
+ # If home is the root dir, set home to empty string to avoid error messages
+ # in subsequent parts of that script.
+ if [ "X${pwdhome}" = "X/" ]
+ then
+ # But first raise a warning!
+ csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
+ if csih_request "Would you like to proceed anyway?"
+ then
+ pwdhome=''
+ else
+ csih_warning "Exiting. Configuration is not complete"
+ exit 1
+ fi
+ fi
+
+ if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
+ then
+ echo
+ csih_warning 'group and other have been revoked write permission to your home'
+ csih_warning "directory ${pwdhome}."
+ csih_warning 'This is required by OpenSSH to allow public key authentication using'
+ csih_warning 'the key files stored in your .ssh subdirectory.'
+ csih_warning 'Revert this change ONLY if you know what you are doing!'
+ echo
+ fi
+} # === End of check_user_homedir() === #
+readonly -f check_user_homedir
+
+# ======================================================================
+# Routine: check_user_dot_ssh_dir
+# Perform various checks on the ~/.ssh directory
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+check_user_dot_ssh_dir() {
+ if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+ then
+ csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+ fi
+
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ mkdir "${pwdhome}/.ssh"
+ if [ ! -e "${pwdhome}/.ssh" ]
+ then
+ csih_error "Creating users ${pwdhome}/.ssh directory failed"
+ fi
+ fi
+} # === End of check_user_dot_ssh_dir() === #
+readonly -f check_user_dot_ssh_dir
+
+# ======================================================================
+# Routine: fix_authorized_keys_perms
+# Corrects the permissions of ~/.ssh/authorized_keys
+# PREREQUISITE:
+# pwdhome -- check_user_homedir()
+# ======================================================================
+fix_authorized_keys_perms() {
+ if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
+ then
+ if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
+ then
+ csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
+ csih_warning "failed. Please care for the correct permissions. The minimum requirement"
+ csih_warning "is, the owner needs read permissions."
+ echo
+ fi
+ fi
+} # === End of fix_authorized_keys_perms() === #
+readonly -f fix_authorized_keys_perms
+
+
+# ======================================================================
+# Main Entry Point
+# ======================================================================
+
+# Check how the script has been started. If
+# (1) it has been started by giving the full path and
+# that path is /etc/postinstall, OR
+# (2) Otherwise, if the environment variable
+# SSH_USER_CONFIG_AUTO_ANSWER_NO is set
+# then set auto_answer to "no". This allows automatic
+# creation of the config files in /etc w/o overwriting
+# them if they already exist. In both cases, color
+# escape sequences are suppressed, so as to prevent
+# cluttering setup's logfiles.
+if [ "$PROGDIR" = "/etc/postinstall" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
+then
+ csih_auto_answer="no"
+ csih_disable_color
+fi
+
+# ======================================================================
+# Parse options
+# ======================================================================
+while :
+do
+ case $# in
+ 0)
+ break
+ ;;
+ esac
+
+ option=$1
+ shift
+
+ case "$option" in
+ -d | --debug )
+ set -x
+ csih_trace_on
+ ;;
+
+ -y | --yes )
+ csih_auto_answer=yes
+ ;;
+
+ -n | --no )
+ csih_auto_answer=no
+ ;;
+
+ -p | --passphrase )
+ with_passphrase="yes"
+ passphrase=$1
+ shift
+ ;;
+
+ *)
+ echo "usage: ${PROGNAME} [OPTION]..."
+ echo
+ echo "This script creates an OpenSSH user configuration."
+ echo
+ echo "Options:"
+ echo " --debug -d Enable shell's debug output."
+ echo " --yes -y Answer all questions with \"yes\" automatically."
+ echo " --no -n Answer all questions with \"no\" automatically."
+ echo " --passphrase -p word Use \"word\" as passphrase automatically."
+ echo
+ exit 1
+ ;;
+
+ esac
+done
+
+# ======================================================================
+# Action!
+# ======================================================================
+
+# Check passwd file
+if [ ! -f ${SYSCONFDIR}/passwd ]
+then
+ csih_error_multi \
+ "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
+ 'first using mkpasswd. Check if it contains an entry for you and' \
+ 'please care for the home directory in your entry as well.'
+fi
+
+check_user_homedir
+check_user_dot_ssh_dir
+create_identity id_rsa rsa "SSH2 RSA"
+create_identity id_dsa dsa "SSH2 DSA"
+create_identity id_ecdsa ecdsa "SSH2 ECDSA"
+create_identity identity rsa1 "(deprecated) SSH1 RSA"
+fix_authorized_keys_perms
+
+echo
+csih_inform "Configuration finished. Have fun!"
+
+
diff --git a/crypto/openssh/contrib/cygwin/sshd-inetd b/crypto/openssh/contrib/cygwin/sshd-inetd
new file mode 100644
index 0000000..aa6bf07
--- /dev/null
+++ b/crypto/openssh/contrib/cygwin/sshd-inetd
@@ -0,0 +1,4 @@
+# This file can be used to enable sshd as a slave of the inetd service
+# To do so, the line below should be uncommented.
+@COMMENT@ ssh stream tcp nowait root /usr/sbin/sshd sshd -i
+
diff --git a/crypto/openssh/contrib/findssl.sh b/crypto/openssh/contrib/findssl.sh
new file mode 100755
index 0000000..263fd26
--- /dev/null
+++ b/crypto/openssh/contrib/findssl.sh
@@ -0,0 +1,186 @@
+#!/bin/sh
+#
+# $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $
+#
+# findssl.sh
+# Search for all instances of OpenSSL headers and libraries
+# and print their versions.
+# Intended to help diagnose OpenSSH's "OpenSSL headers do not
+# match your library" errors.
+#
+# Written by Darren Tucker (dtucker at zip dot com dot au)
+# This file is placed in the public domain.
+#
+# Release history:
+# 2002-07-27: Initial release.
+# 2002-08-04: Added public domain notice.
+# 2003-06-24: Incorporated readme, set library paths. First cvs version.
+# 2004-12-13: Add traps to cleanup temp files, from Amarendra Godbole.
+#
+# "OpenSSL headers do not match your library" are usually caused by
+# OpenSSH's configure picking up an older version of OpenSSL headers
+# or libraries. You can use the following # procedure to help identify
+# the cause.
+#
+# The output of configure will tell you the versions of the OpenSSL
+# headers and libraries that were picked up, for example:
+#
+# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
+# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
+# checking whether OpenSSL's headers match the library... no
+# configure: error: Your OpenSSL headers do not match your library
+#
+# Now run findssl.sh. This should identify the headers and libraries
+# present and their versions. You should be able to identify the
+# libraries and headers used and adjust your CFLAGS or remove incorrect
+# versions. The output will show OpenSSL's internal version identifier
+# and should look something like:
+
+# $ ./findssl.sh
+# Searching for OpenSSL header files.
+# 0x0090604fL /usr/include/openssl/opensslv.h
+# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
+#
+# Searching for OpenSSL shared library files.
+# 0x0090602fL /lib/libcrypto.so.0.9.6b
+# 0x0090602fL /lib/libcrypto.so.2
+# 0x0090581fL /usr/lib/libcrypto.so.0
+# 0x0090602fL /usr/lib/libcrypto.so
+# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
+# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
+# 0x0090600fL /usr/lib/libcrypto.so.1
+#
+# Searching for OpenSSL static library files.
+# 0x0090602fL /usr/lib/libcrypto.a
+# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
+#
+# In this example, I gave configure no extra flags, so it's picking up
+# the OpenSSL header from /usr/include/openssl (90604f) and the library
+# from /usr/lib/ (90602f).
+
+#
+# Adjust these to suit your compiler.
+# You may also need to set the *LIB*PATH environment variables if
+# DEFAULT_LIBPATH is not correct for your system.
+#
+CC=gcc
+STATIC=-static
+
+#
+# Cleanup on interrupt
+#
+trap 'rm -f conftest.c' INT HUP TERM
+
+#
+# Set up conftest C source
+#
+rm -f findssl.log
+cat >conftest.c <<EOD
+#include <stdio.h>
+int main(){printf("0x%08xL\n", SSLeay());}
+EOD
+
+#
+# Set default library paths if not already set
+#
+DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
+LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
+LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
+LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
+export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+
+# not all platforms have a 'which' command
+if which ls >/dev/null 2>/dev/null; then
+ : which is defined
+else
+ which () {
+ saveIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if test -x "$p/$1" -a -f "$p/$1"; then
+ IFS="$saveIFS"
+ echo "$p/$1"
+ return 0
+ fi
+ done
+ IFS="$saveIFS"
+ return 1
+ }
+fi
+
+#
+# Search for OpenSSL headers and print versions
+#
+echo Searching for OpenSSL header files.
+if [ -x "`which locate`" ]
+then
+ headers=`locate opensslv.h`
+else
+ headers=`find / -name opensslv.h -print 2>/dev/null`
+fi
+
+for header in $headers
+do
+ ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
+ echo "$ver $header"
+done
+echo
+
+#
+# Search for shared libraries.
+# Relies on shared libraries looking like "libcrypto.s*"
+#
+echo Searching for OpenSSL shared library files.
+if [ -x "`which locate`" ]
+then
+ libraries=`locate libcrypto.s`
+else
+ libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+ (echo "Trying libcrypto $lib" >>findssl.log
+ dir=`dirname $lib`
+ LIBPATH="$dir:$LIBPATH"
+ LD_LIBRARY_PATH="$dir:$LIBPATH"
+ LIBRARY_PATH="$dir:$LIBPATH"
+ export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+ ${CC} -o conftest conftest.c $lib 2>>findssl.log
+ if [ -x ./conftest ]
+ then
+ ver=`./conftest 2>/dev/null`
+ rm -f ./conftest
+ echo "$ver $lib"
+ fi)
+done
+echo
+
+#
+# Search for static OpenSSL libraries and print versions
+#
+echo Searching for OpenSSL static library files.
+if [ -x "`which locate`" ]
+then
+ libraries=`locate libcrypto.a`
+else
+ libraries=`find / -name libcrypto.a -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+ libdir=`dirname $lib`
+ echo "Trying libcrypto $lib" >>findssl.log
+ ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
+ if [ -x ./conftest ]
+ then
+ ver=`./conftest 2>/dev/null`
+ rm -f ./conftest
+ echo "$ver $lib"
+ fi
+done
+
+#
+# Clean up
+#
+rm -f conftest.c
diff --git a/crypto/openssh/contrib/gnome-ssh-askpass1.c b/crypto/openssh/contrib/gnome-ssh-askpass1.c
new file mode 100644
index 0000000..4d51032
--- /dev/null
+++ b/crypto/openssh/contrib/gnome-ssh-askpass1.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
+ * you don't trust your X server. We grab the keyboard always.
+ */
+
+/*
+ * Compile with:
+ *
+ * cc `gnome-config --cflags gnome gnomeui` \
+ * gnome-ssh-askpass1.c -o gnome-ssh-askpass \
+ * `gnome-config --libs gnome gnomeui`
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnome.h>
+#include <X11/Xlib.h>
+#include <gdk/gdkx.h>
+
+void
+report_failed_grab (void)
+{
+ GtkWidget *err;
+
+ err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
+ "A malicious client may be eavesdropping on your session.",
+ GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
+ gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+ gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
+
+ gnome_dialog_run_and_close(GNOME_DIALOG(err));
+}
+
+int
+passphrase_dialog(char *message)
+{
+ char *passphrase;
+ char **messages;
+ int result, i, grab_server, grab_pointer;
+ GtkWidget *dialog, *entry, *label;
+
+ grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+ grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+
+ dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
+ GNOME_STOCK_BUTTON_CANCEL, NULL);
+
+ messages = g_strsplit(message, "\\n", 0);
+ if (messages)
+ for(i = 0; messages[i]; i++) {
+ label = gtk_label_new(messages[i]);
+ gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
+ label, FALSE, FALSE, 0);
+ }
+
+ entry = gtk_entry_new();
+ gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE,
+ FALSE, 0);
+ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ gtk_widget_grab_focus(entry);
+
+ /* Center window and prepare for grab */
+ gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
+ gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
+ gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
+ gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
+ gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
+ GNOME_PAD);
+ gtk_widget_show_all(dialog);
+
+ /* Grab focus */
+ if (grab_server)
+ XGrabServer(GDK_DISPLAY());
+ if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0,
+ NULL, NULL, GDK_CURRENT_TIME))
+ goto nograb;
+ if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
+ goto nograbkb;
+
+ /* Make <enter> close dialog */
+ gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
+
+ /* Run dialog */
+ result = gnome_dialog_run(GNOME_DIALOG(dialog));
+
+ /* Ungrab */
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ if (grab_pointer)
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+ gdk_flush();
+
+ /* Report passphrase if user selected OK */
+ passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
+ if (result == 0)
+ puts(passphrase);
+
+ /* Zero passphrase in memory */
+ memset(passphrase, '\0', strlen(passphrase));
+ gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+
+ gnome_dialog_close(GNOME_DIALOG(dialog));
+ return (result == 0 ? 0 : -1);
+
+ /* At least one grab failed - ungrab what we got, and report
+ the failure to the user. Note that XGrabServer() cannot
+ fail. */
+ nograbkb:
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ gnome_dialog_close(GNOME_DIALOG(dialog));
+
+ report_failed_grab();
+ return (-1);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *message;
+ int result;
+
+ gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
+
+ if (argc == 2)
+ message = argv[1];
+ else
+ message = "Enter your OpenSSH passphrase:";
+
+ setvbuf(stdout, 0, _IONBF, 0);
+ result = passphrase_dialog(message);
+
+ return (result);
+}
diff --git a/crypto/openssh/contrib/gnome-ssh-askpass2.c b/crypto/openssh/contrib/gnome-ssh-askpass2.c
new file mode 100644
index 0000000..9d97c30
--- /dev/null
+++ b/crypto/openssh/contrib/gnome-ssh-askpass2.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
+
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
+ * you don't trust your X server. We grab the keyboard always.
+ */
+
+#define GRAB_TRIES 16
+#define GRAB_WAIT 250 /* milliseconds */
+
+/*
+ * Compile with:
+ *
+ * cc -Wall `pkg-config --cflags gtk+-2.0` \
+ * gnome-ssh-askpass2.c -o gnome-ssh-askpass \
+ * `pkg-config --libs gtk+-2.0`
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <X11/Xlib.h>
+#include <gtk/gtk.h>
+#include <gdk/gdkx.h>
+
+static void
+report_failed_grab (const char *what)
+{
+ GtkWidget *err;
+
+ err = gtk_message_dialog_new(NULL, 0,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "Could not grab %s. "
+ "A malicious client may be eavesdropping "
+ "on your session.", what);
+ gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+ gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
+ TRUE);
+
+ gtk_dialog_run(GTK_DIALOG(err));
+
+ gtk_widget_destroy(err);
+}
+
+static void
+ok_dialog(GtkWidget *entry, gpointer dialog)
+{
+ g_return_if_fail(GTK_IS_DIALOG(dialog));
+ gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+}
+
+static int
+passphrase_dialog(char *message)
+{
+ const char *failed;
+ char *passphrase, *local;
+ int result, grab_tries, grab_server, grab_pointer;
+ GtkWidget *dialog, *entry;
+ GdkGrabStatus status;
+
+ grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+ grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+ grab_tries = 0;
+
+ dialog = gtk_message_dialog_new(NULL, 0,
+ GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_OK_CANCEL,
+ "%s",
+ message);
+
+ entry = gtk_entry_new();
+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
+ FALSE, 0);
+ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+ gtk_widget_grab_focus(entry);
+ gtk_widget_show(entry);
+
+ gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+ gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+ gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
+ TRUE);
+
+ /* Make <enter> close dialog */
+ gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+ g_signal_connect(G_OBJECT(entry), "activate",
+ G_CALLBACK(ok_dialog), dialog);
+
+ gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+
+ /* Grab focus */
+ gtk_widget_show_now(dialog);
+ if (grab_pointer) {
+ for(;;) {
+ status = gdk_pointer_grab(
+ (GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
+ NULL, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "mouse";
+ goto nograb;
+ }
+ }
+ }
+ for(;;) {
+ status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
+ FALSE, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "keyboard";
+ goto nograbkb;
+ }
+ }
+ if (grab_server) {
+ gdk_x11_grab_server();
+ }
+
+ result = gtk_dialog_run(GTK_DIALOG(dialog));
+
+ /* Ungrab */
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ if (grab_pointer)
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+ gdk_flush();
+
+ /* Report passphrase if user selected OK */
+ passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
+ if (result == GTK_RESPONSE_OK) {
+ local = g_locale_from_utf8(passphrase, strlen(passphrase),
+ NULL, NULL, NULL);
+ if (local != NULL) {
+ puts(local);
+ memset(local, '\0', strlen(local));
+ g_free(local);
+ } else {
+ puts(passphrase);
+ }
+ }
+
+ /* Zero passphrase in memory */
+ memset(passphrase, '\b', strlen(passphrase));
+ gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+ memset(passphrase, '\0', strlen(passphrase));
+ g_free(passphrase);
+
+ gtk_widget_destroy(dialog);
+ return (result == GTK_RESPONSE_OK ? 0 : -1);
+
+ /* At least one grab failed - ungrab what we got, and report
+ the failure to the user. Note that XGrabServer() cannot
+ fail. */
+ nograbkb:
+ gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+ if (grab_server)
+ XUngrabServer(GDK_DISPLAY());
+ gtk_widget_destroy(dialog);
+
+ report_failed_grab(failed);
+
+ return (-1);
+}
+
+int
+main(int argc, char **argv)
+{
+ char *message;
+ int result;
+
+ gtk_init(&argc, &argv);
+
+ if (argc > 1) {
+ message = g_strjoinv(" ", argv + 1);
+ } else {
+ message = g_strdup("Enter your OpenSSH passphrase:");
+ }
+
+ setvbuf(stdout, 0, _IONBF, 0);
+ result = passphrase_dialog(message);
+ g_free(message);
+
+ return (result);
+}
diff --git a/crypto/openssh/contrib/hpux/README b/crypto/openssh/contrib/hpux/README
new file mode 100644
index 0000000..f8bfa84
--- /dev/null
+++ b/crypto/openssh/contrib/hpux/README
@@ -0,0 +1,45 @@
+README for OpenSSH HP-UX contrib files
+Kevin Steves <stevesk@pobox.com>
+
+sshd: configuration file for sshd.rc
+sshd.rc: SSH startup script
+egd: configuration file for egd.rc
+egd.rc: EGD (entropy gathering daemon) startup script
+
+To install:
+
+sshd.rc:
+
+o Verify paths in sshd.rc match your local installation
+ (WHAT_PATH and WHAT_PID)
+o Customize sshd if needed (SSHD_ARGS)
+o Install:
+
+ # cp sshd /etc/rc.config.d
+ # chmod 444 /etc/rc.config.d/sshd
+ # cp sshd.rc /sbin/init.d
+ # chmod 555 /sbin/init.d/sshd.rc
+ # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd
+ # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd
+
+egd.rc:
+
+o Verify egd.pl path in egd.rc matches your local installation
+ (WHAT_PATH)
+o Customize egd if needed (EGD_ARGS and EGD_LOG)
+o Add pseudo account:
+
+ # groupadd egd
+ # useradd -g egd egd
+ # mkdir -p /etc/opt/egd
+ # chown egd:egd /etc/opt/egd
+ # chmod 711 /etc/opt/egd
+
+o Install:
+
+ # cp egd /etc/rc.config.d
+ # chmod 444 /etc/rc.config.d/egd
+ # cp egd.rc /sbin/init.d
+ # chmod 555 /sbin/init.d/egd.rc
+ # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd
+ # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd
diff --git a/crypto/openssh/contrib/hpux/egd b/crypto/openssh/contrib/hpux/egd
new file mode 100644
index 0000000..21af0bd
--- /dev/null
+++ b/crypto/openssh/contrib/hpux/egd
@@ -0,0 +1,15 @@
+# EGD_START: Set to 1 to start entropy gathering daemon
+# EGD_ARGS: Command line arguments to pass to egd
+# EGD_LOG: EGD stdout and stderr log file (default /etc/opt/egd/egd.log)
+#
+# To configure the egd environment:
+
+# groupadd egd
+# useradd -g egd egd
+# mkdir -p /etc/opt/egd
+# chown egd:egd /etc/opt/egd
+# chmod 711 /etc/opt/egd
+
+EGD_START=1
+EGD_ARGS='/etc/opt/egd/entropy'
+EGD_LOG=
diff --git a/crypto/openssh/contrib/hpux/egd.rc b/crypto/openssh/contrib/hpux/egd.rc
new file mode 100755
index 0000000..919dea7
--- /dev/null
+++ b/crypto/openssh/contrib/hpux/egd.rc
@@ -0,0 +1,98 @@
+#!/sbin/sh
+
+#
+# egd.rc: EGD start-up and shutdown script
+#
+
+# Allowed exit values:
+# 0 = success; causes "OK" to show up in checklist.
+# 1 = failure; causes "FAIL" to show up in checklist.
+# 2 = skip; causes "N/A" to show up in the checklist.
+# Use this value if execution of this script is overridden
+# by the use of a control variable, or if this script is not
+# appropriate to execute for some other reason.
+# 3 = reboot; causes the system to be rebooted after execution.
+
+# Input and output:
+# stdin is redirected from /dev/null
+#
+# stdout and stderr are redirected to the /etc/rc.log file
+# during checklist mode, or to the console in raw mode.
+
+umask 022
+
+PATH=/usr/sbin:/usr/bin:/sbin
+export PATH
+
+WHAT='EGD (entropy gathering daemon)'
+WHAT_PATH=/opt/perl/bin/egd.pl
+WHAT_CONFIG=/etc/rc.config.d/egd
+WHAT_LOG=/etc/opt/egd/egd.log
+
+# NOTE: If your script executes in run state 0 or state 1, then /usr might
+# not be available. Do not attempt to access commands or files in
+# /usr unless your script executes in run state 2 or greater. Other
+# file systems typically not mounted until run state 2 include /var
+# and /opt.
+
+rval=0
+
+# Check the exit value of a command run by this script. If non-zero, the
+# exit code is echoed to the log file and the return value of this script
+# is set to indicate failure.
+
+set_return() {
+ x=$?
+ if [ $x -ne 0 ]; then
+ echo "EXIT CODE: $x"
+ rval=1 # script FAILed
+ fi
+}
+
+case $1 in
+'start_msg')
+ echo "Starting $WHAT"
+ ;;
+
+'stop_msg')
+ echo "Stopping $WHAT"
+ ;;
+
+'start')
+ if [ -f $WHAT_CONFIG ] ; then
+ . $WHAT_CONFIG
+ else
+ echo "ERROR: $WHAT_CONFIG defaults file MISSING"
+ fi
+
+
+ if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then
+ EGD_LOG=${EGD_LOG:-$WHAT_LOG}
+ su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" &&
+ echo $WHAT started
+ set_return
+ else
+ rval=2
+ fi
+ ;;
+
+'stop')
+ pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'`
+ if [ "X$pid" != "X" ]; then
+ if kill "$pid"; then
+ echo "$WHAT stopped"
+ else
+ rval=1
+ echo "Unable to stop $WHAT"
+ fi
+ fi
+ set_return
+ ;;
+
+*)
+ echo "usage: $0 {start|stop|start_msg|stop_msg}"
+ rval=1
+ ;;
+esac
+
+exit $rval
diff --git a/crypto/openssh/contrib/hpux/sshd b/crypto/openssh/contrib/hpux/sshd
new file mode 100644
index 0000000..8eb5e92
--- /dev/null
+++ b/crypto/openssh/contrib/hpux/sshd
@@ -0,0 +1,5 @@
+# SSHD_START: Set to 1 to start SSH daemon
+# SSHD_ARGS: Command line arguments to pass to sshd
+#
+SSHD_START=1
+SSHD_ARGS=
diff --git a/crypto/openssh/contrib/hpux/sshd.rc b/crypto/openssh/contrib/hpux/sshd.rc
new file mode 100755
index 0000000..f9a1099
--- /dev/null
+++ b/crypto/openssh/contrib/hpux/sshd.rc
@@ -0,0 +1,90 @@
+#!/sbin/sh
+
+#
+# sshd.rc: SSH daemon start-up and shutdown script
+#
+
+# Allowed exit values:
+# 0 = success; causes "OK" to show up in checklist.
+# 1 = failure; causes "FAIL" to show up in checklist.
+# 2 = skip; causes "N/A" to show up in the checklist.
+# Use this value if execution of this script is overridden
+# by the use of a control variable, or if this script is not
+# appropriate to execute for some other reason.
+# 3 = reboot; causes the system to be rebooted after execution.
+
+# Input and output:
+# stdin is redirected from /dev/null
+#
+# stdout and stderr are redirected to the /etc/rc.log file
+# during checklist mode, or to the console in raw mode.
+
+PATH=/usr/sbin:/usr/bin:/sbin
+export PATH
+
+WHAT='OpenSSH'
+WHAT_PATH=/opt/openssh/sbin/sshd
+WHAT_PID=/var/run/sshd.pid
+WHAT_CONFIG=/etc/rc.config.d/sshd
+
+# NOTE: If your script executes in run state 0 or state 1, then /usr might
+# not be available. Do not attempt to access commands or files in
+# /usr unless your script executes in run state 2 or greater. Other
+# file systems typically not mounted until run state 2 include /var
+# and /opt.
+
+rval=0
+
+# Check the exit value of a command run by this script. If non-zero, the
+# exit code is echoed to the log file and the return value of this script
+# is set to indicate failure.
+
+set_return() {
+ x=$?
+ if [ $x -ne 0 ]; then
+ echo "EXIT CODE: $x"
+ rval=1 # script FAILed
+ fi
+}
+
+case $1 in
+'start_msg')
+ echo "Starting $WHAT"
+ ;;
+
+'stop_msg')
+ echo "Stopping $WHAT"
+ ;;
+
+'start')
+ if [ -f $WHAT_CONFIG ] ; then
+ . $WHAT_CONFIG
+ else
+ echo "ERROR: $WHAT_CONFIG defaults file MISSING"
+ fi
+
+ if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then
+ $WHAT_PATH $SSHD_ARGS && echo "$WHAT started"
+ set_return
+ else
+ rval=2
+ fi
+ ;;
+
+'stop')
+ if kill `cat $WHAT_PID`; then
+ echo "$WHAT stopped"
+ else
+ rval=1
+ echo "Unable to stop $WHAT"
+ fi
+ set_return
+ ;;
+
+*)
+ echo "usage: $0 {start|stop|start_msg|stop_msg}"
+ rval=1
+ ;;
+esac
+
+exit $rval
diff --git a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh
new file mode 100644
index 0000000..dd77712
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.csh
@@ -0,0 +1 @@
+setenv SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass
diff --git a/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh
new file mode 100755
index 0000000..355189f
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh
@@ -0,0 +1,2 @@
+SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
+export SSH_ASKPASS
diff --git a/crypto/openssh/contrib/redhat/openssh.spec b/crypto/openssh/contrib/redhat/openssh.spec
new file mode 100644
index 0000000..d1191f4
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/openssh.spec
@@ -0,0 +1,812 @@
+%define ver 6.3p1
+%define rel 1
+
+# OpenSSH privilege separation requires a user & group ID
+%define sshd_uid 74
+%define sshd_gid 74
+
+# Version of ssh-askpass
+%define aversion 1.2.4.1
+
+# Do we want to disable building of x11-askpass? (1=yes 0=no)
+%define no_x11_askpass 0
+
+# Do we want to disable building of gnome-askpass? (1=yes 0=no)
+%define no_gnome_askpass 0
+
+# Do we want to link against a static libcrypto? (1=yes 0=no)
+%define static_libcrypto 0
+
+# Do we want smartcard support (1=yes 0=no)
+%define scard 0
+
+# Use GTK2 instead of GNOME in gnome-ssh-askpass
+%define gtk2 1
+
+# Is this build for RHL 6.x?
+%define build6x 0
+
+# Do we want kerberos5 support (1=yes 0=no)
+%define kerberos5 1
+
+# Reserve options to override askpass settings with:
+# rpm -ba|--rebuild --define 'skip_xxx 1'
+%{?skip_x11_askpass:%define no_x11_askpass 1}
+%{?skip_gnome_askpass:%define no_gnome_askpass 1}
+
+# Add option to build without GTK2 for older platforms with only GTK+.
+# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
+# rpm -ba|--rebuild --define 'no_gtk2 1'
+%{?no_gtk2:%define gtk2 0}
+
+# Is this a build for RHL 6.x or earlier?
+%{?build_6x:%define build6x 1}
+
+# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
+%if %{build6x}
+%define _sysconfdir /etc
+%endif
+
+# Options for static OpenSSL link:
+# rpm -ba|--rebuild --define "static_openssl 1"
+%{?static_openssl:%define static_libcrypto 1}
+
+# Options for Smartcard support: (needs libsectok and openssl-engine)
+# rpm -ba|--rebuild --define "smartcard 1"
+%{?smartcard:%define scard 1}
+
+# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
+%define rescue 0
+%{?build_rescue:%define rescue 1}
+
+# Turn off some stuff for resuce builds
+%if %{rescue}
+%define kerberos5 0
+%endif
+
+Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
+Name: openssh
+Version: %{ver}
+%if %{rescue}
+Release: %{rel}rescue
+%else
+Release: %{rel}
+%endif
+URL: http://www.openssh.com/portable.html
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+%if ! %{no_x11_askpass}
+Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
+%endif
+License: BSD
+Group: Applications/Internet
+BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
+Obsoletes: ssh
+%if %{build6x}
+PreReq: initscripts >= 5.00
+%else
+Requires: initscripts >= 5.20
+%endif
+BuildRequires: perl, openssl-devel, tcp_wrappers
+BuildRequires: /bin/login
+%if ! %{build6x}
+BuildPreReq: glibc-devel, pam
+%else
+BuildRequires: /usr/include/security/pam_appl.h
+%endif
+%if ! %{no_x11_askpass}
+BuildRequires: /usr/include/X11/Xlib.h
+%endif
+%if ! %{no_gnome_askpass}
+BuildRequires: pkgconfig
+%endif
+%if %{kerberos5}
+BuildRequires: krb5-devel
+BuildRequires: krb5-libs
+%endif
+
+%package clients
+Summary: OpenSSH clients.
+Requires: openssh = %{version}-%{release}
+Group: Applications/Internet
+Obsoletes: ssh-clients
+
+%package server
+Summary: The OpenSSH server daemon.
+Group: System Environment/Daemons
+Obsoletes: ssh-server
+Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
+%if ! %{build6x}
+Requires: /etc/pam.d/system-auth
+%endif
+
+%package askpass
+Summary: A passphrase dialog for OpenSSH and X.
+Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Obsoletes: ssh-extras
+
+%package askpass-gnome
+Summary: A passphrase dialog for OpenSSH, X, and GNOME.
+Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Obsoletes: ssh-extras
+
+%description
+SSH (Secure SHell) is a program for logging into and executing
+commands on a remote machine. SSH is intended to replace rlogin and
+rsh, and to provide secure encrypted communications between two
+untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's version of the last free version of SSH, bringing
+it up to date in terms of security and features, as well as removing
+all patented algorithms to separate libraries.
+
+This package includes the core files necessary for both the OpenSSH
+client and server. To make this package useful, you should also
+install openssh-clients, openssh-server, or both.
+
+%description clients
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package includes
+the clients necessary to make encrypted connections to SSH servers.
+You'll also need to install the openssh package on OpenSSH clients.
+
+%description server
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+the secure shell daemon (sshd). The sshd daemon allows SSH clients to
+securely connect to your SSH server. You also need to have the openssh
+package installed.
+
+%description askpass
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+an X11 passphrase dialog for OpenSSH.
+
+%description askpass-gnome
+OpenSSH is a free version of SSH (Secure SHell), a program for logging
+into and executing commands on a remote machine. This package contains
+an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
+environment.
+
+%prep
+
+%if ! %{no_x11_askpass}
+%setup -q -a 1
+%else
+%setup -q
+%endif
+
+%build
+%if %{rescue}
+CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
+%endif
+
+%if %{kerberos5}
+K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
+echo K5DIR=$K5DIR
+%endif
+
+%configure \
+ --sysconfdir=%{_sysconfdir}/ssh \
+ --libexecdir=%{_libexecdir}/openssh \
+ --datadir=%{_datadir}/openssh \
+ --with-tcp-wrappers \
+ --with-rsh=%{_bindir}/rsh \
+ --with-default-path=/usr/local/bin:/bin:/usr/bin \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+ --with-privsep-path=%{_var}/empty/sshd \
+ --with-md5-passwords \
+%if %{scard}
+ --with-smartcard \
+%endif
+%if %{rescue}
+ --without-pam \
+%else
+ --with-pam \
+%endif
+%if %{kerberos5}
+ --with-kerberos5=$K5DIR \
+%endif
+
+
+%if %{static_libcrypto}
+perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
+%endif
+
+make
+
+%if ! %{no_x11_askpass}
+pushd x11-ssh-askpass-%{aversion}
+%configure --libexecdir=%{_libexecdir}/openssh
+xmkmf -a
+make
+popd
+%endif
+
+# Define a variable to toggle gnome1/gtk2 building. This is necessary
+# because RPM doesn't handle nested %if statements.
+%if %{gtk2}
+ gtk2=yes
+%else
+ gtk2=no
+%endif
+
+%if ! %{no_gnome_askpass}
+pushd contrib
+if [ $gtk2 = yes ] ; then
+ make gnome-ssh-askpass2
+ mv gnome-ssh-askpass2 gnome-ssh-askpass
+else
+ make gnome-ssh-askpass1
+ mv gnome-ssh-askpass1 gnome-ssh-askpass
+fi
+popd
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
+mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
+
+make install DESTDIR=$RPM_BUILD_ROOT
+
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
+%if %{build6x}
+install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd
+%else
+install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+%endif
+install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+
+%if ! %{no_x11_askpass}
+install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
+ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
+%endif
+
+%if ! %{no_gnome_askpass}
+install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+%if ! %{scard}
+ rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
+%endif
+
+%if ! %{no_gnome_askpass}
+install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+%endif
+
+perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%triggerun server -- ssh-server
+if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
+ touch /var/run/sshd.restart
+fi
+
+%triggerun server -- openssh-server < 2.5.0p1
+# Count the number of HostKey and HostDsaKey statements we have.
+gawk 'BEGIN {IGNORECASE=1}
+ /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
+ END {exit sawhostkey}' /etc/ssh/sshd_config
+# And if we only found one, we know the client was relying on the old default
+# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
+# specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying
+# one nullifies the default, which would have loaded both.
+if [ $? -eq 1 ] ; then
+ echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
+ echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
+fi
+
+%triggerpostun server -- ssh-server
+if [ "$1" != 0 ] ; then
+ /sbin/chkconfig --add sshd
+ if test -f /var/run/sshd.restart ; then
+ rm -f /var/run/sshd.restart
+ /sbin/service sshd start > /dev/null 2>&1 || :
+ fi
+fi
+
+%pre server
+%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
+ -g sshd -M -r sshd 2>/dev/null || :
+
+%post server
+/sbin/chkconfig --add sshd
+
+%postun server
+/sbin/service sshd condrestart > /dev/null 2>&1 || :
+
+%preun server
+if [ "$1" = 0 ]
+then
+ /sbin/service sshd stop > /dev/null 2>&1 || :
+ /sbin/chkconfig --del sshd
+fi
+
+%files
+%defattr(-,root,root)
+%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
+%attr(0755,root,root) %{_bindir}/scp
+%attr(0644,root,root) %{_mandir}/man1/scp.1*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
+%if ! %{rescue}
+%attr(0755,root,root) %{_bindir}/ssh-keygen
+%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
+%attr(0755,root,root) %dir %{_libexecdir}/openssh
+%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
+%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
+%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
+%endif
+%if %{scard}
+%attr(0755,root,root) %dir %{_datadir}/openssh
+%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
+%endif
+
+%files clients
+%defattr(-,root,root)
+%attr(0755,root,root) %{_bindir}/ssh
+%attr(0644,root,root) %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%attr(-,root,root) %{_bindir}/slogin
+%attr(-,root,root) %{_mandir}/man1/slogin.1*
+%if ! %{rescue}
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
+%attr(0755,root,root) %{_bindir}/ssh-add
+%attr(0755,root,root) %{_bindir}/ssh-keyscan
+%attr(0755,root,root) %{_bindir}/sftp
+%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %{_mandir}/man1/sftp.1*
+%endif
+
+%if ! %{rescue}
+%files server
+%defattr(-,root,root)
+%dir %attr(0111,root,root) %{_var}/empty/sshd
+%attr(0755,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
+%attr(0644,root,root) %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) %{_mandir}/man5/moduli.5*
+%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
+%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
+%endif
+
+%if ! %{no_x11_askpass}
+%files askpass
+%defattr(-,root,root)
+%doc x11-ssh-askpass-%{aversion}/README
+%doc x11-ssh-askpass-%{aversion}/ChangeLog
+%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
+%endif
+
+%if ! %{no_gnome_askpass}
+%files askpass-gnome
+%defattr(-,root,root)
+%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
+%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+%changelog
+* Wed Jul 14 2010 Tim Rice <tim@multitalents.net>
+- test for skip_x11_askpass (line 77) should have been for no_x11_askpass
+
+* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
+- Remove noip6 option. This may be controlled at run-time in client config
+ file using new AddressFamily directive
+
+* Mon May 12 2003 Damien Miller <djm@mindrot.org>
+- Don't install profile.d scripts when not building with GNOME/GTK askpass
+ (patch from bet@rahul.net)
+
+* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
+- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
+
+* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
+- Use contrib/ Makefile for building askpass programs
+
+* Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
+- Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
+- Add new {ssh,sshd}_config.5 manpages
+- Add new ssh-keysign program and remove setuid from ssh client
+
+* Fri May 10 2002 Damien Miller <djm@mindrot.org>
+- Merge in spec changes from RedHat, reorgansie a little
+- Add Privsep user, group and directory
+
+* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
+- bump and grind (through the build system)
+
+* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
+- require sharutils for building (mindrot #137)
+- require db1-devel only when building for 6.x (#55105), which probably won't
+ work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
+- require pam-devel by file (not by package name) again
+- add Markus's patch to compile with OpenSSL 0.9.5a (from
+ http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
+ building for 6.x
+
+* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
+- update to 3.1p1
+
+* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
+- update to SNAP-20020305
+- drop debug patch, fixed upstream
+
+* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
+- update to SNAP-20020220 for testing purposes (you've been warned, if there's
+ anything to be warned about, gss patches won't apply, I don't mind)
+
+* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
+- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
+ exchange, authentication, and named key support
+
+* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
+- remove dependency on db1-devel, which has just been swallowed up whole
+ by gnome-libs-devel
+
+* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
+- adjust build dependencies so that build6x actually works right (fix
+ from Hugo van der Kooij)
+
+* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
+- update to 3.0.2p1
+
+* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
+- update to 3.0.1p1
+
+* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to current CVS (not for use in distribution)
+
+* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
+- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
+ 3.0p1 spec file and init script
+
+* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 3.0p1
+- update to x11-ssh-askpass 1.2.4.1
+- change build dependency on a file from pam-devel to the pam-devel package
+- replace primes with moduli
+
+* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
+- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
+
+* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
+- Merge changes to rescue build from current sysadmin survival cd
+
+* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
+- fix scp's server's reporting of file sizes, and build with the proper
+ preprocessor define to get large-file capable open(), stat(), etc.
+ (sftp has been doing this correctly all along) (#51827)
+- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
+- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
+- mark profile.d scriptlets as config files (#42337)
+- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
+- change a couple of log() statements to debug() statements (#50751)
+- pull cvs patch to add -t flag to sshd (#28611)
+- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
+
+* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
+- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
+
+* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
+- pull cvs patch to fix remote port forwarding with protocol 2
+
+* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
+- pull cvs patch to add session initialization to no-pty sessions
+- pull cvs patch to not cut off challengeresponse auth needlessly
+- refuse to do X11 forwarding if xauth isn't there, handy if you enable
+ it by default on a system that doesn't have X installed (#49263)
+
+* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
+- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
+
+* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
+- pass OPTIONS correctly to initlog (#50151)
+
+* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
+- switch to x11-ssh-askpass 1.2.2
+
+* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
+- rebuild in new environment
+
+* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
+- disable the gssapi patch
+
+* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 2.9p2
+- refresh to a new version of the gssapi patch
+
+* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
+- change Copyright: BSD to License: BSD
+- add Markus Friedl's unverified patch for the cookie file deletion problem
+ so that we can verify it
+- drop patch to check if xauth is present (was folded into cookie patch)
+- don't apply gssapi patches for the errata candidate
+- clear supplemental groups list at startup
+
+* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
+- fix an error parsing the new default sshd_config
+- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
+ dealing with comments right
+
+* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
+- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
+ to be removed before the next beta cycle because it's a big departure
+ from the upstream version
+
+* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
+- finish marking strings in the init script for translation
+- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
+ at startup (change merged from openssh.com init script, originally by
+ Pekka Savola)
+- refuse to do X11 forwarding if xauth isn't there, handy if you enable
+ it by default on a system that doesn't have X installed
+
+* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 2.9
+- drop various patches that came from or went upstream or to or from CVS
+
+* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
+- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
+
+* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
+- remove explicit openssl requirement, fixes builddistro issue
+- make initscript stop() function wait until sshd really dead to avoid
+ races in condrestart
+
+* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
+- mention that challengereponse supports PAM, so disabling password doesn't
+ limit users to pubkey and rsa auth (#34378)
+- bypass the daemon() function in the init script and call initlog directly,
+ because daemon() won't start a daemon it detects is already running (like
+ open connections)
+- require the version of openssl we had when we were built
+
+* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
+- make do_pam_setcred() smart enough to know when to establish creds and
+ when to reinitialize them
+- add in a couple of other fixes from Damien for inclusion in the errata
+
+* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 2.5.2p2
+- call setcred() again after initgroups, because the "creds" could actually
+ be group memberships
+
+* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
+- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
+- don't enable challenge-response by default until we find a way to not
+ have too many userauth requests (we may make up to six pubkey and up to
+ three password attempts as it is)
+- remove build dependency on rsh to match openssh.com's packages more closely
+
+* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
+- remove dependency on openssl -- would need to be too precise
+
+* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
+- rebuild in new environment
+
+* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Revert the patch to move pam_open_session.
+- Init script and spec file changes from Pekka Savola. (#28750)
+- Patch sftp to recognize '-o protocol' arguments. (#29540)
+
+* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Chuck the closing patch.
+- Add a trigger to add host keys for protocol 2 to the config file, now that
+ configuration file syntax requires us to specify it with HostKey if we
+ specify any other HostKey values, which we do.
+
+* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Redo patch to move pam_open_session after the server setuid()s to the user.
+- Rework the nopam patch to use be picked up by autoconf.
+
+* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Update for 2.5.1p1.
+- Add init script mods from Pekka Savola.
+- Tweak the init script to match the CVS contrib script more closely.
+- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
+ adding id_rsa.
+
+* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Update for 2.5.0p1.
+- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
+- Resync with parts of Damien Miller's openssh.spec from CVS, including
+ update of x11 askpass to 1.2.0.
+- Only require openssl (don't prereq) because we generate keys in the init
+ script now.
+
+* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Don't open a PAM session until we've forked and become the user (#25690).
+- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
+ host the user is attempting a login from.
+- Resync with parts of Damien Miller's openssh.spec from CVS.
+- Don't expose KbdInt responses in debug messages (from CVS).
+- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
+
+* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
+- i18n-tweak to initscript.
+
+* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
+- More gettextizing.
+- Close all files after going into daemon mode (needs more testing).
+- Extract patch from CVS to handle auth banners (in the client).
+- Extract patch from CVS to handle compat weirdness.
+
+* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Finish with the gettextizing.
+
+* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
+- Fix a bug in auth2-pam.c (#23877)
+- Gettextize the init script.
+
+* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Incorporate a switch for using PAM configs for 6.x, just in case.
+
+* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Incorporate Bero's changes for a build specifically for rescue CDs.
+
+* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
+ succeeded, to allow public-key authentication after a failure with "none"
+ authentication. (#21268)
+
+* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to x11-askpass 1.1.1. (#21301)
+- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
+
+* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Merge multiple PAM text messages into subsequent prompts when possible when
+ doing keyboard-interactive authentication.
+
+* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Disable the built-in MD5 password support. We're using PAM.
+- Take a crack at doing keyboard-interactive authentication with PAM, and
+ enable use of it in the default client configuration so that the client
+ will try it when the server disallows password authentication.
+- Build with debugging flags. Build root policies strip all binaries anyway.
+
+* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Use DESTDIR instead of %%makeinstall.
+- Remove /usr/X11R6/bin from the path-fixing patch.
+
+* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Add the primes file from the latest snapshot to the main package (#20884).
+- Add the dev package to the prereq list (#19984).
+- Remove the default path and mimic login's behavior in the server itself.
+
+* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Resync with conditional options in Damien Miller's .spec file for an errata.
+- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
+
+* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to OpenSSH 2.3.0p1.
+- Update to x11-askpass 1.1.0.
+- Enable keyboard-interactive authentication.
+
+* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to ssh-askpass-x11 1.0.3.
+- Change authentication related messages to be private (#19966).
+
+* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Patch ssh-keygen to be able to list signatures for DSA public key files
+ it generates.
+
+* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Add BuildRequires on /usr/include/security/pam_appl.h to be sure we always
+ build PAM authentication in.
+- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
+- Clean out no-longer-used patches.
+- Patch ssh-add to try to add both identity and id_dsa, and to error only
+ when neither exists.
+
+* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update x11-askpass to 1.0.2. (#17835)
+- Add BuildRequiress for /bin/login and /usr/bin/rsh so that configure will
+ always find them in the right place. (#17909)
+- Set the default path to be the same as the one supplied by /bin/login, but
+ add /usr/X11R6/bin. (#17909)
+- Try to handle obsoletion of ssh-server more cleanly. Package names
+ are different, but init script name isn't. (#17865)
+
+* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 2.2.0p1. (#17835)
+- Tweak the init script to allow proper restarting. (#18023)
+
+* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 20000823 snapshot.
+- Change subpackage requirements from %%{version} to %%{version}-%%{release}
+- Back out the pipe patch.
+
+* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 2.1.1p4, which includes fixes for config file parsing problems.
+- Move the init script back.
+- Add Damien's quick fix for wackiness.
+
+* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
+
+* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Move condrestart to server postun.
+- Move key generation to init script.
+- Actually use the right patch for moving the key generation to the init script.
+- Clean up the init script a bit.
+
+* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
+
+* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 2.1.1p2.
+- Use of strtok() considered harmful.
+
+* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Get the build root out of the man pages.
+
+* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Add and use condrestart support in the init script.
+- Add newer initscripts as a prereq.
+
+* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Build in new environment (release 2)
+- Move -clients subpackage to Applications/Internet group
+
+* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Update to 2.2.1p1
+
+* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
+- Patch to build with neither RSA nor RSAref.
+- Miscellaneous FHS-compliance tweaks.
+- Fix for possibly-compressed man pages.
+
+* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+
+* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
+- Added Jim Knoble's <jmknoble@pobox.com> askpass
+
+* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
+
+* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
+- Added 'Obsoletes' directives
+
+* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
+- Use make install
+- Subpackages
+
+* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+
+* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
+- Renamed init script
+
+* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
+- Back to old binary names
+
+* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
+- Use autoconf
+- New binary names
+
+* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
diff --git a/crypto/openssh/contrib/redhat/sshd.init b/crypto/openssh/contrib/redhat/sshd.init
new file mode 100755
index 0000000..40c8dfd
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/sshd.init
@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+RETVAL=0
+prog="sshd"
+
+# Some functions to make the below more readable
+SSHD=/usr/sbin/sshd
+PID_FILE=/var/run/sshd.pid
+
+do_restart_sanity_check()
+{
+ $SSHD -t
+ RETVAL=$?
+ if [ $RETVAL -ne 0 ]; then
+ failure $"Configuration file or keys are invalid"
+ echo
+ fi
+}
+
+start()
+{
+ # Create keys if necessary
+ /usr/bin/ssh-keygen -A
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon /etc/ssh/ssh_host_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
+ /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
+ fi
+
+ echo -n $"Starting $prog:"
+ $SSHD $OPTIONS && success || failure
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+ echo
+}
+
+stop()
+{
+ echo -n $"Stopping $prog:"
+ killproc $SSHD -TERM
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+ echo
+}
+
+reload()
+{
+ echo -n $"Reloading $prog:"
+ killproc $SSHD -HUP
+ RETVAL=$?
+ echo
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ reload
+ ;;
+ condrestart)
+ if [ -f /var/lock/subsys/sshd ] ; then
+ do_restart_sanity_check
+ if [ $RETVAL -eq 0 ] ; then
+ stop
+ # avoid race
+ sleep 3
+ start
+ fi
+ fi
+ ;;
+ status)
+ status $SSHD
+ RETVAL=$?
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
+ RETVAL=1
+esac
+exit $RETVAL
diff --git a/crypto/openssh/contrib/redhat/sshd.init.old b/crypto/openssh/contrib/redhat/sshd.init.old
new file mode 100755
index 0000000..0deb608
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/sshd.init.old
@@ -0,0 +1,172 @@
+#!/bin/bash
+#
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+RETVAL=0
+prog="sshd"
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+SSHD=/usr/sbin/sshd
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+
+my_success() {
+ local msg
+ if [ $# -gt 1 ]; then
+ msg="$2"
+ else
+ msg="done"
+ fi
+ case "`type -type success`" in
+ function)
+ success "$1"
+ ;;
+ *)
+ echo -n "${msg}"
+ ;;
+ esac
+}
+my_failure() {
+ local msg
+ if [ $# -gt 1 ]; then
+ msg="$2"
+ else
+ msg="FAILED"
+ fi
+ case "`type -type failure`" in
+ function)
+ failure "$1"
+ ;;
+ *)
+ echo -n "${msg}"
+ ;;
+ esac
+}
+do_rsa1_keygen() {
+ if [ ! -s $RSA1_KEY ]; then
+ echo -n "Generating SSH1 RSA host key: "
+ if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
+ my_success "RSA1 key generation"
+ echo
+ else
+ my_failure "RSA1 key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_rsa_keygen() {
+ if [ ! -s $RSA_KEY ]; then
+ echo -n "Generating SSH2 RSA host key: "
+ if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
+ my_success "RSA key generation"
+ echo
+ else
+ my_failure "RSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_dsa_keygen() {
+ if [ ! -s $DSA_KEY ]; then
+ echo -n "Generating SSH2 DSA host key: "
+ if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
+ my_success "DSA key generation"
+ echo
+ else
+ my_failure "DSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_restart_sanity_check() {
+ $SSHD -t
+ RETVAL=$?
+ if [ ! "$RETVAL" = 0 ]; then
+ my_failure "Configuration file or keys"
+ echo
+ fi
+}
+
+
+case "$1" in
+ start)
+ # Create keys if necessary
+ do_rsa1_keygen;
+ do_rsa_keygen;
+ do_dsa_keygen;
+
+ echo -n "Starting sshd: "
+ if [ ! -f $PID_FILE ] ; then
+ sshd $OPTIONS
+ RETVAL=$?
+ if [ "$RETVAL" = "0" ] ; then
+ my_success "sshd startup" "sshd"
+ touch /var/lock/subsys/sshd
+ else
+ my_failure "sshd startup" ""
+ fi
+ fi
+ echo
+ ;;
+ stop)
+ echo -n "Shutting down sshd: "
+ if [ -f $PID_FILE ] ; then
+ killproc sshd
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+ fi
+ echo
+ ;;
+ restart)
+ do_restart_sanity_check
+ $0 stop
+ $0 start
+ RETVAL=$?
+ ;;
+ condrestart)
+ if [ -f /var/lock/subsys/sshd ] ; then
+ do_restart_sanity_check
+ $0 stop
+ $0 start
+ RETVAL=$?
+ fi
+ ;;
+ status)
+ status sshd
+ RETVAL=$?
+ ;;
+ *)
+ echo "Usage: sshd {start|stop|restart|status|condrestart}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/crypto/openssh/contrib/redhat/sshd.pam b/crypto/openssh/contrib/redhat/sshd.pam
new file mode 100644
index 0000000..ffa5adb
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/sshd.pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_stack.so service=system-auth
+account required pam_nologin.so
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
diff --git a/crypto/openssh/contrib/redhat/sshd.pam.old b/crypto/openssh/contrib/redhat/sshd.pam.old
new file mode 100644
index 0000000..26dcb34
--- /dev/null
+++ b/crypto/openssh/contrib/redhat/sshd.pam.old
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_pwdb.so shadow nodelay
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_pwdb.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_pwdb.so shadow nullok use_authtok
+session required /lib/security/pam_pwdb.so
+session required /lib/security/pam_limits.so
diff --git a/crypto/openssh/contrib/solaris/README b/crypto/openssh/contrib/solaris/README
new file mode 100755
index 0000000..fefdd4b
--- /dev/null
+++ b/crypto/openssh/contrib/solaris/README
@@ -0,0 +1,30 @@
+The following is a new package build script for Solaris. This is being
+introduced into OpenSSH 3.0 and above in hopes of simplifying the build
+process. As of 3.1p2 the script should work on all platforms that have
+SVR4 style package tools.
+
+The build process is called a 'dummy install'.. Which means the software does
+a "make install-nokeys DESTDIR=[fakeroot]". This way all manpages should
+be handled correctly and key are defered until the first time the sshd
+is started.
+
+Directions:
+
+1. make -F Makefile.in distprep (Only if you are getting from the CVS tree)
+2. ./configure --with-pam [..any other options you want..]
+3. look at the top of buildpkg.sh for the configurable options and put
+ any changes you want in openssh-config.local. Additional customizations
+ can be done to the build process by creating one or more of the following
+ scripts that will be sourced by buildpkg.sh.
+ pkg_post_make_install_fixes.sh pkg-post-prototype-edit.sh
+ pkg-preinstall.local pkg-postinstall.local pkg-preremove.local
+ pkg-postremove.local pkg-request.local
+4. Run "make package"
+
+If all goes well you should have a solaris package ready to be installed.
+
+If you have any problems with this script please post them to
+openssh-unix-dev@mindrot.org and I will try to assist you as best as I can.
+
+- Ben Lindstrom
+
diff --git a/crypto/openssh/contrib/ssh-copy-id b/crypto/openssh/contrib/ssh-copy-id
new file mode 100644
index 0000000..ae88e99
--- /dev/null
+++ b/crypto/openssh/contrib/ssh-copy-id
@@ -0,0 +1,300 @@
+#!/bin/sh
+
+# Copyright (c) 1999-2013 Philip Hands <phil@hands.com>
+# 2013 Martin Kletzander <mkletzan@redhat.com>
+# 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
+# 2010 Eric Moret <eric.moret@gmail.com>
+# 2009 Xr <xr@i-jeuxvideo.com>
+# 2007 Justin Pryzby <justinpryzby@users.sourceforge.net>
+# 2004 Reini Urban <rurban@x-ray.at>
+# 2003 Colin Watson <cjwatson@debian.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Shell script to install your public key(s) on a remote machine
+# See the ssh-copy-id(1) man page for details
+
+# check that we have something mildly sane as our shell, or try to find something better
+if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0"
+then
+ SANE_SH=${SANE_SH:-/usr/bin/ksh}
+ if printf 'true ^ false\n' | "$SANE_SH"
+ then
+ printf "'%s' seems viable.\n" "$SANE_SH"
+ exec "$SANE_SH" "$0" "$@"
+ else
+ cat <<-EOF
+ oh dear.
+
+ If you have a more recent shell available, that supports \$(...) etc.
+ please try setting the environment variable SANE_SH to the path of that
+ shell, and then retry running this script. If that works, please report
+ a bug describing your setup, and the shell you used to make it work.
+
+ EOF
+ printf "%s: ERROR: Less dimwitted shell required.\n" "$0"
+ exit 1
+ fi
+fi
+
+DEFAULT_PUB_ID_FILE=$(ls -t ${HOME}/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+
+usage () {
+ printf 'Usage: %s [-h|-?|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
+ exit 1
+}
+
+# escape any single quotes in an argument
+quote() {
+ printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g"
+}
+
+use_id_file() {
+ local L_ID_FILE="$1"
+
+ if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then
+ PUB_ID_FILE="$L_ID_FILE"
+ else
+ PUB_ID_FILE="$L_ID_FILE.pub"
+ fi
+
+ PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
+
+ # check that the files are readable
+ for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
+ ErrMSG=$( { : < $f ; } 2>&1 ) || {
+ printf "\n%s: ERROR: failed to open ID file '%s': %s\n\n" "$0" "$f" "$(printf "%s\n" "$ErrMSG" | sed -e 's/.*: *//')"
+ exit 1
+ }
+ done
+ GET_ID="cat \"$PUB_ID_FILE\""
+}
+
+if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then
+ GET_ID="ssh-add -L"
+fi
+
+while test "$#" -gt 0
+do
+ [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
+ printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
+ usage
+ }
+
+ OPT= OPTARG=
+ # implement something like getopt to avoid Solaris pain
+ case "$1" in
+ -i?*|-o?*|-p?*)
+ OPT="$(printf -- "$1"|cut -c1-2)"
+ OPTARG="$(printf -- "$1"|cut -c3-)"
+ shift
+ ;;
+ -o|-p)
+ OPT="$1"
+ OPTARG="$2"
+ shift 2
+ ;;
+ -i)
+ OPT="$1"
+ test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || {
+ OPTARG="$2"
+ shift
+ }
+ shift
+ ;;
+ -n|-h|-\?)
+ OPT="$1"
+ OPTARG=
+ shift
+ ;;
+ --)
+ shift
+ while test "$#" -gt 0
+ do
+ SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
+ shift
+ done
+ break
+ ;;
+ -*)
+ printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1"
+ usage
+ ;;
+ *)
+ SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
+ shift
+ continue
+ ;;
+ esac
+
+ case "$OPT" in
+ -i)
+ SEEN_OPT_I="yes"
+ use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}"
+ ;;
+ -o|-p)
+ SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'"
+ ;;
+ -n)
+ DRY_RUN=1
+ ;;
+ -h|-\?)
+ usage
+ ;;
+ esac
+done
+
+eval set -- "$SAVEARGS"
+
+if [ $# = 0 ] ; then
+ usage
+fi
+if [ $# != 1 ] ; then
+ printf '%s: ERROR: Too many arguments. Expecting a target hostname, got: %s\n\n' "$0" "$SAVEARGS" >&2
+ usage
+fi
+
+# drop trailing colon
+USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//')
+# tack the hostname onto SSH_OPTS
+SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
+# and populate "$@" for later use (only way to get proper quoting of options)
+eval set -- "$SSH_OPTS"
+
+if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then
+ use_id_file "$PUB_ID_FILE"
+fi
+
+if [ -z "$(eval $GET_ID)" ] ; then
+ printf '%s: ERROR: No identities found\n' "$0" >&2
+ exit 1
+fi
+
+# populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...)
+# and has the side effect of setting $NEW_IDS
+populate_new_ids() {
+ local L_SUCCESS="$1"
+
+ # repopulate "$@" inside this function
+ eval set -- "$SSH_OPTS"
+
+ umask 0177
+ local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
+ if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
+ echo "mktemp failed" 1>&2
+ exit 1
+ fi
+ trap "rm -f $L_TMP_ID_FILE ${L_TMP_ID_FILE}.pub" EXIT TERM INT QUIT
+ printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
+ NEW_IDS=$(
+ eval $GET_ID | {
+ while read ID ; do
+ printf '%s\n' "$ID" > $L_TMP_ID_FILE
+
+ # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
+ # assumption will break if we implement the possibility of multiple -i options.
+ # The point being that if file based, ssh needs the private key, which it cannot
+ # find if only given the contents of the .pub file in an unrelated tmpfile
+ ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
+ -o PreferredAuthentications=publickey \
+ -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null
+ if [ "$?" = "$L_SUCCESS" ] ; then
+ : > $L_TMP_ID_FILE
+ else
+ grep 'Permission denied' $L_TMP_ID_FILE.stderr >/dev/null || {
+ sed -e 's/^/ERROR: /' <$L_TMP_ID_FILE.stderr >$L_TMP_ID_FILE
+ cat >/dev/null #consume the other keys, causing loop to end
+ }
+ fi
+
+ cat $L_TMP_ID_FILE
+ done
+ }
+ )
+ rm -f $L_TMP_ID_FILE* && trap - EXIT TERM INT QUIT
+
+ if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then
+ printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2
+ exit 1
+ fi
+ if [ -z "$NEW_IDS" ] ; then
+ printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n\n' "$0" >&2
+ exit 0
+ fi
+ printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
+}
+
+REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
+ sed -ne 's/.*remote software version //p')
+
+case "$REMOTE_VERSION" in
+ NetScreen*)
+ populate_new_ids 1
+ for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do
+ KEY_NO=$(($KEY_NO + 1))
+ printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || {
+ printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2
+ continue
+ }
+ [ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | ssh -T "$@" >/dev/null 2>&1
+ if [ $? = 255 ] ; then
+ printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2
+ else
+ ADDED=$(($ADDED + 1))
+ fi
+ done
+ if [ -z "$ADDED" ] ; then
+ exit 1
+ fi
+ ;;
+ *)
+ # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
+ populate_new_ids 0
+ [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
+ umask 077 ;
+ mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
+ if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi" \
+ || exit 1
+ ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
+ ;;
+esac
+
+if [ "$DRY_RUN" ] ; then
+ cat <<-EOF
+ =-=-=-=-=-=-=-=
+ Would have added the following key(s):
+
+ $NEW_IDS
+ =-=-=-=-=-=-=-=
+ EOF
+else
+ cat <<-EOF
+
+ Number of key(s) added: $ADDED
+
+ Now try logging into the machine, with: "ssh $SSH_OPTS"
+ and check to make sure that only the key(s) you wanted were added.
+
+ EOF
+fi
+
+# =-=-=-=
diff --git a/crypto/openssh/contrib/ssh-copy-id.1 b/crypto/openssh/contrib/ssh-copy-id.1
new file mode 100644
index 0000000..67a59e4
--- /dev/null
+++ b/crypto/openssh/contrib/ssh-copy-id.1
@@ -0,0 +1,186 @@
+.ig \" -*- nroff -*-
+Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/>
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+..
+.Dd $Mdocdate: June 17 2010 $
+.Dt SSH-COPY-ID 1
+.Os
+.Sh NAME
+.Nm ssh-copy-id
+.Nd use locally available keys to authorise logins on a remote machine
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Op Fl i Op Ar identity_file
+.Op Fl p Ar port
+.Op Fl o Ar ssh_option
+.Op Ar user Ns @ Ns
+.Ar hostname
+.Nm
+.Fl h | Fl ?
+.br
+.Sh DESCRIPTION
+.Nm
+is a script that uses
+.Xr ssh 1
+to log into a remote machine (presumably using a login password,
+so password authentication should be enabled, unless you've done some
+clever use of multiple identities). It assembles a list of one or more
+fingerprints (as described below) and tries to log in with each key, to
+see if any of them are already installed (of course, if you are not using
+.Xr ssh-agent 1
+this may result in you being repeatedly prompted for pass-phrases).
+It then assembles a list of those that failed to log in, and using ssh,
+enables logins with those keys on the remote server. By default it adds
+the keys by appending them to the remote user's
+.Pa ~/.ssh/authorized_keys
+(creating the file, and directory, if necessary). It is also capable
+of detecting if the remote system is a NetScreen, and using its
+.Ql set ssh pka-dsa key ...
+command instead.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl i Ar identity_file
+Use only the key(s) contained in
+.Ar identity_file
+(rather than looking for identities via
+.Xr ssh-add 1
+or in the
+.Ic default_ID_file ) .
+If the filename does not end in
+.Pa .pub
+this is added. If the filename is omitted, the
+.Ic default_ID_file
+is used.
+.Pp
+Note that this can be used to ensure that the keys copied have the
+comment one prefers and/or extra options applied, by ensuring that the
+key file has these set as preferred before the copy is attempted.
+.It Fl n
+do a dry-run. Instead of installing keys on the remote system simply
+prints the key(s) that would have been installed.
+.It Fl h , Fl ?
+Print Usage summary
+.It Fl p Ar port , Fl o Ar ssh_option
+These two options are simply passed through untouched, along with their
+argument, to allow one to set the port or other
+.Xr ssh 1
+options, respectively.
+.Pp
+Rather than specifying these as command line options, it is often better to use (per-host) settings in
+.Xr ssh 1 Ns 's
+configuration file:
+.Xr ssh_config 5 .
+.El
+.Pp
+Default behaviour without
+.Fl i ,
+is to check if
+.Ql ssh-add -L
+provides any output, and if so those keys are used. Note that this results in
+the comment on the key being the filename that was given to
+.Xr ssh-add 1
+when the key was loaded into your
+.Xr ssh-agent 1
+rather than the comment contained in that file, which is a bit of a shame.
+Otherwise, if
+.Xr ssh-add 1
+provides no keys contents of the
+.Ic default_ID_file
+will be used.
+.Pp
+The
+.Ic default_ID_file
+is the most recent file that matches:
+.Pa ~/.ssh/id*.pub ,
+(excluding those that match
+.Pa ~/.ssh/*-cert.pub )
+so if you create a key that is not the one you want
+.Nm
+to use, just use
+.Xr touch 1
+on your preferred key's
+.Pa .pub
+file to reinstate it as the most recent.
+.Pp
+.Sh EXAMPLES
+If you have already installed keys from one system on a lot of remote
+hosts, and you then create a new key, on a new client machine, say,
+it can be difficult to keep track of which systems on which you've
+installed the new key. One way of dealing with this is to load both
+the new key and old key(s) into your
+.Xr ssh-agent 1 .
+Load the new key first, without the
+.Fl c
+option, then load one or more old keys into the agent, possibly by
+ssh-ing to the client machine that has that old key, using the
+.Fl A
+option to allow agent forwarding:
+.Pp
+.D1 user@newclient$ ssh-add
+.D1 user@newclient$ ssh -A old.client
+.D1 user@oldl$ ssh-add -c
+.D1 No ... prompt for pass-phrase ...
+.D1 user@old$ logoff
+.D1 user@newclient$ ssh someserver
+.Pp
+now, if the new key is installed on the server, you'll be allowed in
+unprompted, whereas if you only have the old key(s) enabled, you'll be
+asked for confirmation, which is your cue to log back out and run
+.Pp
+.D1 user@newclient$ ssh-copy-id -i someserver
+.Pp
+The reason you might want to specify the -i option in this case is to
+ensure that the comment on the installed key is the one from the
+.Pa .pub
+file, rather than just the filename that was loaded into you agent.
+It also ensures that only the id you intended is installed, rather than
+all the keys that you have in your
+.Xr ssh-agent 1 .
+Of course, you can specify another id, or use the contents of the
+.Xr ssh-agent 1
+as you prefer.
+.Pp
+Having mentioned
+.Xr ssh-add 1 Ns 's
+.Fl c
+option, you might consider using this whenever using agent forwarding
+to avoid your key being hijacked, but it is much better to instead use
+.Xr ssh 1 Ns 's
+.Ar ProxyCommand
+and
+.Fl W
+option,
+to bounce through remote servers while always doing direct end-to-end
+authentication. This way the middle hop(s) don't get access to your
+.Xr ssh-agent 1 .
+A web search for
+.Ql ssh proxycommand nc
+should prove enlightening (N.B. the modern approach is to use the
+.Fl W
+option, rather than
+.Xr nc 1 ) .
+.Sh "SEE ALSO"
+.Xr ssh 1 ,
+.Xr ssh-agent 1 ,
+.Xr sshd 8
diff --git a/crypto/openssh/contrib/sshd.pam.freebsd b/crypto/openssh/contrib/sshd.pam.freebsd
new file mode 100644
index 0000000..c0bc364
--- /dev/null
+++ b/crypto/openssh/contrib/sshd.pam.freebsd
@@ -0,0 +1,5 @@
+sshd auth required pam_unix.so try_first_pass
+sshd account required pam_unix.so
+sshd password required pam_permit.so
+sshd session required pam_permit.so
+
diff --git a/crypto/openssh/contrib/sshd.pam.generic b/crypto/openssh/contrib/sshd.pam.generic
new file mode 100644
index 0000000..215f0fe
--- /dev/null
+++ b/crypto/openssh/contrib/sshd.pam.generic
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required /lib/security/pam_unix.so shadow nodelay
+account required /lib/security/pam_nologin.so
+account required /lib/security/pam_unix.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_unix.so shadow nullok use_authtok
+session required /lib/security/pam_unix.so
+session required /lib/security/pam_limits.so
diff --git a/crypto/openssh/contrib/suse/openssh.spec b/crypto/openssh/contrib/suse/openssh.spec
new file mode 100644
index 0000000..2866039
--- /dev/null
+++ b/crypto/openssh/contrib/suse/openssh.spec
@@ -0,0 +1,246 @@
+# Default values for additional components
+%define build_x11_askpass 1
+
+# Define the UID/GID to use for privilege separation
+%define sshd_gid 65
+%define sshd_uid 71
+
+# The version of x11-ssh-askpass to use
+%define xversion 1.2.4.1
+
+# Allow the ability to override defaults with -D skip_xxx=1
+%{?skip_x11_askpass:%define build_x11_askpass 0}
+
+Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
+Name: openssh
+Version: 6.3p1
+URL: http://www.openssh.com/
+Release: 1
+Source0: openssh-%{version}.tar.gz
+Source1: x11-ssh-askpass-%{xversion}.tar.gz
+License: BSD
+Group: Productivity/Networking/SSH
+BuildRoot: %{_tmppath}/openssh-%{version}-buildroot
+PreReq: openssl
+Obsoletes: ssh
+Provides: ssh
+#
+# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
+# building prerequisites -- stuff for
+# OpenSSL (openssl-devel),
+# TCP Wrappers (tcpd-devel),
+# and Gnome (glibdev, gtkdev, and gnlibsd)
+#
+BuildPrereq: openssl
+BuildPrereq: tcpd-devel
+BuildPrereq: zlib-devel
+#BuildPrereq: glibdev
+#BuildPrereq: gtkdev
+#BuildPrereq: gnlibsd
+
+%package askpass
+Summary: A passphrase dialog for OpenSSH and the X window System.
+Group: Productivity/Networking/SSH
+Requires: openssh = %{version}
+Obsoletes: ssh-extras
+Provides: openssh:${_libdir}/ssh/ssh-askpass
+
+%if %{build_x11_askpass}
+BuildPrereq: XFree86-devel
+%endif
+
+%description
+Ssh (Secure Shell) is a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to seperate libraries (OpenSSL).
+
+This package includes all files necessary for both the OpenSSH
+client and server.
+
+%description askpass
+Ssh (Secure Shell) is a program for logging into a remote machine and for
+executing commands in a remote machine. It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network. X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all
+patented algorithms to seperate libraries (OpenSSL).
+
+This package contains an X Window System passphrase dialog for OpenSSH.
+
+%changelog
+* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
+- Removed accidental inclusion of --without-zlib-version-check
+* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
+- Overhaul to deal with newer versions of SuSE and OpenSSH
+* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
+- Glob manpages to catch compressed files
+* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+* Sun Dec 26 1999 Chris Saia <csaia@wtower.com>
+- Made symlink to gnome-ssh-askpass called ssh-askpass
+* Wed Nov 24 1999 Chris Saia <csaia@wtower.com>
+- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
+ /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
+ his released tarfile
+- Changed permissions on ssh_config in the install procedure to 644 from 600
+ even though it was correct in the %files section and thus right in the RPMs
+- Postinstall script for the server now only prints "Generating SSH host
+ key..." if we need to actually do this, in order to eliminate a confusing
+ message if an SSH host key is already in place
+- Marked all manual pages as %doc(umentation)
+* Mon Nov 22 1999 Chris Saia <csaia@wtower.com>
+- Added flag to configure daemon with TCP Wrappers support
+- Added building prerequisites (works in RPM 3.0 and newer)
+* Thu Nov 18 1999 Chris Saia <csaia@wtower.com>
+- Made this package correct for SuSE.
+- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
+ with SuSE, and lib_pwdb.so isn't installed by default.
+* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
+* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
+- Added 'Obsoletes' directives
+* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
+- Use make install
+- Subpackages
+* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
+- Renamed init script
+* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
+- Back to old binary names
+* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
+- Use autoconf
+- New binary names
+* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
+
+%prep
+
+%if %{build_x11_askpass}
+%setup -q -a 1
+%else
+%setup -q
+%endif
+
+%build
+CFLAGS="$RPM_OPT_FLAGS" \
+%configure --prefix=/usr \
+ --sysconfdir=%{_sysconfdir}/ssh \
+ --mandir=%{_mandir} \
+ --with-privsep-path=/var/lib/empty \
+ --with-pam \
+ --with-tcp-wrappers \
+ --libexecdir=%{_libdir}/ssh
+make
+
+%if %{build_x11_askpass}
+cd x11-ssh-askpass-%{xversion}
+%configure --mandir=/usr/X11R6/man \
+ --libexecdir=%{_libdir}/ssh
+xmkmf -a
+make
+cd ..
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT/
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/init.d/
+install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
+install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
+install -m744 contrib/suse/sysconfig.ssh \
+ $RPM_BUILD_ROOT/var/adm/fillup-templates
+
+%if %{build_x11_askpass}
+cd x11-ssh-askpass-%{xversion}
+make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
+rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
+%endif
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || :
+/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
+
+%post
+/usr/bin/ssh-keygen -A
+%{fillup_and_insserv -n -y ssh sshd}
+%run_permissions
+
+%verifyscript
+%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
+
+%preun
+%stop_on_removal sshd
+
+%postun
+%restart_on_update sshd
+%{insserv_cleanup}
+
+%files
+%defattr(-,root,root)
+%doc ChangeLog OVERVIEW README* PROTOCOL*
+%doc TODO CREDITS LICENCE
+%attr(0755,root,root) %dir %{_sysconfdir}/ssh
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
+%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/init.d/sshd
+%attr(0755,root,root) %{_bindir}/ssh-keygen
+%attr(0755,root,root) %{_bindir}/scp
+%attr(0755,root,root) %{_bindir}/ssh
+%attr(-,root,root) %{_bindir}/slogin
+%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(0755,root,root) %{_bindir}/ssh-add
+%attr(0755,root,root) %{_bindir}/ssh-keyscan
+%attr(0755,root,root) %{_bindir}/sftp
+%attr(0755,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %dir %{_libdir}/ssh
+%attr(0755,root,root) %{_libdir}/ssh/sftp-server
+%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
+%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
+%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
+%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
+%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %doc %{_mandir}/man5/moduli.5*
+%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
+%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
+%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
+
+%if %{build_x11_askpass}
+%files askpass
+%defattr(-,root,root)
+%doc x11-ssh-askpass-%{xversion}/README
+%doc x11-ssh-askpass-%{xversion}/ChangeLog
+%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
+%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
+%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
+%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
+%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
+%endif
diff --git a/crypto/openssh/contrib/suse/rc.config.sshd b/crypto/openssh/contrib/suse/rc.config.sshd
new file mode 100644
index 0000000..baaa7a5
--- /dev/null
+++ b/crypto/openssh/contrib/suse/rc.config.sshd
@@ -0,0 +1,5 @@
+#
+# Start the Secure Shell (SSH) Daemon?
+#
+START_SSHD="yes"
+
diff --git a/crypto/openssh/contrib/suse/rc.sshd b/crypto/openssh/contrib/suse/rc.sshd
new file mode 100644
index 0000000..28f28e4
--- /dev/null
+++ b/crypto/openssh/contrib/suse/rc.sshd
@@ -0,0 +1,121 @@
+#! /bin/sh
+# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
+#
+# Author: Jiri Smid <feedback@suse.de>
+#
+# /etc/init.d/sshd
+#
+# and symbolic its link
+#
+# /usr/sbin/rcsshd
+#
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Description: Start the sshd daemon
+### END INIT INFO
+
+SSHD_BIN=/usr/sbin/sshd
+test -x $SSHD_BIN || exit 5
+
+SSHD_SYSCONFIG=/etc/sysconfig/ssh
+test -r $SSHD_SYSCONFIG || exit 6
+. $SSHD_SYSCONFIG
+
+SSHD_PIDFILE=/var/run/sshd.init.pid
+
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+# rc_check check and set local and overall rc status
+# rc_status check and set local and overall rc status
+# rc_status -v ditto but be verbose in local rc status
+# rc_status -v -r ditto and clear the local rc status
+# rc_failed set local and overall rc status to failed
+# rc_reset clear local rc status (overall remains)
+# rc_exit exit appropriate to overall rc status
+
+# First reset status of this service
+rc_reset
+
+case "$1" in
+ start)
+ # Generate any missing host keys
+ ssh-keygen -A
+ echo -n "Starting SSH daemon"
+ ## Start daemon with startproc(8). If this fails
+ ## the echo return value is set appropriate.
+
+ startproc -f -p $SSHD_PIDFILE $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE"
+
+ # Remember status and be verbose
+ rc_status -v
+ ;;
+ stop)
+ echo -n "Shutting down SSH daemon"
+ ## Stop daemon with killproc(8) and if this fails
+ ## set echo the echo return value.
+
+ killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN
+
+ # Remember status and be verbose
+ rc_status -v
+ ;;
+ try-restart)
+ ## Stop the service and if this succeeds (i.e. the
+ ## service was running before), start it again.
+ $0 status >/dev/null && $0 restart
+
+ # Remember status and be quiet
+ rc_status
+ ;;
+ restart)
+ ## Stop the service and regardless of whether it was
+ ## running or not, start it again.
+ $0 stop
+ $0 start
+
+ # Remember status and be quiet
+ rc_status
+ ;;
+ force-reload|reload)
+ ## Signal the daemon to reload its config. Most daemons
+ ## do this on signal 1 (SIGHUP).
+
+ echo -n "Reload service sshd"
+
+ killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN
+
+ rc_status -v
+
+ ;;
+ status)
+ echo -n "Checking for service sshd "
+ ## Check status with checkproc(8), if process is running
+ ## checkproc will return with exit status 0.
+
+ # Status has a slightly different for the status command:
+ # 0 - service running
+ # 1 - service dead, but /var/run/ pid file exists
+ # 2 - service dead, but /var/lock/ lock file exists
+ # 3 - service not running
+
+ checkproc -p $SSHD_PIDFILE $SSHD_BIN
+
+ rc_status -v
+ ;;
+ probe)
+ ## Optional: Probe for the necessity of a reload,
+ ## give out the argument which is required for a reload.
+
+ test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+ exit 1
+ ;;
+esac
+rc_exit
diff --git a/crypto/openssh/contrib/suse/sysconfig.ssh b/crypto/openssh/contrib/suse/sysconfig.ssh
new file mode 100644
index 0000000..c6a37e5
--- /dev/null
+++ b/crypto/openssh/contrib/suse/sysconfig.ssh
@@ -0,0 +1,9 @@
+## Path: Network/Remote access/SSH
+## Description: SSH server settings
+## Type: string
+## Default: ""
+## ServiceRestart: sshd
+#
+# Options for sshd
+#
+SSHD_OPTS=""
diff --git a/crypto/openssh/install-sh b/crypto/openssh/install-sh
new file mode 100755
index 0000000..220abbf
--- /dev/null
+++ b/crypto/openssh/install-sh
@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission. M.I.T. makes no representations about the
+# suitability of this software for any purpose. It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch. It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+ case $1 in
+ -c) instcmd="$cpprog"
+ shift
+ continue;;
+
+ -d) dir_arg=true
+ shift
+ continue;;
+
+ -m) chmodcmd="$chmodprog $2"
+ shift
+ shift
+ continue;;
+
+ -o) chowncmd="$chownprog $2"
+ shift
+ shift
+ continue;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift
+ shift
+ continue;;
+
+ -s) stripcmd="$stripprog"
+ shift
+ continue;;
+
+ -t=*) transformarg=`echo $1 | sed 's/-t=//'`
+ shift
+ continue;;
+
+ -b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+ shift
+ continue;;
+
+ *) if [ x"$src" = x ]
+ then
+ src=$1
+ else
+ # this colon is to work around a 386BSD /bin/sh bug
+ :
+ dst=$1
+ fi
+ shift
+ continue;;
+ esac
+done
+
+if [ x"$src" = x ]
+then
+ echo "install: no input file specified"
+ exit 1
+else
+ true
+fi
+
+if [ x"$dir_arg" != x ]; then
+ dst=$src
+ src=""
+
+ if [ -d $dst ]; then
+ instcmd=:
+ chmodcmd=""
+ else
+ instcmd=mkdir
+ fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad
+# if $src (and thus $dsttmp) contains '*'.
+
+ if [ -f $src -o -d $src ]
+ then
+ true
+ else
+ echo "install: $src does not exist"
+ exit 1
+ fi
+
+ if [ x"$dst" = x ]
+ then
+ echo "install: no destination specified"
+ exit 1
+ else
+ true
+ fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+ if [ -d $dst ]
+ then
+ dst="$dst"/`basename $src`
+ else
+ true
+ fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+# this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+ pathcomp="${pathcomp}${1}"
+ shift
+
+ if [ ! -d "${pathcomp}" ] ;
+ then
+ $mkdirprog "${pathcomp}"
+ else
+ true
+ fi
+
+ pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+ $doit $instcmd $dst &&
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+ if [ x"$transformarg" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ dstfile=`basename $dst $transformbasename |
+ sed $transformarg`$transformbasename
+ fi
+
+# don't allow the sed command to completely eliminate the filename
+
+ if [ x"$dstfile" = x ]
+ then
+ dstfile=`basename $dst`
+ else
+ true
+ fi
+
+# Make a temp file name in the proper directory.
+
+ dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+ $doit $instcmd $src $dsttmp &&
+
+ trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing. If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+ if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+ if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+ if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+ if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+ $doit $rmcmd -f $dstdir/$dstfile &&
+ $doit $mvcmd $dsttmp $dstdir/$dstfile
+
+fi &&
+
+
+exit 0
diff --git a/crypto/openssh/mdoc2man.awk b/crypto/openssh/mdoc2man.awk
new file mode 100644
index 0000000..80e8d5f
--- /dev/null
+++ b/crypto/openssh/mdoc2man.awk
@@ -0,0 +1,370 @@
+#!/usr/bin/awk
+#
+# $Id: mdoc2man.awk,v 1.9 2009/10/24 00:52:42 dtucker Exp $
+#
+# Version history:
+# v4+ Adapted for OpenSSH Portable (see cvs Id and history)
+# v3, I put the program under a proper license
+# Dan Nelson <dnelson@allantgroup.com> added .An, .Aq and fixed a typo
+# v2, fixed to work on GNU awk --posix and MacOS X
+# v1, first attempt, didn't work on MacOS X
+#
+# Copyright (c) 2003 Peter Stuge <stuge-mdoc2man@cdy.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+BEGIN {
+ optlist=0
+ oldoptlist=0
+ nospace=0
+ synopsis=0
+ reference=0
+ block=0
+ ext=0
+ extopt=0
+ literal=0
+ prenl=0
+ breakw=0
+ line=""
+}
+
+function wtail() {
+ retval=""
+ while(w<nwords) {
+ if(length(retval))
+ retval=retval OFS
+ retval=retval words[++w]
+ }
+ return retval
+}
+
+function add(str) {
+ for(;prenl;prenl--)
+ line=line "\n"
+ line=line str
+}
+
+! /^\./ {
+ for(;prenl;prenl--)
+ print ""
+ print
+ if(literal)
+ print ".br"
+ next
+}
+
+/^\.\\"/ { next }
+
+{
+ option=0
+ parens=0
+ angles=0
+ sub("^\\.","")
+ nwords=split($0,words)
+ for(w=1;w<=nwords;w++) {
+ skip=0
+ if(match(words[w],"^Li|Pf$")) {
+ skip=1
+ } else if(match(words[w],"^Xo$")) {
+ skip=1
+ ext=1
+ if(length(line)&&!(match(line," $")||prenl))
+ add(OFS)
+ } else if(match(words[w],"^Xc$")) {
+ skip=1
+ ext=0
+ if(!extopt)
+ prenl++
+ w=nwords
+ } else if(match(words[w],"^Bd$")) {
+ skip=1
+ if(match(words[w+1],"-literal")) {
+ literal=1
+ prenl++
+ w=nwords
+ }
+ } else if(match(words[w],"^Ed$")) {
+ skip=1
+ literal=0
+ } else if(match(words[w],"^Ns$")) {
+ skip=1
+ if(!nospace)
+ nospace=1
+ sub(" $","",line)
+ } else if(match(words[w],"^No$")) {
+ skip=1
+ sub(" $","",line)
+ add(words[++w])
+ } else if(match(words[w],"^Dq$")) {
+ skip=1
+ add("``")
+ add(words[++w])
+ while(w<nwords&&!match(words[w+1],"^[\\.,]"))
+ add(OFS words[++w])
+ add("''")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Sq|Ql$")) {
+ skip=1
+ add("`" words[++w] "'")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Oo$")) {
+ skip=1
+ extopt=1
+ if(!nospace)
+ nospace=1
+ add("[")
+ } else if(match(words[w],"^Oc$")) {
+ skip=1
+ extopt=0
+ add("]")
+ }
+ if(!skip) {
+ if(!nospace&&length(line)&&!(match(line," $")||prenl))
+ add(OFS)
+ if(nospace==1)
+ nospace=0
+ }
+ if(match(words[w],"^Dd$")) {
+ if(match(words[w+1],"^\\$Mdocdate:")) {
+ w++;
+ if(match(words[w+4],"^\\$$")) {
+ words[w+4] = ""
+ }
+ }
+ date=wtail()
+ next
+ } else if(match(words[w],"^Dt$")) {
+ id=wtail()
+ next
+ } else if(match(words[w],"^Ux$")) {
+ add("UNIX")
+ skip=1
+ } else if(match(words[w],"^Ox$")) {
+ add("OpenBSD")
+ skip=1
+ } else if(match(words[w],"^Os$")) {
+ add(".TH " id " \"" date "\" \"" wtail() "\"")
+ } else if(match(words[w],"^Sh$")) {
+ add(".SH")
+ synopsis=match(words[w+1],"SYNOPSIS")
+ } else if(match(words[w],"^Xr$")) {
+ add("\\fB" words[++w] "\\fP(" words[++w] ")" words[++w])
+ } else if(match(words[w],"^Rs$")) {
+ split("",refauthors)
+ nrefauthors=0
+ reftitle=""
+ refissue=""
+ refdate=""
+ refopt=""
+ refreport=""
+ reference=1
+ next
+ } else if(match(words[w],"^Re$")) {
+ prenl++
+ for(i=nrefauthors-1;i>0;i--) {
+ add(refauthors[i])
+ if(i>1)
+ add(", ")
+ }
+ if(nrefauthors>1)
+ add(" and ")
+ if(nrefauthors>0)
+ add(refauthors[0] ", ")
+ add("\\fI" reftitle "\\fP")
+ if(length(refissue))
+ add(", " refissue)
+ if(length(refreport)) {
+ add(", " refreport)
+ }
+ if(length(refdate))
+ add(", " refdate)
+ if(length(refopt))
+ add(", " refopt)
+ add(".")
+ reference=0
+ } else if(reference) {
+ if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() }
+ if(match(words[w],"^%T$")) {
+ reftitle=wtail()
+ sub("^\"","",reftitle)
+ sub("\"$","",reftitle)
+ }
+ if(match(words[w],"^%N$")) { refissue=wtail() }
+ if(match(words[w],"^%D$")) { refdate=wtail() }
+ if(match(words[w],"^%O$")) { refopt=wtail() }
+ if(match(words[w],"^%R$")) { refreport=wtail() }
+ } else if(match(words[w],"^Nm$")) {
+ if(synopsis) {
+ add(".br")
+ prenl++
+ }
+ n=words[++w]
+ if(!length(name))
+ name=n
+ if(!length(n))
+ n=name
+ add("\\fB" n "\\fP")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Nd$")) {
+ add("\\- " wtail())
+ } else if(match(words[w],"^Fl$")) {
+ add("\\fB\\-" words[++w] "\\fP")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Ar$")) {
+ add("\\fI")
+ if(w==nwords)
+ add("file ...\\fP")
+ else {
+ add(words[++w] "\\fP")
+ while(match(words[w+1],"^\\|$"))
+ add(OFS words[++w] " \\fI" words[++w] "\\fP")
+ }
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Cm$")) {
+ add("\\fB" words[++w] "\\fP")
+ while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
+ add(words[++w])
+ } else if(match(words[w],"^Op$")) {
+ option=1
+ if(!nospace)
+ nospace=1
+ add("[")
+ } else if(match(words[w],"^Pp$")) {
+ prenl++
+ } else if(match(words[w],"^An$")) {
+ prenl++
+ } else if(match(words[w],"^Ss$")) {
+ add(".SS")
+ } else if(match(words[w],"^Pa$")&&!option) {
+ add("\\fI")
+ w++
+ if(match(words[w],"^\\."))
+ add("\\&")
+ add(words[w] "\\fP")
+ while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
+ add(words[++w])
+ } else if(match(words[w],"^Dv$")) {
+ add(".BR")
+ } else if(match(words[w],"^Em|Ev$")) {
+ add(".IR")
+ } else if(match(words[w],"^Pq$")) {
+ add("(")
+ nospace=1
+ parens=1
+ } else if(match(words[w],"^Aq$")) {
+ add("<")
+ nospace=1
+ angles=1
+ } else if(match(words[w],"^S[xy]$")) {
+ add(".B " wtail())
+ } else if(match(words[w],"^Ic$")) {
+ plain=1
+ add("\\fB")
+ while(w<nwords) {
+ w++
+ if(match(words[w],"^Op$")) {
+ w++
+ add("[")
+ words[nwords]=words[nwords] "]"
+ }
+ if(match(words[w],"^Ar$")) {
+ add("\\fI" words[++w] "\\fP")
+ } else if(match(words[w],"^[\\.,]")) {
+ sub(" $","",line)
+ if(plain) {
+ add("\\fP")
+ plain=0
+ }
+ add(words[w])
+ } else {
+ if(!plain) {
+ add("\\fB")
+ plain=1
+ }
+ add(words[w])
+ }
+ if(!nospace)
+ add(OFS)
+ }
+ sub(" $","",line)
+ if(plain)
+ add("\\fP")
+ } else if(match(words[w],"^Bl$")) {
+ oldoptlist=optlist
+ if(match(words[w+1],"-bullet"))
+ optlist=1
+ else if(match(words[w+1],"-enum")) {
+ optlist=2
+ enum=0
+ } else if(match(words[w+1],"-tag"))
+ optlist=3
+ else if(match(words[w+1],"-item"))
+ optlist=4
+ else if(match(words[w+1],"-bullet"))
+ optlist=1
+ w=nwords
+ } else if(match(words[w],"^El$")) {
+ optlist=oldoptlist
+ } else if(match(words[w],"^Bk$")) {
+ if(match(words[w+1],"-words")) {
+ w++
+ breakw=1
+ }
+ } else if(match(words[w],"^Ek$")) {
+ breakw=0
+ } else if(match(words[w],"^It$")&&optlist) {
+ if(optlist==1)
+ add(".IP \\(bu")
+ else if(optlist==2)
+ add(".IP " ++enum ".")
+ else if(optlist==3) {
+ add(".TP")
+ prenl++
+ if(match(words[w+1],"^Pa$|^Ev$")) {
+ add(".B")
+ w++
+ }
+ } else if(optlist==4)
+ add(".IP")
+ } else if(match(words[w],"^Sm$")) {
+ if(match(words[w+1],"off"))
+ nospace=2
+ else if(match(words[w+1],"on"))
+ nospace=0
+ w++
+ } else if(!skip) {
+ add(words[w])
+ }
+ }
+ if(match(line,"^\\.[^a-zA-Z]"))
+ sub("^\\.","",line)
+ if(parens)
+ add(")")
+ if(angles)
+ add(">")
+ if(option)
+ add("]")
+ if(ext&&!extopt&&!match(line," $"))
+ add(OFS)
+ if(!ext&&!extopt&&length(line)) {
+ print line
+ prenl=0
+ line=""
+ }
+}
diff --git a/crypto/openssh/moduli.0 b/crypto/openssh/moduli.0
new file mode 100644
index 0000000..7dc2cd5
--- /dev/null
+++ b/crypto/openssh/moduli.0
@@ -0,0 +1,74 @@
+MODULI(5) OpenBSD Programmer's Manual MODULI(5)
+
+NAME
+ moduli - Diffie-Hellman moduli
+
+DESCRIPTION
+ The /etc/moduli file contains prime numbers and generators for use by
+ sshd(8) in the Diffie-Hellman Group Exchange key exchange method.
+
+ New moduli may be generated with ssh-keygen(1) using a two-step process.
+ An initial candidate generation pass, using ssh-keygen -G, calculates
+ numbers that are likely to be useful. A second primality testing pass,
+ using ssh-keygen -T, provides a high degree of assurance that the numbers
+ are prime and are safe for use in Diffie-Hellman operations by sshd(8).
+ This moduli format is used as the output from each pass.
+
+ The file consists of newline-separated records, one per modulus,
+ containing seven space-separated fields. These fields are as follows:
+
+ timestamp The time that the modulus was last processed as
+ YYYYMMDDHHMMSS.
+
+ type Decimal number specifying the internal structure of
+ the prime modulus. Supported types are:
+
+ 0 Unknown, not tested.
+ 2 "Safe" prime; (p-1)/2 is also prime.
+ 4 Sophie Germain; 2p+1 is also prime.
+
+ Moduli candidates initially produced by ssh-keygen(1)
+ are Sophie Germain primes (type 4). Further primality
+ testing with ssh-keygen(1) produces safe prime moduli
+ (type 2) that are ready for use in sshd(8). Other
+ types are not used by OpenSSH.
+
+ tests Decimal number indicating the type of primality tests
+ that the number has been subjected to represented as a
+ bitmask of the following values:
+
+ 0x00 Not tested.
+ 0x01 Composite number - not prime.
+ 0x02 Sieve of Eratosthenes.
+ 0x04 Probabilistic Miller-Rabin primality tests.
+
+ The ssh-keygen(1) moduli candidate generation uses the
+ Sieve of Eratosthenes (flag 0x02). Subsequent
+ ssh-keygen(1) primality tests are Miller-Rabin tests
+ (flag 0x04).
+
+ trials Decimal number indicating the number of primality
+ trials that have been performed on the modulus.
+
+ size Decimal number indicating the size of the prime in
+ bits.
+
+ generator The recommended generator for use with this modulus
+ (hexadecimal).
+
+ modulus The modulus itself in hexadecimal.
+
+ When performing Diffie-Hellman Group Exchange, sshd(8) first estimates
+ the size of the modulus required to produce enough Diffie-Hellman output
+ to sufficiently key the selected symmetric cipher. sshd(8) then randomly
+ selects a modulus from /etc/moduli that best meets the size requirement.
+
+SEE ALSO
+ ssh-keygen(1), sshd(8)
+
+STANDARDS
+ M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
+ the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
+ 2006.
+
+OpenBSD 5.4 September 26, 2012 OpenBSD 5.4
diff --git a/crypto/openssh/nchan.ms b/crypto/openssh/nchan.ms
new file mode 100644
index 0000000..5757601
--- /dev/null
+++ b/crypto/openssh/nchan.ms
@@ -0,0 +1,99 @@
+.\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $
+.\"
+.\"
+.\" Copyright (c) 1999 Markus Friedl. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.TL
+OpenSSH Channel Close Protocol 1.5 Implementation
+.SH
+Channel Input State Diagram
+.PS
+reset
+l=1
+s=1.2
+ellipsewid=s*ellipsewid
+boxwid=s*boxwid
+ellipseht=s*ellipseht
+S1: ellipse "INPUT" "OPEN"
+move right 2*l from last ellipse.e
+S4: ellipse "INPUT" "CLOSED"
+move down l from last ellipse.s
+S3: ellipse "INPUT" "WAIT" "OCLOSED"
+move down l from 1st ellipse.s
+S2: ellipse "INPUT" "WAIT" "DRAIN"
+arrow "" "rcvd OCLOSE/" "shutdown_read" "send IEOF" from S1.e to S4.w
+arrow "ibuf_empty/" "send IEOF" from S2.e to S3.w
+arrow from S1.s to S2.n
+box invis "read_failed/" "shutdown_read" with .e at last arrow.c
+arrow from S3.n to S4.s
+box invis "rcvd OCLOSE/" "-" with .w at last arrow.c
+ellipse wid .9*ellipsewid ht .9*ellipseht at S4
+arrow "start" "" from S1.w+(-0.5,0) to S1.w
+arrow from S2.ne to S4.sw
+box invis "rcvd OCLOSE/ " with .e at last arrow.c
+box invis " send IEOF" with .w at last arrow.c
+.PE
+.SH
+Channel Output State Diagram
+.PS
+S1: ellipse "OUTPUT" "OPEN"
+move right 2*l from last ellipse.e
+S3: ellipse "OUTPUT" "WAIT" "IEOF"
+move down l from last ellipse.s
+S4: ellipse "OUTPUT" "CLOSED"
+move down l from 1st ellipse.s
+S2: ellipse "OUTPUT" "WAIT" "DRAIN"
+arrow "" "write_failed/" "shutdown_write" "send OCLOSE" from S1.e to S3.w
+arrow "obuf_empty ||" "write_failed/" "shutdown_write" "send OCLOSE" from S2.e to S4.w
+arrow from S1.s to S2.n
+box invis "rcvd IEOF/" "-" with .e at last arrow.c
+arrow from S3.s to S4.n
+box invis "rcvd IEOF/" "-" with .w at last arrow.c
+ellipse wid .9*ellipsewid ht .9*ellipseht at S4
+arrow "start" "" from S1.w+(-0.5,0) to S1.w
+.PE
+.SH
+Notes
+.PP
+The input buffer is filled with data from the socket
+(the socket represents the local consumer/producer of the
+forwarded channel).
+The data is then sent over the INPUT-end (transmit-end) of the channel to the
+remote peer.
+Data sent by the peer is received on the OUTPUT-end (receive-end),
+saved in the output buffer and written to the socket.
+.PP
+If the local protocol instance has forwarded all data on the
+INPUT-end of the channel, it sends an IEOF message to the peer.
+If the peer receives the IEOF and has consumed all
+data he replies with an OCLOSE.
+When the local instance receives the OCLOSE
+he considers the INPUT-half of the channel closed.
+The peer has his OUTOUT-half closed.
+.PP
+A channel can be deallocated by a protocol instance
+if both the INPUT- and the OUTOUT-half on his
+side of the channel are closed.
+Note that when an instance is unable to consume the
+received data, he is permitted to send an OCLOSE
+before the matching IEOF is received.
diff --git a/crypto/openssh/nchan2.ms b/crypto/openssh/nchan2.ms
new file mode 100644
index 0000000..7001504
--- /dev/null
+++ b/crypto/openssh/nchan2.ms
@@ -0,0 +1,88 @@
+.\" $OpenBSD: nchan2.ms,v 1.4 2008/05/15 23:52:24 djm Exp $
+.\"
+.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.TL
+OpenSSH Channel Close Protocol 2.0 Implementation
+.SH
+Channel Input State Diagram
+.PS
+reset
+l=1
+s=1.2
+ellipsewid=s*ellipsewid
+boxwid=s*boxwid
+ellipseht=s*ellipseht
+S1: ellipse "INPUT" "OPEN"
+move right 2*l from last ellipse.e
+S3: ellipse invis
+move down l from last ellipse.s
+S4: ellipse "INPUT" "CLOSED"
+move down l from 1st ellipse.s
+S2: ellipse "INPUT" "WAIT" "DRAIN"
+arrow from S1.e to S4.n
+box invis "rcvd CLOSE/" "shutdown_read" with .sw at last arrow.c
+arrow "ibuf_empty ||" "rcvd CLOSE/" "send EOF" "" from S2.e to S4.w
+arrow from S1.s to S2.n
+box invis "read_failed ||" "rcvd EOW/" "shutdown_read" with .e at last arrow.c
+ellipse wid .9*ellipsewid ht .9*ellipseht at S4
+arrow "start" "" from S1.w+(-0.5,0) to S1.w
+.PE
+.SH
+Channel Output State Diagram
+.PS
+S1: ellipse "OUTPUT" "OPEN"
+move right 2*l from last ellipse.e
+S3: ellipse invis
+move down l from last ellipse.s
+S4: ellipse "OUTPUT" "CLOSED"
+move down l from 1st ellipse.s
+S2: ellipse "OUTPUT" "WAIT" "DRAIN"
+arrow from S1.e to S4.n
+box invis "write_failed/" "shutdown_write" "send EOW" with .sw at last arrow.c
+arrow "obuf_empty ||" "write_failed/" "shutdown_write" "" from S2.e to S4.w
+arrow from S1.s to S2.n
+box invis "rcvd EOF ||" "rcvd CLOSE/" "-" with .e at last arrow.c
+ellipse wid .9*ellipsewid ht .9*ellipseht at S4
+arrow "start" "" from S1.w+(-0.5,0) to S1.w
+.PE
+.SH
+Notes
+.PP
+The input buffer is filled with data from the socket
+(the socket represents the local consumer/producer of the
+forwarded channel).
+The data is then sent over the INPUT-end (transmit-end) of the channel to the
+remote peer.
+Data sent by the peer is received on the OUTPUT-end (receive-end),
+saved in the output buffer and written to the socket.
+.PP
+If the local protocol instance has forwarded all data on the
+INPUT-end of the channel, it sends an EOF message to the peer.
+.PP
+A CLOSE message is sent to the peer if
+both the INPUT- and the OUTOUT-half of the local
+end of the channel are closed.
+.PP
+The channel can be deallocated by a protocol instance
+if a CLOSE message he been both sent and received.
diff --git a/crypto/openssh/openbsd-compat/Makefile.in b/crypto/openssh/openbsd-compat/Makefile.in
new file mode 100644
index 0000000..365cf00
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/Makefile.in
@@ -0,0 +1,42 @@
+# $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $
+
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+VPATH=@srcdir@
+CC=@CC@
+LD=@LD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+LIBS=@LIBS@
+AR=@AR@
+RANLIB=@RANLIB@
+INSTALL=@INSTALL@
+LDFLAGS=-L. @LDFLAGS@
+
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
+
+COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+
+PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
+
+.c.o:
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+
+all: libopenbsd-compat.a
+
+$(COMPAT): ../config.h
+$(OPENBSD): ../config.h
+$(PORTS): ../config.h
+
+libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS)
+ $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
+ $(RANLIB) $@
+
+clean:
+ rm -f *.o *.a core
+
+distclean: clean
+ rm -f Makefile *~
diff --git a/crypto/openssh/openbsd-compat/regress/Makefile.in b/crypto/openssh/openbsd-compat/regress/Makefile.in
new file mode 100644
index 0000000..bcf214b
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/regress/Makefile.in
@@ -0,0 +1,38 @@
+# $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $
+
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+VPATH=@srcdir@
+CC=@CC@
+LD=@LD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+EXEEXT=@EXEEXT@
+LIBCOMPAT=../libopenbsd-compat.a
+LIBS=@LIBS@
+LDFLAGS=@LDFLAGS@ $(LIBCOMPAT)
+
+TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \
+ strtonumtest$(EXEEXT)
+
+all: t-exec ${OTHERTESTS}
+
+%$(EXEEXT): %.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS)
+
+t-exec: $(TESTPROGS)
+ @echo running compat regress tests
+ @for TEST in ""$?; do \
+ echo "run test $${TEST}" ... 1>&2; \
+ ./$${TEST}$(EXEEXT) || exit $$? ; \
+ done
+ @echo finished compat regress tests
+
+clean:
+ rm -f *.o *.a core $(TESTPROGS) valid.out
+
+distclean: clean
+ rm -f Makefile *~
diff --git a/crypto/openssh/openbsd-compat/regress/closefromtest.c b/crypto/openssh/openbsd-compat/regress/closefromtest.c
new file mode 100644
index 0000000..82ffeb9
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/regress/closefromtest.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2006 Darren Tucker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define NUM_OPENS 10
+
+int closefrom(int);
+
+void
+fail(char *msg)
+{
+ fprintf(stderr, "closefrom: %s\n", msg);
+ exit(1);
+}
+
+int
+main(void)
+{
+ int i, max, fds[NUM_OPENS];
+ char buf[512];
+
+ for (i = 0; i < NUM_OPENS; i++)
+ if ((fds[i] = open("/dev/null", O_RDONLY)) == -1)
+ exit(0); /* can't test */
+ max = i - 1;
+
+ /* should close last fd only */
+ closefrom(fds[max]);
+ if (close(fds[max]) != -1)
+ fail("failed to close highest fd");
+
+ /* make sure we can still use remaining descriptors */
+ for (i = 0; i < max; i++)
+ if (read(fds[i], buf, sizeof(buf)) == -1)
+ fail("closed descriptors it should not have");
+
+ /* should close all fds */
+ closefrom(fds[0]);
+ for (i = 0; i < NUM_OPENS; i++)
+ if (close(fds[i]) != -1)
+ fail("failed to close from lowest fd");
+ return 0;
+}
diff --git a/crypto/openssh/openbsd-compat/regress/snprintftest.c b/crypto/openssh/openbsd-compat/regress/snprintftest.c
new file mode 100644
index 0000000..4ca63e1
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/regress/snprintftest.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2005 Darren Tucker
+ * Copyright (c) 2005 Damien Miller
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define BUFSZ 2048
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+
+static int failed = 0;
+
+static void
+fail(const char *m)
+{
+ fprintf(stderr, "snprintftest: %s\n", m);
+ failed = 1;
+}
+
+int x_snprintf(char *str, size_t count, const char *fmt, ...)
+{
+ size_t ret;
+ va_list ap;
+
+ va_start(ap, fmt);
+ ret = vsnprintf(str, count, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+int
+main(void)
+{
+ char b[5];
+ char *src;
+
+ snprintf(b,5,"123456789");
+ if (b[4] != '\0')
+ fail("snprintf does not correctly terminate long strings");
+
+ /* check for read overrun on unterminated string */
+ if ((src = malloc(BUFSZ)) == NULL) {
+ fail("malloc failed");
+ } else {
+ memset(src, 'a', BUFSZ);
+ snprintf(b, sizeof(b), "%.*s", 1, src);
+ if (strcmp(b, "a") != 0)
+ fail("failed with length limit '%%.s'");
+ }
+
+ /* check that snprintf and vsnprintf return sane values */
+ if (snprintf(b, 1, "%s %d", "hello", 12345) != 11)
+ fail("snprintf does not return required length");
+ if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11)
+ fail("vsnprintf does not return required length");
+
+ return failed;
+}
diff --git a/crypto/openssh/openbsd-compat/regress/strduptest.c b/crypto/openssh/openbsd-compat/regress/strduptest.c
new file mode 100644
index 0000000..7f6d779
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/regress/strduptest.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2005 Darren Tucker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+static int fail = 0;
+
+void
+test(const char *a)
+{
+ char *b;
+
+ b = strdup(a);
+ if (b == 0) {
+ fail = 1;
+ return;
+ }
+ if (strcmp(a, b) != 0)
+ fail = 1;
+ free(b);
+}
+
+int
+main(void)
+{
+ test("");
+ test("a");
+ test("\0");
+ test("abcdefghijklmnopqrstuvwxyz");
+ return fail;
+}
diff --git a/crypto/openssh/openbsd-compat/regress/strtonumtest.c b/crypto/openssh/openbsd-compat/regress/strtonumtest.c
new file mode 100644
index 0000000..50ca5bd
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/regress/strtonumtest.c
@@ -0,0 +1,80 @@
+/* $OpenBSD: strtonumtest.c,v 1.1 2004/08/03 20:38:36 otto Exp $ */
+/*
+ * Copyright (c) 2004 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+/* LLONG_MAX is known as LONGLONG_MAX on AIX */
+#if defined(LONGLONG_MAX) && !defined(LLONG_MAX)
+# define LLONG_MAX LONGLONG_MAX
+# define LLONG_MIN LONGLONG_MIN
+#endif
+
+/* LLONG_MAX is known as LONG_LONG_MAX on HP-UX */
+#if defined(LONG_LONG_MAX) && !defined(LLONG_MAX)
+# define LLONG_MAX LONG_LONG_MAX
+# define LLONG_MIN LONG_LONG_MIN
+#endif
+
+long long strtonum(const char *, long long, long long, const char **);
+
+int fail;
+
+void
+test(const char *p, long long lb, long long ub, int ok)
+{
+ long long val;
+ const char *q;
+
+ val = strtonum(p, lb, ub, &q);
+ if (ok && q != NULL) {
+ fprintf(stderr, "%s [%lld-%lld] ", p, lb, ub);
+ fprintf(stderr, "NUMBER NOT ACCEPTED %s\n", q);
+ fail = 1;
+ } else if (!ok && q == NULL) {
+ fprintf(stderr, "%s [%lld-%lld] %lld ", p, lb, ub, val);
+ fprintf(stderr, "NUMBER ACCEPTED\n");
+ fail = 1;
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ test("1", 0, 10, 1);
+ test("0", -2, 5, 1);
+ test("0", 2, 5, 0);
+ test("0", 2, LLONG_MAX, 0);
+ test("-2", 0, LLONG_MAX, 0);
+ test("0", -5, LLONG_MAX, 1);
+ test("-3", -3, LLONG_MAX, 1);
+ test("-9223372036854775808", LLONG_MIN, LLONG_MAX, 1);
+ test("9223372036854775807", LLONG_MIN, LLONG_MAX, 1);
+ test("-9223372036854775809", LLONG_MIN, LLONG_MAX, 0);
+ test("9223372036854775808", LLONG_MIN, LLONG_MAX, 0);
+ test("1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0);
+ test("-1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0);
+ test("-2", 10, -1, 0);
+ test("-2", -10, -1, 1);
+ test("-20", -10, -1, 0);
+ test("20", -10, -1, 0);
+
+ return (fail);
+}
+
diff --git a/crypto/openssh/openssh.xml.in b/crypto/openssh/openssh.xml.in
new file mode 100644
index 0000000..8afe1d3
--- /dev/null
+++ b/crypto/openssh/openssh.xml.in
@@ -0,0 +1,90 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<!--
+ Copyright (c) 2006 Chad Mynhier.
+
+ Permission to use, copy, modify, and distribute this software for any
+ purpose with or without fee is hereby granted, provided that the above
+ copyright notice and this permission notice appear in all copies.
+
+ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<service_bundle type='manifest' name='OpenSSH server'>
+
+ <service
+ name='site/__SYSVINIT_NAME__'
+ type='service'
+ version='1'>
+
+<!--
+ We default to disabled so administrator can decide to enable or not.
+-->
+ <create_default_instance enabled='false'/>
+
+ <single_instance/>
+
+ <dependency
+ name='filesystem-local'
+ grouping='require_all'
+ restart_on='none'
+ type='service'>
+ <service_fmri value='svc:/system/filesystem/local'/>
+ </dependency>
+
+ <dependency
+ name='network'
+ grouping='require_all'
+ restart_on='none'
+ type='service'>
+ <service_fmri value='svc:/milestone/network'/>
+ </dependency>
+
+ <dependent
+ name='multi-user-server'
+ restart_on='none'
+ grouping='optional_all'>
+ <service_fmri value='svc:/milestone/multi-user-server'/>
+ </dependent>
+
+ <exec_method
+ name='start'
+ type='method'
+ exec='__SMF_METHOD_DIR__/__SYSVINIT_NAME__ start'
+ timeout_seconds='60'>
+ <method_context/>
+ </exec_method>
+
+ <exec_method
+ name='stop'
+ type='method'
+ exec=':kill'
+ timeout_seconds='60'>
+ <method_context/>
+ </exec_method>
+
+ <property_group
+ name='startd'
+ type='framework'>
+ <propval name='ignore_error' type='astring' value='core,signal'/>
+ </property_group>
+
+ <template>
+ <common_name>
+ <loctext xml:lang='C'>OpenSSH server</loctext>
+ </common_name>
+ <documentation>
+ <manpage
+ title='sshd'
+ section='1M'
+ manpath='@prefix@/man'/>
+ </documentation>
+ </template>
+ </service>
+</service_bundle>
diff --git a/crypto/openssh/opensshd.init.in b/crypto/openssh/opensshd.init.in
new file mode 100755
index 0000000..0db60ca
--- /dev/null
+++ b/crypto/openssh/opensshd.init.in
@@ -0,0 +1,88 @@
+#!@STARTUP_SCRIPT_SHELL@
+# Donated code that was put under PD license.
+#
+# Stripped PRNGd out of it for the time being.
+
+umask 022
+
+CAT=@CAT@
+KILL=@KILL@
+
+prefix=@prefix@
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+
+SSHD=$prefix/sbin/sshd
+PIDFILE=$piddir/sshd.pid
+PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
+[ X$PidFile = X ] || PIDFILE=$PidFile
+SSH_KEYGEN=$prefix/bin/ssh-keygen
+HOST_KEY_RSA1=$sysconfdir/ssh_host_key
+HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
+HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
+@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
+
+
+checkkeys() {
+ if [ ! -f $HOST_KEY_RSA1 ]; then
+ ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+ fi
+ if [ ! -f $HOST_KEY_DSA ]; then
+ ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
+ fi
+ if [ ! -f $HOST_KEY_RSA ]; then
+ ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
+ fi
+@COMMENT_OUT_ECC@ if [ ! -f $HOST_KEY_ECDSA ]; then
+@COMMENT_OUT_ECC@ ${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N ""
+@COMMENT_OUT_ECC@ fi
+}
+
+stop_service() {
+ if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
+ PID=`${CAT} ${PIDFILE}`
+ fi
+ if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
+ ${KILL} ${PID}
+ else
+ echo "Unable to read PID file"
+ fi
+}
+
+start_service() {
+ # XXX We really should check if the service is already going, but
+ # XXX we will opt out at this time. - Bal
+
+ # Check to see if we have keys that need to be made
+ checkkeys
+
+ # Start SSHD
+ echo "starting $SSHD... \c" ; $SSHD
+
+ sshd_rc=$?
+ if [ $sshd_rc -ne 0 ]; then
+ echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
+ exit $sshd_rc
+ fi
+ echo done.
+}
+
+case $1 in
+
+'start')
+ start_service
+ ;;
+
+'stop')
+ stop_service
+ ;;
+
+'restart')
+ stop_service
+ start_service
+ ;;
+
+*)
+ echo "$0: usage: $0 {start|stop|restart}"
+ ;;
+esac
diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile
new file mode 100644
index 0000000..ab2a6ae
--- /dev/null
+++ b/crypto/openssh/regress/Makefile
@@ -0,0 +1,169 @@
+# $OpenBSD: Makefile,v 1.65 2013/04/18 02:46:12 djm Exp $
+
+REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec
+tests: $(REGRESS_TARGETS)
+
+# Interop tests are not run by default
+interop interop-tests: t-exec-interop
+
+clean:
+ for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
+ test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
+ rm -rf $(OBJ).putty
+
+distclean: clean
+
+LTESTS= connect \
+ proxy-connect \
+ connect-privsep \
+ proto-version \
+ proto-mismatch \
+ exit-status \
+ envpass \
+ transfer \
+ banner \
+ rekey \
+ stderr-data \
+ stderr-after-eof \
+ broken-pipe \
+ try-ciphers \
+ yes-head \
+ login-timeout \
+ agent \
+ agent-getpeereid \
+ agent-timeout \
+ agent-ptrace \
+ keyscan \
+ keygen-change \
+ keygen-convert \
+ key-options \
+ scp \
+ sftp \
+ sftp-chroot \
+ sftp-cmds \
+ sftp-badcmds \
+ sftp-batch \
+ sftp-glob \
+ reconfigure \
+ dynamic-forward \
+ forwarding \
+ multiplex \
+ reexec \
+ brokenkeys \
+ cfgmatch \
+ addrmatch \
+ localcommand \
+ forcecommand \
+ portnum \
+ keytype \
+ kextype \
+ cert-hostkey \
+ cert-userkey \
+ host-expand \
+ keys-command \
+ forward-control \
+ integrity \
+ krl
+
+INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
+#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
+
+#LTESTS= cipher-speed
+
+USER!= id -un
+CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \
+ t8.out t8.out.pub t9.out t9.out.pub \
+ authorized_keys_${USER} known_hosts pidfile testdata \
+ ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \
+ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \
+ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \
+ ls.copy banner.in banner.out empty.in \
+ scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \
+ sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv \
+ known_hosts-cert host_ca_key* cert_host_key* cert_user_key* \
+ putty.rsa2 sshd_proxy_orig ssh_proxy_bak \
+ key.rsa-* key.dsa-* key.ecdsa-* \
+ authorized_principals_${USER} expect actual ready \
+ sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \
+ ssh.log failed-ssh.log sshd.log failed-sshd.log \
+ regress.log failed-regress.log ssh-log-wrapper.sh
+
+SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER}
+
+# Enable all malloc(3) randomisations and checks
+TEST_ENV= "MALLOC_OPTIONS=AFGJPRX"
+
+TEST_SSH_SSHKEYGEN?=ssh-keygen
+
+CPPFLAGS=-I..
+
+t1:
+ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv
+ tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv
+ ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv
+ awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv
+ ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv
+
+t2:
+ cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out
+ chmod 600 $(OBJ)/t2.out
+ ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub
+
+t3:
+ ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out
+ ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub
+
+t4:
+ ${TEST_SSH_SSHKEYGEN} -lf ${.CURDIR}/rsa_openssh.pub |\
+ awk '{print $$2}' | diff - ${.CURDIR}/t4.ok
+
+t5:
+ ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\
+ awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
+
+t6:
+ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1
+ ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2
+ chmod 600 $(OBJ)/t6.out1
+ ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2
+
+$(OBJ)/t7.out:
+ ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@
+
+t7: $(OBJ)/t7.out
+ ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null
+ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null
+
+$(OBJ)/t8.out:
+ ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@
+
+t8: $(OBJ)/t8.out
+ ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null
+ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null
+
+$(OBJ)/t9.out:
+ test "${TEST_SSH_ECC}" != yes || \
+ ${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@
+
+t9: $(OBJ)/t9.out
+ test "${TEST_SSH_ECC}" != yes || \
+ ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t9.out > /dev/null
+ test "${TEST_SSH_ECC}" != yes || \
+ ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t9.out > /dev/null
+
+t-exec: ${LTESTS:=.sh}
+ @if [ "x$?" = "x" ]; then exit 0; fi; \
+ for TEST in ""$?; do \
+ echo "run test $${TEST}" ... 1>&2; \
+ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+ done
+
+t-exec-interop: ${INTEROP_TESTS:=.sh}
+ @if [ "x$?" = "x" ]; then exit 0; fi; \
+ for TEST in ""$?; do \
+ echo "run test $${TEST}" ... 1>&2; \
+ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+ done
+
+# Not run by default
+interop: ${INTEROP_TARGETS}
diff --git a/crypto/openssh/regress/README.regress b/crypto/openssh/regress/README.regress
new file mode 100644
index 0000000..82e4cc7
--- /dev/null
+++ b/crypto/openssh/regress/README.regress
@@ -0,0 +1,104 @@
+Overview.
+
+$ ./configure && make tests
+
+You'll see some progress info. A failure will cause either the make to
+abort or the driver script to report a "FATAL" failure.
+
+The test consists of 2 parts. The first is the file-based tests which is
+driven by the Makefile, and the second is a set of network or proxycommand
+based tests, which are driven by a driver script (test-exec.sh) which is
+called multiple times by the Makefile.
+
+Failures in the first part will cause the Makefile to return an error.
+Failures in the second part will print a "FATAL" message for the failed
+test and continue.
+
+OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
+suite is based on OpenBSD's with modifications.
+
+
+Environment variables.
+
+SUDO: path to sudo command, if desired. Note that some systems (notably
+ systems using PAM) require sudo to execute some tests.
+TEST_SSH_TRACE: set to "yes" for verbose output from tests
+TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
+TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
+ SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
+OBJ: used by test scripts to access build dir.
+TEST_SHELL: shell used for running the test scripts.
+TEST_SSH_PORT: TCP port to be used for the listening tests.
+TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to ssh_config
+ before running each test.
+TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config
+ before running each test.
+
+
+Individual tests.
+
+You can run an individual test from the top-level Makefile, eg:
+$ make tests LTESTS=agent-timeout
+
+If you need to manipulate the environment more you can invoke test-exec.sh
+directly if you set up the path to find the binaries under test and the
+test scripts themselves, for example:
+
+$ cd regress
+$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
+ agent-timeout.sh
+ok agent timeout test
+
+
+Files.
+
+test-exec.sh: the main test driver. Sets environment, creates config files
+and keys and runs the specified test.
+
+At the time of writing, the individual tests are:
+agent-timeout.sh: agent timeout test
+agent.sh: simple agent test
+broken-pipe.sh: broken pipe test
+connect-privsep.sh: proxy connect with privsep
+connect.sh: simple connect
+exit-status.sh: remote exit status
+forwarding.sh: local and remote forwarding
+keygen-change.sh: change passphrase for key
+keyscan.sh: keyscan
+proto-mismatch.sh: protocol version mismatch
+proto-version.sh: sshd version with different protocol combinations
+proxy-connect.sh: proxy connect
+sftp.sh: basic sftp put/get
+ssh-com-client.sh: connect with ssh.com client
+ssh-com-keygen.sh: ssh.com key import
+ssh-com-sftp.sh: basic sftp put/get with ssh.com server
+ssh-com.sh: connect to ssh.com server
+stderr-after-eof.sh: stderr data after eof
+stderr-data.sh: stderr data transfer
+transfer.sh: transfer data
+try-ciphers.sh: try ciphers
+yes-head.sh: yes pipe head
+
+
+Problems?
+
+Run the failing test with shell tracing (-x) turned on:
+$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh
+
+Failed tests can be difficult to diagnose. Suggestions:
+- run the individual test via ./test-exec.sh `pwd` [testname]
+- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
+ auth.debug (eg to /var/log/authlog).
+
+
+Known Issues.
+
+- Similarly, if you do not have "scp" in your system's $PATH then the
+ multiplex scp tests will fail (since the system's shell startup scripts
+ will determine where the shell started by sshd will look for scp).
+
+- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
+ test to fail. The old behaviour can be restored by setting (and
+ exporting) _POSIX2_VERSION=199209 before running the tests.
+
+$Id: README.regress,v 1.12 2011/05/05 03:48:42 djm Exp $
diff --git a/crypto/openssh/regress/addrmatch.sh b/crypto/openssh/regress/addrmatch.sh
new file mode 100755
index 0000000..1584bd4
--- /dev/null
+++ b/crypto/openssh/regress/addrmatch.sh
@@ -0,0 +1,56 @@
+# $OpenBSD: addrmatch.sh,v 1.4 2012/05/13 01:42:32 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="address match"
+
+mv $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
+run_trial()
+{
+ user="$1"; addr="$2"; host="$3"; laddr="$4"; lport="$5"
+ expected="$6"; descr="$7"
+
+ verbose "test $descr for $user $addr $host"
+ result=`${SSHD} -f $OBJ/sshd_proxy -T \
+ -C user=${user},addr=${addr},host=${host},laddr=${laddr},lport=${lport} | \
+ awk '/^forcecommand/ {print $2}'`
+ if [ "$result" != "$expected" ]; then
+ fail "failed '$descr' expected $expected got $result"
+ fi
+}
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+cat >>$OBJ/sshd_proxy <<EOD
+ForceCommand nomatch
+Match Address 192.168.0.0/16,!192.168.30.0/24,10.0.0.0/8,host.example.com
+ ForceCommand match1
+Match Address 1.1.1.1,::1,!::3,2000::/16
+ ForceCommand match2
+Match LocalAddress 127.0.0.1,::1
+ ForceCommand match3
+Match LocalPort 5678
+ ForceCommand match4
+EOD
+
+run_trial user 192.168.0.1 somehost 1.2.3.4 1234 match1 "first entry"
+run_trial user 192.168.30.1 somehost 1.2.3.4 1234 nomatch "negative match"
+run_trial user 19.0.0.1 somehost 1.2.3.4 1234 nomatch "no match"
+run_trial user 10.255.255.254 somehost 1.2.3.4 1234 match1 "list middle"
+run_trial user 192.168.30.1 192.168.0.1 1.2.3.4 1234 nomatch "faked IP in hostname"
+run_trial user 1.1.1.1 somehost.example.com 1.2.3.4 1234 match2 "bare IP4 address"
+run_trial user 19.0.0.1 somehost 127.0.0.1 1234 match3 "localaddress"
+run_trial user 19.0.0.1 somehost 1.2.3.4 5678 match4 "localport"
+
+if test "$TEST_SSH_IPV6" != "no"; then
+run_trial user ::1 somehost.example.com ::2 1234 match2 "bare IP6 address"
+run_trial user ::2 somehost.exaple.com ::2 1234 nomatch "deny IPv6"
+run_trial user ::3 somehost ::2 1234 nomatch "IP6 negated"
+run_trial user ::4 somehost ::2 1234 nomatch "IP6 no match"
+run_trial user 2000::1 somehost ::2 1234 match2 "IP6 network"
+run_trial user 2001::1 somehost ::2 1234 nomatch "IP6 network"
+run_trial user ::5 somehost ::1 1234 match3 "IP6 localaddress"
+run_trial user ::5 somehost ::2 5678 match4 "IP6 localport"
+fi
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+rm $OBJ/sshd_proxy_bak
diff --git a/crypto/openssh/regress/agent-getpeereid.sh b/crypto/openssh/regress/agent-getpeereid.sh
new file mode 100644
index 0000000..d5ae2d6
--- /dev/null
+++ b/crypto/openssh/regress/agent-getpeereid.sh
@@ -0,0 +1,45 @@
+# $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent attach from other uid"
+
+UNPRIV=nobody
+ASOCK=${OBJ}/agent
+SSH_AUTH_SOCK=/nonexistent
+
+if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
+ :
+else
+ echo "skipped (not supported on this platform)"
+ exit 0
+fi
+if [ -z "$SUDO" ]; then
+ echo "skipped: need SUDO to switch to uid $UNPRIV"
+ exit 0
+fi
+
+trace "start agent"
+eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ chmod 644 ${SSH_AUTH_SOCK}
+
+ ssh-add -l > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 1 ]; then
+ fail "ssh-add failed with $r != 1"
+ fi
+
+ < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l 2>/dev/null
+ r=$?
+ if [ $r -lt 2 ]; then
+ fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
+
+rm -f ${OBJ}/agent
diff --git a/crypto/openssh/regress/agent-pkcs11.sh b/crypto/openssh/regress/agent-pkcs11.sh
new file mode 100755
index 0000000..db33ab3
--- /dev/null
+++ b/crypto/openssh/regress/agent-pkcs11.sh
@@ -0,0 +1,69 @@
+# $OpenBSD: agent-pkcs11.sh,v 1.1 2010/02/08 10:52:47 markus Exp $
+# Placed in the Public Domain.
+
+tid="pkcs11 agent test"
+
+TEST_SSH_PIN=""
+TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
+
+# setup environment for soft-pkcs11 token
+SOFTPKCS11RC=$OBJ/pkcs11.info
+export SOFTPKCS11RC
+# prevent ssh-agent from calling ssh-askpass
+SSH_ASKPASS=/usr/bin/true
+export SSH_ASKPASS
+unset DISPLAY
+
+# start command w/o tty, so ssh-add accepts pin from stdin
+notty() {
+ perl -e 'use POSIX; POSIX::setsid();
+ if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
+}
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ trace "generating key/cert"
+ rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
+ openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
+ chmod 600 $OBJ/pkcs11.key
+ openssl req -key $OBJ/pkcs11.key -new -x509 \
+ -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
+ printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
+ # add to authorized keys
+ ${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
+
+ trace "add pkcs11 key to agent"
+ echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -s failed: exit code $r"
+ fi
+
+ trace "pkcs11 list via agent"
+ ${SSHADD} -l > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -l failed: exit code $r"
+ fi
+
+ trace "pkcs11 connect via agent"
+ ${SSH} -2 -F $OBJ/ssh_proxy somehost exit 5
+ r=$?
+ if [ $r -ne 5 ]; then
+ fail "ssh connect failed (exit code $r)"
+ fi
+
+ trace "remove pkcs11 keys"
+ echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-add -e failed: exit code $r"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
diff --git a/crypto/openssh/regress/agent-ptrace.sh b/crypto/openssh/regress/agent-ptrace.sh
new file mode 100644
index 0000000..9f29464
--- /dev/null
+++ b/crypto/openssh/regress/agent-ptrace.sh
@@ -0,0 +1,53 @@
+# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent ptrace attach"
+
+if have_prog uname ; then
+ case `uname` in
+ AIX|CYGWIN*|OSF1)
+ echo "skipped (not supported on this platform)"
+ exit 0
+ ;;
+ esac
+fi
+
+if have_prog gdb ; then
+ : ok
+else
+ echo "skipped (gdb not found)"
+ exit 0
+fi
+
+if test -z "$SUDO" ; then
+ echo "skipped (SUDO not set)"
+ exit 0
+else
+ $SUDO chown 0 ${SSHAGENT}
+ $SUDO chgrp 0 ${SSHAGENT}
+ $SUDO chmod 2755 ${SSHAGENT}
+fi
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ # ls -l ${SSH_AUTH_SOCK}
+ gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
+ quit
+EOF
+ if [ $? -ne 0 ]; then
+ fail "gdb failed: exit code $?"
+ fi
+ egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null ${OBJ}/gdb.out
+ r=$?
+ rm -f ${OBJ}/gdb.out
+ if [ $r -ne 0 ]; then
+ fail "ptrace succeeded?: exit code $r"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
diff --git a/crypto/openssh/regress/agent-timeout.sh b/crypto/openssh/regress/agent-timeout.sh
new file mode 100644
index 0000000..6882659
--- /dev/null
+++ b/crypto/openssh/regress/agent-timeout.sh
@@ -0,0 +1,36 @@
+# $OpenBSD: agent-timeout.sh,v 1.2 2013/05/17 01:16:09 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="agent timeout test"
+
+SSHAGENT_TIMEOUT=10
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ trace "add keys with timeout"
+ for t in rsa rsa1; do
+ ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add did succeed exit code 0"
+ fi
+ done
+ n=`${SSHADD} -l 2> /dev/null | wc -l`
+ trace "agent has $n keys"
+ if [ $n -ne 2 ]; then
+ fail "ssh-add -l did not return 2 keys: $n"
+ fi
+ trace "sleeping 2*${SSHAGENT_TIMEOUT} seconds"
+ sleep ${SSHAGENT_TIMEOUT}
+ sleep ${SSHAGENT_TIMEOUT}
+ ${SSHADD} -l 2> /dev/null | grep 'The agent has no identities.' >/dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l still returns keys after timeout"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
diff --git a/crypto/openssh/regress/agent.sh b/crypto/openssh/regress/agent.sh
new file mode 100644
index 0000000..be7d913
--- /dev/null
+++ b/crypto/openssh/regress/agent.sh
@@ -0,0 +1,75 @@
+# $OpenBSD: agent.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="simple agent test"
+
+SSH_AUTH_SOCK=/nonexistent ${SSHADD} -l > /dev/null 2>&1
+if [ $? -ne 2 ]; then
+ fail "ssh-add -l did not fail with exit code 2"
+fi
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ ${SSHADD} -l > /dev/null 2>&1
+ if [ $? -ne 1 ]; then
+ fail "ssh-add -l did not fail with exit code 1"
+ fi
+ trace "overwrite authorized keys"
+ printf '' > $OBJ/authorized_keys_$USER
+ for t in rsa rsa1; do
+ # generate user key for agent
+ rm -f $OBJ/$t-agent
+ ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\
+ fail "ssh-keygen for $t-agent failed"
+ # add to authorized keys
+ cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
+ # add privat key to agent
+ ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add did succeed exit code 0"
+ fi
+ done
+ ${SSHADD} -l > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l failed: exit code $?"
+ fi
+ # the same for full pubkey output
+ ${SSHADD} -L > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -L failed: exit code $?"
+ fi
+
+ trace "simple connect via agent"
+ for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p
+ if [ $? -ne 5$p ]; then
+ fail "ssh connect with protocol $p failed (exit code $?)"
+ fi
+ done
+
+ trace "agent forwarding"
+ for p in 1 2; do
+ ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l via agent fwd proto $p failed (exit code $?)"
+ fi
+ ${SSH} -A -$p -F $OBJ/ssh_proxy somehost \
+ "${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p"
+ if [ $? -ne 5$p ]; then
+ fail "agent fwd proto $p failed (exit code $?)"
+ fi
+ done
+
+ trace "delete all agent keys"
+ ${SSHADD} -D > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -D failed: exit code $?"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
diff --git a/crypto/openssh/regress/banner.sh b/crypto/openssh/regress/banner.sh
new file mode 100644
index 0000000..0b9c950
--- /dev/null
+++ b/crypto/openssh/regress/banner.sh
@@ -0,0 +1,44 @@
+# $OpenBSD: banner.sh,v 1.2 2003/10/11 11:49:49 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="banner"
+echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy
+
+rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in
+touch $OBJ/empty.in
+
+trace "test missing banner file"
+verbose "test $tid: missing banner file"
+( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+ cmp $OBJ/empty.in $OBJ/banner.out ) || \
+ fail "missing banner file"
+
+for s in 0 10 100 1000 10000 100000 ; do
+ if [ "$s" = "0" ]; then
+ # create empty banner
+ touch $OBJ/banner.in
+ elif [ "$s" = "10" ]; then
+ # create 10-byte banner file
+ echo "abcdefghi" >$OBJ/banner.in
+ else
+ # increase size 10x
+ cp $OBJ/banner.in $OBJ/banner.out
+ for i in 0 1 2 3 4 5 6 7 8 ; do
+ cat $OBJ/banner.out >> $OBJ/banner.in
+ done
+ fi
+
+ trace "test banner size $s"
+ verbose "test $tid: size $s"
+ ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+ cmp $OBJ/banner.in $OBJ/banner.out ) || \
+ fail "banner size $s mismatch"
+done
+
+trace "test suppress banner (-q)"
+verbose "test $tid: suppress banner (-q)"
+( ${SSH} -q -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+ cmp $OBJ/empty.in $OBJ/banner.out ) || \
+ fail "suppress banner (-q)"
+
+rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in
diff --git a/crypto/openssh/regress/broken-pipe.sh b/crypto/openssh/regress/broken-pipe.sh
new file mode 100644
index 0000000..c08c849
--- /dev/null
+++ b/crypto/openssh/regress/broken-pipe.sh
@@ -0,0 +1,15 @@
+# $OpenBSD: broken-pipe.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="broken pipe test"
+
+for p in 1 2; do
+ trace "protocol $p"
+ for i in 1 2 3 4; do
+ ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "broken pipe returns $r for protocol $p"
+ fi
+ done
+done
diff --git a/crypto/openssh/regress/brokenkeys.sh b/crypto/openssh/regress/brokenkeys.sh
new file mode 100644
index 0000000..3e70c34
--- /dev/null
+++ b/crypto/openssh/regress/brokenkeys.sh
@@ -0,0 +1,23 @@
+# $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $
+# Placed in the Public Domain.
+
+tid="broken keys"
+
+KEYS="$OBJ/authorized_keys_${USER}"
+
+start_sshd
+
+mv ${KEYS} ${KEYS}.bak
+
+# Truncated key
+echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS
+cat ${KEYS}.bak >> ${KEYS}
+cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
+
+${SSH} -2 -F $OBJ/ssh_config somehost true
+if [ $? -ne 0 ]; then
+ fail "ssh connect with protocol $p failed"
+fi
+
+mv ${KEYS}.bak ${KEYS}
+
diff --git a/crypto/openssh/regress/cert-hostkey.sh b/crypto/openssh/regress/cert-hostkey.sh
new file mode 100755
index 0000000..35cd392
--- /dev/null
+++ b/crypto/openssh/regress/cert-hostkey.sh
@@ -0,0 +1,256 @@
+# $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="certified host keys"
+
+# used to disable ECC based tests on platforms without ECC
+ecdsa=""
+if test "x$TEST_SSH_ECC" = "xyes"; then
+ ecdsa=ecdsa
+fi
+
+rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
+HOSTS='localhost-with-alias,127.0.0.1,::1'
+
+# Create a CA key and add it to known hosts
+${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\
+ fail "ssh-keygen of host_ca_key failed"
+(
+ printf '@cert-authority '
+ printf "$HOSTS "
+ cat $OBJ/host_ca_key.pub
+) > $OBJ/known_hosts-cert
+
+# Generate and sign host keys
+for ktype in rsa dsa $ecdsa ; do
+ verbose "$tid: sign host ${ktype} cert"
+ # Generate and sign a host key
+ ${SSHKEYGEN} -q -N '' -t ${ktype} \
+ -f $OBJ/cert_host_key_${ktype} || \
+ fail "ssh-keygen of cert_host_key_${ktype} failed"
+ ${SSHKEYGEN} -h -q -s $OBJ/host_ca_key \
+ -I "regress host key for $USER" \
+ -n $HOSTS $OBJ/cert_host_key_${ktype} ||
+ fail "couldn't sign cert_host_key_${ktype}"
+ # v00 ecdsa certs do not exist
+ test "${ktype}" = "ecdsa" && continue
+ cp $OBJ/cert_host_key_${ktype} $OBJ/cert_host_key_${ktype}_v00
+ cp $OBJ/cert_host_key_${ktype}.pub $OBJ/cert_host_key_${ktype}_v00.pub
+ ${SSHKEYGEN} -t v00 -h -q -s $OBJ/host_ca_key \
+ -I "regress host key for $USER" \
+ -n $HOSTS $OBJ/cert_host_key_${ktype}_v00 ||
+ fail "couldn't sign cert_host_key_${ktype}_v00"
+done
+
+# Basic connect tests
+for privsep in yes no ; do
+ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
+ verbose "$tid: host ${ktype} cert connect privsep $privsep"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/cert_host_key_${ktype}
+ echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
+ echo UsePrivilegeSeparation $privsep
+ ) > $OBJ/sshd_proxy
+
+ ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
+ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
+ -F $OBJ/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+ done
+done
+
+# Revoked certificates with key present
+(
+ printf '@cert-authority '
+ printf "$HOSTS "
+ cat $OBJ/host_ca_key.pub
+ printf '@revoked '
+ printf "* "
+ cat $OBJ/cert_host_key_rsa.pub
+ if test "x$TEST_SSH_ECC" = "xyes"; then
+ printf '@revoked '
+ printf "* "
+ cat $OBJ/cert_host_key_ecdsa.pub
+ fi
+ printf '@revoked '
+ printf "* "
+ cat $OBJ/cert_host_key_dsa.pub
+ printf '@revoked '
+ printf "* "
+ cat $OBJ/cert_host_key_rsa_v00.pub
+ printf '@revoked '
+ printf "* "
+ cat $OBJ/cert_host_key_dsa_v00.pub
+) > $OBJ/known_hosts-cert
+for privsep in yes no ; do
+ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
+ verbose "$tid: host ${ktype} revoked cert privsep $privsep"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/cert_host_key_${ktype}
+ echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
+ echo UsePrivilegeSeparation $privsep
+ ) > $OBJ/sshd_proxy
+
+ ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
+ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+ done
+done
+
+# Revoked CA
+(
+ printf '@cert-authority '
+ printf "$HOSTS "
+ cat $OBJ/host_ca_key.pub
+ printf '@revoked '
+ printf "* "
+ cat $OBJ/host_ca_key.pub
+) > $OBJ/known_hosts-cert
+for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+ verbose "$tid: host ${ktype} revoked cert"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/cert_host_key_${ktype}
+ echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
+ ) > $OBJ/sshd_proxy
+ ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
+ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+done
+
+# Create a CA key and add it to known hosts
+(
+ printf '@cert-authority '
+ printf "$HOSTS "
+ cat $OBJ/host_ca_key.pub
+) > $OBJ/known_hosts-cert
+
+test_one() {
+ ident=$1
+ result=$2
+ sign_opts=$3
+
+ for kt in rsa rsa_v00 ; do
+ case $kt in
+ *_v00) args="-t v00" ;;
+ *) args="" ;;
+ esac
+
+ verbose "$tid: host cert connect $ident $kt expect $result"
+ ${SSHKEYGEN} -q -s $OBJ/host_ca_key \
+ -I "regress host key for $USER" \
+ $sign_opts $args \
+ $OBJ/cert_host_key_${kt} ||
+ fail "couldn't sign cert_host_key_${kt}"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/cert_host_key_${kt}
+ echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub
+ ) > $OBJ/sshd_proxy
+
+ ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
+ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ rc=$?
+ if [ "x$result" = "xsuccess" ] ; then
+ if [ $rc -ne 0 ]; then
+ fail "ssh cert connect $ident failed unexpectedly"
+ fi
+ else
+ if [ $rc -eq 0 ]; then
+ fail "ssh cert connect $ident succeeded unexpectedly"
+ fi
+ fi
+ done
+}
+
+test_one "user-certificate" failure "-n $HOSTS"
+test_one "empty principals" success "-h"
+test_one "wrong principals" failure "-h -n foo"
+test_one "cert not yet valid" failure "-h -V20200101:20300101"
+test_one "cert expired" failure "-h -V19800101:19900101"
+test_one "cert valid interval" success "-h -V-1w:+2w"
+test_one "cert has constraints" failure "-h -Oforce-command=false"
+
+# Check downgrade of cert to raw key when no CA found
+for v in v01 v00 ; do
+ for ktype in rsa dsa $ecdsa ; do
+ # v00 ecdsa certs do not exist.
+ test "${v}${ktype}" = "v00ecdsa" && continue
+ rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
+ verbose "$tid: host ${ktype} ${v} cert downgrade to raw key"
+ # Generate and sign a host key
+ ${SSHKEYGEN} -q -N '' -t ${ktype} \
+ -f $OBJ/cert_host_key_${ktype} || \
+ fail "ssh-keygen of cert_host_key_${ktype} failed"
+ ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/host_ca_key \
+ -I "regress host key for $USER" \
+ -n $HOSTS $OBJ/cert_host_key_${ktype} ||
+ fail "couldn't sign cert_host_key_${ktype}"
+ (
+ printf "$HOSTS "
+ cat $OBJ/cert_host_key_${ktype}.pub
+ ) > $OBJ/known_hosts-cert
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/cert_host_key_${ktype}
+ echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
+ ) > $OBJ/sshd_proxy
+
+ ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
+ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
+ -F $OBJ/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+ done
+done
+
+# Wrong certificate
+(
+ printf '@cert-authority '
+ printf "$HOSTS "
+ cat $OBJ/host_ca_key.pub
+) > $OBJ/known_hosts-cert
+for v in v01 v00 ; do
+ for kt in rsa dsa $ecdsa ; do
+ # v00 ecdsa certs do not exist.
+ test "${v}${ktype}" = "v00ecdsa" && continue
+ rm -f $OBJ/cert_host_key*
+ # Self-sign key
+ ${SSHKEYGEN} -q -N '' -t ${kt} \
+ -f $OBJ/cert_host_key_${kt} || \
+ fail "ssh-keygen of cert_host_key_${kt} failed"
+ ${SSHKEYGEN} -t ${v} -h -q -s $OBJ/cert_host_key_${kt} \
+ -I "regress host key for $USER" \
+ -n $HOSTS $OBJ/cert_host_key_${kt} ||
+ fail "couldn't sign cert_host_key_${kt}"
+ verbose "$tid: host ${kt} connect wrong cert"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/cert_host_key_${kt}
+ echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub
+ ) > $OBJ/sshd_proxy
+
+ ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
+ -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
+ -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect $ident succeeded unexpectedly"
+ fi
+ done
+done
+
+rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
diff --git a/crypto/openssh/regress/cert-userkey.sh b/crypto/openssh/regress/cert-userkey.sh
new file mode 100755
index 0000000..6018b38
--- /dev/null
+++ b/crypto/openssh/regress/cert-userkey.sh
@@ -0,0 +1,355 @@
+# $OpenBSD: cert-userkey.sh,v 1.11 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="certified user keys"
+
+# used to disable ECC based tests on platforms without ECC
+ecdsa=""
+if test "x$TEST_SSH_ECC" = "xyes"; then
+ ecdsa=ecdsa
+fi
+
+rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
+# Create a CA key
+${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_ca_key ||\
+ fail "ssh-keygen of user_ca_key failed"
+
+# Generate and sign user keys
+for ktype in rsa dsa $ecdsa ; do
+ verbose "$tid: sign user ${ktype} cert"
+ ${SSHKEYGEN} -q -N '' -t ${ktype} \
+ -f $OBJ/cert_user_key_${ktype} || \
+ fail "ssh-keygen of cert_user_key_${ktype} failed"
+ ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
+ -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype} ||
+ fail "couldn't sign cert_user_key_${ktype}"
+ # v00 ecdsa certs do not exist
+ test "${ktype}" = "ecdsa" && continue
+ cp $OBJ/cert_user_key_${ktype} $OBJ/cert_user_key_${ktype}_v00
+ cp $OBJ/cert_user_key_${ktype}.pub $OBJ/cert_user_key_${ktype}_v00.pub
+ ${SSHKEYGEN} -q -t v00 -s $OBJ/user_ca_key -I \
+ "regress user key for $USER" \
+ -n ${USER},mekmitasdigoat $OBJ/cert_user_key_${ktype}_v00 ||
+ fail "couldn't sign cert_user_key_${ktype}_v00"
+done
+
+# Test explicitly-specified principals
+for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+ for privsep in yes no ; do
+ _prefix="${ktype} privsep $privsep"
+
+ # Setup for AuthorizedPrincipalsFile
+ rm -f $OBJ/authorized_keys_$USER
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo "UsePrivilegeSeparation $privsep"
+ echo "AuthorizedPrincipalsFile " \
+ "$OBJ/authorized_principals_%u"
+ echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
+ ) > $OBJ/sshd_proxy
+
+ # Missing authorized_principals
+ verbose "$tid: ${_prefix} missing authorized_principals"
+ rm -f $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+
+ # Empty authorized_principals
+ verbose "$tid: ${_prefix} empty authorized_principals"
+ echo > $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+
+ # Wrong authorized_principals
+ verbose "$tid: ${_prefix} wrong authorized_principals"
+ echo gregorsamsa > $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+
+ # Correct authorized_principals
+ verbose "$tid: ${_prefix} correct authorized_principals"
+ echo mekmitasdigoat > $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+
+ # authorized_principals with bad key option
+ verbose "$tid: ${_prefix} authorized_principals bad key opt"
+ echo 'blah mekmitasdigoat' > $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+
+ # authorized_principals with command=false
+ verbose "$tid: ${_prefix} authorized_principals command=false"
+ echo 'command="false" mekmitasdigoat' > \
+ $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+
+
+ # authorized_principals with command=true
+ verbose "$tid: ${_prefix} authorized_principals command=true"
+ echo 'command="true" mekmitasdigoat' > \
+ $OBJ/authorized_principals_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost false >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+
+ # Setup for principals= key option
+ rm -f $OBJ/authorized_principals_$USER
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo "UsePrivilegeSeparation $privsep"
+ ) > $OBJ/sshd_proxy
+
+ # Wrong principals list
+ verbose "$tid: ${_prefix} wrong principals key option"
+ (
+ printf 'cert-authority,principals="gregorsamsa" '
+ cat $OBJ/user_ca_key.pub
+ ) > $OBJ/authorized_keys_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpectedly"
+ fi
+
+ # Correct principals list
+ verbose "$tid: ${_prefix} correct principals key option"
+ (
+ printf 'cert-authority,principals="mekmitasdigoat" '
+ cat $OBJ/user_ca_key.pub
+ ) > $OBJ/authorized_keys_$USER
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+ done
+done
+
+basic_tests() {
+ auth=$1
+ if test "x$auth" = "xauthorized_keys" ; then
+ # Add CA to authorized_keys
+ (
+ printf 'cert-authority '
+ cat $OBJ/user_ca_key.pub
+ ) > $OBJ/authorized_keys_$USER
+ else
+ echo > $OBJ/authorized_keys_$USER
+ extra_sshd="TrustedUserCAKeys $OBJ/user_ca_key.pub"
+ fi
+
+ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+ for privsep in yes no ; do
+ _prefix="${ktype} privsep $privsep $auth"
+ # Simple connect
+ verbose "$tid: ${_prefix} connect"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo "UsePrivilegeSeparation $privsep"
+ echo "$extra_sshd"
+ ) > $OBJ/sshd_proxy
+
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+
+ # Revoked keys
+ verbose "$tid: ${_prefix} revoked key"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo "UsePrivilegeSeparation $privsep"
+ echo "RevokedKeys $OBJ/cert_user_key_revoked"
+ echo "$extra_sshd"
+ ) > $OBJ/sshd_proxy
+ cp $OBJ/cert_user_key_${ktype}.pub \
+ $OBJ/cert_user_key_revoked
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpecedly"
+ fi
+ verbose "$tid: ${_prefix} revoked via KRL"
+ rm $OBJ/cert_user_key_revoked
+ ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \
+ $OBJ/cert_user_key_${ktype}.pub
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpecedly"
+ fi
+ verbose "$tid: ${_prefix} empty KRL"
+ ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh cert connect failed"
+ fi
+ done
+
+ # Revoked CA
+ verbose "$tid: ${ktype} $auth revoked CA key"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo "RevokedKeys $OBJ/user_ca_key.pub"
+ echo "$extra_sshd"
+ ) > $OBJ/sshd_proxy
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
+ somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect succeeded unexpecedly"
+ fi
+ done
+
+ verbose "$tid: $auth CA does not authenticate"
+ (
+ cat $OBJ/sshd_proxy_bak
+ echo "$extra_sshd"
+ ) > $OBJ/sshd_proxy
+ verbose "$tid: ensure CA key does not authenticate user"
+ ${SSH} -2i $OBJ/user_ca_key \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect with CA key succeeded unexpectedly"
+ fi
+}
+
+basic_tests authorized_keys
+basic_tests TrustedUserCAKeys
+
+test_one() {
+ ident=$1
+ result=$2
+ sign_opts=$3
+ auth_choice=$4
+ auth_opt=$5
+
+ if test "x$auth_choice" = "x" ; then
+ auth_choice="authorized_keys TrustedUserCAKeys"
+ fi
+
+ for auth in $auth_choice ; do
+ for ktype in rsa rsa_v00 ; do
+ case $ktype in
+ *_v00) keyv="-t v00" ;;
+ *) keyv="" ;;
+ esac
+
+ cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
+ if test "x$auth" = "xauthorized_keys" ; then
+ # Add CA to authorized_keys
+ (
+ printf "cert-authority${auth_opt} "
+ cat $OBJ/user_ca_key.pub
+ ) > $OBJ/authorized_keys_$USER
+ else
+ echo > $OBJ/authorized_keys_$USER
+ echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" \
+ >> $OBJ/sshd_proxy
+ if test "x$auth_opt" != "x" ; then
+ echo $auth_opt >> $OBJ/sshd_proxy
+ fi
+ fi
+
+ verbose "$tid: $ident auth $auth expect $result $ktype"
+ ${SSHKEYGEN} -q -s $OBJ/user_ca_key \
+ -I "regress user key for $USER" \
+ $sign_opts $keyv \
+ $OBJ/cert_user_key_${ktype} ||
+ fail "couldn't sign cert_user_key_${ktype}"
+
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} \
+ -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1
+ rc=$?
+ if [ "x$result" = "xsuccess" ] ; then
+ if [ $rc -ne 0 ]; then
+ fail "$ident failed unexpectedly"
+ fi
+ else
+ if [ $rc -eq 0 ]; then
+ fail "$ident succeeded unexpectedly"
+ fi
+ fi
+ done
+ done
+}
+
+test_one "correct principal" success "-n ${USER}"
+test_one "host-certificate" failure "-n ${USER} -h"
+test_one "wrong principals" failure "-n foo"
+test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
+test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
+test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
+test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
+test_one "force-command" failure "-n ${USER} -Oforce-command=false"
+
+# Behaviour is different here: TrustedUserCAKeys doesn't allow empty principals
+test_one "empty principals" success "" authorized_keys
+test_one "empty principals" failure "" TrustedUserCAKeys
+
+# Check explicitly-specified principals: an empty principals list in the cert
+# should always be refused.
+
+# AuthorizedPrincipalsFile
+rm -f $OBJ/authorized_keys_$USER
+echo mekmitasdigoat > $OBJ/authorized_principals_$USER
+test_one "AuthorizedPrincipalsFile principals" success "-n mekmitasdigoat" \
+ TrustedUserCAKeys "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u"
+test_one "AuthorizedPrincipalsFile no principals" failure "" \
+ TrustedUserCAKeys "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u"
+
+# principals= key option
+rm -f $OBJ/authorized_principals_$USER
+test_one "principals key option principals" success "-n mekmitasdigoat" \
+ authorized_keys ',principals="mekmitasdigoat"'
+test_one "principals key option no principals" failure "" \
+ authorized_keys ',principals="mekmitasdigoat"'
+
+# Wrong certificate
+cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
+for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
+ case $ktype in
+ *_v00) args="-t v00" ;;
+ *) args="" ;;
+ esac
+ # Self-sign
+ ${SSHKEYGEN} $args -q -s $OBJ/cert_user_key_${ktype} -I \
+ "regress user key for $USER" \
+ -n $USER $OBJ/cert_user_key_${ktype} ||
+ fail "couldn't sign cert_user_key_${ktype}"
+ verbose "$tid: user ${ktype} connect wrong cert"
+ ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
+ somehost true >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ fail "ssh cert connect $ident succeeded unexpectedly"
+ fi
+done
+
+rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key*
+rm -f $OBJ/authorized_principals_$USER
+
diff --git a/crypto/openssh/regress/cfgmatch.sh b/crypto/openssh/regress/cfgmatch.sh
new file mode 100644
index 0000000..80cf229
--- /dev/null
+++ b/crypto/openssh/regress/cfgmatch.sh
@@ -0,0 +1,126 @@
+# $OpenBSD: cfgmatch.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="sshd_config match"
+
+pidfile=$OBJ/remote_pid
+fwdport=3301
+fwd="-L $fwdport:127.0.0.1:$PORT"
+
+echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_config
+echo "ExitOnForwardFailure=yes" >> $OBJ/ssh_proxy
+
+start_client()
+{
+ rm -f $pidfile
+ ${SSH} -q -$p $fwd "$@" somehost \
+ exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \
+ >>$TEST_REGRESS_LOGFILE 2>&1 &
+ client_pid=$!
+ # Wait for remote end
+ n=0
+ while test ! -f $pidfile ; do
+ sleep 1
+ n=`expr $n + 1`
+ if test $n -gt 60; then
+ kill $client_pid
+ fatal "timeout waiting for background ssh"
+ fi
+ done
+}
+
+stop_client()
+{
+ pid=`cat $pidfile`
+ if [ ! -z "$pid" ]; then
+ kill $pid
+ fi
+ wait
+}
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config
+echo "Match Address 127.0.0.1" >>$OBJ/sshd_config
+echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config
+
+grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
+echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy
+echo "Match user $USER" >>$OBJ/sshd_proxy
+echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
+echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
+
+start_sshd
+
+#set -x
+
+# Test Match + PermitOpen in sshd_config. This should be permitted
+for p in 1 2; do
+ trace "match permitopen localhost proto $p"
+ start_client -F $OBJ/ssh_config
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
+ fail "match permitopen permit proto $p"
+ stop_client
+done
+
+# Same but from different source. This should not be permitted
+for p in 1 2; do
+ trace "match permitopen proxy proto $p"
+ start_client -F $OBJ/ssh_proxy
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
+ fail "match permitopen deny proto $p"
+ stop_client
+done
+
+# Retry previous with key option, should also be denied.
+printf 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER
+cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
+printf 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER
+cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
+for p in 1 2; do
+ trace "match permitopen proxy w/key opts proto $p"
+ start_client -F $OBJ/ssh_proxy
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
+ fail "match permitopen deny w/key opt proto $p"
+ stop_client
+done
+
+# Test both sshd_config and key options permitting the same dst/port pair.
+# Should be permitted.
+for p in 1 2; do
+ trace "match permitopen localhost proto $p"
+ start_client -F $OBJ/ssh_config
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
+ fail "match permitopen permit proto $p"
+ stop_client
+done
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
+echo "Match User $USER" >>$OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
+
+# Test that a Match overrides a PermitOpen in the global section
+for p in 1 2; do
+ trace "match permitopen proxy w/key opts proto $p"
+ start_client -F $OBJ/ssh_proxy
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \
+ fail "match override permitopen proto $p"
+ stop_client
+done
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
+echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
+echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
+
+# Test that a rule that doesn't match doesn't override, plus test a
+# PermitOpen entry that's not at the start of the list
+for p in 1 2; do
+ trace "nomatch permitopen proxy w/key opts proto $p"
+ start_client -F $OBJ/ssh_proxy
+ ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
+ fail "nomatch override permitopen proto $p"
+ stop_client
+done
diff --git a/crypto/openssh/regress/cipher-speed.sh b/crypto/openssh/regress/cipher-speed.sh
new file mode 100644
index 0000000..489d9f5
--- /dev/null
+++ b/crypto/openssh/regress/cipher-speed.sh
@@ -0,0 +1,58 @@
+# $OpenBSD: cipher-speed.sh,v 1.9 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="cipher speed"
+
+getbytes ()
+{
+ sed -n -e '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' \
+ -e '/copied/s/.*s, \(.* MB.s\).*/\1/p'
+}
+
+tries="1 2"
+
+ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
+ arcfour128 arcfour256 arcfour
+ aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
+ aes128-ctr aes192-ctr aes256-ctr"
+config_defined OPENSSL_HAVE_EVPGCM && \
+ ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
+macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
+ hmac-sha1-96 hmac-md5-96"
+config_defined HAVE_EVP_SHA256 && \
+ macs="$macs hmac-sha2-256 hmac-sha2-512"
+
+for c in $ciphers; do n=0; for m in $macs; do
+ trace "proto 2 cipher $c mac $m"
+ for x in $tries; do
+ printf "%-60s" "$c/$m:"
+ ( ${SSH} -o 'compression no' \
+ -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
+ exec sh -c \'"dd of=/dev/null obs=32k"\' \
+ < ${DATA} ) 2>&1 | getbytes
+
+ if [ $? -ne 0 ]; then
+ fail "ssh -2 failed with mac $m cipher $c"
+ fi
+ done
+ # No point trying all MACs for GCM since they are ignored.
+ case $c in
+ aes*-gcm@openssh.com) test $n -gt 0 && break;;
+ esac
+ n=`expr $n + 1`
+done; done
+
+ciphers="3des blowfish"
+for c in $ciphers; do
+ trace "proto 1 cipher $c"
+ for x in $tries; do
+ printf "%-60s" "$c:"
+ ( ${SSH} -o 'compression no' \
+ -F $OBJ/ssh_proxy -1 -c $c somehost \
+ exec sh -c \'"dd of=/dev/null obs=32k"\' \
+ < ${DATA} ) 2>&1 | getbytes
+ if [ $? -ne 0 ]; then
+ fail "ssh -1 failed with cipher $c"
+ fi
+ done
+done
diff --git a/crypto/openssh/regress/conch-ciphers.sh b/crypto/openssh/regress/conch-ciphers.sh
new file mode 100755
index 0000000..199d863
--- /dev/null
+++ b/crypto/openssh/regress/conch-ciphers.sh
@@ -0,0 +1,28 @@
+# $OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="conch ciphers"
+
+if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then
+ echo "conch interop tests not enabled"
+ exit 0
+fi
+
+start_sshd
+
+for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
+ cast128-cbc blowfish 3des-cbc ; do
+ verbose "$tid: cipher $c"
+ rm -f ${COPY}
+ # XXX the 2nd "cat" seems to be needed because of buggy FD handling
+ # in conch
+ ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \
+ --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
+ 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+done
+rm -f ${COPY}
+
diff --git a/crypto/openssh/regress/connect-privsep.sh b/crypto/openssh/regress/connect-privsep.sh
new file mode 100644
index 0000000..94cc64a
--- /dev/null
+++ b/crypto/openssh/regress/connect-privsep.sh
@@ -0,0 +1,36 @@
+# $OpenBSD: connect-privsep.sh,v 1.4 2012/07/02 14:37:06 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="proxy connect with privsep"
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
+echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh privsep+proxyconnect protocol $p failed"
+ fi
+done
+
+cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
+echo 'UsePrivilegeSeparation sandbox' >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ # XXX replace this with fail once sandbox has stabilised
+ warn "ssh privsep/sandbox+proxyconnect protocol $p failed"
+ fi
+done
+
+# Because sandbox is sensitive to changes in libc, especially malloc, retest
+# with every malloc.conf option (and none).
+for m in '' A F G H J P R S X Z '<' '>'; do
+ for p in 1 2; do
+ env MALLOC_OPTIONS="$m" ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh privsep/sandbox+proxyconnect protocol $p mopt '$m' failed"
+ fi
+ done
+done
diff --git a/crypto/openssh/regress/connect.sh b/crypto/openssh/regress/connect.sh
new file mode 100644
index 0000000..2186fa6
--- /dev/null
+++ b/crypto/openssh/regress/connect.sh
@@ -0,0 +1,13 @@
+# $OpenBSD: connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="simple connect"
+
+start_sshd
+
+for p in 1 2; do
+ ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh connect with protocol $p failed"
+ fi
+done
diff --git a/crypto/openssh/regress/dsa_ssh2.prv b/crypto/openssh/regress/dsa_ssh2.prv
new file mode 100644
index 0000000..c93b403
--- /dev/null
+++ b/crypto/openssh/regress/dsa_ssh2.prv
@@ -0,0 +1,14 @@
+---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+Subject: ssh-keygen test
+Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
+P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
+AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR
+Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg
+x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv
+MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt
+F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1
+kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik
+ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6
+75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV
+zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A==
+---- END SSH2 ENCRYPTED PRIVATE KEY ----
diff --git a/crypto/openssh/regress/dsa_ssh2.pub b/crypto/openssh/regress/dsa_ssh2.pub
new file mode 100644
index 0000000..215d73ba
--- /dev/null
+++ b/crypto/openssh/regress/dsa_ssh2.pub
@@ -0,0 +1,13 @@
+---- BEGIN SSH2 PUBLIC KEY ----
+Subject: ssh-keygen test
+Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
+AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8
+NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l
+ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo
+0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE
+MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk
+JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC
+eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv
+JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1
+ixaVivLt8RgTwGF99uI=
+---- END SSH2 PUBLIC KEY ----
diff --git a/crypto/openssh/regress/dynamic-forward.sh b/crypto/openssh/regress/dynamic-forward.sh
new file mode 100644
index 0000000..42fa8ac
--- /dev/null
+++ b/crypto/openssh/regress/dynamic-forward.sh
@@ -0,0 +1,59 @@
+# $OpenBSD: dynamic-forward.sh,v 1.10 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="dynamic forwarding"
+
+FWDPORT=`expr $PORT + 1`
+
+if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then
+ proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
+elif have_prog connect; then
+ proxycmd="connect -S 127.0.0.1:$FWDPORT -"
+else
+ echo "skipped (no suitable ProxyCommand found)"
+ exit 0
+fi
+trace "will use ProxyCommand $proxycmd"
+
+start_sshd
+
+for p in 1 2; do
+ n=0
+ error="1"
+ trace "start dynamic forwarding, fork to background"
+ while [ "$error" -ne 0 -a "$n" -lt 3 ]; do
+ n=`expr $n + 1`
+ ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q \
+ -oExitOnForwardFailure=yes somehost exec sh -c \
+ \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
+ error=$?
+ if [ "$error" -ne 0 ]; then
+ trace "forward failed proto $p attempt $n err $error"
+ sleep $n
+ fi
+ done
+ if [ "$error" -ne 0 ]; then
+ fatal "failed to start dynamic forwarding proto $p"
+ fi
+
+ for s in 4 5; do
+ for h in 127.0.0.1 localhost; do
+ trace "testing ssh protocol $p socks version $s host $h"
+ ${SSH} -F $OBJ/ssh_config \
+ -o "ProxyCommand ${proxycmd}${s} $h $PORT" \
+ somehost cat $DATA > $OBJ/ls.copy
+ test -f $OBJ/ls.copy || fail "failed copy $DATA"
+ cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA"
+ done
+ done
+
+ if [ -f $OBJ/remote_pid ]; then
+ remote=`cat $OBJ/remote_pid`
+ trace "terminate remote shell, pid $remote"
+ if [ $remote -gt 1 ]; then
+ kill -HUP $remote
+ fi
+ else
+ fail "no pid file: $OBJ/remote_pid"
+ fi
+done
diff --git a/crypto/openssh/regress/envpass.sh b/crypto/openssh/regress/envpass.sh
new file mode 100644
index 0000000..af7eafe
--- /dev/null
+++ b/crypto/openssh/regress/envpass.sh
@@ -0,0 +1,60 @@
+# $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $
+# Placed in the Public Domain.
+
+tid="environment passing"
+
+# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST)
+
+# Prepare a custom config to test for a configuration parsing bug fixed in 4.0
+cat << EOF > $OBJ/ssh_proxy_envpass
+Host test-sendenv-confparse-bug
+ SendEnv *
+EOF
+cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass
+
+trace "pass env, don't accept"
+verbose "test $tid: pass env, don't accept"
+_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \
+ sh << 'EOF'
+ test -z "$_TEST_ENV"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment found"
+fi
+
+trace "don't pass env, accept"
+verbose "test $tid: don't pass env, accept"
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \
+ sh << 'EOF'
+ test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment found"
+fi
+
+trace "pass single env, accept single env"
+verbose "test $tid: pass single env, accept single env"
+_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \
+ otherhost sh << 'EOF'
+ test X"$_XXX_TEST" = X"blah"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment not found"
+fi
+
+trace "pass multiple env, accept multiple env"
+verbose "test $tid: pass multiple env, accept multiple env"
+_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \
+ -F $OBJ/ssh_proxy_envpass otherhost \
+ sh << 'EOF'
+ test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2"
+EOF
+r=$?
+if [ $r -ne 0 ]; then
+ fail "environment not found"
+fi
+
+rm -f $OBJ/ssh_proxy_envpass
diff --git a/crypto/openssh/regress/exit-status.sh b/crypto/openssh/regress/exit-status.sh
new file mode 100644
index 0000000..56b78a6
--- /dev/null
+++ b/crypto/openssh/regress/exit-status.sh
@@ -0,0 +1,24 @@
+# $OpenBSD: exit-status.sh,v 1.6 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="remote exit status"
+
+for p in 1 2; do
+ for s in 0 1 4 5 44; do
+ trace "proto $p status $s"
+ verbose "test $tid: proto $p status $s"
+ ${SSH} -$p -F $OBJ/ssh_proxy otherhost exit $s
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code mismatch for protocol $p: $r != $s"
+ fi
+
+ # same with early close of stdout/err
+ ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost \
+ exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+ fi
+ done
+done
diff --git a/crypto/openssh/regress/forcecommand.sh b/crypto/openssh/regress/forcecommand.sh
new file mode 100644
index 0000000..44d2b7f
--- /dev/null
+++ b/crypto/openssh/regress/forcecommand.sh
@@ -0,0 +1,42 @@
+# $OpenBSD: forcecommand.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="forced command"
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+
+printf 'command="true" ' >$OBJ/authorized_keys_$USER
+cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
+printf 'command="true" ' >>$OBJ/authorized_keys_$USER
+cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
+
+for p in 1 2; do
+ trace "forced command in key option proto $p"
+ ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ ||
+ fail "forced command in key proto $p"
+done
+
+printf 'command="false" ' >$OBJ/authorized_keys_$USER
+cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER
+printf 'command="false" ' >>$OBJ/authorized_keys_$USER
+cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+echo "ForceCommand true" >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+ trace "forced command in sshd_config overrides key option proto $p"
+ ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ ||
+ fail "forced command in key proto $p"
+done
+
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
+echo "ForceCommand false" >> $OBJ/sshd_proxy
+echo "Match User $USER" >> $OBJ/sshd_proxy
+echo " ForceCommand true" >> $OBJ/sshd_proxy
+
+for p in 1 2; do
+ trace "forced command with match proto $p"
+ ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ ||
+ fail "forced command in key proto $p"
+done
diff --git a/crypto/openssh/regress/forward-control.sh b/crypto/openssh/regress/forward-control.sh
new file mode 100755
index 0000000..80ddb41
--- /dev/null
+++ b/crypto/openssh/regress/forward-control.sh
@@ -0,0 +1,168 @@
+# $OpenBSD: forward-control.sh,v 1.1 2012/12/02 20:47:48 djm Exp $
+# Placed in the Public Domain.
+
+tid="sshd control of local and remote forwarding"
+
+LFWD_PORT=3320
+RFWD_PORT=3321
+CTL=$OBJ/ctl-sock
+READY=$OBJ/ready
+
+wait_for_file_to_appear() {
+ _path=$1
+ _n=0
+ while test ! -f $_path ; do
+ test $_n -eq 1 && trace "waiting for $_path to appear"
+ _n=`expr $_n + 1`
+ test $_n -ge 20 && return 1
+ sleep 1
+ done
+ return 0
+}
+
+wait_for_process_to_exit() {
+ _pid=$1
+ _n=0
+ while kill -0 $_pid 2>/dev/null ; do
+ test $_n -eq 1 && trace "waiting for $_pid to exit"
+ _n=`expr $_n + 1`
+ test $_n -ge 20 && return 1
+ sleep 1
+ done
+ return 0
+}
+
+# usage: check_lfwd protocol Y|N message
+check_lfwd() {
+ _proto=$1
+ _expected=$2
+ _message=$3
+ rm -f $READY
+ ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
+ -L$LFWD_PORT:127.0.0.1:$PORT \
+ -o ExitOnForwardFailure=yes \
+ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
+ >/dev/null 2>&1 &
+ _sshpid=$!
+ wait_for_file_to_appear $READY || \
+ fatal "check_lfwd ssh fail: $_message"
+ ${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \
+ -oConnectionAttempts=4 host true >/dev/null 2>&1
+ _result=$?
+ kill $_sshpid `cat $READY` 2>/dev/null
+ wait_for_process_to_exit $_sshpid
+ if test "x$_expected" = "xY" -a $_result -ne 0 ; then
+ fail "check_lfwd failed (expecting success): $_message"
+ elif test "x$_expected" = "xN" -a $_result -eq 0 ; then
+ fail "check_lfwd succeeded (expecting failure): $_message"
+ elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then
+ fatal "check_lfwd invalid argument \"$_expected\""
+ else
+ verbose "check_lfwd done (expecting $_expected): $_message"
+ fi
+}
+
+# usage: check_rfwd protocol Y|N message
+check_rfwd() {
+ _proto=$1
+ _expected=$2
+ _message=$3
+ rm -f $READY
+ ${SSH} -oProtocol=$_proto -F $OBJ/ssh_proxy \
+ -R$RFWD_PORT:127.0.0.1:$PORT \
+ -o ExitOnForwardFailure=yes \
+ -n host exec sh -c \'"sleep 60 & echo \$! > $READY ; wait "\' \
+ >/dev/null 2>&1 &
+ _sshpid=$!
+ wait_for_file_to_appear $READY
+ _result=$?
+ if test $_result -eq 0 ; then
+ ${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \
+ -oConnectionAttempts=4 host true >/dev/null 2>&1
+ _result=$?
+ kill $_sshpid `cat $READY` 2>/dev/null
+ wait_for_process_to_exit $_sshpid
+ fi
+ if test "x$_expected" = "xY" -a $_result -ne 0 ; then
+ fail "check_rfwd failed (expecting success): $_message"
+ elif test "x$_expected" = "xN" -a $_result -eq 0 ; then
+ fail "check_rfwd succeeded (expecting failure): $_message"
+ elif test "x$_expected" != "xY" -a "x$_expected" != "xN" ; then
+ fatal "check_rfwd invalid argument \"$_expected\""
+ else
+ verbose "check_rfwd done (expecting $_expected): $_message"
+ fi
+}
+
+start_sshd
+cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy.bak
+cp ${OBJ}/authorized_keys_${USER} ${OBJ}/authorized_keys_${USER}.bak
+
+# Sanity check: ensure the default config allows forwarding
+for p in 1 2 ; do
+ check_lfwd $p Y "proto $p, default configuration"
+ check_rfwd $p Y "proto $p, default configuration"
+done
+
+# Usage: all_tests yes|local|remote|no Y|N Y|N Y|N Y|N Y|N Y|N
+all_tests() {
+ _tcpfwd=$1
+ _plain_lfwd=$2
+ _plain_rfwd=$3
+ _nopermit_lfwd=$4
+ _nopermit_rfwd=$5
+ _permit_lfwd=$6
+ _permit_rfwd=$7
+ _badfwd=127.0.0.1:22
+ _goodfwd=127.0.0.1:${PORT}
+ for _proto in 1 2 ; do
+ cp ${OBJ}/authorized_keys_${USER}.bak \
+ ${OBJ}/authorized_keys_${USER}
+ _prefix="proto $_proto, AllowTcpForwarding=$_tcpfwd"
+ # No PermitOpen
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_plain_lfwd "$_prefix"
+ check_rfwd $_proto $_plain_rfwd "$_prefix"
+ # PermitOpen via sshd_config that doesn't match
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ;
+ echo "PermitOpen $_badfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_nopermit_lfwd "$_prefix, !PermitOpen"
+ check_rfwd $_proto $_nopermit_rfwd "$_prefix, !PermitOpen"
+ # PermitOpen via sshd_config that does match
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ;
+ echo "PermitOpen $_badfwd $_goodfwd" ) \
+ > ${OBJ}/sshd_proxy
+ # NB. permitopen via authorized_keys should have same
+ # success/fail as via sshd_config
+ # permitopen via authorized_keys that doesn't match
+ sed "s/^/permitopen=\"$_badfwd\" /" \
+ < ${OBJ}/authorized_keys_${USER}.bak \
+ > ${OBJ}/authorized_keys_${USER} || fatal "sed 1 fail"
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_nopermit_lfwd "$_prefix, !permitopen"
+ check_rfwd $_proto $_nopermit_rfwd "$_prefix, !permitopen"
+ # permitopen via authorized_keys that does match
+ sed "s/^/permitopen=\"$_badfwd\",permitopen=\"$_goodfwd\" /" \
+ < ${OBJ}/authorized_keys_${USER}.bak \
+ > ${OBJ}/authorized_keys_${USER} || fatal "sed 2 fail"
+ ( cat ${OBJ}/sshd_proxy.bak ;
+ echo "AllowTcpForwarding $_tcpfwd" ) \
+ > ${OBJ}/sshd_proxy
+ check_lfwd $_proto $_permit_lfwd "$_prefix, permitopen"
+ check_rfwd $_proto $_permit_rfwd "$_prefix, permitopen"
+ done
+}
+
+# no-permitopen mismatch-permitopen match-permitopen
+# AllowTcpForwarding local remote local remote local remote
+all_tests yes Y Y N Y Y Y
+all_tests local Y N N N Y N
+all_tests remote N Y N Y N Y
+all_tests no N N N N N N
diff --git a/crypto/openssh/regress/forwarding.sh b/crypto/openssh/regress/forwarding.sh
new file mode 100644
index 0000000..94873f2
--- /dev/null
+++ b/crypto/openssh/regress/forwarding.sh
@@ -0,0 +1,121 @@
+# $OpenBSD: forwarding.sh,v 1.11 2013/06/10 21:56:43 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="local and remote forwarding"
+
+DATA=/bin/ls${EXEEXT}
+
+start_sshd
+
+base=33
+last=$PORT
+fwd=""
+for j in 0 1 2; do
+ for i in 0 1 2; do
+ a=$base$j$i
+ b=`expr $a + 50`
+ c=$last
+ # fwd chain: $a -> $b -> $c
+ fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c"
+ last=$a
+ done
+done
+for p in 1 2; do
+ q=`expr 3 - $p`
+ trace "start forwarding, fork to background"
+ ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10
+
+ trace "transfer over forwarded channels and check result"
+ ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
+ somehost cat ${DATA} > ${COPY}
+ test -f ${COPY} || fail "failed copy of ${DATA}"
+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
+
+ sleep 10
+done
+
+for p in 1 2; do
+for d in L R; do
+ trace "exit on -$d forward failure, proto $p"
+
+ # this one should succeed
+ ${SSH} -$p -F $OBJ/ssh_config \
+ -$d ${base}01:127.0.0.1:$PORT \
+ -$d ${base}02:127.0.0.1:$PORT \
+ -$d ${base}03:127.0.0.1:$PORT \
+ -$d ${base}04:127.0.0.1:$PORT \
+ -oExitOnForwardFailure=yes somehost true
+ if [ $? != 0 ]; then
+ fail "connection failed, should not"
+ else
+ # this one should fail
+ ${SSH} -q -$p -F $OBJ/ssh_config \
+ -$d ${base}01:127.0.0.1:$PORT \
+ -$d ${base}02:127.0.0.1:$PORT \
+ -$d ${base}03:127.0.0.1:$PORT \
+ -$d ${base}01:127.0.0.1:$PORT \
+ -$d ${base}04:127.0.0.1:$PORT \
+ -oExitOnForwardFailure=yes somehost true
+ r=$?
+ if [ $r != 255 ]; then
+ fail "connection not termintated, but should ($r)"
+ fi
+ fi
+done
+done
+
+for p in 1 2; do
+ trace "simple clear forwarding proto $p"
+ ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
+
+ trace "clear local forward proto $p"
+ ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
+ -oClearAllForwardings=yes somehost sleep 10
+ if [ $? != 0 ]; then
+ fail "connection failed with cleared local forwarding"
+ else
+ # this one should fail
+ ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+ >>$TEST_REGRESS_LOGFILE 2>&1 && \
+ fail "local forwarding not cleared"
+ fi
+ sleep 10
+
+ trace "clear remote forward proto $p"
+ ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
+ -oClearAllForwardings=yes somehost sleep 10
+ if [ $? != 0 ]; then
+ fail "connection failed with cleared remote forwarding"
+ else
+ # this one should fail
+ ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
+ >>$TEST_REGRESS_LOGFILE 2>&1 && \
+ fail "remote forwarding not cleared"
+ fi
+ sleep 10
+done
+
+for p in 2; do
+ trace "stdio forwarding proto $p"
+ cmd="${SSH} -$p -F $OBJ/ssh_config"
+ $cmd -o "ProxyCommand $cmd -q -W localhost:$PORT somehost" \
+ somehost true
+ if [ $? != 0 ]; then
+ fail "stdio forwarding proto $p"
+ fi
+done
+
+echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config
+echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config
+for p in 1 2; do
+ trace "config file: start forwarding, fork to background"
+ ${SSH} -$p -F $OBJ/ssh_config -f somehost sleep 10
+
+ trace "config file: transfer over forwarded channels and check result"
+ ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
+ somehost cat ${DATA} > ${COPY}
+ test -f ${COPY} || fail "failed copy of ${DATA}"
+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}"
+
+ wait
+done
diff --git a/crypto/openssh/regress/host-expand.sh b/crypto/openssh/regress/host-expand.sh
new file mode 100755
index 0000000..a018836
--- /dev/null
+++ b/crypto/openssh/regress/host-expand.sh
@@ -0,0 +1,18 @@
+# Placed in the Public Domain.
+
+tid="expand %h and %n"
+
+echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy
+printf 'LocalCommand printf "%%%%s\\n" "%%n" "%%h"\n' >> $OBJ/ssh_proxy
+
+cat >$OBJ/expect <<EOE
+somehost
+127.0.0.1
+EOE
+
+for p in 1 2; do
+ verbose "test $tid: proto $p"
+ ${SSH} -F $OBJ/ssh_proxy -$p somehost true >$OBJ/actual
+ diff $OBJ/expect $OBJ/actual || fail "$tid proto $p"
+done
+
diff --git a/crypto/openssh/regress/integrity.sh b/crypto/openssh/regress/integrity.sh
new file mode 100755
index 0000000..1d17fe1
--- /dev/null
+++ b/crypto/openssh/regress/integrity.sh
@@ -0,0 +1,76 @@
+# $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="integrity"
+
+# start at byte 2900 (i.e. after kex) and corrupt at different offsets
+# XXX the test hangs if we modify the low bytes of the packet length
+# XXX and ssh tries to read...
+tries=10
+startoffset=2900
+macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
+ hmac-sha1-96 hmac-md5-96
+ hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
+ umac-64-etm@openssh.com umac-128-etm@openssh.com
+ hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com"
+config_defined HAVE_EVP_SHA256 &&
+ macs="$macs hmac-sha2-256 hmac-sha2-512
+ hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
+# The following are not MACs, but ciphers with integrated integrity. They are
+# handled specially below.
+config_defined OPENSSL_HAVE_EVPGCM && \
+ macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com"
+
+# avoid DH group exchange as the extra traffic makes it harder to get the
+# offset into the stream right.
+echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
+ >> $OBJ/ssh_proxy
+
+# sshd-command for proxy (see test-exec.sh)
+cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy"
+
+for m in $macs; do
+ trace "test $tid: mac $m"
+ elen=0
+ epad=0
+ emac=0
+ ecnt=0
+ skip=0
+ for off in `jot $tries $startoffset`; do
+ skip=`expr $skip - 1`
+ if [ $skip -gt 0 ]; then
+ # avoid modifying the high bytes of the length
+ continue
+ fi
+ # modify output from sshd at offset $off
+ pxy="proxycommand=$cmd | $OBJ/modpipe -wm xor:$off:1"
+ case $m in
+ aes*gcm*) macopt="-c $m";;
+ *) macopt="-m $m";;
+ esac
+ verbose "test $tid: $m @$off"
+ ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \
+ 999.999.999.999 'printf "%4096s" " "' >/dev/null
+ if [ $? -eq 0 ]; then
+ fail "ssh -m $m succeeds with bit-flip at $off"
+ fi
+ ecnt=`expr $ecnt + 1`
+ output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \
+ tr -s '\r\n' '.')
+ case "$output" in
+ Bad?packet*) elen=`expr $elen + 1`; skip=3;;
+ Corrupted?MAC* | Decryption?integrity?check?failed*)
+ emac=`expr $emac + 1`; skip=0;;
+ padding*) epad=`expr $epad + 1`; skip=0;;
+ *) fail "unexpected error mac $m at $off";;
+ esac
+ done
+ verbose "test $tid: $ecnt errors: mac $emac padding $epad length $elen"
+ if [ $emac -eq 0 ]; then
+ fail "$m: no mac errors"
+ fi
+ expect=`expr $ecnt - $epad - $elen`
+ if [ $emac -ne $expect ]; then
+ fail "$m: expected $expect mac errors, got $emac"
+ fi
+done
diff --git a/crypto/openssh/regress/kextype.sh b/crypto/openssh/regress/kextype.sh
new file mode 100755
index 0000000..79c0817
--- /dev/null
+++ b/crypto/openssh/regress/kextype.sh
@@ -0,0 +1,30 @@
+# $OpenBSD: kextype.sh,v 1.1 2010/09/22 12:26:05 djm Exp $
+# Placed in the Public Domain.
+
+tid="login with different key exchange algorithms"
+
+TIME=/usr/bin/time
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+
+if test "$TEST_SSH_ECC" = "yes"; then
+ kextypes="ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521"
+fi
+if test "$TEST_SSH_SHA256" = "yes"; then
+ kextypes="$kextypes diffie-hellman-group-exchange-sha256"
+fi
+kextypes="$kextypes diffie-hellman-group-exchange-sha1"
+kextypes="$kextypes diffie-hellman-group14-sha1"
+kextypes="$kextypes diffie-hellman-group1-sha1"
+
+tries="1 2 3 4"
+for k in $kextypes; do
+ verbose "kex $k"
+ for i in $tries; do
+ ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true
+ if [ $? -ne 0 ]; then
+ fail "ssh kex $k"
+ fi
+ done
+done
+
diff --git a/crypto/openssh/regress/key-options.sh b/crypto/openssh/regress/key-options.sh
new file mode 100755
index 0000000..f98d78b
--- /dev/null
+++ b/crypto/openssh/regress/key-options.sh
@@ -0,0 +1,71 @@
+# $OpenBSD: key-options.sh,v 1.2 2008/06/30 08:07:34 djm Exp $
+# Placed in the Public Domain.
+
+tid="key options"
+
+origkeys="$OBJ/authkeys_orig"
+authkeys="$OBJ/authorized_keys_${USER}"
+cp $authkeys $origkeys
+
+# Test command= forced command
+for p in 1 2; do
+ for c in 'command="echo bar"' 'no-pty,command="echo bar"'; do
+ sed "s/.*/$c &/" $origkeys >$authkeys
+ verbose "key option proto $p $c"
+ r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost echo foo`
+ if [ "$r" = "foo" ]; then
+ fail "key option forced command not restricted"
+ fi
+ if [ "$r" != "bar" ]; then
+ fail "key option forced command not executed"
+ fi
+ done
+done
+
+# Test no-pty
+sed 's/.*/no-pty &/' $origkeys >$authkeys
+for p in 1 2; do
+ verbose "key option proto $p no-pty"
+ r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost tty`
+ if [ -f "$r" ]; then
+ fail "key option failed proto $p no-pty (pty $r)"
+ fi
+done
+
+# Test environment=
+echo 'PermitUserEnvironment yes' >> $OBJ/sshd_proxy
+sed 's/.*/environment="FOO=bar" &/' $origkeys >$authkeys
+for p in 1 2; do
+ verbose "key option proto $p environment"
+ r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo $FOO'`
+ if [ "$r" != "bar" ]; then
+ fail "key option environment not set"
+ fi
+done
+
+# Test from= restriction
+start_sshd
+for p in 1 2; do
+ for f in 127.0.0.1 '127.0.0.0\/8'; do
+ cat $origkeys >$authkeys
+ ${SSH} -$p -q -F $OBJ/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "key option proto $p failed without restriction"
+ fi
+
+ sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
+ from=`head -1 $authkeys | cut -f1 -d ' '`
+ verbose "key option proto $p $from"
+ r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+ if [ "$r" = "true" ]; then
+ fail "key option proto $p $from not restricted"
+ fi
+
+ r=`${SSH} -$p -q -F $OBJ/ssh_config somehost 'echo true'`
+ if [ "$r" != "true" ]; then
+ fail "key option proto $p $from not allowed but should be"
+ fi
+ done
+done
+
+rm -f "$origkeys"
diff --git a/crypto/openssh/regress/keygen-change.sh b/crypto/openssh/regress/keygen-change.sh
new file mode 100644
index 0000000..08d3590
--- /dev/null
+++ b/crypto/openssh/regress/keygen-change.sh
@@ -0,0 +1,23 @@
+# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $
+# Placed in the Public Domain.
+
+tid="change passphrase for key"
+
+S1="secret1"
+S2="2secret"
+
+for t in rsa dsa rsa1; do
+ # generate user key for agent
+ trace "generating $t key"
+ rm -f $OBJ/$t-key
+ ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
+ if [ $? -eq 0 ]; then
+ ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -p failed for $t-key"
+ fi
+ else
+ fail "ssh-keygen for $t-key failed"
+ fi
+ rm -f $OBJ/$t-key $OBJ/$t-key.pub
+done
diff --git a/crypto/openssh/regress/keygen-convert.sh b/crypto/openssh/regress/keygen-convert.sh
new file mode 100755
index 0000000..ad0e9c6
--- /dev/null
+++ b/crypto/openssh/regress/keygen-convert.sh
@@ -0,0 +1,33 @@
+# $OpenBSD: keygen-convert.sh,v 1.1 2009/11/09 04:20:04 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="convert keys"
+
+for t in rsa dsa; do
+ # generate user key for agent
+ trace "generating $t key"
+ rm -f $OBJ/$t-key
+ ${SSHKEYGEN} -q -N "" -t $t -f $OBJ/$t-key
+
+ trace "export $t private to rfc4716 public"
+ ${SSHKEYGEN} -q -e -f $OBJ/$t-key >$OBJ/$t-key-rfc || \
+ fail "export $t private to rfc4716 public"
+
+ trace "export $t public to rfc4716 public"
+ ${SSHKEYGEN} -q -e -f $OBJ/$t-key.pub >$OBJ/$t-key-rfc.pub || \
+ fail "$t public to rfc4716 public"
+
+ cmp $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \
+ fail "$t rfc4716 exports differ between public and private"
+
+ trace "import $t rfc4716 public"
+ ${SSHKEYGEN} -q -i -f $OBJ/$t-key-rfc >$OBJ/$t-rfc-imported || \
+ fail "$t import rfc4716 public"
+
+ cut -f1,2 -d " " $OBJ/$t-key.pub >$OBJ/$t-key-nocomment.pub
+ cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \
+ fail "$t imported differs from original"
+
+ rm -f $OBJ/$t-key $OBJ/$t-key.pub $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub \
+ $OBJ/$t-rfc-imported $OBJ/$t-key-nocomment.pub
+done
diff --git a/crypto/openssh/regress/keys-command.sh b/crypto/openssh/regress/keys-command.sh
new file mode 100755
index 0000000..b595a43
--- /dev/null
+++ b/crypto/openssh/regress/keys-command.sh
@@ -0,0 +1,39 @@
+# $OpenBSD: keys-command.sh,v 1.2 2012/12/06 06:06:54 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="authorized keys from command"
+
+if test -z "$SUDO" ; then
+ echo "skipped (SUDO not set)"
+ echo "need SUDO to create file in /var/run, test won't work without"
+ exit 0
+fi
+
+# Establish a AuthorizedKeysCommand in /var/run where it will have
+# acceptable directory permissions.
+KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
+cat << _EOF | $SUDO sh -c "cat > '$KEY_COMMAND'"
+#!/bin/sh
+test "x\$1" != "x${LOGNAME}" && exit 1
+exec cat "$OBJ/authorized_keys_${LOGNAME}"
+_EOF
+$SUDO chmod 0755 "$KEY_COMMAND"
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy.bak
+(
+ grep -vi AuthorizedKeysFile $OBJ/sshd_proxy.bak
+ echo AuthorizedKeysFile none
+ echo AuthorizedKeysCommand $KEY_COMMAND
+ echo AuthorizedKeysCommandUser ${LOGNAME}
+) > $OBJ/sshd_proxy
+
+if [ -x $KEY_COMMAND ]; then
+ ${SSH} -F $OBJ/ssh_proxy somehost true
+ if [ $? -ne 0 ]; then
+ fail "connect failed"
+ fi
+else
+ echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
+fi
+
+$SUDO rm -f $KEY_COMMAND
diff --git a/crypto/openssh/regress/keyscan.sh b/crypto/openssh/regress/keyscan.sh
new file mode 100644
index 0000000..33f14f0
--- /dev/null
+++ b/crypto/openssh/regress/keyscan.sh
@@ -0,0 +1,19 @@
+# $OpenBSD: keyscan.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="keyscan"
+
+# remove DSA hostkey
+rm -f ${OBJ}/host.dsa
+
+start_sshd
+
+for t in rsa1 rsa dsa; do
+ trace "keyscan type $t"
+ ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \
+ > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh-keyscan -t $t failed with: $r"
+ fi
+done
diff --git a/crypto/openssh/regress/keytype.sh b/crypto/openssh/regress/keytype.sh
new file mode 100755
index 0000000..59586bf
--- /dev/null
+++ b/crypto/openssh/regress/keytype.sh
@@ -0,0 +1,55 @@
+# $OpenBSD: keytype.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="login with different key types"
+
+TIME=`which time 2>/dev/null`
+if test ! -x "$TIME"; then
+ TIME=""
+fi
+
+cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
+cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
+
+ktypes="dsa-1024 rsa-2048 rsa-3072"
+if test "$TEST_SSH_ECC" = "yes"; then
+ ktypes="$ktypes ecdsa-256 ecdsa-384 ecdsa-521"
+fi
+
+for kt in $ktypes; do
+ rm -f $OBJ/key.$kt
+ bits=`echo ${kt} | awk -F- '{print $2}'`
+ type=`echo ${kt} | awk -F- '{print $1}'`
+ printf "keygen $type, $bits bits:\t"
+ ${TIME} ${SSHKEYGEN} -b $bits -q -N '' -t $type -f $OBJ/key.$kt ||\
+ fail "ssh-keygen for type $type, $bits bits failed"
+done
+
+tries="1 2 3"
+for ut in $ktypes; do
+ htypes=$ut
+ #htypes=$ktypes
+ for ht in $htypes; do
+ trace "ssh connect, userkey $ut, hostkey $ht"
+ (
+ grep -v HostKey $OBJ/sshd_proxy_bak
+ echo HostKey $OBJ/key.$ht
+ ) > $OBJ/sshd_proxy
+ (
+ grep -v IdentityFile $OBJ/ssh_proxy_bak
+ echo IdentityFile $OBJ/key.$ut
+ ) > $OBJ/ssh_proxy
+ (
+ printf 'localhost-with-alias,127.0.0.1,::1 '
+ cat $OBJ/key.$ht.pub
+ ) > $OBJ/known_hosts
+ cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER
+ for i in $tries; do
+ printf "userkey $ut, hostkey ${ht}:\t"
+ ${TIME} ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh userkey $ut, hostkey $ht failed"
+ fi
+ done
+ done
+done
diff --git a/crypto/openssh/regress/krl.sh b/crypto/openssh/regress/krl.sh
new file mode 100755
index 0000000..de9cc87
--- /dev/null
+++ b/crypto/openssh/regress/krl.sh
@@ -0,0 +1,157 @@
+# $OpenBSD: krl.sh,v 1.1 2013/01/18 00:45:29 djm Exp $
+# Placed in the Public Domain.
+
+tid="key revocation lists"
+
+# If we don't support ecdsa keys then this tell will be much slower.
+ECDSA=ecdsa
+if test "x$TEST_SSH_ECC" != "xyes"; then
+ ECDSA=rsa
+fi
+
+# Do most testing with ssh-keygen; it uses the same verification code as sshd.
+
+# Old keys will interfere with ssh-keygen.
+rm -f $OBJ/revoked-* $OBJ/krl-*
+
+# Generate a CA key
+$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
+ fatal "$SSHKEYGEN CA failed"
+
+# A specification that revokes some certificates by serial numbers
+# The serial pattern is chosen to ensure the KRL includes list, range and
+# bitmap sections.
+cat << EOF >> $OBJ/revoked-serials
+serial: 1-4
+serial: 10
+serial: 15
+serial: 30
+serial: 50
+serial: 999
+# The following sum to 500-799
+serial: 500
+serial: 501
+serial: 502
+serial: 503-600
+serial: 700-797
+serial: 798
+serial: 799
+serial: 599-701
+EOF
+
+# A specification that revokes some certificated by key ID.
+touch $OBJ/revoked-keyid
+for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do
+ # Fill in by-ID revocation spec.
+ echo "id: revoked $n" >> $OBJ/revoked-keyid
+done
+
+keygen() {
+ N=$1
+ f=$OBJ/revoked-`printf "%04d" $N`
+ # Vary the keytype. We use mostly ECDSA since this is fastest by far.
+ keytype=$ECDSA
+ case $N in
+ 2 | 10 | 510 | 1001) keytype=rsa;;
+ 4 | 30 | 520 | 1002) keytype=dsa;;
+ esac
+ $SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
+ || fatal "$SSHKEYGEN failed"
+ # Sign cert
+ $SSHKEYGEN -s $OBJ/revoked-ca -z $n -I "revoked $N" $f >/dev/null 2>&1 \
+ || fatal "$SSHKEYGEN sign failed"
+ echo $f
+}
+
+# Generate some keys.
+verbose "$tid: generating test keys"
+REVOKED_SERIALS="1 4 10 50 500 510 520 799 999"
+for n in $REVOKED_SERIALS ; do
+ f=`keygen $n`
+ REVOKED_KEYS="$REVOKED_KEYS ${f}.pub"
+ REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub"
+done
+NOTREVOKED_SERIALS="5 9 14 16 29 30 49 51 499 800 1000 1001"
+NOTREVOKED=""
+for n in $NOTREVOKED_SERIALS ; do
+ NOTREVOKED_KEYS="$NOTREVOKED_KEYS ${f}.pub"
+ NOTREVOKED_CERTS="$NOTREVOKED_CERTS ${f}-cert.pub"
+done
+
+genkrls() {
+ OPTS=$1
+$SSHKEYGEN $OPTS -kf $OBJ/krl-empty - </dev/null \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-keys $REVOKED_KEYS \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-cert $REVOKED_CERTS \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-all $REVOKED_KEYS $REVOKED_CERTS \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+# KRLs from serial/key-id spec need the CA specified.
+$SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \
+ >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \
+ >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \
+ >/dev/null || fatal "$SSHKEYGEN KRL failed"
+}
+
+verbose "$tid: generating KRLs"
+genkrls
+
+check_krl() {
+ KEY=$1
+ KRL=$2
+ EXPECT_REVOKED=$3
+ TAG=$4
+ $SSHKEYGEN -Qf $KRL $KEY >/dev/null
+ result=$?
+ if test "x$EXPECT_REVOKED" = "xyes" -a $result -eq 0 ; then
+ fatal "key $KEY not revoked by KRL $KRL: $TAG"
+ elif test "x$EXPECT_REVOKED" = "xno" -a $result -ne 0 ; then
+ fatal "key $KEY unexpectedly revoked by KRL $KRL: $TAG"
+ fi
+}
+test_all() {
+ FILES=$1
+ TAG=$2
+ KEYS_RESULT=$3
+ ALL_RESULT=$4
+ SERIAL_RESULT=$5
+ KEYID_RESULT=$6
+ CERTS_RESULT=$7
+ CA_RESULT=$8
+ verbose "$tid: checking revocations for $TAG"
+ for f in $FILES ; do
+ check_krl $f $OBJ/krl-empty no "$TAG"
+ check_krl $f $OBJ/krl-keys $KEYS_RESULT "$TAG"
+ check_krl $f $OBJ/krl-all $ALL_RESULT "$TAG"
+ check_krl $f $OBJ/krl-serial $SERIAL_RESULT "$TAG"
+ check_krl $f $OBJ/krl-keyid $KEYID_RESULT "$TAG"
+ check_krl $f $OBJ/krl-cert $CERTS_RESULT "$TAG"
+ check_krl $f $OBJ/krl-ca $CA_RESULT "$TAG"
+ done
+}
+# keys all serial keyid certs CA
+test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no
+test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no
+test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes
+test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes
+
+# Check update. Results should be identical.
+verbose "$tid: testing KRL update"
+for f in $OBJ/krl-keys $OBJ/krl-cert $OBJ/krl-all \
+ $OBJ/krl-ca $OBJ/krl-serial $OBJ/krl-keyid ; do
+ cp -f $OBJ/krl-empty $f
+ genkrls -u
+done
+# keys all serial keyid certs CA
+test_all "$REVOKED_KEYS" "revoked keys" yes yes no no no no
+test_all "$UNREVOKED_KEYS" "unrevoked keys" no no no no no no
+test_all "$REVOKED_CERTS" "revoked certs" yes yes yes yes yes yes
+test_all "$UNREVOKED_CERTS" "unrevoked certs" no no no no no yes
diff --git a/crypto/openssh/regress/localcommand.sh b/crypto/openssh/regress/localcommand.sh
new file mode 100755
index 0000000..8a9b569
--- /dev/null
+++ b/crypto/openssh/regress/localcommand.sh
@@ -0,0 +1,15 @@
+# $OpenBSD: localcommand.sh,v 1.2 2013/05/17 10:24:48 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="localcommand"
+
+echo 'PermitLocalCommand yes' >> $OBJ/ssh_proxy
+echo 'LocalCommand echo foo' >> $OBJ/ssh_proxy
+
+for p in 1 2; do
+ verbose "test $tid: proto $p localcommand"
+ a=`${SSH} -F $OBJ/ssh_proxy -$p somehost true`
+ if [ "$a" != "foo" ] ; then
+ fail "$tid proto $p"
+ fi
+done
diff --git a/crypto/openssh/regress/login-timeout.sh b/crypto/openssh/regress/login-timeout.sh
new file mode 100644
index 0000000..d73923b
--- /dev/null
+++ b/crypto/openssh/regress/login-timeout.sh
@@ -0,0 +1,29 @@
+# $OpenBSD: login-timeout.sh,v 1.5 2013/05/17 10:23:52 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="connect after login grace timeout"
+
+trace "test login grace with privsep"
+echo "LoginGraceTime 10s" >> $OBJ/sshd_config
+echo "MaxStartups 1" >> $OBJ/sshd_config
+start_sshd
+
+(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 &
+sleep 15
+${SSH} -F $OBJ/ssh_config somehost true
+if [ $? -ne 0 ]; then
+ fail "ssh connect after login grace timeout failed with privsep"
+fi
+
+$SUDO kill `$SUDO cat $PIDFILE`
+
+trace "test login grace without privsep"
+echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config
+start_sshd
+
+(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 &
+sleep 15
+${SSH} -F $OBJ/ssh_config somehost true
+if [ $? -ne 0 ]; then
+ fail "ssh connect after login grace timeout failed without privsep"
+fi
diff --git a/crypto/openssh/regress/modpipe.c b/crypto/openssh/regress/modpipe.c
new file mode 100755
index 0000000..85747cf
--- /dev/null
+++ b/crypto/openssh/regress/modpipe.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2012 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $OpenBSD: modpipe.c,v 1.5 2013/05/10 03:46:14 djm Exp $ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "openbsd-compat/getopt_long.c"
+
+static void err(int, const char *, ...) __attribute__((format(printf, 2, 3)));
+static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3)));
+
+static void
+err(int r, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ fprintf(stderr, "%s: ", strerror(errno));
+ vfprintf(stderr, fmt, args);
+ fputc('\n', stderr);
+ va_end(args);
+ exit(r);
+}
+
+static void
+errx(int r, const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ fputc('\n', stderr);
+ va_end(args);
+ exit(r);
+}
+
+static void
+usage(void)
+{
+ fprintf(stderr, "Usage: modpipe -w [-m modspec ...] < in > out\n");
+ fprintf(stderr, "modspec is one of:\n");
+ fprintf(stderr, " xor:offset:value - XOR \"value\" at \"offset\"\n");
+ fprintf(stderr, " andor:offset:val1:val2 - AND \"val1\" then OR \"val2\" at \"offset\"\n");
+ exit(1);
+}
+
+#define MAX_MODIFICATIONS 256
+struct modification {
+ enum { MOD_XOR, MOD_AND_OR } what;
+ u_int64_t offset;
+ u_int8_t m1, m2;
+};
+
+static void
+parse_modification(const char *s, struct modification *m)
+{
+ char what[16+1];
+ int n, m1, m2;
+
+ bzero(m, sizeof(*m));
+ if ((n = sscanf(s, "%16[^:]%*[:]%lli%*[:]%i%*[:]%i",
+ what, &m->offset, &m1, &m2)) < 3)
+ errx(1, "Invalid modification spec \"%s\"", s);
+ if (strcasecmp(what, "xor") == 0) {
+ if (n > 3)
+ errx(1, "Invalid modification spec \"%s\"", s);
+ if (m1 < 0 || m1 > 0xff)
+ errx(1, "Invalid XOR modification value");
+ m->what = MOD_XOR;
+ m->m1 = m1;
+ } else if (strcasecmp(what, "andor") == 0) {
+ if (n != 4)
+ errx(1, "Invalid modification spec \"%s\"", s);
+ if (m1 < 0 || m1 > 0xff)
+ errx(1, "Invalid AND modification value");
+ if (m2 < 0 || m2 > 0xff)
+ errx(1, "Invalid OR modification value");
+ m->what = MOD_AND_OR;
+ m->m1 = m1;
+ m->m2 = m2;
+ } else
+ errx(1, "Invalid modification type \"%s\"", what);
+}
+
+int
+main(int argc, char **argv)
+{
+ int ch;
+ u_char buf[8192];
+ size_t total;
+ ssize_t r, s, o;
+ struct modification mods[MAX_MODIFICATIONS];
+ u_int i, wflag = 0, num_mods = 0;
+
+ while ((ch = getopt(argc, argv, "wm:")) != -1) {
+ switch (ch) {
+ case 'm':
+ if (num_mods >= MAX_MODIFICATIONS)
+ errx(1, "Too many modifications");
+ parse_modification(optarg, &(mods[num_mods++]));
+ break;
+ case 'w':
+ wflag = 1;
+ break;
+ default:
+ usage();
+ /* NOTREACHED */
+ }
+ }
+ for (total = 0;;) {
+ r = s = read(STDIN_FILENO, buf, sizeof(buf));
+ if (r == 0)
+ break;
+ if (r < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+ err(1, "read");
+ }
+ for (i = 0; i < num_mods; i++) {
+ if (mods[i].offset < total ||
+ mods[i].offset >= total + s)
+ continue;
+ switch (mods[i].what) {
+ case MOD_XOR:
+ buf[mods[i].offset - total] ^= mods[i].m1;
+ break;
+ case MOD_AND_OR:
+ buf[mods[i].offset - total] &= mods[i].m1;
+ buf[mods[i].offset - total] |= mods[i].m2;
+ break;
+ }
+ }
+ for (o = 0; o < s; o += r) {
+ r = write(STDOUT_FILENO, buf, s - o);
+ if (r == 0)
+ break;
+ if (r < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+ err(1, "write");
+ }
+ }
+ total += s;
+ }
+ /* Warn if modifications not reached in input stream */
+ r = 0;
+ for (i = 0; wflag && i < num_mods; i++) {
+ if (mods[i].offset < total)
+ continue;
+ r = 1;
+ fprintf(stderr, "modpipe: warning - mod %u not reached\n", i);
+ }
+ return r;
+}
diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh
new file mode 100644
index 0000000..3e697e6
--- /dev/null
+++ b/crypto/openssh/regress/multiplex.sh
@@ -0,0 +1,143 @@
+# $OpenBSD: multiplex.sh,v 1.21 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+CTL=/tmp/openssh.regress.ctl-sock.$$
+
+tid="connection multiplexing"
+
+if config_defined DISABLE_FD_PASSING ; then
+ echo "skipped (not supported on this platform)"
+ exit 0
+fi
+
+P=3301 # test port
+
+wait_for_mux_master_ready()
+{
+ for i in 1 2 3 4 5; do
+ ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost \
+ >/dev/null 2>&1 && return 0
+ sleep $i
+ done
+ fatal "mux master never becomes ready"
+}
+
+start_sshd
+
+start_mux_master()
+{
+ trace "start master, fork to background"
+ ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost \
+ -E $TEST_REGRESS_LOGFILE 2>&1 &
+ MASTER_PID=$!
+ wait_for_mux_master_ready
+}
+
+start_mux_master
+
+verbose "test $tid: envpass"
+trace "env passing over multiplexed connection"
+_XXX_TEST=blah ${SSH} -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF'
+ test X"$_XXX_TEST" = X"blah"
+EOF
+if [ $? -ne 0 ]; then
+ fail "environment not found"
+fi
+
+verbose "test $tid: transfer"
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -F $OBJ/ssh_config -S$CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY} || fail "ssh -Sctl: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "ssh -Sctl: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "ssh transfer over multiplexed connection and check result"
+${SSH} -F $OBJ/ssh_config -S $CTL otherhost cat ${DATA} > ${COPY}
+test -f ${COPY} || fail "ssh -S ctl: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "sftp transfer over multiplexed connection and check result"
+echo "get ${DATA} ${COPY}" | \
+ ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_REGRESS_LOGFILE 2>&1
+test -f ${COPY} || fail "sftp: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+trace "scp transfer over multiplexed connection and check result"
+${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1
+test -f ${COPY} || fail "scp: failed copy ${DATA}"
+cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}"
+
+rm -f ${COPY}
+
+for s in 0 1 4 5 44; do
+ trace "exit status $s over multiplexed connection"
+ verbose "test $tid: status $s"
+ ${SSH} -F $OBJ/ssh_config -S $CTL otherhost exit $s
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code mismatch for protocol $p: $r != $s"
+ fi
+
+ # same with early close of stdout/err
+ trace "exit status $s with early close over multiplexed connection"
+ ${SSH} -F $OBJ/ssh_config -S $CTL -n otherhost \
+ exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
+ r=$?
+ if [ $r -ne $s ]; then
+ fail "exit code (with sleep) mismatch for protocol $p: $r != $s"
+ fi
+done
+
+verbose "test $tid: cmd check"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
+ || fail "check command failed"
+
+verbose "test $tid: cmd forward local"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \
+ || fail "request local forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ || fail "connect to local forward port failed"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \
+ || fail "cancel local forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ && fail "local forward port still listening"
+
+verbose "test $tid: cmd forward remote"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \
+ || fail "request remote forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ || fail "connect to remote forwarded port failed"
+${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \
+ || fail "cancel remote forward failed"
+${SSH} -F $OBJ/ssh_config -p$P otherhost true \
+ && fail "remote forward port still listening"
+
+verbose "test $tid: cmd exit"
+${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
+ || fail "send exit command failed"
+
+# Wait for master to exit
+wait $MASTER_PID
+kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"
+
+# Restart master and test -O stop command with master using -N
+verbose "test $tid: cmd stop"
+trace "restart master, fork to background"
+start_mux_master
+
+# start a long-running command then immediately request a stop
+${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \
+ >>$TEST_REGRESS_LOGFILE 2>&1 &
+SLEEP_PID=$!
+${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \
+ || fail "send stop command failed"
+
+# wait until both long-running command and master have exited.
+wait $SLEEP_PID
+[ $! != 0 ] || fail "waiting for concurrent command"
+wait $MASTER_PID
+[ $! != 0 ] || fail "waiting for master stop"
+kill -0 $MASTER_PID >/dev/null 2>&1 && fail "stop command failed"
diff --git a/crypto/openssh/regress/portnum.sh b/crypto/openssh/regress/portnum.sh
new file mode 100755
index 0000000..c56b869
--- /dev/null
+++ b/crypto/openssh/regress/portnum.sh
@@ -0,0 +1,34 @@
+# $OpenBSD: portnum.sh,v 1.2 2013/05/17 10:34:30 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="port number parsing"
+
+badport() {
+ port=$1
+ verbose "$tid: invalid port $port"
+ if ${SSH} -F $OBJ/ssh_proxy -p $port somehost true 2>/dev/null ; then
+ fail "$tid accepted invalid port $port"
+ fi
+}
+goodport() {
+ port=$1
+ verbose "$tid: valid port $port"
+ if ${SSH} -F $OBJ/ssh_proxy -p $port somehost true 2>/dev/null ; then
+ :
+ else
+ fail "$tid rejected valid port $port"
+ fi
+}
+
+badport 0
+badport 65536
+badport 131073
+badport 2000blah
+badport blah2000
+
+goodport 1
+goodport 22
+goodport 2222
+goodport 22222
+goodport 65535
+
diff --git a/crypto/openssh/regress/proto-mismatch.sh b/crypto/openssh/regress/proto-mismatch.sh
new file mode 100644
index 0000000..fb521f2
--- /dev/null
+++ b/crypto/openssh/regress/proto-mismatch.sh
@@ -0,0 +1,19 @@
+# $OpenBSD: proto-mismatch.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="protocol version mismatch"
+
+mismatch ()
+{
+ server=$1
+ client=$2
+ banner=`echo ${client} | ${SSHD} -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy`
+ r=$?
+ trace "sshd prints ${banner}"
+ if [ $r -ne 255 ]; then
+ fail "sshd prints ${banner} and accepts connect with version ${client}"
+ fi
+}
+
+mismatch 2 SSH-1.5-HALLO
+mismatch 1 SSH-2.0-HALLO
diff --git a/crypto/openssh/regress/proto-version.sh b/crypto/openssh/regress/proto-version.sh
new file mode 100644
index 0000000..b876dd7
--- /dev/null
+++ b/crypto/openssh/regress/proto-version.sh
@@ -0,0 +1,34 @@
+# $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="sshd version with different protocol combinations"
+
+# we just start sshd in inetd mode and check the banner
+check_version ()
+{
+ version=$1
+ expect=$2
+ banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy`
+ case ${banner} in
+ SSH-1.99-*)
+ proto=199
+ ;;
+ SSH-2.0-*)
+ proto=20
+ ;;
+ SSH-1.5-*)
+ proto=15
+ ;;
+ *)
+ proto=0
+ ;;
+ esac
+ if [ ${expect} -ne ${proto} ]; then
+ fail "wrong protocol version ${banner} for ${version}"
+ fi
+}
+
+check_version 2,1 199
+check_version 1,2 199
+check_version 2 20
+check_version 1 15
diff --git a/crypto/openssh/regress/proxy-connect.sh b/crypto/openssh/regress/proxy-connect.sh
new file mode 100644
index 0000000..76e602d
--- /dev/null
+++ b/crypto/openssh/regress/proxy-connect.sh
@@ -0,0 +1,26 @@
+# $OpenBSD: proxy-connect.sh,v 1.6 2013/03/07 00:20:34 djm Exp $
+# Placed in the Public Domain.
+
+tid="proxy connect"
+
+verbose "plain username"
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true
+ if [ $? -ne 0 ]; then
+ fail "ssh proxyconnect protocol $p failed"
+ fi
+ SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'`
+ if [ $? -ne 0 ]; then
+ fail "ssh proxyconnect protocol $p failed"
+ fi
+ if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+ fail "bad SSH_CONNECTION"
+ fi
+done
+
+verbose "username with style"
+for p in 1 2; do
+ ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \
+ fail "ssh proxyconnect protocol $p failed"
+done
+
diff --git a/crypto/openssh/regress/putty-ciphers.sh b/crypto/openssh/regress/putty-ciphers.sh
new file mode 100755
index 0000000..724a98c
--- /dev/null
+++ b/crypto/openssh/regress/putty-ciphers.sh
@@ -0,0 +1,26 @@
+# $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="putty ciphers"
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+ echo "putty interop tests not enabled"
+ exit 0
+fi
+
+for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do
+ verbose "$tid: cipher $c"
+ cp ${OBJ}/.putty/sessions/localhost_proxy \
+ ${OBJ}/.putty/sessions/cipher_$c
+ echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+
+ rm -f ${COPY}
+ env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
+ 127.0.0.1 cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+done
+rm -f ${COPY}
+
diff --git a/crypto/openssh/regress/putty-kex.sh b/crypto/openssh/regress/putty-kex.sh
new file mode 100755
index 0000000..1844d65
--- /dev/null
+++ b/crypto/openssh/regress/putty-kex.sh
@@ -0,0 +1,23 @@
+# $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="putty KEX"
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+ echo "putty interop tests not enabled"
+ exit 0
+fi
+
+for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
+ verbose "$tid: kex $k"
+ cp ${OBJ}/.putty/sessions/localhost_proxy \
+ ${OBJ}/.putty/sessions/kex_$k
+ echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+
+ env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \
+ 127.0.0.1 true
+ if [ $? -ne 0 ]; then
+ fail "KEX $k failed"
+ fi
+done
+
diff --git a/crypto/openssh/regress/putty-transfer.sh b/crypto/openssh/regress/putty-transfer.sh
new file mode 100755
index 0000000..aec0e04
--- /dev/null
+++ b/crypto/openssh/regress/putty-transfer.sh
@@ -0,0 +1,41 @@
+# $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="putty transfer data"
+
+if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
+ echo "putty interop tests not enabled"
+ exit 0
+fi
+
+# XXX support protocol 1 too
+for p in 2; do
+ for c in 0 1 ; do
+ verbose "$tid: proto $p compression $c"
+ rm -f ${COPY}
+ cp ${OBJ}/.putty/sessions/localhost_proxy \
+ ${OBJ}/.putty/sessions/compression_$c
+ echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
+ env HOME=$PWD ${PLINK} -load compression_$c -batch \
+ -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ trace "proto $p compression $c dd-size ${s}"
+ rm -f ${COPY}
+ dd if=$DATA obs=${s} 2> /dev/null | \
+ env HOME=$PWD ${PLINK} -load compression_$c \
+ -batch -i putty.rsa$p 127.0.0.1 \
+ "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ done
+ done
+done
+rm -f ${COPY}
+
diff --git a/crypto/openssh/regress/reconfigure.sh b/crypto/openssh/regress/reconfigure.sh
new file mode 100644
index 0000000..9fd2895
--- /dev/null
+++ b/crypto/openssh/regress/reconfigure.sh
@@ -0,0 +1,36 @@
+# $OpenBSD: reconfigure.sh,v 1.2 2003/06/21 09:14:05 markus Exp $
+# Placed in the Public Domain.
+
+tid="simple connect after reconfigure"
+
+# we need the full path to sshd for -HUP
+case $SSHD in
+/*)
+ # full path is OK
+ ;;
+*)
+ # otherwise make fully qualified
+ SSHD=$OBJ/$SSHD
+esac
+
+start_sshd
+
+PID=`$SUDO cat $PIDFILE`
+rm -f $PIDFILE
+$SUDO kill -HUP $PID
+
+trace "wait for sshd to restart"
+i=0;
+while [ ! -f $PIDFILE -a $i -lt 10 ]; do
+ i=`expr $i + 1`
+ sleep $i
+done
+
+test -f $PIDFILE || fatal "sshd did not restart"
+
+for p in 1 2; do
+ ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh connect with protocol $p failed after reconfigure"
+ fi
+done
diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh
new file mode 100644
index 0000000..433573f
--- /dev/null
+++ b/crypto/openssh/regress/reexec.sh
@@ -0,0 +1,73 @@
+# $OpenBSD: reexec.sh,v 1.7 2013/05/17 10:23:52 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="reexec tests"
+
+SSHD_ORIG=$SSHD
+SSHD_COPY=$OBJ/sshd
+
+# Start a sshd and then delete it
+start_sshd_copy ()
+{
+ cp $SSHD_ORIG $SSHD_COPY
+ SSHD=$SSHD_COPY
+ start_sshd
+ SSHD=$SSHD_ORIG
+}
+
+# Do basic copy tests
+copy_tests ()
+{
+ rm -f ${COPY}
+ for p in 1 2; do
+ verbose "$tid: proto $p"
+ ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \
+ cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+ rm -f ${COPY}
+ done
+}
+
+verbose "test config passing"
+
+cp $OBJ/sshd_config $OBJ/sshd_config.orig
+start_sshd
+echo "InvalidXXX=no" >> $OBJ/sshd_config
+
+copy_tests
+
+$SUDO kill `$SUDO cat $PIDFILE`
+rm -f $PIDFILE
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+
+# cygwin can't fork a deleted binary
+if [ "$os" != "cygwin" ]; then
+
+verbose "test reexec fallback"
+
+start_sshd_copy
+rm -f $SSHD_COPY
+
+copy_tests
+
+$SUDO kill `$SUDO cat $PIDFILE`
+rm -f $PIDFILE
+
+verbose "test reexec fallback without privsep"
+
+cp $OBJ/sshd_config.orig $OBJ/sshd_config
+echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config
+
+start_sshd_copy
+rm -f $SSHD_COPY
+
+copy_tests
+
+$SUDO kill `$SUDO cat $PIDFILE`
+rm -f $PIDFILE
+
+fi
diff --git a/crypto/openssh/regress/rekey.sh b/crypto/openssh/regress/rekey.sh
new file mode 100644
index 0000000..8eb7efa
--- /dev/null
+++ b/crypto/openssh/regress/rekey.sh
@@ -0,0 +1,109 @@
+# $OpenBSD: rekey.sh,v 1.8 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="rekey"
+
+LOG=${TEST_SSH_LOGFILE}
+
+rm -f ${LOG}
+
+for s in 16 1k 128k 256k; do
+ verbose "client rekeylimit ${s}"
+ rm -f ${COPY} ${LOG}
+ cat $DATA | \
+ ${SSH} -oCompression=no -oRekeyLimit=$s \
+ -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+for s in 5 10; do
+ verbose "client rekeylimit default ${s}"
+ rm -f ${COPY} ${LOG}
+ cat $DATA | \
+ ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \
+ $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+for s in 5 10; do
+ verbose "client rekeylimit default ${s} no data"
+ rm -f ${COPY} ${LOG}
+ ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \
+ $OBJ/ssh_proxy somehost "sleep $s;sleep 3"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+echo "rekeylimit default 5" >>$OBJ/sshd_proxy
+for s in 5 10; do
+ verbose "server rekeylimit default ${s} no data"
+ rm -f ${COPY} ${LOG}
+ ${SSH} -oCompression=no -F $OBJ/ssh_proxy somehost "sleep $s;sleep 3"
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+
+verbose "rekeylimit parsing"
+for size in 16 1k 1K 1m 1M 1g 1G; do
+ for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do
+ case $size in
+ 16) bytes=16 ;;
+ 1k|1K) bytes=1024 ;;
+ 1m|1M) bytes=1048576 ;;
+ 1g|1G) bytes=1073741824 ;;
+ esac
+ case $time in
+ 1) seconds=1 ;;
+ 1m|1M) seconds=60 ;;
+ 1h|1H) seconds=3600 ;;
+ 1d|1D) seconds=86400 ;;
+ 1w|1W) seconds=604800 ;;
+ esac
+
+ b=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \
+ awk '/rekeylimit/{print $2}'`
+ s=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \
+ awk '/rekeylimit/{print $3}'`
+
+ if [ "$bytes" != "$b" ]; then
+ fatal "rekeylimit size: expected $bytes got $b"
+ fi
+ if [ "$seconds" != "$s" ]; then
+ fatal "rekeylimit time: expected $time got $s"
+ fi
+ done
+done
+
+rm -f ${COPY} ${DATA}
diff --git a/crypto/openssh/regress/rsa_openssh.prv b/crypto/openssh/regress/rsa_openssh.prv
new file mode 100644
index 0000000..2675555
--- /dev/null
+++ b/crypto/openssh/regress/rsa_openssh.prv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko
++dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3
+xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB
+An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7
+Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN
+wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V
+mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj
+qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI
+7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ
+9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC
+/ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg
+PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr
+dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i
+-----END RSA PRIVATE KEY-----
diff --git a/crypto/openssh/regress/rsa_openssh.pub b/crypto/openssh/regress/rsa_openssh.pub
new file mode 100644
index 0000000..b504730
--- /dev/null
+++ b/crypto/openssh/regress/rsa_openssh.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko+dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQ==
diff --git a/crypto/openssh/regress/rsa_ssh2.prv b/crypto/openssh/regress/rsa_ssh2.prv
new file mode 100644
index 0000000..1ece3d7
--- /dev/null
+++ b/crypto/openssh/regress/rsa_ssh2.prv
@@ -0,0 +1,16 @@
+---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
+Subject: ssh-keygen test
+Comment: "1024-bit rsa, Sat Jun 23 2001 12:21:26 -0400"
+P2/56wAAAi4AAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS
+1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAB3wAAAdsAAAARAQABAAAD9icflXO8eQxtKonp
+45gOxXCiZG9hsfkgRpiXXHpUBMhM28C72RR1Dg2xKm4xz7smP2Apm+Y7XLZgIpzQ/+I76L
+95XQv7JCHVHDXyNBmWX7XZP4tmspFq/Tdg28zHSA3CpZjjwq3qG/b8395tDMpF7v34PS3Z
+xOH3aFPvEQ0UsgEAAAQA7IpcCnGijesEjDXdVoEPfh0akBJA9JAk1bba2sxrtDoQVN1JKP
+nRQ9SKdAsXV5jduSUFsTmBe4fznLvD948790U1/O8SkdGM5V0y1/ki7Rf8knm0t8Vj65X0
+VA4YdN4UeVfvMcb78vcInT2CsP6CLcBkrnjrBKtS03Mwg79nQI0AAAH/VdpOHYCMLPl/GF
++uRLMshY55Q6l+MdJ0jo0AdZrCCnxwa3YeVywwU0wsZyoTCdGMf6KYDr39PVxwRcGkJ7Ue
+YgAAAgDWXpLlKafIgS3i0moMORZHD8D86us3xMW4b7GV2/AaP+En5TbOCR18CO0g/WfGiS
+7zOLkP+TO9JW5QzEONIt6NAAACAQEaegYoWMBSQkLA7VWbOlSowelFlU6uo/2FSY+PM0nm
+gE8UZ7j6HWGhJEU4DNo25m3yyxuposKTMHxt/OOqFmoB
+---- END SSH2 ENCRYPTED PRIVATE KEY ----
+---
diff --git a/crypto/openssh/regress/scp-ssh-wrapper.sh b/crypto/openssh/regress/scp-ssh-wrapper.sh
new file mode 100644
index 0000000..d1005a9
--- /dev/null
+++ b/crypto/openssh/regress/scp-ssh-wrapper.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+# $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $
+# Placed in the Public Domain.
+
+printname () {
+ NAME=$1
+ save_IFS=$IFS
+ IFS=/
+ set -- `echo "$NAME"`
+ IFS="$save_IFS"
+ while [ $# -ge 1 ] ; do
+ if [ "x$1" != "x" ]; then
+ echo "D0755 0 $1"
+ fi
+ shift;
+ done
+}
+
+# Discard all but last argument. We use arg later.
+while test "$1" != ""; do
+ arg="$1"
+ shift
+done
+
+BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
+
+case "$SCPTESTMODE" in
+badserver_0)
+ echo "D0755 0 /${DIR}/rootpathdir"
+ echo "C755 2 rootpathfile"
+ echo "X"
+ ;;
+badserver_1)
+ echo "D0755 0 $BAD"
+ echo "C755 2 file"
+ echo "X"
+ ;;
+badserver_2)
+ echo "D0755 0 $BAD"
+ echo "C755 2 file"
+ echo "X"
+ ;;
+badserver_3)
+ printname $BAD
+ echo "C755 2 file"
+ echo "X"
+ ;;
+badserver_4)
+ printname $BAD
+ echo "D0755 0 .."
+ echo "C755 2 file"
+ echo "X"
+ ;;
+*)
+ exec $arg
+ ;;
+esac
diff --git a/crypto/openssh/regress/scp.sh b/crypto/openssh/regress/scp.sh
new file mode 100644
index 0000000..29c5b35
--- /dev/null
+++ b/crypto/openssh/regress/scp.sh
@@ -0,0 +1,125 @@
+# $OpenBSD: scp.sh,v 1.9 2013/05/17 10:35:43 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="scp"
+
+#set -x
+
+# Figure out if diff understands "-N"
+if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then
+ DIFFOPT="-rN"
+else
+ DIFFOPT="-r"
+fi
+
+COPY2=${OBJ}/copy2
+DIR=${COPY}.dd
+DIR2=${COPY}.dd2
+
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
+chmod 755 ${OBJ}/scp-ssh-wrapper.scp
+scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp"
+
+scpclean() {
+ rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
+ mkdir ${DIR} ${DIR2}
+}
+
+verbose "$tid: simple copy local file to local file"
+scpclean
+$SCP $scpopts ${DATA} ${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy local file to remote file"
+scpclean
+$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy remote file to local file"
+scpclean
+$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
+cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+verbose "$tid: simple copy local file to remote dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: simple copy local file to local dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts ${COPY} ${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: simple copy remote file to local dir"
+scpclean
+cp ${DATA} ${COPY}
+$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
+cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+verbose "$tid: recursive local dir to remote dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+verbose "$tid: recursive local dir to local dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+verbose "$tid: recursive remote dir to local dir"
+scpclean
+rm -rf ${DIR2}
+cp ${DATA} ${DIR}/copy
+$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
+diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+verbose "$tid: shell metacharacters"
+scpclean
+(cd ${DIR} && \
+touch '`touch metachartest`' && \
+$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \
+[ ! -f metachartest ] ) || fail "shell metacharacters"
+
+if [ ! -z "$SUDO" ]; then
+ verbose "$tid: skipped file after scp -p with failed chown+utimes"
+ scpclean
+ cp -p ${DATA} ${DIR}/copy
+ cp -p ${DATA} ${DIR}/copy2
+ cp ${DATA} ${DIR2}/copy
+ chmod 660 ${DIR2}/copy
+ $SUDO chown root ${DIR2}/copy
+ $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
+ $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+ $SUDO rm ${DIR2}/copy
+fi
+
+for i in 0 1 2 3 4; do
+ verbose "$tid: disallow bad server #$i"
+ SCPTESTMODE=badserver_$i
+ export DIR SCPTESTMODE
+ scpclean
+ $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
+ [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
+ [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
+
+ scpclean
+ $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+ [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+done
+
+verbose "$tid: detect non-directory target"
+scpclean
+echo a > ${COPY}
+echo b > ${COPY2}
+$SCP $scpopts ${DATA} ${COPY} ${COPY2}
+cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
+
+scpclean
+rm -f ${OBJ}/scp-ssh-wrapper.scp
diff --git a/crypto/openssh/regress/sftp-badcmds.sh b/crypto/openssh/regress/sftp-badcmds.sh
new file mode 100644
index 0000000..7f85c4f
--- /dev/null
+++ b/crypto/openssh/regress/sftp-badcmds.sh
@@ -0,0 +1,65 @@
+# $OpenBSD: sftp-badcmds.sh,v 1.6 2013/05/17 10:26:26 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="sftp invalid commands"
+
+DATA2=/bin/sh${EXEEXT}
+NONEXIST=/NONEXIST.$$
+GLOBFILES=`(cd /bin;echo l*)`
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd
+
+rm -f ${COPY}
+verbose "$tid: get nonexistent"
+echo "get $NONEXIST $COPY" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get nonexistent failed"
+test -f ${COPY} && fail "existing copy after get nonexistent"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob get to nonexistent directory"
+echo "get /bin/l* $NONEXIST" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get nonexistent failed"
+for x in $GLOBFILES; do
+ test -f ${COPY}.dd/$x && fail "existing copy after get nonexistent"
+done
+
+rm -f ${COPY}
+verbose "$tid: put nonexistent"
+echo "put $NONEXIST $COPY" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put nonexistent failed"
+test -f ${COPY} && fail "existing copy after put nonexistent"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob put to nonexistent directory"
+echo "put /bin/l* ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put nonexistent failed"
+for x in $GLOBFILES; do
+ test -f ${COPY}.dd/$x && fail "existing copy after nonexistent"
+done
+
+rm -f ${COPY}
+verbose "$tid: rename nonexistent"
+echo "rename $NONEXIST ${COPY}.1" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename nonexist failed"
+test -f ${COPY}.1 && fail "file exists after rename nonexistent"
+
+rm -rf ${COPY} ${COPY}.dd
+cp $DATA $COPY
+mkdir ${COPY}.dd
+verbose "$tid: rename target exists (directory)"
+echo "rename $COPY ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename target exists (directory) failed"
+test -f ${COPY} || fail "oldname missing after rename target exists (directory)"
+test -d ${COPY}.dd || fail "newname missing after rename target exists (directory)"
+cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists (directory)"
+
+rm -f ${COPY}.dd/*
+rm -rf ${COPY}
+cp ${DATA2} ${COPY}
+verbose "$tid: glob put files to local file"
+echo "put /bin/l* $COPY" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1
+cmp ${DATA2} ${COPY} || fail "put successed when it should have failed"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd
+
+
diff --git a/crypto/openssh/regress/sftp-batch.sh b/crypto/openssh/regress/sftp-batch.sh
new file mode 100644
index 0000000..4101154
--- /dev/null
+++ b/crypto/openssh/regress/sftp-batch.sh
@@ -0,0 +1,55 @@
+# $OpenBSD: sftp-batch.sh,v 1.5 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="sftp batchfile"
+
+BATCH=${OBJ}/sftp.bb
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+cat << EOF > ${BATCH}.pass.1
+ get $DATA $COPY
+ put ${COPY} ${COPY}.1
+ rm ${COPY}
+ -put ${COPY} ${COPY}.2
+EOF
+
+cat << EOF > ${BATCH}.pass.2
+ # This is a comment
+
+ # That was a blank line
+ ls
+EOF
+
+cat << EOF > ${BATCH}.fail.1
+ get $DATA $COPY
+ put ${COPY} ${COPY}.3
+ rm ${COPY}.*
+ # The next command should fail
+ put ${COPY}.3 ${COPY}.4
+EOF
+
+cat << EOF > ${BATCH}.fail.2
+ # The next command should fail
+ jajajajaja
+EOF
+
+verbose "$tid: good commands"
+${SFTP} -b ${BATCH}.pass.1 -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "good commands failed"
+
+verbose "$tid: bad commands"
+${SFTP} -b ${BATCH}.fail.1 -D ${SFTPSERVER} >/dev/null 2>&1 \
+ && fail "bad commands succeeded"
+
+verbose "$tid: comments and blanks"
+${SFTP} -b ${BATCH}.pass.2 -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "comments & blanks failed"
+
+verbose "$tid: junk command"
+${SFTP} -b ${BATCH}.fail.2 -D ${SFTPSERVER} >/dev/null 2>&1 \
+ && fail "junk command succeeded"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
diff --git a/crypto/openssh/regress/sftp-chroot.sh b/crypto/openssh/regress/sftp-chroot.sh
new file mode 100755
index 0000000..03b9bc6
--- /dev/null
+++ b/crypto/openssh/regress/sftp-chroot.sh
@@ -0,0 +1,25 @@
+# $OpenBSD: sftp-chroot.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="sftp in chroot"
+
+CHROOT=/var/run
+FILENAME=testdata_${USER}
+PRIVDATA=${CHROOT}/${FILENAME}
+
+if [ -z "$SUDO" ]; then
+ echo "skipped: need SUDO to create file in /var/run, test won't work without"
+ exit 0
+fi
+
+$SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \
+ fatal "create $PRIVDATA failed"
+
+start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /"
+
+verbose "test $tid: get"
+${SFTP} -qS "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY || \
+ fatal "Fetch ${FILENAME} failed"
+cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
+
+$SUDO rm $PRIVDATA
diff --git a/crypto/openssh/regress/sftp-cmds.sh b/crypto/openssh/regress/sftp-cmds.sh
new file mode 100644
index 0000000..aad7fca
--- /dev/null
+++ b/crypto/openssh/regress/sftp-cmds.sh
@@ -0,0 +1,232 @@
+# $OpenBSD: sftp-cmds.sh,v 1.14 2013/06/21 02:26:26 djm Exp $
+# Placed in the Public Domain.
+
+# XXX - TODO:
+# - chmod / chown / chgrp
+# - -p flag for get & put
+
+tid="sftp commands"
+
+# test that these files are readable!
+for i in `(cd /bin;echo l*)`
+do
+ if [ -r $i ]; then
+ GLOBFILES="$GLOBFILES $i"
+ fi
+done
+
+# Path with embedded quote
+QUOTECOPY=${COPY}".\"blah\""
+QUOTECOPY_ARG=${COPY}'.\"blah\"'
+# File with spaces
+SPACECOPY="${COPY} this has spaces.txt"
+SPACECOPY_ARG="${COPY}\ this\ has\ spaces.txt"
+# File with glob metacharacters
+GLOBMETACOPY="${COPY} [metachar].txt"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
+mkdir ${COPY}.dd
+
+verbose "$tid: lls"
+(echo "lcd ${OBJ}" ; echo "lls") | ${SFTP} -D ${SFTPSERVER} 2>&1 | \
+ grep copy.dd >/dev/null 2>&1 || fail "lls failed"
+
+verbose "$tid: lls w/path"
+echo "lls ${OBJ}" | ${SFTP} -D ${SFTPSERVER} 2>&1 | \
+ grep copy.dd >/dev/null 2>&1 || fail "lls w/path failed"
+
+verbose "$tid: ls"
+echo "ls ${OBJ}" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "ls failed"
+# XXX always successful
+
+verbose "$tid: shell"
+echo "!echo hi there" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "shell failed"
+# XXX always successful
+
+verbose "$tid: pwd"
+echo "pwd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "pwd failed"
+# XXX always successful
+
+verbose "$tid: lpwd"
+echo "lpwd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lpwd failed"
+# XXX always successful
+
+verbose "$tid: quit"
+echo "quit" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "quit failed"
+# XXX always successful
+
+verbose "$tid: help"
+echo "help" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "help failed"
+# XXX always successful
+
+rm -f ${COPY}
+verbose "$tid: get"
+echo "get $DATA $COPY" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp $DATA ${COPY} || fail "corrupted copy after get"
+
+rm -f ${COPY}
+verbose "$tid: get quoted"
+echo "get \"$DATA\" $COPY" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp $DATA ${COPY} || fail "corrupted copy after get"
+
+if [ "$os" != "cygwin" ]; then
+rm -f ${QUOTECOPY}
+cp $DATA ${QUOTECOPY}
+verbose "$tid: get filename with quotes"
+echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes"
+rm -f ${QUOTECOPY} ${COPY}
+fi
+
+rm -f "$SPACECOPY" ${COPY}
+cp $DATA "$SPACECOPY"
+verbose "$tid: get filename with spaces"
+echo "get ${SPACECOPY_ARG} ${COPY}" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp ${COPY} "$SPACECOPY" || fail "corrupted copy after get with spaces"
+
+rm -f "$GLOBMETACOPY" ${COPY}
+cp $DATA "$GLOBMETACOPY"
+verbose "$tid: get filename with glob metacharacters"
+echo "get \"${GLOBMETACOPY}\" ${COPY}" | \
+ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "get failed"
+cmp ${COPY} "$GLOBMETACOPY" || \
+ fail "corrupted copy after get with glob metacharacters"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: get to directory"
+echo "get $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob get to directory"
+echo "get /bin/l* ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+for x in $GLOBFILES; do
+ cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after get"
+done
+
+rm -f ${COPY}.dd/*
+verbose "$tid: get to local dir"
+(echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob get to local dir"
+(echo "lcd ${COPY}.dd"; echo "get /bin/l*") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+for x in $GLOBFILES; do
+ cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after get"
+done
+
+rm -f ${COPY}
+verbose "$tid: put"
+echo "put $DATA $COPY" | \
+ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
+cmp $DATA ${COPY} || fail "corrupted copy after put"
+
+if [ "$os" != "cygwin" ]; then
+rm -f ${QUOTECOPY}
+verbose "$tid: put filename with quotes"
+echo "put $DATA \"$QUOTECOPY_ARG\"" | \
+ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
+cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes"
+fi
+
+rm -f "$SPACECOPY"
+verbose "$tid: put filename with spaces"
+echo "put $DATA ${SPACECOPY_ARG}" | \
+ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
+cmp $DATA "$SPACECOPY" || fail "corrupted copy after put with spaces"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: put to directory"
+echo "put $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put failed"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob put to directory"
+echo "put /bin/l? ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put failed"
+for x in $GLOBFILES; do
+ cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put"
+done
+
+rm -f ${COPY}.dd/*
+verbose "$tid: put to local dir"
+(echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put failed"
+cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob put to local dir"
+(echo "cd ${COPY}.dd"; echo "put /bin/l?") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put failed"
+for x in $GLOBFILES; do
+ cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put"
+done
+
+verbose "$tid: rename"
+echo "rename $COPY ${COPY}.1" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename failed"
+test -f ${COPY}.1 || fail "missing file after rename"
+cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
+
+verbose "$tid: rename directory"
+echo "rename ${COPY}.dd ${COPY}.dd2" | \
+ ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || \
+ fail "rename directory failed"
+test -d ${COPY}.dd && fail "oldname exists after rename directory"
+test -d ${COPY}.dd2 || fail "missing newname after rename directory"
+
+verbose "$tid: ln"
+echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed"
+test -f ${COPY}.2 || fail "missing file after ln"
+cmp ${COPY}.1 ${COPY}.2 || fail "created file is not equal after ln"
+
+verbose "$tid: ln -s"
+rm -f ${COPY}.2
+echo "ln -s ${COPY}.1 ${COPY}.2" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "ln -s failed"
+test -h ${COPY}.2 || fail "missing file after ln -s"
+
+verbose "$tid: mkdir"
+echo "mkdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "mkdir failed"
+test -d ${COPY}.dd || fail "missing directory after mkdir"
+
+# XXX do more here
+verbose "$tid: chdir"
+echo "chdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "chdir failed"
+
+verbose "$tid: rmdir"
+echo "rmdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rmdir failed"
+test -d ${COPY}.1 && fail "present directory after rmdir"
+
+verbose "$tid: lmkdir"
+echo "lmkdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lmkdir failed"
+test -d ${COPY}.dd || fail "missing directory after lmkdir"
+
+# XXX do more here
+verbose "$tid: lchdir"
+echo "lchdir ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lchdir failed"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2
+rm -rf ${QUOTECOPY} "$SPACECOPY" "$GLOBMETACOPY"
+
+
diff --git a/crypto/openssh/regress/sftp-glob.sh b/crypto/openssh/regress/sftp-glob.sh
new file mode 100644
index 0000000..8d4df2c
--- /dev/null
+++ b/crypto/openssh/regress/sftp-glob.sh
@@ -0,0 +1,75 @@
+# $OpenBSD: sftp-glob.sh,v 1.4 2009/08/13 01:11:55 djm Exp $
+# Placed in the Public Domain.
+
+tid="sftp glob"
+
+config_defined FILESYSTEM_NO_BACKSLASH && nobs="not supported on this platform"
+
+sftp_ls() {
+ target=$1
+ errtag=$2
+ expected=$3
+ unexpected=$4
+ skip=$5
+ if test "x$skip" != "x" ; then
+ verbose "$tid: $errtag (skipped: $skip)"
+ return
+ fi
+ verbose "$tid: $errtag"
+ printf "ls -l %s" "${target}" | \
+ ${SFTP} -b - -D ${SFTPSERVER} 2>/dev/null | \
+ grep -v "^sftp>" > ${RESULTS}
+ if [ $? -ne 0 ]; then
+ fail "$errtag failed"
+ fi
+ if test "x$expected" != "x" ; then
+ if fgrep "$expected" ${RESULTS} >/dev/null 2>&1 ; then
+ :
+ else
+ fail "$expected missing from $errtag results"
+ fi
+ fi
+ if test "x$unexpected" != "x" && \
+ fgrep "$unexpected" ${RESULTS} >/dev/null 2>&1 ; then
+ fail "$unexpected present in $errtag results"
+ fi
+ rm -f ${RESULTS}
+}
+
+BASE=${OBJ}/glob
+RESULTS=${OBJ}/results
+DIR=${BASE}/dir
+DATA=${DIR}/file
+
+GLOB1="${DIR}/g-wild*"
+GLOB2="${DIR}/g-wildx"
+QUOTE="${DIR}/g-quote\""
+SLASH="${DIR}/g-sl\\ash"
+ESLASH="${DIR}/g-slash\\"
+QSLASH="${DIR}/g-qs\\\""
+SPACE="${DIR}/g-q space"
+
+rm -rf ${BASE}
+mkdir -p ${DIR}
+touch "${DATA}" "${GLOB1}" "${GLOB2}" "${QUOTE}" "${SPACE}"
+test "x$nobs" = "x" && touch "${QSLASH}" "${ESLASH}" "${SLASH}"
+
+# target message expected unexpected
+sftp_ls "${DIR}/fil*" "file glob" "${DATA}" ""
+sftp_ls "${BASE}/d*" "dir glob" "`basename ${DATA}`" ""
+sftp_ls "${DIR}/g-wild\"*\"" "quoted glob" "g-wild*" "g-wildx"
+sftp_ls "${DIR}/g-wild\*" "escaped glob" "g-wild*" "g-wildx"
+sftp_ls "${DIR}/g-quote\\\"" "escaped quote" "g-quote\"" ""
+sftp_ls "\"${DIR}/g-quote\\\"\"" "quoted quote" "g-quote\"" ""
+sftp_ls "'${DIR}/g-quote\"'" "single-quoted quote" "g-quote\"" ""
+sftp_ls "${DIR}/g-q\\ space" "escaped space" "g-q space" ""
+sftp_ls "'${DIR}/g-q space'" "quoted space" "g-q space" ""
+sftp_ls "${DIR}/g-sl\\\\ash" "escaped slash" "g-sl\\ash" "" "$nobs"
+sftp_ls "'${DIR}/g-sl\\\\ash'" "quoted slash" "g-sl\\ash" "" "$nobs"
+sftp_ls "${DIR}/g-slash\\\\" "escaped slash at EOL" "g-slash\\" "" "$nobs"
+sftp_ls "'${DIR}/g-slash\\\\'" "quoted slash at EOL" "g-slash\\" "" "$nobs"
+sftp_ls "${DIR}/g-qs\\\\\\\"" "escaped slash+quote" "g-qs\\\"" "" "$nobs"
+sftp_ls "'${DIR}/g-qs\\\\\"'" "quoted slash+quote" "g-qs\\\"" "" "$nobs"
+
+rm -rf ${BASE}
+
diff --git a/crypto/openssh/regress/sftp.sh b/crypto/openssh/regress/sftp.sh
new file mode 100644
index 0000000..b8e9f75
--- /dev/null
+++ b/crypto/openssh/regress/sftp.sh
@@ -0,0 +1,32 @@
+# $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="basic sftp put/get"
+
+SFTPCMDFILE=${OBJ}/batch
+cat >$SFTPCMDFILE <<EOF
+version
+get $DATA ${COPY}.1
+put $DATA ${COPY}.2
+EOF
+
+BUFFERSIZE="5 1000 32000 64000"
+REQUESTS="1 2 10"
+
+for B in ${BUFFERSIZE}; do
+ for R in ${REQUESTS}; do
+ verbose "test $tid: buffer_size $B num_requests $R"
+ rm -f ${COPY}.1 ${COPY}.2
+ ${SFTP} -D ${SFTPSERVER} -B $B -R $R -b $SFTPCMDFILE \
+ > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "sftp failed with $r"
+ else
+ cmp $DATA ${COPY}.1 || fail "corrupted copy after get"
+ cmp $DATA ${COPY}.2 || fail "corrupted copy after put"
+ fi
+ done
+done
+rm -f ${COPY}.1 ${COPY}.2
+rm -f $SFTPCMDFILE
diff --git a/crypto/openssh/regress/ssh-com-client.sh b/crypto/openssh/regress/ssh-com-client.sh
new file mode 100644
index 0000000..e4f80cf
--- /dev/null
+++ b/crypto/openssh/regress/ssh-com-client.sh
@@ -0,0 +1,130 @@
+# $OpenBSD: ssh-com-client.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="connect with ssh.com client"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0
+ 3.2.0
+ 3.2.2
+ 3.2.3
+ 3.2.5
+ 3.2.9
+ 3.2.9.1
+ 3.3.0"
+
+# 2.0.10 2.0.12 2.0.13 don't like the test setup
+
+# setup authorized keys
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/dsa_ssh2.prv ${OBJ}/id.com
+chmod 600 ${OBJ}/id.com
+${SSHKEYGEN} -i -f ${OBJ}/id.com > $OBJ/id.openssh
+chmod 600 ${OBJ}/id.openssh
+${SSHKEYGEN} -y -f ${OBJ}/id.openssh > $OBJ/authorized_keys_$USER
+${SSHKEYGEN} -e -f ${OBJ}/id.openssh > $OBJ/id.com.pub
+echo IdKey ${OBJ}/id.com > ${OBJ}/id.list
+
+# we need a DSA host key
+t=dsa
+rm -f ${OBJ}/$t ${OBJ}/$t.pub
+${SSHKEYGEN} -q -N '' -t $t -f ${OBJ}/$t
+$SUDO cp $OBJ/$t $OBJ/host.$t
+echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
+
+# add hostkeys to known hosts
+mkdir -p ${OBJ}/${USER}/hostkeys
+HK=${OBJ}/${USER}/hostkeys/key_${PORT}_127.0.0.1
+${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${HK}.ssh-rsa.pub
+${SSHKEYGEN} -e -f ${OBJ}/dsa.pub > ${HK}.ssh-dss.pub
+
+cat > ${OBJ}/ssh2_config << EOF
+*:
+ QuietMode yes
+ StrictHostKeyChecking yes
+ Port ${PORT}
+ User ${USER}
+ Host 127.0.0.1
+ IdentityFile ${OBJ}/id.list
+ RandomSeedFile ${OBJ}/random_seed
+ UserConfigDirectory ${OBJ}/%U
+ AuthenticationSuccessMsg no
+ BatchMode yes
+ ForwardX11 no
+EOF
+
+# we need a real server (no ProxyConnect option)
+start_sshd
+
+# go for it
+for v in ${VERSIONS}; do
+ ssh2=${TEST_COMBASE}/${v}/ssh2
+ if [ ! -x ${ssh2} ]; then
+ continue
+ fi
+ verbose "ssh2 ${v}"
+ key=ssh-dss
+ skipcat=0
+ case $v in
+ 2.1.*|2.3.0)
+ skipcat=1
+ ;;
+ 3.0.*)
+ key=ssh-rsa
+ ;;
+ esac
+ cp ${HK}.$key.pub ${HK}.pub
+
+ # check exit status
+ ${ssh2} -q -F ${OBJ}/ssh2_config somehost exit 42
+ r=$?
+ if [ $r -ne 42 ]; then
+ fail "ssh2 ${v} exit code test failed (got $r, expected 42)"
+ fi
+
+ # data transfer
+ rm -f ${COPY}
+ ${ssh2} -F ${OBJ}/ssh2_config somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh2 ${v} cat test (receive) failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "ssh2 ${v} cat test (receive) data mismatch"
+
+ # data transfer, again
+ if [ $skipcat -eq 0 ]; then
+ rm -f ${COPY}
+ cat ${DATA} | \
+ ${ssh2} -F ${OBJ}/ssh2_config host "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh2 ${v} cat test (send) failed"
+ fi
+ cmp ${DATA} ${COPY} || \
+ fail "ssh2 ${v} cat test (send) data mismatch"
+ fi
+
+ # no stderr after eof
+ rm -f ${COPY}
+ ${ssh2} -F ${OBJ}/ssh2_config somehost \
+ exec sh -c \'"exec > /dev/null; sleep 1; echo bla 1>&2; exit 0"\' \
+ 2> /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh2 ${v} stderr test failed"
+ fi
+done
+
+rm -rf ${OBJ}/${USER}
+for i in ssh2_config random_seed dsa.pub dsa host.dsa \
+ id.list id.com id.com.pub id.openssh; do
+ rm -f ${OBJ}/$i
+done
diff --git a/crypto/openssh/regress/ssh-com-keygen.sh b/crypto/openssh/regress/ssh-com-keygen.sh
new file mode 100644
index 0000000..29b02d9
--- /dev/null
+++ b/crypto/openssh/regress/ssh-com-keygen.sh
@@ -0,0 +1,74 @@
+# $OpenBSD: ssh-com-keygen.sh,v 1.4 2004/02/24 17:06:52 markus Exp $
+# Placed in the Public Domain.
+
+tid="ssh.com key import"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.0.10
+ 2.0.12
+ 2.0.13
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0
+ 3.2.0
+ 3.2.2
+ 3.2.3
+ 3.2.5
+ 3.2.9
+ 3.2.9.1
+ 3.3.0"
+
+COMPRV=${OBJ}/comkey
+COMPUB=${COMPRV}.pub
+OPENSSHPRV=${OBJ}/opensshkey
+OPENSSHPUB=${OPENSSHPRV}.pub
+
+# go for it
+for v in ${VERSIONS}; do
+ keygen=${TEST_COMBASE}/${v}/ssh-keygen2
+ if [ ! -x ${keygen} ]; then
+ continue
+ fi
+ types="dss"
+ case $v in
+ 2.3.1|3.*)
+ types="$types rsa"
+ ;;
+ esac
+ for t in $types; do
+ verbose "ssh-keygen $v/$t"
+ rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB
+ ${keygen} -q -P -t $t ${COMPRV} > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "${keygen} -t $t failed"
+ continue
+ fi
+ ${SSHKEYGEN} -if ${COMPUB} > ${OPENSSHPUB}
+ if [ $? -ne 0 ]; then
+ fail "import public key ($v/$t) failed"
+ continue
+ fi
+ ${SSHKEYGEN} -if ${COMPRV} > ${OPENSSHPRV}
+ if [ $? -ne 0 ]; then
+ fail "import private key ($v/$t) failed"
+ continue
+ fi
+ chmod 600 ${OPENSSHPRV}
+ ${SSHKEYGEN} -yf ${OPENSSHPRV} |\
+ diff - ${OPENSSHPUB}
+ if [ $? -ne 0 ]; then
+ fail "public keys ($v/$t) differ"
+ fi
+ done
+done
+
+rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB
diff --git a/crypto/openssh/regress/ssh-com-sftp.sh b/crypto/openssh/regress/ssh-com-sftp.sh
new file mode 100644
index 0000000..fabfa49
--- /dev/null
+++ b/crypto/openssh/regress/ssh-com-sftp.sh
@@ -0,0 +1,65 @@
+# $OpenBSD: ssh-com-sftp.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="basic sftp put/get with ssh.com server"
+
+SFTPCMDFILE=${OBJ}/batch
+
+cat >$SFTPCMDFILE <<EOF
+version
+get $DATA ${COPY}.1
+put $DATA ${COPY}.2
+EOF
+
+BUFFERSIZE="5 1000 32000 64000"
+REQUESTS="1 2 10"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.0.10
+ 2.0.12
+ 2.0.13
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.3.1
+ 2.4.0
+ 3.0.0
+ 3.1.0
+ 3.2.0
+ 3.2.2
+ 3.2.3
+ 3.2.5
+ 3.2.9
+ 3.2.9.1
+ 3.3.0"
+
+# go for it
+for v in ${VERSIONS}; do
+ server=${TEST_COMBASE}/${v}/sftp-server2
+ if [ ! -x ${server} ]; then
+ continue
+ fi
+ verbose "sftp-server $v"
+ for B in ${BUFFERSIZE}; do
+ for R in ${REQUESTS}; do
+ verbose "test $tid: buffer_size $B num_requests $R"
+ rm -f ${COPY}.1 ${COPY}.2
+ ${SFTP} -D ${server} -B $B -R $R -b $SFTPCMDFILE \
+ > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "sftp failed with $r"
+ else
+ cmp $DATA ${COPY}.1 || fail "corrupted copy after get"
+ cmp $DATA ${COPY}.2 || fail "corrupted copy after put"
+ fi
+ done
+ done
+done
+rm -f ${COPY}.1 ${COPY}.2
+rm -f $SFTPCMDFILE
diff --git a/crypto/openssh/regress/ssh-com.sh b/crypto/openssh/regress/ssh-com.sh
new file mode 100644
index 0000000..6c5cfe8
--- /dev/null
+++ b/crypto/openssh/regress/ssh-com.sh
@@ -0,0 +1,119 @@
+# $OpenBSD: ssh-com.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="connect to ssh.com server"
+
+#TEST_COMBASE=/path/to/ssh/com/binaries
+if [ "X${TEST_COMBASE}" = "X" ]; then
+ fatal '$TEST_COMBASE is not set'
+fi
+
+VERSIONS="
+ 2.0.12
+ 2.0.13
+ 2.1.0
+ 2.2.0
+ 2.3.0
+ 2.4.0
+ 3.0.0
+ 3.1.0
+ 3.2.0
+ 3.2.2
+ 3.2.3
+ 3.2.5
+ 3.2.9
+ 3.2.9.1
+ 3.3.0"
+# 2.0.10 does not support UserConfigDirectory
+# 2.3.1 requires a config in $HOME/.ssh2
+
+SRC=`dirname ${SCRIPT}`
+
+# ssh.com
+cat << EOF > $OBJ/sshd2_config
+#*:
+ # Port and ListenAddress are not used.
+ QuietMode yes
+ Port 4343
+ ListenAddress 127.0.0.1
+ UserConfigDirectory ${OBJ}/%U
+ Ciphers AnyCipher
+ PubKeyAuthentication yes
+ #AllowedAuthentications publickey
+ AuthorizationFile authorization
+ HostKeyFile ${SRC}/dsa_ssh2.prv
+ PublicHostKeyFile ${SRC}/dsa_ssh2.pub
+ RandomSeedFile ${OBJ}/random_seed
+ MaxConnections 0
+ PermitRootLogin yes
+ VerboseMode no
+ CheckMail no
+ Ssh1Compatibility no
+EOF
+
+# create client config
+sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
+ < $OBJ/ssh_config > $OBJ/ssh_config_com
+
+# we need a DSA key for
+rm -f ${OBJ}/dsa ${OBJ}/dsa.pub
+${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa
+
+# setup userdir, try rsa first
+mkdir -p ${OBJ}/${USER}
+cp /dev/null ${OBJ}/${USER}/authorization
+for t in rsa dsa; do
+ ${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com
+ echo Key $t.com >> ${OBJ}/${USER}/authorization
+ echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com
+done
+
+# convert and append DSA hostkey
+(
+ printf 'ssh2-localhost-with-alias,127.0.0.1,::1 '
+ ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
+) >> $OBJ/known_hosts
+
+# go for it
+for v in ${VERSIONS}; do
+ sshd2=${TEST_COMBASE}/${v}/sshd2
+ if [ ! -x ${sshd2} ]; then
+ continue
+ fi
+ trace "sshd2 ${v}"
+ PROXY="proxycommand ${sshd2} -qif ${OBJ}/sshd2_config 2> /dev/null"
+ ${SSH} -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
+ if [ $? -ne 0 ]; then
+ fail "ssh connect to sshd2 ${v} failed"
+ fi
+
+ ciphers="3des-cbc blowfish-cbc arcfour"
+ macs="hmac-md5"
+ case $v in
+ 2.4.*)
+ ciphers="$ciphers cast128-cbc"
+ macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
+ ;;
+ 3.*)
+ ciphers="$ciphers aes128-cbc cast128-cbc"
+ macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96"
+ ;;
+ esac
+ #ciphers="3des-cbc"
+ for m in $macs; do
+ for c in $ciphers; do
+ trace "sshd2 ${v} cipher $c mac $m"
+ verbose "test ${tid}: sshd2 ${v} cipher $c mac $m"
+ ${SSH} -c $c -m $m -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0
+ if [ $? -ne 0 ]; then
+ fail "ssh connect to sshd2 ${v} with $c/$m failed"
+ fi
+ done
+ done
+done
+
+rm -rf ${OBJ}/${USER}
+for i in sshd_config_proxy ssh_config_proxy random_seed \
+ sshd2_config dsa.pub dsa ssh_config_com; do
+ rm -f ${OBJ}/$i
+done
diff --git a/crypto/openssh/regress/ssh2putty.sh b/crypto/openssh/regress/ssh2putty.sh
new file mode 100755
index 0000000..691db16
--- /dev/null
+++ b/crypto/openssh/regress/ssh2putty.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+# $OpenBSD: ssh2putty.sh,v 1.2 2009/10/06 23:51:49 dtucker Exp $
+
+if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
+ echo "Usage: ssh2putty hostname port ssh-private-key"
+ exit 1
+fi
+
+HOST=$1
+PORT=$2
+KEYFILE=$3
+
+# XXX - support DSA keys too
+if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then
+ :
+else
+ echo "Unsupported private key format"
+ exit 1
+fi
+
+public_exponent=`
+ openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent |
+ sed 's/.*(//;s/).*//'
+`
+test $? -ne 0 && exit 1
+
+modulus=`
+ openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= |
+ sed 's/^Modulus=/0x/' | tr A-Z a-z
+`
+test $? -ne 0 && exit 1
+
+echo "rsa2@$PORT:$HOST $public_exponent,$modulus"
+
diff --git a/crypto/openssh/regress/sshd-log-wrapper.sh b/crypto/openssh/regress/sshd-log-wrapper.sh
new file mode 100644
index 0000000..a9386be
--- /dev/null
+++ b/crypto/openssh/regress/sshd-log-wrapper.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $
+# Placed in the Public Domain.
+#
+# simple wrapper for sshd proxy mode to catch stderr output
+# sh sshd-log-wrapper.sh /path/to/sshd /path/to/logfile
+
+sshd=$1
+log=$2
+shift
+shift
+
+exec $sshd -E$log $@
diff --git a/crypto/openssh/regress/stderr-after-eof.sh b/crypto/openssh/regress/stderr-after-eof.sh
new file mode 100644
index 0000000..218ac6b
--- /dev/null
+++ b/crypto/openssh/regress/stderr-after-eof.sh
@@ -0,0 +1,24 @@
+# $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="stderr data after eof"
+
+# setup data
+rm -f ${DATA} ${COPY}
+cp /dev/null ${DATA}
+for i in 1 2 3 4 5 6; do
+ (date;echo $i) | md5 >> ${DATA}
+done
+
+${SSH} -2 -F $OBJ/ssh_proxy otherhost \
+ exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \
+ 2> ${COPY}
+r=$?
+if [ $r -ne 0 ]; then
+ fail "ssh failed with exit code $r"
+fi
+egrep 'Disconnecting: Received extended_data after EOF' ${COPY} &&
+ fail "ext data received after eof"
+cmp ${DATA} ${COPY} || fail "stderr corrupt"
+
+rm -f ${DATA} ${COPY}
diff --git a/crypto/openssh/regress/stderr-data.sh b/crypto/openssh/regress/stderr-data.sh
new file mode 100644
index 0000000..b0bd235
--- /dev/null
+++ b/crypto/openssh/regress/stderr-data.sh
@@ -0,0 +1,29 @@
+# $OpenBSD: stderr-data.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="stderr data transfer"
+
+for n in '' -n; do
+for p in 1 2; do
+ verbose "test $tid: proto $p ($n)"
+ ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \
+ exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \
+ 2> ${COPY}
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh failed with exit code $r"
+ fi
+ cmp ${DATA} ${COPY} || fail "stderr corrupt"
+ rm -f ${COPY}
+
+ ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \
+ exec sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \
+ > /dev/null 2> ${COPY}
+ r=$?
+ if [ $r -ne 0 ]; then
+ fail "ssh failed with exit code $r"
+ fi
+ cmp ${DATA} ${COPY} || fail "stderr corrupt"
+ rm -f ${COPY}
+done
+done
diff --git a/crypto/openssh/regress/t4.ok b/crypto/openssh/regress/t4.ok
new file mode 100644
index 0000000..8c4942b
--- /dev/null
+++ b/crypto/openssh/regress/t4.ok
@@ -0,0 +1 @@
+3b:dd:44:e9:49:18:84:95:f1:e7:33:6b:9d:93:b1:36
diff --git a/crypto/openssh/regress/t5.ok b/crypto/openssh/regress/t5.ok
new file mode 100644
index 0000000..bd622f3
--- /dev/null
+++ b/crypto/openssh/regress/t5.ok
@@ -0,0 +1 @@
+xokes-lylis-byleh-zebib-kalus-bihas-tevah-haroz-suhar-foved-noxex
diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh
new file mode 100644
index 0000000..eee4462
--- /dev/null
+++ b/crypto/openssh/regress/test-exec.sh
@@ -0,0 +1,474 @@
+# $OpenBSD: test-exec.sh,v 1.46 2013/06/21 02:26:26 djm Exp $
+# Placed in the Public Domain.
+
+#SUDO=sudo
+
+# Unbreak GNU head(1)
+_POSIX2_VERSION=199209
+export _POSIX2_VERSION
+
+case `uname -s 2>/dev/null` in
+OSF1*)
+ BIN_SH=xpg4
+ export BIN_SH
+ ;;
+CYGWIN_NT-5.0)
+ os=cygwin
+ TEST_SSH_IPV6=no
+ ;;
+CYGWIN*)
+ os=cygwin
+ ;;
+esac
+
+if [ ! -z "$TEST_SSH_PORT" ]; then
+ PORT="$TEST_SSH_PORT"
+else
+ PORT=4242
+fi
+
+if [ -x /usr/ucb/whoami ]; then
+ USER=`/usr/ucb/whoami`
+elif whoami >/dev/null 2>&1; then
+ USER=`whoami`
+elif logname >/dev/null 2>&1; then
+ USER=`logname`
+else
+ USER=`id -un`
+fi
+
+OBJ=$1
+if [ "x$OBJ" = "x" ]; then
+ echo '$OBJ not defined'
+ exit 2
+fi
+if [ ! -d $OBJ ]; then
+ echo "not a directory: $OBJ"
+ exit 2
+fi
+SCRIPT=$2
+if [ "x$SCRIPT" = "x" ]; then
+ echo '$SCRIPT not defined'
+ exit 2
+fi
+if [ ! -f $SCRIPT ]; then
+ echo "not a file: $SCRIPT"
+ exit 2
+fi
+if $TEST_SHELL -n $SCRIPT; then
+ true
+else
+ echo "syntax error in $SCRIPT"
+ exit 2
+fi
+unset SSH_AUTH_SOCK
+
+SRC=`dirname ${SCRIPT}`
+
+# defaults
+SSH=ssh
+SSHD=sshd
+SSHAGENT=ssh-agent
+SSHADD=ssh-add
+SSHKEYGEN=ssh-keygen
+SSHKEYSCAN=ssh-keyscan
+SFTP=sftp
+SFTPSERVER=/usr/libexec/openssh/sftp-server
+SCP=scp
+
+# Interop testing
+PLINK=plink
+PUTTYGEN=puttygen
+CONCH=conch
+
+if [ "x$TEST_SSH_SSH" != "x" ]; then
+ SSH="${TEST_SSH_SSH}"
+fi
+if [ "x$TEST_SSH_SSHD" != "x" ]; then
+ SSHD="${TEST_SSH_SSHD}"
+fi
+if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then
+ SSHAGENT="${TEST_SSH_SSHAGENT}"
+fi
+if [ "x$TEST_SSH_SSHADD" != "x" ]; then
+ SSHADD="${TEST_SSH_SSHADD}"
+fi
+if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then
+ SSHKEYGEN="${TEST_SSH_SSHKEYGEN}"
+fi
+if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then
+ SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}"
+fi
+if [ "x$TEST_SSH_SFTP" != "x" ]; then
+ SFTP="${TEST_SSH_SFTP}"
+fi
+if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then
+ SFTPSERVER="${TEST_SSH_SFTPSERVER}"
+fi
+if [ "x$TEST_SSH_SCP" != "x" ]; then
+ SCP="${TEST_SSH_SCP}"
+fi
+if [ "x$TEST_SSH_PLINK" != "x" ]; then
+ # Find real binary, if it exists
+ case "${TEST_SSH_PLINK}" in
+ /*) PLINK="${TEST_SSH_PLINK}" ;;
+ *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;;
+ esac
+fi
+if [ "x$TEST_SSH_PUTTYGEN" != "x" ]; then
+ # Find real binary, if it exists
+ case "${TEST_SSH_PUTTYGEN}" in
+ /*) PUTTYGEN="${TEST_SSH_PUTTYGEN}" ;;
+ *) PUTTYGEN=`which ${TEST_SSH_PUTTYGEN} 2>/dev/null` ;;
+ esac
+fi
+if [ "x$TEST_SSH_CONCH" != "x" ]; then
+ # Find real binary, if it exists
+ case "${TEST_SSH_CONCH}" in
+ /*) CONCH="${TEST_SSH_CONCH}" ;;
+ *) CONCH=`which ${TEST_SSH_CONCH} 2>/dev/null` ;;
+ esac
+fi
+
+# Path to sshd must be absolute for rexec
+case "$SSHD" in
+/*) ;;
+*) SSHD=`which sshd` ;;
+esac
+
+# Logfiles.
+# SSH_LOGFILE should be the debug output of ssh(1) only
+# SSHD_LOGFILE should be the debug output of sshd(8) only
+# REGRESS_LOGFILE is the output of the test itself stdout and stderr
+if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
+ TEST_SSH_LOGFILE=$OBJ/ssh.log
+fi
+if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then
+ TEST_SSHD_LOGFILE=$OBJ/sshd.log
+fi
+if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then
+ TEST_REGRESS_LOGFILE=$OBJ/regress.log
+fi
+
+# truncate logfiles
+>$TEST_SSH_LOGFILE
+>$TEST_SSHD_LOGFILE
+>$TEST_REGRESS_LOGFILE
+
+# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..."
+# because sftp and scp don't handle spaces in arguments.
+SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
+echo "#!/bin/sh" > $SSHLOGWRAP
+echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
+
+chmod a+rx $OBJ/ssh-log-wrapper.sh
+SSH="$SSHLOGWRAP"
+
+# Some test data. We make a copy because some tests will overwrite it.
+# The tests may assume that $DATA exists and is writable and $COPY does
+# not exist.
+DATANAME=data
+DATA=$OBJ/${DATANAME}
+cat $SSHD $SSHD $SSHD $SSHD >${DATA}
+chmod u+w ${DATA}
+COPY=$OBJ/copy
+rm -f ${COPY}
+
+# these should be used in tests
+export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP
+#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP
+
+# Portable specific functions
+have_prog()
+{
+ saved_IFS="$IFS"
+ IFS=":"
+ for i in $PATH
+ do
+ if [ -x $i/$1 ]; then
+ IFS="$saved_IFS"
+ return 0
+ fi
+ done
+ IFS="$saved_IFS"
+ return 1
+}
+
+jot() {
+ awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }"
+}
+
+# Check whether preprocessor symbols are defined in config.h.
+config_defined ()
+{
+ str=$1
+ while test "x$2" != "x" ; do
+ str="$str|$2"
+ shift
+ done
+ egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1
+}
+
+md5 () {
+ if have_prog md5sum; then
+ md5sum
+ elif have_prog openssl; then
+ openssl md5
+ elif have_prog cksum; then
+ cksum
+ elif have_prog sum; then
+ sum
+ else
+ wc -c
+ fi
+}
+# End of portable specific functions
+
+# helper
+cleanup ()
+{
+ if [ -f $PIDFILE ]; then
+ pid=`$SUDO cat $PIDFILE`
+ if [ "X$pid" = "X" ]; then
+ echo no sshd running
+ else
+ if [ $pid -lt 2 ]; then
+ echo bad pid for ssh: $pid
+ else
+ $SUDO kill $pid
+ trace "wait for sshd to exit"
+ i=0;
+ while [ -f $PIDFILE -a $i -lt 5 ]; do
+ i=`expr $i + 1`
+ sleep $i
+ done
+ test -f $PIDFILE && \
+ fatal "sshd didn't exit port $PORT pid $pid"
+ fi
+ fi
+ fi
+}
+
+start_debug_log ()
+{
+ echo "trace: $@" >$TEST_REGRESS_LOGFILE
+ echo "trace: $@" >$TEST_SSH_LOGFILE
+ echo "trace: $@" >$TEST_SSHD_LOGFILE
+}
+
+save_debug_log ()
+{
+ echo $@ >>$TEST_REGRESS_LOGFILE
+ echo $@ >>$TEST_SSH_LOGFILE
+ echo $@ >>$TEST_SSHD_LOGFILE
+ (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log
+ (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log
+ (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log
+}
+
+trace ()
+{
+ start_debug_log $@
+ if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then
+ echo "$@"
+ fi
+}
+
+verbose ()
+{
+ start_debug_log $@
+ if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then
+ echo "$@"
+ fi
+}
+
+warn ()
+{
+ echo "WARNING: $@" >>$TEST_SSH_LOGFILE
+ echo "WARNING: $@"
+}
+
+fail ()
+{
+ save_debug_log "FAIL: $@"
+ RESULT=1
+ echo "$@"
+
+}
+
+fatal ()
+{
+ save_debug_log "FATAL: $@"
+ printf "FATAL: "
+ fail "$@"
+ cleanup
+ exit $RESULT
+}
+
+RESULT=0
+PIDFILE=$OBJ/pidfile
+
+trap fatal 3 2
+
+# create server config
+cat << EOF > $OBJ/sshd_config
+ StrictModes no
+ Port $PORT
+ Protocol 2,1
+ AddressFamily inet
+ ListenAddress 127.0.0.1
+ #ListenAddress ::1
+ PidFile $PIDFILE
+ AuthorizedKeysFile $OBJ/authorized_keys_%u
+ LogLevel DEBUG3
+ AcceptEnv _XXX_TEST_*
+ AcceptEnv _XXX_TEST
+ Subsystem sftp $SFTPSERVER
+EOF
+
+if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
+ trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
+ echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
+fi
+
+# server config for proxy connects
+cp $OBJ/sshd_config $OBJ/sshd_proxy
+
+# allow group-writable directories in proxy-mode
+echo 'StrictModes no' >> $OBJ/sshd_proxy
+
+# create client config
+cat << EOF > $OBJ/ssh_config
+Host *
+ Protocol 2,1
+ Hostname 127.0.0.1
+ HostKeyAlias localhost-with-alias
+ Port $PORT
+ User $USER
+ GlobalKnownHostsFile $OBJ/known_hosts
+ UserKnownHostsFile $OBJ/known_hosts
+ RSAAuthentication yes
+ PubkeyAuthentication yes
+ ChallengeResponseAuthentication no
+ HostbasedAuthentication no
+ PasswordAuthentication no
+ RhostsRSAAuthentication no
+ BatchMode yes
+ StrictHostKeyChecking yes
+ LogLevel DEBUG3
+EOF
+
+if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then
+ trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS"
+ echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config
+fi
+
+rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
+
+trace "generate keys"
+for t in rsa rsa1; do
+ # generate user key
+ if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN} -nt $OBJ/$t ]; then
+ rm -f $OBJ/$t
+ ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\
+ fail "ssh-keygen for $t failed"
+ fi
+
+ # known hosts file for client
+ (
+ printf 'localhost-with-alias,127.0.0.1,::1 '
+ cat $OBJ/$t.pub
+ ) >> $OBJ/known_hosts
+
+ # setup authorized keys
+ cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER
+ echo IdentityFile $OBJ/$t >> $OBJ/ssh_config
+
+ # use key as host key, too
+ $SUDO cp $OBJ/$t $OBJ/host.$t
+ echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
+
+ # don't use SUDO for proxy connect
+ echo HostKey $OBJ/$t >> $OBJ/sshd_proxy
+done
+chmod 644 $OBJ/authorized_keys_$USER
+
+# Activate Twisted Conch tests if the binary is present
+REGRESS_INTEROP_CONCH=no
+if test -x "$CONCH" ; then
+ REGRESS_INTEROP_CONCH=yes
+fi
+
+# If PuTTY is present and we are running a PuTTY test, prepare keys and
+# configuration
+REGRESS_INTEROP_PUTTY=no
+if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
+ REGRESS_INTEROP_PUTTY=yes
+fi
+case "$SCRIPT" in
+*putty*) ;;
+*) REGRESS_INTEROP_PUTTY=no ;;
+esac
+
+if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
+ mkdir -p ${OBJ}/.putty
+
+ # Add a PuTTY key to authorized_keys
+ rm -f ${OBJ}/putty.rsa2
+ puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+ puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+ >> $OBJ/authorized_keys_$USER
+
+ # Convert rsa2 host key to PuTTY format
+ ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa > \
+ ${OBJ}/.putty/sshhostkeys
+ ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa >> \
+ ${OBJ}/.putty/sshhostkeys
+
+ # Setup proxied session
+ mkdir -p ${OBJ}/.putty/sessions
+ rm -f ${OBJ}/.putty/sessions/localhost_proxy
+ echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
+ echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
+
+ REGRESS_INTEROP_PUTTY=yes
+fi
+
+# create a proxy version of the client config
+(
+ cat $OBJ/ssh_config
+ echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy
+) > $OBJ/ssh_proxy
+
+# check proxy config
+${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken"
+
+start_sshd ()
+{
+ # start sshd
+ $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken"
+ $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
+
+ trace "wait for sshd"
+ i=0;
+ while [ ! -f $PIDFILE -a $i -lt 10 ]; do
+ i=`expr $i + 1`
+ sleep $i
+ done
+
+ test -f $PIDFILE || fatal "no sshd running on port $PORT"
+}
+
+# source test body
+. $SCRIPT
+
+# kill sshd
+cleanup
+if [ $RESULT -eq 0 ]; then
+ verbose ok $tid
+else
+ echo failed $tid
+fi
+exit $RESULT
diff --git a/crypto/openssh/regress/transfer.sh b/crypto/openssh/regress/transfer.sh
new file mode 100644
index 0000000..1ae3ef5
--- /dev/null
+++ b/crypto/openssh/regress/transfer.sh
@@ -0,0 +1,26 @@
+# $OpenBSD: transfer.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="transfer data"
+
+for p in 1 2; do
+ verbose "$tid: proto $p"
+ rm -f ${COPY}
+ ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY}
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ trace "proto $p dd-size ${s}"
+ rm -f ${COPY}
+ dd if=$DATA obs=${s} 2> /dev/null | \
+ ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
+ if [ $? -ne 0 ]; then
+ fail "ssh cat $DATA failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ done
+done
+rm -f ${COPY}
diff --git a/crypto/openssh/regress/try-ciphers.sh b/crypto/openssh/regress/try-ciphers.sh
new file mode 100644
index 0000000..e17c9f5
--- /dev/null
+++ b/crypto/openssh/regress/try-ciphers.sh
@@ -0,0 +1,48 @@
+# $OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="try ciphers"
+
+ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
+ arcfour128 arcfour256 arcfour
+ aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
+ aes128-ctr aes192-ctr aes256-ctr"
+config_defined OPENSSL_HAVE_EVPGCM && \
+ ciphers="$ciphers aes128-gcm@openssh.com aes256-gcm@openssh.com"
+macs="hmac-sha1 hmac-md5 umac-64@openssh.com umac-128@openssh.com
+ hmac-sha1-96 hmac-md5-96
+ hmac-sha1-etm@openssh.com hmac-md5-etm@openssh.com
+ umac-64-etm@openssh.com umac-128-etm@openssh.com
+ hmac-sha1-96-etm@openssh.com hmac-md5-96-etm@openssh.com
+ hmac-ripemd160-etm@openssh.com"
+config_defined HAVE_EVP_SHA256 &&
+ macs="$macs hmac-sha2-256 hmac-sha2-512
+ hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
+
+for c in $ciphers; do
+ n=0
+ for m in $macs; do
+ trace "proto 2 cipher $c mac $m"
+ verbose "test $tid: proto 2 cipher $c mac $m"
+ ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh -2 failed with mac $m cipher $c"
+ fi
+ # No point trying all MACs for GCM since they are ignored.
+ case $c in
+ aes*-gcm@openssh.com) test $n -gt 0 && break;;
+ esac
+ n=`expr $n + 1`
+ done
+done
+
+ciphers="3des blowfish"
+for c in $ciphers; do
+ trace "proto 1 cipher $c"
+ verbose "test $tid: proto 1 cipher $c"
+ ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh -1 failed with cipher $c"
+ fi
+done
+
diff --git a/crypto/openssh/regress/yes-head.sh b/crypto/openssh/regress/yes-head.sh
new file mode 100644
index 0000000..a8e6bc8
--- /dev/null
+++ b/crypto/openssh/regress/yes-head.sh
@@ -0,0 +1,15 @@
+# $OpenBSD: yes-head.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# Placed in the Public Domain.
+
+tid="yes pipe head"
+
+for p in 1 2; do
+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
+ if [ $? -ne 0 ]; then
+ fail "yes|head test failed"
+ lines = 0;
+ fi
+ if [ $lines -ne 2000 ]; then
+ fail "yes|head returns $lines lines instead of 2000"
+ fi
+done
diff --git a/crypto/openssh/scp.0 b/crypto/openssh/scp.0
new file mode 100644
index 0000000..fe7087b
--- /dev/null
+++ b/crypto/openssh/scp.0
@@ -0,0 +1,158 @@
+SCP(1) OpenBSD Reference Manual SCP(1)
+
+NAME
+ scp - secure copy (remote file copy program)
+
+SYNOPSIS
+ scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
+ [-l limit] [-o ssh_option] [-P port] [-S program]
+ [[user@]host1:]file1 ... [[user@]host2:]file2
+
+DESCRIPTION
+ scp copies files between hosts on a network. It uses ssh(1) for data
+ transfer, and uses the same authentication and provides the same security
+ as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if
+ they are needed for authentication.
+
+ File names may contain a user and host specification to indicate that the
+ file is to be copied to/from that host. Local file names can be made
+ explicit using absolute or relative pathnames to avoid scp treating file
+ names containing `:' as host specifiers. Copies between two remote hosts
+ are also permitted.
+
+ The options are as follows:
+
+ -1 Forces scp to use protocol 1.
+
+ -2 Forces scp to use protocol 2.
+
+ -3 Copies between two remote hosts are transferred through the local
+ host. Without this option the data is copied directly between
+ the two remote hosts. Note that this option disables the
+ progress meter.
+
+ -4 Forces scp to use IPv4 addresses only.
+
+ -6 Forces scp to use IPv6 addresses only.
+
+ -B Selects batch mode (prevents asking for passwords or
+ passphrases).
+
+ -C Compression enable. Passes the -C flag to ssh(1) to enable
+ compression.
+
+ -c cipher
+ Selects the cipher to use for encrypting the data transfer. This
+ option is directly passed to ssh(1).
+
+ -F ssh_config
+ Specifies an alternative per-user configuration file for ssh.
+ This option is directly passed to ssh(1).
+
+ -i identity_file
+ Selects the file from which the identity (private key) for public
+ key authentication is read. This option is directly passed to
+ ssh(1).
+
+ -l limit
+ Limits the used bandwidth, specified in Kbit/s.
+
+ -o ssh_option
+ Can be used to pass options to ssh in the format used in
+ ssh_config(5). This is useful for specifying options for which
+ there is no separate scp command-line flag. For full details of
+ the options listed below, and their possible values, see
+ ssh_config(5).
+
+ AddressFamily
+ BatchMode
+ BindAddress
+ ChallengeResponseAuthentication
+ CheckHostIP
+ Cipher
+ Ciphers
+ Compression
+ CompressionLevel
+ ConnectionAttempts
+ ConnectTimeout
+ ControlMaster
+ ControlPath
+ ControlPersist
+ GlobalKnownHostsFile
+ GSSAPIAuthentication
+ GSSAPIDelegateCredentials
+ HashKnownHosts
+ Host
+ HostbasedAuthentication
+ HostKeyAlgorithms
+ HostKeyAlias
+ HostName
+ IdentityFile
+ IdentitiesOnly
+ IPQoS
+ KbdInteractiveAuthentication
+ KbdInteractiveDevices
+ KexAlgorithms
+ LogLevel
+ MACs
+ NoHostAuthenticationForLocalhost
+ NumberOfPasswordPrompts
+ PasswordAuthentication
+ PKCS11Provider
+ Port
+ PreferredAuthentications
+ Protocol
+ ProxyCommand
+ PubkeyAuthentication
+ RekeyLimit
+ RhostsRSAAuthentication
+ RSAAuthentication
+ SendEnv
+ ServerAliveInterval
+ ServerAliveCountMax
+ StrictHostKeyChecking
+ TCPKeepAlive
+ UsePrivilegedPort
+ User
+ UserKnownHostsFile
+ VerifyHostKeyDNS
+
+ -P port
+ Specifies the port to connect to on the remote host. Note that
+ this option is written with a capital `P', because -p is already
+ reserved for preserving the times and modes of the file in
+ rcp(1).
+
+ -p Preserves modification times, access times, and modes from the
+ original file.
+
+ -q Quiet mode: disables the progress meter as well as warning and
+ diagnostic messages from ssh(1).
+
+ -r Recursively copy entire directories. Note that scp follows
+ symbolic links encountered in the tree traversal.
+
+ -S program
+ Name of program to use for the encrypted connection. The program
+ must understand ssh(1) options.
+
+ -v Verbose mode. Causes scp and ssh(1) to print debugging messages
+ about their progress. This is helpful in debugging connection,
+ authentication, and configuration problems.
+
+EXIT STATUS
+ The scp utility exits 0 on success, and >0 if an error occurs.
+
+SEE ALSO
+ rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
+ ssh_config(5), sshd(8)
+
+HISTORY
+ scp is based on the rcp(1) program in BSD source code from the Regents of
+ the University of California.
+
+AUTHORS
+ Timo Rinne <tri@iki.fi>
+ Tatu Ylonen <ylo@cs.hut.fi>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/sftp-server.0 b/crypto/openssh/sftp-server.0
new file mode 100644
index 0000000..bca318b
--- /dev/null
+++ b/crypto/openssh/sftp-server.0
@@ -0,0 +1,74 @@
+SFTP-SERVER(8) OpenBSD System Manager's Manual SFTP-SERVER(8)
+
+NAME
+ sftp-server - SFTP server subsystem
+
+SYNOPSIS
+ sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
+ [-u umask]
+
+DESCRIPTION
+ sftp-server is a program that speaks the server side of SFTP protocol to
+ stdout and expects client requests from stdin. sftp-server is not
+ intended to be called directly, but from sshd(8) using the Subsystem
+ option.
+
+ Command-line flags to sftp-server should be specified in the Subsystem
+ declaration. See sshd_config(5) for more information.
+
+ Valid options are:
+
+ -d start_directory
+ specifies an alternate starting directory for users. The
+ pathname may contain the following tokens that are expanded at
+ runtime: %% is replaced by a literal '%', %h is replaced by the
+ home directory of the user being authenticated, and %u is
+ replaced by the username of that user. The default is to use the
+ user's home directory. This option is useful in conjunction with
+ the sshd_config(5) ChrootDirectory option.
+
+ -e Causes sftp-server to print logging information to stderr instead
+ of syslog for debugging.
+
+ -f log_facility
+ Specifies the facility code that is used when logging messages
+ from sftp-server. The possible values are: DAEMON, USER, AUTH,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+
+ -h Displays sftp-server usage information.
+
+ -l log_level
+ Specifies which messages will be logged by sftp-server. The
+ possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
+ DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
+ that sftp-server performs on behalf of the client. DEBUG and
+ DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
+ levels of debugging output. The default is ERROR.
+
+ -R Places this instance of sftp-server into a read-only mode.
+ Attempts to open files for writing, as well as other operations
+ that change the state of the filesystem, will be denied.
+
+ -u umask
+ Sets an explicit umask(2) to be applied to newly-created files
+ and directories, instead of the user's default mask.
+
+ For logging to work, sftp-server must be able to access /dev/log. Use of
+ sftp-server in a chroot configuration therefore requires that syslogd(8)
+ establish a logging socket inside the chroot directory.
+
+SEE ALSO
+ sftp(1), ssh(1), sshd_config(5), sshd(8)
+
+ T. Ylonen and S. Lehtinen, SSH File Transfer Protocol,
+ draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress
+ material.
+
+HISTORY
+ sftp-server first appeared in OpenBSD 2.8.
+
+AUTHORS
+ Markus Friedl <markus@openbsd.org>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/sftp.0 b/crypto/openssh/sftp.0
new file mode 100644
index 0000000..c5fa178
--- /dev/null
+++ b/crypto/openssh/sftp.0
@@ -0,0 +1,349 @@
+SFTP(1) OpenBSD Reference Manual SFTP(1)
+
+NAME
+ sftp - secure file transfer program
+
+SYNOPSIS
+ sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
+ [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
+ [-o ssh_option] [-P port] [-R num_requests] [-S program]
+ [-s subsystem | sftp_server] host
+ sftp [user@]host[:file ...]
+ sftp [user@]host[:dir[/]]
+ sftp -b batchfile [user@]host
+
+DESCRIPTION
+ sftp is an interactive file transfer program, similar to ftp(1), which
+ performs all operations over an encrypted ssh(1) transport. It may also
+ use many features of ssh, such as public key authentication and
+ compression. sftp connects and logs into the specified host, then enters
+ an interactive command mode.
+
+ The second usage format will retrieve files automatically if a non-
+ interactive authentication method is used; otherwise it will do so after
+ successful interactive authentication.
+
+ The third usage format allows sftp to start in a remote directory.
+
+ The final usage format allows for automated sessions using the -b option.
+ In such cases, it is necessary to configure non-interactive
+ authentication to obviate the need to enter a password at connection time
+ (see sshd(8) and ssh-keygen(1) for details).
+
+ Since some usage formats use colon characters to delimit host names from
+ path names, IPv6 addresses must be enclosed in square brackets to avoid
+ ambiguity.
+
+ The options are as follows:
+
+ -1 Specify the use of protocol version 1.
+
+ -2 Specify the use of protocol version 2.
+
+ -4 Forces sftp to use IPv4 addresses only.
+
+ -6 Forces sftp to use IPv6 addresses only.
+
+ -B buffer_size
+ Specify the size of the buffer that sftp uses when transferring
+ files. Larger buffers require fewer round trips at the cost of
+ higher memory consumption. The default is 32768 bytes.
+
+ -b batchfile
+ Batch mode reads a series of commands from an input batchfile
+ instead of stdin. Since it lacks user interaction it should be
+ used in conjunction with non-interactive authentication. A
+ batchfile of `-' may be used to indicate standard input. sftp
+ will abort if any of the following commands fail: get, put,
+ reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown,
+ chgrp, lpwd, df, symlink, and lmkdir. Termination on error can
+ be suppressed on a command by command basis by prefixing the
+ command with a `-' character (for example, -rm /tmp/blah*).
+
+ -C Enables compression (via ssh's -C flag).
+
+ -c cipher
+ Selects the cipher to use for encrypting the data transfers.
+ This option is directly passed to ssh(1).
+
+ -D sftp_server_path
+ Connect directly to a local sftp server (rather than via ssh(1)).
+ This option may be useful in debugging the client and server.
+
+ -F ssh_config
+ Specifies an alternative per-user configuration file for ssh(1).
+ This option is directly passed to ssh(1).
+
+ -i identity_file
+ Selects the file from which the identity (private key) for public
+ key authentication is read. This option is directly passed to
+ ssh(1).
+
+ -l limit
+ Limits the used bandwidth, specified in Kbit/s.
+
+ -o ssh_option
+ Can be used to pass options to ssh in the format used in
+ ssh_config(5). This is useful for specifying options for which
+ there is no separate sftp command-line flag. For example, to
+ specify an alternate port use: sftp -oPort=24. For full details
+ of the options listed below, and their possible values, see
+ ssh_config(5).
+
+ AddressFamily
+ BatchMode
+ BindAddress
+ ChallengeResponseAuthentication
+ CheckHostIP
+ Cipher
+ Ciphers
+ Compression
+ CompressionLevel
+ ConnectionAttempts
+ ConnectTimeout
+ ControlMaster
+ ControlPath
+ ControlPersist
+ GlobalKnownHostsFile
+ GSSAPIAuthentication
+ GSSAPIDelegateCredentials
+ HashKnownHosts
+ Host
+ HostbasedAuthentication
+ HostKeyAlgorithms
+ HostKeyAlias
+ HostName
+ IdentityFile
+ IdentitiesOnly
+ IPQoS
+ KbdInteractiveAuthentication
+ KbdInteractiveDevices
+ KexAlgorithms
+ LogLevel
+ MACs
+ NoHostAuthenticationForLocalhost
+ NumberOfPasswordPrompts
+ PasswordAuthentication
+ PKCS11Provider
+ Port
+ PreferredAuthentications
+ Protocol
+ ProxyCommand
+ PubkeyAuthentication
+ RekeyLimit
+ RhostsRSAAuthentication
+ RSAAuthentication
+ SendEnv
+ ServerAliveInterval
+ ServerAliveCountMax
+ StrictHostKeyChecking
+ TCPKeepAlive
+ UsePrivilegedPort
+ User
+ UserKnownHostsFile
+ VerifyHostKeyDNS
+
+ -P port
+ Specifies the port to connect to on the remote host.
+
+ -p Preserves modification times, access times, and modes from the
+ original files transferred.
+
+ -q Quiet mode: disables the progress meter as well as warning and
+ diagnostic messages from ssh(1).
+
+ -R num_requests
+ Specify how many requests may be outstanding at any one time.
+ Increasing this may slightly improve file transfer speed but will
+ increase memory usage. The default is 64 outstanding requests.
+
+ -r Recursively copy entire directories when uploading and
+ downloading. Note that sftp does not follow symbolic links
+ encountered in the tree traversal.
+
+ -S program
+ Name of the program to use for the encrypted connection. The
+ program must understand ssh(1) options.
+
+ -s subsystem | sftp_server
+ Specifies the SSH2 subsystem or the path for an sftp server on
+ the remote host. A path is useful for using sftp over protocol
+ version 1, or when the remote sshd(8) does not have an sftp
+ subsystem configured.
+
+ -v Raise logging level. This option is also passed to ssh.
+
+INTERACTIVE COMMANDS
+ Once in interactive mode, sftp understands a set of commands similar to
+ those of ftp(1). Commands are case insensitive. Pathnames that contain
+ spaces must be enclosed in quotes. Any special characters contained
+ within pathnames that are recognized by glob(3) must be escaped with
+ backslashes (`\').
+
+ bye Quit sftp.
+
+ cd path
+ Change remote directory to path.
+
+ chgrp grp path
+ Change group of file path to grp. path may contain glob(3)
+ characters and may match multiple files. grp must be a numeric
+ GID.
+
+ chmod mode path
+ Change permissions of file path to mode. path may contain
+ glob(3) characters and may match multiple files.
+
+ chown own path
+ Change owner of file path to own. path may contain glob(3)
+ characters and may match multiple files. own must be a numeric
+ UID.
+
+ df [-hi] [path]
+ Display usage information for the filesystem holding the current
+ directory (or path if specified). If the -h flag is specified,
+ the capacity information will be displayed using "human-readable"
+ suffixes. The -i flag requests display of inode information in
+ addition to capacity information. This command is only supported
+ on servers that implement the ``statvfs@openssh.com'' extension.
+
+ exit Quit sftp.
+
+ get [-aPpr] remote-path [local-path]
+ Retrieve the remote-path and store it on the local machine. If
+ the local path name is not specified, it is given the same name
+ it has on the remote machine. remote-path may contain glob(3)
+ characters and may match multiple files. If it does and
+ local-path is specified, then local-path must specify a
+ directory.
+
+ If the -a flag is specified, then attempt to resume partial
+ transfers of existing files. Note that resumption assumes that
+ any partial copy of the local file matches the remote copy. If
+ the remote file differs from the partial local copy then the
+ resultant file is likely to be corrupt.
+
+ If either the -P or -p flag is specified, then full file
+ permissions and access times are copied too.
+
+ If the -r flag is specified then directories will be copied
+ recursively. Note that sftp does not follow symbolic links when
+ performing recursive transfers.
+
+ help Display help text.
+
+ lcd path
+ Change local directory to path.
+
+ lls [ls-options [path]]
+ Display local directory listing of either path or current
+ directory if path is not specified. ls-options may contain any
+ flags supported by the local system's ls(1) command. path may
+ contain glob(3) characters and may match multiple files.
+
+ lmkdir path
+ Create local directory specified by path.
+
+ ln [-s] oldpath newpath
+ Create a link from oldpath to newpath. If the -s flag is
+ specified the created link is a symbolic link, otherwise it is a
+ hard link.
+
+ lpwd Print local working directory.
+
+ ls [-1afhlnrSt] [path]
+ Display a remote directory listing of either path or the current
+ directory if path is not specified. path may contain glob(3)
+ characters and may match multiple files.
+
+ The following flags are recognized and alter the behaviour of ls
+ accordingly:
+
+ -1 Produce single columnar output.
+
+ -a List files beginning with a dot (`.').
+
+ -f Do not sort the listing. The default sort order is
+ lexicographical.
+
+ -h When used with a long format option, use unit suffixes:
+ Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
+ and Exabyte in order to reduce the number of digits to
+ four or fewer using powers of 2 for sizes (K=1024,
+ M=1048576, etc.).
+
+ -l Display additional details including permissions and
+ ownership information.
+
+ -n Produce a long listing with user and group information
+ presented numerically.
+
+ -r Reverse the sort order of the listing.
+
+ -S Sort the listing by file size.
+
+ -t Sort the listing by last modification time.
+
+ lumask umask
+ Set local umask to umask.
+
+ mkdir path
+ Create remote directory specified by path.
+
+ progress
+ Toggle display of progress meter.
+
+ put [-Ppr] local-path [remote-path]
+ Upload local-path and store it on the remote machine. If the
+ remote path name is not specified, it is given the same name it
+ has on the local machine. local-path may contain glob(3)
+ characters and may match multiple files. If it does and
+ remote-path is specified, then remote-path must specify a
+ directory.
+
+ If either the -P or -p flag is specified, then full file
+ permissions and access times are copied too.
+
+ If the -r flag is specified then directories will be copied
+ recursively. Note that sftp does not follow symbolic links when
+ performing recursive transfers.
+
+ pwd Display remote working directory.
+
+ quit Quit sftp.
+
+ reget [-Ppr] remote-path [local-path]
+ Resume download of remote-path. Equivalent to get with the -a
+ flag set.
+
+ rename oldpath newpath
+ Rename remote file from oldpath to newpath.
+
+ rm path
+ Delete remote file specified by path.
+
+ rmdir path
+ Remove remote directory specified by path.
+
+ symlink oldpath newpath
+ Create a symbolic link from oldpath to newpath.
+
+ version
+ Display the sftp protocol version.
+
+ !command
+ Execute command in local shell.
+
+ ! Escape to local shell.
+
+ ? Synonym for help.
+
+SEE ALSO
+ ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3),
+ ssh_config(5), sftp-server(8), sshd(8)
+
+ T. Ylonen and S. Lehtinen, SSH File Transfer Protocol,
+ draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress
+ material.
+
+OpenBSD 5.4 July 25, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/ssh-add.0 b/crypto/openssh/ssh-add.0
new file mode 100644
index 0000000..bcd1e73
--- /dev/null
+++ b/crypto/openssh/ssh-add.0
@@ -0,0 +1,119 @@
+SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1)
+
+NAME
+ ssh-add - adds private key identities to the authentication agent
+
+SYNOPSIS
+ ssh-add [-cDdkLlXx] [-t life] [file ...]
+ ssh-add -s pkcs11
+ ssh-add -e pkcs11
+
+DESCRIPTION
+ ssh-add adds private key identities to the authentication agent,
+ ssh-agent(1). When run without arguments, it adds the files
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. After
+ loading a private key, ssh-add will try to load corresponding certificate
+ information from the filename obtained by appending -cert.pub to the name
+ of the private key file. Alternative file names can be given on the
+ command line.
+
+ If any file requires a passphrase, ssh-add asks for the passphrase from
+ the user. The passphrase is read from the user's tty. ssh-add retries
+ the last passphrase if multiple identity files are given.
+
+ The authentication agent must be running and the SSH_AUTH_SOCK
+ environment variable must contain the name of its socket for ssh-add to
+ work.
+
+ The options are as follows:
+
+ -c Indicates that added identities should be subject to confirmation
+ before being used for authentication. Confirmation is performed
+ by the SSH_ASKPASS program mentioned below. Successful
+ confirmation is signaled by a zero exit status from the
+ SSH_ASKPASS program, rather than text entered into the requester.
+
+ -D Deletes all identities from the agent.
+
+ -d Instead of adding identities, removes identities from the agent.
+ If ssh-add has been run without arguments, the keys for the
+ default identities and their corresponding certificates will be
+ removed. Otherwise, the argument list will be interpreted as a
+ list of paths to public key files to specify keys and
+ certificates to be removed from the agent. If no public key is
+ found at a given path, ssh-add will append .pub and retry.
+
+ -e pkcs11
+ Remove keys provided by the PKCS#11 shared library pkcs11.
+
+ -k When loading keys into or deleting keys from the agent, process
+ plain private keys only and skip certificates.
+
+ -L Lists public key parameters of all identities currently
+ represented by the agent.
+
+ -l Lists fingerprints of all identities currently represented by the
+ agent.
+
+ -s pkcs11
+ Add keys provided by the PKCS#11 shared library pkcs11.
+
+ -t life
+ Set a maximum lifetime when adding identities to an agent. The
+ lifetime may be specified in seconds or in a time format
+ specified in sshd_config(5).
+
+ -X Unlock the agent.
+
+ -x Lock the agent with a password.
+
+ENVIRONMENT
+ DISPLAY and SSH_ASKPASS
+ If ssh-add needs a passphrase, it will read the passphrase from
+ the current terminal if it was run from a terminal. If ssh-add
+ does not have a terminal associated with it but DISPLAY and
+ SSH_ASKPASS are set, it will execute the program specified by
+ SSH_ASKPASS and open an X11 window to read the passphrase. This
+ is particularly useful when calling ssh-add from a .xsession or
+ related script. (Note that on some machines it may be necessary
+ to redirect the input from /dev/null to make this work.)
+
+ SSH_AUTH_SOCK
+ Identifies the path of a UNIX-domain socket used to communicate
+ with the agent.
+
+FILES
+ ~/.ssh/identity
+ Contains the protocol version 1 RSA authentication identity of
+ the user.
+
+ ~/.ssh/id_dsa
+ Contains the protocol version 2 DSA authentication identity of
+ the user.
+
+ ~/.ssh/id_ecdsa
+ Contains the protocol version 2 ECDSA authentication identity of
+ the user.
+
+ ~/.ssh/id_rsa
+ Contains the protocol version 2 RSA authentication identity of
+ the user.
+
+ Identity files should not be readable by anyone but the user. Note that
+ ssh-add ignores identity files if they are accessible by others.
+
+EXIT STATUS
+ Exit status is 0 on success, 1 if the specified command fails, and 2 if
+ ssh-add is unable to contact the authentication agent.
+
+SEE ALSO
+ ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 December 3, 2012 OpenBSD 5.4
diff --git a/crypto/openssh/ssh-agent.0 b/crypto/openssh/ssh-agent.0
new file mode 100644
index 0000000..e5f0f73
--- /dev/null
+++ b/crypto/openssh/ssh-agent.0
@@ -0,0 +1,123 @@
+SSH-AGENT(1) OpenBSD Reference Manual SSH-AGENT(1)
+
+NAME
+ ssh-agent - authentication agent
+
+SYNOPSIS
+ ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg ...]]
+ ssh-agent [-c | -s] -k
+
+DESCRIPTION
+ ssh-agent is a program to hold private keys used for public key
+ authentication (RSA, DSA, ECDSA). The idea is that ssh-agent is started
+ in the beginning of an X-session or a login session, and all other
+ windows or programs are started as clients to the ssh-agent program.
+ Through use of environment variables the agent can be located and
+ automatically used for authentication when logging in to other machines
+ using ssh(1).
+
+ The options are as follows:
+
+ -a bind_address
+ Bind the agent to the UNIX-domain socket bind_address. The
+ default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.
+
+ -c Generate C-shell commands on stdout. This is the default if
+ SHELL looks like it's a csh style of shell.
+
+ -d Debug mode. When this option is specified ssh-agent will not
+ fork.
+
+ -k Kill the current agent (given by the SSH_AGENT_PID environment
+ variable).
+
+ -s Generate Bourne shell commands on stdout. This is the default if
+ SHELL does not look like it's a csh style of shell.
+
+ -t life
+ Set a default value for the maximum lifetime of identities added
+ to the agent. The lifetime may be specified in seconds or in a
+ time format specified in sshd_config(5). A lifetime specified
+ for an identity with ssh-add(1) overrides this value. Without
+ this option the default maximum lifetime is forever.
+
+ If a commandline is given, this is executed as a subprocess of the agent.
+ When the command dies, so does the agent.
+
+ The agent initially does not have any private keys. Keys are added using
+ ssh-add(1). When executed without arguments, ssh-add(1) adds the files
+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity. If
+ the identity has a passphrase, ssh-add(1) asks for the passphrase on the
+ terminal if it has one or from a small X11 program if running under X11.
+ If neither of these is the case then the authentication will fail. It
+ then sends the identity to the agent. Several identities can be stored
+ in the agent; the agent can automatically use any of these identities.
+ ssh-add -l displays the identities currently held by the agent.
+
+ The idea is that the agent is run in the user's local PC, laptop, or
+ terminal. Authentication data need not be stored on any other machine,
+ and authentication passphrases never go over the network. However, the
+ connection to the agent is forwarded over SSH remote logins, and the user
+ can thus use the privileges given by the identities anywhere in the
+ network in a secure way.
+
+ There are two main ways to get an agent set up: The first is that the
+ agent starts a new subcommand into which some environment variables are
+ exported, eg ssh-agent xterm &. The second is that the agent prints the
+ needed shell commands (either sh(1) or csh(1) syntax can be generated)
+ which can be evaluated in the calling shell, eg eval `ssh-agent -s` for
+ Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent -c` for
+ csh(1) and derivatives.
+
+ Later ssh(1) looks at these variables and uses them to establish a
+ connection to the agent.
+
+ The agent will never send a private key over its request channel.
+ Instead, operations that require a private key will be performed by the
+ agent, and the result will be returned to the requester. This way,
+ private keys are not exposed to clients using the agent.
+
+ A UNIX-domain socket is created and the name of this socket is stored in
+ the SSH_AUTH_SOCK environment variable. The socket is made accessible
+ only to the current user. This method is easily abused by root or
+ another instance of the same user.
+
+ The SSH_AGENT_PID environment variable holds the agent's process ID.
+
+ The agent exits automatically when the command given on the command line
+ terminates.
+
+FILES
+ ~/.ssh/identity
+ Contains the protocol version 1 RSA authentication identity of
+ the user.
+
+ ~/.ssh/id_dsa
+ Contains the protocol version 2 DSA authentication identity of
+ the user.
+
+ ~/.ssh/id_ecdsa
+ Contains the protocol version 2 ECDSA authentication identity of
+ the user.
+
+ ~/.ssh/id_rsa
+ Contains the protocol version 2 RSA authentication identity of
+ the user.
+
+ $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
+ UNIX-domain sockets used to contain the connection to the
+ authentication agent. These sockets should only be readable by
+ the owner. The sockets should get automatically removed when the
+ agent exits.
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 November 21, 2010 OpenBSD 5.4
diff --git a/crypto/openssh/ssh-keygen.0 b/crypto/openssh/ssh-keygen.0
new file mode 100644
index 0000000..2b0e9a6
--- /dev/null
+++ b/crypto/openssh/ssh-keygen.0
@@ -0,0 +1,546 @@
+SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1)
+
+NAME
+ ssh-keygen - authentication key generation, management and conversion
+
+SYNOPSIS
+ ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
+ [-f output_keyfile]
+ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
+ ssh-keygen -i [-m key_format] [-f input_keyfile]
+ ssh-keygen -e [-m key_format] [-f input_keyfile]
+ ssh-keygen -y [-f input_keyfile]
+ ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
+ ssh-keygen -l [-f input_keyfile]
+ ssh-keygen -B [-f input_keyfile]
+ ssh-keygen -D pkcs11
+ ssh-keygen -F hostname [-f known_hosts_file] [-l]
+ ssh-keygen -H [-f known_hosts_file]
+ ssh-keygen -R hostname [-f known_hosts_file]
+ ssh-keygen -r hostname [-f input_keyfile] [-g]
+ ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
+ ssh-keygen -T output_file -f input_file [-v] [-a num_trials]
+ [-J num_lines] [-j start_line] [-K checkpt] [-W generator]
+ ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
+ [-O option] [-V validity_interval] [-z serial_number] file ...
+ ssh-keygen -L [-f input_keyfile]
+ ssh-keygen -A
+ ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
+ file ...
+ ssh-keygen -Q -f krl_file file ...
+
+DESCRIPTION
+ ssh-keygen generates, manages and converts authentication keys for
+ ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
+ and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type
+ of key to be generated is specified with the -t option. If invoked
+ without any arguments, ssh-keygen will generate an RSA key for use in SSH
+ protocol 2 connections.
+
+ ssh-keygen is also used to generate groups for use in Diffie-Hellman
+ group exchange (DH-GEX). See the MODULI GENERATION section for details.
+
+ Finally, ssh-keygen can be used to generate and update Key Revocation
+ Lists, and to test whether given keys have been revoked by one. See the
+ KEY REVOCATION LISTS section for details.
+
+ Normally each user wishing to use SSH with public key authentication runs
+ this once to create the authentication key in ~/.ssh/identity,
+ ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the
+ system administrator may use this to generate host keys, as seen in
+ /etc/rc.
+
+ Normally this program generates the key and asks for a file in which to
+ store the private key. The public key is stored in a file with the same
+ name but ``.pub'' appended. The program also asks for a passphrase. The
+ passphrase may be empty to indicate no passphrase (host keys must have an
+ empty passphrase), or it may be a string of arbitrary length. A
+ passphrase is similar to a password, except it can be a phrase with a
+ series of words, punctuation, numbers, whitespace, or any string of
+ characters you want. Good passphrases are 10-30 characters long, are not
+ simple sentences or otherwise easily guessable (English prose has only
+ 1-2 bits of entropy per character, and provides very bad passphrases),
+ and contain a mix of upper and lowercase letters, numbers, and non-
+ alphanumeric characters. The passphrase can be changed later by using
+ the -p option.
+
+ There is no way to recover a lost passphrase. If the passphrase is lost
+ or forgotten, a new key must be generated and the corresponding public
+ key copied to other machines.
+
+ For RSA1 keys, there is also a comment field in the key file that is only
+ for convenience to the user to help identify the key. The comment can
+ tell what the key is for, or whatever is useful. The comment is
+ initialized to ``user@host'' when the key is created, but can be changed
+ using the -c option.
+
+ After a key is generated, instructions below detail where the keys should
+ be placed to be activated.
+
+ The options are as follows:
+
+ -A For each of the key types (rsa1, rsa, dsa and ecdsa) for which
+ host keys do not exist, generate the host keys with the default
+ key file path, an empty passphrase, default bits for the key
+ type, and default comment. This is used by /etc/rc to generate
+ new host keys.
+
+ -a trials
+ Specifies the number of primality tests to perform when screening
+ DH-GEX candidates using the -T command.
+
+ -B Show the bubblebabble digest of specified private or public key
+ file.
+
+ -b bits
+ Specifies the number of bits in the key to create. For RSA keys,
+ the minimum size is 768 bits and the default is 2048 bits.
+ Generally, 2048 bits is considered sufficient. DSA keys must be
+ exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
+ the -b flag determines the key length by selecting from one of
+ three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
+ use bit lengths other than these three values for ECDSA keys will
+ fail.
+
+ -C comment
+ Provides a new comment.
+
+ -c Requests changing the comment in the private and public key
+ files. This operation is only supported for RSA1 keys. The
+ program will prompt for the file containing the private keys, for
+ the passphrase if the key has one, and for the new comment.
+
+ -D pkcs11
+ Download the RSA public keys provided by the PKCS#11 shared
+ library pkcs11. When used in combination with -s, this option
+ indicates that a CA key resides in a PKCS#11 token (see the
+ CERTIFICATES section for details).
+
+ -e This option will read a private or public OpenSSH key file and
+ print to stdout the key in one of the formats specified by the -m
+ option. The default export format is ``RFC4716''. This option
+ allows exporting OpenSSH keys for use by other programs,
+ including several commercial SSH implementations.
+
+ -F hostname
+ Search for the specified hostname in a known_hosts file, listing
+ any occurrences found. This option is useful to find hashed host
+ names or addresses and may also be used in conjunction with the
+ -H option to print found keys in a hashed format.
+
+ -f filename
+ Specifies the filename of the key file.
+
+ -G output_file
+ Generate candidate primes for DH-GEX. These primes must be
+ screened for safety (using the -T option) before use.
+
+ -g Use generic DNS format when printing fingerprint resource records
+ using the -r command.
+
+ -H Hash a known_hosts file. This replaces all hostnames and
+ addresses with hashed representations within the specified file;
+ the original content is moved to a file with a .old suffix.
+ These hashes may be used normally by ssh and sshd, but they do
+ not reveal identifying information should the file's contents be
+ disclosed. This option will not modify existing hashed hostnames
+ and is therefore safe to use on files that mix hashed and non-
+ hashed names.
+
+ -h When signing a key, create a host certificate instead of a user
+ certificate. Please see the CERTIFICATES section for details.
+
+ -I certificate_identity
+ Specify the key identity when signing a public key. Please see
+ the CERTIFICATES section for details.
+
+ -i This option will read an unencrypted private (or public) key file
+ in the format specified by the -m option and print an OpenSSH
+ compatible private (or public) key to stdout.
+
+ -J num_lines
+ Exit after screening the specified number of lines while
+ performing DH candidate screening using the -T option.
+
+ -j start_line
+ Start screening at the specified line number while performing DH
+ candidate screening using the -T option.
+
+ -K checkpt
+ Write the last line processed to the file checkpt while
+ performing DH candidate screening using the -T option. This will
+ be used to skip lines in the input file that have already been
+ processed if the job is restarted. This option allows importing
+ keys from other software, including several commercial SSH
+ implementations. The default import format is ``RFC4716''.
+
+ -k Generate a KRL file. In this mode, ssh-keygen will generate a
+ KRL file at the location specified via the -f flag that revokes
+ every key or certificate presented on the command line.
+ Keys/certificates to be revoked may be specified by public key
+ file or using the format described in the KEY REVOCATION LISTS
+ section.
+
+ -L Prints the contents of a certificate.
+
+ -l Show fingerprint of specified public key file. Private RSA1 keys
+ are also supported. For RSA and DSA keys ssh-keygen tries to
+ find the matching public key file and prints its fingerprint. If
+ combined with -v, an ASCII art representation of the key is
+ supplied with the fingerprint.
+
+ -M memory
+ Specify the amount of memory to use (in megabytes) when
+ generating candidate moduli for DH-GEX.
+
+ -m key_format
+ Specify a key format for the -i (import) or -e (export)
+ conversion options. The supported key formats are: ``RFC4716''
+ (RFC 4716/SSH2 public or private key), ``PKCS8'' (PEM PKCS8
+ public key) or ``PEM'' (PEM public key). The default conversion
+ format is ``RFC4716''.
+
+ -N new_passphrase
+ Provides the new passphrase.
+
+ -n principals
+ Specify one or more principals (user or host names) to be
+ included in a certificate when signing a key. Multiple
+ principals may be specified, separated by commas. Please see the
+ CERTIFICATES section for details.
+
+ -O option
+ Specify a certificate option when signing a key. This option may
+ be specified multiple times. Please see the CERTIFICATES section
+ for details. The options that are valid for user certificates
+ are:
+
+ clear Clear all enabled permissions. This is useful for
+ clearing the default set of permissions so permissions
+ may be added individually.
+
+ force-command=command
+ Forces the execution of command instead of any shell or
+ command specified by the user when the certificate is
+ used for authentication.
+
+ no-agent-forwarding
+ Disable ssh-agent(1) forwarding (permitted by default).
+
+ no-port-forwarding
+ Disable port forwarding (permitted by default).
+
+ no-pty Disable PTY allocation (permitted by default).
+
+ no-user-rc
+ Disable execution of ~/.ssh/rc by sshd(8) (permitted by
+ default).
+
+ no-x11-forwarding
+ Disable X11 forwarding (permitted by default).
+
+ permit-agent-forwarding
+ Allows ssh-agent(1) forwarding.
+
+ permit-port-forwarding
+ Allows port forwarding.
+
+ permit-pty
+ Allows PTY allocation.
+
+ permit-user-rc
+ Allows execution of ~/.ssh/rc by sshd(8).
+
+ permit-x11-forwarding
+ Allows X11 forwarding.
+
+ source-address=address_list
+ Restrict the source addresses from which the certificate
+ is considered valid. The address_list is a comma-
+ separated list of one or more address/netmask pairs in
+ CIDR format.
+
+ At present, no options are valid for host keys.
+
+ -P passphrase
+ Provides the (old) passphrase.
+
+ -p Requests changing the passphrase of a private key file instead of
+ creating a new private key. The program will prompt for the file
+ containing the private key, for the old passphrase, and twice for
+ the new passphrase.
+
+ -Q Test whether keys have been revoked in a KRL.
+
+ -q Silence ssh-keygen.
+
+ -R hostname
+ Removes all keys belonging to hostname from a known_hosts file.
+ This option is useful to delete hashed hosts (see the -H option
+ above).
+
+ -r hostname
+ Print the SSHFP fingerprint resource record named hostname for
+ the specified public key file.
+
+ -S start
+ Specify start point (in hex) when generating candidate moduli for
+ DH-GEX.
+
+ -s ca_key
+ Certify (sign) a public key using the specified CA key. Please
+ see the CERTIFICATES section for details.
+
+ When generating a KRL, -s specifies a path to a CA public key
+ file used to revoke certificates directly by key ID or serial
+ number. See the KEY REVOCATION LISTS section for details.
+
+ -T output_file
+ Test DH group exchange candidate primes (generated using the -G
+ option) for safety.
+
+ -t type
+ Specifies the type of key to create. The possible values are
+ ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa''
+ for protocol version 2.
+
+ -u Update a KRL. When specified with -k, keys listed via the
+ command line are added to the existing KRL rather than a new KRL
+ being created.
+
+ -V validity_interval
+ Specify a validity interval when signing a certificate. A
+ validity interval may consist of a single time, indicating that
+ the certificate is valid beginning now and expiring at that time,
+ or may consist of two times separated by a colon to indicate an
+ explicit time interval. The start time may be specified as a
+ date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a
+ relative time (to the current time) consisting of a minus sign
+ followed by a relative time in the format described in the TIME
+ FORMATS section of sshd_config(5). The end time may be specified
+ as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
+ starting with a plus character.
+
+ For example: ``+52w1d'' (valid from now to 52 weeks and one day
+ from now), ``-4w:+4w'' (valid from four weeks ago to four weeks
+ from now), ``20100101123000:20110101123000'' (valid from 12:30
+ PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
+ ``-1d:20110101'' (valid from yesterday to midnight, January 1st,
+ 2011).
+
+ -v Verbose mode. Causes ssh-keygen to print debugging messages
+ about its progress. This is helpful for debugging moduli
+ generation. Multiple -v options increase the verbosity. The
+ maximum is 3.
+
+ -W generator
+ Specify desired generator when testing candidate moduli for DH-
+ GEX.
+
+ -y This option will read a private OpenSSH format file and print an
+ OpenSSH public key to stdout.
+
+ -z serial_number
+ Specifies a serial number to be embedded in the certificate to
+ distinguish this certificate from others from the same CA. The
+ default serial number is zero.
+
+ When generating a KRL, the -z flag is used to specify a KRL
+ version number.
+
+MODULI GENERATION
+ ssh-keygen may be used to generate groups for the Diffie-Hellman Group
+ Exchange (DH-GEX) protocol. Generating these groups is a two-step
+ process: first, candidate primes are generated using a fast, but memory
+ intensive process. These candidate primes are then tested for
+ suitability (a CPU-intensive process).
+
+ Generation of primes is performed using the -G option. The desired
+ length of the primes may be specified by the -b option. For example:
+
+ # ssh-keygen -G moduli-2048.candidates -b 2048
+
+ By default, the search for primes begins at a random point in the desired
+ length range. This may be overridden using the -S option, which
+ specifies a different start point (in hex).
+
+ Once a set of candidates have been generated, they must be screened for
+ suitability. This may be performed using the -T option. In this mode
+ ssh-keygen will read candidates from standard input (or a file specified
+ using the -f option). For example:
+
+ # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
+
+ By default, each candidate will be subjected to 100 primality tests.
+ This may be overridden using the -a option. The DH generator value will
+ be chosen automatically for the prime under consideration. If a specific
+ generator is desired, it may be requested using the -W option. Valid
+ generator values are 2, 3, and 5.
+
+ Screened DH groups may be installed in /etc/moduli. It is important that
+ this file contains moduli of a range of bit lengths and that both ends of
+ a connection share common moduli.
+
+CERTIFICATES
+ ssh-keygen supports signing of keys to produce certificates that may be
+ used for user or host authentication. Certificates consist of a public
+ key, some identity information, zero or more principal (user or host)
+ names and a set of options that are signed by a Certification Authority
+ (CA) key. Clients or servers may then trust only the CA key and verify
+ its signature on a certificate rather than trusting many user/host keys.
+ Note that OpenSSH certificates are a different, and much simpler, format
+ to the X.509 certificates used in ssl(8).
+
+ ssh-keygen supports two types of certificates: user and host. User
+ certificates authenticate users to servers, whereas host certificates
+ authenticate server hosts to users. To generate a user certificate:
+
+ $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
+
+ The resultant certificate will be placed in /path/to/user_key-cert.pub.
+ A host certificate requires the -h option:
+
+ $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
+
+ The host certificate will be output to /path/to/host_key-cert.pub.
+
+ It is possible to sign using a CA key stored in a PKCS#11 token by
+ providing the token library using -D and identifying the CA key by
+ providing its public half as an argument to -s:
+
+ $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+
+ In all cases, key_id is a "key identifier" that is logged by the server
+ when the certificate is used for authentication.
+
+ Certificates may be limited to be valid for a set of principal
+ (user/host) names. By default, generated certificates are valid for all
+ users or hosts. To generate a certificate for a specified set of
+ principals:
+
+ $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
+ $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+
+ Additional limitations on the validity and use of user certificates may
+ be specified through certificate options. A certificate option may
+ disable features of the SSH session, may be valid only when presented
+ from particular source addresses or may force the use of a specific
+ command. For a list of valid certificate options, see the documentation
+ for the -O option above.
+
+ Finally, certificates may be defined with a validity lifetime. The -V
+ option allows specification of certificate start and end times. A
+ certificate that is presented at a time outside this range will not be
+ considered valid. By default, certificates are valid from UNIX Epoch to
+ the distant future.
+
+ For certificates to be used for user or host authentication, the CA
+ public key must be trusted by sshd(8) or ssh(1). Please refer to those
+ manual pages for details.
+
+KEY REVOCATION LISTS
+ ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
+ These binary files specify keys or certificates to be revoked using a
+ compact format, taking as little a one bit per certificate if they are
+ being revoked by serial number.
+
+ KRLs may be generated using the -k flag. This option reads one or more
+ files from the command line and generates a new KRL. The files may
+ either contain a KRL specification (see below) or public keys, listed one
+ per line. Plain public keys are revoked by listing their hash or
+ contents in the KRL and certificates revoked by serial number or key ID
+ (if the serial is zero or not available).
+
+ Revoking keys using a KRL specification offers explicit control over the
+ types of record used to revoke keys and may be used to directly revoke
+ certificates by serial number or key ID without having the complete
+ original certificate on hand. A KRL specification consists of lines
+ containing one of the following directives followed by a colon and some
+ directive-specific information.
+
+ serial: serial_number[-serial_number]
+ Revokes a certificate with the specified serial number. Serial
+ numbers are 64-bit values, not including zero and may be
+ expressed in decimal, hex or octal. If two serial numbers are
+ specified separated by a hyphen, then the range of serial numbers
+ including and between each is revoked. The CA key must have been
+ specified on the ssh-keygen command line using the -s option.
+
+ id: key_id
+ Revokes a certificate with the specified key ID string. The CA
+ key must have been specified on the ssh-keygen command line using
+ the -s option.
+
+ key: public_key
+ Revokes the specified key. If a certificate is listed, then it
+ is revoked as a plain public key.
+
+ sha1: public_key
+ Revokes the specified key by its SHA1 hash.
+
+ KRLs may be updated using the -u flag in addition to -k. When this
+ option is specified, keys listed via the command line are merged into the
+ KRL, adding to those already there.
+
+ It is also possible, given a KRL, to test whether it revokes a particular
+ key (or keys). The -Q flag will query an existing KRL, testing each key
+ specified on the commandline. If any key listed on the command line has
+ been revoked (or an error encountered) then ssh-keygen will exit with a
+ non-zero exit status. A zero exit status will only be returned if no key
+ was revoked.
+
+FILES
+ ~/.ssh/identity
+ Contains the protocol version 1 RSA authentication identity of
+ the user. This file should not be readable by anyone but the
+ user. It is possible to specify a passphrase when generating the
+ key; that passphrase will be used to encrypt the private part of
+ this file using 3DES. This file is not automatically accessed by
+ ssh-keygen but it is offered as the default file for the private
+ key. ssh(1) will read this file when a login attempt is made.
+
+ ~/.ssh/identity.pub
+ Contains the protocol version 1 RSA public key for
+ authentication. The contents of this file should be added to
+ ~/.ssh/authorized_keys on all machines where the user wishes to
+ log in using RSA authentication. There is no need to keep the
+ contents of this file secret.
+
+ ~/.ssh/id_dsa
+ ~/.ssh/id_ecdsa
+ ~/.ssh/id_rsa
+ Contains the protocol version 2 DSA, ECDSA or RSA authentication
+ identity of the user. This file should not be readable by anyone
+ but the user. It is possible to specify a passphrase when
+ generating the key; that passphrase will be used to encrypt the
+ private part of this file using 128-bit AES. This file is not
+ automatically accessed by ssh-keygen but it is offered as the
+ default file for the private key. ssh(1) will read this file
+ when a login attempt is made.
+
+ ~/.ssh/id_dsa.pub
+ ~/.ssh/id_ecdsa.pub
+ ~/.ssh/id_rsa.pub
+ Contains the protocol version 2 DSA, ECDSA or RSA public key for
+ authentication. The contents of this file should be added to
+ ~/.ssh/authorized_keys on all machines where the user wishes to
+ log in using public key authentication. There is no need to keep
+ the contents of this file secret.
+
+ /etc/moduli
+ Contains Diffie-Hellman groups used for DH-GEX. The file format
+ is described in moduli(5).
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
+
+ The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/ssh-keyscan.0 b/crypto/openssh/ssh-keyscan.0
new file mode 100644
index 0000000..3ea99c3
--- /dev/null
+++ b/crypto/openssh/ssh-keyscan.0
@@ -0,0 +1,109 @@
+SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1)
+
+NAME
+ ssh-keyscan - gather ssh public keys
+
+SYNOPSIS
+ ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type]
+ [host | addrlist namelist] ...
+
+DESCRIPTION
+ ssh-keyscan is a utility for gathering the public ssh host keys of a
+ number of hosts. It was designed to aid in building and verifying
+ ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable
+ for use by shell and perl scripts.
+
+ ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
+ possible in parallel, so it is very efficient. The keys from a domain of
+ 1,000 hosts can be collected in tens of seconds, even when some of those
+ hosts are down or do not run ssh. For scanning, one does not need login
+ access to the machines that are being scanned, nor does the scanning
+ process involve any encryption.
+
+ The options are as follows:
+
+ -4 Forces ssh-keyscan to use IPv4 addresses only.
+
+ -6 Forces ssh-keyscan to use IPv6 addresses only.
+
+ -f file
+ Read hosts or addrlist namelist pairs from this file, one per
+ line. If - is supplied instead of a filename, ssh-keyscan will
+ read hosts or addrlist namelist pairs from the standard input.
+
+ -H Hash all hostnames and addresses in the output. Hashed names may
+ be used normally by ssh and sshd, but they do not reveal
+ identifying information should the file's contents be disclosed.
+
+ -p port
+ Port to connect to on the remote host.
+
+ -T timeout
+ Set the timeout for connection attempts. If timeout seconds have
+ elapsed since a connection was initiated to a host or since the
+ last time anything was read from that host, then the connection
+ is closed and the host in question considered unavailable.
+ Default is 5 seconds.
+
+ -t type
+ Specifies the type of the key to fetch from the scanned hosts.
+ The possible values are ``rsa1'' for protocol version 1 and
+ ``dsa'', ``ecdsa'' or ``rsa'' for protocol version 2. Multiple
+ values may be specified by separating them with commas. The
+ default is to fetch ``rsa'' and ``ecdsa'' keys.
+
+ -v Verbose mode. Causes ssh-keyscan to print debugging messages
+ about its progress.
+
+SECURITY
+ If an ssh_known_hosts file is constructed using ssh-keyscan without
+ verifying the keys, users will be vulnerable to man in the middle
+ attacks. On the other hand, if the security model allows such a risk,
+ ssh-keyscan can help in the detection of tampered keyfiles or man in the
+ middle attacks which have begun after the ssh_known_hosts file was
+ created.
+
+FILES
+ Input format:
+
+ 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
+
+ Output format for rsa1 keys:
+
+ host-or-namelist bits exponent modulus
+
+ Output format for rsa, dsa and ecdsa keys:
+
+ host-or-namelist keytype base64-encoded-key
+
+ Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
+ ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.
+
+ /etc/ssh/ssh_known_hosts
+
+EXAMPLES
+ Print the rsa host key for machine hostname:
+
+ $ ssh-keyscan hostname
+
+ Find all hosts from the file ssh_hosts which have new or different keys
+ from those in the sorted file ssh_known_hosts:
+
+ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \
+ sort -u - ssh_known_hosts | diff ssh_known_hosts -
+
+SEE ALSO
+ ssh(1), sshd(8)
+
+AUTHORS
+ David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
+ Davison <wayned@users.sourceforge.net> added support for protocol version
+ 2.
+
+BUGS
+ It generates "Connection closed by remote host" messages on the consoles
+ of all the machines it scans if the server is older than version 2.9.
+ This is because it opens a connection to the ssh port, reads the public
+ key, and drops the connection as soon as it gets the key.
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/ssh-keysign.0 b/crypto/openssh/ssh-keysign.0
new file mode 100644
index 0000000..808828a
--- /dev/null
+++ b/crypto/openssh/ssh-keysign.0
@@ -0,0 +1,51 @@
+SSH-KEYSIGN(8) OpenBSD System Manager's Manual SSH-KEYSIGN(8)
+
+NAME
+ ssh-keysign - ssh helper program for host-based authentication
+
+SYNOPSIS
+ ssh-keysign
+
+DESCRIPTION
+ ssh-keysign is used by ssh(1) to access the local host keys and generate
+ the digital signature required during host-based authentication with SSH
+ protocol version 2.
+
+ ssh-keysign is disabled by default and can only be enabled in the global
+ client configuration file /etc/ssh/ssh_config by setting EnableSSHKeysign
+ to ``yes''.
+
+ ssh-keysign is not intended to be invoked by the user, but from ssh(1).
+ See ssh(1) and sshd(8) for more information about host-based
+ authentication.
+
+FILES
+ /etc/ssh/ssh_config
+ Controls whether ssh-keysign is enabled.
+
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys used to
+ generate the digital signature. They should be owned by root,
+ readable only by root, and not accessible to others. Since they
+ are readable only by root, ssh-keysign must be set-uid root if
+ host-based authentication is used.
+
+ /etc/ssh/ssh_host_dsa_key-cert.pub
+ /etc/ssh/ssh_host_ecdsa_key-cert.pub
+ /etc/ssh/ssh_host_rsa_key-cert.pub
+ If these files exist they are assumed to contain public
+ certificate information corresponding with the private keys
+ above.
+
+SEE ALSO
+ ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
+
+HISTORY
+ ssh-keysign first appeared in OpenBSD 3.2.
+
+AUTHORS
+ Markus Friedl <markus@openbsd.org>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/ssh-pkcs11-helper.0 b/crypto/openssh/ssh-pkcs11-helper.0
new file mode 100644
index 0000000..d9ea342
--- /dev/null
+++ b/crypto/openssh/ssh-pkcs11-helper.0
@@ -0,0 +1,25 @@
+SSH-PKCS11-HELPER(8) OpenBSD System Manager's Manual SSH-PKCS11-HELPER(8)
+
+NAME
+ ssh-pkcs11-helper - ssh-agent helper program for PKCS#11 support
+
+SYNOPSIS
+ ssh-pkcs11-helper
+
+DESCRIPTION
+ ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a
+ PKCS#11 token.
+
+ ssh-pkcs11-helper is not intended to be invoked by the user, but from
+ ssh-agent(1).
+
+SEE ALSO
+ ssh(1), ssh-add(1), ssh-agent(1)
+
+HISTORY
+ ssh-pkcs11-helper first appeared in OpenBSD 4.7.
+
+AUTHORS
+ Markus Friedl <markus@openbsd.org>
+
+OpenBSD 5.4 July 16, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/ssh.0 b/crypto/openssh/ssh.0
new file mode 100644
index 0000000..adc1ee4
--- /dev/null
+++ b/crypto/openssh/ssh.0
@@ -0,0 +1,935 @@
+SSH(1) OpenBSD Reference Manual SSH(1)
+
+NAME
+ ssh - OpenSSH SSH client (remote login program)
+
+SYNOPSIS
+ ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
+ [-D [bind_address:]port] [-E log_file] [-e escape_char]
+ [-F configfile] [-I pkcs11] [-i identity_file]
+ [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]
+ [-O ctl_cmd] [-o option] [-p port]
+ [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port]
+ [-w local_tun[:remote_tun]] [user@]hostname [command]
+ ssh -Q protocol_feature
+
+DESCRIPTION
+ ssh (SSH client) is a program for logging into a remote machine and for
+ executing commands on a remote machine. It is intended to replace rlogin
+ and rsh, and provide secure encrypted communications between two
+ untrusted hosts over an insecure network. X11 connections and arbitrary
+ TCP ports can also be forwarded over the secure channel.
+
+ ssh connects and logs into the specified hostname (with optional user
+ name). The user must prove his/her identity to the remote machine using
+ one of several methods depending on the protocol version used (see
+ below).
+
+ If command is specified, it is executed on the remote host instead of a
+ login shell.
+
+ The options are as follows:
+
+ -1 Forces ssh to try protocol version 1 only.
+
+ -2 Forces ssh to try protocol version 2 only.
+
+ -4 Forces ssh to use IPv4 addresses only.
+
+ -6 Forces ssh to use IPv6 addresses only.
+
+ -A Enables forwarding of the authentication agent connection. This
+ can also be specified on a per-host basis in a configuration
+ file.
+
+ Agent forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ agent's UNIX-domain socket) can access the local agent through
+ the forwarded connection. An attacker cannot obtain key material
+ from the agent, however they can perform operations on the keys
+ that enable them to authenticate using the identities loaded into
+ the agent.
+
+ -a Disables forwarding of the authentication agent connection.
+
+ -b bind_address
+ Use bind_address on the local machine as the source address of
+ the connection. Only useful on systems with more than one
+ address.
+
+ -C Requests compression of all data (including stdin, stdout,
+ stderr, and data for forwarded X11 and TCP connections). The
+ compression algorithm is the same used by gzip(1), and the
+ ``level'' can be controlled by the CompressionLevel option for
+ protocol version 1. Compression is desirable on modem lines and
+ other slow connections, but will only slow down things on fast
+ networks. The default value can be set on a host-by-host basis
+ in the configuration files; see the Compression option.
+
+ -c cipher_spec
+ Selects the cipher specification for encrypting the session.
+
+ Protocol version 1 allows specification of a single cipher. The
+ supported values are ``3des'', ``blowfish'', and ``des''. 3des
+ (triple-des) is an encrypt-decrypt-encrypt triple with three
+ different keys. It is believed to be secure. blowfish is a fast
+ block cipher; it appears very secure and is much faster than
+ 3des. des is only supported in the ssh client for
+ interoperability with legacy protocol 1 implementations that do
+ not support the 3des cipher. Its use is strongly discouraged due
+ to cryptographic weaknesses. The default is ``3des''.
+
+ For protocol version 2, cipher_spec is a comma-separated list of
+ ciphers listed in order of preference. See the Ciphers keyword
+ in ssh_config(5) for more information.
+
+ -D [bind_address:]port
+ Specifies a local ``dynamic'' application-level port forwarding.
+ This works by allocating a socket to listen to port on the local
+ side, optionally bound to the specified bind_address. Whenever a
+ connection is made to this port, the connection is forwarded over
+ the secure channel, and the application protocol is then used to
+ determine where to connect to from the remote machine. Currently
+ the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
+ as a SOCKS server. Only root can forward privileged ports.
+ Dynamic port forwardings can also be specified in the
+ configuration file.
+
+ IPv6 addresses can be specified by enclosing the address in
+ square brackets. Only the superuser can forward privileged
+ ports. By default, the local port is bound in accordance with
+ the GatewayPorts setting. However, an explicit bind_address may
+ be used to bind the connection to a specific address. The
+ bind_address of ``localhost'' indicates that the listening port
+ be bound for local use only, while an empty address or `*'
+ indicates that the port should be available from all interfaces.
+
+ -E log_file
+ Append debug logs to log_file instead of standard error.
+
+ -e escape_char
+ Sets the escape character for sessions with a pty (default: `~').
+ The escape character is only recognized at the beginning of a
+ line. The escape character followed by a dot (`.') closes the
+ connection; followed by control-Z suspends the connection; and
+ followed by itself sends the escape character once. Setting the
+ character to ``none'' disables any escapes and makes the session
+ fully transparent.
+
+ -F configfile
+ Specifies an alternative per-user configuration file. If a
+ configuration file is given on the command line, the system-wide
+ configuration file (/etc/ssh/ssh_config) will be ignored. The
+ default for the per-user configuration file is ~/.ssh/config.
+
+ -f Requests ssh to go to background just before command execution.
+ This is useful if ssh is going to ask for passwords or
+ passphrases, but the user wants it in the background. This
+ implies -n. The recommended way to start X11 programs at a
+ remote site is with something like ssh -f host xterm.
+
+ If the ExitOnForwardFailure configuration option is set to
+ ``yes'', then a client started with -f will wait for all remote
+ port forwards to be successfully established before placing
+ itself in the background.
+
+ -g Allows remote hosts to connect to local forwarded ports.
+
+ -I pkcs11
+ Specify the PKCS#11 shared library ssh should use to communicate
+ with a PKCS#11 token providing the user's private RSA key.
+
+ -i identity_file
+ Selects a file from which the identity (private key) for public
+ key authentication is read. The default is ~/.ssh/identity for
+ protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
+ ~/.ssh/id_rsa for protocol version 2. Identity files may also be
+ specified on a per-host basis in the configuration file. It is
+ possible to have multiple -i options (and multiple identities
+ specified in configuration files). ssh will also try to load
+ certificate information from the filename obtained by appending
+ -cert.pub to identity filenames.
+
+ -K Enables GSSAPI-based authentication and forwarding (delegation)
+ of GSSAPI credentials to the server.
+
+ -k Disables forwarding (delegation) of GSSAPI credentials to the
+ server.
+
+ -L [bind_address:]port:host:hostport
+ Specifies that the given port on the local (client) host is to be
+ forwarded to the given host and port on the remote side. This
+ works by allocating a socket to listen to port on the local side,
+ optionally bound to the specified bind_address. Whenever a
+ connection is made to this port, the connection is forwarded over
+ the secure channel, and a connection is made to host port
+ hostport from the remote machine. Port forwardings can also be
+ specified in the configuration file. IPv6 addresses can be
+ specified by enclosing the address in square brackets. Only the
+ superuser can forward privileged ports. By default, the local
+ port is bound in accordance with the GatewayPorts setting.
+ However, an explicit bind_address may be used to bind the
+ connection to a specific address. The bind_address of
+ ``localhost'' indicates that the listening port be bound for
+ local use only, while an empty address or `*' indicates that the
+ port should be available from all interfaces.
+
+ -l login_name
+ Specifies the user to log in as on the remote machine. This also
+ may be specified on a per-host basis in the configuration file.
+
+ -M Places the ssh client into ``master'' mode for connection
+ sharing. Multiple -M options places ssh into ``master'' mode
+ with confirmation required before slave connections are accepted.
+ Refer to the description of ControlMaster in ssh_config(5) for
+ details.
+
+ -m mac_spec
+ Additionally, for protocol version 2 a comma-separated list of
+ MAC (message authentication code) algorithms can be specified in
+ order of preference. See the MACs keyword for more information.
+
+ -N Do not execute a remote command. This is useful for just
+ forwarding ports (protocol version 2 only).
+
+ -n Redirects stdin from /dev/null (actually, prevents reading from
+ stdin). This must be used when ssh is run in the background. A
+ common trick is to use this to run X11 programs on a remote
+ machine. For example, ssh -n shadows.cs.hut.fi emacs & will
+ start an emacs on shadows.cs.hut.fi, and the X11 connection will
+ be automatically forwarded over an encrypted channel. The ssh
+ program will be put in the background. (This does not work if
+ ssh needs to ask for a password or passphrase; see also the -f
+ option.)
+
+ -O ctl_cmd
+ Control an active connection multiplexing master process. When
+ the -O option is specified, the ctl_cmd argument is interpreted
+ and passed to the master process. Valid commands are: ``check''
+ (check that the master process is running), ``forward'' (request
+ forwardings without command execution), ``cancel'' (cancel
+ forwardings), ``exit'' (request the master to exit), and ``stop''
+ (request the master to stop accepting further multiplexing
+ requests).
+
+ -o option
+ Can be used to give options in the format used in the
+ configuration file. This is useful for specifying options for
+ which there is no separate command-line flag. For full details
+ of the options listed below, and their possible values, see
+ ssh_config(5).
+
+ AddressFamily
+ BatchMode
+ BindAddress
+ ChallengeResponseAuthentication
+ CheckHostIP
+ Cipher
+ Ciphers
+ ClearAllForwardings
+ Compression
+ CompressionLevel
+ ConnectionAttempts
+ ConnectTimeout
+ ControlMaster
+ ControlPath
+ ControlPersist
+ DynamicForward
+ EscapeChar
+ ExitOnForwardFailure
+ ForwardAgent
+ ForwardX11
+ ForwardX11Timeout
+ ForwardX11Trusted
+ GatewayPorts
+ GlobalKnownHostsFile
+ GSSAPIAuthentication
+ GSSAPIDelegateCredentials
+ HashKnownHosts
+ Host
+ HostbasedAuthentication
+ HostKeyAlgorithms
+ HostKeyAlias
+ HostName
+ IdentityFile
+ IdentitiesOnly
+ IPQoS
+ KbdInteractiveAuthentication
+ KbdInteractiveDevices
+ KexAlgorithms
+ LocalCommand
+ LocalForward
+ LogLevel
+ MACs
+ NoHostAuthenticationForLocalhost
+ NumberOfPasswordPrompts
+ PasswordAuthentication
+ PermitLocalCommand
+ PKCS11Provider
+ Port
+ PreferredAuthentications
+ Protocol
+ ProxyCommand
+ PubkeyAuthentication
+ RekeyLimit
+ RemoteForward
+ RequestTTY
+ RhostsRSAAuthentication
+ RSAAuthentication
+ SendEnv
+ ServerAliveInterval
+ ServerAliveCountMax
+ StrictHostKeyChecking
+ TCPKeepAlive
+ Tunnel
+ TunnelDevice
+ UsePrivilegedPort
+ User
+ UserKnownHostsFile
+ VerifyHostKeyDNS
+ VisualHostKey
+ XAuthLocation
+
+ -p port
+ Port to connect to on the remote host. This can be specified on
+ a per-host basis in the configuration file.
+
+ -Q protocol_feature
+ Queries ssh for the algorithms supported for the specified
+ version 2 protocol_feature. The queriable features are:
+ ``cipher'' (supported symmetric ciphers), ``MAC'' (supported
+ message integrity codes), ``KEX'' (key exchange algorithms),
+ ``key'' (key types). Protocol features are treated case-
+ insensitively.
+
+ -q Quiet mode. Causes most warning and diagnostic messages to be
+ suppressed.
+
+ -R [bind_address:]port:host:hostport
+ Specifies that the given port on the remote (server) host is to
+ be forwarded to the given host and port on the local side. This
+ works by allocating a socket to listen to port on the remote
+ side, and whenever a connection is made to this port, the
+ connection is forwarded over the secure channel, and a connection
+ is made to host port hostport from the local machine.
+
+ Port forwardings can also be specified in the configuration file.
+ Privileged ports can be forwarded only when logging in as root on
+ the remote machine. IPv6 addresses can be specified by enclosing
+ the address in square brackets.
+
+ By default, the listening socket on the server will be bound to
+ the loopback interface only. This may be overridden by
+ specifying a bind_address. An empty bind_address, or the address
+ `*', indicates that the remote socket should listen on all
+ interfaces. Specifying a remote bind_address will only succeed
+ if the server's GatewayPorts option is enabled (see
+ sshd_config(5)).
+
+ If the port argument is `0', the listen port will be dynamically
+ allocated on the server and reported to the client at run time.
+ When used together with -O forward the allocated port will be
+ printed to the standard output.
+
+ -S ctl_path
+ Specifies the location of a control socket for connection
+ sharing, or the string ``none'' to disable connection sharing.
+ Refer to the description of ControlPath and ControlMaster in
+ ssh_config(5) for details.
+
+ -s May be used to request invocation of a subsystem on the remote
+ system. Subsystems are a feature of the SSH2 protocol which
+ facilitate the use of SSH as a secure transport for other
+ applications (eg. sftp(1)). The subsystem is specified as the
+ remote command.
+
+ -T Disable pseudo-tty allocation.
+
+ -t Force pseudo-tty allocation. This can be used to execute
+ arbitrary screen-based programs on a remote machine, which can be
+ very useful, e.g. when implementing menu services. Multiple -t
+ options force tty allocation, even if ssh has no local tty.
+
+ -V Display the version number and exit.
+
+ -v Verbose mode. Causes ssh to print debugging messages about its
+ progress. This is helpful in debugging connection,
+ authentication, and configuration problems. Multiple -v options
+ increase the verbosity. The maximum is 3.
+
+ -W host:port
+ Requests that standard input and output on the client be
+ forwarded to host on port over the secure channel. Implies -N,
+ -T, ExitOnForwardFailure and ClearAllForwardings. Works with
+ Protocol version 2 only.
+
+ -w local_tun[:remote_tun]
+ Requests tunnel device forwarding with the specified tun(4)
+ devices between the client (local_tun) and the server
+ (remote_tun).
+
+ The devices may be specified by numerical ID or the keyword
+ ``any'', which uses the next available tunnel device. If
+ remote_tun is not specified, it defaults to ``any''. See also
+ the Tunnel and TunnelDevice directives in ssh_config(5). If the
+ Tunnel directive is unset, it is set to the default tunnel mode,
+ which is ``point-to-point''.
+
+ -X Enables X11 forwarding. This can also be specified on a per-host
+ basis in a configuration file.
+
+ X11 forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ user's X authorization database) can access the local X11 display
+ through the forwarded connection. An attacker may then be able
+ to perform activities such as keystroke monitoring.
+
+ For this reason, X11 forwarding is subjected to X11 SECURITY
+ extension restrictions by default. Please refer to the ssh -Y
+ option and the ForwardX11Trusted directive in ssh_config(5) for
+ more information.
+
+ -x Disables X11 forwarding.
+
+ -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
+ subjected to the X11 SECURITY extension controls.
+
+ -y Send log information using the syslog(3) system module. By
+ default this information is sent to stderr.
+
+ ssh may additionally obtain configuration data from a per-user
+ configuration file and a system-wide configuration file. The file format
+ and configuration options are described in ssh_config(5).
+
+AUTHENTICATION
+ The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to
+ use protocol 2 only, though this can be changed via the Protocol option
+ in ssh_config(5) or the -1 and -2 options (see above). Both protocols
+ support similar authentication methods, but protocol 2 is the default
+ since it provides additional mechanisms for confidentiality (the traffic
+ is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and
+ integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64,
+ umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for
+ ensuring the integrity of the connection.
+
+ The methods available for authentication are: GSSAPI-based
+ authentication, host-based authentication, public key authentication,
+ challenge-response authentication, and password authentication.
+ Authentication methods are tried in the order specified above, though
+ protocol 2 has a configuration option to change the default order:
+ PreferredAuthentications.
+
+ Host-based authentication works as follows: If the machine the user logs
+ in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
+ machine, and the user names are the same on both sides, or if the files
+ ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
+ machine and contain a line containing the name of the client machine and
+ the name of the user on that machine, the user is considered for login.
+ Additionally, the server must be able to verify the client's host key
+ (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
+ below) for login to be permitted. This authentication method closes
+ security holes due to IP spoofing, DNS spoofing, and routing spoofing.
+ [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
+ rlogin/rsh protocol in general, are inherently insecure and should be
+ disabled if security is desired.]
+
+ Public key authentication works as follows: The scheme is based on
+ public-key cryptography, using cryptosystems where encryption and
+ decryption are done using separate keys, and it is unfeasible to derive
+ the decryption key from the encryption key. The idea is that each user
+ creates a public/private key pair for authentication purposes. The
+ server knows the public key, and only the user knows the private key.
+ ssh implements public key authentication protocol automatically, using
+ one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to
+ using only RSA keys, but protocol 2 may use any. The HISTORY section of
+ ssl(8) contains a brief discussion of the DSA and RSA algorithms.
+
+ The file ~/.ssh/authorized_keys lists the public keys that are permitted
+ for logging in. When the user logs in, the ssh program tells the server
+ which key pair it would like to use for authentication. The client
+ proves that it has access to the private key and the server checks that
+ the corresponding public key is authorized to accept the account.
+
+ The user creates his/her key pair by running ssh-keygen(1). This stores
+ the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
+ 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2
+ RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1),
+ ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2
+ ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+ directory. The user should then copy the public key to
+ ~/.ssh/authorized_keys in his/her home directory on the remote machine.
+ The authorized_keys file corresponds to the conventional ~/.rhosts file,
+ and has one key per line, though the lines can be very long. After this,
+ the user can log in without giving the password.
+
+ A variation on public key authentication is available in the form of
+ certificate authentication: instead of a set of public/private keys,
+ signed certificates are used. This has the advantage that a single
+ trusted certification authority can be used in place of many
+ public/private keys. See the CERTIFICATES section of ssh-keygen(1) for
+ more information.
+
+ The most convenient way to use public key or certificate authentication
+ may be with an authentication agent. See ssh-agent(1) for more
+ information.
+
+ Challenge-response authentication works as follows: The server sends an
+ arbitrary "challenge" text, and prompts for a response. Protocol 2
+ allows multiple challenges and responses; protocol 1 is restricted to
+ just one challenge/response. Examples of challenge-response
+ authentication include BSD Authentication (see login.conf(5)) and PAM
+ (some non-OpenBSD systems).
+
+ Finally, if other authentication methods fail, ssh prompts the user for a
+ password. The password is sent to the remote host for checking; however,
+ since all communications are encrypted, the password cannot be seen by
+ someone listening on the network.
+
+ ssh automatically maintains and checks a database containing
+ identification for all hosts it has ever been used with. Host keys are
+ stored in ~/.ssh/known_hosts in the user's home directory. Additionally,
+ the file /etc/ssh/ssh_known_hosts is automatically checked for known
+ hosts. Any new hosts are automatically added to the user's file. If a
+ host's identification ever changes, ssh warns about this and disables
+ password authentication to prevent server spoofing or man-in-the-middle
+ attacks, which could otherwise be used to circumvent the encryption. The
+ StrictHostKeyChecking option can be used to control logins to machines
+ whose host key is not known or has changed.
+
+ When the user's identity has been accepted by the server, the server
+ either executes the given command, or logs into the machine and gives the
+ user a normal shell on the remote machine. All communication with the
+ remote command or shell will be automatically encrypted.
+
+ If a pseudo-terminal has been allocated (normal login session), the user
+ may use the escape characters noted below.
+
+ If no pseudo-tty has been allocated, the session is transparent and can
+ be used to reliably transfer binary data. On most systems, setting the
+ escape character to ``none'' will also make the session transparent even
+ if a tty is used.
+
+ The session terminates when the command or shell on the remote machine
+ exits and all X11 and TCP connections have been closed.
+
+ESCAPE CHARACTERS
+ When a pseudo-terminal has been requested, ssh supports a number of
+ functions through the use of an escape character.
+
+ A single tilde character can be sent as ~~ or by following the tilde by a
+ character other than those described below. The escape character must
+ always follow a newline to be interpreted as special. The escape
+ character can be changed in configuration files using the EscapeChar
+ configuration directive or on the command line by the -e option.
+
+ The supported escapes (assuming the default `~') are:
+
+ ~. Disconnect.
+
+ ~^Z Background ssh.
+
+ ~# List forwarded connections.
+
+ ~& Background ssh at logout when waiting for forwarded connection /
+ X11 sessions to terminate.
+
+ ~? Display a list of escape characters.
+
+ ~B Send a BREAK to the remote system (only useful for SSH protocol
+ version 2 and if the peer supports it).
+
+ ~C Open command line. Currently this allows the addition of port
+ forwardings using the -L, -R and -D options (see above). It also
+ allows the cancellation of existing port-forwardings with
+ -KL[bind_address:]port for local, -KR[bind_address:]port for
+ remote and -KD[bind_address:]port for dynamic port-forwardings.
+ !command allows the user to execute a local command if the
+ PermitLocalCommand option is enabled in ssh_config(5). Basic
+ help is available, using the -h option.
+
+ ~R Request rekeying of the connection (only useful for SSH protocol
+ version 2 and if the peer supports it).
+
+ ~V Decrease the verbosity (LogLevel) when errors are being written
+ to stderr.
+
+ ~v Increase the verbosity (LogLevel) when errors are being written
+ to stderr.
+
+TCP FORWARDING
+ Forwarding of arbitrary TCP connections over the secure channel can be
+ specified either on the command line or in a configuration file. One
+ possible application of TCP forwarding is a secure connection to a mail
+ server; another is going through firewalls.
+
+ In the example below, we look at encrypting communication between an IRC
+ client and server, even though the IRC server does not directly support
+ encrypted communications. This works as follows: the user connects to
+ the remote host using ssh, specifying a port to be used to forward
+ connections to the remote server. After that it is possible to start the
+ service which is to be encrypted on the client machine, connecting to the
+ same local port, and ssh will encrypt and forward the connection.
+
+ The following example tunnels an IRC session from client machine
+ ``127.0.0.1'' (localhost) to remote server ``server.example.com'':
+
+ $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
+ $ irc -c '#users' -p 1234 pinky 127.0.0.1
+
+ This tunnels a connection to IRC server ``server.example.com'', joining
+ channel ``#users'', nickname ``pinky'', using port 1234. It doesn't
+ matter which port is used, as long as it's greater than 1023 (remember,
+ only root can open sockets on privileged ports) and doesn't conflict with
+ any ports already in use. The connection is forwarded to port 6667 on
+ the remote server, since that's the standard port for IRC services.
+
+ The -f option backgrounds ssh and the remote command ``sleep 10'' is
+ specified to allow an amount of time (10 seconds, in the example) to
+ start the service which is to be tunnelled. If no connections are made
+ within the time specified, ssh will exit.
+
+X11 FORWARDING
+ If the ForwardX11 variable is set to ``yes'' (or see the description of
+ the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY
+ environment variable is set), the connection to the X11 display is
+ automatically forwarded to the remote side in such a way that any X11
+ programs started from the shell (or command) will go through the
+ encrypted channel, and the connection to the real X server will be made
+ from the local machine. The user should not manually set DISPLAY.
+ Forwarding of X11 connections can be configured on the command line or in
+ configuration files.
+
+ The DISPLAY value set by ssh will point to the server machine, but with a
+ display number greater than zero. This is normal, and happens because
+ ssh creates a ``proxy'' X server on the server machine for forwarding the
+ connections over the encrypted channel.
+
+ ssh will also automatically set up Xauthority data on the server machine.
+ For this purpose, it will generate a random authorization cookie, store
+ it in Xauthority on the server, and verify that any forwarded connections
+ carry this cookie and replace it by the real cookie when the connection
+ is opened. The real authentication cookie is never sent to the server
+ machine (and no cookies are sent in the plain).
+
+ If the ForwardAgent variable is set to ``yes'' (or see the description of
+ the -A and -a options above) and the user is using an authentication
+ agent, the connection to the agent is automatically forwarded to the
+ remote side.
+
+VERIFYING HOST KEYS
+ When connecting to a server for the first time, a fingerprint of the
+ server's public key is presented to the user (unless the option
+ StrictHostKeyChecking has been disabled). Fingerprints can be determined
+ using ssh-keygen(1):
+
+ $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
+
+ If the fingerprint is already known, it can be matched and the key can be
+ accepted or rejected. Because of the difficulty of comparing host keys
+ just by looking at hex strings, there is also support to compare host
+ keys visually, using random art. By setting the VisualHostKey option to
+ ``yes'', a small ASCII graphic gets displayed on every login to a server,
+ no matter if the session itself is interactive or not. By learning the
+ pattern a known server produces, a user can easily find out that the host
+ key has changed when a completely different pattern is displayed.
+ Because these patterns are not unambiguous however, a pattern that looks
+ similar to the pattern remembered only gives a good probability that the
+ host key is the same, not guaranteed proof.
+
+ To get a listing of the fingerprints along with their random art for all
+ known hosts, the following command line can be used:
+
+ $ ssh-keygen -lv -f ~/.ssh/known_hosts
+
+ If the fingerprint is unknown, an alternative method of verification is
+ available: SSH fingerprints verified by DNS. An additional resource
+ record (RR), SSHFP, is added to a zonefile and the connecting client is
+ able to match the fingerprint with that of the key presented.
+
+ In this example, we are connecting a client to a server,
+ ``host.example.com''. The SSHFP resource records should first be added
+ to the zonefile for host.example.com:
+
+ $ ssh-keygen -r host.example.com.
+
+ The output lines will have to be added to the zonefile. To check that
+ the zone is answering fingerprint queries:
+
+ $ dig -t SSHFP host.example.com
+
+ Finally the client connects:
+
+ $ ssh -o "VerifyHostKeyDNS ask" host.example.com
+ [...]
+ Matching host key fingerprint found in DNS.
+ Are you sure you want to continue connecting (yes/no)?
+
+ See the VerifyHostKeyDNS option in ssh_config(5) for more information.
+
+SSH-BASED VIRTUAL PRIVATE NETWORKS
+ ssh contains support for Virtual Private Network (VPN) tunnelling using
+ the tun(4) network pseudo-device, allowing two networks to be joined
+ securely. The sshd_config(5) configuration option PermitTunnel controls
+ whether the server supports this, and at what level (layer 2 or 3
+ traffic).
+
+ The following example would connect client network 10.0.50.0/24 with
+ remote network 10.0.99.0/24 using a point-to-point connection from
+ 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway
+ to the remote network, at 192.168.1.15, allows it.
+
+ On the client:
+
+ # ssh -f -w 0:1 192.168.1.15 true
+ # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
+ # route add 10.0.99.0/24 10.1.1.2
+
+ On the server:
+
+ # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
+ # route add 10.0.50.0/24 10.1.1.1
+
+ Client access may be more finely tuned via the /root/.ssh/authorized_keys
+ file (see below) and the PermitRootLogin server option. The following
+ entry would permit connections on tun(4) device 1 from user ``jane'' and
+ on tun device 2 from user ``john'', if PermitRootLogin is set to
+ ``forced-commands-only'':
+
+ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
+ tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
+
+ Since an SSH-based setup entails a fair amount of overhead, it may be
+ more suited to temporary setups, such as for wireless VPNs. More
+ permanent VPNs are better provided by tools such as ipsecctl(8) and
+ isakmpd(8).
+
+ENVIRONMENT
+ ssh will normally set the following environment variables:
+
+ DISPLAY The DISPLAY variable indicates the location of the
+ X11 server. It is automatically set by ssh to
+ point to a value of the form ``hostname:n'', where
+ ``hostname'' indicates the host where the shell
+ runs, and `n' is an integer >= 1. ssh uses this
+ special value to forward X11 connections over the
+ secure channel. The user should normally not set
+ DISPLAY explicitly, as that will render the X11
+ connection insecure (and will require the user to
+ manually copy any required authorization cookies).
+
+ HOME Set to the path of the user's home directory.
+
+ LOGNAME Synonym for USER; set for compatibility with
+ systems that use this variable.
+
+ MAIL Set to the path of the user's mailbox.
+
+ PATH Set to the default PATH, as specified when
+ compiling ssh.
+
+ SSH_ASKPASS If ssh needs a passphrase, it will read the
+ passphrase from the current terminal if it was run
+ from a terminal. If ssh does not have a terminal
+ associated with it but DISPLAY and SSH_ASKPASS are
+ set, it will execute the program specified by
+ SSH_ASKPASS and open an X11 window to read the
+ passphrase. This is particularly useful when
+ calling ssh from a .xsession or related script.
+ (Note that on some machines it may be necessary to
+ redirect the input from /dev/null to make this
+ work.)
+
+ SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to
+ communicate with the agent.
+
+ SSH_CONNECTION Identifies the client and server ends of the
+ connection. The variable contains four space-
+ separated values: client IP address, client port
+ number, server IP address, and server port number.
+
+ SSH_ORIGINAL_COMMAND This variable contains the original command line if
+ a forced command is executed. It can be used to
+ extract the original arguments.
+
+ SSH_TTY This is set to the name of the tty (path to the
+ device) associated with the current shell or
+ command. If the current session has no tty, this
+ variable is not set.
+
+ TZ This variable is set to indicate the present time
+ zone if it was set when the daemon was started
+ (i.e. the daemon passes the value on to new
+ connections).
+
+ USER Set to the name of the user logging in.
+
+ Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
+ ``VARNAME=value'' to the environment if the file exists and users are
+ allowed to change their environment. For more information, see the
+ PermitUserEnvironment option in sshd_config(5).
+
+FILES
+ ~/.rhosts
+ This file is used for host-based authentication (see above). On
+ some machines this file may need to be world-readable if the
+ user's home directory is on an NFS partition, because sshd(8)
+ reads it as root. Additionally, this file must be owned by the
+ user, and must not have write permissions for anyone else. The
+ recommended permission for most machines is read/write for the
+ user, and not accessible by others.
+
+ ~/.shosts
+ This file is used in exactly the same way as .rhosts, but allows
+ host-based authentication without permitting login with
+ rlogin/rsh.
+
+ ~/.ssh/
+ This directory is the default location for all user-specific
+ configuration and authentication information. There is no
+ general requirement to keep the entire contents of this directory
+ secret, but the recommended permissions are read/write/execute
+ for the user, and not accessible by others.
+
+ ~/.ssh/authorized_keys
+ Lists the public keys (DSA/ECDSA/RSA) that can be used for
+ logging in as this user. The format of this file is described in
+ the sshd(8) manual page. This file is not highly sensitive, but
+ the recommended permissions are read/write for the user, and not
+ accessible by others.
+
+ ~/.ssh/config
+ This is the per-user configuration file. The file format and
+ configuration options are described in ssh_config(5). Because of
+ the potential for abuse, this file must have strict permissions:
+ read/write for the user, and not writable by others.
+
+ ~/.ssh/environment
+ Contains additional definitions for environment variables; see
+ ENVIRONMENT, above.
+
+ ~/.ssh/identity
+ ~/.ssh/id_dsa
+ ~/.ssh/id_ecdsa
+ ~/.ssh/id_rsa
+ Contains the private key for authentication. These files contain
+ sensitive data and should be readable by the user but not
+ accessible by others (read/write/execute). ssh will simply
+ ignore a private key file if it is accessible by others. It is
+ possible to specify a passphrase when generating the key which
+ will be used to encrypt the sensitive part of this file using
+ 3DES.
+
+ ~/.ssh/identity.pub
+ ~/.ssh/id_dsa.pub
+ ~/.ssh/id_ecdsa.pub
+ ~/.ssh/id_rsa.pub
+ Contains the public key for authentication. These files are not
+ sensitive and can (but need not) be readable by anyone.
+
+ ~/.ssh/known_hosts
+ Contains a list of host keys for all hosts the user has logged
+ into that are not already in the systemwide list of known host
+ keys. See sshd(8) for further details of the format of this
+ file.
+
+ ~/.ssh/rc
+ Commands in this file are executed by ssh when the user logs in,
+ just before the user's shell (or command) is started. See the
+ sshd(8) manual page for more information.
+
+ /etc/hosts.equiv
+ This file is for host-based authentication (see above). It
+ should only be writable by root.
+
+ /etc/shosts.equiv
+ This file is used in exactly the same way as hosts.equiv, but
+ allows host-based authentication without permitting login with
+ rlogin/rsh.
+
+ /etc/ssh/ssh_config
+ Systemwide configuration file. The file format and configuration
+ options are described in ssh_config(5).
+
+ /etc/ssh/ssh_host_key
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys and are
+ used for host-based authentication. If protocol version 1 is
+ used, ssh must be setuid root, since the host key is readable
+ only by root. For protocol version 2, ssh uses ssh-keysign(8) to
+ access the host keys, eliminating the requirement that ssh be
+ setuid root when host-based authentication is used. By default
+ ssh is not setuid root.
+
+ /etc/ssh/ssh_known_hosts
+ Systemwide list of known host keys. This file should be prepared
+ by the system administrator to contain the public host keys of
+ all machines in the organization. It should be world-readable.
+ See sshd(8) for further details of the format of this file.
+
+ /etc/ssh/sshrc
+ Commands in this file are executed by ssh when the user logs in,
+ just before the user's shell (or command) is started. See the
+ sshd(8) manual page for more information.
+
+EXIT STATUS
+ ssh exits with the exit status of the remote command or with 255 if an
+ error occurred.
+
+SEE ALSO
+ scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1),
+ tun(4), hosts.equiv(5), ssh_config(5), ssh-keysign(8), sshd(8)
+
+STANDARDS
+ S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned
+ Numbers, RFC 4250, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture,
+ RFC 4251, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,
+ RFC 4252, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer
+ Protocol, RFC 4253, January 2006.
+
+ T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC
+ 4254, January 2006.
+
+ J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell
+ (SSH) Key Fingerprints, RFC 4255, January 2006.
+
+ F. Cusack and M. Forssen, Generic Message Exchange Authentication for the
+ Secure Shell Protocol (SSH), RFC 4256, January 2006.
+
+ J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break
+ Extension, RFC 4335, January 2006.
+
+ M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport
+ Layer Encryption Modes, RFC 4344, January 2006.
+
+ B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport
+ Layer Protocol, RFC 4345, January 2006.
+
+ M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
+ the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
+
+ J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File
+ Format, RFC 4716, November 2006.
+
+ D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the
+ Secure Shell Transport Layer, RFC 5656, December 2009.
+
+ A. Perrig and D. Song, Hash Visualization: a New Technique to improve
+ Real-World Security, 1999, International Workshop on Cryptographic
+ Techniques and E-Commerce (CrypTEC '99).
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 July 18, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/ssh_config.0 b/crypto/openssh/ssh_config.0
new file mode 100644
index 0000000..bd9e1ad
--- /dev/null
+++ b/crypto/openssh/ssh_config.0
@@ -0,0 +1,795 @@
+SSH_CONFIG(5) OpenBSD Programmer's Manual SSH_CONFIG(5)
+
+NAME
+ ssh_config - OpenSSH SSH client configuration files
+
+SYNOPSIS
+ ~/.ssh/config
+ /etc/ssh/ssh_config
+
+DESCRIPTION
+ ssh(1) obtains configuration data from the following sources in the
+ following order:
+
+ 1. command-line options
+ 2. user's configuration file (~/.ssh/config)
+ 3. system-wide configuration file (/etc/ssh/ssh_config)
+
+ For each parameter, the first obtained value will be used. The
+ configuration files contain sections separated by ``Host''
+ specifications, and that section is only applied for hosts that match one
+ of the patterns given in the specification. The matched host name is the
+ one given on the command line.
+
+ Since the first obtained value for each parameter is used, more host-
+ specific declarations should be given near the beginning of the file, and
+ general defaults at the end.
+
+ The configuration file has the following format:
+
+ Empty lines and lines starting with `#' are comments. Otherwise a line
+ is of the format ``keyword arguments''. Configuration options may be
+ separated by whitespace or optional whitespace and exactly one `='; the
+ latter format is useful to avoid the need to quote whitespace when
+ specifying configuration options using the ssh, scp, and sftp -o option.
+ Arguments may optionally be enclosed in double quotes (") in order to
+ represent arguments containing spaces.
+
+ The possible keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
+
+ Host Restricts the following declarations (up to the next Host
+ keyword) to be only for those hosts that match one of the
+ patterns given after the keyword. If more than one pattern is
+ provided, they should be separated by whitespace. A single `*'
+ as a pattern can be used to provide global defaults for all
+ hosts. The host is the hostname argument given on the command
+ line (i.e. the name is not converted to a canonicalized host name
+ before matching).
+
+ A pattern entry may be negated by prefixing it with an
+ exclamation mark (`!'). If a negated entry is matched, then the
+ Host entry is ignored, regardless of whether any other patterns
+ on the line match. Negated matches are therefore useful to
+ provide exceptions for wildcard matches.
+
+ See PATTERNS for more information on patterns.
+
+ AddressFamily
+ Specifies which address family to use when connecting. Valid
+ arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
+ (use IPv6 only).
+
+ BatchMode
+ If set to ``yes'', passphrase/password querying will be disabled.
+ This option is useful in scripts and other batch jobs where no
+ user is present to supply the password. The argument must be
+ ``yes'' or ``no''. The default is ``no''.
+
+ BindAddress
+ Use the specified address on the local machine as the source
+ address of the connection. Only useful on systems with more than
+ one address. Note that this option does not work if
+ UsePrivilegedPort is set to ``yes''.
+
+ ChallengeResponseAuthentication
+ Specifies whether to use challenge-response authentication. The
+ argument to this keyword must be ``yes'' or ``no''. The default
+ is ``yes''.
+
+ CheckHostIP
+ If this flag is set to ``yes'', ssh(1) will additionally check
+ the host IP address in the known_hosts file. This allows ssh to
+ detect if a host key changed due to DNS spoofing. If the option
+ is set to ``no'', the check will not be executed. The default is
+ ``yes''.
+
+ Cipher Specifies the cipher to use for encrypting the session in
+ protocol version 1. Currently, ``blowfish'', ``3des'', and
+ ``des'' are supported. des is only supported in the ssh(1)
+ client for interoperability with legacy protocol 1
+ implementations that do not support the 3des cipher. Its use is
+ strongly discouraged due to cryptographic weaknesses. The
+ default is ``3des''.
+
+ Ciphers
+ Specifies the ciphers allowed for protocol version 2 in order of
+ preference. Multiple ciphers must be comma-separated. The
+ supported ciphers are ``3des-cbc'', ``aes128-cbc'',
+ ``aes192-cbc'', ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'',
+ ``aes256-ctr'', ``aes128-gcm@openssh.com'',
+ ``aes256-gcm@openssh.com'', ``arcfour128'', ``arcfour256'',
+ ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''. The default
+ is:
+
+ aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+ aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
+ aes256-cbc,arcfour
+
+ ClearAllForwardings
+ Specifies that all local, remote, and dynamic port forwardings
+ specified in the configuration files or on the command line be
+ cleared. This option is primarily useful when used from the
+ ssh(1) command line to clear port forwardings set in
+ configuration files, and is automatically set by scp(1) and
+ sftp(1). The argument must be ``yes'' or ``no''. The default is
+ ``no''.
+
+ Compression
+ Specifies whether to use compression. The argument must be
+ ``yes'' or ``no''. The default is ``no''.
+
+ CompressionLevel
+ Specifies the compression level to use if compression is enabled.
+ The argument must be an integer from 1 (fast) to 9 (slow, best).
+ The default level is 6, which is good for most applications. The
+ meaning of the values is the same as in gzip(1). Note that this
+ option applies to protocol version 1 only.
+
+ ConnectionAttempts
+ Specifies the number of tries (one per second) to make before
+ exiting. The argument must be an integer. This may be useful in
+ scripts if the connection sometimes fails. The default is 1.
+
+ ConnectTimeout
+ Specifies the timeout (in seconds) used when connecting to the
+ SSH server, instead of using the default system TCP timeout.
+ This value is used only when the target is down or really
+ unreachable, not when it refuses the connection.
+
+ ControlMaster
+ Enables the sharing of multiple sessions over a single network
+ connection. When set to ``yes'', ssh(1) will listen for
+ connections on a control socket specified using the ControlPath
+ argument. Additional sessions can connect to this socket using
+ the same ControlPath with ControlMaster set to ``no'' (the
+ default). These sessions will try to reuse the master instance's
+ network connection rather than initiating new ones, but will fall
+ back to connecting normally if the control socket does not exist,
+ or is not listening.
+
+ Setting this to ``ask'' will cause ssh to listen for control
+ connections, but require confirmation using the SSH_ASKPASS
+ program before they are accepted (see ssh-add(1) for details).
+ If the ControlPath cannot be opened, ssh will continue without
+ connecting to a master instance.
+
+ X11 and ssh-agent(1) forwarding is supported over these
+ multiplexed connections, however the display and agent forwarded
+ will be the one belonging to the master connection i.e. it is not
+ possible to forward multiple displays or agents.
+
+ Two additional options allow for opportunistic multiplexing: try
+ to use a master connection but fall back to creating a new one if
+ one does not already exist. These options are: ``auto'' and
+ ``autoask''. The latter requires confirmation like the ``ask''
+ option.
+
+ ControlPath
+ Specify the path to the control socket used for connection
+ sharing as described in the ControlMaster section above or the
+ string ``none'' to disable connection sharing. In the path, `%L'
+ will be substituted by the first component of the local host
+ name, `%l' will be substituted by the local host name (including
+ any domain name), `%h' will be substituted by the target host
+ name, `%n' will be substituted by the original target host name
+ specified on the command line, `%p' the port, `%r' by the remote
+ login username, and `%u' by the username of the user running
+ ssh(1). It is recommended that any ControlPath used for
+ opportunistic connection sharing include at least %h, %p, and %r.
+ This ensures that shared connections are uniquely identified.
+
+ ControlPersist
+ When used in conjunction with ControlMaster, specifies that the
+ master connection should remain open in the background (waiting
+ for future client connections) after the initial client
+ connection has been closed. If set to ``no'', then the master
+ connection will not be placed into the background, and will close
+ as soon as the initial client connection is closed. If set to
+ ``yes'', then the master connection will remain in the background
+ indefinitely (until killed or closed via a mechanism such as the
+ ssh(1) ``-O exit'' option). If set to a time in seconds, or a
+ time in any of the formats documented in sshd_config(5), then the
+ backgrounded master connection will automatically terminate after
+ it has remained idle (with no client connections) for the
+ specified time.
+
+ DynamicForward
+ Specifies that a TCP port on the local machine be forwarded over
+ the secure channel, and the application protocol is then used to
+ determine where to connect to from the remote machine.
+
+ The argument must be [bind_address:]port. IPv6 addresses can be
+ specified by enclosing addresses in square brackets. By default,
+ the local port is bound in accordance with the GatewayPorts
+ setting. However, an explicit bind_address may be used to bind
+ the connection to a specific address. The bind_address of
+ ``localhost'' indicates that the listening port be bound for
+ local use only, while an empty address or `*' indicates that the
+ port should be available from all interfaces.
+
+ Currently the SOCKS4 and SOCKS5 protocols are supported, and
+ ssh(1) will act as a SOCKS server. Multiple forwardings may be
+ specified, and additional forwardings can be given on the command
+ line. Only the superuser can forward privileged ports.
+
+ EnableSSHKeysign
+ Setting this option to ``yes'' in the global client configuration
+ file /etc/ssh/ssh_config enables the use of the helper program
+ ssh-keysign(8) during HostbasedAuthentication. The argument must
+ be ``yes'' or ``no''. The default is ``no''. This option should
+ be placed in the non-hostspecific section. See ssh-keysign(8)
+ for more information.
+
+ EscapeChar
+ Sets the escape character (default: `~'). The escape character
+ can also be set on the command line. The argument should be a
+ single character, `^' followed by a letter, or ``none'' to
+ disable the escape character entirely (making the connection
+ transparent for binary data).
+
+ ExitOnForwardFailure
+ Specifies whether ssh(1) should terminate the connection if it
+ cannot set up all requested dynamic, tunnel, local, and remote
+ port forwardings. The argument must be ``yes'' or ``no''. The
+ default is ``no''.
+
+ ForwardAgent
+ Specifies whether the connection to the authentication agent (if
+ any) will be forwarded to the remote machine. The argument must
+ be ``yes'' or ``no''. The default is ``no''.
+
+ Agent forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ agent's Unix-domain socket) can access the local agent through
+ the forwarded connection. An attacker cannot obtain key material
+ from the agent, however they can perform operations on the keys
+ that enable them to authenticate using the identities loaded into
+ the agent.
+
+ ForwardX11
+ Specifies whether X11 connections will be automatically
+ redirected over the secure channel and DISPLAY set. The argument
+ must be ``yes'' or ``no''. The default is ``no''.
+
+ X11 forwarding should be enabled with caution. Users with the
+ ability to bypass file permissions on the remote host (for the
+ user's X11 authorization database) can access the local X11
+ display through the forwarded connection. An attacker may then
+ be able to perform activities such as keystroke monitoring if the
+ ForwardX11Trusted option is also enabled.
+
+ ForwardX11Timeout
+ Specify a timeout for untrusted X11 forwarding using the format
+ described in the TIME FORMATS section of sshd_config(5). X11
+ connections received by ssh(1) after this time will be refused.
+ The default is to disable untrusted X11 forwarding after twenty
+ minutes has elapsed.
+
+ ForwardX11Trusted
+ If this option is set to ``yes'', remote X11 clients will have
+ full access to the original X11 display.
+
+ If this option is set to ``no'', remote X11 clients will be
+ considered untrusted and prevented from stealing or tampering
+ with data belonging to trusted X11 clients. Furthermore, the
+ xauth(1) token used for the session will be set to expire after
+ 20 minutes. Remote clients will be refused access after this
+ time.
+
+ The default is ``no''.
+
+ See the X11 SECURITY extension specification for full details on
+ the restrictions imposed on untrusted clients.
+
+ GatewayPorts
+ Specifies whether remote hosts are allowed to connect to local
+ forwarded ports. By default, ssh(1) binds local port forwardings
+ to the loopback address. This prevents other remote hosts from
+ connecting to forwarded ports. GatewayPorts can be used to
+ specify that ssh should bind local port forwardings to the
+ wildcard address, thus allowing remote hosts to connect to
+ forwarded ports. The argument must be ``yes'' or ``no''. The
+ default is ``no''.
+
+ GlobalKnownHostsFile
+ Specifies one or more files to use for the global host key
+ database, separated by whitespace. The default is
+ /etc/ssh/ssh_known_hosts, /etc/ssh/ssh_known_hosts2.
+
+ GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+ The default is ``no''. Note that this option applies to protocol
+ version 2 only.
+
+ GSSAPIDelegateCredentials
+ Forward (delegate) credentials to the server. The default is
+ ``no''. Note that this option applies to protocol version 2
+ only.
+
+ HashKnownHosts
+ Indicates that ssh(1) should hash host names and addresses when
+ they are added to ~/.ssh/known_hosts. These hashed names may be
+ used normally by ssh(1) and sshd(8), but they do not reveal
+ identifying information should the file's contents be disclosed.
+ The default is ``no''. Note that existing names and addresses in
+ known hosts files will not be converted automatically, but may be
+ manually hashed using ssh-keygen(1).
+
+ HostbasedAuthentication
+ Specifies whether to try rhosts based authentication with public
+ key authentication. The argument must be ``yes'' or ``no''. The
+ default is ``no''. This option applies to protocol version 2
+ only and is similar to RhostsRSAAuthentication.
+
+ HostKeyAlgorithms
+ Specifies the protocol version 2 host key algorithms that the
+ client wants to use in order of preference. The default for this
+ option is:
+
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ ssh-rsa,ssh-dss
+
+ If hostkeys are known for the destination host then this default
+ is modified to prefer their algorithms.
+
+ HostKeyAlias
+ Specifies an alias that should be used instead of the real host
+ name when looking up or saving the host key in the host key
+ database files. This option is useful for tunneling SSH
+ connections or for multiple servers running on a single host.
+
+ HostName
+ Specifies the real host name to log into. This can be used to
+ specify nicknames or abbreviations for hosts. If the hostname
+ contains the character sequence `%h', then this will be replaced
+ with the host name specified on the command line (this is useful
+ for manipulating unqualified names). The default is the name
+ given on the command line. Numeric IP addresses are also
+ permitted (both on the command line and in HostName
+ specifications).
+
+ IdentitiesOnly
+ Specifies that ssh(1) should only use the authentication identity
+ files configured in the ssh_config files, even if ssh-agent(1) or
+ a PKCS11Provider offers more identities. The argument to this
+ keyword must be ``yes'' or ``no''. This option is intended for
+ situations where ssh-agent offers many different identities. The
+ default is ``no''.
+
+ IdentityFile
+ Specifies a file from which the user's DSA, ECDSA or RSA
+ authentication identity is read. The default is ~/.ssh/identity
+ for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
+ ~/.ssh/id_rsa for protocol version 2. Additionally, any
+ identities represented by the authentication agent will be used
+ for authentication unless IdentitiesOnly is set. ssh(1) will try
+ to load certificate information from the filename obtained by
+ appending -cert.pub to the path of a specified IdentityFile.
+
+ The file name may use the tilde syntax to refer to a user's home
+ directory or one of the following escape characters: `%d' (local
+ user's home directory), `%u' (local user name), `%l' (local host
+ name), `%h' (remote host name) or `%r' (remote user name).
+
+ It is possible to have multiple identity files specified in
+ configuration files; all these identities will be tried in
+ sequence. Multiple IdentityFile directives will add to the list
+ of identities tried (this behaviour differs from that of other
+ configuration directives).
+
+ IdentityFile may be used in conjunction with IdentitiesOnly to
+ select which identities in an agent are offered during
+ authentication.
+
+ IgnoreUnknown
+ Specifies a pattern-list of unknown options to be ignored if they
+ are encountered in configuration parsing. This may be used to
+ suppress errors if ssh_config contains options that are
+ unrecognised by ssh(1). It is recommended that IgnoreUnknown be
+ listed early in the configuration file as it will not be applied
+ to unknown options that appear before it.
+
+ IPQoS Specifies the IPv4 type-of-service or DSCP class for connections.
+ Accepted values are ``af11'', ``af12'', ``af13'', ``af21'',
+ ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'',
+ ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'', ``cs4'',
+ ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'', ``throughput'',
+ ``reliability'', or a numeric value. This option may take one or
+ two arguments, separated by whitespace. If one argument is
+ specified, it is used as the packet class unconditionally. If
+ two values are specified, the first is automatically selected for
+ interactive sessions and the second for non-interactive sessions.
+ The default is ``lowdelay'' for interactive sessions and
+ ``throughput'' for non-interactive sessions.
+
+ KbdInteractiveAuthentication
+ Specifies whether to use keyboard-interactive authentication.
+ The argument to this keyword must be ``yes'' or ``no''. The
+ default is ``yes''.
+
+ KbdInteractiveDevices
+ Specifies the list of methods to use in keyboard-interactive
+ authentication. Multiple method names must be comma-separated.
+ The default is to use the server specified list. The methods
+ available vary depending on what the server supports. For an
+ OpenSSH server, it may be zero or more of: ``bsdauth'', ``pam'',
+ and ``skey''.
+
+ KexAlgorithms
+ Specifies the available KEX (Key Exchange) algorithms. Multiple
+ algorithms must be comma-separated. The default is:
+
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ diffie-hellman-group-exchange-sha256,
+ diffie-hellman-group-exchange-sha1,
+ diffie-hellman-group14-sha1,
+ diffie-hellman-group1-sha1
+
+ LocalCommand
+ Specifies a command to execute on the local machine after
+ successfully connecting to the server. The command string
+ extends to the end of the line, and is executed with the user's
+ shell. The following escape character substitutions will be
+ performed: `%d' (local user's home directory), `%h' (remote host
+ name), `%l' (local host name), `%n' (host name as provided on the
+ command line), `%p' (remote port), `%r' (remote user name) or
+ `%u' (local user name).
+
+ The command is run synchronously and does not have access to the
+ session of the ssh(1) that spawned it. It should not be used for
+ interactive commands.
+
+ This directive is ignored unless PermitLocalCommand has been
+ enabled.
+
+ LocalForward
+ Specifies that a TCP port on the local machine be forwarded over
+ the secure channel to the specified host and port from the remote
+ machine. The first argument must be [bind_address:]port and the
+ second argument must be host:hostport. IPv6 addresses can be
+ specified by enclosing addresses in square brackets. Multiple
+ forwardings may be specified, and additional forwardings can be
+ given on the command line. Only the superuser can forward
+ privileged ports. By default, the local port is bound in
+ accordance with the GatewayPorts setting. However, an explicit
+ bind_address may be used to bind the connection to a specific
+ address. The bind_address of ``localhost'' indicates that the
+ listening port be bound for local use only, while an empty
+ address or `*' indicates that the port should be available from
+ all interfaces.
+
+ LogLevel
+ Gives the verbosity level that is used when logging messages from
+ ssh(1). The possible values are: QUIET, FATAL, ERROR, INFO,
+ VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
+ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
+ higher levels of verbose output.
+
+ MACs Specifies the MAC (message authentication code) algorithms in
+ order of preference. The MAC algorithm is used in protocol
+ version 2 for data integrity protection. Multiple algorithms
+ must be comma-separated. The algorithms that contain ``-etm''
+ calculate the MAC after encryption (encrypt-then-mac). These are
+ considered safer and their use recommended. The default is:
+
+ hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
+ umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+ hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+ hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+ hmac-md5-96-etm@openssh.com,
+ hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
+ hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+ hmac-sha1-96,hmac-md5-96
+
+ NoHostAuthenticationForLocalhost
+ This option can be used if the home directory is shared across
+ machines. In this case localhost will refer to a different
+ machine on each of the machines and the user will get many
+ warnings about changed host keys. However, this option disables
+ host authentication for localhost. The argument to this keyword
+ must be ``yes'' or ``no''. The default is to check the host key
+ for localhost.
+
+ NumberOfPasswordPrompts
+ Specifies the number of password prompts before giving up. The
+ argument to this keyword must be an integer. The default is 3.
+
+ PasswordAuthentication
+ Specifies whether to use password authentication. The argument
+ to this keyword must be ``yes'' or ``no''. The default is
+ ``yes''.
+
+ PermitLocalCommand
+ Allow local command execution via the LocalCommand option or
+ using the !command escape sequence in ssh(1). The argument must
+ be ``yes'' or ``no''. The default is ``no''.
+
+ PKCS11Provider
+ Specifies which PKCS#11 provider to use. The argument to this
+ keyword is the PKCS#11 shared library ssh(1) should use to
+ communicate with a PKCS#11 token providing the user's private RSA
+ key.
+
+ Port Specifies the port number to connect on the remote host. The
+ default is 22.
+
+ PreferredAuthentications
+ Specifies the order in which the client should try protocol 2
+ authentication methods. This allows a client to prefer one
+ method (e.g. keyboard-interactive) over another method (e.g.
+ password). The default is:
+
+ gssapi-with-mic,hostbased,publickey,
+ keyboard-interactive,password
+
+ Protocol
+ Specifies the protocol versions ssh(1) should support in order of
+ preference. The possible values are `1' and `2'. Multiple
+ versions must be comma-separated. When this option is set to
+ ``2,1'' ssh will try version 2 and fall back to version 1 if
+ version 2 is not available. The default is `2'.
+
+ ProxyCommand
+ Specifies the command to use to connect to the server. The
+ command string extends to the end of the line, and is executed
+ with the user's shell. In the command string, any occurrence of
+ `%h' will be substituted by the host name to connect, `%p' by the
+ port, and `%r' by the remote user name. The command can be
+ basically anything, and should read from its standard input and
+ write to its standard output. It should eventually connect an
+ sshd(8) server running on some machine, or execute sshd -i
+ somewhere. Host key management will be done using the HostName
+ of the host being connected (defaulting to the name typed by the
+ user). Setting the command to ``none'' disables this option
+ entirely. Note that CheckHostIP is not available for connects
+ with a proxy command.
+
+ This directive is useful in conjunction with nc(1) and its proxy
+ support. For example, the following directive would connect via
+ an HTTP proxy at 192.0.2.0:
+
+ ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
+
+ PubkeyAuthentication
+ Specifies whether to try public key authentication. The argument
+ to this keyword must be ``yes'' or ``no''. The default is
+ ``yes''. This option applies to protocol version 2 only.
+
+ RekeyLimit
+ Specifies the maximum amount of data that may be transmitted
+ before the session key is renegotiated, optionally followed a
+ maximum amount of time that may pass before the session key is
+ renegotiated. The first argument is specified in bytes and may
+ have a suffix of `K', `M', or `G' to indicate Kilobytes,
+ Megabytes, or Gigabytes, respectively. The default is between
+ `1G' and `4G', depending on the cipher. The optional second
+ value is specified in seconds and may use any of the units
+ documented in the TIME FORMATS section of sshd_config(5). The
+ default value for RekeyLimit is ``default none'', which means
+ that rekeying is performed after the cipher's default amount of
+ data has been sent or received and no time based rekeying is
+ done. This option applies to protocol version 2 only.
+
+ RemoteForward
+ Specifies that a TCP port on the remote machine be forwarded over
+ the secure channel to the specified host and port from the local
+ machine. The first argument must be [bind_address:]port and the
+ second argument must be host:hostport. IPv6 addresses can be
+ specified by enclosing addresses in square brackets. Multiple
+ forwardings may be specified, and additional forwardings can be
+ given on the command line. Privileged ports can be forwarded
+ only when logging in as root on the remote machine.
+
+ If the port argument is `0', the listen port will be dynamically
+ allocated on the server and reported to the client at run time.
+
+ If the bind_address is not specified, the default is to only bind
+ to loopback addresses. If the bind_address is `*' or an empty
+ string, then the forwarding is requested to listen on all
+ interfaces. Specifying a remote bind_address will only succeed
+ if the server's GatewayPorts option is enabled (see
+ sshd_config(5)).
+
+ RequestTTY
+ Specifies whether to request a pseudo-tty for the session. The
+ argument may be one of: ``no'' (never request a TTY), ``yes''
+ (always request a TTY when standard input is a TTY), ``force''
+ (always request a TTY) or ``auto'' (request a TTY when opening a
+ login session). This option mirrors the -t and -T flags for
+ ssh(1).
+
+ RhostsRSAAuthentication
+ Specifies whether to try rhosts based authentication with RSA
+ host authentication. The argument must be ``yes'' or ``no''.
+ The default is ``no''. This option applies to protocol version 1
+ only and requires ssh(1) to be setuid root.
+
+ RSAAuthentication
+ Specifies whether to try RSA authentication. The argument to
+ this keyword must be ``yes'' or ``no''. RSA authentication will
+ only be attempted if the identity file exists, or an
+ authentication agent is running. The default is ``yes''. Note
+ that this option applies to protocol version 1 only.
+
+ SendEnv
+ Specifies what variables from the local environ(7) should be sent
+ to the server. Note that environment passing is only supported
+ for protocol 2. The server must also support it, and the server
+ must be configured to accept these environment variables. Refer
+ to AcceptEnv in sshd_config(5) for how to configure the server.
+ Variables are specified by name, which may contain wildcard
+ characters. Multiple environment variables may be separated by
+ whitespace or spread across multiple SendEnv directives. The
+ default is not to send any environment variables.
+
+ See PATTERNS for more information on patterns.
+
+ ServerAliveCountMax
+ Sets the number of server alive messages (see below) which may be
+ sent without ssh(1) receiving any messages back from the server.
+ If this threshold is reached while server alive messages are
+ being sent, ssh will disconnect from the server, terminating the
+ session. It is important to note that the use of server alive
+ messages is very different from TCPKeepAlive (below). The server
+ alive messages are sent through the encrypted channel and
+ therefore will not be spoofable. The TCP keepalive option
+ enabled by TCPKeepAlive is spoofable. The server alive mechanism
+ is valuable when the client or server depend on knowing when a
+ connection has become inactive.
+
+ The default value is 3. If, for example, ServerAliveInterval
+ (see below) is set to 15 and ServerAliveCountMax is left at the
+ default, if the server becomes unresponsive, ssh will disconnect
+ after approximately 45 seconds. This option applies to protocol
+ version 2 only.
+
+ ServerAliveInterval
+ Sets a timeout interval in seconds after which if no data has
+ been received from the server, ssh(1) will send a message through
+ the encrypted channel to request a response from the server. The
+ default is 0, indicating that these messages will not be sent to
+ the server. This option applies to protocol version 2 only.
+
+ StrictHostKeyChecking
+ If this flag is set to ``yes'', ssh(1) will never automatically
+ add host keys to the ~/.ssh/known_hosts file, and refuses to
+ connect to hosts whose host key has changed. This provides
+ maximum protection against trojan horse attacks, though it can be
+ annoying when the /etc/ssh/ssh_known_hosts file is poorly
+ maintained or when connections to new hosts are frequently made.
+ This option forces the user to manually add all new hosts. If
+ this flag is set to ``no'', ssh will automatically add new host
+ keys to the user known hosts files. If this flag is set to
+ ``ask'', new host keys will be added to the user known host files
+ only after the user has confirmed that is what they really want
+ to do, and ssh will refuse to connect to hosts whose host key has
+ changed. The host keys of known hosts will be verified
+ automatically in all cases. The argument must be ``yes'',
+ ``no'', or ``ask''. The default is ``ask''.
+
+ TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages
+ to the other side. If they are sent, death of the connection or
+ crash of one of the machines will be properly noticed. However,
+ this means that connections will die if the route is down
+ temporarily, and some people find it annoying.
+
+ The default is ``yes'' (to send TCP keepalive messages), and the
+ client will notice if the network goes down or the remote host
+ dies. This is important in scripts, and many users want it too.
+
+ To disable TCP keepalive messages, the value should be set to
+ ``no''.
+
+ Tunnel Request tun(4) device forwarding between the client and the
+ server. The argument must be ``yes'', ``point-to-point'' (layer
+ 3), ``ethernet'' (layer 2), or ``no''. Specifying ``yes''
+ requests the default tunnel mode, which is ``point-to-point''.
+ The default is ``no''.
+
+ TunnelDevice
+ Specifies the tun(4) devices to open on the client (local_tun)
+ and the server (remote_tun).
+
+ The argument must be local_tun[:remote_tun]. The devices may be
+ specified by numerical ID or the keyword ``any'', which uses the
+ next available tunnel device. If remote_tun is not specified, it
+ defaults to ``any''. The default is ``any:any''.
+
+ UsePrivilegedPort
+ Specifies whether to use a privileged port for outgoing
+ connections. The argument must be ``yes'' or ``no''. The
+ default is ``no''. If set to ``yes'', ssh(1) must be setuid
+ root. Note that this option must be set to ``yes'' for
+ RhostsRSAAuthentication with older servers.
+
+ User Specifies the user to log in as. This can be useful when a
+ different user name is used on different machines. This saves
+ the trouble of having to remember to give the user name on the
+ command line.
+
+ UserKnownHostsFile
+ Specifies one or more files to use for the user host key
+ database, separated by whitespace. The default is
+ ~/.ssh/known_hosts, ~/.ssh/known_hosts2.
+
+ VerifyHostKeyDNS
+ Specifies whether to verify the remote key using DNS and SSHFP
+ resource records. If this option is set to ``yes'', the client
+ will implicitly trust keys that match a secure fingerprint from
+ DNS. Insecure fingerprints will be handled as if this option was
+ set to ``ask''. If this option is set to ``ask'', information on
+ fingerprint match will be displayed, but the user will still need
+ to confirm new host keys according to the StrictHostKeyChecking
+ option. The argument must be ``yes'', ``no'', or ``ask''. The
+ default is ``no''. Note that this option applies to protocol
+ version 2 only.
+
+ See also VERIFYING HOST KEYS in ssh(1).
+
+ VisualHostKey
+ If this flag is set to ``yes'', an ASCII art representation of
+ the remote host key fingerprint is printed in addition to the hex
+ fingerprint string at login and for unknown host keys. If this
+ flag is set to ``no'', no fingerprint strings are printed at
+ login and only the hex fingerprint string will be printed for
+ unknown host keys. The default is ``no''.
+
+ XAuthLocation
+ Specifies the full pathname of the xauth(1) program. The default
+ is /usr/X11R6/bin/xauth.
+
+PATTERNS
+ A pattern consists of zero or more non-whitespace characters, `*' (a
+ wildcard that matches zero or more characters), or `?' (a wildcard that
+ matches exactly one character). For example, to specify a set of
+ declarations for any host in the ``.co.uk'' set of domains, the following
+ pattern could be used:
+
+ Host *.co.uk
+
+ The following pattern would match any host in the 192.168.0.[0-9] network
+ range:
+
+ Host 192.168.0.?
+
+ A pattern-list is a comma-separated list of patterns. Patterns within
+ pattern-lists may be negated by preceding them with an exclamation mark
+ (`!'). For example, to allow a key to be used from anywhere within an
+ organisation except from the ``dialup'' pool, the following entry (in
+ authorized_keys) could be used:
+
+ from="!*.dialup.example.com,*.example.com"
+
+FILES
+ ~/.ssh/config
+ This is the per-user configuration file. The format of this file
+ is described above. This file is used by the SSH client.
+ Because of the potential for abuse, this file must have strict
+ permissions: read/write for the user, and not accessible by
+ others.
+
+ /etc/ssh/ssh_config
+ Systemwide configuration file. This file provides defaults for
+ those values that are not specified in the user's configuration
+ file, and for those users who do not have a configuration file.
+ This file must be world-readable.
+
+SEE ALSO
+ ssh(1)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0.
+
+OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/sshd.0 b/crypto/openssh/sshd.0
new file mode 100644
index 0000000..c48b987
--- /dev/null
+++ b/crypto/openssh/sshd.0
@@ -0,0 +1,640 @@
+SSHD(8) OpenBSD System Manager's Manual SSHD(8)
+
+NAME
+ sshd - OpenSSH SSH daemon
+
+SYNOPSIS
+ sshd [-46DdeiqTt] [-b bits] [-C connection_spec]
+ [-c host_certificate_file] [-E log_file] [-f config_file]
+ [-g login_grace_time] [-h host_key_file] [-k key_gen_time]
+ [-o option] [-p port] [-u len]
+
+DESCRIPTION
+ sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
+ programs replace rlogin(1) and rsh(1), and provide secure encrypted
+ communications between two untrusted hosts over an insecure network.
+
+ sshd listens for connections from clients. It is normally started at
+ boot from /etc/rc. It forks a new daemon for each incoming connection.
+ The forked daemons handle key exchange, encryption, authentication,
+ command execution, and data exchange.
+
+ sshd can be configured using command-line options or a configuration file
+ (by default sshd_config(5)); command-line options override values
+ specified in the configuration file. sshd rereads its configuration file
+ when it receives a hangup signal, SIGHUP, by executing itself with the
+ name and options it was started with, e.g. /usr/sbin/sshd.
+
+ The options are as follows:
+
+ -4 Forces sshd to use IPv4 addresses only.
+
+ -6 Forces sshd to use IPv6 addresses only.
+
+ -b bits
+ Specifies the number of bits in the ephemeral protocol version 1
+ server key (default 1024).
+
+ -C connection_spec
+ Specify the connection parameters to use for the -T extended test
+ mode. If provided, any Match directives in the configuration
+ file that would apply to the specified user, host, and address
+ will be set before the configuration is written to standard
+ output. The connection parameters are supplied as keyword=value
+ pairs. The keywords are ``user'', ``host'', ``laddr'',
+ ``lport'', and ``addr''. All are required and may be supplied in
+ any order, either with multiple -C options or as a comma-
+ separated list.
+
+ -c host_certificate_file
+ Specifies a path to a certificate file to identify sshd during
+ key exchange. The certificate file must match a host key file
+ specified using the -h option or the HostKey configuration
+ directive.
+
+ -D When this option is specified, sshd will not detach and does not
+ become a daemon. This allows easy monitoring of sshd.
+
+ -d Debug mode. The server sends verbose debug output to standard
+ error, and does not put itself in the background. The server
+ also will not fork and will only process one connection. This
+ option is only intended for debugging for the server. Multiple
+ -d options increase the debugging level. Maximum is 3.
+
+ -E log_file
+ Append debug logs to log_file instead of the system log.
+
+ -e Write debug logs to standard error instead of the system log.
+
+ -f config_file
+ Specifies the name of the configuration file. The default is
+ /etc/ssh/sshd_config. sshd refuses to start if there is no
+ configuration file.
+
+ -g login_grace_time
+ Gives the grace time for clients to authenticate themselves
+ (default 120 seconds). If the client fails to authenticate the
+ user within this many seconds, the server disconnects and exits.
+ A value of zero indicates no limit.
+
+ -h host_key_file
+ Specifies a file from which a host key is read. This option must
+ be given if sshd is not run as root (as the normal host key files
+ are normally not readable by anyone but root). The default is
+ /etc/ssh/ssh_host_key for protocol version 1, and
+ /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
+ /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible
+ to have multiple host key files for the different protocol
+ versions and host key algorithms.
+
+ -i Specifies that sshd is being run from inetd(8). sshd is normally
+ not run from inetd because it needs to generate the server key
+ before it can respond to the client, and this may take tens of
+ seconds. Clients would have to wait too long if the key was
+ regenerated every time. However, with small key sizes (e.g. 512)
+ using sshd from inetd may be feasible.
+
+ -k key_gen_time
+ Specifies how often the ephemeral protocol version 1 server key
+ is regenerated (default 3600 seconds, or one hour). The
+ motivation for regenerating the key fairly often is that the key
+ is not stored anywhere, and after about an hour it becomes
+ impossible to recover the key for decrypting intercepted
+ communications even if the machine is cracked into or physically
+ seized. A value of zero indicates that the key will never be
+ regenerated.
+
+ -o option
+ Can be used to give options in the format used in the
+ configuration file. This is useful for specifying options for
+ which there is no separate command-line flag. For full details
+ of the options, and their values, see sshd_config(5).
+
+ -p port
+ Specifies the port on which the server listens for connections
+ (default 22). Multiple port options are permitted. Ports
+ specified in the configuration file with the Port option are
+ ignored when a command-line port is specified. Ports specified
+ using the ListenAddress option override command-line ports.
+
+ -q Quiet mode. Nothing is sent to the system log. Normally the
+ beginning, authentication, and termination of each connection is
+ logged.
+
+ -T Extended test mode. Check the validity of the configuration
+ file, output the effective configuration to stdout and then exit.
+ Optionally, Match rules may be applied by specifying the
+ connection parameters using one or more -C options.
+
+ -t Test mode. Only check the validity of the configuration file and
+ sanity of the keys. This is useful for updating sshd reliably as
+ configuration options may change.
+
+ -u len This option is used to specify the size of the field in the utmp
+ structure that holds the remote host name. If the resolved host
+ name is longer than len, the dotted decimal value will be used
+ instead. This allows hosts with very long host names that
+ overflow this field to still be uniquely identified. Specifying
+ -u0 indicates that only dotted decimal addresses should be put
+ into the utmp file. -u0 may also be used to prevent sshd from
+ making DNS requests unless the authentication mechanism or
+ configuration requires it. Authentication mechanisms that may
+ require DNS include RhostsRSAAuthentication,
+ HostbasedAuthentication, and using a from="pattern-list" option
+ in a key file. Configuration options that require DNS include
+ using a USER@HOST pattern in AllowUsers or DenyUsers.
+
+AUTHENTICATION
+ The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
+ use protocol 2 only, though this can be changed via the Protocol option
+ in sshd_config(5). Protocol 2 supports DSA, ECDSA and RSA keys; protocol
+ 1 only supports RSA keys. For both protocols, each host has a host-
+ specific key, normally 2048 bits, used to identify the host.
+
+ Forward security for protocol 1 is provided through an additional server
+ key, normally 768 bits, generated when the server starts. This key is
+ normally regenerated every hour if it has been used, and is never stored
+ on disk. Whenever a client connects, the daemon responds with its public
+ host and server keys. The client compares the RSA host key against its
+ own database to verify that it has not changed. The client then
+ generates a 256-bit random number. It encrypts this random number using
+ both the host key and the server key, and sends the encrypted number to
+ the server. Both sides then use this random number as a session key
+ which is used to encrypt all further communications in the session. The
+ rest of the session is encrypted using a conventional cipher, currently
+ Blowfish or 3DES, with 3DES being used by default. The client selects
+ the encryption algorithm to use from those offered by the server.
+
+ For protocol 2, forward security is provided through a Diffie-Hellman key
+ agreement. This key agreement results in a shared session key. The rest
+ of the session is encrypted using a symmetric cipher, currently 128-bit
+ AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
+ client selects the encryption algorithm to use from those offered by the
+ server. Additionally, session integrity is provided through a
+ cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64,
+ umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512).
+
+ Finally, the server and the client enter an authentication dialog. The
+ client tries to authenticate itself using host-based authentication,
+ public key authentication, challenge-response authentication, or password
+ authentication.
+
+ Regardless of the authentication type, the account is checked to ensure
+ that it is accessible. An account is not accessible if it is locked,
+ listed in DenyUsers or its group is listed in DenyGroups . The
+ definition of a locked account is system dependant. Some platforms have
+ their own account database (eg AIX) and some modify the passwd field (
+ `*LK*' on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on
+ Tru64, a leading `*LOCKED*' on FreeBSD and a leading `!' on most
+ Linuxes). If there is a requirement to disable password authentication
+ for the account while allowing still public-key, then the passwd field
+ should be set to something other than these values (eg `NP' or `*NP*' ).
+
+ If the client successfully authenticates itself, a dialog for preparing
+ the session is entered. At this time the client may request things like
+ allocating a pseudo-tty, forwarding X11 connections, forwarding TCP
+ connections, or forwarding the authentication agent connection over the
+ secure channel.
+
+ After this, the client either requests a shell or execution of a command.
+ The sides then enter session mode. In this mode, either side may send
+ data at any time, and such data is forwarded to/from the shell or command
+ on the server side, and the user terminal in the client side.
+
+ When the user program terminates and all forwarded X11 and other
+ connections have been closed, the server sends command exit status to the
+ client, and both sides exit.
+
+LOGIN PROCESS
+ When a user successfully logs in, sshd does the following:
+
+ 1. If the login is on a tty, and no command has been specified,
+ prints last login time and /etc/motd (unless prevented in the
+ configuration file or by ~/.hushlogin; see the FILES section).
+
+ 2. If the login is on a tty, records login time.
+
+ 3. Checks /etc/nologin; if it exists, prints contents and quits
+ (unless root).
+
+ 4. Changes to run with normal user privileges.
+
+ 5. Sets up basic environment.
+
+ 6. Reads the file ~/.ssh/environment, if it exists, and users are
+ allowed to change their environment. See the
+ PermitUserEnvironment option in sshd_config(5).
+
+ 7. Changes to user's home directory.
+
+ 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists,
+ runs it; otherwise runs xauth. The ``rc'' files are given the
+ X11 authentication protocol and cookie in standard input. See
+ SSHRC, below.
+
+ 9. Runs user's shell or command.
+
+SSHRC
+ If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
+ files but before starting the user's shell or command. It must not
+ produce any output on stdout; stderr must be used instead. If X11
+ forwarding is in use, it will receive the "proto cookie" pair in its
+ standard input (and DISPLAY in its environment). The script must call
+ xauth(1) because sshd will not run xauth automatically to add X11
+ cookies.
+
+ The primary purpose of this file is to run any initialization routines
+ which may be needed before the user's home directory becomes accessible;
+ AFS is a particular example of such an environment.
+
+ This file will probably contain some initialization code followed by
+ something similar to:
+
+ if read proto cookie && [ -n "$DISPLAY" ]; then
+ if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
+ # X11UseLocalhost=yes
+ echo add unix:`echo $DISPLAY |
+ cut -c11-` $proto $cookie
+ else
+ # X11UseLocalhost=no
+ echo add $DISPLAY $proto $cookie
+ fi | xauth -q -
+ fi
+
+ If this file does not exist, /etc/ssh/sshrc is run, and if that does not
+ exist either, xauth is used to add the cookie.
+
+AUTHORIZED_KEYS FILE FORMAT
+ AuthorizedKeysFile specifies the files containing public keys for public
+ key authentication; if none is specified, the default is
+ ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the
+ file contains one key (empty lines and lines starting with a `#' are
+ ignored as comments). Protocol 1 public keys consist of the following
+ space-separated fields: options, bits, exponent, modulus, comment.
+ Protocol 2 public key consist of: options, keytype, base64-encoded key,
+ comment. The options field is optional; its presence is determined by
+ whether the line starts with a number or not (the options field never
+ starts with a number). The bits, exponent, modulus, and comment fields
+ give the RSA key for protocol version 1; the comment field is not used
+ for anything (but may be convenient for the user to identify the key).
+ For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
+ ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or
+ ``ssh-rsa''.
+
+ Note that lines in this file are usually several hundred bytes long
+ (because of the size of the public key encoding) up to a limit of 8
+ kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
+ kilobits. You don't want to type them in; instead, copy the
+ identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit
+ it.
+
+ sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
+ 2 keys of 768 bits.
+
+ The options (if present) consist of comma-separated option
+ specifications. No spaces are permitted, except within double quotes.
+ The following option specifications are supported (note that option
+ keywords are case-insensitive):
+
+ cert-authority
+ Specifies that the listed key is a certification authority (CA)
+ that is trusted to validate signed certificates for user
+ authentication.
+
+ Certificates may encode access restrictions similar to these key
+ options. If both certificate restrictions and key options are
+ present, the most restrictive union of the two is applied.
+
+ command="command"
+ Specifies that the command is executed whenever this key is used
+ for authentication. The command supplied by the user (if any) is
+ ignored. The command is run on a pty if the client requests a
+ pty; otherwise it is run without a tty. If an 8-bit clean
+ channel is required, one must not request a pty or should specify
+ no-pty. A quote may be included in the command by quoting it
+ with a backslash. This option might be useful to restrict
+ certain public keys to perform just a specific operation. An
+ example might be a key that permits remote backups but nothing
+ else. Note that the client may specify TCP and/or X11 forwarding
+ unless they are explicitly prohibited. The command originally
+ supplied by the client is available in the SSH_ORIGINAL_COMMAND
+ environment variable. Note that this option applies to shell,
+ command or subsystem execution. Also note that this command may
+ be superseded by either a sshd_config(5) ForceCommand directive
+ or a command embedded in a certificate.
+
+ environment="NAME=value"
+ Specifies that the string is to be added to the environment when
+ logging in using this key. Environment variables set this way
+ override other default environment values. Multiple options of
+ this type are permitted. Environment processing is disabled by
+ default and is controlled via the PermitUserEnvironment option.
+ This option is automatically disabled if UseLogin is enabled.
+
+ from="pattern-list"
+ Specifies that in addition to public key authentication, either
+ the canonical name of the remote host or its IP address must be
+ present in the comma-separated list of patterns. See PATTERNS in
+ ssh_config(5) for more information on patterns.
+
+ In addition to the wildcard matching that may be applied to
+ hostnames or addresses, a from stanza may match IP addresses
+ using CIDR address/masklen notation.
+
+ The purpose of this option is to optionally increase security:
+ public key authentication by itself does not trust the network or
+ name servers or anything (but the key); however, if somebody
+ somehow steals the key, the key permits an intruder to log in
+ from anywhere in the world. This additional option makes using a
+ stolen key more difficult (name servers and/or routers would have
+ to be compromised in addition to just the key).
+
+ no-agent-forwarding
+ Forbids authentication agent forwarding when this key is used for
+ authentication.
+
+ no-port-forwarding
+ Forbids TCP forwarding when this key is used for authentication.
+ Any port forward requests by the client will return an error.
+ This might be used, e.g. in connection with the command option.
+
+ no-pty Prevents tty allocation (a request to allocate a pty will fail).
+
+ no-user-rc
+ Disables execution of ~/.ssh/rc.
+
+ no-X11-forwarding
+ Forbids X11 forwarding when this key is used for authentication.
+ Any X11 forward requests by the client will return an error.
+
+ permitopen="host:port"
+ Limit local ``ssh -L'' port forwarding such that it may only
+ connect to the specified host and port. IPv6 addresses can be
+ specified by enclosing the address in square brackets. Multiple
+ permitopen options may be applied separated by commas. No
+ pattern matching is performed on the specified hostnames, they
+ must be literal domains or addresses. A port specification of *
+ matches any port.
+
+ principals="principals"
+ On a cert-authority line, specifies allowed principals for
+ certificate authentication as a comma-separated list. At least
+ one name from the list must appear in the certificate's list of
+ principals for the certificate to be accepted. This option is
+ ignored for keys that are not marked as trusted certificate
+ signers using the cert-authority option.
+
+ tunnel="n"
+ Force a tun(4) device on the server. Without this option, the
+ next available device will be used if the client requests a
+ tunnel.
+
+ An example authorized_keys file:
+
+ # Comments allowed at start of line
+ ssh-rsa AAAAB3Nza...LiPk== user@example.net
+ from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
+ AAAAB2...19Q== john@example.net
+ command="dump /home",no-pty,no-port-forwarding ssh-dss
+ AAAAC3...51R== example.net
+ permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
+ AAAAB5...21S==
+ tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
+ jane@example.net
+
+SSH_KNOWN_HOSTS FILE FORMAT
+ The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
+ public keys for all known hosts. The global file should be prepared by
+ the administrator (optional), and the per-user file is maintained
+ automatically: whenever the user connects from an unknown host, its key
+ is added to the per-user file.
+
+ Each line in these files contains the following fields: markers
+ (optional), hostnames, bits, exponent, modulus, comment. The fields are
+ separated by spaces.
+
+ The marker is optional, but if it is present then it must be one of
+ ``@cert-authority'', to indicate that the line contains a certification
+ authority (CA) key, or ``@revoked'', to indicate that the key contained
+ on the line is revoked and must not ever be accepted. Only one marker
+ should be used on a key line.
+
+ Hostnames is a comma-separated list of patterns (`*' and `?' act as
+ wildcards); each pattern in turn is matched against the canonical host
+ name (when authenticating a client) or against the user-supplied name
+ (when authenticating a server). A pattern may also be preceded by `!' to
+ indicate negation: if the host name matches a negated pattern, it is not
+ accepted (by that line) even if it matched another pattern on the line.
+ A hostname or address may optionally be enclosed within `[' and `]'
+ brackets then followed by `:' and a non-standard port number.
+
+ Alternately, hostnames may be stored in a hashed form which hides host
+ names and addresses should the file's contents be disclosed. Hashed
+ hostnames start with a `|' character. Only one hashed hostname may
+ appear on a single line and none of the above negation or wildcard
+ operators may be applied.
+
+ Bits, exponent, and modulus are taken directly from the RSA host key;
+ they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The
+ optional comment field continues to the end of the line, and is not used.
+
+ Lines starting with `#' and empty lines are ignored as comments.
+
+ When performing host authentication, authentication is accepted if any
+ matching line has the proper key; either one that matches exactly or, if
+ the server has presented a certificate for authentication, the key of the
+ certification authority that signed the certificate. For a key to be
+ trusted as a certification authority, it must use the ``@cert-authority''
+ marker described above.
+
+ The known hosts file also provides a facility to mark keys as revoked,
+ for example when it is known that the associated private key has been
+ stolen. Revoked keys are specified by including the ``@revoked'' marker
+ at the beginning of the key line, and are never accepted for
+ authentication or as certification authorities, but instead will produce
+ a warning from ssh(1) when they are encountered.
+
+ It is permissible (but not recommended) to have several lines or
+ different host keys for the same names. This will inevitably happen when
+ short forms of host names from different domains are put in the file. It
+ is possible that the files contain conflicting information;
+ authentication is accepted if valid information can be found from either
+ file.
+
+ Note that the lines in these files are typically hundreds of characters
+ long, and you definitely don't want to type in the host keys by hand.
+ Rather, generate them by a script, ssh-keyscan(1) or by taking
+ /etc/ssh/ssh_host_key.pub and adding the host names at the front.
+ ssh-keygen(1) also offers some basic automated editing for
+ ~/.ssh/known_hosts including removing hosts matching a host name and
+ converting all host names to their hashed representations.
+
+ An example ssh_known_hosts file:
+
+ # Comments allowed at start of line
+ closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net
+ cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
+ # A hashed hostname
+ |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
+ AAAA1234.....=
+ # A revoked key
+ @revoked * ssh-rsa AAAAB5W...
+ # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
+ @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
+
+FILES
+ ~/.hushlogin
+ This file is used to suppress printing the last login time and
+ /etc/motd, if PrintLastLog and PrintMotd, respectively, are
+ enabled. It does not suppress printing of the banner specified
+ by Banner.
+
+ ~/.rhosts
+ This file is used for host-based authentication (see ssh(1) for
+ more information). On some machines this file may need to be
+ world-readable if the user's home directory is on an NFS
+ partition, because sshd reads it as root. Additionally, this
+ file must be owned by the user, and must not have write
+ permissions for anyone else. The recommended permission for most
+ machines is read/write for the user, and not accessible by
+ others.
+
+ ~/.shosts
+ This file is used in exactly the same way as .rhosts, but allows
+ host-based authentication without permitting login with
+ rlogin/rsh.
+
+ ~/.ssh/
+ This directory is the default location for all user-specific
+ configuration and authentication information. There is no
+ general requirement to keep the entire contents of this directory
+ secret, but the recommended permissions are read/write/execute
+ for the user, and not accessible by others.
+
+ ~/.ssh/authorized_keys
+ Lists the public keys (DSA/ECDSA/RSA) that can be used for
+ logging in as this user. The format of this file is described
+ above. The content of the file is not highly sensitive, but the
+ recommended permissions are read/write for the user, and not
+ accessible by others.
+
+ If this file, the ~/.ssh directory, or the user's home directory
+ are writable by other users, then the file could be modified or
+ replaced by unauthorized users. In this case, sshd will not
+ allow it to be used unless the StrictModes option has been set to
+ ``no''.
+
+ ~/.ssh/environment
+ This file is read into the environment at login (if it exists).
+ It can only contain empty lines, comment lines (that start with
+ `#'), and assignment lines of the form name=value. The file
+ should be writable only by the user; it need not be readable by
+ anyone else. Environment processing is disabled by default and
+ is controlled via the PermitUserEnvironment option.
+
+ ~/.ssh/known_hosts
+ Contains a list of host keys for all hosts the user has logged
+ into that are not already in the systemwide list of known host
+ keys. The format of this file is described above. This file
+ should be writable only by root/the owner and can, but need not
+ be, world-readable.
+
+ ~/.ssh/rc
+ Contains initialization routines to be run before the user's home
+ directory becomes accessible. This file should be writable only
+ by the user, and need not be readable by anyone else.
+
+ /etc/hosts.allow
+ /etc/hosts.deny
+ Access controls that should be enforced by tcp-wrappers are
+ defined here. Further details are described in hosts_access(5).
+
+ /etc/hosts.equiv
+ This file is for host-based authentication (see ssh(1)). It
+ should only be writable by root.
+
+ /etc/moduli
+ Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
+ Exchange". The file format is described in moduli(5).
+
+ /etc/motd
+ See motd(5).
+
+ /etc/nologin
+ If this file exists, sshd refuses to let anyone except root log
+ in. The contents of the file are displayed to anyone trying to
+ log in, and non-root connections are refused. The file should be
+ world-readable.
+
+ /etc/shosts.equiv
+ This file is used in exactly the same way as hosts.equiv, but
+ allows host-based authentication without permitting login with
+ rlogin/rsh.
+
+ /etc/ssh/ssh_host_key
+ /etc/ssh/ssh_host_dsa_key
+ /etc/ssh/ssh_host_ecdsa_key
+ /etc/ssh/ssh_host_rsa_key
+ These files contain the private parts of the host keys. These
+ files should only be owned by root, readable only by root, and
+ not accessible to others. Note that sshd does not start if these
+ files are group/world-accessible.
+
+ /etc/ssh/ssh_host_key.pub
+ /etc/ssh/ssh_host_dsa_key.pub
+ /etc/ssh/ssh_host_ecdsa_key.pub
+ /etc/ssh/ssh_host_rsa_key.pub
+ These files contain the public parts of the host keys. These
+ files should be world-readable but writable only by root. Their
+ contents should match the respective private parts. These files
+ are not really used for anything; they are provided for the
+ convenience of the user so their contents can be copied to known
+ hosts files. These files are created using ssh-keygen(1).
+
+ /etc/ssh/ssh_known_hosts
+ Systemwide list of known host keys. This file should be prepared
+ by the system administrator to contain the public host keys of
+ all machines in the organization. The format of this file is
+ described above. This file should be writable only by root/the
+ owner and should be world-readable.
+
+ /etc/ssh/sshd_config
+ Contains configuration data for sshd. The file format and
+ configuration options are described in sshd_config(5).
+
+ /etc/ssh/sshrc
+ Similar to ~/.ssh/rc, it can be used to specify machine-specific
+ login-time initializations globally. This file should be
+ writable only by root, and should be world-readable.
+
+ /var/empty
+ chroot(2) directory used by sshd during privilege separation in
+ the pre-authentication phase. The directory should not contain
+ any files and must be owned by root and not group or world-
+ writable.
+
+ /var/run/sshd.pid
+ Contains the process ID of the sshd listening for connections (if
+ there are several daemons running concurrently for different
+ ports, this contains the process ID of the one started last).
+ The content of this file is not sensitive; it can be world-
+ readable.
+
+SEE ALSO
+ scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
+ ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5),
+ sshd_config(5), inetd(8), sftp-server(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
+ for privilege separation.
+
+CAVEATS
+ System security is not improved unless rshd, rlogind, and rexecd are
+ disabled (thus completely disabling rlogin and rsh into the machine).
+
+OpenBSD 5.4 June 27, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/sshd_config.0 b/crypto/openssh/sshd_config.0
new file mode 100644
index 0000000..5f1df7b
--- /dev/null
+++ b/crypto/openssh/sshd_config.0
@@ -0,0 +1,813 @@
+SSHD_CONFIG(5) OpenBSD Programmer's Manual SSHD_CONFIG(5)
+
+NAME
+ sshd_config - OpenSSH SSH daemon configuration file
+
+SYNOPSIS
+ /etc/ssh/sshd_config
+
+DESCRIPTION
+ sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
+ specified with -f on the command line). The file contains keyword-
+ argument pairs, one per line. Lines starting with `#' and empty lines
+ are interpreted as comments. Arguments may optionally be enclosed in
+ double quotes (") in order to represent arguments containing spaces.
+
+ The possible keywords and their meanings are as follows (note that
+ keywords are case-insensitive and arguments are case-sensitive):
+
+ AcceptEnv
+ Specifies what environment variables sent by the client will be
+ copied into the session's environ(7). See SendEnv in
+ ssh_config(5) for how to configure the client. Note that
+ environment passing is only supported for protocol 2. Variables
+ are specified by name, which may contain the wildcard characters
+ `*' and `?'. Multiple environment variables may be separated by
+ whitespace or spread across multiple AcceptEnv directives. Be
+ warned that some environment variables could be used to bypass
+ restricted user environments. For this reason, care should be
+ taken in the use of this directive. The default is not to accept
+ any environment variables.
+
+ AddressFamily
+ Specifies which address family should be used by sshd(8). Valid
+ arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6''
+ (use IPv6 only). The default is ``any''.
+
+ AllowAgentForwarding
+ Specifies whether ssh-agent(1) forwarding is permitted. The
+ default is ``yes''. Note that disabling agent forwarding does
+ not improve security unless users are also denied shell access,
+ as they can always install their own forwarders.
+
+ AllowGroups
+ This keyword can be followed by a list of group name patterns,
+ separated by spaces. If specified, login is allowed only for
+ users whose primary group or supplementary group list matches one
+ of the patterns. Only group names are valid; a numerical group
+ ID is not recognized. By default, login is allowed for all
+ groups. The allow/deny directives are processed in the following
+ order: DenyUsers, AllowUsers, DenyGroups, and finally
+ AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ AllowTcpForwarding
+ Specifies whether TCP forwarding is permitted. The available
+ options are ``yes'' or ``all'' to allow TCP forwarding, ``no'' to
+ prevent all TCP forwarding, ``local'' to allow local (from the
+ perspective of ssh(1)) forwarding only or ``remote'' to allow
+ remote forwarding only. The default is ``yes''. Note that
+ disabling TCP forwarding does not improve security unless users
+ are also denied shell access, as they can always install their
+ own forwarders.
+
+ AllowUsers
+ This keyword can be followed by a list of user name patterns,
+ separated by spaces. If specified, login is allowed only for
+ user names that match one of the patterns. Only user names are
+ valid; a numerical user ID is not recognized. By default, login
+ is allowed for all users. If the pattern takes the form
+ USER@HOST then USER and HOST are separately checked, restricting
+ logins to particular users from particular hosts. The allow/deny
+ directives are processed in the following order: DenyUsers,
+ AllowUsers, DenyGroups, and finally AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ AuthenticationMethods
+ Specifies the authentication methods that must be successfully
+ completed for a user to be granted access. This option must be
+ followed by one or more comma-separated lists of authentication
+ method names. Successful authentication requires completion of
+ every method in at least one of these lists.
+
+ For example, an argument of ``publickey,password
+ publickey,keyboard-interactive'' would require the user to
+ complete public key authentication, followed by either password
+ or keyboard interactive authentication. Only methods that are
+ next in one or more lists are offered at each stage, so for this
+ example, it would not be possible to attempt password or
+ keyboard-interactive authentication before public key.
+
+ For keyboard interactive authentication it is also possible to
+ restrict authentication to a specific device by appending a colon
+ followed by the device identifier ``bsdauth'', ``pam'', or
+ ``skey'', depending on the server configuration. For example,
+ ``keyboard-interactive:bsdauth'' would restrict keyboard
+ interactive authentication to the ``bsdauth'' device.
+
+ This option is only available for SSH protocol 2 and will yield a
+ fatal error if enabled if protocol 1 is also enabled. Note that
+ each authentication method listed should also be explicitly
+ enabled in the configuration. The default is not to require
+ multiple authentication; successful completion of a single
+ authentication method is sufficient.
+
+ AuthorizedKeysCommand
+ Specifies a program to be used to look up the user's public keys.
+ The program must be owned by root and not writable by group or
+ others. It will be invoked with a single argument of the
+ username being authenticated, and should produce on standard
+ output zero or more lines of authorized_keys output (see
+ AUTHORIZED_KEYS in sshd(8)). If a key supplied by
+ AuthorizedKeysCommand does not successfully authenticate and
+ authorize the user then public key authentication continues using
+ the usual AuthorizedKeysFile files. By default, no
+ AuthorizedKeysCommand is run.
+
+ AuthorizedKeysCommandUser
+ Specifies the user under whose account the AuthorizedKeysCommand
+ is run. It is recommended to use a dedicated user that has no
+ other role on the host than running authorized keys commands.
+
+ AuthorizedKeysFile
+ Specifies the file that contains the public keys that can be used
+ for user authentication. The format is described in the
+ AUTHORIZED_KEYS FILE FORMAT section of sshd(8).
+ AuthorizedKeysFile may contain tokens of the form %T which are
+ substituted during connection setup. The following tokens are
+ defined: %% is replaced by a literal '%', %h is replaced by the
+ home directory of the user being authenticated, and %u is
+ replaced by the username of that user. After expansion,
+ AuthorizedKeysFile is taken to be an absolute path or one
+ relative to the user's home directory. Multiple files may be
+ listed, separated by whitespace. The default is
+ ``.ssh/authorized_keys .ssh/authorized_keys2''.
+
+ AuthorizedPrincipalsFile
+ Specifies a file that lists principal names that are accepted for
+ certificate authentication. When using certificates signed by a
+ key listed in TrustedUserCAKeys, this file lists names, one of
+ which must appear in the certificate for it to be accepted for
+ authentication. Names are listed one per line preceded by key
+ options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
+ Empty lines and comments starting with `#' are ignored.
+
+ AuthorizedPrincipalsFile may contain tokens of the form %T which
+ are substituted during connection setup. The following tokens
+ are defined: %% is replaced by a literal '%', %h is replaced by
+ the home directory of the user being authenticated, and %u is
+ replaced by the username of that user. After expansion,
+ AuthorizedPrincipalsFile is taken to be an absolute path or one
+ relative to the user's home directory.
+
+ The default is ``none'', i.e. not to use a principals file - in
+ this case, the username of the user must appear in a
+ certificate's principals list for it to be accepted. Note that
+ AuthorizedPrincipalsFile is only used when authentication
+ proceeds using a CA listed in TrustedUserCAKeys and is not
+ consulted for certification authorities trusted via
+ ~/.ssh/authorized_keys, though the principals= key option offers
+ a similar facility (see sshd(8) for details).
+
+ Banner The contents of the specified file are sent to the remote user
+ before authentication is allowed. If the argument is ``none''
+ then no banner is displayed. This option is only available for
+ protocol version 2. By default, no banner is displayed.
+
+ ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed
+ (e.g. via PAM or though authentication styles supported in
+ login.conf(5)) The default is ``yes''.
+
+ ChrootDirectory
+ Specifies the pathname of a directory to chroot(2) to after
+ authentication. All components of the pathname must be root-
+ owned directories that are not writable by any other user or
+ group. After the chroot, sshd(8) changes the working directory
+ to the user's home directory.
+
+ The pathname may contain the following tokens that are expanded
+ at runtime once the connecting user has been authenticated: %% is
+ replaced by a literal '%', %h is replaced by the home directory
+ of the user being authenticated, and %u is replaced by the
+ username of that user.
+
+ The ChrootDirectory must contain the necessary files and
+ directories to support the user's session. For an interactive
+ session this requires at least a shell, typically sh(1), and
+ basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4),
+ stderr(4), arandom(4) and tty(4) devices. For file transfer
+ sessions using ``sftp'', no additional configuration of the
+ environment is necessary if the in-process sftp server is used,
+ though sessions which use logging do require /dev/log inside the
+ chroot directory (see sftp-server(8) for details).
+
+ The default is not to chroot(2).
+
+ Ciphers
+ Specifies the ciphers allowed for protocol version 2. Multiple
+ ciphers must be comma-separated. The supported ciphers are
+ ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
+ ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
+ ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'',
+ ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
+ and ``cast128-cbc''. The default is:
+
+ aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
+ aes128-gcm@openssh.com,aes256-gcm@openssh.com,
+ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
+ aes256-cbc,arcfour
+
+ ClientAliveCountMax
+ Sets the number of client alive messages (see below) which may be
+ sent without sshd(8) receiving any messages back from the client.
+ If this threshold is reached while client alive messages are
+ being sent, sshd will disconnect the client, terminating the
+ session. It is important to note that the use of client alive
+ messages is very different from TCPKeepAlive (below). The client
+ alive messages are sent through the encrypted channel and
+ therefore will not be spoofable. The TCP keepalive option
+ enabled by TCPKeepAlive is spoofable. The client alive mechanism
+ is valuable when the client or server depend on knowing when a
+ connection has become inactive.
+
+ The default value is 3. If ClientAliveInterval (see below) is
+ set to 15, and ClientAliveCountMax is left at the default,
+ unresponsive SSH clients will be disconnected after approximately
+ 45 seconds. This option applies to protocol version 2 only.
+
+ ClientAliveInterval
+ Sets a timeout interval in seconds after which if no data has
+ been received from the client, sshd(8) will send a message
+ through the encrypted channel to request a response from the
+ client. The default is 0, indicating that these messages will
+ not be sent to the client. This option applies to protocol
+ version 2 only.
+
+ Compression
+ Specifies whether compression is allowed, or delayed until the
+ user has authenticated successfully. The argument must be
+ ``yes'', ``delayed'', or ``no''. The default is ``delayed''.
+
+ DenyGroups
+ This keyword can be followed by a list of group name patterns,
+ separated by spaces. Login is disallowed for users whose primary
+ group or supplementary group list matches one of the patterns.
+ Only group names are valid; a numerical group ID is not
+ recognized. By default, login is allowed for all groups. The
+ allow/deny directives are processed in the following order:
+ DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ DenyUsers
+ This keyword can be followed by a list of user name patterns,
+ separated by spaces. Login is disallowed for user names that
+ match one of the patterns. Only user names are valid; a
+ numerical user ID is not recognized. By default, login is
+ allowed for all users. If the pattern takes the form USER@HOST
+ then USER and HOST are separately checked, restricting logins to
+ particular users from particular hosts. The allow/deny
+ directives are processed in the following order: DenyUsers,
+ AllowUsers, DenyGroups, and finally AllowGroups.
+
+ See PATTERNS in ssh_config(5) for more information on patterns.
+
+ ForceCommand
+ Forces the execution of the command specified by ForceCommand,
+ ignoring any command supplied by the client and ~/.ssh/rc if
+ present. The command is invoked by using the user's login shell
+ with the -c option. This applies to shell, command, or subsystem
+ execution. It is most useful inside a Match block. The command
+ originally supplied by the client is available in the
+ SSH_ORIGINAL_COMMAND environment variable. Specifying a command
+ of ``internal-sftp'' will force the use of an in-process sftp
+ server that requires no support files when used with
+ ChrootDirectory.
+
+ GatewayPorts
+ Specifies whether remote hosts are allowed to connect to ports
+ forwarded for the client. By default, sshd(8) binds remote port
+ forwardings to the loopback address. This prevents other remote
+ hosts from connecting to forwarded ports. GatewayPorts can be
+ used to specify that sshd should allow remote port forwardings to
+ bind to non-loopback addresses, thus allowing other hosts to
+ connect. The argument may be ``no'' to force remote port
+ forwardings to be available to the local host only, ``yes'' to
+ force remote port forwardings to bind to the wildcard address, or
+ ``clientspecified'' to allow the client to select the address to
+ which the forwarding is bound. The default is ``no''.
+
+ GSSAPIAuthentication
+ Specifies whether user authentication based on GSSAPI is allowed.
+ The default is ``no''. Note that this option applies to protocol
+ version 2 only.
+
+ GSSAPICleanupCredentials
+ Specifies whether to automatically destroy the user's credentials
+ cache on logout. The default is ``yes''. Note that this option
+ applies to protocol version 2 only.
+
+ HostbasedAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication
+ together with successful public key client host authentication is
+ allowed (host-based authentication). This option is similar to
+ RhostsRSAAuthentication and applies to protocol version 2 only.
+ The default is ``no''.
+
+ HostbasedUsesNameFromPacketOnly
+ Specifies whether or not the server will attempt to perform a
+ reverse name lookup when matching the name in the ~/.shosts,
+ ~/.rhosts, and /etc/hosts.equiv files during
+ HostbasedAuthentication. A setting of ``yes'' means that sshd(8)
+ uses the name supplied by the client rather than attempting to
+ resolve the name from the TCP connection itself. The default is
+ ``no''.
+
+ HostCertificate
+ Specifies a file containing a public host certificate. The
+ certificate's public key must match a private host key already
+ specified by HostKey. The default behaviour of sshd(8) is not to
+ load any certificates.
+
+ HostKey
+ Specifies a file containing a private host key used by SSH. The
+ default is /etc/ssh/ssh_host_key for protocol version 1, and
+ /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
+ /etc/ssh/ssh_host_rsa_key for protocol version 2. Note that
+ sshd(8) will refuse to use a file if it is group/world-
+ accessible. It is possible to have multiple host key files.
+ ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or
+ ``rsa'' are used for version 2 of the SSH protocol. It is also
+ possible to specify public host key files instead. In this case
+ operations on the private key will be delegated to an
+ ssh-agent(1).
+
+ HostKeyAgent
+ Identifies the UNIX-domain socket used to communicate with an
+ agent that has access to the private host keys. If
+ ``SSH_AUTH_SOCK'' is specified, the location of the socket will
+ be read from the SSH_AUTH_SOCK environment variable.
+
+ IgnoreRhosts
+ Specifies that .rhosts and .shosts files will not be used in
+ RhostsRSAAuthentication or HostbasedAuthentication.
+
+ /etc/hosts.equiv and /etc/shosts.equiv are still used. The
+ default is ``yes''.
+
+ IgnoreUserKnownHosts
+ Specifies whether sshd(8) should ignore the user's
+ ~/.ssh/known_hosts during RhostsRSAAuthentication or
+ HostbasedAuthentication. The default is ``no''.
+
+ IPQoS Specifies the IPv4 type-of-service or DSCP class for the
+ connection. Accepted values are ``af11'', ``af12'', ``af13'',
+ ``af21'', ``af22'', ``af23'', ``af31'', ``af32'', ``af33'',
+ ``af41'', ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'',
+ ``cs4'', ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'',
+ ``throughput'', ``reliability'', or a numeric value. This option
+ may take one or two arguments, separated by whitespace. If one
+ argument is specified, it is used as the packet class
+ unconditionally. If two values are specified, the first is
+ automatically selected for interactive sessions and the second
+ for non-interactive sessions. The default is ``lowdelay'' for
+ interactive sessions and ``throughput'' for non-interactive
+ sessions.
+
+ KerberosAuthentication
+ Specifies whether the password provided by the user for
+ PasswordAuthentication will be validated through the Kerberos
+ KDC. To use this option, the server needs a Kerberos servtab
+ which allows the verification of the KDC's identity. The default
+ is ``no''.
+
+ KerberosGetAFSToken
+ If AFS is active and the user has a Kerberos 5 TGT, attempt to
+ acquire an AFS token before accessing the user's home directory.
+ The default is ``no''.
+
+ KerberosOrLocalPasswd
+ If password authentication through Kerberos fails then the
+ password will be validated via any additional local mechanism
+ such as /etc/passwd. The default is ``yes''.
+
+ KerberosTicketCleanup
+ Specifies whether to automatically destroy the user's ticket
+ cache file on logout. The default is ``yes''.
+
+ KexAlgorithms
+ Specifies the available KEX (Key Exchange) algorithms. Multiple
+ algorithms must be comma-separated. The default is
+ ``ecdh-sha2-nistp256'', ``ecdh-sha2-nistp384'',
+ ``ecdh-sha2-nistp521'', ``diffie-hellman-group-exchange-sha256'',
+ ``diffie-hellman-group-exchange-sha1'',
+ ``diffie-hellman-group14-sha1'', ``diffie-hellman-group1-sha1''.
+
+ KeyRegenerationInterval
+ In protocol version 1, the ephemeral server key is automatically
+ regenerated after this many seconds (if it has been used). The
+ purpose of regeneration is to prevent decrypting captured
+ sessions by later breaking into the machine and stealing the
+ keys. The key is never stored anywhere. If the value is 0, the
+ key is never regenerated. The default is 3600 (seconds).
+
+ ListenAddress
+ Specifies the local addresses sshd(8) should listen on. The
+ following forms may be used:
+
+ ListenAddress host|IPv4_addr|IPv6_addr
+ ListenAddress host|IPv4_addr:port
+ ListenAddress [host|IPv6_addr]:port
+
+ If port is not specified, sshd will listen on the address and all
+ prior Port options specified. The default is to listen on all
+ local addresses. Multiple ListenAddress options are permitted.
+ Additionally, any Port options must precede this option for non-
+ port qualified addresses.
+
+ LoginGraceTime
+ The server disconnects after this time if the user has not
+ successfully logged in. If the value is 0, there is no time
+ limit. The default is 120 seconds.
+
+ LogLevel
+ Gives the verbosity level that is used when logging messages from
+ sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
+ VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
+ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
+ higher levels of debugging output. Logging with a DEBUG level
+ violates the privacy of users and is not recommended.
+
+ MACs Specifies the available MAC (message authentication code)
+ algorithms. The MAC algorithm is used in protocol version 2 for
+ data integrity protection. Multiple algorithms must be comma-
+ separated. The algorithms that contain ``-etm'' calculate the
+ MAC after encryption (encrypt-then-mac). These are considered
+ safer and their use recommended. The default is:
+
+ hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
+ umac-64-etm@openssh.com,umac-128-etm@openssh.com,
+ hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
+ hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
+ hmac-md5-96-etm@openssh.com,
+ hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
+ hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
+ hmac-sha1-96,hmac-md5-96
+
+ Match Introduces a conditional block. If all of the criteria on the
+ Match line are satisfied, the keywords on the following lines
+ override those set in the global section of the config file,
+ until either another Match line or the end of the file.
+
+ The arguments to Match are one or more criteria-pattern pairs.
+ The available criteria are User, Group, Host, LocalAddress,
+ LocalPort, and Address. The match patterns may consist of single
+ entries or comma-separated lists and may use the wildcard and
+ negation operators described in the PATTERNS section of
+ ssh_config(5).
+
+ The patterns in an Address criteria may additionally contain
+ addresses to match in CIDR address/masklen format, e.g.
+ ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask
+ length provided must be consistent with the address - it is an
+ error to specify a mask length that is too long for the address
+ or one with bits set in this host portion of the address. For
+ example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively.
+
+ Only a subset of keywords may be used on the lines following a
+ Match keyword. Available keywords are AcceptEnv,
+ AllowAgentForwarding, AllowGroups, AllowTcpForwarding,
+ AllowUsers, AuthenticationMethods, AuthorizedKeysCommand,
+ AuthorizedKeysCommandUser, AuthorizedKeysFile,
+ AuthorizedPrincipalsFile, Banner, ChrootDirectory, DenyGroups,
+ DenyUsers, ForceCommand, GatewayPorts, GSSAPIAuthentication,
+ HostbasedAuthentication, HostbasedUsesNameFromPacketOnly,
+ KbdInteractiveAuthentication, KerberosAuthentication,
+ MaxAuthTries, MaxSessions, PasswordAuthentication,
+ PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel,
+ PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication,
+ RSAAuthentication, X11DisplayOffset, X11Forwarding and
+ X11UseLocalHost.
+
+ MaxAuthTries
+ Specifies the maximum number of authentication attempts permitted
+ per connection. Once the number of failures reaches half this
+ value, additional failures are logged. The default is 6.
+
+ MaxSessions
+ Specifies the maximum number of open sessions permitted per
+ network connection. The default is 10.
+
+ MaxStartups
+ Specifies the maximum number of concurrent unauthenticated
+ connections to the SSH daemon. Additional connections will be
+ dropped until authentication succeeds or the LoginGraceTime
+ expires for a connection. The default is 10:30:100.
+
+ Alternatively, random early drop can be enabled by specifying the
+ three colon separated values ``start:rate:full'' (e.g.
+ "10:30:60"). sshd(8) will refuse connection attempts with a
+ probability of ``rate/100'' (30%) if there are currently
+ ``start'' (10) unauthenticated connections. The probability
+ increases linearly and all connection attempts are refused if the
+ number of unauthenticated connections reaches ``full'' (60).
+
+ PasswordAuthentication
+ Specifies whether password authentication is allowed. The
+ default is ``yes''.
+
+ PermitEmptyPasswords
+ When password authentication is allowed, it specifies whether the
+ server allows login to accounts with empty password strings. The
+ default is ``no''.
+
+ PermitOpen
+ Specifies the destinations to which TCP port forwarding is
+ permitted. The forwarding specification must be one of the
+ following forms:
+
+ PermitOpen host:port
+ PermitOpen IPv4_addr:port
+ PermitOpen [IPv6_addr]:port
+
+ Multiple forwards may be specified by separating them with
+ whitespace. An argument of ``any'' can be used to remove all
+ restrictions and permit any forwarding requests. An argument of
+ ``none'' can be used to prohibit all forwarding requests. By
+ default all port forwarding requests are permitted.
+
+ PermitRootLogin
+ Specifies whether root can log in using ssh(1). The argument
+ must be ``yes'', ``without-password'', ``forced-commands-only'',
+ or ``no''. The default is ``yes''.
+
+ If this option is set to ``without-password'', password
+ authentication is disabled for root.
+
+ If this option is set to ``forced-commands-only'', root login
+ with public key authentication will be allowed, but only if the
+ command option has been specified (which may be useful for taking
+ remote backups even if root login is normally not allowed). All
+ other authentication methods are disabled for root.
+
+ If this option is set to ``no'', root is not allowed to log in.
+
+ PermitTunnel
+ Specifies whether tun(4) device forwarding is allowed. The
+ argument must be ``yes'', ``point-to-point'' (layer 3),
+ ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits
+ both ``point-to-point'' and ``ethernet''. The default is ``no''.
+
+ PermitUserEnvironment
+ Specifies whether ~/.ssh/environment and environment= options in
+ ~/.ssh/authorized_keys are processed by sshd(8). The default is
+ ``no''. Enabling environment processing may enable users to
+ bypass access restrictions in some configurations using
+ mechanisms such as LD_PRELOAD.
+
+ PidFile
+ Specifies the file that contains the process ID of the SSH
+ daemon. The default is /var/run/sshd.pid.
+
+ Port Specifies the port number that sshd(8) listens on. The default
+ is 22. Multiple options of this type are permitted. See also
+ ListenAddress.
+
+ PrintLastLog
+ Specifies whether sshd(8) should print the date and time of the
+ last user login when a user logs in interactively. The default
+ is ``yes''.
+
+ PrintMotd
+ Specifies whether sshd(8) should print /etc/motd when a user logs
+ in interactively. (On some systems it is also printed by the
+ shell, /etc/profile, or equivalent.) The default is ``yes''.
+
+ Protocol
+ Specifies the protocol versions sshd(8) supports. The possible
+ values are `1' and `2'. Multiple versions must be comma-
+ separated. The default is `2'. Note that the order of the
+ protocol list does not indicate preference, because the client
+ selects among multiple protocol versions offered by the server.
+ Specifying ``2,1'' is identical to ``1,2''.
+
+ PubkeyAuthentication
+ Specifies whether public key authentication is allowed. The
+ default is ``yes''. Note that this option applies to protocol
+ version 2 only.
+
+ RekeyLimit
+ Specifies the maximum amount of data that may be transmitted
+ before the session key is renegotiated, optionally followed a
+ maximum amount of time that may pass before the session key is
+ renegotiated. The first argument is specified in bytes and may
+ have a suffix of `K', `M', or `G' to indicate Kilobytes,
+ Megabytes, or Gigabytes, respectively. The default is between
+ `1G' and `4G', depending on the cipher. The optional second
+ value is specified in seconds and may use any of the units
+ documented in the TIME FORMATS section. The default value for
+ RekeyLimit is ``default none'', which means that rekeying is
+ performed after the cipher's default amount of data has been sent
+ or received and no time based rekeying is done. This option
+ applies to protocol version 2 only.
+
+ RevokedKeys
+ Specifies revoked public keys. Keys listed in this file will be
+ refused for public key authentication. Note that if this file is
+ not readable, then public key authentication will be refused for
+ all users. Keys may be specified as a text file, listing one
+ public key per line, or as an OpenSSH Key Revocation List (KRL)
+ as generated by ssh-keygen(1). For more information on KRLs, see
+ the KEY REVOCATION LISTS section in ssh-keygen(1).
+
+ RhostsRSAAuthentication
+ Specifies whether rhosts or /etc/hosts.equiv authentication
+ together with successful RSA host authentication is allowed. The
+ default is ``no''. This option applies to protocol version 1
+ only.
+
+ RSAAuthentication
+ Specifies whether pure RSA authentication is allowed. The
+ default is ``yes''. This option applies to protocol version 1
+ only.
+
+ ServerKeyBits
+ Defines the number of bits in the ephemeral protocol version 1
+ server key. The minimum value is 512, and the default is 1024.
+
+ StrictModes
+ Specifies whether sshd(8) should check file modes and ownership
+ of the user's files and home directory before accepting login.
+ This is normally desirable because novices sometimes accidentally
+ leave their directory or files world-writable. The default is
+ ``yes''. Note that this does not apply to ChrootDirectory, whose
+ permissions and ownership are checked unconditionally.
+
+ Subsystem
+ Configures an external subsystem (e.g. file transfer daemon).
+ Arguments should be a subsystem name and a command (with optional
+ arguments) to execute upon subsystem request.
+
+ The command sftp-server(8) implements the ``sftp'' file transfer
+ subsystem.
+
+ Alternately the name ``internal-sftp'' implements an in-process
+ ``sftp'' server. This may simplify configurations using
+ ChrootDirectory to force a different filesystem root on clients.
+
+ By default no subsystems are defined. Note that this option
+ applies to protocol version 2 only.
+
+ SyslogFacility
+ Gives the facility code that is used when logging messages from
+ sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
+ LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
+ default is AUTH.
+
+ TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages
+ to the other side. If they are sent, death of the connection or
+ crash of one of the machines will be properly noticed. However,
+ this means that connections will die if the route is down
+ temporarily, and some people find it annoying. On the other
+ hand, if TCP keepalives are not sent, sessions may hang
+ indefinitely on the server, leaving ``ghost'' users and consuming
+ server resources.
+
+ The default is ``yes'' (to send TCP keepalive messages), and the
+ server will notice if the network goes down or the client host
+ crashes. This avoids infinitely hanging sessions.
+
+ To disable TCP keepalive messages, the value should be set to
+ ``no''.
+
+ TrustedUserCAKeys
+ Specifies a file containing public keys of certificate
+ authorities that are trusted to sign user certificates for
+ authentication. Keys are listed one per line; empty lines and
+ comments starting with `#' are allowed. If a certificate is
+ presented for authentication and has its signing CA key listed in
+ this file, then it may be used for authentication for any user
+ listed in the certificate's principals list. Note that
+ certificates that lack a list of principals will not be permitted
+ for authentication using TrustedUserCAKeys. For more details on
+ certificates, see the CERTIFICATES section in ssh-keygen(1).
+
+ UseDNS Specifies whether sshd(8) should look up the remote host name and
+ check that the resolved host name for the remote IP address maps
+ back to the very same IP address. The default is ``yes''.
+
+ UseLogin
+ Specifies whether login(1) is used for interactive login
+ sessions. The default is ``no''. Note that login(1) is never
+ used for remote command execution. Note also, that if this is
+ enabled, X11Forwarding will be disabled because login(1) does not
+ know how to handle xauth(1) cookies. If UsePrivilegeSeparation
+ is specified, it will be disabled after authentication.
+
+ UsePAM Enables the Pluggable Authentication Module interface. If set to
+ ``yes'' this will enable PAM authentication using
+ ChallengeResponseAuthentication and PasswordAuthentication in
+ addition to PAM account and session module processing for all
+ authentication types.
+
+ Because PAM challenge-response authentication usually serves an
+ equivalent role to password authentication, you should disable
+ either PasswordAuthentication or ChallengeResponseAuthentication.
+
+ If UsePAM is enabled, you will not be able to run sshd(8) as a
+ non-root user. The default is ``no''.
+
+ UsePrivilegeSeparation
+ Specifies whether sshd(8) separates privileges by creating an
+ unprivileged child process to deal with incoming network traffic.
+ After successful authentication, another process will be created
+ that has the privilege of the authenticated user. The goal of
+ privilege separation is to prevent privilege escalation by
+ containing any corruption within the unprivileged processes. The
+ default is ``yes''. If UsePrivilegeSeparation is set to
+ ``sandbox'' then the pre-authentication unprivileged process is
+ subject to additional restrictions.
+
+ VersionAddendum
+ Optionally specifies additional text to append to the SSH
+ protocol banner sent by the server upon connection. The default
+ is ``none''.
+
+ X11DisplayOffset
+ Specifies the first display number available for sshd(8)'s X11
+ forwarding. This prevents sshd from interfering with real X11
+ servers. The default is 10.
+
+ X11Forwarding
+ Specifies whether X11 forwarding is permitted. The argument must
+ be ``yes'' or ``no''. The default is ``no''.
+
+ When X11 forwarding is enabled, there may be additional exposure
+ to the server and to client displays if the sshd(8) proxy display
+ is configured to listen on the wildcard address (see
+ X11UseLocalhost below), though this is not the default.
+ Additionally, the authentication spoofing and authentication data
+ verification and substitution occur on the client side. The
+ security risk of using X11 forwarding is that the client's X11
+ display server may be exposed to attack when the SSH client
+ requests forwarding (see the warnings for ForwardX11 in
+ ssh_config(5)). A system administrator may have a stance in
+ which they want to protect clients that may expose themselves to
+ attack by unwittingly requesting X11 forwarding, which can
+ warrant a ``no'' setting.
+
+ Note that disabling X11 forwarding does not prevent users from
+ forwarding X11 traffic, as users can always install their own
+ forwarders. X11 forwarding is automatically disabled if UseLogin
+ is enabled.
+
+ X11UseLocalhost
+ Specifies whether sshd(8) should bind the X11 forwarding server
+ to the loopback address or to the wildcard address. By default,
+ sshd binds the forwarding server to the loopback address and sets
+ the hostname part of the DISPLAY environment variable to
+ ``localhost''. This prevents remote hosts from connecting to the
+ proxy display. However, some older X11 clients may not function
+ with this configuration. X11UseLocalhost may be set to ``no'' to
+ specify that the forwarding server should be bound to the
+ wildcard address. The argument must be ``yes'' or ``no''. The
+ default is ``yes''.
+
+ XAuthLocation
+ Specifies the full pathname of the xauth(1) program. The default
+ is /usr/X11R6/bin/xauth.
+
+TIME FORMATS
+ sshd(8) command-line arguments and configuration file options that
+ specify time may be expressed using a sequence of the form:
+ time[qualifier], where time is a positive integer value and qualifier is
+ one of the following:
+
+ <none> seconds
+ s | S seconds
+ m | M minutes
+ h | H hours
+ d | D days
+ w | W weeks
+
+ Each member of the sequence is added together to calculate the total time
+ value.
+
+ Time format examples:
+
+ 600 600 seconds (10 minutes)
+ 10m 10 minutes
+ 1h30m 1 hour 30 minutes (90 minutes)
+
+FILES
+ /etc/ssh/sshd_config
+ Contains configuration data for sshd(8). This file should be
+ writable by root only, but it is recommended (though not
+ necessary) that it be world-readable.
+
+SEE ALSO
+ sshd(8)
+
+AUTHORS
+ OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+ de Raadt and Dug Song removed many bugs, re-added newer features and
+ created OpenSSH. Markus Friedl contributed the support for SSH protocol
+ versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
+ for privilege separation.
+
+OpenBSD 5.4 July 19, 2013 OpenBSD 5.4
diff --git a/crypto/openssh/survey.sh.in b/crypto/openssh/survey.sh.in
new file mode 100644
index 0000000..d6075a6
--- /dev/null
+++ b/crypto/openssh/survey.sh.in
@@ -0,0 +1,69 @@
+#!/bin/sh
+#
+# Copyright (c) 2004, 2005 Darren Tucker
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+host="@host@"
+AWK="@AWK@"
+CC="@CC@"
+CPP="@CPP@"
+CFLAGS="@CFLAGS@"
+CPPFLAGS="@CPPFLAGS@"
+LDFLAGS="@LDFLAGS@"
+LIBS="@LIBS@"
+
+# Note format:
+# identifier: [data] CRCR
+
+echo "openssh-survey-version: 1"
+echo
+echo "openssh-version: `./ssh -V 2>&1`"
+echo
+configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'`
+echo "configure-invocation: $configinv"
+echo
+echo "host: $host"
+echo
+echo "uname: `uname`"
+echo
+echo "uname-r: `uname -r`"
+echo
+echo "uname-m: `uname -m`"
+echo
+echo "uname-p: `uname -p`"
+echo
+echo "oslevel: `oslevel 2>/dev/null`"
+echo
+echo "oslevel-r: `oslevel -r 2>/dev/null`"
+echo
+echo "cc: $CC"
+echo
+echo "cflags: $CFLAGS"
+echo
+echo "cppflags: $CPPFLAGS"
+echo
+echo "ldflags: $LDFLAGS"
+echo
+echo "libs: $LIBS"
+echo
+echo "ccver-v: `$CC -v 2>&1 | sed '/^[ \t]*$/d'`"
+echo
+echo "ccver-V: `$CC -V 2>&1 | sed '/^[ \t]*$/d'`"
+echo
+echo "cppdefines:"
+${CPP} -dM - </dev/null
+echo
+echo "config.h:"
+egrep '#define|#undef' config.h
+echo
OpenPOWER on IntegriCloud