diff options
Diffstat (limited to 'crypto')
80 files changed, 0 insertions, 11367 deletions
diff --git a/crypto/openssh/Makefile.in b/crypto/openssh/Makefile.in deleted file mode 100644 index fb6426b..0000000 --- a/crypto/openssh/Makefile.in +++ /dev/null @@ -1,438 +0,0 @@ -# $Id: Makefile.in,v 1.283 2006/10/23 21:44:47 tim Exp $ - -# uncomment if you run a non bourne compatable shell. Ie. csh -#SHELL = @SH@ - -AUTORECONF=autoreconf - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -bindir=@bindir@ -sbindir=@sbindir@ -libexecdir=@libexecdir@ -datadir=@datadir@ -datarootdir=@datarootdir@ -mandir=@mandir@ -mansubdir=@mansubdir@ -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -DESTDIR= -VPATH=@srcdir@ -SSH_PROGRAM=@bindir@/ssh -ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass -SFTP_SERVER=$(libexecdir)/sftp-server -SSH_KEYSIGN=$(libexecdir)/ssh-keysign -RAND_HELPER=$(libexecdir)/ssh-rand-helper -PRIVSEP_PATH=@PRIVSEP_PATH@ -SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ -STRIP_OPT=@STRIP_OPT@ - -PATHS= -DSSHDIR=\"$(sysconfdir)\" \ - -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ - -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ - -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ - -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \ - -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ - -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \ - -DSSH_RAND_HELPER=\"$(RAND_HELPER)\" - -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -LIBS=@LIBS@ -LIBSELINUX=@LIBSELINUX@ -SSHDLIBS=@SSHDLIBS@ -LIBEDIT=@LIBEDIT@ -LIBPAM=@LIBPAM@ -LIBWRAP=@LIBWRAP@ -AR=@AR@ -AWK=@AWK@ -RANLIB=@RANLIB@ -INSTALL=@INSTALL@ -PERL=@PERL@ -SED=@SED@ -ENT=@ENT@ -XAUTH_PATH=@XAUTH_PATH@ -LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -EXEEXT=@EXEEXT@ - -INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ -INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ - -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) - -LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ - canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ - cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ - compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ - log.o match.o md-sha256.o moduli.o nchan.o packet.o \ - readpass.o rsa.o ttymodes.o xmalloc.o \ - atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ - monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ - kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ - entropy.o scard-opensc.o gss-genr.o - -SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect1.o sshconnect2.o - -SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - sshpty.o sshlogin.o servconf.o serverloop.o \ - auth.o auth1.o auth2.o auth-options.o session.o \ - auth-chall.o auth2-chall.o groupaccess.o \ - auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ - auth2-none.o auth2-passwd.o auth2-pubkey.o \ - monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ - auth-krb5.o \ - auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o platform.o - -MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out -MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 -MANTYPE = @MANTYPE@ - -CONFIGFILES=sshd_config.out ssh_config.out moduli.out -CONFIGFILES_IN=sshd_config ssh_config moduli - -PATHSUBS = \ - -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \ - -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ - -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ - -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ - -e 's|/usr/libexec|$(libexecdir)|g' \ - -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \ - -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ - -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ - -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ - -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ - -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ - -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \ - -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \ - -e 's|/var/empty|$(PRIVSEP_PATH)|g' \ - -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' - -FIXPATHSCMD = $(SED) $(PATHSUBS) - -all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) - -$(LIBSSH_OBJS): Makefile.in config.h -$(SSHOBJS): Makefile.in config.h -$(SSHDOBJS): Makefile.in config.h - -.c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - -LIBCOMPAT=openbsd-compat/libopenbsd-compat.a -$(LIBCOMPAT): always - (cd openbsd-compat && $(MAKE)) -always: - -libssh.a: $(LIBSSH_OBJS) - $(AR) rv $@ $(LIBSSH_OBJS) - $(RANLIB) $@ - -ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS) - -scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o - $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o - $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o - $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o - $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o - $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o - $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) - -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o - $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) - -ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o - $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - -# test driver for the loginrec code - not built by default -logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o - $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) - -$(MANPAGES): $(MANPAGES_IN) - if test "$(MANTYPE)" = "cat"; then \ - manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \ - else \ - manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ - fi; \ - if test "$(MANTYPE)" = "man"; then \ - $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ - else \ - $(FIXPATHSCMD) $${manpage} > $@; \ - fi - -$(CONFIGFILES): $(CONFIGFILES_IN) - conffile=`echo $@ | sed 's/.out$$//'`; \ - $(FIXPATHSCMD) $(srcdir)/$${conffile} > $@ - -ssh_prng_cmds.out: ssh_prng_cmds - if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \ - $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ - fi - -# fake rule to stop make trying to compile moduli.o into a binary "moduli.o" -moduli: - echo - -clean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core survey - (cd openbsd-compat && $(MAKE) clean) - -distclean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core opensshd.init openssh.xml - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds - rm -f survey.sh openbsd-compat/regress/Makefile *~ - rm -rf autom4te.cache - (cd openbsd-compat && $(MAKE) distclean) - (cd scard && $(MAKE) distclean) - if test -d pkg ; then \ - rm -fr pkg ; \ - fi - -veryclean: distclean - rm -f configure config.h.in *.0 - -mrproper: veryclean - -realclean: veryclean - -catman-do: - @for f in $(MANPAGES_IN) ; do \ - base=`echo $$f | sed 's/\..*$$//'` ; \ - echo "$$f -> $$base.0" ; \ - nroff -mandoc $$f | cat -v | sed -e 's/.\^H//g' \ - >$$base.0 ; \ - done - -distprep: catman-do - $(AUTORECONF) - -rm -rf autom4te.cache - (cd scard && $(MAKE) -f Makefile.in distprep) - -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf -install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files - -check-config: - -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config - -scard-install: - (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) - -install-files: scard-install - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) - (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh - $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan - $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd - if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ - fi - $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) - $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp - $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) - $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 - $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 - $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 - $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ - $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ - fi - $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 - -rm -f $(DESTDIR)$(bindir)/slogin - ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - -install-sysconf: - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi - @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ - $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ - fi - @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ - $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ - fi - @if [ -f ssh_prng_cmds ] && [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ - $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ - fi ; \ - fi - @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ - if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ - echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ - mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ - else \ - $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \ - fi ; \ - else \ - echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ - fi - -host-key: ssh-keygen$(EXEEXT) - @if [ -z "$(DESTDIR)" ] ; then \ - if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \ - fi ; \ - if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \ - fi ; \ - if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key ] ; then \ - echo "$(DESTDIR)$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \ - else \ - ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ; \ - fi ; \ - fi ; - -host-key-force: ssh-keygen$(EXEEXT) - ./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" - ./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" - ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" - -uninstallall: uninstall - -rm -f $(DESTDIR)$(sysconfdir)/ssh_config - -rm -f $(DESTDIR)$(sysconfdir)/sshd_config - -rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds - -rmdir $(DESTDIR)$(sysconfdir) - -rmdir $(DESTDIR)$(bindir) - -rmdir $(DESTDIR)$(sbindir) - -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1 - -rmdir $(DESTDIR)$(mandir)/$(mansubdir)8 - -rmdir $(DESTDIR)$(mandir) - -rmdir $(DESTDIR)$(libexecdir) - -uninstall: - -rm -f $(DESTDIR)$(bindir)/slogin - -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) - -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) - -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) - -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) - -rm -f $(DESTDIR)$(RAND_HELPER)$(EXEEXT) - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - -tests: $(TARGETS) - BUILDDIR=`pwd`; \ - [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ - [ -f `pwd`/regress/Makefile ] || \ - ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ - TEST_SHELL="@TEST_SHELL@"; \ - TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ - TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ - TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \ - TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \ - TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \ - TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \ - TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \ - TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \ - cd $(srcdir)/regress || exit $$?; \ - $(MAKE) \ - .OBJDIR="$${BUILDDIR}/regress" \ - .CURDIR="`pwd`" \ - BUILDDIR="$${BUILDDIR}" \ - OBJ="$${BUILDDIR}/regress/" \ - PATH="$${BUILDDIR}:$${PATH}" \ - TEST_SHELL="$${TEST_SHELL}" \ - TEST_SSH_SSH="$${TEST_SSH_SSH}" \ - TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \ - TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \ - TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \ - TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \ - TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \ - TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \ - TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \ - EXEEXT="$(EXEEXT)" \ - $@ - -compat-tests: $(LIBCOMPAT) - (cd openbsd-compat/regress && $(MAKE)) - -regressclean: - if [ -f regress/Makefile ] && [ -r regress/Makefile ]; then \ - (cd regress && $(MAKE) clean) \ - fi - -survey: survey.sh ssh - @$(SHELL) ./survey.sh > survey - @echo 'The survey results have been placed in the file "survey" in the' - @echo 'current directory. Please review the file then send with' - @echo '"make send-survey".' - -send-survey: survey - mail portable-survey@mindrot.org <survey - -package: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) - if [ "@MAKE_PACKAGE_SUPPORTED@" = yes ]; then \ - sh buildpkg.sh; \ - fi - diff --git a/crypto/openssh/Makefile.inc b/crypto/openssh/Makefile.inc deleted file mode 100644 index c68f59a..0000000 --- a/crypto/openssh/Makefile.inc +++ /dev/null @@ -1,26 +0,0 @@ -# $OpenBSD: Makefile.inc,v 1.23 2002/03/06 00:23:27 markus Exp $ - -CFLAGS+= -I${.CURDIR}/.. - -CDIAGFLAGS= -Wall -#CDIAGFLAGS+= -Werror -CDIAGFLAGS+= -Wpointer-arith -CDIAGFLAGS+= -Wno-uninitialized -#CDIAGFLAGS+= -Wstrict-prototypes -CDIAGFLAGS+= -Wmissing-prototypes -CDIAGFLAGS+= -Wunused - -#DEBUG=-g - -#CFLAGS+= -DSMARTCARD -#LDADD+= -lsectok - -.include <bsd.obj.mk> - -.if exists(${.CURDIR}/../lib/${__objdir}) -LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh -DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a -.else -LDADD+= -L${.CURDIR}/../lib -lssh -DPADD+= ${.CURDIR}/../lib/libssh.a -.endif diff --git a/crypto/openssh/buildpkg.sh.in b/crypto/openssh/buildpkg.sh.in deleted file mode 100644 index 17349f7..0000000 --- a/crypto/openssh/buildpkg.sh.in +++ /dev/null @@ -1,682 +0,0 @@ -#!/bin/sh -# -# Fake Root Solaris/SVR4/SVR5 Build System - Prototype -# -# The following code has been provide under Public Domain License. I really -# don't care what you use it for. Just as long as you don't complain to me -# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) -# -umask 022 -# -# Options for building the package -# You can create a openssh-config.local with your customized options -# -REMOVE_FAKE_ROOT_WHEN_DONE=yes -# -# uncommenting TEST_DIR and using -# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty -# and -# PKGNAME=tOpenSSH should allow testing a package without interfering -# with a real OpenSSH package on a system. This is not needed on systems -# that support the -R option to pkgadd. -#TEST_DIR=/var/tmp # leave commented out for production build -PKGNAME=OpenSSH -# revisions within the same version (REV=a) -#REV= -SYSVINIT_NAME=opensshd -AWK=${AWK:="nawk"} -MAKE=${MAKE:="make"} -SSHDUID=67 # Default privsep uid -SSHDGID=67 # Default privsep gid -# uncomment these next three as needed -#PERMIT_ROOT_LOGIN=no -#X11_FORWARDING=yes -#USR_LOCAL_IS_SYMLINK=yes -# System V init run levels -SYSVINITSTART=S98 -SYSVINITSTOPT=K30 -# We will source these if they exist -POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh -POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh -# We'll be one level deeper looking for these -PKG_PREINSTALL_LOCAL=../pkg-preinstall.local -PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local -PKG_PREREMOVE_LOCAL=../pkg-preremove.local -PKG_POSTREMOVE_LOCAL=../pkg-postremove.local -PKG_REQUEST_LOCAL=../pkg-request.local -# end of sourced files -# -OPENSSHD=opensshd.init -OPENSSH_MANIFEST=openssh.xml -OPENSSH_FMRI=svc:/site/openssh:default - -PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@ -PATH_USERADD_PROG=@PATH_USERADD_PROG@ -PATH_PASSWD_PROG=@PATH_PASSWD_PROG@ -# -# list of system directories we do NOT want to change owner/group/perms -# when installing our package -SYSTEM_DIR="/etc \ -/etc/init.d \ -/etc/rcS.d \ -/etc/rc0.d \ -/etc/rc1.d \ -/etc/rc2.d \ -/etc/opt \ -/lib \ -/lib/svc \ -/lib/svc/method \ -/lib/svc/method/site \ -/opt \ -/opt/bin \ -/usr \ -/usr/bin \ -/usr/lib \ -/usr/sbin \ -/usr/share \ -/usr/share/man \ -/usr/share/man/man1 \ -/usr/share/man/man8 \ -/usr/local \ -/usr/local/bin \ -/usr/local/etc \ -/usr/local/libexec \ -/usr/local/man \ -/usr/local/man/man1 \ -/usr/local/man/man8 \ -/usr/local/sbin \ -/usr/local/share \ -/var \ -/var/opt \ -/var/run \ -/var/svc \ -/var/svc/manifest \ -/var/svc/manifest/site \ -/var/tmp \ -/tmp" - -# We may need to build as root so we make sure PATH is set up -# only set the path if it's not set already -[ -d /opt/bin ] && { - echo $PATH | grep ":/opt/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/opt/bin -} -[ -d /usr/local/bin ] && { - echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin -} -[ -d /usr/ccs/bin ] && { - echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 - [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin -} -export PATH -# - -[ -f Makefile ] || { - echo "Please run this script from your build directory" - exit 1 -} - -# we will look for openssh-config.local to override the above options -[ -s ./openssh-config.local ] && . ./openssh-config.local - -START=`pwd` -FAKE_ROOT=$START/pkg - -## Fill in some details, like prefix and sysconfdir -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir -do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` -done - -## Are we using Solaris' SMF? -DO_SMF=0 -if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1 -then - DO_SMF=1 -fi - -## Collect value of privsep user -for confvar in SSH_PRIVSEP_USER -do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` -done - -## Set privsep defaults if not defined -if [ -z "$SSH_PRIVSEP_USER" ] -then - SSH_PRIVSEP_USER=sshd -fi - -## Extract common info requires for the 'info' part of the package. -VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` - -ARCH=`uname -m` -DEF_MSG="\n" -OS_VER=`uname -v` -SCRIPT_SHELL=/sbin/sh -UNAME_R=`uname -r` -UNAME_S=`uname -s` -case ${UNAME_S} in - SunOS) UNAME_S=Solaris - OS_VER=${UNAME_R} - ARCH=`uname -p` - RCS_D=yes - DEF_MSG="(default: n)" - ;; - SCO_SV) case ${UNAME_R} in - 3.2) UNAME_S=OpenServer5 - OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'` - ;; - 5) UNAME_S=OpenServer6 - ;; - esac - SCRIPT_SHELL=/bin/sh - RC1_D=no - DEF_MSG="(default: n)" - ;; -esac - -case `basename $0` in - buildpkg.sh) -## Start by faking root install -echo "Faking root install..." -[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT -mkdir $FAKE_ROOT -${MAKE} install-nokeys DESTDIR=$FAKE_ROOT -if [ $? -gt 0 ] -then - echo "Fake root install failed, stopping." - exit 1 -fi - -## Setup our run level stuff while we are at it. -if [ $DO_SMF -eq 1 ] -then - # For Solaris' SMF, /lib/svc/method/site is the preferred place - # for start/stop scripts that aren't supplied with the OS, and - # similarly /var/svc/manifest/site for manifests. - mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site - mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site - - cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} - chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME} - - cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site - chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST} -else - mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d - - cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} - chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} -fi - -[ "${PERMIT_ROOT_LOGIN}" = no ] && \ - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -[ "${X11_FORWARDING}" = yes ] && \ - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config -# fix PrintMotd -perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config - -# We don't want to overwrite config files on multiple installs -mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default -mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default -[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \ -mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default - -# local tweeks here -[ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES} - -cd $FAKE_ROOT - -## Ok, this is outright wrong, but it will work. I'm tired of pkgmk -## whining. -for i in *; do - PROTO_ARGS="$PROTO_ARGS $i=/$i"; -done - -## Build info file -echo "Building pkginfo file..." -cat > pkginfo << _EOF -PKG=$PKGNAME -NAME="OpenSSH Portable for ${UNAME_S}" -DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." -VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" -ARCH=$ARCH -VERSION=$VERSION$REV -CATEGORY="Security,application" -BASEDIR=/ -CLASSES="none" -PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" -_EOF - -## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS -echo "Building depend file..." -touch depend - -## Build space file -echo "Building space file..." -if [ $DO_SMF -eq 1 ] -then - # XXX Is this necessary? If not, remove space line from mk-proto.awk. - touch space -else - cat > space << _EOF -# extra space required by start/stop links added by installf -# in postinstall -$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1 -$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1 -_EOF - [ "$RC1_D" = no ] || \ - echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space - [ "$RCS_D" = yes ] && \ - echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space -fi - -## Build preinstall file -echo "Building preinstall file..." -cat > preinstall << _EOF -#! ${SCRIPT_SHELL} -# -_EOF - -# local preinstall changes here -[ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL} - -cat >> preinstall << _EOF -# -if [ "\${PRE_INS_STOP}" = "yes" ] -then - if [ $DO_SMF -eq 1 ] - then - svcadm disable $OPENSSH_FMRI - else - ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop - fi -fi - -exit 0 -_EOF - -## Build postinstall file -echo "Building postinstall file..." -cat > postinstall << _EOF -#! ${SCRIPT_SHELL} -# -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config -[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { - [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ - cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ - \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds -} - -# make rc?.d dirs only if we are doing a test install -[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { - [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d - mkdir -p ${TEST_DIR}/etc/rc0.d - [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d - mkdir -p ${TEST_DIR}/etc/rc2.d -} - -if [ $DO_SMF -eq 1 ] -then - # Delete the existing service, if it exists, then import the - # new one. - if svcs $OPENSSH_FMRI > /dev/null 2>&1 - then - svccfg delete -f $OPENSSH_FMRI - fi - # NOTE, if manifest enables sshd by default, this will actually - # start the daemon, which may not be what the user wants. - svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST -else - if [ "\${USE_SYM_LINKS}" = yes ] - then - [ "$RCS_D" = yes ] && \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s - else - [ "$RCS_D" = yes ] && \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - [ "$RC1_D" = no ] || \ - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l - fi -fi - -# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) -[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys - -_EOF - -# local postinstall changes here -[ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL} - -cat >> postinstall << _EOF -installf -f ${PKGNAME} - -# Use chroot to handle PKG_INSTALL_ROOT -if [ ! -z "\${PKG_INSTALL_ROOT}" ] -then - chroot="chroot \${PKG_INSTALL_ROOT}" -fi -# If this is a test build, we will skip the groupadd/useradd/passwd commands -if [ ! -z "${TEST_DIR}" ] -then - chroot=echo -fi - - echo "PrivilegeSeparation user always required." - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\` - SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\` - else - DO_PASSWD=yes - fi - [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER - - # group required? - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null - then - echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists." - else - DO_GROUP=yes - fi - - # create group if required - [ "\$DO_GROUP" = yes ] && { - # Use gid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null - then - : - else - sshdgid="-g $SSHDGID" - fi - echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP." - \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP - } - - # Create user if required - [ "\$DO_PASSWD" = yes ] && { - # Use uid of 67 if possible - if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null - then - : - else - sshduid="-u $SSHDUID" - fi - echo "Creating PrivSep user $SSH_PRIVSEP_USER." - \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER - \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER - } - -if [ "\${POST_INS_START}" = "yes" ] -then - if [ $DO_SMF -eq 1 ] - then - # See svccfg import note above. The service may already - # be started. - svcadm enable $OPENSSH_FMRI - else - ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start - fi -fi -exit 0 -_EOF - -## Build preremove file -echo "Building preremove file..." -cat > preremove << _EOF -#! ${SCRIPT_SHELL} -# -if [ $DO_SMF -eq 1 ] -then - svcadm disable $OPENSSH_FMRI -else - ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop -fi -_EOF - -# local preremove changes here -[ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL} - -cat >> preremove << _EOF -exit 0 -_EOF - -## Build postremove file -echo "Building postremove file..." -cat > postremove << _EOF -#! ${SCRIPT_SHELL} -# -if [ $DO_SMF -eq 1 ] -then - if svcs $OPENSSH_FMRI > /dev/null 2>&1 - then - svccfg delete -f $OPENSSH_FMRI - fi -fi -_EOF - -# local postremove changes here -[ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL} - -cat >> postremove << _EOF -exit 0 -_EOF - -## Build request file -echo "Building request file..." -cat > request << _EOF -trap 'exit 3' 15 - -_EOF - -[ -x /usr/bin/ckyorn ] || cat >> request << _EOF - -ckyorn() { -# for some strange reason OpenServer5 has no ckyorn -# We build a striped down version here - -DEFAULT=n -PROMPT="Yes or No [yes,no,?,quit]" -HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no." -USAGE="usage: ckyorn [options] -where options may include: - -d default - -h help - -p prompt -" - -if [ \$# != 0 ] -then - while getopts d:p:h: c - do - case \$c in - h) HELP_PROMPT="\$OPTARG" ;; - d) DEFAULT=\$OPTARG ;; - p) PROMPT=\$OPTARG ;; - \\?) echo "\$USAGE" 1>&2 - exit 1 ;; - esac - done - shift \`expr \$OPTIND - 1\` -fi - -while true -do - echo "\${PROMPT}\\c " 1>&2 - read key - [ -z "\$key" ] && key=\$DEFAULT - case \$key in - [n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c" - exit 0 ;; - \\?) echo \$HELP_PROMPT 1>&2 ;; - q|quit) echo "q\\c" 1>&2 - exit 3 ;; - esac -done - -} - -_EOF - -if [ $DO_SMF -eq 1 ] -then - # This could get hairy, as the running sshd may not be under SMF. - # We'll assume an earlier version of OpenSSH started via SMF. - cat >> request << _EOF -PRE_INS_STOP=no -POST_INS_START=no -# determine if should restart the daemon -if [ -s ${piddir}/sshd.pid ] && \ - /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 -then - ans=\`ckyorn -d n \ --p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) PRE_INS_STOP=yes - POST_INS_START=yes - ;; - esac - -else - -# determine if we should start sshd - ans=\`ckyorn -d n \ --p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) POST_INS_START=yes ;; - esac -fi - -# make parameters available to installation service, -# and so to any other packaging scripts -cat >\$1 <<! -PRE_INS_STOP='\$PRE_INS_STOP' -POST_INS_START='\$POST_INS_START' -! - -_EOF -else - cat >> request << _EOF -USE_SYM_LINKS=no -PRE_INS_STOP=no -POST_INS_START=no -# Use symbolic links? -ans=\`ckyorn -d n \ --p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? -case \$ans in - [y,Y]*) USE_SYM_LINKS=yes ;; -esac - -# determine if should restart the daemon -if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] -then - ans=\`ckyorn -d n \ --p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) PRE_INS_STOP=yes - POST_INS_START=yes - ;; - esac - -else - -# determine if we should start sshd - ans=\`ckyorn -d n \ --p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? - case \$ans in - [y,Y]*) POST_INS_START=yes ;; - esac -fi - -# make parameters available to installation service, -# and so to any other packaging scripts -cat >\$1 <<! -USE_SYM_LINKS='\$USE_SYM_LINKS' -PRE_INS_STOP='\$PRE_INS_STOP' -POST_INS_START='\$POST_INS_START' -! - -_EOF -fi - -# local request changes here -[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL} - -cat >> request << _EOF -exit 0 - -_EOF - -## Next Build our prototype -echo "Building prototype file..." -cat >mk-proto.awk << _EOF - BEGIN { print "i pkginfo"; print "i depend"; \\ - print "i preinstall"; print "i postinstall"; \\ - print "i preremove"; print "i postremove"; \\ - print "i request"; print "i space"; \\ - split("$SYSTEM_DIR",sys_files); } - { - for (dir in sys_files) { if ( \$3 != sys_files[dir] ) - { if ( \$1 == "s" ) - { \$5=""; \$6=""; } - else - { \$5="root"; \$6="sys"; } - } - else - { \$4="?"; \$5="?"; \$6="?"; break;} - } } - { print; } -_EOF - -find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ - pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype - -# /usr/local is a symlink on some systems -[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { - grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new - mv prototype.new prototype -} - -## Step back a directory and now build the package. -cd .. -# local prototype tweeks here -[ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS} - -echo "Building package.." -pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o -echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg - ;; - - justpkg.sh) -rm -fr ${FAKE_ROOT}/${PKGNAME} -grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp -mv $$tmp $FAKE_ROOT/pkginfo -cat >> $FAKE_ROOT/pkginfo << _EOF -PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" -_EOF -pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o -echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg - ;; - -esac - -[ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT -exit 0 - diff --git a/crypto/openssh/config.sub b/crypto/openssh/config.sub deleted file mode 100755 index 519f2cd..0000000 --- a/crypto/openssh/config.sub +++ /dev/null @@ -1,1570 +0,0 @@ -#! /bin/sh -# Configuration validation subroutine script. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. - -timestamp='2005-05-12' - -# This file is (in principle) common to ALL GNU software. -# The presence of a machine in this file suggests that SOME GNU software -# can handle that machine. It does not imply ALL GNU software can. -# -# This file is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA -# 02110-1301, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Please send patches to <config-patches@gnu.org>. Submit a context -# diff and a properly formatted ChangeLog entry. -# -# Configuration subroutine to validate and canonicalize a configuration type. -# Supply the specified configuration type as an argument. -# If it is invalid, we print an error message on stderr and exit with code 1. -# Otherwise, we print the canonical config type on stdout and succeed. - -# This file is supposed to be the same for all GNU packages -# and recognize all the CPU types, system types and aliases -# that are meaningful with *any* GNU software. -# Each package is responsible for reporting which valid configurations -# it does not support. The user should be able to distinguish -# a failure to support a valid configuration from a meaningless -# configuration. - -# The goal of this file is to map all the various variations of a given -# machine specification into a single specification in the form: -# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM -# or in some cases, the newer four-part form: -# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM -# It is wrong to echo any other type of specification. - -me=`echo "$0" | sed -e 's,.*/,,'` - -usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS - -Canonicalize a configuration name. - -Operation modes: - -h, --help print this help, then exit - -t, --time-stamp print date of last modification, then exit - -v, --version print version number, then exit - -Report bugs and patches to <config-patches@gnu.org>." - -version="\ -GNU config.sub ($timestamp) - -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. - -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." - -help=" -Try \`$me --help' for more information." - -# Parse command line -while test $# -gt 0 ; do - case $1 in - --time-stamp | --time* | -t ) - echo "$timestamp" ; exit ;; - --version | -v ) - echo "$version" ; exit ;; - --help | --h* | -h ) - echo "$usage"; exit ;; - -- ) # Stop option processing - shift; break ;; - - ) # Use stdin as input. - break ;; - -* ) - echo "$me: invalid option $1$help" - exit 1 ;; - - *local*) - # First pass through any local machine types. - echo $1 - exit ;; - - * ) - break ;; - esac -done - -case $# in - 0) echo "$me: missing argument$help" >&2 - exit 1;; - 1) ;; - *) echo "$me: too many arguments$help" >&2 - exit 1;; -esac - -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ - kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray) - os= - basic_machine=$1 - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*) - os=-lynxos - ;; - -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` - ;; - -psos*) - os=-psos - ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; -esac - -# Decode aliases for certain CPU-COMPANY combinations. -case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ - | bfin \ - | c4x | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | i370 | i860 | i960 | ia64 \ - | ip2k | iq2000 \ - | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64vr | mips64vrel \ - | mips64orion | mips64orionel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | msp430 \ - | ns16k | ns32k \ - | openrisc | or32 \ - | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ - | pyramid \ - | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ - | tahoe | thumb | tic4x | tic80 | tron \ - | v850 | v850e \ - | we32k \ - | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) - basic_machine=$basic_machine-unknown - ;; - m6811 | m68hc11 | m6812 | m68hc12) - # Motorola 68HC11/12. - basic_machine=$basic_machine-unknown - os=-none - ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) - ;; - - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ - | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | i*86-* | i860-* | i960-* | ia64-* \ - | ip2k-* | iq2000-* \ - | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | msp430-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ - | pyramid-* \ - | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tron-* \ - | v850-* | v850e-* | vax-* \ - | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ - | ymp-* \ - | z8k-*) - ;; - # Recognize the various machine names and aliases which stand - # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-unknown - os=-bsd - ;; - 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att - ;; - 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16c) - basic_machine=cr16c-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec - ;; - decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 - ;; - decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 - ;; - delta | 3300 | motorola-3300 | motorola-delta \ - | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx - ;; - dpx2* | dpx2*-bull) - basic_machine=m68k-bull - os=-sysv3 - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd - ;; - encore | umax | mmax) - basic_machine=ns32k-encore - ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose - ;; - fx2800) - basic_machine=i860-alliant - ;; - genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 - ;; - h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux - ;; - hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp - ;; - hp9k3[2-9][0-9]) - basic_machine=m68k-hp - ;; - hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp - ;; - hp9k78[0-9] | hp78[0-9]) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) - # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp - ;; - hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppa-next) - os=-nextstep3 - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm - ;; -# I'm not sure what "Sysv32" means. Should this be sysv3.2? - i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv32 - ;; - i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv4 - ;; - i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-sysv - ;; - i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - i386-vsta | vsta) - basic_machine=i386-unknown - os=-vsta - ;; - iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) - ;; - *) - os=-irix4 - ;; - esac - ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - m88k-omron*) - basic_machine=m88k-omron - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - mingw32) - basic_machine=i386-pc - os=-mingw32 - ;; - miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos - ;; - news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv - ;; - next | m*-next ) - basic_machine=m68k-next - case $os in - -nextstep* ) - ;; - -ns2*) - os=-nextstep2 - ;; - *) - os=-nextstep3 - ;; - esac - ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; - np1) - basic_machine=np1-gould - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - or32 | or32-*) - basic_machine=or32-unknown - os=-coff - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k - ;; - pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - pbd) - basic_machine=sparc-tti - ;; - pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc) basic_machine=powerpc-unknown - ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle | ppc-le | powerpc-little) - basic_machine=powerpcle-unknown - ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64) basic_machine=powerpc64-unknown - ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) - basic_machine=powerpc64le-unknown - ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` - ;; - ps2) - basic_machine=i386-ibm - ;; - pw32) - basic_machine=i586-unknown - os=-pw32 - ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff - ;; - rm[46]00) - basic_machine=mips-siemens - ;; - rtpc | rtpc-*) - basic_machine=romp-ibm - ;; - s390 | s390-*) - basic_machine=s390-ibm - ;; - s390x | s390x-*) - basic_machine=s390x-ibm - ;; - sa29200) - basic_machine=a29k-amd - os=-udi - ;; - sb1) - basic_machine=mipsisa64sb1-unknown - ;; - sb1el) - basic_machine=mipsisa64sb1el-unknown - ;; - sei) - basic_machine=mips-sei - os=-seiux - ;; - sequent) - basic_machine=i386-sequent - ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) - basic_machine=sparclite-wrs - os=-vxworks - ;; - sps7) - basic_machine=m68k-bull - os=-sysv2 - ;; - spur) - basic_machine=spur-unknown - ;; - st2000) - basic_machine=m68k-tandem - ;; - stratus) - basic_machine=i860-stratus - os=-sysv4 - ;; - sun2) - basic_machine=m68000-sun - ;; - sun2os3) - basic_machine=m68000-sun - os=-sunos3 - ;; - sun2os4) - basic_machine=m68000-sun - os=-sunos4 - ;; - sun3os3) - basic_machine=m68k-sun - os=-sunos3 - ;; - sun3os4) - basic_machine=m68k-sun - os=-sunos4 - ;; - sun4os3) - basic_machine=sparc-sun - os=-sunos3 - ;; - sun4os4) - basic_machine=sparc-sun - os=-sunos4 - ;; - sun4sol2) - basic_machine=sparc-sun - os=-solaris2 - ;; - sun3 | sun3-*) - basic_machine=m68k-sun - ;; - sun4) - basic_machine=sparc-sun - ;; - sun386 | sun386i | roadrunner) - basic_machine=i386-sun - ;; - sv1) - basic_machine=sv1-cray - os=-unicos - ;; - symmetry) - basic_machine=i386-sequent - os=-dynix - ;; - t3e) - basic_machine=alphaev5-cray - os=-unicos - ;; - t90) - basic_machine=t90-cray - os=-unicos - ;; - tic54x | c54x*) - basic_machine=tic54x-unknown - os=-coff - ;; - tic55x | c55x*) - basic_machine=tic55x-unknown - os=-coff - ;; - tic6x | c6x*) - basic_machine=tic6x-unknown - os=-coff - ;; - tx39) - basic_machine=mipstx39-unknown - ;; - tx39el) - basic_machine=mipstx39el-unknown - ;; - toad1) - basic_machine=pdp10-xkl - os=-tops20 - ;; - tower | tower-32) - basic_machine=m68k-ncr - ;; - tpf) - basic_machine=s390x-ibm - os=-tpf - ;; - udi29k) - basic_machine=a29k-amd - os=-udi - ;; - ultra3) - basic_machine=a29k-nyu - os=-sym1 - ;; - v810 | necv810) - basic_machine=v810-nec - os=-none - ;; - vaxv) - basic_machine=vax-dec - os=-sysv - ;; - vms) - basic_machine=vax-dec - os=-vms - ;; - vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; - vxworks960) - basic_machine=i960-wrs - os=-vxworks - ;; - vxworks68) - basic_machine=m68k-wrs - os=-vxworks - ;; - vxworks29k) - basic_machine=a29k-wrs - os=-vxworks - ;; - w65*) - basic_machine=w65-wdc - os=-none - ;; - w89k-*) - basic_machine=hppa1.1-winbond - os=-proelf - ;; - xbox) - basic_machine=i686-pc - os=-mingw32 - ;; - xps | xps100) - basic_machine=xps100-honeywell - ;; - ymp) - basic_machine=ymp-cray - os=-unicos - ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - none) - basic_machine=none-none - os=-none - ;; - -# Here we handle the default manufacturer of certain CPU types. It is in -# some cases the only manufacturer, in others, it is the most popular. - w89k) - basic_machine=hppa1.1-winbond - ;; - op50n) - basic_machine=hppa1.1-oki - ;; - op60c) - basic_machine=hppa1.1-oki - ;; - romp) - basic_machine=romp-ibm - ;; - mmix) - basic_machine=mmix-knuth - ;; - rs6000) - basic_machine=rs6000-ibm - ;; - vax) - basic_machine=vax-dec - ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; - pdp11) - basic_machine=pdp11-dec - ;; - we32k) - basic_machine=we32k-att - ;; - sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) - basic_machine=sh-unknown - ;; - sh64) - basic_machine=sh64-unknown - ;; - sparc | sparcv8 | sparcv9 | sparcv9b) - basic_machine=sparc-sun - ;; - cydra) - basic_machine=cydra-cydrome - ;; - orion) - basic_machine=orion-highlevel - ;; - orion105) - basic_machine=clipper-highlevel - ;; - mac | mpw | mac-mpw) - basic_machine=m68k-apple - ;; - pmac | pmac-mpw) - basic_machine=powerpc-apple - ;; - *-unknown) - # Make sure to match an already-canonicalized machine name. - ;; - *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 - exit 1 - ;; -esac - -# Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` - ;; - *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` - ;; - *) - ;; -esac - -# Decode manufacturer-specific aliases for certain operating systems. - -if [ x"$os" != x"" ] -then -case $os in - # First match some system type aliases - # that might get confused with valid system types. - # -solaris* is a basic system type, with this one exception. - -solaris1 | -solaris1.*) - os=`echo $os | sed -e 's|solaris1|sunos4|'` - ;; - -solaris) - os=-solaris2 - ;; - -svr4*) - os=-sysv4 - ;; - -unixware*) - os=-sysv4.2uw - ;; - -gnu/linux*) - os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` - ;; - # First accept the basic system types. - # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. - # -sysv* is not here because it comes later, after sysvr4. - -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ - | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ - | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ - | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ - | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ - | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ - | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ - | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ - | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ - | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ - | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ - | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ - | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ - | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ - | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*) - # Remember, each alternative MUST END IN *, to match a version number. - ;; - -qnx*) - case $basic_machine in - x86-* | i*86-*) - ;; - *) - os=-nto$os - ;; - esac - ;; - -nto-qnx*) - ;; - -nto*) - os=`echo $os | sed -e 's|nto|nto-qnx|'` - ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ - | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) - ;; - -mac*) - os=`echo $os | sed -e 's|mac|macos|'` - ;; - -linux-dietlibc) - os=-linux-dietlibc - ;; - -linux*) - os=`echo $os | sed -e 's|linux|linux-gnu|'` - ;; - -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` - ;; - -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` - ;; - -opened*) - os=-openedition - ;; - -os400*) - os=-os400 - ;; - -wince*) - os=-wince - ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; - -utek*) - os=-bsd - ;; - -dynix*) - os=-bsd - ;; - -acis*) - os=-aos - ;; - -atheos*) - os=-atheos - ;; - -syllable*) - os=-syllable - ;; - -386bsd) - os=-bsd - ;; - -ctix* | -uts*) - os=-sysv - ;; - -nova*) - os=-rtmk-nova - ;; - -ns2 ) - os=-nextstep2 - ;; - -nsk*) - os=-nsk - ;; - # Preserve the version number of sinix5. - -sinix5.*) - os=`echo $os | sed -e 's|sinix|sysv|'` - ;; - -sinix*) - os=-sysv4 - ;; - -tpf*) - os=-tpf - ;; - -triton*) - os=-sysv3 - ;; - -oss*) - os=-sysv3 - ;; - -svr4) - os=-sysv4 - ;; - -svr3) - os=-sysv3 - ;; - -sysvr4) - os=-sysv4 - ;; - # This must come after -sysvr4. - -sysv*) - ;; - -ose*) - os=-ose - ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint - ;; - -aros*) - os=-aros - ;; - -kaos*) - os=-kaos - ;; - -zvmoe) - os=-zvmoe - ;; - -none) - ;; - *) - # Get rid of the `-' at the beginning of $os. - os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 - exit 1 - ;; -esac -else - -# Here we handle the default operating systems that come with various machines. -# The value should be what the vendor currently ships out the door with their -# machine or put another way, the most popular os provided with the machine. - -# Note that if you're going to try to match "-MANUFACTURER" here (say, -# "-sun"), then you have to tell the case statement up towards the top -# that MANUFACTURER isn't an operating system. Otherwise, code above -# will signal an error saying that MANUFACTURER isn't an operating -# system, and we'll never get to this point. - -case $basic_machine in - *-acorn) - os=-riscix1.2 - ;; - arm*-rebel) - os=-linux - ;; - arm*-semi) - os=-aout - ;; - c4x-* | tic4x-*) - os=-coff - ;; - # This must come before the *-dec entry. - pdp10-*) - os=-tops20 - ;; - pdp11-*) - os=-none - ;; - *-dec | vax-*) - os=-ultrix4.2 - ;; - m68*-apollo) - os=-domain - ;; - i386-sun) - os=-sunos4.0.2 - ;; - m68000-sun) - os=-sunos3 - # This also exists in the configure program, but was not the - # default. - # os=-sunos4 - ;; - m68*-cisco) - os=-aout - ;; - mips*-cisco) - os=-elf - ;; - mips*-*) - os=-elf - ;; - or32-*) - os=-coff - ;; - *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 - ;; - sparc-* | *-sun) - os=-sunos4.1.1 - ;; - *-be) - os=-beos - ;; - *-ibm) - os=-aix - ;; - *-knuth) - os=-mmixware - ;; - *-wec) - os=-proelf - ;; - *-winbond) - os=-proelf - ;; - *-oki) - os=-proelf - ;; - *-hp) - os=-hpux - ;; - *-hitachi) - os=-hiux - ;; - i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv - ;; - *-cbm) - os=-amigaos - ;; - *-dg) - os=-dgux - ;; - *-dolphin) - os=-sysv3 - ;; - m68k-ccur) - os=-rtu - ;; - m88k-omron*) - os=-luna - ;; - *-next ) - os=-nextstep - ;; - *-sequent) - os=-ptx - ;; - *-crds) - os=-unos - ;; - *-ns) - os=-genix - ;; - i370-*) - os=-mvs - ;; - *-next) - os=-nextstep3 - ;; - *-gould) - os=-sysv - ;; - *-highlevel) - os=-bsd - ;; - *-encore) - os=-bsd - ;; - *-sgi) - os=-irix - ;; - *-siemens) - os=-sysv4 - ;; - *-masscomp) - os=-rtu - ;; - f30[01]-fujitsu | f700-fujitsu) - os=-uxpv - ;; - *-rom68k) - os=-coff - ;; - *-*bug) - os=-coff - ;; - *-apple) - os=-macos - ;; - *-atari*) - os=-mint - ;; - *) - os=-none - ;; -esac -fi - -# Here we handle the case where we know the os, and the CPU type, but not the -# manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) - vendor=acorn - ;; - -sunos*) - vendor=sun - ;; - -aix*) - vendor=ibm - ;; - -beos*) - vendor=be - ;; - -hpux*) - vendor=hp - ;; - -mpeix*) - vendor=hp - ;; - -hiux*) - vendor=hitachi - ;; - -unos*) - vendor=crds - ;; - -dgux*) - vendor=dg - ;; - -luna*) - vendor=omron - ;; - -genix*) - vendor=ns - ;; - -mvs* | -opened*) - vendor=ibm - ;; - -os400*) - vendor=ibm - ;; - -ptx*) - vendor=sequent - ;; - -tpf*) - vendor=ibm - ;; - -vxsim* | -vxworks* | -windiss*) - vendor=wrs - ;; - -aux*) - vendor=apple - ;; - -hms*) - vendor=hitachi - ;; - -mpw* | -macos*) - vendor=apple - ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - vendor=atari - ;; - -vos*) - vendor=stratus - ;; - esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` - ;; -esac - -echo $basic_machine$os -exit - -# Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) -# time-stamp-start: "timestamp='" -# time-stamp-format: "%:y-%02m-%02d" -# time-stamp-end: "'" -# End: diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac deleted file mode 100644 index 485bfbd..0000000 --- a/crypto/openssh/configure.ac +++ /dev/null @@ -1,4068 +0,0 @@ -# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $ -# -# Copyright (c) 1999-2004 Damien Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.370 $) -AC_CONFIG_SRCDIR([ssh.c]) - -AC_CONFIG_HEADER(config.h) -AC_PROG_CC -AC_CANONICAL_HOST -AC_C_BIGENDIAN - -# Checks for programs. -AC_PROG_AWK -AC_PROG_CPP -AC_PROG_RANLIB -AC_PROG_INSTALL -AC_PROG_EGREP -AC_PATH_PROG(AR, ar) -AC_PATH_PROG(CAT, cat) -AC_PATH_PROG(KILL, kill) -AC_PATH_PROGS(PERL, perl5 perl) -AC_PATH_PROG(SED, sed) -AC_SUBST(PERL) -AC_PATH_PROG(ENT, ent) -AC_SUBST(ENT) -AC_PATH_PROG(TEST_MINUS_S_SH, bash) -AC_PATH_PROG(TEST_MINUS_S_SH, ksh) -AC_PATH_PROG(TEST_MINUS_S_SH, sh) -AC_PATH_PROG(SH, sh) -AC_SUBST(TEST_SHELL,sh) - -dnl for buildpkg.sh -AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd, - [/usr/sbin${PATH_SEPARATOR}/etc]) -AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd, - [/usr/sbin${PATH_SEPARATOR}/etc]) -AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no) -if test -x /sbin/sh; then - AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh) -else - AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh) -fi - -# System features -AC_SYS_LARGEFILE - -if test -z "$AR" ; then - AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) -fi - -# Use LOGIN_PROGRAM from environment if possible -if test ! -z "$LOGIN_PROGRAM" ; then - AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM", - [If your header files don't define LOGIN_PROGRAM, - then use this (detected) from environment and PATH]) -else - # Search for login - AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login) - if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then - AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK") - fi -fi - -AC_PATH_PROG(PATH_PASSWD_PROG, passwd) -if test ! -z "$PATH_PASSWD_PROG" ; then - AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG", - [Full path of your "passwd" program]) -fi - -if test -z "$LD" ; then - LD=$CC -fi -AC_SUBST(LD) - -AC_C_INLINE - -AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>]) - -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then - CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) ;; - 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; - 2.*) ;; - 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;; - 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; - *) ;; - esac - - if test -z "$have_llong_max"; then - # retry LLONG_MAX with -std=gnu99, needed on some Linuxes - unset ac_cv_have_decl_LLONG_MAX - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -std=gnu99" - AC_CHECK_DECL(LLONG_MAX, - [have_llong_max=1], - [CFLAGS="$saved_CFLAGS"], - [#include <limits.h>] - ) - fi -fi - -AC_ARG_WITH(rpath, - [ --without-rpath Disable auto-added -R linker paths], - [ - if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 - fi - ] -) - -# Allow user to specify flags -AC_ARG_WITH(cflags, - [ --with-cflags Specify additional flags to pass to compiler], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - ] -) -AC_ARG_WITH(cppflags, - [ --with-cppflags Specify additional flags to pass to preprocessor] , - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - ] -) -AC_ARG_WITH(ldflags, - [ --with-ldflags Specify additional flags to pass to linker], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - ] -) -AC_ARG_WITH(libs, - [ --with-libs Specify additional libraries to link with], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - ] -) -AC_ARG_WITH(Werror, - [ --with-Werror Build main code with -Werror], - [ - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - ] -) - -AC_CHECK_HEADERS( \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ -) - -# lastlog.h requires sys/time.h to be included first on Solaris -AC_CHECK_HEADERS(lastlog.h, [], [], [ -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif -]) - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -AC_CHECK_HEADERS(sys/ptms.h, [], [], [ -#ifdef HAVE_SYS_STREAM_H -# include <sys/stream.h> -#endif -]) - -# login_cap.h requires sys/types.h on NetBSD -AC_CHECK_HEADERS(login_cap.h, [], [], [ -#include <sys/types.h> -]) - -# Messages for features tested for in target-specific section -SIA_MSG="no" -SPC_MSG="no" - -# Check for some target-specific stuff -case "$host" in -*-*-aix*) - # Some versions of VAC won't allow macro redefinitions at - # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that - # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are - # not fatal. - AC_MSG_CHECKING(if compiler allows macro redefinitions) - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([[ -#define testmacro foo -#define testmacro bar -int main(void) { exit(0); } - ]])], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" - CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" - CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" - ] - ) - - AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) - if (test -z "$blibpath"); then - blibpath="/usr/lib:/lib" - fi - saved_LDFLAGS="$LDFLAGS" - if test "$GCC" = "yes"; then - flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" - else - flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," - fi - for tryflags in $flags ;do - if (test -z "$blibflags"); then - LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" - AC_TRY_LINK([], [], [blibflags=$tryflags]) - fi - done - if (test -z "$blibflags"); then - AC_MSG_RESULT(not found) - AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) - else - AC_MSG_RESULT($blibflags) - fi - LDFLAGS="$saved_LDFLAGS" - dnl Check for authenticate. Might be in libs.a on older AIXes - AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1, - [Define if you want to enable AIX4's authenticate function])], - [AC_CHECK_LIB(s,authenticate, - [ AC_DEFINE(WITH_AIXAUTHENTICATE) - LIBS="$LIBS -ls" - ]) - ]) - dnl Check for various auth function declarations in headers. - AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, - passwdexpired, setauthdb], , , [#include <usersec.h>]) - dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECLS(loginfailed, - [AC_MSG_CHECKING(if loginfailed takes 4 arguments) - AC_TRY_COMPILE( - [#include <usersec.h>], - [(void)loginfailed("user","host","tty",0);], - [AC_MSG_RESULT(yes) - AC_DEFINE(AIX_LOGINFAILED_4ARG, 1, - [Define if your AIX loginfailed() function - takes 4 arguments (AIX >= 5.2)])], - [AC_MSG_RESULT(no)] - )], - [], - [#include <usersec.h>] - ) - AC_CHECK_FUNCS(setauthdb) - AC_CHECK_DECL(F_CLOSEM, - AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), - [], - [ #include <limits.h> - #include <fcntl.h> ] - ) - check_for_aix_broken_getaddrinfo=1 - AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.]) - AC_DEFINE(SETEUID_BREAKS_SETUID, 1, - [Define if your platform breaks doing a seteuid before a setuid]) - AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken]) - AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken]) - dnl AIX handles lastlog as part of its login message - AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog]) - AC_DEFINE(LOGIN_NEEDS_UTMPX, 1, - [Some systems need a utmpx entry for /bin/login to work]) - AC_DEFINE(SPT_TYPE,SPT_REUSEARGV, - [Define to a Set Process Title type if your system is - supported by bsd-setproctitle.c]) - AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, - [AIX 5.2 and 5.3 (and presumably newer) require this]) - AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd]) - ;; -*-*-cygwin*) - check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textmode.o" - AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin]) - AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) - AC_DEFINE(DISABLE_SHADOW, 1, - [Define if you want to disable shadow passwords]) - AC_DEFINE(IP_TOS_IS_BROKEN, 1, - [Define if your system choked on IP TOS setting]) - AC_DEFINE(NO_X11_UNIX_SOCKETS, 1, - [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1, - [Define if the concept of ports only accessible to - superusers isn't known]) - AC_DEFINE(DISABLE_FD_PASSING, 1, - [Define if your platform needs to skip post auth - file descriptor passing]) - ;; -*-*-dgux*) - AC_DEFINE(IP_TOS_IS_BROKEN) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; -*-*-darwin*) - AC_MSG_CHECKING(if we have working getaddrinfo) - AC_TRY_RUN([#include <mach-o/dyld.h> -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - exit(0); - else - exit(1); -}], [AC_MSG_RESULT(working)], - [AC_MSG_RESULT(buggy) - AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])], - [AC_MSG_RESULT(assume it is working)]) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, - [Define if your resolver libs need this for getrrsetbyname]) - AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) - AC_DEFINE(SSH_TUN_COMPAT_AF, 1, - [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, - [Prepend the address family to IP tunnel traffic]) - ;; -*-*-dragonfly*) - SSHDLIBS="$SSHDLIBS -lcrypt" - ;; -*-*-hpux*) - # first we define all of the options common to all HP-UX releases - CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" - IPADDR_IN_DISPLAY=yes - AC_DEFINE(USE_PIPES) - AC_DEFINE(LOGIN_NO_ENDOPT, 1, - [Define if your login program cannot handle end of options ("--")]) - AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOCKED_PASSWD_STRING, "*", - [String used in /etc/passwd to denote locked account]) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) - MAIL="/var/mail/username" - LIBS="$LIBS -lsec" - AC_CHECK_LIB(xnet, t_error, , - AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) - - # next, we define all of the options specific to major releases - case "$host" in - *-*-hpux10*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -Ae" - fi - ;; - *-*-hpux11*) - AC_DEFINE(PAM_SUN_CODEBASE, 1, - [Define if you are using Solaris-derived PAM which - passes pam_messages to the conversation function - with an extra level of indirection]) - AC_DEFINE(DISABLE_UTMP, 1, - [Define if you don't want to use utmp]) - AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) - check_for_hpux_broken_getaddrinfo=1 - check_for_conflicting_getspnam=1 - ;; - esac - - # lastly, we define options specific to minor releases - case "$host" in - *-*-hpux10.26) - AC_DEFINE(HAVE_SECUREWARE, 1, - [Define if you have SecureWare-based - protected password database]) - disable_ptmx_check=yes - LIBS="$LIBS -lsecpw" - ;; - esac - ;; -*-*-irix5*) - PATH="$PATH:/usr/etc" - AC_DEFINE(BROKEN_INET_NTOA, 1, - [Define if you system's inet_ntoa is busted - (e.g. Irix gcc issue)]) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY, 1, - [Define if you shouldn't strip 'tty' from your - ttyname in [uw]tmp]) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; -*-*-irix6*) - PATH="$PATH:/usr/etc" - AC_DEFINE(WITH_IRIX_ARRAY, 1, - [Define if you have/want arrays - (cluster-wide session managment, not C arrays)]) - AC_DEFINE(WITH_IRIX_PROJECT, 1, - [Define if you want IRIX project management]) - AC_DEFINE(WITH_IRIX_AUDIT, 1, - [Define if you want IRIX audit trails]) - AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1, - [Define if you want IRIX kernel jobs])]) - AC_DEFINE(BROKEN_INET_NTOA) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)]) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; -*-*-linux*) - no_dev_ptmx=1 - check_for_libcrypt_later=1 - check_for_openpty_ctty_bug=1 - AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks]) - AC_DEFINE(PAM_TTY_KLUDGE, 1, - [Work around problematic Linux PAM modules handling of PAM_TTY]) - AC_DEFINE(LOCKED_PASSWD_PREFIX, "!", - [String used in /etc/passwd to denote locked account]) - AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) - AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM, - [Define to whatever link() returns for "not supported" - if it doesn't return EOPNOTSUPP.]) - AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) - AC_DEFINE(USE_BTMP) - inet6_default_4in6=yes - case `uname -r` in - 1.*|2.0.*) - AC_DEFINE(BROKEN_CMSG_TYPE, 1, - [Define if cmsg_type is not passed correctly]) - ;; - esac - # tun(4) forwarding compat code - AC_CHECK_HEADERS(linux/if_tun.h) - if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then - AC_DEFINE(SSH_TUN_LINUX, 1, - [Open tunnel devices the Linux tun/tap way]) - AC_DEFINE(SSH_TUN_COMPAT_AF, 1, - [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, - [Prepend the address family to IP tunnel traffic]) - fi - ;; -mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) - SONY=1 - ;; -*-*-netbsd*) - check_for_libcrypt_before=1 - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, - [Prepend the address family to IP tunnel traffic]) - ;; -*-*-freebsd*) - check_for_libcrypt_later=1 - AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)]) - AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) - ;; -*-*-bsdi*) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; -*-next-*) - conf_lastlog_location="/usr/adm/lastlog" - conf_utmp_location=/etc/utmp - conf_wtmp_location=/usr/adm/wtmp - MAIL=/usr/spool/mail - AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT]) - AC_DEFINE(BROKEN_REALPATH) - AC_DEFINE(USE_PIPES) - AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT]) - ;; -*-*-openbsd*) - AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) - AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) - AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way]) - AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1, - [syslog_r function is safe to use in in a signal handler]) - ;; -*-*-solaris*) - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - AC_DEFINE(PAM_SUN_CODEBASE) - AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOGIN_NEEDS_TERM, 1, - [Some versions of /bin/login need the TERM supplied - on the commandline]) - AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, - [Define if pam_chauthtok wants real uid set - to the unpriv'ed user]) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - # Pushing STREAMS modules will cause sshd to acquire a controlling tty. - AC_DEFINE(SSHD_ACQUIRES_CTTY, 1, - [Define if sshd somehow reacquires a controlling TTY - after setsid()]) - AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd - in case the name is longer than 8 chars]) - external_path_file=/etc/default/login - # hardwire lastlog location (can't detect it on some versions) - conf_lastlog_location="/var/adm/lastlog" - AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) - sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` - if test "$sol2ver" -ge 8; then - AC_MSG_RESULT(yes) - AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(DISABLE_WTMP, 1, - [Define if you don't want to use wtmp]) - else - AC_MSG_RESULT(no) - fi - AC_ARG_WITH(solaris-contracts, - [ --with-solaris-contracts Enable Solaris process contracts (experimental)], - [ - AC_CHECK_LIB(contract, ct_tmpl_activate, - [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, - [Define if you have Solaris process contracts]) - SSHDLIBS="$SSHDLIBS -lcontract" - AC_SUBST(SSHDLIBS) - SPC_MSG="yes" ], ) - ], - ) - ;; -*-*-sunos4*) - CPPFLAGS="$CPPFLAGS -DSUNOS4" - AC_CHECK_FUNCS(getpwanam) - AC_DEFINE(PAM_SUN_CODEBASE) - conf_utmp_location=/etc/utmp - conf_wtmp_location=/var/adm/wtmp - conf_lastlog_location=/var/adm/lastlog - AC_DEFINE(USE_PIPES) - ;; -*-ncr-sysv*) - LIBS="$LIBS -lc89" - AC_DEFINE(USE_PIPES) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; -*-sni-sysv*) - # /usr/ucblib MUST NOT be searched on ReliantUNIX - AC_CHECK_LIB(dl, dlsym, ,) - # -lresolv needs to be at the end of LIBS or DNS lookups break - AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ]) - IPADDR_IN_DISPLAY=yes - AC_DEFINE(USE_PIPES) - AC_DEFINE(IP_TOS_IS_BROKEN) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - external_path_file=/etc/default/login - # /usr/ucblib/libucb.a no longer needed on ReliantUNIX - # Attention: always take care to bind libsocket and libnsl before libc, - # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog - ;; -# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. -*-*-sysv4.2*) - AC_DEFINE(USE_PIPES) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; -# UnixWare 7.x, OpenUNIX 8 -*-*-sysv5*) - check_for_libcrypt_later=1 - AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) - AC_DEFINE(USE_PIPES) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(PASSWD_NEEDS_USERNAME) - case "$host" in - *-*-sysv5SCO_SV*) # SCO OpenServer 6.x - TEST_SHELL=/u95/bin/sh - AC_DEFINE(BROKEN_LIBIAF, 1, - [ia_uinfo routines not supported by OS yet]) - AC_DEFINE(BROKEN_UPDWTMPX) - ;; - *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; - esac - ;; -*-*-sysv*) - ;; -# SCO UNIX and OEM versions of SCO UNIX -*-*-sco3.2v4*) - AC_MSG_ERROR("This Platform is no longer supported.") - ;; -# SCO OpenServer 5.x -*-*-sco3.2v5*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -belf" - fi - LIBS="$LIBS -lprot -lx -ltinfo -lm" - no_dev_ptmx=1 - AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SECUREWARE) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_DEFINE(BROKEN_UPDWTMPX) - AC_DEFINE(PASSWD_NEEDS_USERNAME) - AC_CHECK_FUNCS(getluid setluid) - MANTYPE=man - TEST_SHELL=ksh - ;; -*-*-unicosmk*) - AC_DEFINE(NO_SSH_LASTLOG, 1, - [Define if you don't want to use lastlog in session.c]) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_FD_PASSING) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_FD_PASSING) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(NO_SSH_LASTLOG) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-dec-osf*) - AC_MSG_CHECKING(for Digital Unix SIA) - no_osfsia="" - AC_ARG_WITH(osfsia, - [ --with-osfsia Enable Digital Unix SIA], - [ - if test "x$withval" = "xno" ; then - AC_MSG_RESULT(disabled) - no_osfsia=1 - fi - ], - ) - if test -z "$no_osfsia" ; then - if test -f /etc/sia/matrix.conf; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_OSF_SIA, 1, - [Define if you have Digital Unix Security - Integration Architecture]) - AC_DEFINE(DISABLE_LOGIN, 1, - [Define if you don't want to use your - system's login() call]) - AC_DEFINE(DISABLE_FD_PASSING) - LIBS="$LIBS -lsecurity -ldb -lm -laud" - SIA_MSG="yes" - else - AC_MSG_RESULT(no) - AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin", - [String used in /etc/passwd to denote locked account]) - fi - fi - AC_DEFINE(BROKEN_GETADDRINFO) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; - -*-*-nto-qnx*) - AC_DEFINE(USE_PIPES) - AC_DEFINE(NO_X11_UNIX_SOCKETS) - AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems]) - AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) - AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) - AC_DEFINE(DISABLE_LASTLOG) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - enable_etc_default_login=no # has incompatible /etc/default/login - ;; - -*-*-ultrix*) - AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1]) - AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files]) - AC_DEFINE(NEED_SETPGRP) - AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) - ;; - -*-*-lynxos) - CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" - AC_DEFINE(MISSING_HOWMANY) - AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) - ;; -esac - -AC_MSG_CHECKING(compiler and flags for sanity) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([ -#include <stdio.h> -int main(){exit(0);} - ])], - [ AC_MSG_RESULT(yes) ], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ], - [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] -) - -dnl Checks for header files. -# Checks for libraries. -AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) -AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) - -dnl IRIX and Solaris 2.5.1 have dirname() in libgen -AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ - AC_CHECK_LIB(gen, dirname,[ - AC_CACHE_CHECK([for broken dirname], - ac_cv_have_broken_dirname, [ - save_LIBS="$LIBS" - LIBS="$LIBS -lgen" - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <libgen.h> -#include <string.h> - -int main(int argc, char **argv) { - char *s, buf[32]; - - strncpy(buf,"/etc", 32); - s = dirname(buf); - if (!s || strncmp(s, "/", 32) != 0) { - exit(1); - } else { - exit(0); - } -} - ]])], - [ ac_cv_have_broken_dirname="no" ], - [ ac_cv_have_broken_dirname="yes" ], - [ ac_cv_have_broken_dirname="no" ], - ) - LIBS="$save_LIBS" - ]) - if test "x$ac_cv_have_broken_dirname" = "xno" ; then - LIBS="$LIBS -lgen" - AC_DEFINE(HAVE_DIRNAME) - AC_CHECK_HEADERS(libgen.h) - fi - ]) -]) - -AC_CHECK_FUNC(getspnam, , - AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) -AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1, - [Define if you have the basename function.])) - -dnl zlib is required -AC_ARG_WITH(zlib, - [ --with-zlib=PATH Use zlib in PATH], - [ if test "x$withval" = "xno" ; then - AC_MSG_ERROR([*** zlib is required ***]) - elif test "x$withval" != "xyes"; then - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi ] -) - -AC_CHECK_LIB(z, deflate, , - [ - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" - save_LIBS="$LIBS" - dnl Check default zlib install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" - LIBS="$LIBS -lz" - AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ), - [ - AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) - ] - ) - ] -) -AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])) - -AC_ARG_WITH(zlib-version-check, - [ --without-zlib-version-check Disable zlib version check], - [ if test "x$withval" = "xno" ; then - zlib_check_nonfatal=1 - fi - ] -) - -AC_MSG_CHECKING(for possibly buggy zlib) -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include <stdio.h> -#include <zlib.h> -int main() -{ - int a=0, b=0, c=0, d=0, n, v; - n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); - if (n != 3 && n != 4) - exit(1); - v = a*1000000 + b*10000 + c*100 + d; - fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); - - /* 1.1.4 is OK */ - if (a == 1 && b == 1 && c >= 4) - exit(0); - - /* 1.2.3 and up are OK */ - if (v >= 1020300) - exit(0); - - exit(2); -} - ]])], - AC_MSG_RESULT(no), - [ AC_MSG_RESULT(yes) - if test -z "$zlib_check_nonfatal" ; then - AC_MSG_ERROR([*** zlib too old - check config.log *** -Your reported zlib version has known security problems. It's possible your -vendor has fixed these problems without changing the version number. If you -are sure this is the case, you can disable the check by running -"./configure --without-zlib-version-check". -If you are in doubt, upgrade zlib to version 1.2.3 or greater. -See http://www.gzip.org/zlib/ for details.]) - else - AC_MSG_WARN([zlib version may have security problems]) - fi - ], - [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] -) - -dnl UnixWare 2.x -AC_CHECK_FUNC(strcasecmp, - [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] -) -AC_CHECK_FUNCS(utimes, - [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) - LIBS="$LIBS -lc89"]) ] -) - -dnl Checks for libutil functions -AC_CHECK_HEADERS(libutil.h) -AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1, - [Define if your libraries define login()])]) -AC_CHECK_FUNCS(logout updwtmp logwtmp) - -AC_FUNC_STRFTIME - -# Check for ALTDIRFUNC glob() extension -AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support) -AC_EGREP_CPP(FOUNDIT, - [ - #include <glob.h> - #ifdef GLOB_ALTDIRFUNC - FOUNDIT - #endif - ], - [ - AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1, - [Define if your system glob() function has - the GLOB_ALTDIRFUNC extension]) - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - ] -) - -# Check for g.gl_matchc glob() extension -AC_MSG_CHECKING(for gl_matchc field in glob_t) -AC_TRY_COMPILE( - [ #include <glob.h> ], - [glob_t g; g.gl_matchc = 1;], - [ - AC_DEFINE(GLOB_HAS_GL_MATCHC, 1, - [Define if your system glob() function has - gl_matchc options in glob_t]) - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - ] -) - -AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>]) - -AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <sys/types.h> -#include <dirent.h> -int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} - ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1, - [Define if your struct dirent expects you to - allocate extra space for d_name]) - ], - [ - AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) - AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) - ] -) - -AC_MSG_CHECKING([for /proc/pid/fd directory]) -if test -d "/proc/$$/fd" ; then - AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd]) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi - -# Check whether user wants S/Key support -SKEY_MSG="no" -AC_ARG_WITH(skey, - [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE(SKEY, 1, [Define if you want S/Key support]) - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - AC_MSG_CHECKING([for s/key support]) - AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <skey.h> -int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } - ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) - ]) - AC_MSG_CHECKING(if skeychallenge takes 4 arguments) - AC_TRY_COMPILE( - [#include <stdio.h> - #include <skey.h>], - [(void)skeychallenge(NULL,"name","",0);], - [AC_MSG_RESULT(yes) - AC_DEFINE(SKEYCHALLENGE_4ARG, 1, - [Define if your skeychallenge() - function takes 4 arguments (NetBSD)])], - [AC_MSG_RESULT(no)] - ) - fi - ] -) - -# Check whether user wants OPIE support -OPIE_MSG="no" -AC_ARG_WITH(opie, - [ --with-opie[[=PATH]] Enable OPIE support - (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE(SKEY, 1, [Define if you want S/Key support]) - AC_DEFINE(OPIE, 1, [Define if S/Key is actually OPIE]) - LIBS="-lopie $LIBS" - OPIE_MSG="yes" - - AC_MSG_CHECKING([for opie support]) - AC_TRY_RUN( - [ -#include <sys/types.h> -#include <stdio.h> -#include <opie.h> -int main() { char *ff = opie_keyinfo(""); ff=""; return 0; } - ], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([** Incomplete or missing opie libraries.]) - ]) - fi - ] -) - -# Check whether user wants TCP wrappers support -TCPW_MSG="no" -AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" - saved_CPPFLAGS="$CPPFLAGS" - if test -n "${withval}" && \ - test "x${withval}" != "xyes"; then - if test -d "${withval}/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "${withval}/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - LIBWRAP="-lwrap" - LIBS="$LIBWRAP $LIBS" - AC_MSG_CHECKING(for libwrap) - AC_TRY_LINK( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <tcpd.h> - int deny_severity = 0, allow_severity = 0; - ], - [hosts_access(0);], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(LIBWRAP, 1, - [Define if you want - TCP Wrappers support]) - AC_SUBST(LIBWRAP) - TCPW_MSG="yes" - ], - [ - AC_MSG_ERROR([*** libwrap missing]) - ] - ) - LIBS="$saved_LIBS" - fi - ] -) - -# Check whether user wants libedit support -LIBEDIT_MSG="no" -AC_ARG_WITH(libedit, - [ --with-libedit[[=PATH]] Enable libedit support for sftp], - [ if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes"; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi - AC_CHECK_LIB(edit, el_init, - [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) - LIBEDIT="-ledit -lcurses" - LIBEDIT_MSG="yes" - AC_SUBST(LIBEDIT) - ], - [ AC_MSG_ERROR(libedit not found) ], - [ -lcurses ] - ) - AC_MSG_CHECKING(if libedit version is compatible) - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([[ -#include <histedit.h> -int main(void) -{ - int i = H_SETSIZE; - el_init("", NULL, NULL, NULL); - exit(0); -} - ]])], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - AC_MSG_ERROR(libedit version is not compatible) ] - ) - fi ] -) - -AUDIT_MODULE=none -AC_ARG_WITH(audit, - [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], - [ - AC_MSG_CHECKING(for supported audit module) - case "$withval" in - bsm) - AC_MSG_RESULT(bsm) - AUDIT_MODULE=bsm - dnl Checks for headers, libs and functions - AC_CHECK_HEADERS(bsm/audit.h, [], - [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)], - [ -#ifdef HAVE_TIME_H -# include <time.h> -#endif - ] -) - AC_CHECK_LIB(bsm, getaudit, [], - [AC_MSG_ERROR(BSM enabled and required library not found)]) - AC_CHECK_FUNCS(getaudit, [], - [AC_MSG_ERROR(BSM enabled and required function not found)]) - # These are optional - AC_CHECK_FUNCS(getaudit_addr) - AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) - ;; - debug) - AUDIT_MODULE=debug - AC_MSG_RESULT(debug) - AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module) - ;; - no) - AC_MSG_RESULT(no) - ;; - *) - AC_MSG_ERROR([Unknown audit module $withval]) - ;; - esac ] -) - -dnl Checks for library functions. Please keep in alphabetical order -AC_CHECK_FUNCS( \ - arc4random \ - asprintf \ - b64_ntop \ - __b64_ntop \ - b64_pton \ - __b64_pton \ - bcopy \ - bindresvport_sa \ - clock \ - closefrom \ - dirfd \ - fchmod \ - fchown \ - freeaddrinfo \ - futimes \ - getaddrinfo \ - getcwd \ - getgrouplist \ - getnameinfo \ - getopt \ - getpeereid \ - _getpty \ - getrlimit \ - getttyent \ - glob \ - inet_aton \ - inet_ntoa \ - inet_ntop \ - innetgr \ - login_getcapbool \ - md5_crypt \ - memmove \ - mkdtemp \ - mmap \ - ngetaddrinfo \ - nsleep \ - ogetaddrinfo \ - openlog_r \ - openpty \ - prctl \ - pstat \ - readpassphrase \ - realpath \ - recvmsg \ - rresvport_af \ - sendmsg \ - setdtablesize \ - setegid \ - setenv \ - seteuid \ - setgroups \ - setlogin \ - setpcred \ - setproctitle \ - setregid \ - setreuid \ - setrlimit \ - setsid \ - setvbuf \ - sigaction \ - sigvec \ - snprintf \ - socketpair \ - strdup \ - strerror \ - strlcat \ - strlcpy \ - strmode \ - strnvis \ - strtonum \ - strtoll \ - strtoul \ - sysconf \ - tcgetpgrp \ - truncate \ - unsetenv \ - updwtmpx \ - vasprintf \ - vhangup \ - vsnprintf \ - waitpid \ -) - -# IRIX has a const char return value for gai_strerror() -AC_CHECK_FUNCS(gai_strerror,[ - AC_DEFINE(HAVE_GAI_STRERROR) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - -const char *gai_strerror(int);],[ -char *str; - -str = gai_strerror(0);],[ - AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1, - [Define if gai_strerror() returns const char *])])]) - -AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1, - [Some systems put nanosleep outside of libc])) - -dnl Make sure prototypes are defined for these before using them. -AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) -AC_CHECK_DECL(strsep, - [AC_CHECK_FUNCS(strsep)], - [], - [ -#ifdef HAVE_STRING_H -# include <string.h> -#endif - ]) - -dnl tcsendbreak might be a macro -AC_CHECK_DECL(tcsendbreak, - [AC_DEFINE(HAVE_TCSENDBREAK)], - [AC_CHECK_FUNCS(tcsendbreak)], - [#include <termios.h>] -) - -AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>]) - -AC_CHECK_DECLS(SHUT_RD, , , - [ -#include <sys/types.h> -#include <sys/socket.h> - ]) - -AC_CHECK_DECLS(O_NONBLOCK, , , - [ -#include <sys/types.h> -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> -#endif -#ifdef HAVE_FCNTL_H -# include <fcntl.h> -#endif - ]) - -AC_CHECK_DECLS(writev, , , [ -#include <sys/types.h> -#include <sys/uio.h> -#include <unistd.h> - ]) - -AC_CHECK_FUNCS(setresuid, [ - dnl Some platorms have setresuid that isn't implemented, test for this - AC_MSG_CHECKING(if setresuid seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdlib.h> -#include <errno.h> -int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ]])], - [AC_MSG_RESULT(yes)], - [AC_DEFINE(BROKEN_SETRESUID, 1, - [Define if your setresuid() is broken]) - AC_MSG_RESULT(not implemented)], - [AC_MSG_WARN([cross compiling: not checking setresuid])] - ) -]) - -AC_CHECK_FUNCS(setresgid, [ - dnl Some platorms have setresgid that isn't implemented, test for this - AC_MSG_CHECKING(if setresgid seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdlib.h> -#include <errno.h> -int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ]])], - [AC_MSG_RESULT(yes)], - [AC_DEFINE(BROKEN_SETRESGID, 1, - [Define if your setresgid() is broken]) - AC_MSG_RESULT(not implemented)], - [AC_MSG_WARN([cross compiling: not checking setresuid])] - ) -]) - -dnl Checks for time functions -AC_CHECK_FUNCS(gettimeofday time) -dnl Checks for utmp functions -AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) -AC_CHECK_FUNCS(utmpname) -dnl Checks for utmpx functions -AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) -AC_CHECK_FUNCS(setutxent utmpxname) - -AC_CHECK_FUNC(daemon, - [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])], - [AC_CHECK_LIB(bsd, daemon, - [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] -) - -AC_CHECK_FUNC(getpagesize, - [AC_DEFINE(HAVE_GETPAGESIZE, 1, - [Define if your libraries define getpagesize()])], - [AC_CHECK_LIB(ucb, getpagesize, - [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] -) - -# Check for broken snprintf -if test "x$ac_cv_func_snprintf" = "xyes" ; then - AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} - ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_SNPRINTF, 1, - [Define if your snprintf is busted]) - AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ], - [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] - ) -fi - -# If we don't have a working asprintf, then we strongly depend on vsnprintf -# returning the right thing on overflow: the number of characters it tried to -# create (as per SUSv3) -if test "x$ac_cv_func_asprintf" != "xyes" && \ - test "x$ac_cv_func_vsnprintf" = "xyes" ; then - AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <sys/types.h> -#include <stdio.h> -#include <stdarg.h> - -int x_snprintf(char *str,size_t count,const char *fmt,...) -{ - size_t ret; va_list ap; - va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); - return ret; -} -int main(void) -{ - char x[1]; - exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); -} ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_SNPRINTF, 1, - [Define if your snprintf is busted]) - AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) - ], - [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] - ) -fi - -# On systems where [v]snprintf is broken, but is declared in stdio, -# check that the fmt argument is const char * or just char *. -# This is only useful for when BROKEN_SNPRINTF -AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h> - int snprintf(char *a, size_t b, const char *c, ...) { return 0; } - int main(void) { snprintf(0, 0, 0); } - ]])], - [AC_MSG_RESULT(yes) - AC_DEFINE(SNPRINTF_CONST, [const], - [Define as const if snprintf() can declare const char *fmt])], - [AC_MSG_RESULT(no) - AC_DEFINE(SNPRINTF_CONST, [/* not const */])]) - -# Check for missing getpeereid (or equiv) support -NO_PEERCHECK="" -if test "x$ac_cv_func_getpeereid" != "xyes" ; then - AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) - AC_TRY_COMPILE( - [#include <sys/types.h> - #include <sys/socket.h>], - [int i = SO_PEERCRED;], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option]) - ], - [AC_MSG_RESULT(no) - NO_PEERCHECK=1] - ) -fi - -dnl see whether mkstemp() requires XXXXXX -if test "x$ac_cv_func_mkdtemp" = "xyes" ; then -AC_MSG_CHECKING([for (overly) strict mkstemp]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdlib.h> -main() { char template[]="conftest.mkstemp-test"; -if (mkstemp(template) == -1) - exit(1); -unlink(template); exit(0); -} - ]])], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()]) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_STRICT_MKSTEMP) - ] -) -fi - -dnl make sure that openpty does not reacquire controlling terminal -if test ! -z "$check_for_openpty_ctty_bug"; then - AC_MSG_CHECKING(if openpty correctly handles controlling tty) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <sys/fcntl.h> -#include <sys/types.h> -#include <sys/wait.h> - -int -main() -{ - pid_t pid; - int fd, ptyfd, ttyfd, status; - - pid = fork(); - if (pid < 0) { /* failed */ - exit(1); - } else if (pid > 0) { /* parent */ - waitpid(pid, &status, 0); - if (WIFEXITED(status)) - exit(WEXITSTATUS(status)); - else - exit(2); - } else { /* child */ - close(0); close(1); close(2); - setsid(); - openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) - exit(3); /* Acquired ctty: broken */ - else - exit(0); /* Did not acquire ctty: OK */ - } -} - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - ], - [ - AC_MSG_RESULT(cross-compiling, assuming yes) - ] - ) -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then - AC_MSG_CHECKING(if getaddrinfo seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - -int -main(void) -{ - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (err != 0) { - if (err == EAI_SYSTEM) - perror("getnameinfo EAI_SYSTEM"); - else - fprintf(stderr, "getnameinfo failed: %s\n", - gai_strerror(err)); - exit(2); - } - - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) - perror("socket"); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (errno == EBADF) - exit(3); - } - } - exit(0); -} - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_GETADDRINFO) - ], - [ - AC_MSG_RESULT(cross-compiling, assuming yes) - ] - ) -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_aix_broken_getaddrinfo" = "x1"; then - AC_MSG_CHECKING(if getaddrinfo seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - -int -main(void) -{ - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (ai->ai_family == AF_INET && err != 0) { - perror("getnameinfo"); - exit(2); - } - } - exit(0); -} - ]])], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(AIX_GETNAMEINFO_HACK, 1, - [Define if you have a getaddrinfo that fails - for the all-zeros IPv6 address]) - ], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_GETADDRINFO) - ], - [ - AC_MSG_RESULT(cross-compiling, assuming no) - ] - ) -fi - -if test "x$check_for_conflicting_getspnam" = "x1"; then - AC_MSG_CHECKING(for conflicting getspnam in shadow.h) - AC_COMPILE_IFELSE( - [ -#include <shadow.h> -int main(void) {exit(0);} - ], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, - [Conflicting defs for getspnam]) - ] - ) -fi - -AC_FUNC_GETPGRP - -# Search for OpenSSL -saved_CPPFLAGS="$CPPFLAGS" -saved_LDFLAGS="$LDFLAGS" -AC_ARG_WITH(ssl-dir, - [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], - [ - if test "x$withval" != "xno" ; then - case "$withval" in - # Relative paths - ./*|../*) withval="`pwd`/$withval" - esac - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - ] -) -LIBS="-lcrypto $LIBS" -AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1, - [Define if your ssl headers are included - with #include <openssl/header.h>]), - [ - dnl Check default openssl install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" - AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), - [ - AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) - ] - ) - ] -) - -# Determine OpenSSL header version -AC_MSG_CHECKING([OpenSSL header version]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#define DATA "conftest.sslincver" -int main(void) { - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) - exit(1); - - exit(0); -} - ]])], - [ - ssl_header_ver=`cat conftest.sslincver` - AC_MSG_RESULT($ssl_header_ver) - ], - [ - AC_MSG_RESULT(not found) - AC_MSG_ERROR(OpenSSL version header not found.) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -# Determine OpenSSL library version -AC_MSG_CHECKING([OpenSSL library version]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#include <openssl/crypto.h> -#define DATA "conftest.ssllibver" -int main(void) { - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) - exit(1); - - exit(0); -} - ]])], - [ - ssl_library_ver=`cat conftest.ssllibver` - AC_MSG_RESULT($ssl_library_ver) - ], - [ - AC_MSG_RESULT(not found) - AC_MSG_ERROR(OpenSSL library not found.) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -# Sanity check OpenSSL headers -AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <string.h> -#include <openssl/opensslv.h> -int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([Your OpenSSL headers do not match your library. -Check config.log for details. -Also see contrib/findssl.sh for help identifying header/library mismatches.]) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -AC_MSG_CHECKING([if programs using OpenSSL functions will link]) -AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <openssl/evp.h> -int main(void) { SSLeay_add_all_algorithms(); } - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - saved_LIBS="$LIBS" - LIBS="$LIBS -ldl" - AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) - AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <openssl/evp.h> -int main(void) { SSLeay_add_all_algorithms(); } - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - LIBS="$saved_LIBS" - ] - ) - ] -) - -AC_ARG_WITH(ssl-engine, - [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], - [ if test "x$withval" != "xno" ; then - AC_MSG_CHECKING(for OpenSSL ENGINE support) - AC_TRY_COMPILE( - [ #include <openssl/engine.h>], - [ -ENGINE_load_builtin_engines();ENGINE_register_all_complete(); - ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(USE_OPENSSL_ENGINE, 1, - [Enable OpenSSL engine support]) - ], - [ AC_MSG_ERROR(OpenSSL ENGINE support not found)] - ) - fi ] -) - -# Check for OpenSSL without EVP_aes_{192,256}_cbc -AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) -AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <string.h> -#include <openssl/evp.h> -int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);} - ]])], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1, - [libcrypto is missing AES 192 and 256 bit functions]) - ] -) - -# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, -# because the system crypt() is more featureful. -if test "x$check_for_libcrypt_before" = "x1"; then - AC_CHECK_LIB(crypt, crypt) -fi - -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the -# version in OpenSSL. -if test "x$check_for_libcrypt_later" = "x1"; then - AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") -fi - -# Search for SHA256 support in libc and/or OpenSSL -AC_CHECK_FUNCS(SHA256_Update EVP_sha256) - -AC_CHECK_LIB(iaf, ia_openinfo) - -### Configure cryptographic random number support - -# Check wheter OpenSSL seeds itself -AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <string.h> -#include <openssl/rand.h> -int main(void) { exit(RAND_status() == 1 ? 0 : 1); } - ]])], - [ - OPENSSL_SEEDS_ITSELF=yes - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - # Default to use of the rand helper if OpenSSL doesn't - # seed itself - USE_RAND_HELPER=yes - ], - [ - AC_MSG_WARN([cross compiling: assuming yes]) - # This is safe, since all recent OpenSSL versions will - # complain at runtime if not seeded correctly. - OPENSSL_SEEDS_ITSELF=yes - ] -) - -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH(pam, - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB(dl, dlopen, , ) - AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) - AC_CHECK_FUNCS(pam_getenvlist) - AC_CHECK_FUNCS(pam_putenv) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - LIBPAM="-lpam" - AC_DEFINE(USE_PAM, 1, - [Define if you want to enable PAM support]) - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - LIBPAM="$LIBPAM -ldl" - ;; - esac - fi - AC_SUBST(LIBPAM) - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_TRY_COMPILE( - [ -#include <stdlib.h> -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include <security/pam_appl.h> -#elif defined (HAVE_PAM_PAM_APPL_H) -#include <pam/pam_appl.h> -#endif - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], - [AC_MSG_RESULT(no)], - [ - AC_DEFINE(HAVE_OLD_PAM, 1, - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT(yes) - PAM_MSG="yes (old library)" - ] - ) -fi - -# Do we want to force the use of the rand helper? -AC_ARG_WITH(rand-helper, - [ --with-rand-helper Use subprocess to gather strong randomness ], - [ - if test "x$withval" = "xno" ; then - # Force use of OpenSSL's internal RNG, even if - # the previous test showed it to be unseeded. - if test -z "$OPENSSL_SEEDS_ITSELF" ; then - AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) - OPENSSL_SEEDS_ITSELF=yes - USE_RAND_HELPER="" - fi - else - USE_RAND_HELPER=yes - fi - ], -) - -# Which randomness source do we use? -if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then - # OpenSSL only - AC_DEFINE(OPENSSL_PRNG_ONLY, 1, - [Define if you want OpenSSL's internally seeded PRNG only]) - RAND_MSG="OpenSSL internal ONLY" - INSTALL_SSH_RAND_HELPER="" -elif test ! -z "$USE_RAND_HELPER" ; then - # install rand helper - RAND_MSG="ssh-rand-helper" - INSTALL_SSH_RAND_HELPER="yes" -fi -AC_SUBST(INSTALL_SSH_RAND_HELPER) - -### Configuration of ssh-rand-helper - -# PRNGD TCP socket -AC_ARG_WITH(prngd-port, - [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], - [ - case "$withval" in - no) - withval="" - ;; - [[0-9]]*) - ;; - *) - AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port) - ;; - esac - if test ! -z "$withval" ; then - PRNGD_PORT="$withval" - AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, - [Port number of PRNGD/EGD random number socket]) - fi - ] -) - -# PRNGD Unix domain socket -AC_ARG_WITH(prngd-socket, - [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], - [ - case "$withval" in - yes) - withval="/var/run/egd-pool" - ;; - no) - withval="" - ;; - /*) - ;; - *) - AC_MSG_ERROR(You must specify an absolute path to the entropy socket) - ;; - esac - - if test ! -z "$withval" ; then - if test ! -z "$PRNGD_PORT" ; then - AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket) - fi - if test ! -r "$withval" ; then - AC_MSG_WARN(Entropy socket is not readable) - fi - PRNGD_SOCKET="$withval" - AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", - [Location of PRNGD/EGD random number socket]) - fi - ], - [ - # Check for existing socket only if we don't have a random device already - if test "$USE_RAND_HELPER" = yes ; then - AC_MSG_CHECKING(for PRNGD/EGD socket) - # Insert other locations here - for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do - if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then - PRNGD_SOCKET="$sock" - AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") - break; - fi - done - if test ! -z "$PRNGD_SOCKET" ; then - AC_MSG_RESULT($PRNGD_SOCKET) - else - AC_MSG_RESULT(not found) - fi - fi - ] -) - -# Change default command timeout for hashing entropy source -entropy_timeout=200 -AC_ARG_WITH(entropy-timeout, - [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - entropy_timeout=$withval - fi - ] -) -AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout, - [Builtin PRNG command timeout]) - -SSH_PRIVSEP_USER=sshd -AC_ARG_WITH(privsep-user, - [ --with-privsep-user=user Specify non-privileged user for privilege separation], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - SSH_PRIVSEP_USER=$withval - fi - ] -) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER", - [non-privileged user for privilege separation]) -AC_SUBST(SSH_PRIVSEP_USER) - -# We do this little dance with the search path to insure -# that programs that we select for use by installed programs -# (which may be run by the super-user) come from trusted -# locations before they come from the user's private area. -# This should help avoid accidentally configuring some -# random version of a program in someone's personal bin. - -OPATH=$PATH -PATH=/bin:/usr/bin -test -h /bin 2> /dev/null && PATH=/usr/bin -test -d /sbin && PATH=$PATH:/sbin -test -d /usr/sbin && PATH=$PATH:/usr/sbin -PATH=$PATH:/etc:$OPATH - -# These programs are used by the command hashing source to gather entropy -OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) -OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) -OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp) -OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig) -OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat) -OSSH_PATH_ENTROPY_PROG(PROG_PS, ps) -OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar) -OSSH_PATH_ENTROPY_PROG(PROG_W, w) -OSSH_PATH_ENTROPY_PROG(PROG_WHO, who) -OSSH_PATH_ENTROPY_PROG(PROG_LAST, last) -OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog) -OSSH_PATH_ENTROPY_PROG(PROG_DF, df) -OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat) -OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime) -OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs) -OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail) -# restore PATH -PATH=$OPATH - -# Where does ssh-rand-helper get its randomness from? -INSTALL_SSH_PRNG_CMDS="" -if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then - if test ! -z "$PRNGD_PORT" ; then - RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" - elif test ! -z "$PRNGD_SOCKET" ; then - RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\"" - else - RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)" - RAND_HELPER_CMDHASH=yes - INSTALL_SSH_PRNG_CMDS="yes" - fi -fi -AC_SUBST(INSTALL_SSH_PRNG_CMDS) - - -# Cheap hack to ensure NEWS-OS libraries are arranged right. -if test ! -z "$SONY" ; then - LIBS="$LIBS -liberty"; -fi - -# Check for long long datatypes -AC_CHECK_TYPES([long long, unsigned long long, long double]) - -# Check datatype sizes -AC_CHECK_SIZEOF(char, 1) -AC_CHECK_SIZEOF(short int, 2) -AC_CHECK_SIZEOF(int, 4) -AC_CHECK_SIZEOF(long int, 4) -AC_CHECK_SIZEOF(long long int, 8) - -# Sanity check long long for some platforms (AIX) -if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then - ac_cv_sizeof_long_long_int=0 -fi - -# compute LLONG_MIN and LLONG_MAX if we don't know them. -if test -z "$have_llong_max"; then - AC_MSG_CHECKING([for max value of long long]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -/* Why is this so damn hard? */ -#ifdef __GNUC__ -# undef __GNUC__ -#endif -#define __USE_ISOC99 -#include <limits.h> -#define DATA "conftest.llminmax" -#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) - -/* - * printf in libc on some platforms (eg old Tru64) does not understand %lld so - * we do this the hard way. - */ -static int -fprint_ll(FILE *f, long long n) -{ - unsigned int i; - int l[sizeof(long long) * 8]; - - if (n < 0) - if (fprintf(f, "-") < 0) - return -1; - for (i = 0; n != 0; i++) { - l[i] = my_abs(n % 10); - n /= 10; - } - do { - if (fprintf(f, "%d", l[--i]) < 0) - return -1; - } while (i != 0); - if (fprintf(f, " ") < 0) - return -1; - return 0; -} - -int main(void) { - FILE *f; - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) - exit(1); - -#if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); - llmin = LLONG_MIN; - llmax = LLONG_MAX; -#else - fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); - /* This will work on one's complement and two's complement */ - for (i = 1; i > llmax; i <<= 1, i++) - llmax = i; - llmin = llmax + 1LL; /* wrap */ -#endif - - /* Sanity check */ - if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax || llmin == llmax || llmin == 0 - || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { - fprintf(f, "unknown unknown\n"); - exit(2); - } - - if (fprint_ll(f, llmin) < 0) - exit(3); - if (fprint_ll(f, llmax) < 0) - exit(4); - if (fclose(f) < 0) - exit(5); - exit(0); -} - ]])], - [ - llong_min=`$AWK '{print $1}' conftest.llminmax` - llong_max=`$AWK '{print $2}' conftest.llminmax` - - AC_MSG_RESULT($llong_max) - AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], - [max value of long long calculated by configure]) - AC_MSG_CHECKING([for min value of long long]) - AC_MSG_RESULT($llong_min) - AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL], - [min value of long long calculated by configure]) - ], - [ - AC_MSG_RESULT(not found) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] - ) -fi - - -# More checks for data types -AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ u_int a; a = 1;], - [ ac_cv_have_u_int="yes" ], - [ ac_cv_have_u_int="no" ] - ) -]) -if test "x$ac_cv_have_u_int" = "xyes" ; then - AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type]) - have_u_int=1 -fi - -AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], - [ ac_cv_have_intxx_t="yes" ], - [ ac_cv_have_intxx_t="no" ] - ) -]) -if test "x$ac_cv_have_intxx_t" = "xyes" ; then - AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type]) - have_intxx_t=1 -fi - -if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") -then - AC_MSG_CHECKING([for intXX_t types in stdint.h]) - AC_TRY_COMPILE( - [ #include <stdint.h> ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], - [ - AC_DEFINE(HAVE_INTXX_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#ifdef HAVE_STDINT_H -# include <stdint.h> -#endif -#include <sys/socket.h> -#ifdef HAVE_SYS_BITYPES_H -# include <sys/bitypes.h> -#endif - ], - [ int64_t a; a = 1;], - [ ac_cv_have_int64_t="yes" ], - [ ac_cv_have_int64_t="no" ] - ) -]) -if test "x$ac_cv_have_int64_t" = "xyes" ; then - AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type]) -fi - -AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], - [ ac_cv_have_u_intxx_t="yes" ], - [ ac_cv_have_u_intxx_t="no" ] - ) -]) -if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then - AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type]) - have_u_intxx_t=1 -fi - -if test -z "$have_u_intxx_t" ; then - AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) - AC_TRY_COMPILE( - [ #include <sys/socket.h> ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], - [ - AC_DEFINE(HAVE_U_INTXX_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ u_int64_t a; a = 1;], - [ ac_cv_have_u_int64_t="yes" ], - [ ac_cv_have_u_int64_t="no" ] - ) -]) -if test "x$ac_cv_have_u_int64_t" = "xyes" ; then - AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type]) - have_u_int64_t=1 -fi - -if test -z "$have_u_int64_t" ; then - AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) - AC_TRY_COMPILE( - [ #include <sys/bitypes.h> ], - [ u_int64_t a; a = 1], - [ - AC_DEFINE(HAVE_U_INT64_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -if test -z "$have_u_intxx_t" ; then - AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], - [ ac_cv_have_uintxx_t="yes" ], - [ ac_cv_have_uintxx_t="no" ] - ) - ]) - if test "x$ac_cv_have_uintxx_t" = "xyes" ; then - AC_DEFINE(HAVE_UINTXX_T, 1, - [define if you have uintxx_t data type]) - fi -fi - -if test -z "$have_uintxx_t" ; then - AC_MSG_CHECKING([for uintXX_t types in stdint.h]) - AC_TRY_COMPILE( - [ #include <stdint.h> ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], - [ - AC_DEFINE(HAVE_UINTXX_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") -then - AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) - AC_TRY_COMPILE( - [ -#include <sys/bitypes.h> - ], - [ - int8_t a; int16_t b; int32_t c; - u_int8_t e; u_int16_t f; u_int32_t g; - a = b = c = e = f = g = 1; - ], - [ - AC_DEFINE(HAVE_U_INTXX_T) - AC_DEFINE(HAVE_INTXX_T) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] - ) -fi - - -AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ u_char foo; foo = 125; ], - [ ac_cv_have_u_char="yes" ], - [ ac_cv_have_u_char="no" ] - ) -]) -if test "x$ac_cv_have_u_char" = "xyes" ; then - AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type]) -fi - -TYPE_SOCKLEN_T - -AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>]) - -AC_CHECK_TYPES(in_addr_t,,, -[#include <sys/types.h> -#include <netinet/in.h>]) - -AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ size_t foo; foo = 1235; ], - [ ac_cv_have_size_t="yes" ], - [ ac_cv_have_size_t="no" ] - ) -]) -if test "x$ac_cv_have_size_t" = "xyes" ; then - AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type]) -fi - -AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ ssize_t foo; foo = 1235; ], - [ ac_cv_have_ssize_t="yes" ], - [ ac_cv_have_ssize_t="no" ] - ) -]) -if test "x$ac_cv_have_ssize_t" = "xyes" ; then - AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type]) -fi - -AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ - AC_TRY_COMPILE( - [ -#include <time.h> - ], - [ clock_t foo; foo = 1235; ], - [ ac_cv_have_clock_t="yes" ], - [ ac_cv_have_clock_t="no" ] - ) -]) -if test "x$ac_cv_have_clock_t" = "xyes" ; then - AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type]) -fi - -AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ sa_family_t foo; foo = 1235; ], - [ ac_cv_have_sa_family_t="yes" ], - [ AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> - ], - [ sa_family_t foo; foo = 1235; ], - [ ac_cv_have_sa_family_t="yes" ], - - [ ac_cv_have_sa_family_t="no" ] - )] - ) -]) -if test "x$ac_cv_have_sa_family_t" = "xyes" ; then - AC_DEFINE(HAVE_SA_FAMILY_T, 1, - [define if you have sa_family_t data type]) -fi - -AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ pid_t foo; foo = 1235; ], - [ ac_cv_have_pid_t="yes" ], - [ ac_cv_have_pid_t="no" ] - ) -]) -if test "x$ac_cv_have_pid_t" = "xyes" ; then - AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type]) -fi - -AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ mode_t foo; foo = 1235; ], - [ ac_cv_have_mode_t="yes" ], - [ ac_cv_have_mode_t="no" ] - ) -]) -if test "x$ac_cv_have_mode_t" = "xyes" ; then - AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type]) -fi - - -AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ struct sockaddr_storage s; ], - [ ac_cv_have_struct_sockaddr_storage="yes" ], - [ ac_cv_have_struct_sockaddr_storage="no" ] - ) -]) -if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, - [define if you have struct sockaddr_storage data type]) -fi - -AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <netinet/in.h> - ], - [ struct sockaddr_in6 s; s.sin6_family = 0; ], - [ ac_cv_have_struct_sockaddr_in6="yes" ], - [ ac_cv_have_struct_sockaddr_in6="no" ] - ) -]) -if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, - [define if you have struct sockaddr_in6 data type]) -fi - -AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <netinet/in.h> - ], - [ struct in6_addr s; s.s6_addr[0] = 0; ], - [ ac_cv_have_struct_in6_addr="yes" ], - [ ac_cv_have_struct_in6_addr="no" ] - ) -]) -if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, - [define if you have struct in6_addr data type]) -fi - -AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - ], - [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ], - [ ac_cv_have_struct_addrinfo="yes" ], - [ ac_cv_have_struct_addrinfo="no" ] - ) -]) -if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, - [define if you have struct addrinfo data type]) -fi - -AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ - AC_TRY_COMPILE( - [ #include <sys/time.h> ], - [ struct timeval tv; tv.tv_sec = 1;], - [ ac_cv_have_struct_timeval="yes" ], - [ ac_cv_have_struct_timeval="no" ] - ) -]) -if test "x$ac_cv_have_struct_timeval" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval]) - have_struct_timeval=1 -fi - -AC_CHECK_TYPES(struct timespec) - -# We need int64_t or else certian parts of the compile will fail. -if test "x$ac_cv_have_int64_t" = "xno" && \ - test "x$ac_cv_sizeof_long_int" != "x8" && \ - test "x$ac_cv_sizeof_long_long_int" = "x0" ; then - echo "OpenSSH requires int64_t support. Contact your vendor or install" - echo "an alternative compiler (I.E., GCC) before continuing." - echo "" - exit 1; -else -dnl test snprintf (broken on SCO w/gcc) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#ifdef HAVE_SNPRINTF -main() -{ - char buf[50]; - char expected_out[50]; - int mazsize = 50 ; -#if (SIZEOF_LONG_INT == 8) - long int num = 0x7fffffffffffffff; -#else - long long num = 0x7fffffffffffffffll; -#endif - strcpy(expected_out, "9223372036854775807"); - snprintf(buf, mazsize, "%lld", num); - if(strcmp(buf, expected_out) != 0) - exit(1); - exit(0); -} -#else -main() { exit(0); } -#endif - ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], - AC_MSG_WARN([cross compiling: Assuming working snprintf()]) - ) -fi - -dnl Checks for structure members -OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) - -AC_CHECK_MEMBERS([struct stat.st_blksize]) -AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state, - [Define if we don't have struct __res_state in resolv.h])], -[ -#include <stdio.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <resolv.h> -]) - -AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], - ac_cv_have_ss_family_in_struct_ss, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ struct sockaddr_storage s; s.ss_family = 1; ], - [ ac_cv_have_ss_family_in_struct_ss="yes" ], - [ ac_cv_have_ss_family_in_struct_ss="no" ], - ) -]) -if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage]) -fi - -AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], - ac_cv_have___ss_family_in_struct_ss, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ struct sockaddr_storage s; s.__ss_family = 1; ], - [ ac_cv_have___ss_family_in_struct_ss="yes" ], - [ ac_cv_have___ss_family_in_struct_ss="no" ] - ) -]) -if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1, - [Fields in struct sockaddr_storage]) -fi - -AC_CACHE_CHECK([for pw_class field in struct passwd], - ac_cv_have_pw_class_in_struct_passwd, [ - AC_TRY_COMPILE( - [ -#include <pwd.h> - ], - [ struct passwd p; p.pw_class = 0; ], - [ ac_cv_have_pw_class_in_struct_passwd="yes" ], - [ ac_cv_have_pw_class_in_struct_passwd="no" ] - ) -]) -if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1, - [Define if your password has a pw_class field]) -fi - -AC_CACHE_CHECK([for pw_expire field in struct passwd], - ac_cv_have_pw_expire_in_struct_passwd, [ - AC_TRY_COMPILE( - [ -#include <pwd.h> - ], - [ struct passwd p; p.pw_expire = 0; ], - [ ac_cv_have_pw_expire_in_struct_passwd="yes" ], - [ ac_cv_have_pw_expire_in_struct_passwd="no" ] - ) -]) -if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1, - [Define if your password has a pw_expire field]) -fi - -AC_CACHE_CHECK([for pw_change field in struct passwd], - ac_cv_have_pw_change_in_struct_passwd, [ - AC_TRY_COMPILE( - [ -#include <pwd.h> - ], - [ struct passwd p; p.pw_change = 0; ], - [ ac_cv_have_pw_change_in_struct_passwd="yes" ], - [ ac_cv_have_pw_change_in_struct_passwd="no" ] - ) -]) -if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1, - [Define if your password has a pw_change field]) -fi - -dnl make sure we're using the real structure members and not defines -AC_CACHE_CHECK([for msg_accrights field in struct msghdr], - ac_cv_have_accrights_in_msghdr, [ - AC_COMPILE_IFELSE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -int main() { -#ifdef msg_accrights -#error "msg_accrights is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_accrights = 0; -exit(0); -} - ], - [ ac_cv_have_accrights_in_msghdr="yes" ], - [ ac_cv_have_accrights_in_msghdr="no" ] - ) -]) -if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then - AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1, - [Define if your system uses access rights style - file descriptor passing]) -fi - -AC_CACHE_CHECK([for msg_control field in struct msghdr], - ac_cv_have_control_in_msghdr, [ - AC_COMPILE_IFELSE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -int main() { -#ifdef msg_control -#error "msg_control is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_control = 0; -exit(0); -} - ], - [ ac_cv_have_control_in_msghdr="yes" ], - [ ac_cv_have_control_in_msghdr="no" ] - ) -]) -if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then - AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1, - [Define if your system uses ancillary data style - file descriptor passing]) -fi - -AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ - AC_TRY_LINK([], - [ extern char *__progname; printf("%s", __progname); ], - [ ac_cv_libc_defines___progname="yes" ], - [ ac_cv_libc_defines___progname="no" ] - ) -]) -if test "x$ac_cv_libc_defines___progname" = "xyes" ; then - AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname]) -fi - -AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ - AC_TRY_LINK([ -#include <stdio.h> -], - [ printf("%s", __FUNCTION__); ], - [ ac_cv_cc_implements___FUNCTION__="yes" ], - [ ac_cv_cc_implements___FUNCTION__="no" ] - ) -]) -if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then - AC_DEFINE(HAVE___FUNCTION__, 1, - [Define if compiler implements __FUNCTION__]) -fi - -AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ - AC_TRY_LINK([ -#include <stdio.h> -], - [ printf("%s", __func__); ], - [ ac_cv_cc_implements___func__="yes" ], - [ ac_cv_cc_implements___func__="no" ] - ) -]) -if test "x$ac_cv_cc_implements___func__" = "xyes" ; then - AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__]) -fi - -AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ - AC_TRY_LINK( - [#include <stdarg.h> - va_list x,y;], - [va_copy(x,y);], - [ ac_cv_have_va_copy="yes" ], - [ ac_cv_have_va_copy="no" ] - ) -]) -if test "x$ac_cv_have_va_copy" = "xyes" ; then - AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists]) -fi - -AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ - AC_TRY_LINK( - [#include <stdarg.h> - va_list x,y;], - [__va_copy(x,y);], - [ ac_cv_have___va_copy="yes" ], - [ ac_cv_have___va_copy="no" ] - ) -]) -if test "x$ac_cv_have___va_copy" = "xyes" ; then - AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists]) -fi - -AC_CACHE_CHECK([whether getopt has optreset support], - ac_cv_have_getopt_optreset, [ - AC_TRY_LINK( - [ -#if HAVE_GETOPT_H -#include <getopt.h> -#elif HAVE_UNISTD_H -#include <unistd.h> -#endif - ], - [ extern int optreset; optreset = 0; ], - [ ac_cv_have_getopt_optreset="yes" ], - [ ac_cv_have_getopt_optreset="no" ] - ) -]) -if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then - AC_DEFINE(HAVE_GETOPT_OPTRESET, 1, - [Define if your getopt(3) defines and uses optreset]) -fi - -AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ - AC_TRY_LINK([], - [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], - [ ac_cv_libc_defines_sys_errlist="yes" ], - [ ac_cv_libc_defines_sys_errlist="no" ] - ) -]) -if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then - AC_DEFINE(HAVE_SYS_ERRLIST, 1, - [Define if your system defines sys_errlist[]]) -fi - - -AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ - AC_TRY_LINK([], - [ extern int sys_nerr; printf("%i", sys_nerr);], - [ ac_cv_libc_defines_sys_nerr="yes" ], - [ ac_cv_libc_defines_sys_nerr="no" ] - ) -]) -if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then - AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) -fi - -SCARD_MSG="no" -# Check whether user wants sectok support -AC_ARG_WITH(sectok, - [ --with-sectok Enable smartcard support using libsectok], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}" - LDFLAGS="$LDFLAGS -L${withval}" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${withval}" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${withval}" - fi - fi - AC_CHECK_HEADERS(sectok.h) - if test "$ac_cv_header_sectok_h" != yes; then - AC_MSG_ERROR(Can't find sectok.h) - fi - AC_CHECK_LIB(sectok, sectok_open) - if test "$ac_cv_lib_sectok_sectok_open" != yes; then - AC_MSG_ERROR(Can't find libsectok) - fi - AC_DEFINE(SMARTCARD, 1, - [Define if you want smartcard support]) - AC_DEFINE(USE_SECTOK, 1, - [Define if you want smartcard support - using sectok]) - SCARD_MSG="yes, using sectok" - fi - ] -) - -# Check whether user wants OpenSC support -OPENSC_CONFIG="no" -AC_ARG_WITH(opensc, - [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes" ; then - OPENSC_CONFIG=$withval/bin/opensc-config - else - AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) - fi - if test "$OPENSC_CONFIG" != "no"; then - LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` - LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` - CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" - LIBS="$LIBS $LIBOPENSC_LIBS" - AC_DEFINE(SMARTCARD) - AC_DEFINE(USE_OPENSC, 1, - [Define if you want smartcard support - using OpenSC]) - SCARD_MSG="yes, using OpenSC" - fi - fi - ] -) - -# Check libraries needed by DNS fingerprint support -AC_SEARCH_LIBS(getrrsetbyname, resolv, - [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, - [Define if getrrsetbyname() exists])], - [ - # Needed by our getrrsetbyname() - AC_SEARCH_LIBS(res_query, resolv) - AC_SEARCH_LIBS(dn_expand, resolv) - AC_MSG_CHECKING(if res_query will link) - AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes), - [AC_MSG_RESULT(no) - saved_LIBS="$LIBS" - LIBS="$LIBS -lresolv" - AC_MSG_CHECKING(for res_query in -lresolv) - AC_LINK_IFELSE([ -#include <resolv.h> -int main() -{ - res_query (0, 0, 0, 0, 0); - return 0; -} - ], - [LIBS="$LIBS -lresolv" - AC_MSG_RESULT(yes)], - [LIBS="$saved_LIBS" - AC_MSG_RESULT(no)]) - ]) - AC_CHECK_FUNCS(_getshort _getlong) - AC_CHECK_DECLS([_getshort, _getlong], , , - [#include <sys/types.h> - #include <arpa/nameser.h>]) - AC_CHECK_MEMBER(HEADER.ad, - [AC_DEFINE(HAVE_HEADER_AD, 1, - [Define if HEADER.ad exists in arpa/nameser.h])],, - [#include <arpa/nameser.h>]) - ]) - -# Check whether user wants SELinux support -SELINUX_MSG="no" -LIBSELINUX="" -AC_ARG_WITH(selinux, - [ --with-selinux Enable SELinux support], - [ if test "x$withval" != "xno" ; then - AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) - SELINUX_MSG="yes" - AC_CHECK_HEADER([selinux/selinux.h], , - AC_MSG_ERROR(SELinux support requires selinux.h header)) - AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], - AC_MSG_ERROR(SELinux support requires libselinux library)) - save_LIBS="$LIBS" - LIBS="$LIBS $LIBSELINUX" - AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) - LIBS="$save_LIBS" - fi ] -) -AC_SUBST(LIBSELINUX) - -# Check whether user wants Kerberos 5 support -KRB5_MSG="no" -AC_ARG_WITH(kerberos5, - [ --with-kerberos5=PATH Enable Kerberos 5 support], - [ if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi - - AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support]) - KRB5_MSG="yes" - - AC_MSG_CHECKING(for krb5-config) - if test -x $KRB5ROOT/bin/krb5-config ; then - KRB5CONF=$KRB5ROOT/bin/krb5-config - AC_MSG_RESULT($KRB5CONF) - - AC_MSG_CHECKING(for gssapi support) - if $KRB5CONF | grep gssapi >/dev/null ; then - AC_MSG_RESULT(yes) - AC_DEFINE(GSSAPI, 1, - [Define this if you want GSSAPI - support in the version 2 protocol]) - k5confopts=gssapi - else - AC_MSG_RESULT(no) - k5confopts="" - fi - K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" - K5LIBS="`$KRB5CONF --libs $k5confopts`" - CPPFLAGS="$CPPFLAGS $K5CFLAGS" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include <krb5.h> ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL, 1, - [Define this if you are using the - Heimdal version of Kerberos V5]) ], - AC_MSG_RESULT(no) - ) - else - AC_MSG_RESULT(no) - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include <krb5.h> ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) - K5LIBS="-lkrb5 -ldes" - K5LIBS="$K5LIBS -lcom_err -lasn1" - AC_CHECK_LIB(roken, net_write, - [K5LIBS="$K5LIBS -lroken"]) - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - ] - ) - AC_SEARCH_LIBS(dn_expand, resolv) - - AC_CHECK_LIB(gssapi,gss_init_sec_context, - [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi $K5LIBS" ], - [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, - [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], - AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), - $K5LIBS) - ], - $K5LIBS) - - AC_CHECK_HEADER(gssapi.h, , - [ unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - AC_CHECK_HEADERS(gssapi.h, , - AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) - ) - ] - ) - - oldCPP="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - AC_CHECK_HEADER(gssapi_krb5.h, , - [ CPPFLAGS="$oldCPP" ]) - - fi - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi - - AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h) - AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h) - AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) - - LIBS="$LIBS $K5LIBS" - AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1, - [Define this if you want to use libkafs' AFS support])) - fi - ] -) - -# Looking for programs, paths and files - -PRIVSEP_PATH=/var/empty -AC_ARG_WITH(privsep-path, - [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - PRIVSEP_PATH=$withval - fi - ] -) -AC_SUBST(PRIVSEP_PATH) - -AC_ARG_WITH(xauth, - [ --with-xauth=PATH Specify path to xauth program ], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - xauth_path=$withval - fi - ], - [ - TestPath="$PATH" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" - AC_PATH_PROG(xauth_path, xauth, , $TestPath) - if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then - xauth_path="/usr/openwin/bin/xauth" - fi - ] -) - -STRIP_OPT=-s -AC_ARG_ENABLE(strip, - [ --disable-strip Disable calling strip(1) on install], - [ - if test "x$enableval" = "xno" ; then - STRIP_OPT= - fi - ] -) -AC_SUBST(STRIP_OPT) - -if test -z "$xauth_path" ; then - XAUTH_PATH="undefined" - AC_SUBST(XAUTH_PATH) -else - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path", - [Define if xauth is found in your path]) - XAUTH_PATH=$xauth_path - AC_SUBST(XAUTH_PATH) -fi - -# Check for mail directory (last resort if we cannot get it from headers) -if test ! -z "$MAIL" ; then - maildir=`dirname $MAIL` - AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir", - [Set this to your mail directory if you don't have maillock.h]) -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then - AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) - disable_ptmx_check=yes -fi -if test -z "$no_dev_ptmx" ; then - if test "x$disable_ptmx_check" != "xyes" ; then - AC_CHECK_FILE("/dev/ptmx", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1, - [Define if you have /dev/ptmx]) - have_dev_ptmx=1 - ] - ) - fi -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then - AC_CHECK_FILE("/dev/ptc", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1, - [Define if you have /dev/ptc]) - have_dev_ptc=1 - ] - ) -else - AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) -fi - -# Options from here on. Some of these are preset by platform above -AC_ARG_WITH(mantype, - [ --with-mantype=man|cat|doc Set man page type], - [ - case "$withval" in - man|cat|doc) - MANTYPE=$withval - ;; - *) - AC_MSG_ERROR(invalid man type: $withval) - ;; - esac - ] -) -if test -z "$MANTYPE"; then - TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" - AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath) - if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=doc - elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=man - else - MANTYPE=cat - fi -fi -AC_SUBST(MANTYPE) -if test "$MANTYPE" = "doc"; then - mansubdir=man; -else - mansubdir=$MANTYPE; -fi -AC_SUBST(mansubdir) - -# Check whether to enable MD5 passwords -MD5_MSG="no" -AC_ARG_WITH(md5-passwords, - [ --with-md5-passwords Enable use of MD5 passwords], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(HAVE_MD5_PASSWORDS, 1, - [Define if you want to allow MD5 passwords]) - MD5_MSG="yes" - fi - ] -) - -# Whether to disable shadow password support -AC_ARG_WITH(shadow, - [ --without-shadow Disable shadow password support], - [ - if test "x$withval" = "xno" ; then - AC_DEFINE(DISABLE_SHADOW) - disable_shadow=yes - fi - ] -) - -if test -z "$disable_shadow" ; then - AC_MSG_CHECKING([if the systems has expire shadow information]) - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <shadow.h> - struct spwd sp; - ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], - [ sp_expire_available=yes ], [] - ) - - if test "x$sp_expire_available" = "xyes" ; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAS_SHADOW_EXPIRE, 1, - [Define if you want to use shadow password expire field]) - else - AC_MSG_RESULT(no) - fi -fi - -# Use ip address instead of hostname in $DISPLAY -if test ! -z "$IPADDR_IN_DISPLAY" ; then - DISPLAY_HACK_MSG="yes" - AC_DEFINE(IPADDR_IN_DISPLAY, 1, - [Define if you need to use IP address - instead of hostname in $DISPLAY]) -else - DISPLAY_HACK_MSG="no" - AC_ARG_WITH(ipaddr-display, - [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(IPADDR_IN_DISPLAY) - DISPLAY_HACK_MSG="yes" - fi - ] - ) -fi - -# check for /etc/default/login and use it if present. -AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], - [ if test "x$enableval" = "xno"; then - AC_MSG_NOTICE([/etc/default/login handling disabled]) - etc_default_login=no - else - etc_default_login=yes - fi ], - [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; - then - AC_MSG_WARN([cross compiling: not checking /etc/default/login]) - etc_default_login=no - else - etc_default_login=yes - fi ] -) - -if test "x$etc_default_login" != "xno"; then - AC_CHECK_FILE("/etc/default/login", - [ external_path_file=/etc/default/login ]) - if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1, - [Define if your system has /etc/default/login]) - fi -fi - -dnl BSD systems use /etc/login.conf so --with-default-path= has no effect -if test $ac_cv_func_login_getcapbool = "yes" && \ - test $ac_cv_header_login_cap_h = "yes" ; then - external_path_file=/etc/login.conf -fi - -# Whether to mess with the default path -SERVER_PATH_MSG="(default)" -AC_ARG_WITH(default-path, - [ --with-default-path= Specify default \$PATH environment for server], - [ - if test "x$external_path_file" = "x/etc/login.conf" ; then - AC_MSG_WARN([ ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead.]) - elif test "x$withval" != "xno" ; then - if test ! -z "$external_path_file" ; then - AC_MSG_WARN([ ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file .]) - fi - user_path="$withval" - SERVER_PATH_MSG="$withval" - fi - ], - [ if test "x$external_path_file" = "x/etc/login.conf" ; then - AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) - else - if test ! -z "$external_path_file" ; then - AC_MSG_WARN([ -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work.]) - fi - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -/* find out what STDPATH is */ -#include <stdio.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifndef _PATH_STDPATH -# ifdef _PATH_USERPATH /* Irix */ -# define _PATH_STDPATH _PATH_USERPATH -# else -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" -# endif -#endif -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#define DATA "conftest.stdpath" - -main() -{ - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) - exit(1); - - exit(0); -} - ]])], - [ user_path=`cat conftest.stdpath` ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] - ) -# make sure $bindir is in USER_PATH so scp will work - t_bindir=`eval echo ${bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; - esac - echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - user_path=$user_path:$t_bindir - AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work) - fi - fi - fi ] -) -if test "x$external_path_file" != "x/etc/login.conf" ; then - AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH]) - AC_SUBST(user_path) -fi - -# Set superuser path separately to user path -AC_ARG_WITH(superuser-path, - [ --with-superuser-path= Specify different path for super-user], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval", - [Define if you want a different $PATH - for the superuser]) - superuser_path=$withval - fi - ] -) - - -AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) -IPV4_IN6_HACK_MSG="no" -AC_ARG_WITH(4in6, - [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], - [ - if test "x$withval" != "xno" ; then - AC_MSG_RESULT(yes) - AC_DEFINE(IPV4_IN_IPV6, 1, - [Detect IPv4 in IPv6 mapped addresses - and treat as IPv4]) - IPV4_IN6_HACK_MSG="yes" - else - AC_MSG_RESULT(no) - fi - ],[ - if test "x$inet6_default_4in6" = "xyes"; then - AC_MSG_RESULT([yes (default)]) - AC_DEFINE(IPV4_IN_IPV6) - IPV4_IN6_HACK_MSG="yes" - else - AC_MSG_RESULT([no (default)]) - fi - ] -) - -# Whether to enable BSD auth support -BSD_AUTH_MSG=no -AC_ARG_WITH(bsd-auth, - [ --with-bsd-auth Enable BSD auth support], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(BSD_AUTH, 1, - [Define if you have BSD auth support]) - BSD_AUTH_MSG=yes - fi - ] -) - -# Where to place sshd.pid -piddir=/var/run -# make sure the directory exists -if test ! -d $piddir ; then - piddir=`eval echo ${sysconfdir}` - case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; - esac -fi - -AC_ARG_WITH(pid-dir, - [ --with-pid-dir=PATH Specify location of ssh.pid file], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - piddir=$withval - if test ! -d $piddir ; then - AC_MSG_WARN([** no $piddir directory on this system **]) - fi - fi - ] -) - -AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid]) -AC_SUBST(piddir) - -dnl allow user to disable some login recording features -AC_ARG_ENABLE(lastlog, - [ --disable-lastlog disable use of lastlog even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_LASTLOG) - fi - ] -) -AC_ARG_ENABLE(utmp, - [ --disable-utmp disable use of utmp even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_UTMP) - fi - ] -) -AC_ARG_ENABLE(utmpx, - [ --disable-utmpx disable use of utmpx even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_UTMPX, 1, - [Define if you don't want to use utmpx]) - fi - ] -) -AC_ARG_ENABLE(wtmp, - [ --disable-wtmp disable use of wtmp even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_WTMP) - fi - ] -) -AC_ARG_ENABLE(wtmpx, - [ --disable-wtmpx disable use of wtmpx even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_WTMPX, 1, - [Define if you don't want to use wtmpx]) - fi - ] -) -AC_ARG_ENABLE(libutil, - [ --disable-libutil disable use of libutil (login() etc.) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_LOGIN) - fi - ] -) -AC_ARG_ENABLE(pututline, - [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTLINE, 1, - [Define if you don't want to use pututline() - etc. to write [uw]tmp]) - fi - ] -) -AC_ARG_ENABLE(pututxline, - [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTXLINE, 1, - [Define if you don't want to use pututxline() - etc. to write [uw]tmpx]) - fi - ] -) -AC_ARG_WITH(lastlog, - [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], - [ - if test "x$withval" = "xno" ; then - AC_DEFINE(DISABLE_LASTLOG) - elif test -n "$withval" && test "x${withval}" != "xyes"; then - conf_lastlog_location=$withval - fi - ] -) - -dnl lastlog, [uw]tmpx? detection -dnl NOTE: set the paths in the platform section to avoid the -dnl need for command-line parameters -dnl lastlog and [uw]tmp are subject to a file search if all else fails - -dnl lastlog detection -dnl NOTE: the code itself will detect if lastlog is a directory -AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifdef HAVE_LOGIN_H -# include <login.h> -#endif - ], - [ char *lastlog = LASTLOG_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ - AC_MSG_RESULT(no) - AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *lastlog = _PATH_LASTLOG; ], - [ AC_MSG_RESULT(yes) ], - [ - AC_MSG_RESULT(no) - system_lastlog_path=no - ]) - ] -) - -if test -z "$conf_lastlog_location"; then - if test x"$system_lastlog_path" = x"no" ; then - for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do - if (test -d "$f" || test -f "$f") ; then - conf_lastlog_location=$f - fi - done - if test -z "$conf_lastlog_location"; then - AC_MSG_WARN([** Cannot find lastlog **]) - dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx - fi - fi -fi - -if test -n "$conf_lastlog_location"; then - AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", - [Define if you want to specify the path to your lastlog file]) -fi - -dnl utmp detection -AC_MSG_CHECKING([if your system defines UTMP_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *utmp = UTMP_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_utmp_path=no ] -) -if test -z "$conf_utmp_location"; then - if test x"$system_utmp_path" = x"no" ; then - for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do - if test -f $f ; then - conf_utmp_location=$f - fi - done - if test -z "$conf_utmp_location"; then - AC_DEFINE(DISABLE_UTMP) - fi - fi -fi -if test -n "$conf_utmp_location"; then - AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", - [Define if you want to specify the path to your utmp file]) -fi - -dnl wtmp detection -AC_MSG_CHECKING([if your system defines WTMP_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *wtmp = WTMP_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_wtmp_path=no ] -) -if test -z "$conf_wtmp_location"; then - if test x"$system_wtmp_path" = x"no" ; then - for f in /usr/adm/wtmp /var/log/wtmp; do - if test -f $f ; then - conf_wtmp_location=$f - fi - done - if test -z "$conf_wtmp_location"; then - AC_DEFINE(DISABLE_WTMP) - fi - fi -fi -if test -n "$conf_wtmp_location"; then - AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", - [Define if you want to specify the path to your wtmp file]) -fi - - -dnl utmpx detection - I don't know any system so perverse as to require -dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out -dnl there, though. -AC_MSG_CHECKING([if your system defines UTMPX_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *utmpx = UTMPX_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_utmpx_path=no ] -) -if test -z "$conf_utmpx_location"; then - if test x"$system_utmpx_path" = x"no" ; then - AC_DEFINE(DISABLE_UTMPX) - fi -else - AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", - [Define if you want to specify the path to your utmpx file]) -fi - -dnl wtmpx detection -AC_MSG_CHECKING([if your system defines WTMPX_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *wtmpx = WTMPX_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_wtmpx_path=no ] -) -if test -z "$conf_wtmpx_location"; then - if test x"$system_wtmpx_path" = x"no" ; then - AC_DEFINE(DISABLE_WTMPX) - fi -else - AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", - [Define if you want to specify the path to your wtmpx file]) -fi - - -if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS $blibflags$blibpath" - AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) -fi - -dnl Adding -Werror to CFLAGS early prevents configure tests from running. -dnl Add now. -CFLAGS="$CFLAGS $werror_flags" - -AC_EXEEXT -AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ - openbsd-compat/Makefile openbsd-compat/regress/Makefile \ - scard/Makefile ssh_prng_cmds survey.sh]) -AC_OUTPUT - -# Print summary of options - -# Someone please show me a better way :) -A=`eval echo ${prefix}` ; A=`eval echo ${A}` -B=`eval echo ${bindir}` ; B=`eval echo ${B}` -C=`eval echo ${sbindir}` ; C=`eval echo ${C}` -D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` -E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` -F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` -G=`eval echo ${piddir}` ; G=`eval echo ${G}` -H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` -I=`eval echo ${user_path}` ; I=`eval echo ${I}` -J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` - -echo "" -echo "OpenSSH has been configured with the following options:" -echo " User binaries: $B" -echo " System binaries: $C" -echo " Configuration files: $D" -echo " Askpass program: $E" -echo " Manual pages: $F" -echo " PID file: $G" -echo " Privilege separation chroot path: $H" -if test "x$external_path_file" = "x/etc/login.conf" ; then -echo " At runtime, sshd will use the path defined in $external_path_file" -echo " Make sure the path to scp is present, otherwise scp will not work" -else -echo " sshd default user PATH: $I" - if test ! -z "$external_path_file"; then -echo " (If PATH is set in $external_path_file it will be used instead. If" -echo " used, ensure the path to scp is present, otherwise scp will not work.)" - fi -fi -if test ! -z "$superuser_path" ; then -echo " sshd superuser user PATH: $J" -fi -echo " Manpage format: $MANTYPE" -echo " PAM support: $PAM_MSG" -echo " OSF SIA support: $SIA_MSG" -echo " KerberosV support: $KRB5_MSG" -echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" -echo " S/KEY support: $SKEY_MSG" -echo " OPIE support: $OPIE_MSG" -echo " TCP Wrappers support: $TCPW_MSG" -echo " MD5 password support: $MD5_MSG" -echo " libedit support: $LIBEDIT_MSG" -echo " Solaris process contract support: $SPC_MSG" -echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" -echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" -echo " BSD Auth support: $BSD_AUTH_MSG" -echo " Random number source: $RAND_MSG" -if test ! -z "$USE_RAND_HELPER" ; then -echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" -fi - -echo "" - -echo " Host: ${host}" -echo " Compiler: ${CC}" -echo " Compiler flags: ${CFLAGS}" -echo "Preprocessor flags: ${CPPFLAGS}" -echo " Linker flags: ${LDFLAGS}" -echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" - -echo "" - -if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"" - echo "" -fi - -if test "x$PAM_MSG" = "xyes" ; then - echo "PAM is enabled. You may need to install a PAM control file " - echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " - echo "subdirectory" - echo "" -fi - -if test ! -z "$RAND_HELPER_CMDHASH" ; then - echo "WARNING: you are using the builtin random number collection " - echo "service. Please read WARNING.RNG and request that your OS " - echo "vendor includes kernel-based random number collection in " - echo "future versions of your OS." - echo "" -fi - -if test ! -z "$NO_PEERCHECK" ; then - echo "WARNING: the operating system that you are using does not " - echo "appear to support either the getpeereid() API nor the " - echo "SO_PEERCRED getsockopt() option. These facilities are used to " - echo "enforce security checks to prevent unauthorised connections to " - echo "ssh-agent. Their absence increases the risk that a malicious " - echo "user can connect to your agent. " - echo "" -fi - -if test "$AUDIT_MODULE" = "bsm" ; then - echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." - echo "See the Solaris section in README.platform for details." -fi diff --git a/crypto/openssh/install-sh b/crypto/openssh/install-sh deleted file mode 100755 index 220abbf..0000000 --- a/crypto/openssh/install-sh +++ /dev/null @@ -1,251 +0,0 @@ -#!/bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5 (mit/util/scripts/install.sh). -# -# Copyright 1991 by the Massachusetts Institute of Technology -# -# Permission to use, copy, modify, distribute, and sell this software and its -# documentation for any purpose is hereby granted without fee, provided that -# the above copyright notice appear in all copies and that both that -# copyright notice and this permission notice appear in supporting -# documentation, and that the name of M.I.T. not be used in advertising or -# publicity pertaining to distribution of the software without specific, -# written prior permission. M.I.T. makes no representations about the -# suitability of this software for any purpose. It is provided "as is" -# without express or implied warranty. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. It can only install one file at a time, a restriction -# shared with many OS's install programs. - - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -else - true -fi - -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - chmodcmd="" - else - instcmd=mkdir - fi -else - -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. - - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi - -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi - -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` - -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script - -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" - -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" - -pathcomp='' - -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift - - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi - - pathcomp="${pathcomp}/" -done -fi - -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else - -# If we're going to rename the final executable, determine the name now. - - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi - -# don't allow the sed command to completely eliminate the filename - - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi - -# Make a temp file name in the proper directory. - - dsttmp=$dstdir/#inst.$$# - -# Move or copy the file name to the temp name - - $doit $instcmd $src $dsttmp && - - trap "rm -f ${dsttmp}" 0 && - -# and set any options; do chmod last to preserve setuid bits - -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && - -# Now rename the file to the real destination. - - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile - -fi && - - -exit 0 diff --git a/crypto/openssh/mdoc2man.awk b/crypto/openssh/mdoc2man.awk deleted file mode 100644 index d6eaf46..0000000 --- a/crypto/openssh/mdoc2man.awk +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/bin/awk -# -# Version history: -# v3, I put the program under a proper license -# Dan Nelson <dnelson@allantgroup.com> added .An, .Aq and fixed a typo -# v2, fixed to work on GNU awk --posix and MacOS X -# v1, first attempt, didn't work on MacOS X -# -# Copyright (c) 2003 Peter Stuge <stuge-mdoc2man@cdy.org> -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - -BEGIN { - optlist=0 - oldoptlist=0 - nospace=0 - synopsis=0 - reference=0 - block=0 - ext=0 - extopt=0 - literal=0 - prenl=0 - breakw=0 - line="" -} - -function wtail() { - retval="" - while(w<nwords) { - if(length(retval)) - retval=retval OFS - retval=retval words[++w] - } - return retval -} - -function add(str) { - for(;prenl;prenl--) - line=line "\n" - line=line str -} - -! /^\./ { - for(;prenl;prenl--) - print "" - print - if(literal) - print ".br" - next -} - -/^\.\\"/ { next } - -{ - option=0 - parens=0 - angles=0 - sub("^\\.","") - nwords=split($0,words) - for(w=1;w<=nwords;w++) { - skip=0 - if(match(words[w],"^Li|Pf$")) { - skip=1 - } else if(match(words[w],"^Xo$")) { - skip=1 - ext=1 - if(length(line)&&!(match(line," $")||prenl)) - add(OFS) - } else if(match(words[w],"^Xc$")) { - skip=1 - ext=0 - if(!extopt) - prenl++ - w=nwords - } else if(match(words[w],"^Bd$")) { - skip=1 - if(match(words[w+1],"-literal")) { - literal=1 - prenl++ - w=nwords - } - } else if(match(words[w],"^Ed$")) { - skip=1 - literal=0 - } else if(match(words[w],"^Ns$")) { - skip=1 - if(!nospace) - nospace=1 - sub(" $","",line) - } else if(match(words[w],"^No$")) { - skip=1 - sub(" $","",line) - add(words[++w]) - } else if(match(words[w],"^Dq$")) { - skip=1 - add("``") - add(words[++w]) - while(w<nwords&&!match(words[w+1],"^[\\.,]")) - add(OFS words[++w]) - add("''") - if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 - } else if(match(words[w],"^Sq|Ql$")) { - skip=1 - add("`" words[++w] "'") - if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 - } else if(match(words[w],"^Oo$")) { - skip=1 - extopt=1 - if(!nospace) - nospace=1 - add("[") - } else if(match(words[w],"^Oc$")) { - skip=1 - extopt=0 - add("]") - } - if(!skip) { - if(!nospace&&length(line)&&!(match(line," $")||prenl)) - add(OFS) - if(nospace==1) - nospace=0 - } - if(match(words[w],"^Dd$")) { - date=wtail() - next - } else if(match(words[w],"^Dt$")) { - id=wtail() - next - } else if(match(words[w],"^Ox$")) { - add("OpenBSD") - skip=1 - } else if(match(words[w],"^Os$")) { - add(".TH " id " \"" date "\" \"" wtail() "\"") - } else if(match(words[w],"^Sh$")) { - add(".SH") - synopsis=match(words[w+1],"SYNOPSIS") - } else if(match(words[w],"^Xr$")) { - add("\\fB" words[++w] "\\fP(" words[++w] ")" words[++w]) - } else if(match(words[w],"^Rs$")) { - split("",refauthors) - nrefauthors=0 - reftitle="" - refissue="" - refdate="" - refopt="" - reference=1 - next - } else if(match(words[w],"^Re$")) { - prenl++ - for(i=nrefauthors-1;i>0;i--) { - add(refauthors[i]) - if(i>1) - add(", ") - } - if(nrefauthors>1) - add(" and ") - add(refauthors[0] ", \\fI" reftitle "\\fP") - if(length(refissue)) - add(", " refissue) - if(length(refdate)) - add(", " refdate) - if(length(refopt)) - add(", " refopt) - add(".") - reference=0 - } else if(reference) { - if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() } - if(match(words[w],"^%T$")) { - reftitle=wtail() - sub("^\"","",reftitle) - sub("\"$","",reftitle) - } - if(match(words[w],"^%N$")) { refissue=wtail() } - if(match(words[w],"^%D$")) { refdate=wtail() } - if(match(words[w],"^%O$")) { refopt=wtail() } - } else if(match(words[w],"^Nm$")) { - if(synopsis) { - add(".br") - prenl++ - } - n=words[++w] - if(!length(name)) - name=n - if(!length(n)) - n=name - add("\\fB" n "\\fP") - if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 - } else if(match(words[w],"^Nd$")) { - add("\\- " wtail()) - } else if(match(words[w],"^Fl$")) { - add("\\fB\\-" words[++w] "\\fP") - if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 - } else if(match(words[w],"^Ar$")) { - add("\\fI") - if(w==nwords) - add("file ...\\fP") - else { - add(words[++w] "\\fP") - while(match(words[w+1],"^\\|$")) - add(OFS words[++w] " \\fI" words[++w] "\\fP") - } - if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 - } else if(match(words[w],"^Cm$")) { - add("\\fB" words[++w] "\\fP") - while(w<nwords&&match(words[w+1],"^[\\.,:;)]")) - add(words[++w]) - } else if(match(words[w],"^Op$")) { - option=1 - if(!nospace) - nospace=1 - add("[") - } else if(match(words[w],"^Pp$")) { - prenl++ - } else if(match(words[w],"^An$")) { - prenl++ - } else if(match(words[w],"^Ss$")) { - add(".SS") - } else if(match(words[w],"^Pa$")&&!option) { - add("\\fI") - w++ - if(match(words[w],"^\\.")) - add("\\&") - add(words[w] "\\fP") - while(w<nwords&&match(words[w+1],"^[\\.,:;)]")) - add(words[++w]) - } else if(match(words[w],"^Dv$")) { - add(".BR") - } else if(match(words[w],"^Em|Ev$")) { - add(".IR") - } else if(match(words[w],"^Pq$")) { - add("(") - nospace=1 - parens=1 - } else if(match(words[w],"^Aq$")) { - add("<") - nospace=1 - angles=1 - } else if(match(words[w],"^S[xy]$")) { - add(".B " wtail()) - } else if(match(words[w],"^Ic$")) { - plain=1 - add("\\fB") - while(w<nwords) { - w++ - if(match(words[w],"^Op$")) { - w++ - add("[") - words[nwords]=words[nwords] "]" - } - if(match(words[w],"^Ar$")) { - add("\\fI" words[++w] "\\fP") - } else if(match(words[w],"^[\\.,]")) { - sub(" $","",line) - if(plain) { - add("\\fP") - plain=0 - } - add(words[w]) - } else { - if(!plain) { - add("\\fB") - plain=1 - } - add(words[w]) - } - if(!nospace) - add(OFS) - } - sub(" $","",line) - if(plain) - add("\\fP") - } else if(match(words[w],"^Bl$")) { - oldoptlist=optlist - if(match(words[w+1],"-bullet")) - optlist=1 - else if(match(words[w+1],"-enum")) { - optlist=2 - enum=0 - } else if(match(words[w+1],"-tag")) - optlist=3 - else if(match(words[w+1],"-item")) - optlist=4 - else if(match(words[w+1],"-bullet")) - optlist=1 - w=nwords - } else if(match(words[w],"^El$")) { - optlist=oldoptlist - } else if(match(words[w],"^Bk$")) { - if(match(words[w+1],"-words")) { - w++ - breakw=1 - } - } else if(match(words[w],"^Ek$")) { - breakw=0 - } else if(match(words[w],"^It$")&&optlist) { - if(optlist==1) - add(".IP \\(bu") - else if(optlist==2) - add(".IP " ++enum ".") - else if(optlist==3) { - add(".TP") - prenl++ - if(match(words[w+1],"^Pa$|^Ev$")) { - add(".B") - w++ - } - } else if(optlist==4) - add(".IP") - } else if(match(words[w],"^Sm$")) { - if(match(words[w+1],"off")) - nospace=2 - else if(match(words[w+1],"on")) - nospace=0 - w++ - } else if(!skip) { - add(words[w]) - } - } - if(match(line,"^\\.[^a-zA-Z]")) - sub("^\\.","",line) - if(parens) - add(")") - if(angles) - add(">") - if(option) - add("]") - if(ext&&!extopt&&!match(line," $")) - add(OFS) - if(!ext&&!extopt&&length(line)) { - print line - prenl=0 - line="" - } -} diff --git a/crypto/openssh/nchan.ms b/crypto/openssh/nchan.ms deleted file mode 100644 index 5757601..0000000 --- a/crypto/openssh/nchan.ms +++ /dev/null @@ -1,99 +0,0 @@ -.\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $ -.\" -.\" -.\" Copyright (c) 1999 Markus Friedl. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.TL -OpenSSH Channel Close Protocol 1.5 Implementation -.SH -Channel Input State Diagram -.PS -reset -l=1 -s=1.2 -ellipsewid=s*ellipsewid -boxwid=s*boxwid -ellipseht=s*ellipseht -S1: ellipse "INPUT" "OPEN" -move right 2*l from last ellipse.e -S4: ellipse "INPUT" "CLOSED" -move down l from last ellipse.s -S3: ellipse "INPUT" "WAIT" "OCLOSED" -move down l from 1st ellipse.s -S2: ellipse "INPUT" "WAIT" "DRAIN" -arrow "" "rcvd OCLOSE/" "shutdown_read" "send IEOF" from S1.e to S4.w -arrow "ibuf_empty/" "send IEOF" from S2.e to S3.w -arrow from S1.s to S2.n -box invis "read_failed/" "shutdown_read" with .e at last arrow.c -arrow from S3.n to S4.s -box invis "rcvd OCLOSE/" "-" with .w at last arrow.c -ellipse wid .9*ellipsewid ht .9*ellipseht at S4 -arrow "start" "" from S1.w+(-0.5,0) to S1.w -arrow from S2.ne to S4.sw -box invis "rcvd OCLOSE/ " with .e at last arrow.c -box invis " send IEOF" with .w at last arrow.c -.PE -.SH -Channel Output State Diagram -.PS -S1: ellipse "OUTPUT" "OPEN" -move right 2*l from last ellipse.e -S3: ellipse "OUTPUT" "WAIT" "IEOF" -move down l from last ellipse.s -S4: ellipse "OUTPUT" "CLOSED" -move down l from 1st ellipse.s -S2: ellipse "OUTPUT" "WAIT" "DRAIN" -arrow "" "write_failed/" "shutdown_write" "send OCLOSE" from S1.e to S3.w -arrow "obuf_empty ||" "write_failed/" "shutdown_write" "send OCLOSE" from S2.e to S4.w -arrow from S1.s to S2.n -box invis "rcvd IEOF/" "-" with .e at last arrow.c -arrow from S3.s to S4.n -box invis "rcvd IEOF/" "-" with .w at last arrow.c -ellipse wid .9*ellipsewid ht .9*ellipseht at S4 -arrow "start" "" from S1.w+(-0.5,0) to S1.w -.PE -.SH -Notes -.PP -The input buffer is filled with data from the socket -(the socket represents the local consumer/producer of the -forwarded channel). -The data is then sent over the INPUT-end (transmit-end) of the channel to the -remote peer. -Data sent by the peer is received on the OUTPUT-end (receive-end), -saved in the output buffer and written to the socket. -.PP -If the local protocol instance has forwarded all data on the -INPUT-end of the channel, it sends an IEOF message to the peer. -If the peer receives the IEOF and has consumed all -data he replies with an OCLOSE. -When the local instance receives the OCLOSE -he considers the INPUT-half of the channel closed. -The peer has his OUTOUT-half closed. -.PP -A channel can be deallocated by a protocol instance -if both the INPUT- and the OUTOUT-half on his -side of the channel are closed. -Note that when an instance is unable to consume the -received data, he is permitted to send an OCLOSE -before the matching IEOF is received. diff --git a/crypto/openssh/nchan2.ms b/crypto/openssh/nchan2.ms deleted file mode 100644 index a7a67b1..0000000 --- a/crypto/openssh/nchan2.ms +++ /dev/null @@ -1,88 +0,0 @@ -.\" $OpenBSD: nchan2.ms,v 1.3 2003/11/21 11:57:03 djm Exp $ -.\" -.\" Copyright (c) 2000 Markus Friedl. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.TL -OpenSSH Channel Close Protocol 2.0 Implementation -.SH -Channel Input State Diagram -.PS -reset -l=1 -s=1.2 -ellipsewid=s*ellipsewid -boxwid=s*boxwid -ellipseht=s*ellipseht -S1: ellipse "INPUT" "OPEN" -move right 2*l from last ellipse.e -S3: ellipse invis -move down l from last ellipse.s -S4: ellipse "INPUT" "CLOSED" -move down l from 1st ellipse.s -S2: ellipse "INPUT" "WAIT" "DRAIN" -arrow from S1.e to S4.n -box invis "rcvd CLOSE/" "shutdown_read" with .sw at last arrow.c -arrow "ibuf_empty ||" "rcvd CLOSE/" "send EOF" "" from S2.e to S4.w -arrow from S1.s to S2.n -box invis "read_failed/" "shutdown_read" with .e at last arrow.c -ellipse wid .9*ellipsewid ht .9*ellipseht at S4 -arrow "start" "" from S1.w+(-0.5,0) to S1.w -.PE -.SH -Channel Output State Diagram -.PS -S1: ellipse "OUTPUT" "OPEN" -move right 2*l from last ellipse.e -S3: ellipse invis -move down l from last ellipse.s -S4: ellipse "OUTPUT" "CLOSED" -move down l from 1st ellipse.s -S2: ellipse "OUTPUT" "WAIT" "DRAIN" -arrow from S1.e to S4.n -box invis "write_failed/" "shutdown_write" with .sw at last arrow.c -arrow "obuf_empty ||" "write_failed/" "shutdown_write" "" from S2.e to S4.w -arrow from S1.s to S2.n -box invis "rcvd EOF ||" "rcvd CLOSE/" "-" with .e at last arrow.c -ellipse wid .9*ellipsewid ht .9*ellipseht at S4 -arrow "start" "" from S1.w+(-0.5,0) to S1.w -.PE -.SH -Notes -.PP -The input buffer is filled with data from the socket -(the socket represents the local consumer/producer of the -forwarded channel). -The data is then sent over the INPUT-end (transmit-end) of the channel to the -remote peer. -Data sent by the peer is received on the OUTPUT-end (receive-end), -saved in the output buffer and written to the socket. -.PP -If the local protocol instance has forwarded all data on the -INPUT-end of the channel, it sends an EOF message to the peer. -.PP -A CLOSE message is sent to the peer if -both the INPUT- and the OUTOUT-half of the local -end of the channel are closed. -.PP -The channel can be deallocated by a protocol instance -if a CLOSE message he been both sent and received. diff --git a/crypto/openssh/openbsd-compat/Makefile.in b/crypto/openssh/openbsd-compat/Makefile.in deleted file mode 100644 index 9f06605..0000000 --- a/crypto/openssh/openbsd-compat/Makefile.in +++ /dev/null @@ -1,42 +0,0 @@ -# $Id: Makefile.in,v 1.40 2006/08/30 17:24:41 djm Exp $ - -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -VPATH=@srcdir@ -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -LIBS=@LIBS@ -AR=@AR@ -RANLIB=@RANLIB@ -INSTALL=@INSTALL@ -LDFLAGS=-L. @LDFLAGS@ - -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o - -COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o - -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o - -.c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - -all: libopenbsd-compat.a - -$(COMPAT): ../config.h -$(OPENBSD): ../config.h -$(PORTS): ../config.h - -libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) - $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) - $(RANLIB) $@ - -clean: - rm -f *.o *.a core - -distclean: clean - rm -f Makefile *~ diff --git a/crypto/openssh/openbsd-compat/regress/Makefile.in b/crypto/openssh/openbsd-compat/regress/Makefile.in deleted file mode 100644 index bcf214b..0000000 --- a/crypto/openssh/openbsd-compat/regress/Makefile.in +++ /dev/null @@ -1,38 +0,0 @@ -# $Id: Makefile.in,v 1.4 2006/08/19 09:12:14 dtucker Exp $ - -sysconfdir=@sysconfdir@ -piddir=@piddir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -VPATH=@srcdir@ -CC=@CC@ -LD=@LD@ -CFLAGS=@CFLAGS@ -CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@ -EXEEXT=@EXEEXT@ -LIBCOMPAT=../libopenbsd-compat.a -LIBS=@LIBS@ -LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) - -TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ - strtonumtest$(EXEEXT) - -all: t-exec ${OTHERTESTS} - -%$(EXEEXT): %.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) - -t-exec: $(TESTPROGS) - @echo running compat regress tests - @for TEST in ""$?; do \ - echo "run test $${TEST}" ... 1>&2; \ - ./$${TEST}$(EXEEXT) || exit $$? ; \ - done - @echo finished compat regress tests - -clean: - rm -f *.o *.a core $(TESTPROGS) valid.out - -distclean: clean - rm -f Makefile *~ diff --git a/crypto/openssh/openbsd-compat/regress/closefromtest.c b/crypto/openssh/openbsd-compat/regress/closefromtest.c deleted file mode 100644 index feb1b56..0000000 --- a/crypto/openssh/openbsd-compat/regress/closefromtest.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2006 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <sys/stat.h> - -#include <fcntl.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#define NUM_OPENS 10 - -void -fail(char *msg) -{ - fprintf(stderr, "closefrom: %s\n", msg); - exit(1); -} - -int -main(void) -{ - int i, max, fds[NUM_OPENS]; - char buf[512]; - - for (i = 0; i < NUM_OPENS; i++) - if ((fds[i] = open("/dev/null", "r")) == -1) - exit(0); /* can't test */ - max = i - 1; - - /* should close last fd only */ - closefrom(fds[max]); - if (close(fds[max]) != -1) - fail("failed to close highest fd"); - - /* make sure we can still use remaining descriptors */ - for (i = 0; i < max; i++) - if (read(fds[i], buf, sizeof(buf)) == -1) - fail("closed descriptors it should not have"); - - /* should close all fds */ - closefrom(fds[0]); - for (i = 0; i < NUM_OPENS; i++) - if (close(fds[i]) != -1) - fail("failed to close from lowest fd"); -} diff --git a/crypto/openssh/openbsd-compat/regress/snprintftest.c b/crypto/openssh/openbsd-compat/regress/snprintftest.c deleted file mode 100644 index 4ca63e1..0000000 --- a/crypto/openssh/openbsd-compat/regress/snprintftest.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2005 Darren Tucker - * Copyright (c) 2005 Damien Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define BUFSZ 2048 - -#include <sys/types.h> -#include <stdlib.h> -#include <stdio.h> -#include <stdarg.h> -#include <string.h> - -static int failed = 0; - -static void -fail(const char *m) -{ - fprintf(stderr, "snprintftest: %s\n", m); - failed = 1; -} - -int x_snprintf(char *str, size_t count, const char *fmt, ...) -{ - size_t ret; - va_list ap; - - va_start(ap, fmt); - ret = vsnprintf(str, count, fmt, ap); - va_end(ap); - return ret; -} - -int -main(void) -{ - char b[5]; - char *src; - - snprintf(b,5,"123456789"); - if (b[4] != '\0') - fail("snprintf does not correctly terminate long strings"); - - /* check for read overrun on unterminated string */ - if ((src = malloc(BUFSZ)) == NULL) { - fail("malloc failed"); - } else { - memset(src, 'a', BUFSZ); - snprintf(b, sizeof(b), "%.*s", 1, src); - if (strcmp(b, "a") != 0) - fail("failed with length limit '%%.s'"); - } - - /* check that snprintf and vsnprintf return sane values */ - if (snprintf(b, 1, "%s %d", "hello", 12345) != 11) - fail("snprintf does not return required length"); - if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11) - fail("vsnprintf does not return required length"); - - return failed; -} diff --git a/crypto/openssh/openbsd-compat/regress/strduptest.c b/crypto/openssh/openbsd-compat/regress/strduptest.c deleted file mode 100644 index 7f6d779..0000000 --- a/crypto/openssh/openbsd-compat/regress/strduptest.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2005 Darren Tucker - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <stdlib.h> -#include <string.h> - -static int fail = 0; - -void -test(const char *a) -{ - char *b; - - b = strdup(a); - if (b == 0) { - fail = 1; - return; - } - if (strcmp(a, b) != 0) - fail = 1; - free(b); -} - -int -main(void) -{ - test(""); - test("a"); - test("\0"); - test("abcdefghijklmnopqrstuvwxyz"); - return fail; -} diff --git a/crypto/openssh/openbsd-compat/regress/strtonumtest.c b/crypto/openssh/openbsd-compat/regress/strtonumtest.c deleted file mode 100644 index cb85851..0000000 --- a/crypto/openssh/openbsd-compat/regress/strtonumtest.c +++ /dev/null @@ -1,66 +0,0 @@ -/* $OpenBSD: strtonumtest.c,v 1.1 2004/08/03 20:38:36 otto Exp $ */ -/* - * Copyright (c) 2004 Otto Moerbeek <otto@drijf.net> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */ - -#include <limits.h> -#include <stdio.h> -#include <stdlib.h> - -int fail; - -void -test(const char *p, long long lb, long long ub, int ok) -{ - long long val; - const char *q; - - val = strtonum(p, lb, ub, &q); - if (ok && q != NULL) { - fprintf(stderr, "%s [%lld-%lld] ", p, lb, ub); - fprintf(stderr, "NUMBER NOT ACCEPTED %s\n", q); - fail = 1; - } else if (!ok && q == NULL) { - fprintf(stderr, "%s [%lld-%lld] %lld ", p, lb, ub, val); - fprintf(stderr, "NUMBER ACCEPTED\n"); - fail = 1; - } -} - -int main(int argc, char *argv[]) -{ - test("1", 0, 10, 1); - test("0", -2, 5, 1); - test("0", 2, 5, 0); - test("0", 2, LLONG_MAX, 0); - test("-2", 0, LLONG_MAX, 0); - test("0", -5, LLONG_MAX, 1); - test("-3", -3, LLONG_MAX, 1); - test("-9223372036854775808", LLONG_MIN, LLONG_MAX, 1); - test("9223372036854775807", LLONG_MIN, LLONG_MAX, 1); - test("-9223372036854775809", LLONG_MIN, LLONG_MAX, 0); - test("9223372036854775808", LLONG_MIN, LLONG_MAX, 0); - test("1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); - test("-1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); - test("-2", 10, -1, 0); - test("-2", -10, -1, 1); - test("-20", -10, -1, 0); - test("20", -10, -1, 0); - - return (fail); -} - diff --git a/crypto/openssh/openssh.xml.in b/crypto/openssh/openssh.xml.in deleted file mode 100644 index 655ee5c..0000000 --- a/crypto/openssh/openssh.xml.in +++ /dev/null @@ -1,87 +0,0 @@ -<?xml version='1.0'?> -<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> -<!-- - Copyright (c) 2006 Chad Mynhier. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ---> - -<service_bundle type='manifest' name='OpenSSH server'> - - <service - name='site/openssh' - type='service' - version='1'> - - <create_default_instance enabled='false'/> - - <single_instance/> - - <dependency - name='filesystem-local' - grouping='require_all' - restart_on='none' - type='service'> - <service_fmri value='svc:/system/filesystem/local'/> - </dependency> - - <dependency - name='network' - grouping='require_all' - restart_on='none' - type='service'> - <service_fmri value='svc:/milestone/network'/> - </dependency> - - <dependent - name='multi-user-server' - restart_on='none' - grouping='optional_all'> - <service_fmri value='svc:/milestone/multi-user-server'/> - </dependent> - - <exec_method - name='start' - type='method' - exec='/lib/svc/method/site/opensshd start' - timeout_seconds='60'> - <method_context/> - </exec_method> - - <exec_method - name='stop' - type='method' - exec=':kill' - timeout_seconds='60'> - <method_context/> - </exec_method> - - <property_group - name='startd' - type='framework'> - <propval name='ignore_error' type='astring' value='core,signal'/> - </property_group> - - <template> - <common_name> - <loctext xml:lang='C'>OpenSSH server</loctext> - </common_name> - <documentation> - <manpage - title='sshd' - section='1M' - manpath='@prefix@/man'/> - </documentation> - </template> - </service> -</service_bundle> diff --git a/crypto/openssh/opensshd.init.in b/crypto/openssh/opensshd.init.in deleted file mode 100755 index c36c5c8..0000000 --- a/crypto/openssh/opensshd.init.in +++ /dev/null @@ -1,82 +0,0 @@ -#!@STARTUP_SCRIPT_SHELL@ -# Donated code that was put under PD license. -# -# Stripped PRNGd out of it for the time being. - -umask 022 - -CAT=@CAT@ -KILL=@KILL@ - -prefix=@prefix@ -sysconfdir=@sysconfdir@ -piddir=@piddir@ - -SSHD=$prefix/sbin/sshd -PIDFILE=$piddir/sshd.pid -SSH_KEYGEN=$prefix/bin/ssh-keygen -HOST_KEY_RSA1=$sysconfdir/ssh_host_key -HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key -HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key - - -checkkeys() { - if [ ! -f $HOST_KEY_RSA1 ]; then - ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" - fi - if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" - fi - if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" - fi -} - -stop_service() { - if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then - PID=`${CAT} ${PIDFILE}` - fi - if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then - ${KILL} ${PID} - else - echo "Unable to read PID file" - fi -} - -start_service() { - # XXX We really should check if the service is already going, but - # XXX we will opt out at this time. - Bal - - # Check to see if we have keys that need to be made - checkkeys - - # Start SSHD - echo "starting $SSHD... \c" ; $SSHD - - sshd_rc=$? - if [ $sshd_rc -ne 0 ]; then - echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." - exit $sshd_rc - fi - echo done. -} - -case $1 in - -'start') - start_service - ;; - -'stop') - stop_service - ;; - -'restart') - stop_service - start_service - ;; - -*) - echo "$0: usage: $0 {start|stop|restart}" - ;; -esac diff --git a/crypto/openssh/regress/Makefile b/crypto/openssh/regress/Makefile deleted file mode 100644 index 5399563..0000000 --- a/crypto/openssh/regress/Makefile +++ /dev/null @@ -1,98 +0,0 @@ -# $OpenBSD: Makefile,v 1.42 2006/07/19 13:34:52 dtucker Exp $ - -REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec -tests: $(REGRESS_TARGETS) - -clean: - for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done -distclean: clean - -LTESTS= connect \ - proxy-connect \ - connect-privsep \ - proto-version \ - proto-mismatch \ - exit-status \ - envpass \ - transfer \ - banner \ - rekey \ - stderr-data \ - stderr-after-eof \ - broken-pipe \ - try-ciphers \ - yes-head \ - login-timeout \ - agent \ - agent-getpeereid \ - agent-timeout \ - agent-ptrace \ - keyscan \ - keygen-change \ - scp \ - sftp \ - sftp-cmds \ - sftp-badcmds \ - sftp-batch \ - sftp-glob \ - reconfigure \ - dynamic-forward \ - forwarding \ - multiplex \ - reexec \ - brokenkeys \ - cfgmatch \ - forcecommand - -USER!= id -un -CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ - authorized_keys_${USER} known_hosts pidfile \ - ssh_config sshd_config.orig ssh_proxy sshd_config sshd_proxy \ - rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ - rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ - ls.copy banner.in banner.out empty.in \ - scp-ssh-wrapper.scp ssh_proxy_envpass remote_pid \ - sshd_proxy_bak rsa_ssh2_cr.prv rsa_ssh2_crnl.prv - -#LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp - -t1: - ssh-keygen -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv - -t2: - cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out - chmod 600 $(OBJ)/t2.out - ssh-keygen -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub - -t3: - ssh-keygen -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/rsa_secsh.pub - ssh-keygen -if $(OBJ)/rsa_secsh.pub | diff - ${.CURDIR}/rsa_openssh.pub - rm -f ${.CURDIR}/rsa_secsh.pub - -t4: - ssh-keygen -lf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t4.ok - -t5: - ssh-keygen -Bf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t5.ok - -t6: - ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 - ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 - chmod 600 $(OBJ)/t6.out1 - ssh-keygen -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 - -$(OBJ)/t7.out: - ssh-keygen -q -t rsa -N '' -f $@ - -t7: $(OBJ)/t7.out - ssh-keygen -lf $(OBJ)/t7.out > /dev/null - ssh-keygen -Bf $(OBJ)/t7.out > /dev/null - -t-exec: ${LTESTS:=.sh} - @if [ "x$?" = "x" ]; then exit 0; fi; \ - for TEST in ""$?; do \ - echo "run test $${TEST}" ... 1>&2; \ - (env SUDO=${SUDO} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ - done diff --git a/crypto/openssh/regress/README.regress b/crypto/openssh/regress/README.regress deleted file mode 100644 index 5aaf734..0000000 --- a/crypto/openssh/regress/README.regress +++ /dev/null @@ -1,108 +0,0 @@ -Overview. - -$ ./configure && make tests - -You'll see some progress info. A failure will cause either the make to -abort or the driver script to report a "FATAL" failure. - -The test consists of 2 parts. The first is the file-based tests which is -driven by the Makefile, and the second is a set of network or proxycommand -based tests, which are driven by a driver script (test-exec.sh) which is -called multiple times by the Makefile. - -Failures in the first part will cause the Makefile to return an error. -Failures in the second part will print a "FATAL" message for the failed -test and continue. - -OpenBSD has a system-wide regression test suite. OpenSSH Portable's test -suite is based on OpenBSD's with modifications. - - -Environment variables. - -SUDO: path to sudo command, if desired. Note that some systems (notably - systems using PAM) require sudo to execute some tests. -TEST_SSH_TRACE: set to "yes" for verbose output from tests -TEST_SSH_QUIET: set to "yes" to suppress non-fatal output. -TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD - SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER -OBJ: used by test scripts to access build dir. -TEST_SHELL: shell used for running the test scripts. -TEST_SSH_PORT: TCP port to be used for the listening tests. -TEST_SSH_SSH_CONFOTPS: Configuration directives to be added to ssh_config - before running each test. -TEST_SSH_SSHD_CONFOTPS: Configuration directives to be added to sshd_config - before running each test. - - -Individual tests. - -You can run an individual test from the top-level Makefile, eg: -$ make tests LTESTS=agent-timeout - -If you need to manipulate the environment more you can invoke test-exec.sh -directly if you set up the path to find the binaries under test and the -test scripts themselves, for example: - -$ cd regress -$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \ - agent-timeout.sh -ok agent timeout test - - -Files. - -test-exec.sh: the main test driver. Sets environment, creates config files -and keys and runs the specified test. - -At the time of writing, the individual tests are: -agent-timeout.sh: agent timeout test -agent.sh: simple agent test -broken-pipe.sh: broken pipe test -connect-privsep.sh: proxy connect with privsep -connect.sh: simple connect -exit-status.sh: remote exit status -forwarding.sh: local and remote forwarding -keygen-change.sh: change passphrase for key -keyscan.sh: keyscan -proto-mismatch.sh: protocol version mismatch -proto-version.sh: sshd version with different protocol combinations -proxy-connect.sh: proxy connect -sftp.sh: basic sftp put/get -ssh-com-client.sh: connect with ssh.com client -ssh-com-keygen.sh: ssh.com key import -ssh-com-sftp.sh: basic sftp put/get with ssh.com server -ssh-com.sh: connect to ssh.com server -stderr-after-eof.sh: stderr data after eof -stderr-data.sh: stderr data transfer -transfer.sh: transfer data -try-ciphers.sh: try ciphers -yes-head.sh: yes pipe head - - -Problems? - -Run the failing test with shell tracing (-x) turned on: -$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh - -Failed tests can be difficult to diagnose. Suggestions: -- run the individual test via ./test-exec.sh `pwd` [testname] -- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of - auth.debug (eg to /var/log/authlog). - - -Known Issues. - -- If your build requires ssh-rand-helper regress tests will fail - unless ssh-rand-helper is in pre-installed (the path to - ssh-rand-helper is hard coded). - -- Similarly, if you do not have "scp" in your system's $PATH then the - multiplex scp tests will fail (since the system's shell startup scripts - will determine where the shell started by sshd will look for scp). - -- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head - test to fail. The old behaviour can be restored by setting (and - exporting) _POSIX2_VERSION=199209 before running the tests. - -$Id: README.regress,v 1.10 2005/10/03 10:14:18 dtucker Exp $ diff --git a/crypto/openssh/regress/agent-getpeereid.sh b/crypto/openssh/regress/agent-getpeereid.sh deleted file mode 100644 index e5fcedd..0000000 --- a/crypto/openssh/regress/agent-getpeereid.sh +++ /dev/null @@ -1,45 +0,0 @@ -# $OpenBSD: agent-getpeereid.sh,v 1.3 2006/07/06 12:01:53 grunk Exp $ -# Placed in the Public Domain. - -tid="disallow agent attach from other uid" - -UNPRIV=nobody -ASOCK=${OBJ}/agent -SSH_AUTH_SOCK=/nonexistant - -if grep "#undef.*HAVE_GETPEEREID" ${BUILDDIR}/config.h >/dev/null 2>&1 -then - echo "skipped (not supported on this platform)" - exit 0 -fi -if [ -z "$SUDO" ]; then - echo "skipped: need SUDO to switch to uid $UNPRIV" - exit 0 -fi - - -trace "start agent" -eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null -r=$? -if [ $r -ne 0 ]; then - fail "could not start ssh-agent: exit code $r" -else - chmod 644 ${SSH_AUTH_SOCK} - - ssh-add -l > /dev/null 2>&1 - r=$? - if [ $r -ne 1 ]; then - fail "ssh-add failed with $r != 1" - fi - - < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 - r=$? - if [ $r -lt 2 ]; then - fail "ssh-add did not fail for ${UNPRIV}: $r < 2" - fi - - trace "kill agent" - ${SSHAGENT} -k > /dev/null -fi - -rm -f ${OBJ}/agent diff --git a/crypto/openssh/regress/agent-ptrace.sh b/crypto/openssh/regress/agent-ptrace.sh deleted file mode 100644 index 4de2638..0000000 --- a/crypto/openssh/regress/agent-ptrace.sh +++ /dev/null @@ -1,53 +0,0 @@ -# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $ -# Placed in the Public Domain. - -tid="disallow agent ptrace attach" - -if have_prog uname ; then - case `uname` in - AIX|CYGWIN*|OSF1) - echo "skipped (not supported on this platform)" - exit 0 - ;; - esac -fi - -if have_prog gdb ; then - : ok -else - echo "skipped (gdb not found)" - exit 0 -fi - -if test -z "$SUDO" ; then - echo "skipped (SUDO not set)" - exit 0 -else - $SUDO chown 0 ${SSHAGENT} - $SUDO chgrp 0 ${SSHAGENT} - $SUDO chmod 2755 ${SSHAGENT} -fi - -trace "start agent" -eval `${SSHAGENT} -s` > /dev/null -r=$? -if [ $r -ne 0 ]; then - fail "could not start ssh-agent: exit code $r" -else - # ls -l ${SSH_AUTH_SOCK} - gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF - quit -EOF - if [ $? -ne 0 ]; then - fail "gdb failed: exit code $?" - fi - egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out - r=$? - rm -f ${OBJ}/gdb.out - if [ $r -ne 0 ]; then - fail "ptrace succeeded?: exit code $r" - fi - - trace "kill agent" - ${SSHAGENT} -k > /dev/null -fi diff --git a/crypto/openssh/regress/agent-timeout.sh b/crypto/openssh/regress/agent-timeout.sh deleted file mode 100644 index 3a40e7a..0000000 --- a/crypto/openssh/regress/agent-timeout.sh +++ /dev/null @@ -1,36 +0,0 @@ -# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $ -# Placed in the Public Domain. - -tid="agent timeout test" - -SSHAGENT_TIMEOUT=10 - -trace "start agent" -eval `${SSHAGENT} -s` > /dev/null -r=$? -if [ $r -ne 0 ]; then - fail "could not start ssh-agent: exit code $r" -else - trace "add keys with timeout" - for t in rsa rsa1; do - ${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add did succeed exit code 0" - fi - done - n=`${SSHADD} -l 2> /dev/null | wc -l` - trace "agent has $n keys" - if [ $n -ne 2 ]; then - fail "ssh-add -l did not return 2 keys: $n" - fi - trace "sleeping 2*${SSHAGENT_TIMEOUT} seconds" - sleep ${SSHAGENT_TIMEOUT} - sleep ${SSHAGENT_TIMEOUT} - ${SSHADD} -l 2> /dev/null | grep 'The agent has no identities.' >/dev/null - if [ $? -ne 0 ]; then - fail "ssh-add -l still returns keys after timeout" - fi - - trace "kill agent" - ${SSHAGENT} -k > /dev/null -fi diff --git a/crypto/openssh/regress/agent.sh b/crypto/openssh/regress/agent.sh deleted file mode 100644 index b344877..0000000 --- a/crypto/openssh/regress/agent.sh +++ /dev/null @@ -1,75 +0,0 @@ -# $OpenBSD: agent.sh,v 1.6 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="simple agent test" - -SSH_AUTH_SOCK=/nonexistant ${SSHADD} -l > /dev/null 2>&1 -if [ $? -ne 2 ]; then - fail "ssh-add -l did not fail with exit code 2" -fi - -trace "start agent" -eval `${SSHAGENT} -s` > /dev/null -r=$? -if [ $r -ne 0 ]; then - fail "could not start ssh-agent: exit code $r" -else - ${SSHADD} -l > /dev/null 2>&1 - if [ $? -ne 1 ]; then - fail "ssh-add -l did not fail with exit code 1" - fi - trace "overwrite authorized keys" - echon > $OBJ/authorized_keys_$USER - for t in rsa rsa1; do - # generate user key for agent - rm -f $OBJ/$t-agent - ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t-agent ||\ - fail "ssh-keygen for $t-agent failed" - # add to authorized keys - cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER - # add privat key to agent - ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add did succeed exit code 0" - fi - done - ${SSHADD} -l > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add -l failed: exit code $?" - fi - # the same for full pubkey output - ${SSHADD} -L > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add -L failed: exit code $?" - fi - - trace "simple connect via agent" - for p in 1 2; do - ${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p - if [ $? -ne 5$p ]; then - fail "ssh connect with protocol $p failed (exit code $?)" - fi - done - - trace "agent forwarding" - for p in 1 2; do - ${SSH} -A -$p -F $OBJ/ssh_proxy somehost ${SSHADD} -l > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add -l via agent fwd proto $p failed (exit code $?)" - fi - ${SSH} -A -$p -F $OBJ/ssh_proxy somehost \ - "${SSH} -$p -F $OBJ/ssh_proxy somehost exit 5$p" - if [ $? -ne 5$p ]; then - fail "agent fwd proto $p failed (exit code $?)" - fi - done - - trace "delete all agent keys" - ${SSHADD} -D > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "ssh-add -D failed: exit code $?" - fi - - trace "kill agent" - ${SSHAGENT} -k > /dev/null -fi diff --git a/crypto/openssh/regress/banner.sh b/crypto/openssh/regress/banner.sh deleted file mode 100644 index 0b9c950..0000000 --- a/crypto/openssh/regress/banner.sh +++ /dev/null @@ -1,44 +0,0 @@ -# $OpenBSD: banner.sh,v 1.2 2003/10/11 11:49:49 dtucker Exp $ -# Placed in the Public Domain. - -tid="banner" -echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy - -rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in -touch $OBJ/empty.in - -trace "test missing banner file" -verbose "test $tid: missing banner file" -( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ - cmp $OBJ/empty.in $OBJ/banner.out ) || \ - fail "missing banner file" - -for s in 0 10 100 1000 10000 100000 ; do - if [ "$s" = "0" ]; then - # create empty banner - touch $OBJ/banner.in - elif [ "$s" = "10" ]; then - # create 10-byte banner file - echo "abcdefghi" >$OBJ/banner.in - else - # increase size 10x - cp $OBJ/banner.in $OBJ/banner.out - for i in 0 1 2 3 4 5 6 7 8 ; do - cat $OBJ/banner.out >> $OBJ/banner.in - done - fi - - trace "test banner size $s" - verbose "test $tid: size $s" - ( ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ - cmp $OBJ/banner.in $OBJ/banner.out ) || \ - fail "banner size $s mismatch" -done - -trace "test suppress banner (-q)" -verbose "test $tid: suppress banner (-q)" -( ${SSH} -q -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \ - cmp $OBJ/empty.in $OBJ/banner.out ) || \ - fail "suppress banner (-q)" - -rm -f $OBJ/banner.out $OBJ/banner.in $OBJ/empty.in diff --git a/crypto/openssh/regress/broken-pipe.sh b/crypto/openssh/regress/broken-pipe.sh deleted file mode 100644 index c08c849..0000000 --- a/crypto/openssh/regress/broken-pipe.sh +++ /dev/null @@ -1,15 +0,0 @@ -# $OpenBSD: broken-pipe.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="broken pipe test" - -for p in 1 2; do - trace "protocol $p" - for i in 1 2 3 4; do - ${SSH} -$p -F $OBJ/ssh_config_config nexthost echo $i 2> /dev/null | true - r=$? - if [ $r -ne 0 ]; then - fail "broken pipe returns $r for protocol $p" - fi - done -done diff --git a/crypto/openssh/regress/brokenkeys.sh b/crypto/openssh/regress/brokenkeys.sh deleted file mode 100644 index 3e70c34..0000000 --- a/crypto/openssh/regress/brokenkeys.sh +++ /dev/null @@ -1,23 +0,0 @@ -# $OpenBSD: brokenkeys.sh,v 1.1 2004/10/29 23:59:22 djm Exp $ -# Placed in the Public Domain. - -tid="broken keys" - -KEYS="$OBJ/authorized_keys_${USER}" - -start_sshd - -mv ${KEYS} ${KEYS}.bak - -# Truncated key -echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEABTM= bad key" > $KEYS -cat ${KEYS}.bak >> ${KEYS} -cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER - -${SSH} -2 -F $OBJ/ssh_config somehost true -if [ $? -ne 0 ]; then - fail "ssh connect with protocol $p failed" -fi - -mv ${KEYS}.bak ${KEYS} - diff --git a/crypto/openssh/regress/bsd.regress.mk b/crypto/openssh/regress/bsd.regress.mk deleted file mode 100644 index 9b8011a..0000000 --- a/crypto/openssh/regress/bsd.regress.mk +++ /dev/null @@ -1,79 +0,0 @@ -# $OpenBSD: bsd.regress.mk,v 1.9 2002/02/17 01:10:15 marc Exp $ -# No man pages for regression tests. -NOMAN= - -# No installation. -install: - -# If REGRESSTARGETS is defined and PROG is not defined, set NOPROG -.if defined(REGRESSTARGETS) && !defined(PROG) -NOPROG= -.endif - -.include <bsd.prog.mk> - -.MAIN: all -all: regress - -# XXX - Need full path to REGRESSLOG, otherwise there will be much pain. - -REGRESSLOG?=/dev/null -REGRESSNAME=${.CURDIR:S/${BSDSRCDIR}\/regress\///} - -.if defined(PROG) && !empty(PROG) -run-regress-${PROG}: ${PROG} - ./${PROG} -.endif - -.if !defined(REGRESSTARGETS) -REGRESSTARGETS=run-regress-${PROG} -. if defined(REGRESSSKIP) -REGRESSSKIPTARGETS=run-regress-${PROG} -. endif -.endif - -REGRESSSKIPSLOW?=no - -#.if (${REGRESSSKIPSLOW:L} == "yes") && defined(REGRESSSLOWTARGETS) - -.if (${REGRESSSKIPSLOW} == "yes") && defined(REGRESSSLOWTARGETS) -REGRESSSKIPTARGETS+=${REGRESSSLOWTARGETS} -.endif - -.if defined(REGRESSROOTTARGETS) -ROOTUSER!=id -g -SUDO?= -. if (${ROOTUSER} != 0) && empty(SUDO) -REGRESSSKIPTARGETS+=${REGRESSROOTTARGETS} -. endif -.endif - -REGRESSSKIPTARGETS?= - -regress: -.for RT in ${REGRESSTARGETS} -. if ${REGRESSSKIPTARGETS:M${RT}} - @echo -n "SKIP " >> ${REGRESSLOG} -. else -# XXX - we need a better method to see if a test fails due to timeout or just -# normal failure. -. if !defined(REGRESSMAXTIME) - @if cd ${.CURDIR} && ${MAKE} ${RT}; then \ - echo -n "SUCCESS " >> ${REGRESSLOG} ; \ - else \ - echo -n "FAIL " >> ${REGRESSLOG} ; \ - echo FAILED ; \ - fi -. else - @if cd ${.CURDIR} && (ulimit -t ${REGRESSMAXTIME} ; ${MAKE} ${RT}); then \ - echo -n "SUCCESS " >> ${REGRESSLOG} ; \ - else \ - echo -n "FAIL (possible timeout) " >> ${REGRESSLOG} ; \ - echo FAILED ; \ - fi -. endif -. endif - @echo ${REGRESSNAME}/${RT:S/^run-regress-//} >> ${REGRESSLOG} -.endfor - -.PHONY: regress diff --git a/crypto/openssh/regress/cfgmatch.sh b/crypto/openssh/regress/cfgmatch.sh deleted file mode 100644 index d987dcb..0000000 --- a/crypto/openssh/regress/cfgmatch.sh +++ /dev/null @@ -1,106 +0,0 @@ -# $OpenBSD: cfgmatch.sh,v 1.2 2006/07/22 01:50:00 dtucker Exp $ -# Placed in the Public Domain. - -tid="sshd_config match" - -pidfile=$OBJ/remote_pid -fwdport=3301 -fwd="-L $fwdport:127.0.0.1:$PORT" - -stop_client() -{ - pid=`cat $pidfile` - if [ ! -z "$pid" ]; then - kill $pid - sleep 1 - fi -} - -cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak - -echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config -echo "Match Address 127.0.0.1" >>$OBJ/sshd_config -echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config - -echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy -echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy -echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy - -start_sshd - -#set -x - -# Test Match + PermitOpen in sshd_config. This should be permitted -for p in 1 2; do - rm -f $pidfile - trace "match permitopen localhost proto $p" - ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ - "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ - fail "match permitopen proto $p sshd failed" - sleep 1; - ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ - fail "match permitopen permit proto $p" - stop_client -done - -# Same but from different source. This should not be permitted -for p in 1 2; do - rm -f $pidfile - trace "match permitopen proxy proto $p" - ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ - "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ - fail "match permitopen proxy proto $p sshd failed" - sleep 1; - ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ - fail "match permitopen deny proto $p" - stop_client -done - -# Retry previous with key option, should also be denied. -echo -n 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER -cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echo -n 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER -cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER -for p in 1 2; do - rm -f $pidfile - trace "match permitopen proxy w/key opts proto $p" - ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ - "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ - fail "match permitopen w/key opt proto $p sshd failed" - sleep 1; - ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ - fail "match permitopen deny w/key opt proto $p" - stop_client -done - -# Test both sshd_config and key options permitting the same dst/port pair. -# Should be permitted. -for p in 1 2; do - rm -f $pidfile - trace "match permitopen localhost proto $p" - ${SSH} -$p $fwd -F $OBJ/ssh_config -f somehost \ - "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ - fail "match permitopen proto $p sshd failed" - sleep 1; - ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \ - fail "match permitopen permit proto $p" - stop_client -done - -cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy -echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy -echo "Match User $USER" >>$OBJ/sshd_proxy -echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy - -# Test that a Match overrides a PermitOpen in the global section -for p in 1 2; do - rm -f $pidfile - trace "match permitopen proxy w/key opts proto $p" - ${SSH} -q -$p $fwd -F $OBJ/ssh_proxy -f somehost \ - "echo \$\$ > $pidfile; exec sleep 100" >>$TEST_SSH_LOGFILE 2>&1 ||\ - fail "match override permitopen proto $p sshd failed" - sleep 1; - ${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true && \ - fail "match override permitopen proto $p" - stop_client -done diff --git a/crypto/openssh/regress/cipher-speed.sh b/crypto/openssh/regress/cipher-speed.sh deleted file mode 100644 index 5925111..0000000 --- a/crypto/openssh/regress/cipher-speed.sh +++ /dev/null @@ -1,47 +0,0 @@ -# $OpenBSD: cipher-speed.sh,v 1.2 2005/05/24 04:09:54 djm Exp $ -# Placed in the Public Domain. - -tid="cipher speed" - -getbytes () -{ - sed -n '/transferred/s/.*secs (\(.* bytes.sec\).*/\1/p' -} - -tries="1 2" -DATA=/bin/ls -DATA=/bsd - -macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" -ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc - arcfour128 arcfour256 arcfour aes192-cbc aes256-cbc aes128-ctr" - -for c in $ciphers; do for m in $macs; do - trace "proto 2 cipher $c mac $m" - for x in $tries; do - echo -n "$c/$m:\t" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ - exec sh -c \'"dd of=/dev/null obs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - - if [ $? -ne 0 ]; then - fail "ssh -2 failed with mac $m cipher $c" - fi - done -done; done - -ciphers="3des blowfish" -for c in $ciphers; do - trace "proto 1 cipher $c" - for x in $tries; do - echo -n "$c:\t" - ( ${SSH} -o 'compression no' \ - -F $OBJ/ssh_proxy -1 -c $c somehost \ - exec sh -c \'"dd of=/dev/null obs=32k"\' \ - < ${DATA} ) 2>&1 | getbytes - if [ $? -ne 0 ]; then - fail "ssh -1 failed with cipher $c" - fi - done -done diff --git a/crypto/openssh/regress/connect-privsep.sh b/crypto/openssh/regress/connect-privsep.sh deleted file mode 100644 index d23cadb..0000000 --- a/crypto/openssh/regress/connect-privsep.sh +++ /dev/null @@ -1,13 +0,0 @@ -# $OpenBSD: connect-privsep.sh,v 1.1 2002/03/21 21:45:07 markus Exp $ -# Placed in the Public Domain. - -tid="proxy connect with privsep" - -echo 'UsePrivilegeSeparation yes' >> $OBJ/sshd_proxy - -for p in 1 2; do - ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true - if [ $? -ne 0 ]; then - fail "ssh privsep+proxyconnect protocol $p failed" - fi -done diff --git a/crypto/openssh/regress/connect.sh b/crypto/openssh/regress/connect.sh deleted file mode 100644 index 2186fa6..0000000 --- a/crypto/openssh/regress/connect.sh +++ /dev/null @@ -1,13 +0,0 @@ -# $OpenBSD: connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="simple connect" - -start_sshd - -for p in 1 2; do - ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true - if [ $? -ne 0 ]; then - fail "ssh connect with protocol $p failed" - fi -done diff --git a/crypto/openssh/regress/copy.1 b/crypto/openssh/regress/copy.1 Binary files differdeleted file mode 100755 index 92d4d20..0000000 --- a/crypto/openssh/regress/copy.1 +++ /dev/null diff --git a/crypto/openssh/regress/copy.2 b/crypto/openssh/regress/copy.2 Binary files differdeleted file mode 100755 index 92d4d20..0000000 --- a/crypto/openssh/regress/copy.2 +++ /dev/null diff --git a/crypto/openssh/regress/dsa_ssh2.prv b/crypto/openssh/regress/dsa_ssh2.prv deleted file mode 100644 index c93b403..0000000 --- a/crypto/openssh/regress/dsa_ssh2.prv +++ /dev/null @@ -1,14 +0,0 @@ ----- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- -Subject: ssh-keygen test -Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100" -P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA -AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR -Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg -x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv -MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt -F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1 -kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik -ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6 -75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV -zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A== ----- END SSH2 ENCRYPTED PRIVATE KEY ---- diff --git a/crypto/openssh/regress/dsa_ssh2.pub b/crypto/openssh/regress/dsa_ssh2.pub deleted file mode 100644 index 215d73ba..0000000 --- a/crypto/openssh/regress/dsa_ssh2.pub +++ /dev/null @@ -1,13 +0,0 @@ ----- BEGIN SSH2 PUBLIC KEY ---- -Subject: ssh-keygen test -Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100" -AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8 -NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l -ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo -0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE -MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk -JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC -eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv -JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1 -ixaVivLt8RgTwGF99uI= ----- END SSH2 PUBLIC KEY ---- diff --git a/crypto/openssh/regress/dynamic-forward.sh b/crypto/openssh/regress/dynamic-forward.sh deleted file mode 100644 index 4674a7b..0000000 --- a/crypto/openssh/regress/dynamic-forward.sh +++ /dev/null @@ -1,50 +0,0 @@ -# $OpenBSD: dynamic-forward.sh,v 1.4 2004/06/22 22:55:56 dtucker Exp $ -# Placed in the Public Domain. - -tid="dynamic forwarding" - -FWDPORT=`expr $PORT + 1` - -DATA=/bin/ls${EXEEXT} - -if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then - proxycmd="nc -x 127.0.0.1:$FWDPORT -X" -elif have_prog connect; then - proxycmd="connect -S 127.0.0.1:$FWDPORT -" -else - echo "skipped (no suitable ProxyCommand found)" - exit 0 -fi -trace "will use ProxyCommand $proxycmd" - -start_sshd - -for p in 1 2; do - trace "start dynamic forwarding, fork to background" - ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q somehost \ - exec sh -c \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' - - for s in 4 5; do - for h in 127.0.0.1 localhost; do - trace "testing ssh protocol $p socks version $s host $h" - ${SSH} -F $OBJ/ssh_config \ - -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ - somehost cat $DATA > $OBJ/ls.copy - test -f $OBJ/ls.copy || fail "failed copy $DATA" - cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA" - done - done - - if [ -f $OBJ/remote_pid ]; then - remote=`cat $OBJ/remote_pid` - trace "terminate remote shell, pid $remote" - if [ $remote -gt 1 ]; then - kill -HUP $remote - fi - else - fail "no pid file: $OBJ/remote_pid" - fi - - # Must allow time for connection tear-down - sleep 2 -done diff --git a/crypto/openssh/regress/envpass.sh b/crypto/openssh/regress/envpass.sh deleted file mode 100644 index af7eafe..0000000 --- a/crypto/openssh/regress/envpass.sh +++ /dev/null @@ -1,60 +0,0 @@ -# $OpenBSD: envpass.sh,v 1.4 2005/03/04 08:48:46 djm Exp $ -# Placed in the Public Domain. - -tid="environment passing" - -# NB accepted env vars are in test-exec.sh (_XXX_TEST_* and _XXX_TEST) - -# Prepare a custom config to test for a configuration parsing bug fixed in 4.0 -cat << EOF > $OBJ/ssh_proxy_envpass -Host test-sendenv-confparse-bug - SendEnv * -EOF -cat $OBJ/ssh_proxy >> $OBJ/ssh_proxy_envpass - -trace "pass env, don't accept" -verbose "test $tid: pass env, don't accept" -_TEST_ENV=blah ${SSH} -oSendEnv="*" -F $OBJ/ssh_proxy_envpass otherhost \ - sh << 'EOF' - test -z "$_TEST_ENV" -EOF -r=$? -if [ $r -ne 0 ]; then - fail "environment found" -fi - -trace "don't pass env, accept" -verbose "test $tid: don't pass env, accept" -_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -F $OBJ/ssh_proxy_envpass otherhost \ - sh << 'EOF' - test -z "$_XXX_TEST_A" && test -z "$_XXX_TEST_B" -EOF -r=$? -if [ $r -ne 0 ]; then - fail "environment found" -fi - -trace "pass single env, accept single env" -verbose "test $tid: pass single env, accept single env" -_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -F $OBJ/ssh_proxy_envpass \ - otherhost sh << 'EOF' - test X"$_XXX_TEST" = X"blah" -EOF -r=$? -if [ $r -ne 0 ]; then - fail "environment not found" -fi - -trace "pass multiple env, accept multiple env" -verbose "test $tid: pass multiple env, accept multiple env" -_XXX_TEST_A=1 _XXX_TEST_B=2 ${SSH} -oSendEnv="_XXX_TEST_*" \ - -F $OBJ/ssh_proxy_envpass otherhost \ - sh << 'EOF' - test X"$_XXX_TEST_A" = X"1" -a X"$_XXX_TEST_B" = X"2" -EOF -r=$? -if [ $r -ne 0 ]; then - fail "environment not found" -fi - -rm -f $OBJ/ssh_proxy_envpass diff --git a/crypto/openssh/regress/exit-status.sh b/crypto/openssh/regress/exit-status.sh deleted file mode 100644 index 56b78a6..0000000 --- a/crypto/openssh/regress/exit-status.sh +++ /dev/null @@ -1,24 +0,0 @@ -# $OpenBSD: exit-status.sh,v 1.6 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="remote exit status" - -for p in 1 2; do - for s in 0 1 4 5 44; do - trace "proto $p status $s" - verbose "test $tid: proto $p status $s" - ${SSH} -$p -F $OBJ/ssh_proxy otherhost exit $s - r=$? - if [ $r -ne $s ]; then - fail "exit code mismatch for protocol $p: $r != $s" - fi - - # same with early close of stdout/err - ${SSH} -$p -F $OBJ/ssh_proxy -n otherhost \ - exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' - r=$? - if [ $r -ne $s ]; then - fail "exit code (with sleep) mismatch for protocol $p: $r != $s" - fi - done -done diff --git a/crypto/openssh/regress/forcecommand.sh b/crypto/openssh/regress/forcecommand.sh deleted file mode 100644 index 99e51a6..0000000 --- a/crypto/openssh/regress/forcecommand.sh +++ /dev/null @@ -1,42 +0,0 @@ -# $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $ -# Placed in the Public Domain. - -tid="forced command" - -cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak - -echon 'command="true" ' >$OBJ/authorized_keys_$USER -cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echon 'command="true" ' >>$OBJ/authorized_keys_$USER -cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER - -for p in 1 2; do - trace "forced command in key option proto $p" - ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || - fail "forced command in key proto $p" -done - -echon 'command="false" ' >$OBJ/authorized_keys_$USER -cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER -echon 'command="false" ' >>$OBJ/authorized_keys_$USER -cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER - -cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy -echo "ForceCommand true" >> $OBJ/sshd_proxy - -for p in 1 2; do - trace "forced command in sshd_config overrides key option proto $p" - ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || - fail "forced command in key proto $p" -done - -cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy -echo "ForceCommand false" >> $OBJ/sshd_proxy -echo "Match User $USER" >> $OBJ/sshd_proxy -echo " ForceCommand true" >> $OBJ/sshd_proxy - -for p in 1 2; do - trace "forced command with match proto $p" - ${SSH} -$p -F $OBJ/ssh_proxy somehost false \ || - fail "forced command in key proto $p" -done diff --git a/crypto/openssh/regress/forwarding.sh b/crypto/openssh/regress/forwarding.sh deleted file mode 100644 index 9ffbb3d..0000000 --- a/crypto/openssh/regress/forwarding.sh +++ /dev/null @@ -1,95 +0,0 @@ -# $OpenBSD: forwarding.sh,v 1.6 2006/07/11 18:51:21 markus Exp $ -# Placed in the Public Domain. - -tid="local and remote forwarding" -DATA=/bin/ls${EXEEXT} - -start_sshd - -base=33 -last=$PORT -fwd="" -for j in 0 1 2; do - for i in 0 1 2; do - a=$base$j$i - b=`expr $a + 50` - c=$last - # fwd chain: $a -> $b -> $c - fwd="$fwd -L$a:127.0.0.1:$b -R$b:127.0.0.1:$c" - last=$a - done -done -for p in 1 2; do - q=`expr 3 - $p` - trace "start forwarding, fork to background" - ${SSH} -$p -F $OBJ/ssh_config -f $fwd somehost sleep 10 - - trace "transfer over forwarded channels and check result" - ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ - somehost cat $DATA > $OBJ/ls.copy - test -f $OBJ/ls.copy || fail "failed copy $DATA" - cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA" - - sleep 10 -done - -for p in 1 2; do -for d in L R; do - trace "exit on -$d forward failure, proto $p" - - # this one should succeed - ${SSH} -$p -F $OBJ/ssh_config \ - -$d ${base}01:127.0.0.1:$PORT \ - -$d ${base}02:127.0.0.1:$PORT \ - -$d ${base}03:127.0.0.1:$PORT \ - -$d ${base}04:127.0.0.1:$PORT \ - -oExitOnForwardFailure=yes somehost true - if [ $? != 0 ]; then - fail "connection failed, should not" - else - # this one should fail - ${SSH} -q -$p -F $OBJ/ssh_config \ - -$d ${base}01:127.0.0.1:$PORT \ - -$d ${base}02:127.0.0.1:$PORT \ - -$d ${base}03:127.0.0.1:$PORT \ - -$d ${base}01:127.0.0.1:$PORT \ - -$d ${base}04:127.0.0.1:$PORT \ - -oExitOnForwardFailure=yes somehost true - r=$? - if [ $r != 255 ]; then - fail "connection not termintated, but should ($r)" - fi - fi -done -done - -for p in 1 2; do - trace "simple clear forwarding proto $p" - ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true - - trace "clear local forward proto $p" - ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \ - -oClearAllForwardings=yes somehost sleep 10 - if [ $? != 0 ]; then - fail "connection failed with cleared local forwarding" - else - # this one should fail - ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ - 2>${TEST_SSH_LOGFILE} && \ - fail "local forwarding not cleared" - fi - sleep 10 - - trace "clear remote forward proto $p" - ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \ - -oClearAllForwardings=yes somehost sleep 10 - if [ $? != 0 ]; then - fail "connection failed with cleared remote forwarding" - else - # this one should fail - ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ - 2>${TEST_SSH_LOGFILE} && \ - fail "remote forwarding not cleared" - fi - sleep 10 -done diff --git a/crypto/openssh/regress/keygen-change.sh b/crypto/openssh/regress/keygen-change.sh deleted file mode 100644 index 08d3590..0000000 --- a/crypto/openssh/regress/keygen-change.sh +++ /dev/null @@ -1,23 +0,0 @@ -# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $ -# Placed in the Public Domain. - -tid="change passphrase for key" - -S1="secret1" -S2="2secret" - -for t in rsa dsa rsa1; do - # generate user key for agent - trace "generating $t key" - rm -f $OBJ/$t-key - ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key - if [ $? -eq 0 ]; then - ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null - if [ $? -ne 0 ]; then - fail "ssh-keygen -p failed for $t-key" - fi - else - fail "ssh-keygen for $t-key failed" - fi - rm -f $OBJ/$t-key $OBJ/$t-key.pub -done diff --git a/crypto/openssh/regress/keyscan.sh b/crypto/openssh/regress/keyscan.sh deleted file mode 100644 index 33f14f0..0000000 --- a/crypto/openssh/regress/keyscan.sh +++ /dev/null @@ -1,19 +0,0 @@ -# $OpenBSD: keyscan.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="keyscan" - -# remove DSA hostkey -rm -f ${OBJ}/host.dsa - -start_sshd - -for t in rsa1 rsa dsa; do - trace "keyscan type $t" - ${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \ - > /dev/null 2>&1 - r=$? - if [ $r -ne 0 ]; then - fail "ssh-keyscan -t $t failed with: $r" - fi -done diff --git a/crypto/openssh/regress/login-timeout.sh b/crypto/openssh/regress/login-timeout.sh deleted file mode 100644 index 15a887f..0000000 --- a/crypto/openssh/regress/login-timeout.sh +++ /dev/null @@ -1,29 +0,0 @@ -# $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $ -# Placed in the Public Domain. - -tid="connect after login grace timeout" - -trace "test login grace with privsep" -echo "LoginGraceTime 10s" >> $OBJ/sshd_config -echo "MaxStartups 1" >> $OBJ/sshd_config -start_sshd - -(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & -sleep 15 -${SSH} -F $OBJ/ssh_config somehost true -if [ $? -ne 0 ]; then - fail "ssh connect after login grace timeout failed with privsep" -fi - -$SUDO kill `cat $PIDFILE` - -trace "test login grace without privsep" -echo "UsePrivilegeSeparation no" >> $OBJ/sshd_config -start_sshd - -(echo SSH-2.0-fake; sleep 60) | telnet 127.0.0.1 ${PORT} >/dev/null 2>&1 & -sleep 15 -${SSH} -F $OBJ/ssh_config somehost true -if [ $? -ne 0 ]; then - fail "ssh connect after login grace timeout failed without privsep" -fi diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh deleted file mode 100644 index 4fba7b5..0000000 --- a/crypto/openssh/regress/multiplex.sh +++ /dev/null @@ -1,92 +0,0 @@ -# $OpenBSD: multiplex.sh,v 1.11 2005/04/25 09:54:09 dtucker Exp $ -# Placed in the Public Domain. - -CTL=/tmp/openssh.regress.ctl-sock.$$ - -tid="connection multiplexing" - -if grep "#define.*DISABLE_FD_PASSING" ${BUILDDIR}/config.h >/dev/null 2>&1 -then - echo "skipped (not supported on this platform)" - exit 0 -fi - -DATA=/bin/ls${EXEEXT} -COPY=$OBJ/ls.copy -LOG=$TEST_SSH_LOGFILE - -start_sshd - -trace "start master, fork to background" -${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & -MASTER_PID=$! - -# Wait for master to start and authenticate -sleep 5 - -verbose "test $tid: envpass" -trace "env passing over multiplexed connection" -_XXX_TEST=blah ${SSH} -oSendEnv="_XXX_TEST" -S$CTL otherhost sh << 'EOF' - test X"$_XXX_TEST" = X"blah" -EOF -if [ $? -ne 0 ]; then - fail "environment not found" -fi - -verbose "test $tid: transfer" -rm -f ${COPY} -trace "ssh transfer over multiplexed connection and check result" -${SSH} -S$CTL otherhost cat ${DATA} > ${COPY} -test -f ${COPY} || fail "ssh -Sctl: failed copy ${DATA}" -cmp ${DATA} ${COPY} || fail "ssh -Sctl: corrupted copy of ${DATA}" - -rm -f ${COPY} -trace "ssh transfer over multiplexed connection and check result" -${SSH} -S $CTL otherhost cat ${DATA} > ${COPY} -test -f ${COPY} || fail "ssh -S ctl: failed copy ${DATA}" -cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" - -rm -f ${COPY} -trace "sftp transfer over multiplexed connection and check result" -echo "get ${DATA} ${COPY}" | \ - ${SFTP} -S ${SSH} -oControlPath=$CTL otherhost >$LOG 2>&1 -test -f ${COPY} || fail "sftp: failed copy ${DATA}" -cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" - -rm -f ${COPY} -trace "scp transfer over multiplexed connection and check result" -${SCP} -S ${SSH} -oControlPath=$CTL otherhost:${DATA} ${COPY} >$LOG 2>&1 -test -f ${COPY} || fail "scp: failed copy ${DATA}" -cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" - -rm -f ${COPY} - -for s in 0 1 4 5 44; do - trace "exit status $s over multiplexed connection" - verbose "test $tid: status $s" - ${SSH} -S $CTL otherhost exit $s - r=$? - if [ $r -ne $s ]; then - fail "exit code mismatch for protocol $p: $r != $s" - fi - - # same with early close of stdout/err - trace "exit status $s with early close over multiplexed connection" - ${SSH} -S $CTL -n otherhost \ - exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\' - r=$? - if [ $r -ne $s ]; then - fail "exit code (with sleep) mismatch for protocol $p: $r != $s" - fi -done - -trace "test check command" -${SSH} -S $CTL -Ocheck otherhost || fail "check command failed" - -trace "test exit command" -${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed" - -# Wait for master to exit -sleep 2 - -kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" diff --git a/crypto/openssh/regress/proto-mismatch.sh b/crypto/openssh/regress/proto-mismatch.sh deleted file mode 100644 index fb521f2..0000000 --- a/crypto/openssh/regress/proto-mismatch.sh +++ /dev/null @@ -1,19 +0,0 @@ -# $OpenBSD: proto-mismatch.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="protocol version mismatch" - -mismatch () -{ - server=$1 - client=$2 - banner=`echo ${client} | ${SSHD} -o "Protocol=${server}" -i -f ${OBJ}/sshd_proxy` - r=$? - trace "sshd prints ${banner}" - if [ $r -ne 255 ]; then - fail "sshd prints ${banner} and accepts connect with version ${client}" - fi -} - -mismatch 2 SSH-1.5-HALLO -mismatch 1 SSH-2.0-HALLO diff --git a/crypto/openssh/regress/proto-version.sh b/crypto/openssh/regress/proto-version.sh deleted file mode 100644 index 1651a69..0000000 --- a/crypto/openssh/regress/proto-version.sh +++ /dev/null @@ -1,34 +0,0 @@ -# $OpenBSD: proto-version.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="sshd version with different protocol combinations" - -# we just start sshd in inetd mode and check the banner -check_version () -{ - version=$1 - expect=$2 - banner=`echon | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` - case ${banner} in - SSH-1.99-*) - proto=199 - ;; - SSH-2.0-*) - proto=20 - ;; - SSH-1.5-*) - proto=15 - ;; - *) - proto=0 - ;; - esac - if [ ${expect} -ne ${proto} ]; then - fail "wrong protocol version ${banner} for ${version}" - fi -} - -check_version 2,1 199 -check_version 1,2 199 -check_version 2 20 -check_version 1 15 diff --git a/crypto/openssh/regress/proxy-connect.sh b/crypto/openssh/regress/proxy-connect.sh deleted file mode 100644 index 6a36b25..0000000 --- a/crypto/openssh/regress/proxy-connect.sh +++ /dev/null @@ -1,18 +0,0 @@ -# $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $ -# Placed in the Public Domain. - -tid="proxy connect" - -for p in 1 2; do - ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true - if [ $? -ne 0 ]; then - fail "ssh proxyconnect protocol $p failed" - fi - SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'` - if [ $? -ne 0 ]; then - fail "ssh proxyconnect protocol $p failed" - fi - if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then - fail "bad SSH_CONNECTION" - fi -done diff --git a/crypto/openssh/regress/reconfigure.sh b/crypto/openssh/regress/reconfigure.sh deleted file mode 100644 index 1daf29f..0000000 --- a/crypto/openssh/regress/reconfigure.sh +++ /dev/null @@ -1,36 +0,0 @@ -# $OpenBSD: reconfigure.sh,v 1.2 2003/06/21 09:14:05 markus Exp $ -# Placed in the Public Domain. - -tid="simple connect after reconfigure" - -# we need the full path to sshd for -HUP -case $SSHD in -/*) - # full path is OK - ;; -*) - # otherwise make fully qualified - SSHD=$OBJ/$SSHD -esac - -start_sshd - -PID=`cat $PIDFILE` -rm -f $PIDFILE -$SUDO kill -HUP $PID - -trace "wait for sshd to restart" -i=0; -while [ ! -f $PIDFILE -a $i -lt 10 ]; do - i=`expr $i + 1` - sleep $i -done - -test -f $PIDFILE || fatal "sshd did not restart" - -for p in 1 2; do - ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true - if [ $? -ne 0 ]; then - fail "ssh connect with protocol $p failed after reconfigure" - fi -done diff --git a/crypto/openssh/regress/reexec.sh b/crypto/openssh/regress/reexec.sh deleted file mode 100644 index 4f824a3..0000000 --- a/crypto/openssh/regress/reexec.sh +++ /dev/null @@ -1,72 +0,0 @@ -# $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $ -# Placed in the Public Domain. - -tid="reexec tests" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -SSHD_ORIG=$SSHD${EXEEXT} -SSHD_COPY=$OBJ/sshd${EXEEXT} - -# Start a sshd and then delete it -start_sshd_copy () -{ - cp $SSHD_ORIG $SSHD_COPY - SSHD=$SSHD_COPY - start_sshd - SSHD=$SSHD_ORIG -} - -# Do basic copy tests -copy_tests () -{ - rm -f ${COPY} - for p in 1 2; do - verbose "$tid: proto $p" - ${SSH} -nqo "Protocol=$p" -F $OBJ/ssh_config somehost \ - cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - rm -f ${COPY} - done -} - -verbose "test config passing" - -cp $OBJ/sshd_config $OBJ/sshd_config.orig -start_sshd -echo "InvalidXXX=no" >> $OBJ/sshd_config - -copy_tests - -$SUDO kill `cat $PIDFILE` -rm -f $PIDFILE - -cp $OBJ/sshd_config.orig $OBJ/sshd_config - -verbose "test reexec fallback" - -start_sshd_copy -rm -f $SSHD_COPY - -copy_tests - -$SUDO kill `cat $PIDFILE` -rm -f $PIDFILE - -verbose "test reexec fallback without privsep" - -cp $OBJ/sshd_config.orig $OBJ/sshd_config -echo "UsePrivilegeSeparation=no" >> $OBJ/sshd_config - -start_sshd_copy -rm -f $SSHD_COPY - -copy_tests - -$SUDO kill `cat $PIDFILE` -rm -f $PIDFILE - - diff --git a/crypto/openssh/regress/rekey.sh b/crypto/openssh/regress/rekey.sh deleted file mode 100644 index 3c5f266..0000000 --- a/crypto/openssh/regress/rekey.sh +++ /dev/null @@ -1,32 +0,0 @@ -# $OpenBSD: rekey.sh,v 1.1 2003/03/28 13:58:28 markus Exp $ -# Placed in the Public Domain. - -tid="rekey during transfer data" - -DATA=${OBJ}/data -COPY=${OBJ}/copy -LOG=${OBJ}/log - -rm -f ${COPY} ${LOG} ${DATA} -touch ${DATA} -dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1 - -for s in 16 1k 128k 256k; do - trace "rekeylimit ${s}" - rm -f ${COPY} - cat $DATA | \ - ${SSH} -oCompression=no -oRekeyLimit=$s \ - -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" \ - 2> ${LOG} - if [ $? -ne 0 ]; then - fail "ssh failed" - fi - cmp $DATA ${COPY} || fail "corrupted copy" - n=`grep 'NEWKEYS sent' ${LOG} | wc -l` - n=`expr $n - 1` - trace "$n rekeying(s)" - if [ $n -lt 1 ]; then - fail "no rekeying occured" - fi -done -rm -f ${COPY} ${LOG} ${DATA} diff --git a/crypto/openssh/regress/rsa_openssh.prv b/crypto/openssh/regress/rsa_openssh.prv deleted file mode 100644 index 2675555..0000000 --- a/crypto/openssh/regress/rsa_openssh.prv +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko -+dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3 -xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB -An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7 -Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN -wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V -mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj -qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI -7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ -9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC -/ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg -PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr -dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i ------END RSA PRIVATE KEY----- diff --git a/crypto/openssh/regress/rsa_openssh.pub b/crypto/openssh/regress/rsa_openssh.pub deleted file mode 100644 index b504730..0000000 --- a/crypto/openssh/regress/rsa_openssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko+dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQ== diff --git a/crypto/openssh/regress/rsa_ssh2.prv b/crypto/openssh/regress/rsa_ssh2.prv deleted file mode 100644 index 1ece3d7..0000000 --- a/crypto/openssh/regress/rsa_ssh2.prv +++ /dev/null @@ -1,16 +0,0 @@ ----- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- -Subject: ssh-keygen test -Comment: "1024-bit rsa, Sat Jun 23 2001 12:21:26 -0400" -P2/56wAAAi4AAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS -1wa2NzMXYyLW9hZXB9fQAAAARub25lAAAB3wAAAdsAAAARAQABAAAD9icflXO8eQxtKonp -45gOxXCiZG9hsfkgRpiXXHpUBMhM28C72RR1Dg2xKm4xz7smP2Apm+Y7XLZgIpzQ/+I76L -95XQv7JCHVHDXyNBmWX7XZP4tmspFq/Tdg28zHSA3CpZjjwq3qG/b8395tDMpF7v34PS3Z -xOH3aFPvEQ0UsgEAAAQA7IpcCnGijesEjDXdVoEPfh0akBJA9JAk1bba2sxrtDoQVN1JKP -nRQ9SKdAsXV5jduSUFsTmBe4fznLvD948790U1/O8SkdGM5V0y1/ki7Rf8knm0t8Vj65X0 -VA4YdN4UeVfvMcb78vcInT2CsP6CLcBkrnjrBKtS03Mwg79nQI0AAAH/VdpOHYCMLPl/GF -+uRLMshY55Q6l+MdJ0jo0AdZrCCnxwa3YeVywwU0wsZyoTCdGMf6KYDr39PVxwRcGkJ7Ue -YgAAAgDWXpLlKafIgS3i0moMORZHD8D86us3xMW4b7GV2/AaP+En5TbOCR18CO0g/WfGiS -7zOLkP+TO9JW5QzEONIt6NAAACAQEaegYoWMBSQkLA7VWbOlSowelFlU6uo/2FSY+PM0nm -gE8UZ7j6HWGhJEU4DNo25m3yyxuposKTMHxt/OOqFmoB ----- END SSH2 ENCRYPTED PRIVATE KEY ---- ---- diff --git a/crypto/openssh/regress/runtests.sh b/crypto/openssh/regress/runtests.sh deleted file mode 100755 index 9808eb8..0000000 --- a/crypto/openssh/regress/runtests.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -TEST_SSH_SSH=../ssh -TEST_SSH_SSHD=../sshd -TEST_SSH_SSHAGENT=../ssh-agent -TEST_SSH_SSHADD=../ssh-add -TEST_SSH_SSHKEYGEN=../ssh-keygen -TEST_SSH_SSHKEYSCAN=../ssh-keyscan -TEST_SSH_SFTP=../sftp -TEST_SSH_SFTPSERVER=../sftp-server - -pmake - diff --git a/crypto/openssh/regress/scp-ssh-wrapper.sh b/crypto/openssh/regress/scp-ssh-wrapper.sh deleted file mode 100644 index d1005a9..0000000 --- a/crypto/openssh/regress/scp-ssh-wrapper.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -# $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $ -# Placed in the Public Domain. - -printname () { - NAME=$1 - save_IFS=$IFS - IFS=/ - set -- `echo "$NAME"` - IFS="$save_IFS" - while [ $# -ge 1 ] ; do - if [ "x$1" != "x" ]; then - echo "D0755 0 $1" - fi - shift; - done -} - -# Discard all but last argument. We use arg later. -while test "$1" != ""; do - arg="$1" - shift -done - -BAD="../../../../../../../../../../../../../${DIR}/dotpathdir" - -case "$SCPTESTMODE" in -badserver_0) - echo "D0755 0 /${DIR}/rootpathdir" - echo "C755 2 rootpathfile" - echo "X" - ;; -badserver_1) - echo "D0755 0 $BAD" - echo "C755 2 file" - echo "X" - ;; -badserver_2) - echo "D0755 0 $BAD" - echo "C755 2 file" - echo "X" - ;; -badserver_3) - printname $BAD - echo "C755 2 file" - echo "X" - ;; -badserver_4) - printname $BAD - echo "D0755 0 .." - echo "C755 2 file" - echo "X" - ;; -*) - exec $arg - ;; -esac diff --git a/crypto/openssh/regress/scp.sh b/crypto/openssh/regress/scp.sh deleted file mode 100644 index c5d412d..0000000 --- a/crypto/openssh/regress/scp.sh +++ /dev/null @@ -1,127 +0,0 @@ -# $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $ -# Placed in the Public Domain. - -tid="scp" - -#set -x - -# Figure out if diff understands "-N" -if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then - DIFFOPT="-rN" -else - DIFFOPT="-r" -fi - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -COPY2=${OBJ}/copy2 -DIR=${COPY}.dd -DIR2=${COPY}.dd2 - -SRC=`dirname ${SCRIPT}` -cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp -chmod 755 ${OBJ}/scp-ssh-wrapper.scp -scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp" - -scpclean() { - rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} - mkdir ${DIR} ${DIR2} -} - -verbose "$tid: simple copy local file to local file" -scpclean -$SCP $scpopts ${DATA} ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy local file to remote file" -scpclean -$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy remote file to local file" -scpclean -$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed" -cmp ${DATA} ${COPY} || fail "corrupted copy" - -verbose "$tid: simple copy local file to remote dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: simple copy local file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts ${COPY} ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: simple copy remote file to local dir" -scpclean -cp ${DATA} ${COPY} -$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed" -cmp ${COPY} ${DIR}/copy || fail "corrupted copy" - -verbose "$tid: recursive local dir to remote dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - -verbose "$tid: recursive local dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - -verbose "$tid: recursive remote dir to local dir" -scpclean -rm -rf ${DIR2} -cp ${DATA} ${DIR}/copy -$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" -diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - -verbose "$tid: shell metacharacters" -scpclean -(cd ${DIR} && \ -touch '`touch metachartest`' && \ -$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \ -[ ! -f metachartest ] ) || fail "shell metacharacters" - -if [ ! -z "$SUDO" ]; then - verbose "$tid: skipped file after scp -p with failed chown+utimes" - scpclean - cp -p ${DATA} ${DIR}/copy - cp -p ${DATA} ${DIR}/copy2 - cp ${DATA} ${DIR2}/copy - chmod 660 ${DIR2}/copy - $SUDO chown root ${DIR2}/copy - $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 - $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" - $SUDO rm ${DIR2}/copy -fi - -for i in 0 1 2 3 4; do - verbose "$tid: disallow bad server #$i" - SCPTESTMODE=badserver_$i - export DIR SCPTESTMODE - scpclean - $SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null - [ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir" - [ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode" - - scpclean - $SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null - [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" -done - -verbose "$tid: detect non-directory target" -scpclean -echo a > ${COPY} -echo b > ${COPY2} -$SCP $scpopts ${DATA} ${COPY} ${COPY2} -cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target" - -scpclean -rm -f ${OBJ}/scp-ssh-wrapper.scp diff --git a/crypto/openssh/regress/sftp-badcmds.sh b/crypto/openssh/regress/sftp-badcmds.sh deleted file mode 100644 index eac189a..0000000 --- a/crypto/openssh/regress/sftp-badcmds.sh +++ /dev/null @@ -1,78 +0,0 @@ -# $OpenBSD: sftp-badcmds.sh,v 1.2 2003/05/15 04:07:12 mouring Exp $ -# Placed in the Public Domain. - -tid="sftp invalid commands" - -DATA=/bin/ls${EXEEXT} -DATA2=/bin/sh${EXEEXT} -NONEXIST=/NONEXIST.$$ -COPY=${OBJ}/copy -GLOBFILES=`(cd /bin;echo l*)` - -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd - -rm -f ${COPY} -verbose "$tid: get nonexistent" -echo "get $NONEXIST $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get nonexistent failed" -test -f ${COPY} && fail "existing copy after get nonexistent" - -rm -f ${COPY}.dd/* -verbose "$tid: glob get to nonexistent directory" -echo "get /bin/l* $NONEXIST" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get nonexistent failed" -for x in $GLOBFILES; do - test -f ${COPY}.dd/$x && fail "existing copy after get nonexistent" -done - -rm -f ${COPY} -verbose "$tid: put nonexistent" -echo "put $NONEXIST $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put nonexistent failed" -test -f ${COPY} && fail "existing copy after put nonexistent" - -rm -f ${COPY}.dd/* -verbose "$tid: glob put to nonexistent directory" -echo "put /bin/l* ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put nonexistent failed" -for x in $GLOBFILES; do - test -f ${COPY}.dd/$x && fail "existing copy after nonexistent" -done - -rm -f ${COPY} -verbose "$tid: rename nonexistent" -echo "rename $NONEXIST ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "rename nonexist failed" -test -f ${COPY}.1 && fail "file exists after rename nonexistent" - -rm -f ${COPY} ${COPY}.1 -cp $DATA $COPY -cp $DATA2 ${COPY}.1 -verbose "$tid: rename target exists" -echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "rename target exists failed" -test -f ${COPY} || fail "oldname missing after rename target exists" -test -f ${COPY}.1 || fail "newname missing after rename target exists" -cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists" -cmp $DATA2 ${COPY}.1 >/dev/null 2>&1 || fail "corrupted newname after rename target exists" - -rm -rf ${COPY} ${COPY}.dd -cp $DATA $COPY -mkdir ${COPY}.dd -verbose "$tid: rename target exists (directory)" -echo "rename $COPY ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "rename target exists (directory) failed" -test -f ${COPY} || fail "oldname missing after rename target exists (directory)" -test -d ${COPY}.dd || fail "newname missing after rename target exists (directory)" -cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists (directory)" - -rm -f ${COPY}.dd/* -rm -rf ${COPY} -cp ${DATA2} ${COPY} -verbose "$tid: glob put files to local file" -echo "put /bin/l* $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 -cmp ${DATA2} ${COPY} || fail "put successed when it should have failed" - -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd - - diff --git a/crypto/openssh/regress/sftp-batch.sh b/crypto/openssh/regress/sftp-batch.sh deleted file mode 100644 index 365c47c..0000000 --- a/crypto/openssh/regress/sftp-batch.sh +++ /dev/null @@ -1,57 +0,0 @@ -# $OpenBSD: sftp-batch.sh,v 1.3 2004/01/13 09:49:06 djm Exp $ -# Placed in the Public Domain. - -tid="sftp batchfile" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -BATCH=${OBJ}/sftp.bb - -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* - -cat << EOF > ${BATCH}.pass.1 - get $DATA $COPY - put ${COPY} ${COPY}.1 - rm ${COPY} - -put ${COPY} ${COPY}.2 -EOF - -cat << EOF > ${BATCH}.pass.2 - # This is a comment - - # That was a blank line - ls -EOF - -cat << EOF > ${BATCH}.fail.1 - get $DATA $COPY - put ${COPY} ${COPY}.3 - rm ${COPY}.* - # The next command should fail - put ${COPY}.3 ${COPY}.4 -EOF - -cat << EOF > ${BATCH}.fail.2 - # The next command should fail - jajajajaja -EOF - -verbose "$tid: good commands" -${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "good commands failed" - -verbose "$tid: bad commands" -${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \ - && fail "bad commands succeeded" - -verbose "$tid: comments and blanks" -${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "comments & blanks failed" - -verbose "$tid: junk command" -${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \ - && fail "junk command succeeded" - -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* - - diff --git a/crypto/openssh/regress/sftp-cmds.sh b/crypto/openssh/regress/sftp-cmds.sh deleted file mode 100644 index 31b21d1..0000000 --- a/crypto/openssh/regress/sftp-cmds.sh +++ /dev/null @@ -1,211 +0,0 @@ -# $OpenBSD: sftp-cmds.sh,v 1.6 2003/10/07 07:04:52 djm Exp $ -# Placed in the Public Domain. - -# XXX - TODO: -# - chmod / chown / chgrp -# - -p flag for get & put - -tid="sftp commands" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -# test that these files are readable! -for i in `(cd /bin;echo l*)` -do - if [ -r $i ]; then - GLOBFILES="$GLOBFILES $i" - fi -done - -if have_prog uname -then - case `uname` in - CYGWIN*) - os=cygwin - ;; - *) - os=`uname` - ;; - esac -else - os="unknown" -fi - -# Path with embedded quote -QUOTECOPY=${COPY}".\"blah\"" -QUOTECOPY_ARG=${COPY}'.\"blah\"' - -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 -mkdir ${COPY}.dd - -verbose "$tid: lls" -echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "lls failed" -# XXX always successful - -verbose "$tid: ls" -echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "ls failed" -# XXX always successful - -verbose "$tid: shell" -echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "shell failed" -# XXX always successful - -verbose "$tid: pwd" -echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "pwd failed" -# XXX always successful - -verbose "$tid: lpwd" -echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "lpwd failed" -# XXX always successful - -verbose "$tid: quit" -echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "quit failed" -# XXX always successful - -verbose "$tid: help" -echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "help failed" -# XXX always successful - -rm -f ${COPY} -verbose "$tid: get" -echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get failed" -cmp $DATA ${COPY} || fail "corrupted copy after get" - -rm -f ${COPY} -verbose "$tid: get quoted" -echo "get \"$DATA\" $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get failed" -cmp $DATA ${COPY} || fail "corrupted copy after get" - -if [ "$os" != "cygwin" ]; then -rm -f ${QUOTECOPY} -cp $DATA ${QUOTECOPY} -verbose "$tid: get filename with quotes" -echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes" -rm -f ${QUOTECOPY} ${COPY} -fi - -rm -f ${COPY}.dd/* -verbose "$tid: get to directory" -echo "get $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get failed" -cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get" - -rm -f ${COPY}.dd/* -verbose "$tid: glob get to directory" -echo "get /bin/l* ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get failed" -for x in $GLOBFILES; do - cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after get" -done - -rm -f ${COPY}.dd/* -verbose "$tid: get to local dir" -(echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get failed" -cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get" - -rm -f ${COPY}.dd/* -verbose "$tid: glob get to local dir" -(echo "lcd ${COPY}.dd"; echo "get /bin/l*") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "get failed" -for x in $GLOBFILES; do - cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after get" -done - -rm -f ${COPY} -verbose "$tid: put" -echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -cmp $DATA ${COPY} || fail "corrupted copy after put" - -if [ "$os" != "cygwin" ]; then -rm -f ${QUOTECOPY} -verbose "$tid: put filename with quotes" -echo "put $DATA \"$QUOTECOPY_ARG\"" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes" -fi - -rm -f ${COPY}.dd/* -verbose "$tid: put to directory" -echo "put $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" - -rm -f ${COPY}.dd/* -verbose "$tid: glob put to directory" -echo "put /bin/l* ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -for x in $GLOBFILES; do - cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put" -done - -rm -f ${COPY}.dd/* -verbose "$tid: put to local dir" -(echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" - -rm -f ${COPY}.dd/* -verbose "$tid: glob put to local dir" -(echo "cd ${COPY}.dd"; echo "put /bin/l*") | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "put failed" -for x in $GLOBFILES; do - cmp /bin/$x ${COPY}.dd/$x || fail "corrupted copy after put" -done - -verbose "$tid: rename" -echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "rename failed" -test -f ${COPY}.1 || fail "missing file after rename" -cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename" - -verbose "$tid: rename directory" -echo "rename ${COPY}.dd ${COPY}.dd2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "rename directory failed" -test -d ${COPY}.dd && fail "oldname exists after rename directory" -test -d ${COPY}.dd2 || fail "missing newname after rename directory" - -verbose "$tid: ln" -echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed" -test -h ${COPY}.2 || fail "missing file after ln" - -verbose "$tid: mkdir" -echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "mkdir failed" -test -d ${COPY}.dd || fail "missing directory after mkdir" - -# XXX do more here -verbose "$tid: chdir" -echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "chdir failed" - -verbose "$tid: rmdir" -echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "rmdir failed" -test -d ${COPY}.1 && fail "present directory after rmdir" - -verbose "$tid: lmkdir" -echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "lmkdir failed" -test -d ${COPY}.dd || fail "missing directory after lmkdir" - -# XXX do more here -verbose "$tid: lchdir" -echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ - || fail "lchdir failed" - -rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${COPY}.dd2 - - diff --git a/crypto/openssh/regress/sftp-glob.sh b/crypto/openssh/regress/sftp-glob.sh deleted file mode 100644 index e238356..0000000 --- a/crypto/openssh/regress/sftp-glob.sh +++ /dev/null @@ -1,28 +0,0 @@ -# $OpenBSD: sftp-glob.sh,v 1.1 2004/12/10 01:31:30 fgsch Exp $ -# Placed in the Public Domain. - -tid="sftp glob" - -BASE=${OBJ}/glob -DIR=${BASE}/dir -DATA=${DIR}/file - -rm -rf ${BASE} -mkdir -p ${DIR} -touch ${DATA} - -verbose "$tid: ls file" -echo "ls -l ${DIR}/fil*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ - grep ${DATA} >/dev/null 2>&1 -if [ $? -ne 0 ]; then - fail "globbed ls file failed" -fi - -verbose "$tid: ls dir" -echo "ls -l ${BASE}/d*" | ${SFTP} -P ${SFTPSERVER} 2>/dev/null | \ - grep file >/dev/null 2>&1 -if [ $? -ne 0 ]; then - fail "globbed ls dir failed" -fi - -rm -rf ${BASE} diff --git a/crypto/openssh/regress/sftp.sh b/crypto/openssh/regress/sftp.sh deleted file mode 100644 index 0e22f8f..0000000 --- a/crypto/openssh/regress/sftp.sh +++ /dev/null @@ -1,35 +0,0 @@ -# $OpenBSD: sftp.sh,v 1.2 2002/03/27 22:39:52 markus Exp $ -# Placed in the Public Domain. - -tid="basic sftp put/get" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy - -SFTPCMDFILE=${OBJ}/batch -cat >$SFTPCMDFILE <<EOF -version -get $DATA ${COPY}.1 -put $DATA ${COPY}.2 -EOF - -BUFFERSIZE="5 1000 32000 64000" -REQUESTS="1 2 10" - -for B in ${BUFFERSIZE}; do - for R in ${REQUESTS}; do - verbose "test $tid: buffer_size $B num_requests $R" - rm -f ${COPY}.1 ${COPY}.2 - ${SFTP} -P ${SFTPSERVER} -B $B -R $R -b $SFTPCMDFILE \ - > /dev/null 2>&1 - r=$? - if [ $r -ne 0 ]; then - fail "sftp failed with $r" - else - cmp $DATA ${COPY}.1 || fail "corrupted copy after get" - cmp $DATA ${COPY}.2 || fail "corrupted copy after put" - fi - done -done -rm -f ${COPY}.1 ${COPY}.2 -rm -f $SFTPCMDFILE diff --git a/crypto/openssh/regress/ssh-com-client.sh b/crypto/openssh/regress/ssh-com-client.sh deleted file mode 100644 index 324a0a7..0000000 --- a/crypto/openssh/regress/ssh-com-client.sh +++ /dev/null @@ -1,134 +0,0 @@ -# $OpenBSD: ssh-com-client.sh,v 1.6 2004/02/24 17:06:52 markus Exp $ -# Placed in the Public Domain. - -tid="connect with ssh.com client" - -#TEST_COMBASE=/path/to/ssh/com/binaries -if [ "X${TEST_COMBASE}" = "X" ]; then - fatal '$TEST_COMBASE is not set' -fi - -VERSIONS=" - 2.1.0 - 2.2.0 - 2.3.0 - 2.3.1 - 2.4.0 - 3.0.0 - 3.1.0 - 3.2.0 - 3.2.2 - 3.2.3 - 3.2.5 - 3.2.9 - 3.2.9.1 - 3.3.0" - -# 2.0.10 2.0.12 2.0.13 don't like the test setup - -# setup authorized keys -SRC=`dirname ${SCRIPT}` -cp ${SRC}/dsa_ssh2.prv ${OBJ}/id.com -chmod 600 ${OBJ}/id.com -${SSHKEYGEN} -i -f ${OBJ}/id.com > $OBJ/id.openssh -chmod 600 ${OBJ}/id.openssh -${SSHKEYGEN} -y -f ${OBJ}/id.openssh > $OBJ/authorized_keys_$USER -${SSHKEYGEN} -e -f ${OBJ}/id.openssh > $OBJ/id.com.pub -echo IdKey ${OBJ}/id.com > ${OBJ}/id.list - -# we need a DSA host key -t=dsa -rm -f ${OBJ}/$t ${OBJ}/$t.pub -${SSHKEYGEN} -q -N '' -t $t -f ${OBJ}/$t -$SUDO cp $OBJ/$t $OBJ/host.$t -echo HostKey $OBJ/host.$t >> $OBJ/sshd_config - -# add hostkeys to known hosts -mkdir -p ${OBJ}/${USER}/hostkeys -HK=${OBJ}/${USER}/hostkeys/key_${PORT}_127.0.0.1 -${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${HK}.ssh-rsa.pub -${SSHKEYGEN} -e -f ${OBJ}/dsa.pub > ${HK}.ssh-dss.pub - -cat > ${OBJ}/ssh2_config << EOF -*: - QuietMode yes - StrictHostKeyChecking yes - Port ${PORT} - User ${USER} - Host 127.0.0.1 - IdentityFile ${OBJ}/id.list - RandomSeedFile ${OBJ}/random_seed - UserConfigDirectory ${OBJ}/%U - AuthenticationSuccessMsg no - BatchMode yes - ForwardX11 no -EOF - -# we need a real server (no ProxyConnect option) -start_sshd - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -rm -f ${COPY} - -# go for it -for v in ${VERSIONS}; do - ssh2=${TEST_COMBASE}/${v}/ssh2 - if [ ! -x ${ssh2} ]; then - continue - fi - verbose "ssh2 ${v}" - key=ssh-dss - skipcat=0 - case $v in - 2.1.*|2.3.0) - skipcat=1 - ;; - 3.0.*) - key=ssh-rsa - ;; - esac - cp ${HK}.$key.pub ${HK}.pub - - # check exit status - ${ssh2} -q -F ${OBJ}/ssh2_config somehost exit 42 - r=$? - if [ $r -ne 42 ]; then - fail "ssh2 ${v} exit code test failed (got $r, expected 42)" - fi - - # data transfer - rm -f ${COPY} - ${ssh2} -F ${OBJ}/ssh2_config somehost cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh2 ${v} cat test (receive) failed" - fi - cmp ${DATA} ${COPY} || fail "ssh2 ${v} cat test (receive) data mismatch" - - # data transfer, again - if [ $skipcat -eq 0 ]; then - rm -f ${COPY} - cat ${DATA} | \ - ${ssh2} -F ${OBJ}/ssh2_config host "cat > ${COPY}" - if [ $? -ne 0 ]; then - fail "ssh2 ${v} cat test (send) failed" - fi - cmp ${DATA} ${COPY} || \ - fail "ssh2 ${v} cat test (send) data mismatch" - fi - - # no stderr after eof - rm -f ${COPY} - ${ssh2} -F ${OBJ}/ssh2_config somehost \ - exec sh -c \'"exec > /dev/null; sleep 1; echo bla 1>&2; exit 0"\' \ - 2> /dev/null - if [ $? -ne 0 ]; then - fail "ssh2 ${v} stderr test failed" - fi -done - -rm -rf ${OBJ}/${USER} -for i in ssh2_config random_seed dsa.pub dsa host.dsa \ - id.list id.com id.com.pub id.openssh; do - rm -f ${OBJ}/$i -done diff --git a/crypto/openssh/regress/ssh-com-keygen.sh b/crypto/openssh/regress/ssh-com-keygen.sh deleted file mode 100644 index 29b02d9..0000000 --- a/crypto/openssh/regress/ssh-com-keygen.sh +++ /dev/null @@ -1,74 +0,0 @@ -# $OpenBSD: ssh-com-keygen.sh,v 1.4 2004/02/24 17:06:52 markus Exp $ -# Placed in the Public Domain. - -tid="ssh.com key import" - -#TEST_COMBASE=/path/to/ssh/com/binaries -if [ "X${TEST_COMBASE}" = "X" ]; then - fatal '$TEST_COMBASE is not set' -fi - -VERSIONS=" - 2.0.10 - 2.0.12 - 2.0.13 - 2.1.0 - 2.2.0 - 2.3.0 - 2.3.1 - 2.4.0 - 3.0.0 - 3.1.0 - 3.2.0 - 3.2.2 - 3.2.3 - 3.2.5 - 3.2.9 - 3.2.9.1 - 3.3.0" - -COMPRV=${OBJ}/comkey -COMPUB=${COMPRV}.pub -OPENSSHPRV=${OBJ}/opensshkey -OPENSSHPUB=${OPENSSHPRV}.pub - -# go for it -for v in ${VERSIONS}; do - keygen=${TEST_COMBASE}/${v}/ssh-keygen2 - if [ ! -x ${keygen} ]; then - continue - fi - types="dss" - case $v in - 2.3.1|3.*) - types="$types rsa" - ;; - esac - for t in $types; do - verbose "ssh-keygen $v/$t" - rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB - ${keygen} -q -P -t $t ${COMPRV} > /dev/null 2>&1 - if [ $? -ne 0 ]; then - fail "${keygen} -t $t failed" - continue - fi - ${SSHKEYGEN} -if ${COMPUB} > ${OPENSSHPUB} - if [ $? -ne 0 ]; then - fail "import public key ($v/$t) failed" - continue - fi - ${SSHKEYGEN} -if ${COMPRV} > ${OPENSSHPRV} - if [ $? -ne 0 ]; then - fail "import private key ($v/$t) failed" - continue - fi - chmod 600 ${OPENSSHPRV} - ${SSHKEYGEN} -yf ${OPENSSHPRV} |\ - diff - ${OPENSSHPUB} - if [ $? -ne 0 ]; then - fail "public keys ($v/$t) differ" - fi - done -done - -rm -f $COMPRV $COMPUB $OPENSSHPRV $OPENSSHPUB diff --git a/crypto/openssh/regress/ssh-com-sftp.sh b/crypto/openssh/regress/ssh-com-sftp.sh deleted file mode 100644 index 936b4cc..0000000 --- a/crypto/openssh/regress/ssh-com-sftp.sh +++ /dev/null @@ -1,67 +0,0 @@ -# $OpenBSD: ssh-com-sftp.sh,v 1.5 2004/02/24 17:06:52 markus Exp $ -# Placed in the Public Domain. - -tid="basic sftp put/get with ssh.com server" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -SFTPCMDFILE=${OBJ}/batch - -cat >$SFTPCMDFILE <<EOF -version -get $DATA ${COPY}.1 -put $DATA ${COPY}.2 -EOF - -BUFFERSIZE="5 1000 32000 64000" -REQUESTS="1 2 10" - -#TEST_COMBASE=/path/to/ssh/com/binaries -if [ "X${TEST_COMBASE}" = "X" ]; then - fatal '$TEST_COMBASE is not set' -fi - -VERSIONS=" - 2.0.10 - 2.0.12 - 2.0.13 - 2.1.0 - 2.2.0 - 2.3.0 - 2.3.1 - 2.4.0 - 3.0.0 - 3.1.0 - 3.2.0 - 3.2.2 - 3.2.3 - 3.2.5 - 3.2.9 - 3.2.9.1 - 3.3.0" - -# go for it -for v in ${VERSIONS}; do - server=${TEST_COMBASE}/${v}/sftp-server2 - if [ ! -x ${server} ]; then - continue - fi - verbose "sftp-server $v" - for B in ${BUFFERSIZE}; do - for R in ${REQUESTS}; do - verbose "test $tid: buffer_size $B num_requests $R" - rm -f ${COPY}.1 ${COPY}.2 - ${SFTP} -P ${server} -B $B -R $R -b $SFTPCMDFILE \ - > /dev/null 2>&1 - r=$? - if [ $r -ne 0 ]; then - fail "sftp failed with $r" - else - cmp $DATA ${COPY}.1 || fail "corrupted copy after get" - cmp $DATA ${COPY}.2 || fail "corrupted copy after put" - fi - done - done -done -rm -f ${COPY}.1 ${COPY}.2 -rm -f $SFTPCMDFILE diff --git a/crypto/openssh/regress/ssh-com.sh b/crypto/openssh/regress/ssh-com.sh deleted file mode 100644 index 7bcd85b..0000000 --- a/crypto/openssh/regress/ssh-com.sh +++ /dev/null @@ -1,119 +0,0 @@ -# $OpenBSD: ssh-com.sh,v 1.7 2004/02/24 17:06:52 markus Exp $ -# Placed in the Public Domain. - -tid="connect to ssh.com server" - -#TEST_COMBASE=/path/to/ssh/com/binaries -if [ "X${TEST_COMBASE}" = "X" ]; then - fatal '$TEST_COMBASE is not set' -fi - -VERSIONS=" - 2.0.12 - 2.0.13 - 2.1.0 - 2.2.0 - 2.3.0 - 2.4.0 - 3.0.0 - 3.1.0 - 3.2.0 - 3.2.2 - 3.2.3 - 3.2.5 - 3.2.9 - 3.2.9.1 - 3.3.0" -# 2.0.10 does not support UserConfigDirectory -# 2.3.1 requires a config in $HOME/.ssh2 - -SRC=`dirname ${SCRIPT}` - -# ssh.com -cat << EOF > $OBJ/sshd2_config -#*: - # Port and ListenAddress are not used. - QuietMode yes - Port 4343 - ListenAddress 127.0.0.1 - UserConfigDirectory ${OBJ}/%U - Ciphers AnyCipher - PubKeyAuthentication yes - #AllowedAuthentications publickey - AuthorizationFile authorization - HostKeyFile ${SRC}/dsa_ssh2.prv - PublicHostKeyFile ${SRC}/dsa_ssh2.pub - RandomSeedFile ${OBJ}/random_seed - MaxConnections 0 - PermitRootLogin yes - VerboseMode no - CheckMail no - Ssh1Compatibility no -EOF - -# create client config -sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \ - < $OBJ/ssh_config > $OBJ/ssh_config_com - -# we need a DSA key for -rm -f ${OBJ}/dsa ${OBJ}/dsa.pub -${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa - -# setup userdir, try rsa first -mkdir -p ${OBJ}/${USER} -cp /dev/null ${OBJ}/${USER}/authorization -for t in rsa dsa; do - ${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com - echo Key $t.com >> ${OBJ}/${USER}/authorization - echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com -done - -# convert and append DSA hostkey -( - echon 'ssh2-localhost-with-alias,127.0.0.1,::1 ' - ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub -) >> $OBJ/known_hosts - -# go for it -for v in ${VERSIONS}; do - sshd2=${TEST_COMBASE}/${v}/sshd2 - if [ ! -x ${sshd2} ]; then - continue - fi - trace "sshd2 ${v}" - PROXY="proxycommand ${sshd2} -qif ${OBJ}/sshd2_config 2> /dev/null" - ${SSH} -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0 - if [ $? -ne 0 ]; then - fail "ssh connect to sshd2 ${v} failed" - fi - - ciphers="3des-cbc blowfish-cbc arcfour" - macs="hmac-md5" - case $v in - 2.4.*) - ciphers="$ciphers cast128-cbc" - macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96" - ;; - 3.*) - ciphers="$ciphers aes128-cbc cast128-cbc" - macs="$macs hmac-sha1 hmac-sha1-96 hmac-md5-96" - ;; - esac - #ciphers="3des-cbc" - for m in $macs; do - for c in $ciphers; do - trace "sshd2 ${v} cipher $c mac $m" - verbose "test ${tid}: sshd2 ${v} cipher $c mac $m" - ${SSH} -c $c -m $m -qF ${OBJ}/ssh_config_com -o "${PROXY}" dummy exit 0 - if [ $? -ne 0 ]; then - fail "ssh connect to sshd2 ${v} with $c/$m failed" - fi - done - done -done - -rm -rf ${OBJ}/${USER} -for i in sshd_config_proxy ssh_config_proxy random_seed \ - sshd2_config dsa.pub dsa ssh_config_com; do - rm -f ${OBJ}/$i -done diff --git a/crypto/openssh/regress/sshd-log-wrapper.sh b/crypto/openssh/regress/sshd-log-wrapper.sh deleted file mode 100644 index c7a5ef3..0000000 --- a/crypto/openssh/regress/sshd-log-wrapper.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $ -# Placed in the Public Domain. -# -# simple wrapper for sshd proxy mode to catch stderr output -# sh sshd-log-wrapper.sh /path/to/sshd /path/to/logfile - -sshd=$1 -log=$2 -shift -shift - -exec $sshd $@ -e 2>>$log diff --git a/crypto/openssh/regress/stderr-after-eof.sh b/crypto/openssh/regress/stderr-after-eof.sh deleted file mode 100644 index 05a5ea5..0000000 --- a/crypto/openssh/regress/stderr-after-eof.sh +++ /dev/null @@ -1,40 +0,0 @@ -# $OpenBSD: stderr-after-eof.sh,v 1.1 2002/03/23 16:38:09 markus Exp $ -# Placed in the Public Domain. - -tid="stderr data after eof" - -DATA=/etc/motd -DATA=${OBJ}/data -COPY=${OBJ}/copy - -if have_prog md5sum; then - CHECKSUM=md5sum -elif have_prog openssl; then - CHECKSUM="openssl md5" -elif have_prog cksum; then - CHECKSUM=cksum -elif have_prog sum; then - CHECKSUM=sum -else - fatal "No checksum program available, aborting $tid test" -fi - -# setup data -rm -f ${DATA} ${COPY} -cp /dev/null ${DATA} -for i in 1 2 3 4 5 6; do - (date;echo $i) | $CHECKSUM >> ${DATA} -done - -${SSH} -2 -F $OBJ/ssh_proxy otherhost \ - exec sh -c \'"exec > /dev/null; sleep 2; cat ${DATA} 1>&2 $s"\' \ - 2> ${COPY} -r=$? -if [ $r -ne 0 ]; then - fail "ssh failed with exit code $r" -fi -egrep 'Disconnecting: Received extended_data after EOF' ${COPY} && - fail "ext data received after eof" -cmp ${DATA} ${COPY} || fail "stderr corrupt" - -rm -f ${DATA} ${COPY} diff --git a/crypto/openssh/regress/stderr-data.sh b/crypto/openssh/regress/stderr-data.sh deleted file mode 100644 index 1daf79b..0000000 --- a/crypto/openssh/regress/stderr-data.sh +++ /dev/null @@ -1,33 +0,0 @@ -# $OpenBSD: stderr-data.sh,v 1.2 2002/03/27 22:39:52 markus Exp $ -# Placed in the Public Domain. - -tid="stderr data transfer" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy -rm -f ${COPY} - -for n in '' -n; do -for p in 1 2; do - verbose "test $tid: proto $p ($n)" - ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ - exec sh -c \'"exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ - 2> ${COPY} - r=$? - if [ $r -ne 0 ]; then - fail "ssh failed with exit code $r" - fi - cmp ${DATA} ${COPY} || fail "stderr corrupt" - rm -f ${COPY} - - ${SSH} $n -$p -F $OBJ/ssh_proxy otherhost \ - exec sh -c \'"echo a; exec > /dev/null; sleep 3; cat ${DATA} 1>&2 $s"\' \ - > /dev/null 2> ${COPY} - r=$? - if [ $r -ne 0 ]; then - fail "ssh failed with exit code $r" - fi - cmp ${DATA} ${COPY} || fail "stderr corrupt" - rm -f ${COPY} -done -done diff --git a/crypto/openssh/regress/t4.ok b/crypto/openssh/regress/t4.ok deleted file mode 100644 index 8c4942b..0000000 --- a/crypto/openssh/regress/t4.ok +++ /dev/null @@ -1 +0,0 @@ -3b:dd:44:e9:49:18:84:95:f1:e7:33:6b:9d:93:b1:36 diff --git a/crypto/openssh/regress/t5.ok b/crypto/openssh/regress/t5.ok deleted file mode 100644 index bd622f3..0000000 --- a/crypto/openssh/regress/t5.ok +++ /dev/null @@ -1 +0,0 @@ -xokes-lylis-byleh-zebib-kalus-bihas-tevah-haroz-suhar-foved-noxex diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh deleted file mode 100644 index 59ae33c..0000000 --- a/crypto/openssh/regress/test-exec.sh +++ /dev/null @@ -1,307 +0,0 @@ -# $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $ -# Placed in the Public Domain. - -#SUDO=sudo - -# Unbreak GNU head(1) -_POSIX2_VERSION=199209 -export _POSIX2_VERSION - -case `uname -s 2>/dev/null` in -OSF1*) - BIN_SH=xpg4 - export BIN_SH - ;; -esac - -if [ ! -z "$TEST_SSH_PORT" ]; then - PORT="$TEST_SSH_PORT" -else - PORT=4242 -fi - -if [ -x /usr/ucb/whoami ]; then - USER=`/usr/ucb/whoami` -elif whoami >/dev/null 2>&1; then - USER=`whoami` -elif logname >/dev/null 2>&1; then - USER=`logname` -else - USER=`id -un` -fi - -OBJ=$1 -if [ "x$OBJ" = "x" ]; then - echo '$OBJ not defined' - exit 2 -fi -if [ ! -d $OBJ ]; then - echo "not a directory: $OBJ" - exit 2 -fi -SCRIPT=$2 -if [ "x$SCRIPT" = "x" ]; then - echo '$SCRIPT not defined' - exit 2 -fi -if [ ! -f $SCRIPT ]; then - echo "not a file: $SCRIPT" - exit 2 -fi -if $TEST_SHELL -n $SCRIPT; then - true -else - echo "syntax error in $SCRIPT" - exit 2 -fi -unset SSH_AUTH_SOCK - -SRC=`dirname ${SCRIPT}` - -# defaults -SSH=ssh -SSHD=sshd -SSHAGENT=ssh-agent -SSHADD=ssh-add -SSHKEYGEN=ssh-keygen -SSHKEYSCAN=ssh-keyscan -SFTP=sftp -SFTPSERVER=/usr/libexec/openssh/sftp-server -SCP=scp - -if [ "x$TEST_SSH_SSH" != "x" ]; then - SSH="${TEST_SSH_SSH}" -fi -if [ "x$TEST_SSH_SSHD" != "x" ]; then - SSHD="${TEST_SSH_SSHD}" -fi -if [ "x$TEST_SSH_SSHAGENT" != "x" ]; then - SSHAGENT="${TEST_SSH_SSHAGENT}" -fi -if [ "x$TEST_SSH_SSHADD" != "x" ]; then - SSHADD="${TEST_SSH_SSHADD}" -fi -if [ "x$TEST_SSH_SSHKEYGEN" != "x" ]; then - SSHKEYGEN="${TEST_SSH_SSHKEYGEN}" -fi -if [ "x$TEST_SSH_SSHKEYSCAN" != "x" ]; then - SSHKEYSCAN="${TEST_SSH_SSHKEYSCAN}" -fi -if [ "x$TEST_SSH_SFTP" != "x" ]; then - SFTP="${TEST_SSH_SFTP}" -fi -if [ "x$TEST_SSH_SFTPSERVER" != "x" ]; then - SFTPSERVER="${TEST_SSH_SFTPSERVER}" -fi -if [ "x$TEST_SSH_SCP" != "x" ]; then - SCP="${TEST_SSH_SCP}" -fi - -# Path to sshd must be absolute for rexec -case "$SSHD" in -/*) ;; -*) SSHD=`which sshd` ;; -esac - -if [ "x$TEST_SSH_LOGFILE" = "x" ]; then - TEST_SSH_LOGFILE=/dev/null -fi - -# these should be used in tests -export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP -#echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP - -# helper -echon() -{ - if [ "x`echo -n`" = "x" ]; then - echo -n "$@" - elif [ "x`echo '\c'`" = "x" ]; then - echo "$@\c" - else - fatal "Don't know how to echo without newline." - fi -} - -have_prog() -{ - saved_IFS="$IFS" - IFS=":" - for i in $PATH - do - if [ -x $i/$1 ]; then - IFS="$saved_IFS" - return 0 - fi - done - IFS="$saved_IFS" - return 1 -} - -cleanup () -{ - if [ -f $PIDFILE ]; then - pid=`cat $PIDFILE` - if [ "X$pid" = "X" ]; then - echo no sshd running - else - if [ $pid -lt 2 ]; then - echo bad pid for ssd: $pid - else - $SUDO kill $pid - fi - fi - fi -} - -trace () -{ - echo "trace: $@" >>$TEST_SSH_LOGFILE - if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then - echo "$@" - fi -} - -verbose () -{ - echo "verbose: $@" >>$TEST_SSH_LOGFILE - if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then - echo "$@" - fi -} - - -fail () -{ - echo "FAIL: $@" >>$TEST_SSH_LOGFILE - RESULT=1 - echo "$@" -} - -fatal () -{ - echo "FATAL: $@" >>$TEST_SSH_LOGFILE - echon "FATAL: " - fail "$@" - cleanup - exit $RESULT -} - -RESULT=0 -PIDFILE=$OBJ/pidfile - -trap fatal 3 2 - -# create server config -cat << EOF > $OBJ/sshd_config - StrictModes no - Port $PORT - AddressFamily inet - ListenAddress 127.0.0.1 - #ListenAddress ::1 - PidFile $PIDFILE - AuthorizedKeysFile $OBJ/authorized_keys_%u - LogLevel VERBOSE - AcceptEnv _XXX_TEST_* - AcceptEnv _XXX_TEST - Subsystem sftp $SFTPSERVER -EOF - -if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then - trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS" - echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config -fi - -# server config for proxy connects -cp $OBJ/sshd_config $OBJ/sshd_proxy - -# allow group-writable directories in proxy-mode -echo 'StrictModes no' >> $OBJ/sshd_proxy - -# create client config -cat << EOF > $OBJ/ssh_config -Host * - Hostname 127.0.0.1 - HostKeyAlias localhost-with-alias - Port $PORT - User $USER - GlobalKnownHostsFile $OBJ/known_hosts - UserKnownHostsFile $OBJ/known_hosts - RSAAuthentication yes - PubkeyAuthentication yes - ChallengeResponseAuthentication no - HostbasedAuthentication no - PasswordAuthentication no - BatchMode yes - StrictHostKeyChecking yes -EOF - -if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then - trace "adding ssh_config option $TEST_SSH_SSHD_CONFOPTS" - echo "$TEST_SSH_SSH_CONFOPTS" >> $OBJ/ssh_config -fi - -rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER - -trace "generate keys" -for t in rsa rsa1; do - # generate user key - rm -f $OBJ/$t - ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ - fail "ssh-keygen for $t failed" - - # known hosts file for client - ( - echon 'localhost-with-alias,127.0.0.1,::1 ' - cat $OBJ/$t.pub - ) >> $OBJ/known_hosts - - # setup authorized keys - cat $OBJ/$t.pub >> $OBJ/authorized_keys_$USER - echo IdentityFile $OBJ/$t >> $OBJ/ssh_config - - # use key as host key, too - $SUDO cp $OBJ/$t $OBJ/host.$t - echo HostKey $OBJ/host.$t >> $OBJ/sshd_config - - # don't use SUDO for proxy connect - echo HostKey $OBJ/$t >> $OBJ/sshd_proxy -done -chmod 644 $OBJ/authorized_keys_$USER - -# create a proxy version of the client config -( - cat $OBJ/ssh_config - echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy -) > $OBJ/ssh_proxy - -# check proxy config -${SSHD} -t -f $OBJ/sshd_proxy || fatal "sshd_proxy broken" - -start_sshd () -{ - # start sshd - $SUDO ${SSHD} -f $OBJ/sshd_config -t || fatal "sshd_config broken" - $SUDO ${SSHD} -f $OBJ/sshd_config -e >>$TEST_SSH_LOGFILE 2>&1 - - trace "wait for sshd" - i=0; - while [ ! -f $PIDFILE -a $i -lt 10 ]; do - i=`expr $i + 1` - sleep $i - done - - test -f $PIDFILE || fatal "no sshd running on port $PORT" -} - -# source test body -. $SCRIPT - -# kill sshd -cleanup -if [ $RESULT -eq 0 ]; then - verbose ok $tid -else - echo failed $tid -fi -exit $RESULT diff --git a/crypto/openssh/regress/transfer.sh b/crypto/openssh/regress/transfer.sh deleted file mode 100644 index 13ea367..0000000 --- a/crypto/openssh/regress/transfer.sh +++ /dev/null @@ -1,29 +0,0 @@ -# $OpenBSD: transfer.sh,v 1.1 2002/03/27 00:03:37 markus Exp $ -# Placed in the Public Domain. - -tid="transfer data" - -DATA=/bin/ls${EXEEXT} -COPY=${OBJ}/copy - -for p in 1 2; do - verbose "$tid: proto $p" - rm -f ${COPY} - ${SSH} -n -q -$p -F $OBJ/ssh_proxy somehost cat ${DATA} > ${COPY} - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp ${DATA} ${COPY} || fail "corrupted copy" - - for s in 10 100 1k 32k 64k 128k 256k; do - trace "proto $p dd-size ${s}" - rm -f ${COPY} - dd if=$DATA obs=${s} 2> /dev/null | \ - ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" - if [ $? -ne 0 ]; then - fail "ssh cat $DATA failed" - fi - cmp $DATA ${COPY} || fail "corrupted copy" - done -done -rm -f ${COPY} diff --git a/crypto/openssh/regress/try-ciphers.sh b/crypto/openssh/regress/try-ciphers.sh deleted file mode 100644 index 379fe35..0000000 --- a/crypto/openssh/regress/try-ciphers.sh +++ /dev/null @@ -1,49 +0,0 @@ -# $OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $ -# Placed in the Public Domain. - -tid="try ciphers" - -ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc - arcfour128 arcfour256 arcfour - aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se - aes128-ctr aes192-ctr aes256-ctr" -macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" - -for c in $ciphers; do - for m in $macs; do - trace "proto 2 cipher $c mac $m" - verbose "test $tid: proto 2 cipher $c mac $m" - ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true - if [ $? -ne 0 ]; then - fail "ssh -2 failed with mac $m cipher $c" - fi - done -done - -ciphers="3des blowfish" -for c in $ciphers; do - trace "proto 1 cipher $c" - verbose "test $tid: proto 1 cipher $c" - ${SSH} -F $OBJ/ssh_proxy -1 -c $c somehost true - if [ $? -ne 0 ]; then - fail "ssh -1 failed with cipher $c" - fi -done - -if ${SSH} -oCiphers=acss@openssh.org 2>&1 | grep "Bad SSH2 cipher" >/dev/null -then - : -else - -echo "Ciphers acss@openssh.org" >> $OBJ/sshd_proxy -c=acss@openssh.org -for m in $macs; do - trace "proto 2 $c mac $m" - verbose "test $tid: proto 2 cipher $c mac $m" - ${SSH} -F $OBJ/ssh_proxy -2 -m $m -c $c somehost true - if [ $? -ne 0 ]; then - fail "ssh -2 failed with mac $m cipher $c" - fi -done - -fi diff --git a/crypto/openssh/regress/yes-head.sh b/crypto/openssh/regress/yes-head.sh deleted file mode 100644 index a8e6bc8..0000000 --- a/crypto/openssh/regress/yes-head.sh +++ /dev/null @@ -1,15 +0,0 @@ -# $OpenBSD: yes-head.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ -# Placed in the Public Domain. - -tid="yes pipe head" - -for p in 1 2; do - lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` - if [ $? -ne 0 ]; then - fail "yes|head test failed" - lines = 0; - fi - if [ $lines -ne 2000 ]; then - fail "yes|head returns $lines lines instead of 2000" - fi -done diff --git a/crypto/openssh/scard/Makefile.in b/crypto/openssh/scard/Makefile.in deleted file mode 100644 index 8519e20..0000000 --- a/crypto/openssh/scard/Makefile.in +++ /dev/null @@ -1,29 +0,0 @@ -# $Id: Makefile.in,v 1.5 2006/10/23 21:44:47 tim Exp $ - -prefix=@prefix@ -datadir=@datadir@ -datarootdir=@datarootdir@ -srcdir=@srcdir@ -top_srcdir=@top_srcdir@ - -INSTALL=@INSTALL@ - -VPATH=@srcdir@ - -all: - -#Ssh.bin: Ssh.bin.uu -# uudecode Ssh.bin.uu - -clean: -# rm -rf Ssh.bin - -distprep: - uudecode Ssh.bin.uu - -distclean: clean - rm -f Makefile *~ - -install: $(srcdir)/Ssh.bin - $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir) - $(INSTALL) -m 0644 $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin diff --git a/crypto/openssh/scard/Ssh.bin b/crypto/openssh/scard/Ssh.bin Binary files differdeleted file mode 100644 index edbadc6..0000000 --- a/crypto/openssh/scard/Ssh.bin +++ /dev/null diff --git a/crypto/openssh/scard/Ssh.bin.uu b/crypto/openssh/scard/Ssh.bin.uu deleted file mode 100644 index ea3986a..0000000 --- a/crypto/openssh/scard/Ssh.bin.uu +++ /dev/null @@ -1,17 +0,0 @@ -begin 644 Ssh.bin -M`P)!&P`801X`>``!`E@"`/Y@\`4`_J'P!0!!&T$=`?Z@\`4`01M!'`'^>/,! -M`4$;01X!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$;L`4`_F'3``#^8=,% -M`/ZAT`$!_J#0)P'^H],*`?ZCTPD`_G/5"P7^8=,'`OZAT`H`_J#0$@3^:-,@ -M`T$;`P`%`/Y@`<P``$$<\@\``$$=\B$``$$>\A```/`0__(%`@8!`0H``&`` -M0205!!D)I$L`"0J0`&``*!4$&58``````.P````%____P````.D````0```` -M,P```"````#'````,````(T````R````V!4#&0A*``D*;@!@`"@5!QD*`/\] -M(6``1A)*``D*9P!@`"@*/P!@`$LK"1)@`$LK!6``4!P$#00#2@`.#01@`%5@ -M`%I@`"@37``>%0@2%0A>`%\($F``9%(`:`H_`&``2RL*<VA@`$LK8`!I"1`U -M(14#`Q)@`&X<!`T$`TL`"P,28`!D4@`.#01@`%5@`%I@`"A2`"X5`PH$`&`` -M<RL#!6``9%(`'14#"@$"8`!S*P,%8`!D4@`,4@`)"FT`8``H60``\`+_\@$! -M`0D`"```"I``8``H60#P$__R`0$""0`,``!B01LM7P`\*UD```#P$O_V`0$# -M`0`8```37``>7@`R10`/$UP`'@H`R`D07@`W!%>P!?_R`0$$`@`\```37P`` -M$V+^H2U?``5=``H38OZ@+5\`#UT`%!-B_G@M"@0`7P`970`>"@0`8``C10`) -/"F<`8``H$UX`+5D````` -` -end diff --git a/crypto/openssh/scard/Ssh.java b/crypto/openssh/scard/Ssh.java deleted file mode 100644 index 6418957..0000000 --- a/crypto/openssh/scard/Ssh.java +++ /dev/null @@ -1,164 +0,0 @@ -// $Id: Ssh.java,v 1.3 2002/05/22 04:24:02 djm Exp $ -// -// Ssh.java -// SSH / smartcard integration project, smartcard side -// -// Tomoko Fukuzawa, created, Feb., 2000 -// -// Naomaru Itoi, modified, Apr., 2000 -// - -// copyright 2000 -// the regents of the university of michigan -// all rights reserved -// -// permission is granted to use, copy, create derivative works -// and redistribute this software and such derivative works -// for any purpose, so long as the name of the university of -// michigan is not used in any advertising or publicity -// pertaining to the use or distribution of this software -// without specific, written prior authorization. if the -// above copyright notice or any other identification of the -// university of michigan is included in any copy of any -// portion of this software, then the disclaimer below must -// also be included. -// -// this software is provided as is, without representation -// from the university of michigan as to its fitness for any -// purpose, and without warranty by the university of -// michigan of any kind, either express or implied, including -// without limitation the implied warranties of -// merchantability and fitness for a particular purpose. the -// regents of the university of michigan shall not be liable -// for any damages, including special, indirect, incidental, or -// consequential damages, with respect to any claim arising -// out of or in connection with the use of the software, even -// if it has been or is hereafter advised of the possibility of -// such damages. - -import javacard.framework.*; -import javacardx.framework.*; -import javacardx.crypto.*; - -public class Ssh extends javacard.framework.Applet -{ - // Change this when the applet changes; hi byte is major, low byte is minor - static final short applet_version = (short)0x0102; - - /* constants declaration */ - // code of CLA byte in the command APDU header - static final byte Ssh_CLA =(byte)0x05; - - // codes of INS byte in the command APDU header - static final byte DECRYPT = (byte) 0x10; - static final byte GET_KEYLENGTH = (byte) 0x20; - static final byte GET_PUBKEY = (byte) 0x30; - static final byte GET_VERSION = (byte) 0x32; - static final byte GET_RESPONSE = (byte) 0xc0; - - static final short keysize = 1024; - static final short root_fid = (short)0x3f00; - static final short privkey_fid = (short)0x0012; - static final short pubkey_fid = (short)(('s'<<8)|'h'); - - /* instance variables declaration */ - AsymKey rsakey; - CyberflexFile file; - CyberflexOS os; - - private Ssh() - { - file = new CyberflexFile(); - os = new CyberflexOS(); - - rsakey = new RSA_CRT_PrivateKey (keysize); - - if ( ! rsakey.isSupportedLength (keysize) ) - ISOException.throwIt (ISO.SW_WRONG_LENGTH); - - register(); - } // end of the constructor - - public boolean select() { - if (!rsakey.isInitialized()) - rsakey.setKeyInstance ((short)0xc8, (short)0x10); - - return true; - } - - public static void install(APDU apdu) - { - new Ssh(); // create a Ssh applet instance (card) - } // end of install method - - public static void main(String args[]) { - ISOException.throwIt((short) 0x9000); - } - - public void process(APDU apdu) - { - // APDU object carries a byte array (buffer) to - // transfer incoming and outgoing APDU header - // and data bytes between card and CAD - byte buffer[] = apdu.getBuffer(); - short size, st; - - // verify that if the applet can accept this - // APDU message - // NI: change suggested by Wayne Dyksen, Purdue - if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT) - ISOException.throwIt(ISO.SW_NO_ERROR); - - switch (buffer[ISO.OFFSET_INS]) { - case DECRYPT: - if (buffer[ISO.OFFSET_CLA] != Ssh_CLA) - ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED); - //decrypt (apdu); - size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF); - - if (apdu.setIncomingAndReceive() != size) - ISOException.throwIt (ISO.SW_WRONG_LENGTH); - - // check access; depends on bit 2 (x/a) - file.selectFile(root_fid); - file.selectFile(privkey_fid); - st = os.checkAccess(ACL.EXECUTE); - if (st != ST.ACCESS_CLEARED) { - CyberflexAPDU.prepareSW1SW2(st); - ISOException.throwIt(CyberflexAPDU.getSW1SW2()); - } - - rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, - buffer, (short) ISO.OFFSET_CDATA); - - apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size); - break; - case GET_PUBKEY: - file.selectFile(root_fid); // select root - file.selectFile(pubkey_fid); // select public key file - size = (short)(file.getFileSize() - 16); - st = os.readBinaryFile(buffer, (short)0, (short)0, size); - if (st == ST.SUCCESS) - apdu.setOutgoingAndSend((short)0, size); - else { - CyberflexAPDU.prepareSW1SW2(st); - ISOException.throwIt(CyberflexAPDU.getSW1SW2()); - } - break; - case GET_KEYLENGTH: - Util.setShort(buffer, (short)0, keysize); - apdu.setOutgoingAndSend ((short)0, (short)2); - break; - case GET_VERSION: - Util.setShort(buffer, (short)0, applet_version); - apdu.setOutgoingAndSend ((short)0, (short)2); - break; - case GET_RESPONSE: - break; - default: - ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED); - } - - } // end of process method - -} // end of class Ssh diff --git a/crypto/openssh/ssh_prng_cmds.in b/crypto/openssh/ssh_prng_cmds.in deleted file mode 100644 index 0d29d49..0000000 --- a/crypto/openssh/ssh_prng_cmds.in +++ /dev/null @@ -1,75 +0,0 @@ -# entropy gathering commands - -# Format is: "program-name args" path rate - -# The "rate" represents the number of bits of usuable entropy per -# byte of command output. Be conservative. -# -# $Id: ssh_prng_cmds.in,v 1.9 2003/11/21 12:48:56 djm Exp $ - -"ls -alni /var/log" @PROG_LS@ 0.02 -"ls -alni /var/adm" @PROG_LS@ 0.02 -"ls -alni /usr/adm" @PROG_LS@ 0.02 -"ls -alni /var/mail" @PROG_LS@ 0.02 -"ls -alni /usr/mail" @PROG_LS@ 0.02 -"ls -alni /var/adm/syslog" @PROG_LS@ 0.02 -"ls -alni /usr/adm/syslog" @PROG_LS@ 0.02 -"ls -alni /var/spool/mail" @PROG_LS@ 0.02 -"ls -alni /proc" @PROG_LS@ 0.02 -"ls -alni /tmp" @PROG_LS@ 0.02 -"ls -alni /var/tmp" @PROG_LS@ 0.02 -"ls -alni /usr/tmp" @PROG_LS@ 0.02 -"ls -alTi /var/log" @PROG_LS@ 0.02 -"ls -alTi /var/adm" @PROG_LS@ 0.02 -"ls -alTi /var/mail" @PROG_LS@ 0.02 -"ls -alTi /var/adm/syslog" @PROG_LS@ 0.02 -"ls -alTi /var/spool/mail" @PROG_LS@ 0.02 -"ls -alTi /proc" @PROG_LS@ 0.02 -"ls -alTi /tmp" @PROG_LS@ 0.02 -"ls -alTi /var/tmp" @PROG_LS@ 0.02 -"ls -alTi /usr/tmp" @PROG_LS@ 0.02 - -"netstat -an" @PROG_NETSTAT@ 0.05 -"netstat -in" @PROG_NETSTAT@ 0.05 -"netstat -rn" @PROG_NETSTAT@ 0.02 -"netstat -pn" @PROG_NETSTAT@ 0.02 -"netstat -ia" @PROG_NETSTAT@ 0.05 -"netstat -s" @PROG_NETSTAT@ 0.02 -"netstat -is" @PROG_NETSTAT@ 0.07 - -"arp -n -a" @PROG_ARP@ 0.02 - -"ifconfig -a" @PROG_IFCONFIG@ 0.02 - -"ps laxww" @PROG_PS@ 0.03 -"ps -al" @PROG_PS@ 0.03 -"ps -efl" @PROG_PS@ 0.03 -"jstat" @PROG_JSTAT@ 0.07 - -"w" @PROG_W@ 0.05 - -"who -i" @PROG_WHO@ 0.01 - -"last" @PROG_LAST@ 0.01 - -"lastlog" @PROG_LASTLOG@ 0.01 - -"df" @PROG_DF@ 0.01 -"df -i" @PROG_DF@ 0.01 - -"sar -d" @PROG_SAR@ 0.04 - -"vmstat" @PROG_VMSTAT@ 0.01 -"uptime" @PROG_UPTIME@ 0.01 - -"ipcs -a" @PROG_IPCS@ 0.01 - -"tail -200 /var/log/messages" @PROG_TAIL@ 0.01 -"tail -200 /var/log/syslog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/messages" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/syslog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/syslog/syslog.log" @PROG_TAIL@ 0.01 -"tail -200 /var/log/maillog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/maillog" @PROG_TAIL@ 0.01 -"tail -200 /var/adm/syslog/mail.log" @PROG_TAIL@ 0.01 - diff --git a/crypto/openssh/survey.sh.in b/crypto/openssh/survey.sh.in deleted file mode 100644 index d6075a6..0000000 --- a/crypto/openssh/survey.sh.in +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2004, 2005 Darren Tucker -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -host="@host@" -AWK="@AWK@" -CC="@CC@" -CPP="@CPP@" -CFLAGS="@CFLAGS@" -CPPFLAGS="@CPPFLAGS@" -LDFLAGS="@LDFLAGS@" -LIBS="@LIBS@" - -# Note format: -# identifier: [data] CRCR - -echo "openssh-survey-version: 1" -echo -echo "openssh-version: `./ssh -V 2>&1`" -echo -configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'` -echo "configure-invocation: $configinv" -echo -echo "host: $host" -echo -echo "uname: `uname`" -echo -echo "uname-r: `uname -r`" -echo -echo "uname-m: `uname -m`" -echo -echo "uname-p: `uname -p`" -echo -echo "oslevel: `oslevel 2>/dev/null`" -echo -echo "oslevel-r: `oslevel -r 2>/dev/null`" -echo -echo "cc: $CC" -echo -echo "cflags: $CFLAGS" -echo -echo "cppflags: $CPPFLAGS" -echo -echo "ldflags: $LDFLAGS" -echo -echo "libs: $LIBS" -echo -echo "ccver-v: `$CC -v 2>&1 | sed '/^[ \t]*$/d'`" -echo -echo "ccver-V: `$CC -V 2>&1 | sed '/^[ \t]*$/d'`" -echo -echo "cppdefines:" -${CPP} -dM - </dev/null -echo -echo "config.h:" -egrep '#define|#undef' config.h -echo |